Skip to content ↓ | Skip to navigation ↓

You can now read the 2019 edition here!

With 2017 now in the rear-view mirror, the security industry is turning its attention to 2018. The new year will no doubt present its fair share of challenging digital security threats. So too will it present numerous opportunities for infosec professionals to discuss shared difficulties at conferences and summits.

To help promote these collaborative events, we at The State of Security are proud once again to assemble a list of the top conferences in information security. We hope you’ll consider attending at least one of the following 17 events in 2018.

If we missed a conference, please let us know in the comments!

17. The Diana Initiative

When: 9-10 August, 2018

Where: Caesars Palace, Las Vegas, Nevada, USA


The Diana Initiative is an organization that’s dedicated to supporting women who are interested in pursuing a career in information security, promoting diverse workplaces, and helping to change workplace cultures so that organizations can be supportive of all employees regardless of gender.

The theme of The Diana Initiative’s 2018 conference is “Hacker Family: Our Diversity Unifies Us.” At the event, attendees will be able to take advantage of numerous networking opportunities. They’ll be able to “meet a mentor” and attend presentations where speakers share their stories, experiences, and insights.

16. FS-ISAC Annual Summit

When: 20-23 May, 2018

Where: Boca Raton Resort & Club, Boca Raton, Florida, USA


fs-isacEach FS-ISAC Annual Summit is hosted by the Financial Services Information Sharing and Analysis Center, a resource which helps members of the global financial industry share and analyze intelligence on digital and physical threats.

Attendees to this annual event have the opportunity to hear a series of sessions and talks on the newest threats facing the global financial services sector. Everyone from CEOs and Heads of Threat Intelligence to Payment Operations Directors and Payment Line of Business Managers are encouraged to attend.

15. CanSecWest

When: 14-16 March, 2018

Where: Sheraton Vancouver Wall Centre, Vancouver, British Columbia, Canada


CanSecWestCanSecWest is a three-day conference that boasts a single-track of enlightening one-hour presentations prepared by a knowledgeable professional and an educator. The event prides itself on bringing attendees together into a relaxed environment so that they can collaborate and network.

This year’s conference will feature Dr. Michael A. VanPutte, Ph.D, who will speak on “Cyberwar and other modern myths.” Attendees will also get to attend presentations on election security and low-cost radio wave attacks.

14. ShmooCon

When: 19-21 January, 2018

Where: Washington Hilton Hotel, Washington District of Columbia, USA


shmooconShmooCon is an annual hacking conference that takes place on the east coast of the United States every January. The first full day of the conference features a single track of speed talks called “One Track Mind.” This is followed by two full days of three event tracks: “Build It,” “Belay It,” and “Bring It On.”

The conference’s major themes include exploiting technology and using hardware and software solutions to address critical issues in information security.

Attendees can also enjoy several events that run concurrent to the conference, including the Lockpick Village, ShmooCon Labs and Hack Fortress.


When: 9-13 April, 2018

Where: NH Grand Hotel Krasnapolsky, Amsterdam, The Netherlands


security160Hack in the Box Security Conference (HITBSecConf) is an annual event held in Amsterdam, The Netherlands. This year’s iteration of the event boasts six three-day technical training courses that explore next-gen infosec issues and a two-day triple-track conference featuring well-known industry leaders. Those who regularly attend HITBSecConf value it for all the networking opportunities and the chance to stay current with critical computer security issues.

The first round of accepted speakers to HITBSecConf-Amsterdam will be announced in January.

12. AppSec Europe

When: 2-6 July, 2018

Where: The Queen Elizabeth Conference Center, London, England


AppSec Europe is an annual conference hosted by the Open Web Application Security Project (OWASP), a non-profit organization which strives to raise the visibility of software security worldwide. Each AppSec Europe conference features technical talks, debate panels, training sessions, hands-on learning workshops, and keynote addresses from industry leaders. This year’s conference will feature Amit Klein, who is VP Security Research at SafeBreach.

Every event also includes a recruiting fair, CTF events, and a vendor floor.

11. FIRST Annual Conference

When: 24-29 June, 2018

Where: Shangri-La Hotel Kuala Lumpur, Kuala Lumpur, Malaysia


Forum of Incident Response and Security TeamsThis five-day annual conference features incident response, management, and technical tracks; keynote presentations; lightning talks; and plenty of networking opportunities. In addition to learning the latest security strategies in incident management, those who attend can earn up to 25 continuing professional education (CPE) credits and gain insight into analyzing network vulnerabilities.

The event is sponsored by the Forum of Incident Response and Security Teams (FIRST), an international confederation of more than 350 trusted computer incident response teams from over 80 countries.

10. Infosecurity Europe

When: 5-7 June, 2018

Where: Olympia, London, United Kingdom


infosecurity europeInfoSecurity Europe is an annual conference that’s evolved into one of Europe’s largest and most highly-regarded information security events. Its reputation is bolstered by the conference’s free rate of admission.

