How to game the 44CON CFP

Every year 44CON has a Call For Papers (CFP). The CFP is run by a panel of about 10 people from various parts of the industry, predominantly based in the UK. The process and technologies used have changed over the years, most notably last year when we replaced our existing bespoke CFP system with HotCRP and implemented a weighted average scoring mechanism based on HotCRP voting results.

TL;DR – I want to speak at 44CON

Ok, then do these things to boost your chances:

  1. Submit a workshop with your talk
  2. Make it clear where else you’ve submitted and/or might/will submit
  3. Include links to other talks you’ve done, video if you have it
  4. Get your talk in early for a better chance of scoring higher
  5. Be enthusiastic, tell us of any boundaries, problems or needs, and work with us, not against us

Understanding how the CFP works

The CFP is opened on a particular date for submissions. Everyone speaking in Track 1 or 2 must go through the CFP process. Track 3 (which is sometimes used for workshops) is a little more fluid, for reasons I’ll discuss later.

Scoring and voting

A gypsy fortune teller brings her crystal ball to life to read the future.
Scoring is as much an art as science, but you can improve your chances of speaking at 44CON.

Our panel votes on and scores talks out of 5, normally in several tranches. It varies by individual and not everyone votes on every talk. People provide comments and feedback, which we pass onto those submitting on request. On average we get between 200-400 submissions a year.

When the CFP is due to close, we push panel members along to review and score submissions, particularly if they haven’t yet been voted on.

Once voting is complete, we divide the sum of scores from each voter by the number of voters to get an average, with an option for discussion under certain circumstances that can weight a score by up to + or – 0.5.

UK submissions normally get up-voted (with some exceptions, see below), and in the selection rounds there’s a strong bias towards UK-based speakers over non-UK-based speakers with identical scores, unless the non-UK-based speaker’s talk is exceptional in other ways. This doesn’t mean that your talk will be rejected if you’re not based in or from the UK. Non-UK based speakers make up the majority of our speakers, but there is definitely a small “home bias” amongst the panel members based in the UK.

Why does it take so long to find out if I’m accepted?

If you're not sure what's happening, contact us and we'll give you an update.
If you’re not sure what’s happening, contact us and we’ll give you an update.

Once we have the results we look to fill a specific number of slots, which varies each year. Acceptance messages are sent out in tranches, and when people return the speaker agreement, they’re confirmed. We normally send rejections for very low scoring talks, but there’s a glut of talks usually falling between 3.5-4.0, where they might be accepted if others scoring higher can’t make it.

If you’ve scored an average of 5.0, you’re pretty much guaranteed a slot and we’ll get in touch straight away. The bulk of submissions tend to hover around a score of 3-4, and 4.5 is normally the cut-off point for the first tranche of accepts. We then wait till the first tranche come back, or if we get no response, chase them up twice before moving on.

For the slots that free up, we move down the list, ensuring those who scored highest get picked first. Once we’ve filled up tracks 1 and 2, we move on to track 3.

After the first round of talk triage, cut-off tends to happen around average scores of 4.25 – 4.0/5.What this means is that there are a lot of good talks that just don’t get accepted at 44CON because we don’t have the space to support them, even with a third track. More often than not a talk or workshop rejection from 44CON does not mean it sucks. Ask for feedback and we’ll share what we can.

Wait, isn’t 44CON a two-track conference?

All speakers dress like this when preparing submissions.
All speakers dress like this when preparing submissions.

Yes and no. For several years we’ve run a hidden track under various names. This is because we’ve wanted to give our backup speakers a chance to speak if someone drops out, but we don’t want to risk slots emptying on the main tracks. Inevitably people drop out along the way, people who are allocated to track 3 move onto the main tracks and this leaves gaps that we have the option to fill.

Sometimes we’ll look back at the talks list and look to offer a spot to someone on the list, however sometimes it’s easier to go to people we know are definitely coming and see if they have something. This is a completely arbitrary decision affecting two slots a year at most, and more often than not, 10-20 people want the slots. We generally operate on a first come, first serve basis.

Hacking the process

Now you know how the process works, let’s look at how you can subvert it to ensure your talk has the best chance of scoring high. Each voter on the panel is different, but there are certain things that, on average, will result in you being more favourably considered.

Submit both Talks and Workshops

We have 2-3 tracks to fill with talks, and get on average 200-400 submissions a year. We get less than 20 workshop submissions a year. Workshops are 2 hours long and come with an extra night’s accommodation when talks are also submitted.

If you want to maximise your chances of speaking at 44CON, submit a workshop.

Workshops are typically more intimate affairs with room for about 30-50 people sitting down, although we have had workshops with 100 people. If you’re not sure what to do in a workshop, imagine that if your main talk is about the theory, try a play-along walkthrough on how to do this in practice.

Every year we’ve run a formal CFP process, we’ve treated people who submit workshops far more favourably than people who submit talks alone. Even if your workshop is unrelated to your talk, both are likely to be up-voted considerably.

I cannot stress this enough. If you want to maximise your chances of speaking at 44CON, submit a workshop.

This only works if you submit your workshop separately to your talk. People submitting a talk and workshop in one don’t get the voting benefit separate talk and workshop submissions do. Finally, if you’re only prepared to come if your talk is accepted, please say so on both submissions.

Tell us where else your talk has been submitted

44CON is usually among the first events in the calendar after BlackHat and DefCon. Everyone wants to speak in Vegas, we understand that. Some people score BlackHat and DefCon talks slightly lower in order to give preference to newer talks, some don’t. It’s down to the panel. If you don’t tell us you’re talking at BlackHat or Defcon, and we find out by checking the site, panel members will remember next year and it may affect future submissions.

If you’re doing your reveal in Vegas, focus on your process at 44CON.

Not everyone in the UK can go to BlackHat or Defcon, so there’s not a massive deal in your talk being done in the UK afterwards. We do need to know what will be different. It takes a lot of effort to deliver a big Vegas talk, and making something different may seem like an awful lot of effort, but there’s an easy workaround that normally gets big bounces.

If you’re doing your reveal in Vegas, focus on your process at 44CON. If you spent 6 months trying to reverse engineer and compile code for an arcane architecture, we want to know how you went about it. We also appreciate failures as much as successes. Some of our better talks have been talks about how people have failed and what they learned.

If your talk is 70% different to your Vegas talk, say so. If it’s 50%, say so. If it’s 30%, say so. If you say so, and it’s not, then reviewers will know next year.

Show us your other talks

A picture speaks a thousand words, but a video of your talk lets the panel look at the type of speaker you are, how you approach your talks, and gives us an idea of where we think you might fit in best.

Show us your other talks, even if you're a rockstar.
Showing us your other talks helps us fit you in.

This is an especially powerful tool for speakers coming from countries where English is a second language. All of our talks are delivered in English. We have some great speakers from across Europe, India and even China, and we want to keep the focus on the content, not on the way it’s conveyed.

It can be pretty scary delivering a talk in a second or third language, and it’s useful to see you speak, both to reassure voters when you’re delivering a talk, and to determine what help we might be able to offer if your research is brilliant, but you struggle with the language.

Even if you’re a native English speaker, throwing us a link to earlier talks lets us work out where and when we can put you. We often put more energetic speakers on in the afternoon for example.

Submit your talks early in the process

Most of the panel vote in several stages. Almost everyone votes for the first submissions coming in, and slowly dribble off after a while. At several points while the CFP is open, more people will vote, but because there are fewer talks to vote on, we’ve noticed that early talks score higher on average than those submitted later.

The more votes you get, the better the chance of bringing your voting average up and the better the chance of your talk being accepted. Submitting early gets you more (and often higher) voting scores.

Remember It’s A Two-Way Street

We completely understand how much of an effort you put in to come to speak at 44CON. Many of the crew talk at conferences themselves, and understand that you’re giving your time for free to go and speak at an event. That’s why we try to make the talk as cost neutral as possible for you to come and present. When people interact more with the event, and try to get involved, they’re generally more likely to have more positive responses.

There are certain speakers who come back to 44CON regularly such as Jerry Gamblin, Saumil Shah and Joe Fitzpatrick amongst others, all of whom make really strong efforts to interact with the crew and those attending. If, in your submission, you come across like you’re treating 44CON as just another con to shop the same talk around and disappear, you’re probably going to score lower than someone who comes across as though they really want to be there.

Coping with rejection

Our scoring method is not without its faults. No scoring system is perfect, and we’ve had to break bad news to big names as well as people with talks some of us thought were brilliant fits for the event.

If you don't hear from us straightaway, wait or contact us, don't assume your talk was rejected.
If your talk was rejected, it’s not an indictment of you or your talk.

To help you deal with the sting of rejection, remember this:

  1. Your talk not being accepted at 44CON does not mean we thought it was bad.
  2. You absolutely have the right to ask for feedback. It might take a while depending on when you ask, but Steve will personally write back to you with as much detail as he can provide.
  3. We’re all here to learn. If you think that we’ve made a mistake, or have ideas on how we can improve (beyond “accepting my awesome talk next time, dumbasses”), then we want to know.

Most importantly, your talk not being accepted does not mean we don’t want you to come and enjoy 44CON. We absolutely do want you to come, and will happily offer you a discount on a ticket as a thank you for submitting.

We want everyone to have a good time at 44CON. If you have any special needs or requests, from assistance with disabilities to being able to bring your kid(s) along just let us know. Unless it’s something we absolutely cannot accommodate, it will have no bearing on your submission’s consideration.

44CON 2016 – Another year done!

Well that’s it for another year, our sixth 44CON has come to an end!

We here at 44CON would like to take the opportunity to thank all of our sponsors, speakers, attendees and crew for making this year’s 44CON the most mellow yet. If you didn’t manage to catch all of the talks the slides should be available soon so make sure you keep a look out for them. You can also still pre-order access to the videos in our shop.

We know many of you are fans of good coffee so Antipode sent us over some stats:

  • 13kgs Espresso
  • 24 litres Cold Brew!!!
  • 12 litres filter coffee
  • 40 litres of milk.

Don’t forget to mark your diaries for next year, 44CON 2017 will be taking place on the 13th-15th September. We hope to see many of you there.

Getting Started With Your HIDIOT Badge

Warning: Unlike most software, hardware can permanently damage machines. While every effort has been made to ensure that the 44CON badge will not kill your computer, remember that you built it yourself. Consider using a USB Hub when connecting the HIDIOT. Electrical faults are more likely to kill the hub than your computer. 44CON and Sense/Net Ltd accept no responsibility, both in general and specifically to the use and abuse of your HIDIOT and any damage caused therein.

Thanks to Akos Rajtmar for the HIDIOT assembly video above

If you came to 44CON 2016, then congratulations, you are one of about 500 people who have a HIDIOT 0.7 board.

If you took part in the badge soldering workshop, then congratulations, you are one of <150 people who have a fully functioning HIDIOT 0.7 board.

But what is a HIDIOT 0.7? And how do you make it do something other than blink? Continue reading “Getting Started With Your HIDIOT Badge”

What to expect at 44CON

If you haven’t been to 44CON before then you are in for a treat! We have 2 and a half jam packed days of awesome talks, workshops & networking… don’t believe us?… see for yourself. Oh, and yes, the big red bus is back this year with the bar being sponsored by Amazon! So make sure you stop by to say hello and grab a drink.

44CON kicks off with a FREE community evening tomorrow night, from 6:30pm (Wednesday 14th, registration from 6pm). If you can’t make it to the full event but still want to be part of 44CON, the community evening is the perfect opportunity. If you have purchased your ticket for 44CON, it includes entry to Wednesday evening, all you need to do is turn up. If you can only attend the Wednesday evening then you will need to register here.

Following on from our community night we have two full days of talks and workshops including Pen Test Partners IOT Workshop presented by Ken Munro (psst they will have beer!):

Live car hacking – come and have a go at the Mitsubishi Outlander and see if you can find new vulnerabilities with their guidance. IoT hacking tuition is hands on – they will have a large quantity of IoT devices, testing equipment and a number of their team there to help you with extracting firmware.

This year’s list of IoT junk stuff includes:

  • Various smart thermostats, some of which have 0-days, others are untested
  • Even more smart talking toys, just waiting to be made sweary
  • More home webcams than you can shake a stick at, ready to leak creds
  • And more wi-fi kettles, ovens and coffee machines…

Ken is a regular speaker at the ISSA Dragon’s Den, (ISC)2 Chapter events and CREST events, where he sits on the board. He’s also an Executive Member of the Internet of Things Security Forum and spoke out on IoT security design flaws at the forum’s inaugural event. He’s also not averse to getting deeply techie either, regularly participating in hacking challenges and demos at Black Hat, 44CON, DefCon and Bsides amongst others.

Ken and his team at Pen Test Partners have hacked everything from keyless cars and a range of IoT devices, from wearable tech to children’s toys and smart home control systems. This has gained him notoriety among the national press, leading to regular appearances on BBC TV and BBC News online as well as the broadsheet press. He’s also a regular contributor to industry magazines, penning articles for the legal, security, insurance, oil and gas, and manufacturing press.

Read Ken’s blog here.

Tickets are expected to sell out, so get yours while you can.

See you at the ILEC!

Jerry Gamblin: Frictionless Security

Over the last few weeks we have been announcing the line up for 44CON2016. 44CON kicks off this week but it’s not too late to get your tickets!

Our final speaker announcement is Jerry Gamblin – Frictionless Security

“Frictionless Security” is the process of building your security program into your company’s infrastructure stack so that it is automated, non-intrusive, and non-negotiable.  Over the last year as I have implemented this program I have written custom API calls, CHEF scripts, slack bots and more in order to make my security program as frictionless as possible.

In this talk we will discuss:

What went well.
What went wrong. (Hint: A LOT)
What we will do differently to improve.

Jerry Gamblin’s passion for security was ignited in 1989 when he hacked Oregon Trail to give himself the highest score in history in the world on his 3rd grade teacher’s Apple IIe.

As a (mostly) grown up security evangelist and analyst, he has been featured on numerous blogs, podcasts and has spoken at security conferences around the world on keeping companies secure.

When he’s not helping companies be more secure, you can find him taking his son to swim lessons or learning how to solder.

You can read his latest thoughts at jerrygamblin.com.

 

 

Evan Booth: Jittery MacGyver: Lessons Learned from Building a Bionic Hand out of a Coffee Maker

Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!

Our next announcement is Evan Booth – Jittery MacGyver: Lessons Learned from Building a Bionic Hand out of a Coffee Maker

In May of 2015, it was estimated that a pod-based coffee maker could be found in nearly one in three American homes. Despite the continued popularity of these single-cup coffee conjurers at home as well as in the workplace, it has become clear that these devices are not impervious to mechanical and/or electrical failure. It was this intersection of extremely prevalent hardware and relatively short lifespan that prompted me to begin exploring the upper limits of what could be created by repurposing one of the most popular pod-based machines: the Keurig.

In this session, we will walk through some real-world examples of “MacGyver”-style creative problem-solving, we’ll go hands on (yes, pun intended) with stuff made from repurposed Keurigs, and finally, I’ll reflect on lessons learned from looking for potential in things most people deem common and unremarkable.

Evan Booth loves to build stuff out of other stuff. As an engineer for Skookum, a full service software development company in Charlotte, North Carolina, he works to solve a variety of business problems through the creative use of technology. As a human for Earth, he tends to break things for curiosity’s sake.

Throughout 2013 and into 2014, in an effort to highlight hypocrisy and “security theater” brought about by the TSA, through a research project called “Terminal Cornucopia,” Evan created an arsenal ranging from simple, melee weapons to reloadable firearms to remotely-triggered incendiary suitcases—all solely comprised of items that anyone can purchase inside most airport terminals *after* the security checkpoint.

Given the right ingredients, a big cardboard box can be a time machine, spaceship, minecart, or a telephone booth that only calls people named “Steve” who live in the future.

Details of all of our talks, workshops and speakers are being announced daily. Don’t forget to book your tickets before they’re sold out!

Ian Trump: Meaningful Measurement: It’s About Time We Got This Right

Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!

Our next announcement is Ian Trump – Meaningful Measurement: It’s About Time We Got This Right

That cyber-crime has driven the rise of malware during the last decade is not in doubt; how large that increase has been most certainly is. This measurement has, I would argue, been more speculative than evidential. The problem being that attempts to quantify malware usage are lacking any meaningful industry accepted standard when it comes to the metrics concerned.

