Pass the SALT 2022 conference report


Pass the SALT is a free access, English spoken, 3-day conference dedicated to Free software and Security.

You will find below the final report of the conference, in which we will detail:

SYNTHESIS

In short, we can say that:

  • Attendance: 156 registered people (2019: 240). 103 who really came (185). So 33% no-show (23%).
    → Takeaway: all of us as a community have to work to (re)promote the value of tech conferences: valuable IRL exchanges, meeting new people, the opportunity of starting new collaborations, feeling part of a community. This work has to be done among the Security community members, particularly among the youngest which are not used to go to conferences due to the pandemic ;

  • Talks/workshops: we have hosted a very good quality lineup of speakers. Contrary to the attendees figure, the quality of the talks and workshops seemed not to have been affected by the COVID break (95% people judging the content as perfect or good )
    → Takeaway: the COVID break didn’t downgrade the quality of the received proposals.
    Important: read our dedicated chapter for more insights about conference content, its evolution over last 5 years, how we run our event and difficulties we face ;

  • Experience: despite (or because of?) the low frequentation rate, 95% of the attendees describe their experience as perfect or good. As stated by Xavier Mertens in his report (see page 6), 100 attendees is quite a good figure to have quality networking but also to provide a comfortable experience to shy/introverted people or simply not having network yet ;

  • Exchange: We have felt lots of enthusiasm among the participants. People were eager to interact, to reconnect to old friends, to present new techniques and new software!
    happy
  • Collaboration: Some collaborations between developers and researchers have already emerged after the conference such as Landlock support in Suricata. We track them on our achievements page, let’s give a look! We are very happy to see this happening because that’s exactly why we have created this conference for 🤩
    happy
    → Takeaway: We are very pleased seeing such an exchange and collaboration level. We are also really happy to have seen three speakers giving their first talk crossing the road of 2 seasoned speakers who started their speaker journey by giving their first talk during a past PTS or RMLL security track. PTS is proud to be an incubator but not only!

We really want to thank you (speakers, attendees and sponsors) for your support which makes all of this possible!

1. Attendance

attendees

  • 155 people booked their seat (2019: 240).
  • Finally, 103 people (185) came to get their badge
  • So it makes a no show ratio of: ~33% (23%) noshow Fig.: unused badges from people who finally didn’t show up.

Two years without IRL events seem to have modified in deep the conference perception of some of the attendees (and potential speakers?):

  • fear of closed spaces ;
  • lack of trust into the added value of attending conferences IRL ;
  • lack of tech con culture particularly among the youngest members of the community ;
  • etc.

→ As pointed out in the synthesis, companies, academics and organizers have to work hard to promote the benefits of attending technical conferences in real life.

Language: attendees that can speak French: 91% (2019: 85%).
source: booking form
As for the number of attendees, the level of non FR attendees (and speakers also) was really lower than in 2019. COVID has damaged the way people consider traveling abroad for conferences. Same work as above to convince speakers and attendees to travel abroad to attend/speak at conferences.

Attendees that have already been there in 2018 or 2019: 28% (2019: 24%)
source: booking form
In our opinion, it is always a good thing to have a high level of newcomers 🙂

Occupation:
source : booking form

  • private sector: 55% (2019: 60%)
  • students: 19% (13%)
  • public sector: 15% (16%)
  • academic: 8% (5%)
  • others: 3% (6%)

2. Conference exposure

  • Videos: 1 month after the event, online videos have accumulated 1.115 views (2019: 1248 views but after 2 months).

  • Media:
    • Conference reports:
      • Xavier Mertens, DFIR expert: “After two years “online”, it was nice to be back at Lille to meet people in real life. We were approximately 100 attendees, great number to have time to exchange with many people! The talks have been recorded and are already online, slides as well.”
      • A report from OpenCyber company employees: “The conference divides each day into themes and everyone can find something to talk about in his or her favorite field, but also discover topics outside of his or her own perimeter. A good approach and good discoveries this year!”
      • Another report from a Randorisec company employee.

    • Twitter: twitter feed of the event.

3. The conference content

keynote
Fig.: Ivan Kwiatkowski, “Ethics in cyberwar times” keynote

The event took place at the Lille Polytech engineering school from the 4th to 6th of July, 2022.

