Last updated: 4/18/2018
Whether you are a security pro, software developer, security administrator, or any other role in the IT security fields, attending a conference is an excellent way to network with other professionals and extend your knowledge base. These IT security and cybersecurity conferences provide exclusive access to some of the newest innovations and ideas from all around the globe, putting you in the same room as the leading experts and security pros. There are hundreds of these conferences to choose from each year, giving you the ability to choose what is right for you.
However, not all security conferences are the same, and they may not fit your preferences or budget. Some conferences are small and intimate with plenty of time for collaboration and questions, while others are large, loud, and draw in thousands of people at a time. While the bigger security conferences may not offer as much time for small discussions, they still provide plenty of networking opportunities and presentations from some of the top global experts in the security field.
BMC’s list allows you to find the top IT Security, Information Security, and CyberSecurity conferences of 2018 that are relevant to you quickly and efficiently. Whether you are looking for a conference by date, location nearest to you, or a specific price range, our list provides both national and international options so you are sure to find exactly what you are looking for.
This list will be updated regularly, so feel free to contact me if you would like to add a security conference to the directory. To be considered, please email all details including the conference name, dates of the event, location, and a link to the event’s website to firstname.lastname@example.org.
Top IT Security, InfoSec, & CyberSecurity Conferences for 2018
Date: April 16-20
Location: San Francisco, California
Cost: $675 to $2,695
The RSA Conference is one of largest security conferences in the entire world, with more than 43,000 attendees in 2017 alone. Add to that the more than 700 speakers from all across the globe, and it’s no wonder this event is one of the largest and most popular in the area of cybersecurity. The event features relevant topics and resources each year, with tracks in areas such as encryption and national security, Department of Defense perspectives on cyber threats, and hacking, to name a few. It provides insights and networking opportunities to help you get ahead, and stay ahead, of cyber threats and system compromises.
Date: March 14-16
Location: Vancouver, British Columbia
Cost: $2,100 to $2,500 CAD
CanSecWest is one of the world’s most advanced technical conferences aimed at applied digital security.
The event is a three-day, single-track conference that offers best practices and real-world experiences regarding new vulnerabilities, attacks, and defenses, provided in lecture-style presentations by an experienced professionals. CanSecWest consistently draws a variety of vendors and security professionals, including offensive and defensive experts. The information presented and shared is extremely critical, on topics like hacking drones, embedded systems, security software, web hacking techniques, and advanced malware deobfuscation.
Date: April 3-10
Location: Orlando, Florida
Cost: $1,520 to $6,610
SANS 2018 is organized by the SANS Institute, the global leader in information security training, and features more than 40 hands-on cyber security courses taught by the industry’s top professionals and instructors in the field. These courses range in levels from introductory all the way to the most advanced training available. The event also offers insightful presentations by keynote speakers and plenty of unique networking opportunities. Some of the trainings included: Automating Information Security with Python; Critical Security Controls; Intrusion Detection In-Depth; Continuous Monitoring and Security Applications; Immersive Hands-on Hacking Techniques; Cyber Threat Intelligence; and Advanced Smartphone Forensics.
Date: April 11-13
Location: Austin, Texas
Cost: $100 to $160
InfoSec Southwest annually brings together some of the top experts and professionals from the field of information security and hacking disciplines. The scope of InfoSec Southwest is broad, and it is organized of seminars, e-learning workshops, in-house training sessions, conferences, and executive programs. It also includes deep dives into the social and legal implications of hacking and how they are affecting the hacker culture.
The 2017 speakers included: Bill Buddington, Activist, Programmer, and Cryptographer; Dan Crowley, Austin Research Director and Senior Security Engineer at NCC Group; Joe Gray, Enterprise Security Consultant at Sword and Shield Enterprise Security; and Tiberius Hefflin, Security Evaluation Engineer at Intel.
Date: March 19-21
Location: Lake Buena Vista, Florida
Cost: $1,795- $4,195
InfoSe World has been one of the main “business of security” conferences in the world for over 20 years. Bringing together expert speakers, security practitioners, and industry leaders, InfoSec World addresses ways to manage today’s threats to cultivate business while preventing, detecting, and responding to security challenges that arise. Some topics that will be covered at the 2018 conference include: coding; artificial intelligence; making the most of a small team; detecting internal threats; security architecture; and the dark web.
