Security & Compliance Blog

Top 20 IT Security Conferences of 2018

Stephen Watts
Laura Shiff
by Stephen Watts, Laura Shiff
9 minute read

Last updated: 4/18/2018

Whether you are a security pro, software developer, security administrator, or any other role in the IT security fields, attending a conference is an excellent way to network with other professionals and extend your knowledge base. These IT security and cybersecurity conferences provide exclusive access to some of the newest innovations and ideas from all around the globe, putting you in the same room as the leading experts and security pros. There are hundreds of these conferences to choose from each year, giving you the ability to choose what is right for you.

However, not all security conferences are the same, and they may not fit your preferences or budget. Some conferences are small and intimate with plenty of time for collaboration and questions, while others are large, loud, and draw in thousands of people at a time. While the bigger security conferences may not offer as much time for small discussions, they still provide plenty of networking opportunities and presentations from some of the top global experts in the security field.

BMC’s list allows you to find the top IT Security, Information Security, and CyberSecurity conferences of 2018 that are relevant to you quickly and efficiently. Whether you are looking for a conference by date, location nearest to you, or a specific price range, our list provides both national and international options so you are sure to find exactly what you are looking for.

This list will be updated regularly, so feel free to contact me if you would like to add a security conference to the directory. To be considered, please email all details including the conference name, dates of the event, location, and a link to the event’s website to

Be sure to also check out our list of the top IT/Technology Conferences, Programming & Software Dev Conferences, & DevOps Conferences.

Top IT Security, InfoSec, & CyberSecurity Conferences for 2018

RSA Conference

Date: April 16-20
Location: San Francisco, California
Cost: $675 to $2,695

The RSA Conference is one of largest security conferences in the entire world, with more than 43,000 attendees in 2017 alone. Add to that the more than 700 speakers from all across the globe, and it’s no wonder this event is one of the largest and most popular in the area of cybersecurity. The event features relevant topics and resources each year, with tracks in areas such as encryption and national security, Department of Defense perspectives on cyber threats, and hacking, to name a few. It provides insights and networking opportunities to help you get ahead, and stay ahead, of cyber threats and system compromises.


Date: March 14-16
Location: Vancouver, British Columbia
Cost: $2,100 to $2,500 CAD

CanSecWest is one of the world’s most advanced technical conferences aimed at applied digital security.

The event is a three-day, single-track conference that offers best practices and real-world experiences regarding new vulnerabilities, attacks, and defenses, provided in lecture-style presentations by an experienced professionals. CanSecWest consistently draws a variety of vendors and security professionals, including offensive and defensive experts. The information presented and shared is extremely critical, on topics like hacking drones, embedded systems, security software, web hacking techniques, and advanced malware deobfuscation.

SANS 2018

Date: April 3-10
Location: Orlando, Florida
Cost: $1,520 to $6,610

SANS 2018 is organized by the SANS Institute, the global leader in information security training, and features more than 40 hands-on cyber security courses taught by the industry’s top professionals and instructors in the field. These courses range in levels from introductory all the way to the most advanced training available. The event also offers insightful presentations by keynote speakers and plenty of unique networking opportunities. Some of the trainings included: Automating Information Security with Python; Critical Security Controls; Intrusion Detection In-Depth; Continuous Monitoring and Security Applications; Immersive Hands-on Hacking Techniques; Cyber Threat Intelligence; and Advanced Smartphone Forensics.

InfoSec Southwest 2018

Date: April 11-13
Location: Austin, Texas
Cost: $100 to $160

InfoSec Southwest annually brings together some of the top experts and professionals from the field of information security and hacking disciplines. The scope of InfoSec Southwest is broad, and it is organized of seminars, e-learning workshops, in-house training sessions, conferences, and executive programs. It also includes deep dives into the social and legal implications of hacking and how they are affecting the hacker culture.

The 2017 speakers included: Bill Buddington, Activist, Programmer, and Cryptographer; Dan Crowley, Austin Research Director and Senior Security Engineer at NCC Group; Joe Gray, Enterprise Security Consultant at Sword and Shield Enterprise Security; and Tiberius Hefflin, Security Evaluation Engineer at Intel.

InfoSec World

Date: March 19-21
Location: Lake Buena Vista, Florida
Cost: $1,795- $4,195

InfoSe World has been one of the main “business of security” conferences in the world for over 20 years. Bringing together expert speakers, security practitioners, and industry leaders, InfoSec World addresses ways to manage today’s threats to cultivate business while preventing, detecting, and responding to security challenges that arise. Some topics that will be covered at the 2018 conference include: coding; artificial intelligence; making the most of a small team; detecting internal threats; security architecture; and the dark web.

Hack In The Box Security Conference

Date: April 9-13
Location: Amsterdam, Netherlands
Cost: €299 to €1,599

The Hack In The Box Security Conference is held each year in Amsterdam and is globally recognized for its networking opportunities and its forward-thinking views on computer security issues. The two day conference consists of multitrack sessions that cover topics such as: Practical machine learning in infosecurity; Cloning Android HCE cards; The making of Drammer; Attacks against ISO crypto libraries; Keyless entry system attacks; and Hunting for vulnerabilities in Signal. Attendees can expect to develop new professional relationships and alliances while learning from some of the top security experts in the industry.

ICS Cyber Security Conference

Date: April 24-26
Location: Singapore
Cost: SD $995 to SD $1695

The ICS Cyber Security Conference is a three-day event that includes multi-track trainings and workshops specifically aimed at operations, control systems, and IT security professionals. The conference is one of the longest-running events with a focus on cybersecurity in the industry, and featured speakers from top organizations all across the world. The 2017 event consisted of many tracks, such as: The Importance of Cybersecurity Training and Policies; Surprises in a Decade of Evolving SCADA Security Advice; Development through Industrial Control Systems’ Changing Landscape; and Drone Wireless Attacks Against Land and Maritime Industrial Sites.


Date: May 4-5
Location: Chicago, Illinois
Cost: $69- $299

ThotCon is an annual conference in Chicago started and held specifically for hackers and the local hacking culture. ThotCon is a small and nonprofit event, with an attendance last year of about 1,000 people. The event is low-cost yet high quality, with a strong focus on providing one of the best information security conference experiences in a social and relaxing environment. In honor of its secretive nature, the specific location of the event is kept confidential until a week before the conference, when it is then released to attendees and speakers alike. Some of the previous topics covered at ThotCon conferences include: Using, or securing against, the latest hacking methods such as side channels, physics, and low cost tools; Hacking Python; and Intercepting, modifying, and generating wireless signals with SD.

AppSec Europe

Date: June 17-21
Location: Tel Aviv, Israel
Cost: € 90 to € 780

AppSec Europe is an annual conference hosted by the Open Web Application Security Project (OWASP), a non-profit organization whose goal is to spread the visibility of software security. There were four tracks for AppSecEU 2017, including: Hackers (Designed for those who want to learn the latest tactics and hacks); Developers (Created for builders and security engineers interested in making secure applications and how to defend them); DevSecOps (Intended for those who want to discover the latest thinking on how to secure the entire SDLC); and CISO (Designed for professionals responsible for managing the control and security of organizations).

International Cryptographic Module Conference

Date: May 8-11
Location: Ottawa, Canada
Cost: $500- $1,370 USD

The International Cryptographic Module Conference is designed to bring together global experts in commercial cryptography. The conference is aimed at those interested in developing, specifying, and procuring certified commercial off-the-shelf cryptographic modules; government departments responsible for testing cryptographic modules; and key players and stakeholders in standards development, to name a few. The 2017 ICM conference included a variety of speakers, such as Dr. Najwa Aaraj, Senior Vice President If Special Projects, DarkMatter; Gordon Bass, Director of Cybersecurity Operations at U.S. Department of Energy (DOE); Edna Conway, Chief Security Officer of Global Value Chain, Cisco Systems, Inc.; and Michael Cooper, IT Specialist at NIST.

39th IEEE Symposium on Security and Privacy

Date: May 21-23
Location: San Francisco, California

Organized by The Institute of Electrical and Electronics Engineers, the IEEE Symposium on Security and Privacy attracts both developers and researchers interested in computer security and electronic privacy. Workshops for the 2018 event will include, ConPro: Workshop on Technology and Consumer Protection; DLS: Deep Learning and Security Workshop; SADFE: Systematic Approaches to Digital Forensic Engineering; WRIT: Workshop on Research for Insider Threat; BioStar: Workshop on Bio-inspired Security, Trust, Assurance and Resilience; and LangSec: Workshop on Language-theoretic Security and Applications.

InfoSecurity Europe 2018

Date: June 5-7
Location: London, UK

Infosecurity Europe is the region’s largest and most widely attended information security event. The event features Europe’s most comprehensive conference program, with over 360 exhibitors showcasing the newest information security solutions and products to close to 18,000 attendees. The 2017 Keynote Stage featured many headlining speakers, including: Dame Stella Rimington, Former Director General at MI5; Bret Arsenault, CISO at Microsoft; Bruce Schneier, Security Technologist, Infosecurity Europe Hall of Fame Alumnus; and Jaya Baloo, CISO of KPN Telecom.

Gartner Security & Risk Management Summit

Date: June 4-7
Location: National Harbor, Maryland
Cost: $3,100 to $3,400

The Gartner Security & Risk Management Summit is one of the largest gatherings for security, risk management, and business continuity management leaders. The event provides proven practices and strategies for cost-effective security while reducing risks and compromises through a mixture of keynotes from global experts, panels, roundtables, workshops, and even one-on-one meetings. The presentations cover topics such as: Risks and opportunities of smart machines, artificial intelligence, the Internet of Things and operational technology; Data security and risk governance; Mobile security for digital business; Protecting vital infrastructure; and Privacy and data security.

BlackHat USA

Date: August 4-9
Location: Las Vegas, Nevada
Cost: $495 to $2,795

Black Hat is one of the world’s biggest tech conferences, providing attendees with the latest research and trends in security. The 2017 event attracted more than 15,000 people, and has become the premier conference for researchers, security experts, vendors, and hackers. In fact, this conference has become so well-known in the city of Las Vegas, that workers at hotels and restaurants are advised to keep their wifi off for the entire event to ward against potential attacks or security threats. The 2017 Black Hat USA agenda featured numerous tracks, including: Applied Security; Cryptography; Data Forensics/Incident Response; Exploit Development; Hardware/Embedded; Internet of Things; Malware; Mobile; and Network Defense.