In 2014, approximately 11,500 visitors from over 70 countries attended InfoSecurity Europe. Last year, more than 19,500 visitors came out to see hundreds of speakers present on security-related topics and visit over 400 different exhibitors’ booths.

9. DerbyCon

When: 3-7 October, 2018

Where: The Mariott Hotel, Louisville, Kentucky, USA


conference - derbyconDerbyCon is an infosec conference that prides itself on its family feel. Each year’s event begins with a two-day training sequence, which includes sessions in pentesting, reverse engineering, malware analysis, hacking basics, and other topics. These sessions precede a two-day conference that features an impressive lineup of speakers.

Over 2,000 individuals attended DerbyCon 4.0 in 2014. (No statistics are available for DerbyCon 5.0, 6.0, or 7.0.) The conference’s organizers expect to attract even more attendees in 2018.

8. USENIX Security Symposium

When: 15-17 August, 2018

Where: Baltimore Marriott Waterfront, Baltimore, Maryland, USA


usenixNow in its 27th year, the annual conference of the USENIX Association (otherwise known as the Advanced Computing Systems Association) brings together researchers, practitioners, sysadmins, and other individuals who are interested in staying abreast of important security and privacy developments with respect to computer systems and networks. The event consists of invited talks, panel discussions, and Birds-of-a-Feather sessions.

All researchers are invited to submit a paper for consideration of presenting at USENIX’s Security Symposium 2018 until 8 February.

7. InfoSec World

When: 19-21 March, 2018

Where: Disney’s Contemporary Resort, Lake Buena Vista, Florida, USA


Every year, InfoSec World attracts attendees with its diverse line-up of speakers and an exhibition hall filled with some of the most impressive information security technologies and solutions in the industry.

MIS Training Institute, a leader in IT auditing and infosec training, organizes the event every year. Each iteration of InfoSec World consists of seminars, conferences, e-learning workshops, in-house training sessions, and executive programs.

6. Gartner Security & Risk Management Summit

When: 4-7 June, 2018

Where: Gaylord National Resort and Convention Center, National Harbor, Maryland, USA


gartner-tileEach of Gartner’s Security & Risk Management Summits attracts CISOs and top risk management and security professionals for the purpose of helping them build resilience and hone their security strategy across the enterprise. Attendees gain those insights via end-user case studies, workshops, and even one-on-one meetings with a Gartner analyst.

This year’s conference will consist of five programs: CISO, Security Trends and Capabilities, Technical Insights: Security Architecture, Risk and Business Resilience, and Marketplace for Security.

5. SANS Series

When: Ongoing

Where: Worldwide


sansThe SANS Series is sponsored by the SANS Institute, a research and education organization which promotes infosec training and certification around the world. Its programs consist of intensive training usually spread out over several days. These sessions now reach more than 165,000 security professionals.

One of the biggest events planned for this year is SANS 2018. It’ll feature more than 45 hands-on information security courses taught by leading experts. This training conference is scheduled for 3-10 April in Orlando, Florida, USA. Learn more here.

4. RSA Conference

When: 16-20 April, 2018

Where: Moscone Center, San Francisco, CA USA


RSA_Conference_Logo,_squareWhen a security event gives rise to multiples conferences that draw more than tens of thousands of attendees a year, it’s hard not to take notice.

Besides its size, RSA, including RSA Conference USA, prides itself on providing a venue where both established and new security professionals can present their research to conference attendees and prepare themselves for future challenges in information security.

3. BSides Series

When: Ongoing

Where: Worldwide


index1Security BSides is a community-driven framework that builds events for the information security community. Each meeting incorporates discussion, demonstrations, and interaction into most of its technical presentations, thereby promoting collaboration and conversation among security professionals.

As of this writing, approximately 30 events have already been announced for 2018.

2. Black Hat Conference Series

When: Variable

Where: Variable


Black-hatThe Black Hat conference series is a favorite among infosec professionals for its technical emphasis. Black Hat USA, for example, has been in operation for the past 19 years; each of its iterations promotes a vendor-neutral environment and offers up top research that’s selected by a board of the industry’s most esteemed infosec professionals. This year’s Black Hat USA will take place on 4-9 August at the Mandalay Bay Resort and Casino in Las Vegas, Nevada, USA.

Black Hat events are held annually in the United States, Europe, and Asia.


When: 9-12 August, 2018

Where: Caesar’s Palace Hotel and Casino, Las Vegas, NV, USA


dc-logoDEF CON started out in 1993 as a gathering among 10 small hacker networks. It’s expanded over the last 25 years; today, it’s one of the oldest and largest security conferences in the world. DEF CON 22 (2014) attracted 14,500 attendees alone.

Each year, DEFCON offers an exciting roster of speakers who present on computer hacking.