Writing your Submission

Part 6, how to write a submission to impress the reviewers (and attendees)?

Article Series: So you want to train at Black Hat (or other conferences)?

This is a series of articles about our experiences submitting, preparing and delivering training at Black Hat (and other conferences as well).

It has been quite the journey and it feels like we learnt a lot of things which were not obvious to us at the beginning or were just not documented.

In this series, we will try to set this information out in an organized way to hopefully help people in the future who are interested in going through a similar journey.

This series is ongoing with new posts released every few weeks. If you want to keep up with new posts, follow us on Twitter or LinkedIn.

Posts in this series:

Writing your Submission

Published on 3 June 2025 by  Josh Grossman

Introduction

You’ve figured out your finances, carved out your niche, and built exercises that pack a punch. Now comes a critical step: getting your course accepted by a conference.

In this post, we’ll dive into how to write a compelling Call for Training (CfT) submission that catches the eye of both review boards and potential attendees.

Cybersecurity

Plan Ahead: Timing is Everything

CfTs (Calls for Training) often open earlier than the main Call for Papers (CfP). For example, Black Hat and OWASP usually open their CfTs more than six months before the event, and they might only stay open for a month.

Failing to plan here could mean missing your window altogether. This means you are going to want to put CfT dates in your calendar and prepare your materials well in advance.

Cybersecurity

Know Your Audiences

Crafting a strong CfT submission requires you to speak to two distinct audiences:

1. The Conference Review Board

This group is experienced, discerning, and reviewing dozens (if not hundreds) of submissions. You generally have lots of space to provide them with information about the course and you want to try and differentiate it from the many other submissions they are reviewing.

The key things they care about will be:

  • How your course stands out from the rest.
  • Its technical depth and relevance.
  • Your credibility as a trainer.
  • How interactive your course is.

💡 Pro Tip: Include testimonials, past success stories, and why you’re uniquely positioned to teach this subject.

2. Your Potential Attendees

Potential attendees will often only see a small portion of your submission — usually the abstract or summary. You need to ensure that you include the right information to help them make a decision. You may also have character/word limits to comply with here. (However, I invite you to compare the Black Hat abstract word limit to the length of the abstracts on the training pages 🙃)

Potential attendees are going to want to know:

  • “Is this course useful to me?”
  • “Will it help me solve real problems?”
  • “Will I walk away with tangible skills?”

Arguably the third audience is your potential attendee’s manager who they are going to have to justify the course to but I think the considerations are similar to those of the potential attendee. To be absolutely clear, you are writing a sales pitch and you need to be thinking and writing accordingly.

Cybersecurity

Writing for Both: Key Tips

Here’s my approach to balancing both needs:

  • Keep it short, punchy, and scannable.
  • Address a relatable pain point. You want to make your reader think, “That’s me! I need help solving that problem!”
  • Be clear on what participants will do during the course.
  • Make it sound like fun to take part in the course!
  • Highlight clear, actionable takeaways.

Cybersecurity

Align with Conference Guidance

Each conference will have its own specific perspective and content that it is looking for. If you are clearly not aligned with that, your submission may be doomed from the start.

Read the CfT guidelines carefully and align your submission accordingly. If the guidance includes sample abstracts or criteria, read through them and ask yourself how well your submission compares to them.

Cybersecurity

For First-Time Trainers

New to delivering public training courses? You’ll likely need to prove you can teach effectively. For example, Black Hat requests new trainers to provide ~60 slides of training material plus other information as well so make sure you have that ready in time for the CfT as well.

Any prior experience or videos or whatever else you can provide at this stage will help if you are not a well known trainer. I have also provided ratings and testimonials I have received when training and speaking at other venues.

Mission Essential Task List (METL)

Full credit for this point has to go to Daniel Cuthbert from the Black Hat Training Review board who has made it clear on a number of occasions that this is something he expects to see from submissions. Also to AviD, my boss at Bounce Security who has made this standard procedure within Bounce for training course preparation.

A METL is a detailed course breakdown, how long you’ll spend on each topic and what will be covered.

This shows you’ve done more than brainstormed ideas, you’ve planned and structured the course in a logical way. It should include:

  • Topic breakdowns with time estimates
  • Timings for hands-on to show the lecture-to-exercise ratio
  • How learning outcomes map to course segments

Cybersecurity

As a some-time CfT reviewer, I can tell you: if your submission lacks this level of clarity, it’s unlikely to make the cut.

Get Feedback Before You Submit

Even seasoned trainers benefit from a second pair of eyes.

Tips:

  • Ask a former CfT reviewer if possible.
  • At the very least, someone familiar with the material.
  • If English isn’t your first language, get a native speaker to review.

At Bounce Security, our internal review process made a huge difference — right down to workshop titles and tagline polish.

It is highly unlikely you will get feedback from the conference or the review board during the CfT process, regardless of how early you submit. It is possible you might be able to get some feedback if the submission gets rejected but that is already a little too late…

Cybersecurity

Add Goodies (If You Can)

Extras can make your course more appealing:

  • Hardware courses might include take-home tool-kits.
  • Some courses provide pre-configured VMs or helpful documents.
  • One course at Black Hat even included a laptop for every attendee (ambitious, but memorable!).

I don’t think these bonuses necessarily replace a compelling course proposition but they might sweeten the deal..

I include special working documents in my course. We’ve also considered offering follow-up consulting hours though we haven’t gone forward with that for now. I did notice however that this year Sensepost is offering an extended Q&A session after their courses.

The Waiting Game

Once you’ve submitted… now you wait.

Don’t be discouraged by rejections, they happen to all of us.

I have been rejected multiple times, even after I have been accepted at previous events from the same organisation. E.g. I have never been accepted by Black Hat Asia and was accepted by Black Hat EU for a couple of years but then rejected the following year.

Always ask for feedback (if available) and iterate on your submission.

Cybersecurity

Coming Up: Selling Your Course

If you got accepted, congrats! That’s a huge achievement. 🎉 🎉

But now comes the next big challenge: getting people to sign up.

In the next post, I’ll talk about marketing your course in an attempt to turn your hard work into a full classroom.

This post is part of a series: So you want to train at Black Hat (or other conferences)?

Other posts in this series: