Whether you are a security pro, software developer, security administrator, or any other role in the IT security fields, attending a conference is an excellent way to network with other professionals and extend your knowledge base. These IT security and cybersecurity conferences provide exclusive access to some of the newest innovations and ideas from all around the globe, putting you in the same room as the leading experts and security pros. There are hundreds of these conferences to choose from each year, giving you the ability to choose what is right for you.
However, not all security conferences are the same, and they may not fit your preferences or budget. Some conferences are small and intimate with plenty of time for collaboration and questions, while others are large, loud, and draw in thousands of people at a time. While the bigger security conferences may not offer as much time for small discussions, they still provide plenty of networking opportunities and presentations from some of the top global experts in the security field.
While the search for the most popular and relevant conferences can be too exhausting to even begin, we have done all of the heavy lifting for you. We have put together a list of the top IT security, information security, and cybersecurity conferences of 2017, both in the United States and all around the world.
Date: February 13-17, 2017
Location: San Francisco, California
Cost: $100 to $2,695
The RSA Conference is one of largest security conferences in the entire world, with more than 43,000 attendees in 2017 alone. Add to that the more than 700 speakers from all across the globe, and it’s no wonder this event is one of the largest and most popular in the area of cybersecurity.
The RSA conference features relevant topics and resources each year, with tracks in areas such as encryption and national security, Department of Defense perspectives on cyber threats, and hacking, to name a few. The event provides insights and networking opportunities to help you get ahead, and stay ahead, of cyber threats and system compromises.
Some of the keynote speakers from the 2017 event included:
- George Kurtz- CEO, CrowdStrike
- Ron Carback- Defense Intelligence Officer for Cyber, Defense Intelligence Agency
- April Doss- Partner, Saul Ewing
- Vijay Dheap- Program Director of Cognitive Security, IBM
- Dr. Josh Benaloh- Senior Cryptographer, Microsoft Research
Videos of the 2017 RSA speakers can now be seen on their website.
The 2018 RSA Conference is scheduled for April 16-20 in San Francisco, and early registration is now being offered.
Date: March 15-17
Location: Vancouver, British Columbia
Cost: $2,100 to $2,500 CAD
CanSecWest is one of the world’s most advanced technical conferences aimed at applied digital security.
The event is a three-day, single-track conference that offers best practices and real-world experiences regarding new vulnerabilities, attacks, and defenses, provided in lecture-style presentations by an experienced professionals.
CanSecWest consistently draws a variety of vendors and security professionals, including offensive and defensive experts. The information presented and shared is extremely critical, on topics like:
- Hacking drones
- Embedded systems
- Security software
- Web hacking techniques
- Advanced Malware Deobfuscation
Some of the speakers from the 2017 event included Dr. Michael A. VanPutte, Ph.D, CISSP, author of Walking Wounded: Inside the U.S. Cyberwar Machine; Scott Kelly, Netflix; Matt Miller & David Weston, Microsoft; Mickey Shakatov & Maggie Jaurequi, Intel.
The 18th annual CanSecWest conference will be held March 14-16th, 2018 at the Sheraton Wall Centre hotel in downtown Vancouver, British Columbia, Canada. Registration is not yet open for the 2018 event.
Date: April 7-14
Location: Orlando, Florida
Cost: $1,520 to $6,610
SANS 2017 was held in Orlando, Florida and was organized by the SANS Institute, the global leader in information security training. The annual event features more than 40 hands-on cyber security courses taught by the industry’s top professionals and instructors in the field. These courses range in levels from introductory all the way to the most advanced training available. The event also offers insightful presentations by keynote speakers and plenty of unique networking opportunities.
The keynote speaker of the 2017 SANS conference was SANS Senior Instructor Eric Conrad on “Quality not Quantity: Continuous Monitoring’s Deadliest Events.” Some of the trainings included:
- Automating Information Security with Python
- Critical Security Controls
- Intrusion Detection In-Depth
- Continuous Monitoring and Security Applications
- Immersive Hands-on Hacking Techniques
- Cyber Threat Intelligence
- Advanced Smartphone Forensics
Outside of the numerous trainings, SANS 2017 featured a vendor expo and SANS Night for bonus evening sessions and networking opportunities, as well as a DFIR NetWars Tournament, CORE NetWars Experience. SANS 2018 is slated to occur from April 3-10 next year in Orlando.
Date: April 7-9
Location: Austin, Texas
Cost: $100 to $160
InfoSec Southwest annually brings together some of the top experts and professionals from the field of information security and hacking disciplines. It was originally created for the local hacker community in Austin, and has since grown to be one of the most impressive information security conferences in the industry.
