Shostack + Friends Blog


Blackhat and Human Factors

BlackHat invites human factors work

Blackhat 2024 will be August 7-8 in Las Vegas, The call for papers is open, and will close on April 10. (Please check all dates in the official CFP.)

As a member of the BlackHat Review Board, I’m responsible for the Human Factors track. Over the last decade, we’ve developed a good track with a wide variety of content. (You can click on “briefings” and “archive” to see past events and filter the talks shown. I recommend focusing on the ones with “human factors” listed first.)

This year, we’ve extend the track description to incorporate “interesting” uses of generative AI. New text is in bold.

The Human Factors track focuses on people in security: how their decisions can affect the security of the organization, and how engineering and technology can help. This includes the way people make decisions and how to influence those decisions as an attacker or defender. It also includes how to reduce their decision load and the organizational (and potentially economic) factors that surround those decisions. This track welcomes submissions on how to get individuals or groups to act against their interest, including the use of disinformation or misinformation. This track is open to new and original ideas about use of generative AI insofar as they manipulate or influence people. It also includes new ways to strengthen technology and other solutions to decrease harm. This track is not about career development/BOFH stories/simple ploys like buying a UPS outfit or using voice cloning or deepfake video/sploits to make the browser draw a fake UI.

Additionally, the submission requirements specify: “Submissions that include text generated entirely from a large-scale language model (LLM) such as ChatGPT, Google Bard, etc. are prohibited. Submitters may use LLM tools for editing or polishing author-written text ONLY.”

In 2016, I wrote a short blog post on what we were looking for. I’m pleased we’re executing on that vision and growing it.

The BlackHat CFP calls for work which has not been published elsewhere. We prefer fully original work, but will consider a new talk that’s designed for the BlackHat audience. Oftentimes, Blackhat does not count as “Publication” in the view of academic program committees, and so you can present something at BlackHat that you plan to Publish later. (You should, of course, check with the other venue, and disclose what you’re doing to BlackHat.)

If you’re considering submitting, I encourage you to read both /call-for-papers.html and in their entirety. Both have useful information for submitters.