Security takes a team, and it's a journey. Fortunately, you can keep up with the state of security through networking and knowledge sharing at industry conferences.
You can find security conferences tailored to every IT security pro's needs, including application security, information security, and data security. Some events are very large, while others are more intimate. Some are loud and boisterous; others are more formal and toned down. Some focus on vendors and their latest products, while others emphasize training and education. A few have a narrow scope, while others aim to be comprehensive.
TechBeacon's list of the top security conferences goes through all of these details so you can find the right ones for you. Stay up to speed on securityand move toward continuous securitywith continuous learning.
Twitter: @SecurityBSidesWeb: securitybsides.comDates: January-DecemberLocations: Multiplelocations worldwideCost: Most are free
Almost every week, there's a BSides conference taking place somewhere in the world. BSides describes itself as a community-driven framework for building events led by members of the security community, not byvendors. BSides events create opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration.
Who should attend: Security pros and enthusiasts
Twitter: @DataConnectorsWeb: dataconnectors.comDates: January-DecemberLocations: 50 major citiesCost: Free
These conferences are focused on best practices, products, and services in an educational environment. Topics covered by the forums include cloud computing, the evolving IT landscape, andhow to combat cyber criminals. Each event is built around regionallybased vendors and speakers and qualify for CPE credits.
The events are free, with registration. Data Connectors may share registration information with the sponsors of a conference, who may use it to send marketing and promotional material to attendees.
Who should attend:Information, cyber,and network security professionals
Twitter:@AppSecCaliWeb: 2020.appseccalifornia.orgDate: January 21-24Location: Santa Monica, California, USACost: $99 to $1,200
Open Web Application Security Project chapters in Los Angeles, Orange County, the San Francisco Bay Area, and the Inland Empire in Southern Californiaare sponsoring this event. It gives infosec pros an opportunity to learn and share knowledge and experiences about secure systems and secure development. Although a regional OWASP event, it attracts practitioners from around the world.
Who should attend: Information security professionals, developers, and QA and testing professionals
Twitter: #enigma2020Web: usenix.org/conference/enigma2020Date: January 27-29Location: San Francisco, California, USACost: $1,500 (academic, student, government, and nonprofit discounts available)
Enigma, a Usenix event, centers on a single track of talks covering a wide range of topics in security and privacy. Topics at the 2020 forum include "Securing the Software Supply Chain,""Third-Party Integrations: Friend or Foe?""Catch Me If You Can!Detecting Sandbox Evasion Techniques," and "Bringing Usable Crypto to Seven Million Developers."
Who should attend: Security practitioners, chief privacy officers, chief financial officers, researchers, developers, andcryptographers
Twitter: @shmooconWeb: shmoocon.orgDate: January 31-February 2Location: Washington, DC, USACost:Sold out
ShmooCon is a three-day conference organized by the Shmoo Group, a security think tank started by Bruce Potter in the 1990s. The conference has been compared to the Black Hat and Def Con conferencesprobably because of its appeal to folks who like to compromise devices, networks, and appliancesbut on a smaller scale.
Who should attend: Hackers, CSOs, and government security professionals
Twitter: @BlueHatILWeb: bluehatil.comDate: February 5-6Location: Tel Aviv, IsraelCost: Invitation only
This invitation-only event is sponsored by Microsoft. The conferencewas cooked up by Fastly CSO Window Snyder, who designed itto get "blue hats"an industry term for bug bounty hunterscommunicating with Microsoft engineers and tobring them up to speed on current and emerging security threats.
Who should attend: Security professionals and bug bounty hunters
Twitter: @SuitsandSpooksWeb: tellaro.ioDate: February 6-7Location: Washington, DC, USACost: $298 to $798 (military and government employee discounts available)
Suits & Spooks bills itself as the "anti-conference" and offers boutique forums on top-line security issues. Among the issues discussed at the DC event are achieving early detection of terrorism in smart cities, the future of war and leadership in a connected and chaotic world, and the future of Big Tech in the era of GDPR and antitrust. In addition to the DC event, forums will also be held in Seattle, Washington (October 28; invitation only),and Los Angeles, California (November 18).
Who should attend: Civilian and government cybersecurity professionals, anddefense industry executives
Twitter: @internetsociety / #ndss20Web: ndss-symposium.org/ndss2020Date: February 23-26Location: San Diego, California, USACost: Workshops, $235 to $395; symposium, $490 to $1,110 (time-sensitive and student discounts available)
The Network and Distributed System Security Symposium is organized by the Internet Society. The event caters to researchers and practitioners of network and distributed system security, with an emphasis on system design and implementation. A major goal of the conference is to encourage and helpthe Internet community to apply, deploy, and advance the state of available security technologies.