The scope of InfoSec Southwest is broad, and it is organized of seminars, e-learning workshops, in-house training sessions, conferences, and executive programs. It also includes deep dives into the social and legal implications of hacking and how they are affecting the hacker culture.
The 2017 InfoSec Southwest conference included speakers:
- Bill Buddington, Activist, Programmer, and Cryptographer
- Dan Crowley, Austin Research Director and Senior Security Engineer at NCC Group
- Leah Figueroa, Data Analyst
- Joe Gray, Enterprise Security Consultant at Sword and Shield Enterprise Security
- Tiberius Hefflin, Security Evaluation Engineer at Intel
- Erich Kron, Security Awareness Advocate at KnowBe4
The 2017 InfoSec Southwest schedule revealed a variety of topics covered, as well as plenty of opportunities for networking and discussions.
Date: April 10-14
Location: Amsterdam, Netherlands
Cost: €299 to €1,599
The Hack In The Box Security Conference is held each year in Amsterdam and is globally recognized for its networking opportunities and it’s forward-thinking views on computer security issues. The two day conference consists of multitrack sessions that cover topics such as:
- Practical machine learning in infosecurity
- Cloning Android HCE cards
- The making of Drammer
- Attacks against ISO crypto libraries
- Keyless entry system attacks
- Hunting for vulnerabilities in Signal
The 2017 Hack In The Box Security Conference featured a variety of expert speakers and security professionals, including: Elly van den Heuvel, Secretary to the Dutch Cyber Security Council (CSR); Saumil Shah, Founder/CEO of Net-Square; Window Snyder, Chief Security Officer at Fastly; Natalie Silvanovich, Security Researcher at Google Project Zero. A full list of the 2017 speakers provides insight into the breadth and depth of the conference.
The conference also offers multiple days of in-depth training sessions provided by industry experts. These trainings provides hands-on experience with some of the top computer security issues including malware, cybersecurity, Internet of Things hacking, and Linux Kernel exploration techniques.
Date: April 24-27
Cost: SD $995 to SD $1695
The ICS Cyber Security Conference is a three-day event that includes multi-track trainings and workshops specifically aimed at operations, control systems, and IT security professionals. The conference is one of the longest-running events with a focus on cybersecurity in the industry, and featured speakers from top organizations all across the world.
The 2017 agenda for the ICS Cyber Security Conference revealed many of the tracks, such as:
- The Importance of Cybersecurity Training and Policies
- Surprises in a Decade of Evolving SCADA Security Advice
- Development through Industrial Control Systems’ Changing Landscape
- Drone Wireless Attacks Against Land and Maritime Industrial Sites
The speakers from the 2017 event in Singapore included chief technologists, CEOs, VPs, system engineers, cyber security consultants, and technology strategists. The ICS Cyber Security Conference is also being held in Atlanta, Georgia from October 23-26. Registration for that event is currently open.
Date: April 24-26
Location: Nashville, Tennessee
Cost: $300 once invited
InfoWarCon is an exclusive conference that focuses on cyber and IT topics as related to warfare. The goal of InfoWarCon is to bring together members of the military, law enforcement, and private sector to discuss how technology affects national security, the well-being of individual citizens, and the global balance of power.
Originally started in 1994, InfoWarCon has since covered topics like cyber-terrorism, homeland defense, policy, and infowar. Past speakers of the event include
- Richard Forno, Ph.D, UMBC
- Gen. John Sheehan, Allied Supreme Commander Atlantic
- Gloria Craig, Director General Security, MoD, UK
- Gen. Richard Myers, JTF-CND, Space Command
- Bill Cheswick, Lead Tech at AT&T Labs
- Brett Hovington, FBI
- Martha Stansell-Gamm, Chief, DoJ
In an effort to keep attendees at the highest caliber of presenters and participants, InfoWarCon requires any prospective attendee to submit a short “What I Bring to InfowarCon” piece. Up to 60 attendees will be accepted based on these blurbs, and invitations are then provided.
Date: May 4-5
Location: Chicago, Illinois
ThotCon is an annual conference in Chicago started and held specifically for hackers and the local hacking culture. ThotCon, the name taken from taken from Chicago area code Three – One – Two, is a small and nonprofit event, with an attendance last year of about 1,000 people. Any proceeds from the conference are used for the next year’s event, with the mission of having better presenters and vendors each year.
The event is low-cost yet high quality, with a strong focus on providing one of the best information security conference experiences in a social and relaxing environment. In honor of its secretive nature, the specific location of the event is kept confidential until a week before the conference, when it is then released to attendees and speakers alike.
Some of the previous topics covered at ThotCon conferences include:
- TASBot, an augmented Nintendo robot
- Using, or securing against, the latest hacking methods such as side channels, physics, and low cost tools
- Red teaming, needs and best practices
- Hacking Python
- Intercepting, modifying, and generating wireless signals with SD
Date: May 8-12, 2017
Location: Belfast, Ireland
Cost: € 90 to € 780
AppSec Europe is an annual conference hosted by the Open Web Application Security Project (OWASP), a non-profit organization whose goal is to spread the visibility of software security. The event has many different features, such as technical talks by some of the leading experts in security, DevOps, and cloud; training sessions for hands-on learning; keynotes from industry leaders; panels for discussions and debates; vendor booths; and numerous other activities.
There were four tracks for AppSecEU 2017, including:
- Hackers: Designed for those who want to learn the latest tactics and hacks
- Developers: Created for builders and security engineers interested in making secure applications and how to defend them
- DevSecOps: Intended for those who want to discover the latest thinking on how to secure the entire SDLC
- CISO: Designed for professionals responsible for managing the control and security of organizations
Speakers from the 2017 AppSec Europe included Jaya Baloo, CISO of KPN Telecom in the Netherlands; Jeremiah Grossman, Chief of Security Strategy (SentinelOne); Shannon Lietz, DevSecOps Lead at Intuit; and Brian Honan, Independent security consultant and founder/head of IRISSCERT, Ireland’s first CERT.
Date: May 16-19
Location: Washington, D.C.
Cost: $300 to $1,370
The International Cryptographic Module Conference is an annual event held in Washington D.C. designed to bring together global experts in commercial cryptography. The conference is aimed at those interested in developing, specifying, and procuring certified commercial off-the-shelf cryptographic modules; government departments responsible for testing cryptographic modules; and key players and stakeholders in standards development, to name a few.
The conference includes content from six key areas:
- Global Cryptographic Module Validation
- Open Source Cryptography
- Embedded Encryption and Industry-Vertical Applications
- Common Criteria
- Quantum Threats and Quantum-Safe Crypto
- End-User Experience and Crypto Policy
The 2017 agenda for the ICM conference revealed a variety of speakers, including Dr. Najwa Aaraj, Senior Vice President, Special Projects, DarkMatter; Gordon Bass, Director of Cybersecurity Operations at U.S. Department of Energy (DOE); Edna Conway, Chief Security Officer, Global Value Chain, Cisco Systems, Inc.; and Michael Cooper, IT Specialist, NIST.
Date: May 22-24
Location: San Jose, California
Organized by The Institute of Electrical and Electronics Engineers, the IEEE Symposium on Security and Privacy attracts both developers and researchers interested in computer security and electronic privacy. Originally held in 1980, this premier conference has long since proven its place in the security field, with expert speakers and numerous workshops included.
Workshops from the 2017 IEEE Symposium on Security and Privacy focused on key topics, such as:
- Privacy engineering
- Bio-inspired security, trust, and resilience
- Language-theoretic security
- Mobile security technologies
- Technology and consumer protection
- Traffic measurements for cybersecurity
Outside of the large presentations and keynotes, there are also many short talks, including topics like: Breach detection in Cloud, Mitigating the Impact on Mission due to Cyber Attacks, App Permission Recommender, OmniLedger, and Labtainers.
Date: June 6-8
Location: London, UK
Infosecurity Europe is the region’s largest and most widely attended information security event. The event features Europe’s most comprehensive conference program, with over 360 exhibitors showcasing the newest information security solutions and products to close to 18,000 attendees.
The full program of the 2017 conference lists many famous Keynote speakers, as well as various sessions and presentations. The Keynote Stage featured many headlining speakers, including:
- Dame Stella Rimington, Former Director General, MI5
- Bret Arsenault, CISO, Microsoft
- Bruce Schneier, Security Technologist, Infosecurity Europe Hall of Fame Alumnus
- Jaya Baloo, CISO, KPN Telecom
The conference is made up of sessions that focus on the latest vulnerabilities and how to defend against them; technical presentations, that address the latest challenges and how to handle threats, as well as how to apply it back to your organization; and short presentations, that address the latest business challenges, how to align info security with your organization’s strategic business plan, and how to overcome new challenges.
The next InfoSecurity Europe will take place from June 5-7 in 2018, with registration for your interest open now. There is also an InfoSecurity North America conference in Boston from October 4-5 of this year.