When the numbers put forward by vendors, industry bodies and the media all vary so widely (not just between those sectors but within them as well), is it any wonder that any serious attempt to establish the scale, the cost or the impact of such attacks is doomed to failure? The disconnect between the reporting of cyber-crime and the actual metrics that are most important for both businesses under attack and the industry that exists to mitigate them will remain until the difficulties of comparing oranges with apples become apparent.

Attempting any such comparative exercise is fraught with peril and serves to highlight where we, as an industry, are getting our metrics wrong; the largely accepted cost per record breach metric is far too broad a brush to paint any kind of recognizable real world picture. When reporting and discussing the scale and impact of cyber-crime it is imperative that we move away from sensationalizing of one part of the story or consequence of the breach, that which will create the biggest search engine feeding frenzy. Who the criminals were is of less import than how they got in; compromise indicators are more valuable to other businesses than the financial cost to that particular victim.

The measurement metric dial has, ultimately, moved too far towards attribution and needs to be reset to prevention and a business-based analysis of risk once more. That business-based analysis itself needs to be more realistic, so there also has to be a move away from the kind of threat intelligence reporting which is almost exclusively dominated by data derived from the large enterprise sector and consequently of little relevance to the Small and Medium Enterprise (SME) market.

The data upon which threat intelligence and attack surface trend analysis resources are based must become more granular if it is to become more relevant across all business sectors. If we continue to go down the road of never disclosing or identifying the security components that failed or the components that were not in place when a breach happened, we will never make any progress against an elusive enemy.

Ian Trump, CD, CPM, BA is an ITIL certified Information Technology (IT) consultant with 20 years of experience in IT security and information technology. As a project and operational resource, Ian has functioned as an IT business analyst, project coordinator and as a senior technical security resource as required. Ian’s broad experience on security integration projects, facilitating technological change and promoting security best practices have been embraced and endorsed by his industry peers.

From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF Military Police Reserves and retired as a Public Affairs Officer in 2013. His previous contract was managing all IT projects for the Canadian Museum of Human Rights (CMHR). CMHR is the first museum solely dedicated to the evolution, celebration and future of human rights – it is the first national museum to be built in nearly half a century, and the first outside the National Capital Region.

Currently, Ian is the Global Security Lead at LogicNow working across all lines of business to define, create and execute security solutions to promote a safe, secure Internet for Small & Medium Business world wide.

Details of all of our talks, workshops and speakers are being announced daily. Don’t forget to book your tickets before they’re sold out!

Azhar Desai & Nicholas Rohrbeck: Effortless, Agentless Breach Detection in the Enterprise: Token all the Things!

Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!

Our next announcement is Azhar Desai & Nicholas Rohrbeck – Effortless, Agentless Breach Detection in the Enterprise: Token all the Things!

Using honeytokens to detect breaches is an old idea that has been sporadically spoken about (and implemented less often). Despite recommendations from the occasional consultant, honeytokens have not been adopted as widely as they should have. This needed to change. In 2015, we released Canarytokens (http://canarytokens.org) to bring about wider use of tokens.

Canarytokens natively supports web bugs, DNS tripwires, SQL row tokens, document tokens and a handful of other friends. Via a simple web interface, several thousands of these tokens have been deployed worldwide (and a number of breaches have been reliably discovered). Considering that most tokens can be deployed in under 5 seconds, this was already pretty good ROI.

This year, tokens go much further. From abusing native OS functionality to bending cloud infrastructure, this talk covers work done in our new quest to “token all the things”. We’ll show infrastructure we built for users to easily set tripwires around their network without installing agents, deploying hardware or spending a cent. AlonAzhar Desai Speaker Photog with file format chicanery and old fashioned web-app-abuse, we will show new techniques (and defensive hacks) that you can use to detect breaches on your networks.

Azhar writes and runs software with a security bent at Thinkst, an applied research company focusing on information security. He has, in the past, had fun presenting with others from Thinkst at conferences such as Troopers (2015) and HITB KL (2014).

Nick is a software developer at Thinkst Applied Research. Before arriving at Thinkst, he was primarily a Java developer, but now his days are filled with Python, network security research, DevOps tinkering and (badly) playing Go.

Details of all of our talks, workshops and speakers are being announced daily. Don’t forget to book your tickets before they’re sold out!