Who should attend: University researchers and educators, chief technology and privacy officers, security analysts, system administrators, and operations and security managers
Twitter: @rsaconference / #RSAC2020Web: rsaconference.com/usaDate: February 24-28Location: San Francisco, California, USACost: Full conference pass $750 to $1,995 (time-sensitive, student, government, and loyalty discounts available)
This is one of the world's largest security conferences. Its size is a sign of the robust growth in the IT security industry and just how dangerous the threat landscape has become. Attendees should do their pre-conference homework and sketch out a game plan, since this is a very large conference.
The forum attracts more than 42,000 attendees and some 700 speakers across more than 550 sessions. In 2020, conference organizers are adding a new "Engagement Zone," a dedicated networking space meant to encourage interactive, collaborative, and cooperative learning for the thousands of cybersecurity experts in attendance.
Who should attend: Security professionals
[ Understand what's driving thenext-generation SOCwith TechBeacon'sguide. Plus: Download ESG's report on the state of cloud-based security analytics and operations ]
Twitter: @SecureWorldWeb: secureworldexpo.com/eventsDates: March-NovemberLocations: Multiple sites across the United States and CanadaCost: $45 to $795
SecureWorld is a series of regional conferences held annually in the United States and Canada. Conference agendas vary from region to region and include subjects of localas well as broader interest. Cities lined upfor 2020 areCharlotte, North Carolina;Philadelphia, Pennsylvania;Boston, Massachusetts;Houston, Texas;Cincinnati, Ohio;Toronto, Ontario;Kansas City, Kansas;Atlanta, Georgia;Chicago, Illinois; Santa Clara, California; St. Louis, Missouri; New York, New York; Detroit, Michigan; Dallas, Texas; Minneapolis, Minnesota; Denver, Colorado; and Seattle, Washington.
Who should attend: CSOs, CISOs, compliance officers, security consultants, directors, governance officers, cloud security practitioners, security researchers, and othersecurity professionals
Twitter: @nullcon / #nullconWeb: nullcon.net/website/Date: Training, March 3-5; conference, March 6-7Location: Goa, IndiaCost: Training, $624 to $993; conference, $169 to $300 (student, group, and time-sensitive discounts available)
Nullcon was founded in 2010 with the idea of providing an integrated platform for exchanging information on the latest attack vectors, zero-day vulnerabilities, and otherthreats. Its motto"The neXt security thing!"drives the narrative of the conference.
Organizers promise a venuewhere security researchers and experts discuss and showcase the future of information security and the nextgeneration of offensive and defensive security technology. The forum is known for responsibly disclosing new vulnerabilities, risks, and attacks on computers.
In that vein, the forum has a section called Desi Jugaad (Hindi for "Local Hack"), which invites researchers to cook up innovative approaches to real-life security problems.
Who should attend: Security practitioners (analysts, testers, developers, cryptographers, and hackers),security executives (CISOs and CXOs), business developers and venture capitalists (presidents, directors, vice presidents, and consultants), recruiters, and academics
Twitter: @WEareTROOPERS / #TR20Web: troopers.deDate: March 16-20Location: Heidelberg, GermanyCost: Conference, 2,190; training, 2,290; conference, training, and roundtables, 3,990
Troopers is an old-school, multitrack security conference that attracts speakers from more than 25 countries. Beforethe start of the two-day, three-track conference there are two-days of training. On the last day of the forum, a number of roundtable sessions are offered to allow attendees and speakers to discusscurrent security topics. There are also a number of special eventsTelco Security Day, IoT Security Day, and IPv6State of Play Day.
Who should attend: Security researchers and managers; security team members and leaders; network administrators; security testers; operations managers; Windows, Linux, and SAP administrators; CISOs; and CSOs
Twitter: @ISMGCorpWeb: events.ismg.io/summitsDates: March-DecemberLocations: Multiple sites worldwideCost: $160 to $995
This series of conferences on cybersecurity and fraud are staged around the world by the Information Security Media Group, a publisher of online information security publications. Content at the conferences is driven by the group's editorial team, and the events offer attendees an opportunity to learn from industry influencers, earn CPE credits, and meet with technology providers.
Who should attend: CISOs and cybersecurity professionals
Twitter: @WWHackinFestWeb: wildwesthackinfest.com/sandiegoDate: March 10-13Location: San Diego, California, USACost: $325
Conference organizers say this is the most hands-on conference in the industry. Numerous labs are available to conference-goers, as well as "Capture the Flag" and escape room events. In addition, theover 50 presentations and speakers are encouraged to include actionable takeaways in their presentations. A sister conference is scheduled for September in Deadwood, South Dakota, USA.
Who should attend: Security pros, penetration testers, application security specialists, threat intelligence analysts, system architects, researchers, system administrators, and students
Twitter: @ISCEventsWeb: iscwest.com/HomeDate: March 17-20Location: Las Vegas, Nevada, USACost: $75
This conference encompasses both physical and connected security. It attracts some 30,000 security and public safety professionals each year. More than 1,000 security brands and exhibitors are represented at the event.
A wide array of technologies are covered at the forumeverything from video surveillance and access control to smart home technologies, IoT, and unmanned security. A sister conference will be held November 18-19 in New York City.
Who should attend: Security and public safety professionals
Twitter: @CanSecWestWeb: cansecwest.comDate: March 18-20Location: Vancouver, British Columbia, CanadaCost:Conference, C$2,300 to C$2700; training, C$6,600 to C$7,500 (time-sensitive discounts available for conference and training)
CanSecWest is a three-day, single-track conference featuring one-hour presentations in a lecture theater setting and hands-on dojo training courses from security instructors. Organizers say thatpreference is given to new and innovative material, highlighting important andemergent technologies ortechniques, or best industry practices.
Who should attend: CISOs, CSOs, enterprise IT security pros, and executives
Twitter: @Infosecurity / @InfosecurityBEWeb: infosecurity.beDate: March 18-19Location: Brussels, BelgiumCost: Free, with registration
This is the first in a series of conferences organized by education and networking companyInfosecurity Group. In addition to coveringIT security, the conferences also discussdata management and cloud computing. Besides the Belgium forum, events are also planned for Copenhagen, Denmark;Mexico City, Mexico;So Paulo, Brazil;Utrecht, Netherlands; and New York, New York.
Who should attend: Security pros, executives, and managers
Twitter: @devseccon #DevSecConWeb: devseccon.com/singapore-2020Date: March 18-19Location: SingaporeCost: 245 to 495
This is the first in a series of conferences held throughout the year by MyDevSecOps, a global community connecting developers and security. According to the organizers, these events are run by practitioners for practitioners. The forums include talks by key industry figures about making DevOps and security work together, as well as interactive workshops. Additional forums will be held in Sydney, Australia;Boston, Massachusetts; London, UK; Tel Aviv, Israel; on the West Coast of the United States; and online.
Who should attend: DevSecOps and IT security professionals
Twitter: @BlackHatEvents / #bhasiaWeb: blackhat.com/asia-20Date: March 31-April 3Location: SingaporeCost: Briefings, S$1,700 to S$2,200; training, S$4,000 to S$6,620; (time-sensitive discounts available for briefings and training)
This is the Asian sister of the famous North American conference for hackers held in Las Vegas. It combines hands-on training sessions taught by industry experts with briefings containing cutting-edge research, including the latest zero-dayvulnerabilities. There's also a businesshall for solutions and service providers, and an "arsenal" feature where the latest open-source security tools are demonstrated.
Who should attend: Security analysts, risk managers, security architects/engineers, penetration testers, security software developers, and cryptographers
[ Explore TechBeacon's guideto SecOpschallenges and opportunities. Plus: Downloadthe 2019 State of Security Operations report. ]
Twitter: @sansinstitute / #SANS2020Web: sans.org/event/sans-2020Date: April 3-10Location: Orlando, Florida, USACost: Courses, $2,800 to $7,610
The SANS Institute, founded in 1989, focuses on security research and providing intensive, immersive security training via a variety of conferences, smaller events, and courses that reach about 165,000 security professionals around the world. Its big annual event, SANS 2020, doubles as a conference, with keynote speakers and networking opportunities, and a training event.
SANS pledges that what people learn in its courses and events can be applied immediately once they get back to their workplaces. For IT pros who can't make it to the conference, SANS offers many of the forum's courses in virtual classrooms, where they can participate in live sessions remotely.
Who should attend: IT security pros, CxOs, network and system administrators, security managers, and security testers
Twitter: @HITBSecConf / #HITB2020AMSWeb: conference.hitb.org/hitbsecconf2020amsDate: April 20-24Location: Amsterdam, NetherlandsCost: Training, 1,899 to 4,299; conference, 799 to 1,499 (student and time-sensitive discounts available)
HITB emerged during the early dotcom days as a news and resource portal for hacking and network security. In 2003, its operators decided to try their hand at staging a conference. The result was the Hack In The Box Security Conference, which is held annually in Amsterdam.
It focuses on "next-generation" computer security issues. It includes a competition, technology exhibit, and "hackerspaces" for hackers, makers, and breakers. In addition to Amsterdam, conferences will be held in Singapore in July and Abu Dhabi in October.
Who should attend: Security pros, researchers, and hackers
Twitter: @SecurityWeekWeb: icscybersecurityconference.com/singapore/Date: April 21-23Location: SingaporeCost: $895 to $1,295 (time-sensitive, military, and government discounts available)
Organized by SecurityWeek, this is the longest-running cybersecurity-focused conference for the industrial control systems sector. Its target audience consists of energy, utility, chemical, transportation, manufacturing, and other industrial and critical-infrastructure organizations.
Most attendees are control systems users, working as control engineers, in operations management, or in IT. Topics addressed in the forum include protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers, and other field control system devices.
Who should attend: Operations, control systems, and IT security professionals
Twitter: @ruhrsecWeb: ruhrsec.de/2020Date: May 5-8Location: Bochum, GermanyCost (2018): 199 to 1,599
True to its location at Ruhr University, the conference has a collegiate feel to it, with both academic and industry talks planned for the event. In the past, the conference has made headlines with research about exploiting vulnerabilities in popular printer models. All profits from the conference will be donated to a local nongovernmental youth organization.
Who should attend: Hardware/IoT security practitioners, application developers, security researchers, software testers and QA professionals, network administrators, academics, and computer science students
Twitter: @THOTCON / #THOTCONWeb: thotcon.orgDate: May 8-9Location: Chicago, Illinois, USACost:Sold out
Organizers describe this event as a low-cost "hacking conference" with a nonprofit and noncommercial goal and a limited budget. It's been held annually in Chicago since 2010, born from its organizers' desire to host an affordable security conference for hackers who live in and around the Windy City. Proceeds are used for the following year's conference.
There's a bit of a cloak-and-dagger aura about the forum. Not only does its homepage have messages in Russian, but its exact location in Chicago is never revealed to attendees and speakers until a week before the conference.
Who should attend: Hackers, especially those from the Chicago area
Twitter: @NorthSec_io / #nsec20Web: nsec.ioDate: May 10-17Location: Montreal, Quebec, CanadaCost: Conference, C$150 to C$5,300 (student and time-sensitive discounts available)
Attracting more than 600 attendees annually, NorthSec is the biggest applied security event in Canada. It's aimed at raising the knowledge and technical expertise of both professionals and students.
The event offers a single-track conference, training workshops, and a capture-the-flag competition. Speakers address topics ranging from application and infrastructure security to cryptography and ethics. Workshops and training cover subjects such as penetration testing, network security, software and hardware exploitation, web hacking, reverse engineering, malware, and encryption.
Who should attend: CSOs, CISOs, CTOs, software developers, software engineers, programmers, industry analysts and consultants, security researchers, security engineers, cryptographers, privacy advocates, computer scientists, penetration testers, and reverse engineers
Twitter: @IEEESSPWeb: ieee-security.org/TC/SP2020Date: May 18-20Location: San Francisco, California, USACost (2019): Symposium, $745 to $1,565; workshop, $380 to $530 (time-sensitive, member, and student discounts available for both symposium and workshops)
Since 1980, thisIEEE symposium has been a venue for airing developments in computer security and electronic privacy. The conference attracts both researchers and practitioners ready to share their knowledge on a broad range of security topics. In addition to the symposium, the IEEE offers a number of workshops that allow forum-goers to take a deeper dive into specific aspects of security and privacy.
Who should attend: Researchers, security practitioners, and students
Twitter: @reconmtl, @reconbrxWeb: recon.cxDate: JuneLocation: Montreal, Quebec, CanadaCost (2019): C$800 to C$1,400 (student and time-sensitive discounts available)
REcon is an annual conference held in Brussels and Montreal that focuses on reverse engineering and advanced exploitation techniques. The single-track conference covers subjects such as software and hardware reverse engineering, finding vulnerabilities and writing exploits, and bypassing security protections.
In addition to the conference, training sessions lasting two to four days are offered. They cover subjects such as hacking operating systems, firmware, and IoT devices.
Who should attend: Security researchers, programmers, developers, and information security team members, plus leaders of those disciplines
Twitter: #GartnerSECWeb: gartner.com/en/conferences/na/security-risk-management-usDate: June 1-4Location: National Harbor, Maryland, USACost: $3,250 to$3,825 (time-sensitive and public sector discounts available)
As with all Gartner conferences, Gartner analysts will feature prominently in keynotes, panels, roundtables, how-to workshops, and one-on-one meetings, but there will also be companies presenting case studies, and many opportunities to network.
Who should attend: CISOs, CSOs, enterprise IT security pros and executives, CxOs, business continuity and disaster recovery managers, and network security managers
See the article here:
The best security conferences of 2020 - TechBeacon