Date: June 12-15
Location: National Harbor, Maryland
Cost: $3,100 to $3,400
The Gartner Security & Risk Management Summit is one of the largest gatherings for security, risk management, and business continuity management leaders. The event provides proven practices and strategies for cost-effective security while reducing risks and compromises. The summit is organized to address the latest threats, flexible new security architectures, governance strategies, and the chief information security officer role and more.
The Gartner Security & Risk Management Summit includes a mixture of keynotes from global experts, panels, roundtables, workshops, and even one-on-one meetings. They feature many opportunities for networking as well as options to learn some of the latest skills from leading professionals. The presentations cover topics such as:
- Enabling safer cloud computing
- Risks and opportunities of smart machines, artificial intelligence, the Internet of Things and operational technology
- Data security and risk governance
- Mobile security for digital business
- Protecting vital infrastructure
- Privacy and data security
The agenda from the 2017 conference is available online, and the presentations are available for viewing. The 2018 Gartner Security & Risk Management Summit is scheduled for June 4-7 at the Gaylord National Resort and Convention Center in National Harbor, MD.
Date: July 22-27
Location: Las Vegas, Nevada
Cost: $495 to $2,795
Now in its 20th year, Black Hat is one of the world’s biggest tech conferences, providing attendees with the latest research and trends in security. The 2017 event attracted more than 15,000 people, and has become the premier conference for researchers, security experts, vendors, and hackers.
Black Hat featured training sessions, large keynotes and presentations, workshops, sponsored sessions, and briefings. Organizers of the event remind attendees to take precaution of their technology and information, as thousands of skilled hackers are also in attendance. In fact, this conference has become so well-known in the city of Las Vegas, that workers at hotels and restaurants are advised to keep their wifi off for the entire event to ward against potential attacks or security threats.
The 2017 Black Hat USA agenda featured numerous tracks, including:
- Applied Security
- Data Forensics/Incident Response
- Exploit Development
- Human Factors
- Internet of Things
- Network Defense
- Platform Security
Date: July 27-30
Location: Las Vegas, Nevada
Cost: $260, cash only at the door
Another extremely popular event in Las Vegas is Def Con, one of the oldest and largest security conferences in the world. The conference begins each year when its cousin, Black Hat, ends, so the events share many similar topics and themes. However, Def Con brings in close to 25,000 attendees and is known for being a wilder event with some of the best hackers attending in the world.
Now in its 25th year, Def Con features speakers, contests, vendors, workshops, demo labs, and entertainment, not to mention plenty of opportunities to network with the world’s top hackers and potentially get headhunted by government officials looking for hacker talent for intelligence and law enforcement agencies.
Some of the presentations for Def Con 25 included:
- From Box to Backdoor: Using Old School Tools and Techniques to Discover Backdoors in Modern Devices
- Jailbreaking Apple Watch
- Wiping Out CSRF
- Hacking the Cloud
- Hacking Invisibly and Silently with Light and Sound
- Secret Tools: Learning about Government Surveillance Software You Can’t Ever See
Date: August 16-18
Location: Vancouver, Canada
Cost: $915 $1065
The Usenix Security Symposium is a three-day conference that includes more than 80 refereed paper presentations as well as invited talks and various sessions. Organizers say that the Usenix Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security and privacy of computer systems and networks.
Tracks for the conference include Bug Finding, Side-Channel Attacks, Systems Security, Side-Channel Countermeasures, Malware and Binary Analysis, Censorship, Embedded Systems, Networking Security, and Targeted Attacks, to name a few.
The 2017 agenda reveals a variety of technical sessions, covering topics like:
- Defense Security in Modern Newsrooms
- A Study of Double Fetches in the Linux Kernel
- On the effectiveness of mitigations against floating-point timing channels
- Efficient Protection of Path-Sensitive Control Security
- Hacking in Darkness: Return-oriented Programming against Secure Enclaves
Date: September 11-13
Location: Washington, D.C.
Cost: $495- $1595
Protect is Hewlett Packard Enterprise’s largest security event of the year. Protect is a technical conference held in Washington D.C. that attracts close to 2,000 attendees each year, providing support for IT professionals, security professionals, infrastructure managers, and other service and support staff.
HPE states that by attending the conference, attendees will increase their knowledge in the technical sessions that are provided by security experts, learn how to detect and respond to threats and compromises, and build their skills by collaborating with developers and networking with other security professionals.