Some figures first:

  • 22 talks (35min or 20min long - 2019: 26) ;
  • 5 workshops (9 in 2019). Most of them have reached their limit of maximum number of attendees (15 or 20 depending of the workshop) ;
  • 1 keynote: it is not easy to find the right topic and the right speaker but Ivan Kwiatkowski gave a very good and well received talk this year about ethics in cyberwar times. We will try to renew the experience every year ;
  • Speakers geographical distribution:
    • France :77% (55% in 2019)
    • Europe:23% (34%)
    • Rest of the world: 0% (11%)
  • Video: talks have been streamed and videos of the talks have been put online during each evening (2019: 2 days after the event).
  • Slides have been collected and made available aside the corresponding videos and on our archive site.

FOCUS - Analysis of the 2022 edition content & evolution since 2018

In the following paragraphs, we will only compare the 2022 edition figures with the 2018 and 2019 editions. We didn’t retain the 2020 and 2021 editions figures because these editions have been run under a different format (no workshop, a much lower number of talks) and so comparison would have given erroneous results.

  • Pass the SALT talks selection model
    We mix :
    • a public call for paper (CFP)
    • and a small number of invited talks.


    Why do it in such a way?

    Running a public CFP allows everybody to submit and brings more diversity into the talks and speakers lineup. On the other hand, invited talks are a way for us to give exposure to topics and/or speakers that, according to the org team, deserve it.
    However, invited talks are an adjustment variable and the vast majority (80% min) of the event content comes from the CFP. Invited talks have to be seen as a “Director cut” feature for the organization team in order to give a “color” to its event 😇

  • Acceptation rate:
    Year Submissions Accepted Invited talks among accepted ones Acceptation Rate
    2022 39 27 5 (18.5%) 69.2%
    2019 46 35 3 (12.0%) 76.0%
    2018 37 29 4 (14.0%) 78.3%


  • COVID break impacts
    • Number of proposals: we finally reached a similar result than previous IRL editions. But to obtain this result, we had to produce a lot more efforts to promote our CFP and to increase (a little) the number of invited talks.
    • Quality: contrary to feedback coming from other conference organization friends, the quality of the received proposals hasn’t dropped significantly.
    • Speakers origin: due to the lack of visibility on the outbreak evolution, we didn’t try to promote the CFP among our international contacts outside Europe. During the CFP period (Feb to April, 2022), we received feedback from several potential speakers even coming from the EU who were uncomfortable with the idea of coming back to in person conferences. Events will generate a certain level of fear for a long moment we guess. The recovery won’t be as easy as we may have thought previously.

  • Security Topics coverage & difficulties faced by a small event

    We are a generalist Security conference: we used to have up to 8 different sessions. It is a way for people to explore new areas, get out of their comfort zone and have a good Security landscape vision mixing Offensive, Blueteam but also Reverse, Network or System talks in a short time frame.

    Topics trends: since 2018, we have a quite stable group of sessions that received enough talks from the CFP to exist every year: Reverse and low level, DFIR, Pentest, Network. Operating system also but with fewer talks.

    Another circle hosts topics that are not present each year, depending on the number of talks: Secure Coding, IAM, Web security, IoT or Privacy.

    Difficulties of being a small generalist event: it implies that it is difficult for us to attract high profile speakers that are highly specialized like offensive experts or more sadly, people from the Privacy defense area who generally prefer to get exposition in big events, usually at the intersection of Security and Society topics.

    Hopefully, brilliant yet curious researchers exist and sometimes do not hesitate to cross the planet to give a talk in our conference. Orange Tsaï has been one of them in 2019.
    orange

4. Attendees and Speakers Feedback

All the graphics/figures below are coming from the post event survey.

Attendees feedback

The general experience of our attendees has been well evaluated:
attendees-global
Attendees have particularly enjoyed the human size (aka low frequentation rate) of the event that allows even shy or introverted people to enjoy the event and speak more easily with people around. Peter Czanik, one of the speakers, has written a part of his report on this topic.
attendees-detailed
When asking which aspects of the organization were convenient, only the food providers seem to not have convinced people: we have booked a food truck for both lunch breaks and some people would have appreciated more diversity. But for a small event like us, even convincing a food truck to come is difficult. Having two trucks would have been unfair for them in view of the expected attendance level of the event. We have added this year two coffee/tea pauses just before starting each half day (morning, after lunch). It has been appreciated.

About the talks and workshops, the attendees seem to have also appreciated the content level:
attendees-talks
One real negative feedback: workshop registration

Workshops like in other conferences have a maximum number of participants (15/20 depending on the workshop, one workshop per half day). We decided to do registration only on site, not online and we launched the registration on day 1, at the start of the conference.