Date: April 9-13
Location: Amsterdam, Netherlands
Cost: €299 to €1,599
The Hack In The Box Security Conference is held each year in Amsterdam and is globally recognized for its networking opportunities and its forward-thinking views on computer security issues. The two day conference consists of multitrack sessions that cover topics such as: Practical machine learning in infosecurity; Cloning Android HCE cards; The making of Drammer; Attacks against ISO crypto libraries; Keyless entry system attacks; and Hunting for vulnerabilities in Signal. Attendees can expect to develop new professional relationships and alliances while learning from some of the top security experts in the industry.
Date: April 24-26
Cost: SD $995 to SD $1695
The ICS Cyber Security Conference is a three-day event that includes multi-track trainings and workshops specifically aimed at operations, control systems, and IT security professionals. The conference is one of the longest-running events with a focus on cybersecurity in the industry, and featured speakers from top organizations all across the world. The 2017 event consisted of many tracks, such as: The Importance of Cybersecurity Training and Policies; Surprises in a Decade of Evolving SCADA Security Advice; Development through Industrial Control Systems’ Changing Landscape; and Drone Wireless Attacks Against Land and Maritime Industrial Sites.
Date: May 4-5
Location: Chicago, Illinois
Cost: $69- $299
ThotCon is an annual conference in Chicago started and held specifically for hackers and the local hacking culture. ThotCon is a small and nonprofit event, with an attendance last year of about 1,000 people. The event is low-cost yet high quality, with a strong focus on providing one of the best information security conference experiences in a social and relaxing environment. In honor of its secretive nature, the specific location of the event is kept confidential until a week before the conference, when it is then released to attendees and speakers alike. Some of the previous topics covered at ThotCon conferences include: Using, or securing against, the latest hacking methods such as side channels, physics, and low cost tools; Hacking Python; and Intercepting, modifying, and generating wireless signals with SD.
Date: June 17-21
Location: Tel Aviv, Israel
Cost: € 90 to € 780
AppSec Europe is an annual conference hosted by the Open Web Application Security Project (OWASP), a non-profit organization whose goal is to spread the visibility of software security. There were four tracks for AppSecEU 2017, including: Hackers (Designed for those who want to learn the latest tactics and hacks); Developers (Created for builders and security engineers interested in making secure applications and how to defend them); DevSecOps (Intended for those who want to discover the latest thinking on how to secure the entire SDLC); and CISO (Designed for professionals responsible for managing the control and security of organizations).
Date: May 8-11
Location: Ottawa, Canada
Cost: $500- $1,370 USD
The International Cryptographic Module Conference is designed to bring together global experts in commercial cryptography. The conference is aimed at those interested in developing, specifying, and procuring certified commercial off-the-shelf cryptographic modules; government departments responsible for testing cryptographic modules; and key players and stakeholders in standards development, to name a few. The 2017 ICM conference included a variety of speakers, such as Dr. Najwa Aaraj, Senior Vice President If Special Projects, DarkMatter; Gordon Bass, Director of Cybersecurity Operations at U.S. Department of Energy (DOE); Edna Conway, Chief Security Officer of Global Value Chain, Cisco Systems, Inc.; and Michael Cooper, IT Specialist at NIST.
Date: May 21-23
Location: San Francisco, California
Organized by The Institute of Electrical and Electronics Engineers, the IEEE Symposium on Security and Privacy attracts both developers and researchers interested in computer security and electronic privacy. Workshops for the 2018 event will include, ConPro: Workshop on Technology and Consumer Protection; DLS: Deep Learning and Security Workshop; SADFE: Systematic Approaches to Digital Forensic Engineering; WRIT: Workshop on Research for Insider Threat; BioStar: Workshop on Bio-inspired Security, Trust, Assurance and Resilience; and LangSec: Workshop on Language-theoretic Security and Applications.
Date: June 5-7
Location: London, UK
Infosecurity Europe is the region’s largest and most widely attended information security event. The event features Europe’s most comprehensive conference program, with over 360 exhibitors showcasing the newest information security solutions and products to close to 18,000 attendees. The 2017 Keynote Stage featured many headlining speakers, including: Dame Stella Rimington, Former Director General at MI5; Bret Arsenault, CISO at Microsoft; Bruce Schneier, Security Technologist, Infosecurity Europe Hall of Fame Alumnus; and Jaya Baloo, CISO of KPN Telecom.
Date: June 4-7
Location: National Harbor, Maryland
Cost: $3,100 to $3,400
The Gartner Security & Risk Management Summit is one of the largest gatherings for security, risk management, and business continuity management leaders. The event provides proven practices and strategies for cost-effective security while reducing risks and compromises through a mixture of keynotes from global experts, panels, roundtables, workshops, and even one-on-one meetings. The presentations cover topics such as: Risks and opportunities of smart machines, artificial intelligence, the Internet of Things and operational technology; Data security and risk governance; Mobile security for digital business; Protecting vital infrastructure; and Privacy and data security.
