Get Involved

Call for Participation (Speakers/Trainers)

Hack NYC is a technical, tactical and policy discussion around fortifying Critical National Infrastructure. It is your opportunity to shape the conversation and impact literally every industry: government, healthcare, finance, transportation, energy, law, policy.


We are looking for interesting training and session topics from a wide array of speakers to ensure our conference has technical depth and comprehensively covers the issues important to fortify our daily life and economic vitality as possible. This is our public Call for Participation (CFP), and below is an outline of how our CFP works.

Important Dates

Exhibitor / Sponsor Opens: October 1st, 2017

Call for Participation (Speakers/Trainers) Opens: November 1, 2017

CFP Closes: December 31, 2017

All Proposers Notified By January 30, 2018

Critical Infrastructure Awards Dinner: May 7th, 2018

Briefing session: May 8, 2018

Training sessions: May 9-10, 2018



Hack NYC is targeted at defenders and practitioners. Training opportunities and conference sessions should reflect practical application of technology or technique, innovation, or best practice as it applies to Critical National Infrastructure. Each session will address one of the five functions described in the NIST Cybersecurity Framework:

  • Identify

  • Protect

  • Detect

  • Respond

  • Recover


Part training-part discussion, Hack NYC is designed to offer CPE and practical sharing in the form of training and traditional conference sessions.




Each submission should include the following:

  • Title

  • Abstract, including at least three learning objectives

  • 150-200 word Bio of each speaker

  • A high-resolution photo at least 500x500px in size.


Selection for Hack NYC is determined on how well the submission meets the following criteria:

  • The submission includes an engaging title

  • The abstract clearly articulates content to be covered and includes up to three clearly articulated learning objectives.

  • The proposed topic addresses innovation or technique in one of the five functions described in the NIST Cybersecurity Framework

    • Identify

    • Protect

    • Detect

    • Respond

    • Recover.

  • The speaker(s) have demonstrated experience both in presenting to technical audiences and working within the subject proposed.

  • Target practitioners and technical audience; Policy and decision making is 1:1 and round table. Sessions should be targeted at practitioners.

Hack NYC sessions will be recorded and released for additional viewing.

At Hack NYC, we value diversity in our speaker roster to be a role model to the community and a driving force in providing opportunities to everyone.


Hack NYC advisors do not dictate what the content of the conference should be apart from the description above. If asked what topics we would prefer, we will not answer decisively. We rely on the community to come up with interesting topics that the community would enjoy.


The session length is a full 60 minutes, so please plan your session accordingly.


For the best chance at being selected, please keep the following in mind:


  • Come up with a clever title, and an abstract clearly outlining your session's contents. One-sentence abstracts will likely be rejected.

  • Keep the target audience of primarily defenders in mind.

  • Interesting topics and topics with either technical depth or policy/thought leader depth topics will be more likely to be selected.

  • If you feel you would like to provide references of your speaking credentials, please have them email before the selection process has closed. Please note that references are not required.

  • Make sure your title and abstract do not contain any discriminatory or sexualized language.

  • Select from one of the (23) focus areas aligned to the NIST Framework


Asset Management

The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.

Business Environment

The organization’s mission, objectives, stakeholders, and activities are understood and prioritized; this information is used to inform cybersecurity roles, responsibilities, and risk management decisions


The policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk

Risk Assessments

The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.

Risk Management Strategy

The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.

Supply Chain Risk Management

The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support risk decisions associated with managing supply chain risk. The organization has in place the processes to identify, assess and manage supply chain risks.

Identity Management and Access Control

Access to physical and logical assets and associated facilities is limited to authorized users, processes, and devices, and is managed consistent with the assessed risk of unauthorized 

Awareness and Training

The organization’s personnel and partners are provided cybersecurity awareness education and are adequately trained to perform their information security-related duties and responsibilities consistent with related policies, procedures, and agreements.

Data Security

Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.

Information Protection Processes and Procedures

Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.


Maintenance and repairs of industrial control and information system components is performed consistent with policies and procedures.

Protective Technology

Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements.

Anomalies and Events

Anomalous activity is detected in a timely manner and the potential impact of events is understood.

Security Continuous Monitoring

The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures.

Detection Processes

Detection processes and procedures are maintained and tested to ensure timely and adequate awareness of anomalous events.

Response Planning

Response processes and procedures are executed and maintained, to ensure timely response to detected cybersecurity events.

Communications Response

Response activities are coordinated with internal and external stakeholders, as appropriate, to include external support from law enforcement agencies.


Analysis is conducted to ensure adequate response and support recovery activities.


Activities are performed to prevent expansion of an event, mitigate its effects, and eradicate the incident.


Organizational response activities are improved by incorporating lessons learned from current and previous detection/response activities.

Recovery Planning

Recovery processes and procedures are executed and maintained to ensure timely restoration of systems or assets affected by cybersecurity events.

Improvements Recovery

Recovery planning and processes are improved by incorporating lessons learned into future activities.

Communications Restoration

Restoration activities are coordinated with internal and external parties, such as coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors.

Code of Conduct / Anti-Discrimination Policy

Hack NYC has a strong Code of Conduct that prohibits discrimination based on gender, sexual orientation, disability, physical appearance, body size, race, age, or religion. We apply this principle to our selection process as well. We will never discriminate when inviting or selecting a speaker based on gender, sexual orientation, disability, physical appearance, body size, race, age, or religion. We also require our speakers to adhere to this Code of Conduct in both their actions and the content of their sessions.


If selected as a speaker, we will provide you with the following:

  • Free admission to Hack NYC 2018 including all attendee benefits and meals ($295 value). This includes:

    • Introductions to the Media / Press
    • Updated Press Photo - Day of the event
    • Full Event Ticket ($295 Value)

    • Ticket to the Awards Dinner ($495 Value)

    • Limited edition HACKNYC speaker swag

    • VIP Access to the After Party

    • Promotion of the speaker via social media
    • 1:1 Meetings with delegates 



Do you want to introduce an activity to the HACK NYC conference?

"Now is the time for all good men to come to the aid of their country" - Charles E. Weller.  Although this drill was designed to help people learn to type, there is actually no better time than now to put those keyboards to work.  HACK NYC 2018 is seeking unique activities to enhance the event for the participants before 12/31/2018.  

  • Design a crypto puzzle to be solved as a game?
  • Run an online or onsite contest.
  • Badge design
  • Organize a scavenger hunt across New York City?
  • Assist in the design of a limited edition event swag?
  • General logistics
  • Social media marketing
  • Juggle fire while dancing with the Naked Cowboy in Times Square. Ok maybe that's just funny but you get the point right?

Outline your concept in a few paragraphs and associated budget and email it to On acceptance, you will be empowered.

 CPE Credits

HACK NYC 2018 will issue a unique number and a signed copy of attendance to those participants who request one.