Call for papers

The events of the co-organizers are known for practical value for all persons engaged in cyber security, either in incident management, operations, product security, threat intelligence, information sharing or other required functions and services. Leading practitioners, researchers as well as scientist and managers will provide insights and present lessons learned. All in all providing great opportunities to learn or to start active collaborations and new projects.

We also invite original contributions as research papers, tutorials/workshops, panels, demonstrations, or posters!

What we are looking for are leading-edge experiences, deep research, challenging discoveries, working solutions, and established best practices applicable for single teams, communities and on global scale. We also invite fresh ideas and challenges presented to the global community for further discussion and consideration. What we look for are perspectives that should have an impact for the work of CSIRTs, ISACs, PSIRTs, SOCs, or other security teams.

We regard the audience as experts from the field, either technical or managerial, although they might be new to some area of response to cyber threats.

Therefore, introductory presentations on routine topics such as how cryptography or intrusion detection systems work, the need for a CSIRT for a particular well-understood constituency, or the basic plans necessary to establish a new team are probably not appropriate. This is not the objective of this conference. However as explained above we would consider new attacks on cryptography, new IDS evasion techniques or the need for a new type of incident response team not heard of before.

And before we forget:

Review Process

We will ensure that each selected proposal is relevant to our audience and will assess the overall value for our audience through an international Program Committee. This is composed of experts and practitioners from the field, representing a diverse set of teams and organizations across six continents. Sabine d’Argœuves (CERT/SOC Danone, Paris, FR) and Mark Zajicek (CERT/CC, Pittsburgh, US) have volunteered to co-chair this program committee aiming in sharpening the program.

Important Dates

Submissions until
Oct 15, 2023
Review and selection until
Nov 01, 2023
Acceptance notifications
early Nov 2023
Presentation / Materials available
Feb 10, 2024

Speaker Privileges

Accepted submissions of workshops, papers, trainings, and presentations will receive a complimentary registration. This offer extends to a maximum of one co-presenter, two for a full-day tutorial.

Topics of Interest

The following list is not exhaustive, but indicates the wide range of topics that are considered of interest to the global audience representing the variety of global cyber defense entities including but not limited to: CSIRTs, PSIRTs, ISACs, SOCs:

Team Set-up and Maturity

  • Setup of mature and resilient cyber defense entities
  • Dealing with limited resources and unlimited needs
  • Standardization and life cycle
  • Defining and measuring relevant metrics for entities, processes and/or co-operation
  • Build vs. run activities: detection continuous improvement vs. increasing number of alerts

Best Practices in Incident Management / Product Security Operations / Forensics

  • Workflows and processes
  • Managing privacy incidents
  • Incident management by / for activists
  • Reverse engineering
  • Incident analysis including live analysis
  • Triage and classification / categorization
  • Automation and Orchestration
  • Attribution and choosing the right type of response
  • Takedown of botnets, upload or download servers, drop zones, etc.
  • Mandatory vs. discretionary attack / incident / vulnerability reporting

Management of Collaboration and Coordination

  • Communication of expectations and requirements
  • Identifying the appropriate team and channel
  • Briefing the world: communication on a global level
  • Developing the bigger picture: enabling situational awareness and early warning
  • Dealing with multiple international stakeholders and potential conflict of interest

Emerging Challenges and New Insights

  • Legal and regulatory aspects in global coordination
  • Non-traditional incident management scenarios and approaches (e.g. vehicles, control systems, and SCADA)
  • Industrial control systems (ICS)/Operational technology (OT): visibility and incident detection
  • Privacy issues for sensors and data analysis crossing international borders
  • Incident management in developing regions
  • New roles in other kind of disasters: responding to floods, hurricanes and earthquakes or bombs, terrorists, etc.
  • New types of attacks (cyber extortion, ransomware, embedded system malware)
  • New threats beyond the technological application: compromising medical implants, etc.
  • Results of collaboration with other fields like psychology or education which have a positive impact on team performance or improve their responses in other ways

The above is simply a list of suggestions to get potential presenters thinking. We welcome new, original ideas from people in research, academia, industry, government, and law enforcement, or from service providers and vendors who are interested in sharing their results, knowledge, and experience. Submitters are strongly encouraged to demonstrate the applicability of their work to practical issues.

Presentation formats

The conference will comprise of two training days with multiple offerings in parallel. The presentations will be offered on three days in two parallel tracks. The official language of the OCSC Conference is English. However, please keep in mind that many participants will not be native English speakers.

A submission should typically answer the following questions:

  • the impact of both the issue/topic addressed and the proposed solution;
  • who will benefit from the work you are presenting; and
  • how will you bring your points across and convince the audience.

Submissions should propose one of the following formats (note that the Program Committee may contact you to suggest a different timing / format for a talk or session):


(30 or 45 minutes, inclusive of Q&A)

Conventional presentation to a theatre audience of up to 300-500.


(180/360 minutes)

Hands-on practical workshops for a class of up to 50-100. Must include a statement of any prior knowledge/skills that attendees will be assumed to have.


(90 minutes, inclusive of Q&A)

Must include details of the moderator, suggested duration, and tentative list of panellists.

The Agenda


The organizers require a non-exclusive copyright license for all materials delivered at the conference. Where employer, client or government authorization is needed, it is the responsibility of the author(s) to obtain that authorization ahead of the conference.

All materials (PDF only) and proposals must be submitted through the EasyChair site at:

Submissions received after the deadlines may not be considered. Contact the co-chairs of the Program Committee for cases of exceptions.

Point of Contact

Questions about submission topics or sensitivity issues can be sent via email to the co-chairs of the Program Committee:

Please do not ask questions regarding acceptance or review status, such emails will not be answered and silently ignored.