Date: August 4-9
Location: Las Vegas, Nevada
Cost: $495 to $2,795
Black Hat is one of the world’s biggest tech conferences, providing attendees with the latest research and trends in security. The 2017 event attracted more than 15,000 people, and has become the premier conference for researchers, security experts, vendors, and hackers. In fact, this conference has become so well-known in the city of Las Vegas, that workers at hotels and restaurants are advised to keep their wifi off for the entire event to ward against potential attacks or security threats. The 2017 Black Hat USA agenda featured numerous tracks, including: Applied Security; Cryptography; Data Forensics/Incident Response; Exploit Development; Hardware/Embedded; Internet of Things; Malware; Mobile; and Network Defense.
Date: August 9-12
Location: Las Vegas, Nevada
Cost: $260, cash only at the door
Another extremely popular event in Las Vegas is Def Con, one of the oldest and largest security conferences in the world. The conference begins each year when its cousin, Black Hat, ends, so the events share many similar topics and themes. However, Def Con brings in close to 25,000 attendees and is known for being a wilder event with some of the best hackers attending in the world. The event features speakers, contests, vendors, workshops, demo labs, and entertainment, not to mention plenty of opportunities to network with the world’s top hackers and potentially get headhunted by government officials looking for hacker talent for intelligence and law enforcement agencies.
Date: August 15-17
Location: Baltimore, Maryland
Cost: $915 $1065
The Usenix Security Symposium is a three-day conference that includes more than 80 refereed paper presentations as well as invited talks and various sessions. Organizers say that the Usenix Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security and privacy of computer systems and networks. Tracks for the 2017 conference included Bug Finding, Side-Channel Attacks, Systems Security, Side-Channel Countermeasures, Malware and Binary Analysis, Censorship, Embedded Systems, Networking Security, and Targeted Attacks.
Location: San Jose, California
Another conference organized by the Open Web Application Security Project (OWASP), AppSec USA is the partner to AppSec Europe. One of the largest conferences based solely on application security, AppSec USA goes deep into topics like privacy, DevOps, secure development, mobile security, app assessments, and security on and for the Cloud. The keynote speakers of the 2017 event included: Jim Manico, Author and Educator of of developer security awareness trainings; Jen Ellis, VP of community and public affairs, Rapid7; and Runa A. Sandvik, Privacy and Security Researcher and Director of Information Security at The New York Times
Date: October 5-7
Location: Louisville, Kentucky
DerbyCon is a fast growing conference that serves to provide an intimate and friendly technology gathering for experts and regular folks, alike. Organizers describe it as an InfoSec conference with the feel of a family reunion, and the number of attendees has hit close to 2,000 in the past years. Some of the keynote speakers from the 2017 event included Matthew Graeber, Principal Security Engineering Lead at Microsoft, and John Strand, Owner of Black Hills Information Security. A few of the topics that were covered were: hacking blockchains; powershell; hacking serverless runtimes, building better backdoors with WMI; preventing ransomware; drone delivered attacks; and data mining.
Date: September 25-28
Location: Dallas, Texas
The ASIS Annual Seminar and Exhibits has been one of the leading conferences for security professionals worldwide for more than six decades. Organized by ASIS International, this event covers the full spectrum of security topics, with presentations and sessions in areas like data and infrastructure security, cybersecurity, counterterrorism, loss prevention, and facilities security. The keynote speakers for the 2017 ASIS conference included: George W. Bush, 43rd President of the United States; Mark Cuban, Technology & Media Entrepreneur, Owner of the Dallas Mavericks, and HD Net/AXS TV Chairman & Co-Founder; Edward F. Davis, III, Former Police Commissioner of the Boston Police Department; and Rick DesLauriers, Former Special Agent in Charge (SAC).
Date: May 31
Location: Geneva, Switzerland
Geneva Information Security Day (GISD) is a leading European cybersecurity conference created as a vendor-independent platform for open and actionable discussion of emerging digital threats and remedies, knowledge sharing and building sustainable cybersecurity industry. Participation at Geneva Information Security Day is open and free for cybersecurity, privacy and GRC practitioners.
No matter your budget or your role in the security world, there is a conference for you. Whether you are looking for something small and familiar, or large and loud, these conferences are guaranteed to bring you closer to some of the biggest experts in the world while providing opportunities to learn about the latest research and to network with other security and IT professionals. It doesn’t matter which of these top IT security, information security, and cybersecurity conferences you choose, you will definitely not be disappointed.
These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.