Juan Perez-Etchegoyen & Nahuel Sanchez : Attacks on SAP HANA platform

Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!

Our next announcement is Juan Perez-Etchegoyen & Nahuel Sanchez – Attacks on SAP HANA Platform

Companies nowadays are choosing between on-premise, cloud and hybrid deployment models. The common factor across all of these scenarios is the underlying platform, used in the background to run all on-premise and cloud-based applications developed by SAP. This platform is called SAP HANA, which is an in-memory database integrated with an application server that provides a new paradigm for vulnerabilities and risks, serving an increasing number of business applications, providing cutting edge features and overwhelming performance.

With the rise of IoT, many features and interfaces are integrated into SAP HANA and the HANA Cloud Platform, enabling it as a central point for IoT communications and making it an interesting target for anyone trying to access the information of several millions of devices across the world. Vulnerabilities affecting SAP HANA now have an increased attack surface, as these could be abused to compromise many diverse deployments and many customers, if the customers are not properly taking care of these risks.

Join us for this presentation to learn about diverse attack vectors affecting current SAP solutions, on-premise and cloud-based. You will not only learn technical details about these vulnerabilities, but also understand how to prevent and detect attacks to our crown jewels, running on HANA.

 

Juan Perez-Etchegoyen leads the Product teams that keep Onapsis on the cutting-edge of the business-critical application security market. He is responsible for the design, research and development of Onapsis’ innovative software solutions, and helps manage the development of new products as well as the SAP cyber-security research that has garnered critical acclaim for the Onapsis Research Labs. He is regularly invited to speak and host training at global industry conferences including Blackhat, HackInTheBox, Troopers, and SAP TechEd/DCODE. Prior to joining Onapsis, Juan led many Information Security consultancy projects for Companies in Latin America, EE.UU. and Europe. His strongest experience is in the field of Penetration Testing, Web Application Testing, Vulnerabilities Research, Information Security Auditing and Standards.

Nahuel D. Sanchez is a  security researcher at Onapsis. Being a member of Onapsis Research Labs, his work focuses on performing extensive research of SAP products and components, identifying and reporting security vulnerabilities, attack vectors and advanced exploitation techniques that are applicable to different platforms. Nahuel is one of the most frequent Nahuel Sanchez Speaker Photoreporters of vulnerabilities in SAP products and is a frequent author of the publication “SAP Security In-Depth”. He previously worked as a security consultant, evaluating the security of Web applications and participating in Penetration Testing projects. His areas of interest include Web security, reverse engineering, and the security of Business-Critical applications.

Details of all of our talks, workshops and speakers are being announced daily. Don’t forget to book your tickets before they’re sold out!

Steve Armstrong: Managing Incidents with CyberCPR

Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!

Our next announcement is Steve Armstrong’s workshop Managing Incidents with CyberCPR

CyberCPR provides a secure environment for incident responders to discuss incidents, exchange files, review incident progress, provide automated analysis of evidence items and a range of other time-saving features based on practical experience.

This will be a hands on workshop, with students participating actively, accessing the demo CyberCPR system, creating incidents and adding evidence. In the workshop we will show the various aspects of the tool and how to get the most from it.

During this workshop we will explain the background security of the system, the integrity monitoring of the database, the file encryption of all evidence in the file vault and how sensitive incidents (unauthorized internal data access or child pornography) can be processed on the same system.

At the end of the workshop the attendees will have a good understanding of the capability of CyberCPR and how to operate its key features. They will leave with a VM of the CyberCPR ready to run on a laptop of their choosing.

Steve began working in the security arena in 1994 whilst serving in the UK Royal Air Force. He specialised in the technical aspects of IT security from 1997 onward and, before retiring from active duty, he lead the RAF’s penetration and TEMPEST testing teams. He founded Logically Secure in 2006 to provide specialist security advice to government departments, defense contractors, the online video gaming industry, and both music and film labels worldwide.

When not teaching for SANS, Steve provides penetration testing and incident response services for some of the biggest household names in the high street, online gaming and music media. To relax Steve enjoys playing Battlefield and FPS games to loud music.

You can follow Steve on Twitter @Nebulator

Details of all of our talks, workshops and speakers are being announced daily. Don’t forget to book your tickets before they’re sold out!