Date: August 9-12
Location: Las Vegas, Nevada
Cost: $260, cash only at the door

Another extremely popular event in Las Vegas is Def Con, one of the oldest and largest security conferences in the world. The conference begins each year when its cousin, Black Hat, ends, so the events share many similar topics and themes. However, Def Con brings in close to 25,000 attendees and is known for being a wilder event with some of the best hackers attending in the world. The event features speakers, contests, vendors, workshops, demo labs, and entertainment, not to mention plenty of opportunities to network with the world’s top hackers and potentially get headhunted by government officials looking for hacker talent for intelligence and law enforcement agencies.

Usenix Security Symposium

Date: August 15-17
Location: Baltimore, Maryland
Cost: $915 $1065

The Usenix Security Symposium is a three-day conference that includes more than 80 refereed paper presentations as well as invited talks and various sessions. Organizers say that the Usenix Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security and privacy of computer systems and networks. Tracks for the 2017 conference included Bug Finding, Side-Channel Attacks, Systems Security, Side-Channel Countermeasures, Malware and Binary Analysis, Censorship, Embedded Systems, Networking Security, and Targeted Attacks.

AppSec USA

Date: TBA
Location: San Jose, California
Cost: $995

Another conference organized by the Open Web Application Security Project (OWASP), AppSec USA is the partner to AppSec Europe. One of the largest conferences based solely on application security, AppSec USA goes deep into topics like privacy, DevOps, secure development, mobile security, app assessments, and security on and for the Cloud. The keynote speakers of the 2017 event included: Jim Manico, Author and Educator of of developer security awareness trainings; Jen Ellis, VP of community and public affairs, Rapid7; and Runa A. Sandvik, Privacy and Security Researcher and Director of Information Security at The New York Times


Date: October 5-7
Location: Louisville, Kentucky
Cost: $175

DerbyCon is a fast growing conference that serves to provide an intimate and friendly technology gathering for experts and regular folks, alike. Organizers describe it as an InfoSec conference with the feel of a family reunion, and the number of attendees has hit close to 2,000 in the past years. Some of the keynote speakers from the 2017 event included Matthew Graeber, Principal Security Engineering Lead at Microsoft, and John Strand, Owner of Black Hills Information Security. A few of the topics that were covered were: hacking blockchains; powershell; hacking serverless runtimes, building better backdoors with WMI; preventing ransomware; drone delivered attacks; and data mining.

ASIS 2018

Date: September 25-28
Location: Dallas, Texas
Cost: $350-$1350

The ASIS Annual Seminar and Exhibits has been one of the leading conferences for security professionals worldwide for more than six decades. Organized by ASIS International, this event covers the full spectrum of security topics, with presentations and sessions in areas like data and infrastructure security, cybersecurity, counterterrorism, loss prevention, and facilities security. The keynote speakers for the 2017 ASIS conference included: George W. Bush, 43rd President of the United States; Mark Cuban, Technology & Media Entrepreneur, Owner of the Dallas Mavericks, and HD Net/AXS TV Chairman & Co-Founder; Edward F. Davis, III, Former Police Commissioner of the Boston Police Department; and Rick DesLauriers, Former Special Agent in Charge (SAC).

Geneva Information Security Day

Date: May 31
Location: Geneva, Switzerland
Cost: Free

Geneva Information Security Day (GISD) is a leading European cybersecurity conference created as a vendor-independent platform for open and actionable discussion of emerging digital threats and remedies, knowledge sharing and building sustainable cybersecurity industry. Participation at Geneva Information Security Day is open and free for cybersecurity, privacy and GRC practitioners.

No matter your budget or your role in the security world, there is a conference for you. Whether you are looking for something small and familiar, or large and loud, these conferences are guaranteed to bring you closer to some of the biggest experts in the world while providing opportunities to learn about the latest research and to network with other security and IT professionals. It doesn’t matter which of these top IT security, information security, and cybersecurity conferences you choose, you will definitely not be disappointed.

Dummies Guide to Security Operations

When security and operations teams collaborate closely, they can protect your business more effectively against all kinds of threats. Learn how you can maintain better security and compliance in the SecOps For Dummies guide.
Download Now ›

These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.

About the author

Stephen Watts

Stephen Watts

Stephen is based in Birmingham, AL and began working at BMC Software in 2012. Stephen holds a degree in Philosophy from Auburn University and is currently enrolled in the MS in Information Systems - Enterprise Technology Management program at University of Colorado Denver.

Stephen contributes to a variety of publications including, Search Engine Journal, ITSM.Tools, IT Chronicles, DZone, and CompTIA.

About the author

Laura Shiff

Laura Shiff

Laura Shiff is a researcher and technical writer based in the Twin Cities. She specializes in software, technology, and medicine. You can reach Laura at or her website at