There are a large variety of sessions offered at the 2017 conference, covering tracks such as Intelligent Security Operations, Application Security, and Data Security. Some of the technical sessions include:
- Application security built from scratch
- ArcSight vs AI cyber weapons: A field report from the epicenter of cyberwar
- Complete automation and maturity of an application security program
- Data-centric protection and organizational change – enabling data governance
The 2017 event will provide keynotes by some of the leading experts in the industry, such as Theresa Payton, founder, president and CEO of leading security, risk and fraud consulting company, Fortalice, LLC.
Date: September 19-22
Location: Orlando, Florida
Another conference organized by the Open Web Application Security Project (OWASP), AppSec USA is the partner to AppSec Europe. One of the largest conferences based solely on application security, AppSec USA goes deep into topics like privacy, DevOps, secure development, mobile security, app assessments, and security on and for the Cloud.
Unlike other similar conferences that only offer speaker presentations or keynotes, AppSec USA also provides innovative, hands-on training by some of the leading experts in the industry. The event also focuses on helping women and men of the armed forces transition into civilian life and in finding careers.
Some of the training available before the conference will cover topics like:
- Hands-on security in DevOps and Application Security
- Mobile App Attack
- Open Source Defensive Security
- Internet of Things Hacking
- AppSec Fundamentals
- Advanced SQL Injection Exploitation
The keynote speakers of the 2017 event include: Jim Manico, Author and Educator of of developer security awareness trainings; Jen Ellis, VP of community and public affairs, Rapid7; and Runa A. Sandvik, Privacy and Security Researcher and Director of Information Security at The New York Times.
Date: September 20-24
Location: Louisville, Kentucky
In its seventh year, DerbyCon is a fast growing conference that serves to provide an intimate and friendly technology gathering for experts and regular folks, alike. Organizers describe it as an InfoSec conference with the feel of a family reunion, and the number of attendees has hit close to 2,000 in the past years.
DerbyCon welcomes anyone who is interested in attending, but tickets sell out fast and space is limited. The conference begins with two days of training and then is followed by two days of speakers and presentations. The training sessions cover topics like malware analysis, hacking basics, pentesting, and reverse engineering, to name a few.
DerbyCon is an infosec conference that prides itself on its family feel. That means industry professionals, hobbyists, and people with an interest in security are welcome to attend. Some of the keynote speakers for the 2017 event include Matthew Graeber, Principal Security Engineering Lead at Microsoft, and John Strand, Owner of Black Hills Information Security.
Date: September 25-28
Location: Dallas, Texas
The ASIS Annual Seminar and Exhibits (ASIS 2017) has been one of the leading conferences for security professionals worldwide for more than six decades. Organized by ASIS International, this event covers the full spectrum of security topics, with presentations and sessions in areas like data and infrastructure security, cybersecurity, counterterrorism, loss prevention, and facilities security.
The 2016 event saw over 22,000 attendees from a total of 109 different countries. Previous keynote speakers included U.S. Homeland Security Secretary Jeh C. Johnson and FBI Director James B. Comey. The keynote speakers for the 2017 ASIS conference include:
- George W. Bush, 43rd President of the United States
- Mark Cuban, Technology & Media Entrepreneur, Owner of the Dallas Mavericks, and HD Net/AXS TV Chairman & Co-Founder
- Scott Klososky, International Speaker and Author
- Edward F. Davis, III, Former Police Commissioner of the Boston Police Department
- Rick DesLauriers, Former Special Agent in Charge (SAC)
Some of the main tracks on the ASIS 2017 agenda include: Active Shooter, Architecture/Engineering/Design, Communicating/Demonstrating the Value of Security, Crime/Loss Prevention, Crisis Management, Critical Infrastructure, Investigations, Legal, Physical Security, Terrorism, and Workplace Violence.
Date: October 30-November 3
Location: Dallas, Texas
The ACM Conference on Computer and Communications Security (CCS) is an annual conference organized by the Special Interest Group on Security, Audit and Control (SIGSAC) of the Association for Computing Machinery (ACM).
This conference is strongly research-focused and it brings together information security researchers, practitioners, developers, and users from across the globe to explore the latest research and share the newest innovations and developments.
There are numerous pre-conference workshops at the ACM CCS 2017 event available, covering topics like:
- Multimedia privacy and security
- Privacy in the electronic society
- Moving target defense
- Managing insider security threats
- Programming languages and analysis for security
- Host theory and practice of differential privacy
No matter your budget or your role in the security world, there is a conference for you. Whether you are looking for something small and familiar, or large and loud, these commences are guaranteed to bring you closer to some of the biggest experts in the world while providing opportunities to learn about the latest research and to network with other security and IT professionals. It doesn’t matter which of these top IT security, information security, and cybersecurity conferences of 2017 you choose, you will definitely not be disappointed.