Skip to content ↓ | Skip to navigation ↓

UPDATED 01/07/2016 to include RSA Conference USA. (Please see below.)

In Part II of our 2015 Infosec Wishlist series, a number of security experts expressed their desire for the security community to renew its focus on collaboration, communication and unity in the New Year. To accomplish this goal, folks in information security will need to internalize this message and inject it into their dealings with one another. But how can we set this process in motion?

We feel that conferences are an excellent starting point. Indeed, these events are perfect for security personnel to share research, debate hot topics and learn from one another.

With this in mind, we have assembled a list of the top 11 conferences in the information security industry for 2016. We hope that everyone with the means and ability to attend these events will do so.

(Note: These conferences are organized alphabetically and are not ranked.)

11. AppSec Europe

AppSec Europe 2016When: June 27-July 1, 2016

Where: Rome Marriott Park Hotel, Rome, Italy


AppSec Europe is an annual conference that functions as an outreach effort for the Open Web Application Security Project (OWASP), a non-profit community organization dedicated to making software security more visible worldwide. Each and every AppSec Europe conference fulfills OWASP’s mission by featuring an impressive line-up of technical talks, debate panels, training sessions, hands-on learning workshops, and keynote addresses from industry leaders. Each event also includes a recruiting fair, CTF events, and a vendor floor.

10. Black Hat USA

Black-hatWhen: July 30-August 4, 2016

Where: Mandalay Bay, Las Vegas, Nevada, USA


The Black Hat Conference is a favorite among infosec professionals for its emphasis on the more technical themes of the industry.

“At Black Hat, you hear more about problems and solutions and less about products,” said Lamar Bailey, Director of Security Research & Development at Tripwire.

Black Hat USA has been in operation for the past 17 years. As one of the most technical information security events in the world, each conference promotes a vendor-neutral environment and focuses on offering top security research, which is selected by a board of 23 of the industry’s most esteemed information security professionals.

Black Hat events are held annually in the United States, Europe, and Asia.

9. BSides Series

bsidesWhen: Ongoing 

Where: Worldwide 


As Director of Corporate Communications at Tripwire, Cindy Valladares understands what makes for an effective event in information security.

“The best security conferences have two key elements: talks that inspire and challenge current thinking, as well as opportunities to connect with and learn from others,” said Valladares. “Several of the BSides events that I’ve attended in the past have both of these elements.”

True to Valladares’ description, BSides is a community-driven framework whose events incorporate discussion, demonstrations, and interaction into the majority of their technical presentations, thereby promoting collaboration and conversation among security professionals.

“I would have to say BSides is my favorite because it’s a lot of fun, it’s very affordable, and it’s accessible nearly everywhere,” says Alexandre Cox, SANS certified trainer and technology leader in Systems Engineering for Tripwire.

As of this writing, approximately 18 events have already been announced for the first half of 2016. You can view an interactive Google map of all of the events below:


DEF CON 23When: August 4-7, 2016

Where: Paris/Bally’s, Las Vegas, NV, USA


DEF CON started out in 1993 as a small gathering among 10 hacker networks. It has since expanded over the last 23 years to become one of the oldest and largest security conferences in the world, with DEF CON 22 (2014) having attracted a record-breaking 14,500 attendees alone.

Each year, DEFCON offers an exciting roster of speakers who present primarily on issues associated with computer hacking.

DEF CON 24 has adopted the theme “Rise of the Machines,” an event which according to the conference’s main website will focus on empowering hackers everywhere “to win back [their] self-determination” from machines.

7. DerbyCon

conference - derbyconWhen: TBA

Where: TBA


DerbyCon is an infosec conference that prides itself on its family feel. As such, industry professionals, hobbyists, and all people with an interest in security are invited to attend.

Each DerbyCon begins with a two-day training sequence, which includes sessions in pentesting, reverse engineering, malware analysis, and hacking basics, among other topics. These sessions are then followed by a two-day conference that features an impressive lineup of speakers. Over 2,000 individuals attended DerbyCon 4.0 in 2014, (No statistics are yet available for DerbyCon 5.0 “Unity”, which occurred last year.) and the conference organizers are hoping to attract even more attendees in 2016.

6. HITBSecConf

hitbWhen: May 23-27, 2016

Where: NH Grand Hotel Krasnapolsky, Amsterdam, The Netherlands


Hack in the Box Security Conference (HITBSecConf) is an annual event that is held in Kuala Lumpur, Malaysia (October) and in Amsterdam, The Netherlands (May). Each event traditionally consists of two days of training sessions that explore next generation issues in the field of information security, as well as a two-day multi-track conference featuring well-known industry leaders. Those who routinely attend HITBSecConf value the event for its opportunities to network with other professionals, meet with leading security experts, and stay at the forefront of the computer security industry.

As of this writing, less than 12 days remain before the first HITBSecConf-Amsterdam Call for Papers deadline arrives.

5. InfoSecurity Europe

infosecurity europeWhen: June 7-9, 2016

Where: Olympia, London, United Kingdom


InfoSecurity Europe is the founding event of InfoSecurity Group. This annual conference has evolved into one of the largest and most highly regarded security events held in Europe, a reputation that is bolstered by the conference’s free admission.

In 2014, approximately 11,500 visitors from over 70 countries attended InfoSecurity Europe. Last year, more than 12,000 visitors came out to see over 260 speakers present on security-related topics, as well as to visit 316 different exhibitors’ booths.

4. InfoSec World

infosec worldWhen: April 4-6, 2016

Where: Disney Contemporary Resort, Lake Buena Vista, Florida, USA


InfoSec World attracts attendees based upon its diverse line-up of speakers and its exhibition hall of some of the most impressive information security technologies and solutions in the industry.

The event is organized by the MIS Training Institute, an international leader in IT auditing and information security training. At each and every iteration of InfoSec World, MIS TI offers a series of seminars, conferences, e-learning workshops, in-house training sessions, and executive programs as part of its mission to advance the field of information security.

3. RSA Conference USA

RSA_Conference_Logo,_squareWhen: February 29-March 4, 2016

Where: Moscone Center, San Francisco, CA USA


When a single security event gives rise to four conferences that are spread across three regions, drawing in more than 30,000 attendees a year, it’s hard not to take notice.

“RSA would have to be one of my favorites, since it is the biggest conference in the world,” states Lamar Bailey.

Besides its size, RSA, including RSA Conference USA, prides itself on providing a venue where established and new security professionals alike can present their exciting new research to conference attendees.

“There’s lots of content every year at RSA,” Bailey goes on to explain. “Every security company showcases what they are doing and what is new in the industry.”

With all that it has to offer, it is no wonder that Cindy Valladares feels that RSA is still unmatched in the quality of connections it has to offer.

“RSA still provides the best opportunity to network with friends, foes, partners, customers and the security community in general.”

2. SANS Series

sansWhen: Ongoing

Where: Worldwide


The SANS Series is sponsored by the SANS Institute, a research and education organization that is dedicated to promoting information security training and security certification around the world. Its programs, which consist of intensive, immersion training that is spread out over several days, now reache 165,000 security professionals.

SANS Institute also operates the SANS Information Security Reading Room, which houses original research papers in 86 important categories of security, as well as the Internet Storm Center, the so-called “Internet’s early warning system.”

One of the biggest events planned for this year is SANS 2016, which will feature 40 courses (ranging in duration from one to six days), 36 instructors, and seven different disciplines of security. This training conference is scheduled for March 12-20. Learn more here.

1. ShmooCon

shmooconWhen: January 15-17, 2016

Where: Washington Hilton Hotel, Washington DC, USA


ShmooCon is an annual hacking conference that is held on the east coast of the United States. The first full day of the conference is called “One Track Mind” and consists of a single track of speed talks. This is followed by two full days of three difference event tracks: “Build It,” “Belay It,” and “Bring It On.”

The event’s major themes include exploiting technology and critical issues in information security, as well as how various hardware and software solutions can address these two areas of focus.

The conference also has a number of events that are ongoing during the entirety of the event. These include the Lockpick Village, ShmooCon Labs, and Hack Fortress.

Did we miss one? Be sure to write in the comments any security conferences that you believe deserve a top spot for 2016.

Title image courtesy of