Almost all workshops have been sold-out very quickly so some people coming only for one day (the 2nd or 3rd one so) haven’t been happy! In the post event survey, these people pushed for online registration. But we preferred to give preference to people present at the event.

Why? Let’s talk about no-show! With online registration we have reached 33% of no-show for the event. We do not want to have to deal with it for the workshop registration.

Still, could it be improved somehow: a symbolic fee? a negative fee (charging a credit card if no-show)? online registration + open doors 5 min before the event as done at Brucon for example?

We will see next year towards which solution we will go.
noshow
Fig.: unused badges of people who finally did not show up

Note on this topic: a speaker, Paul Rascagnères, has decided to give an online version, one week later, of his Ghidra workshop to the people registered on the on site waiting list.

Other improvements suggested:

  • Try to set up an ice-breaker event (ex.: social meeting somewhere) for the first evening. It is proposed in order to help people to discover each others faster than having to wait for the main social event occuring during the evening of the second day ;
  • Put a bigger button on the website indicating the streaming link ;
  • Monitor streaming more efficiently in order to limit its disruption length when it happens. It happened twice and only noticed once, reported by viewers.

Speakers feedback

On the speaker’s side, we can say that everything went well. First the figures:

attendees-talks

On the good points, have been cited:

  • a human size event which allows quality exchanges during the frequent pauses and the 2 social events (public and speakers ones). pcz
    Read Peter Czanik’s report, a 2022 speaker, to get detailed feedback from a speaker point of view.
  • a precise yet not too noisy pre-event communication ;
  • a good quality speakers lineup and talks content ;
  • a seasoned speaker present at the conference, who is also an event organizer, spoke about Pass the SALT as an event with “a little extra soul”. We have appreciated 🤩

Obviously, we have also received some improvement suggestions:

  • Outcome of the CFP: it would be useful to receive as a speaker (rejected as accepted) a detailed extract of the different evaluations of the proposal by the reviewers. It would be a way to improve as a submitter and as a speaker. → We got the point. It implies some more work on our side but we definitely understand ;
  • Speakers dinner: this year it has been held in a restaurant, all people seated at some tables. Some speakers would have preferred a buffet to be able to chat with more people. We also prefer this way of doing the speakers dinner but this year, we haven’t managed to find a restaurant able to provide it for our 35 people group 😔 We will try harder next year!
  • Providing a hotel list: true and quite difficult to provide something trustable. We will provide some hotels we used the years before but we think that speakers don’t have to expect miracles from it. Online evaluation on specialized sites will surely give the same or better results.

5. Action on long term: consistency and transparency

Our core values are working into the open with putting great value on sharing and collaboration.

We try to provide year after year consistent action regarding these values by :

  • FREE ACCESS
    We provide easy access to the conference through free admission for talks, workshops and partly paid social event, open streaming ;
  • ONLINE RESSOURCES
    We put online very quickly all the content produced during the edition (slides, videos) ;
  • ARCHIVING
    We archive all slides and videos since 2008 (sic!) on a self-hosted website ;
  • DOCUMENTING
    We document all our production (ex: badge design) and inner working (budget, priorities, choices) ;
  • EXPOSING COLLABORATION
    We record all exchanges and collaborations on a dedicated page.
    BONUS: BOOTSTRAPPING SPEAKER CAREER As said in the synthesis, we also begin to see speakers who start their speaker career during our conference crossing road with seasoned speakers coming back to PTS after having started their speaker journey in our conferences (RMLL Sec track or PTS). It is a real pleasure to see this happen and a sign of the long term impact we are starting to have 🙂

We hope that these actions give a certain level of consistency and credit to the conference goals and values.

6. Conclusion

Due to the support of our sponsors and the trust of our speakers and attendees, we have been able to restart the conference under its original in-person format.

Attendees and speakers have really enjoyed the event and its quality networking opportunities. We have received recognition from the attendees for the uniqueness of our event and our ability to spark new collaborations.

But we have seen that attending conferences is not so natural anymore after more than two years of COVID break. We have to closely work together to promote among employees, students and our communities members the value of exchange and collaboration occurring when you attend conferences IRL.

We have also wanted to put a focus on our long term actions because we really think that being transparent, doing things in the open, promoting collaboration give credits to the conference values. We try to set a strong example 🙂

We hope you have found this report useful. We also hope that its reading and our long term action have reinforced your belief that attending the conference, answering to our CFP or be one of our sponsors really help to support the structuring and growth of the Security and Free Software community.