Skip to content ↓ | Skip to navigation ↓

** UPDATED 2018 Blog Here: The Top 17 Information Security Conferences of 2018 **


2017 is finally here. You know what that means: another information security conference season is upon us. We couldn’t be more excited!

Just like we did last year, we at The State of Security have assembled a list of the top 13 conferences in information security for 2017. We hope you’ll have the chance to attend at least one of these events this year. If we missed a conference, please let us know in the comments!

13. TiaraCon

TiaraConWhen: TBA

Where: TBA


TiaraCon is a free 2-day conference that’s designed to advance the careers of women in cyber security. It seeks to bring attention to and ultimately change the fact that women constitute only 10 percent security professionals and 9 percent of infosec leadership.

During its inaugural conference in 2016, attendees enjoyed networking with one another as they learned how to solder and refined their lock-picking abilities. TiaraCon also hosted a panel talk on “Women in Infosec: Our Time is Now,” where panelists shared stories about making their way in the security industry, and a Resume Bar staffed by security experts.

12. FS-ISAC Annual Summit

fs-isacWhen: April 30-May 3, 2017

Where: Walt Disney World Swan and Dolphin Resort, Lake Buena Vista, Florida, USA


Each FS-ISAC Annual Summit is hosted by the Financial Services Information Sharing and Analysis Center. It’s a resource that helps global financial industry share and analyze intelligence dealing with digital and physical threats.

Attendees to this annual event have the opportunity to hear a series of sessions and talks on the newest threats facing the global financial services sector. This year, they can look forward to Eric O’Neill, a former FBI operative and subject of the film Breach, delivering the summit’s keynote presentation.

11. ShmooCon

shmooconWhen: January 13-15, 2017

Where: Washington Hilton Hotel, Washington District of Columbia, USA


ShmooCon is an annual hacking conference held on the east coast of the United States. The first full day of the conference is called “One Track Mind.” It’s a single track of speed talks. This is followed by two full days of three event tracks: “Build It,” “Belay It,” and “Bring It On.”

The conference’s major themes include technology exploitation and how hardware and software solutions can address critical infosec issues.

Attendees can also enjoy several events that run concurrent to the conference. These include the Lockpick Village, ShmooCon Labs, and Hack Fortress.


security160When: April 10-14, 2017

Where: NH Grand Hotel Krasnapolsky, Amsterdam, The Netherlands


Hack in the Box Security Conference (HITBSecConf) is an annual event held in Kuala Lumpur, Malaysia and in Amsterdam, The Netherlands. Each event boasts two days of training sessions that explore next generation infosec issues and a two-day multi-track conference featuring well-known industry leaders. Those who regularly attend HITBSecConf value the event for its networking opportunities and the chance to stay current with computer security.

The first round of accepted speakers to HITBSecConf-Amsterdam will be announced in January.

9. AppSec Europe

appsecWhen: May 8-12, 2017

Where: Waterfront Conference Center, Belfast, Ireland


AppSec Europe is an annual conference hosted by the Open Web Application Security Project (OWASP), a non-profit organization which strives to raise the visibility of software security worldwide. Each AppSec Europe conference fulfills OWASP’s mission by featuring technical talks, debate panels, training sessions, hands-on learning workshops, and keynote addresses from industry leaders.

Every event also includes a recruiting fair, CTF events, and a vendor floor.

8. Infosecurity Europe

infosecurity europeWhen: June 6-8, 2017

Where: Olympia, London, United Kingdom


InfoSecurity Europe is an annual conference that’s evolved into one of the largest and most highly regarded security events held in Europe. Its reputation is bolstered by the conference’s free admission.

In 2014, approximately 11,500 visitors from over 70 countries attended InfoSecurity Europe. Last year, nearly 18,000 visitors came out to see 270 speakers present on security-related topics and visit 360 different exhibitors’ booths.

7. DerbyCon

conference - derbyconWhen: September 20-24, 2017

Where: The Hyatt Regency Hotel, Louisville, Kentucky, USA


DerbyCon is an infosec conference that prides itself on its family feel. That means industry professionals, hobbyists, and people with an interest in security are welcome to attend.

The conference begins with a two-day training sequence, which includes sessions in pentesting, reverse engineering, malware analysis, hacking basics, and other topics. These sessions are followed by a two-day conference that features an impressive lineup of speakers.

Over 2,000 individuals attended DerbyCon 4.0 in 2014. (No statistics are available for DerbyCon 5.0 or 6.0.) The conference’s organizers expect to attract even more attendees in 2017.

6. InfoSec World

infosec world 2017When: April 3-5, 2017

Where: Omni Orlando Resort, ChampionsGate, Florida, USA


Every year, InfoSec World attracts attendees due to its diverse line-up of speakers and an exhibition hall that’s brimming with some of the most impressive information security technologies and solutions in the industry.

MIS Training Institute, an international leader in IT auditing and infosec training, organizes the event. Each iteration of InfoSec World consists of seminars, conferences, e-learning workshops, in-house training sessions, and executive programs.

5. SANS Series

sansWhen: Ongoing

Where: Worldwide


The SANS Series is sponsored by the SANS Institute, a research and education organization which promotes infosec training and certification around the world. Its programs, which consist of intensive training spread out over several days, now reach more than 165,000 security professionals.

SANS Institute also operates the SANS Information Security Reading Room, which houses original research papers in 86 categories, and the Internet Storm Center security alert and monitoring system.

One of the biggest events planned for this year is SANS 2017. It’ll feature more than 40 hands-on information security courses. This training conference is scheduled for April 7-14 in Orlando, Florida, USA. Learn more here.

4. RSA Conference

RSA_Conference_Logo,_squareWhen: February 13-17, 2017

Where: Moscone Center, San Francisco, CA USA


When a single security event gives rise to multiples conferences that draw in more than 45,000 attendees a year, it’s hard not to take notice.

Besides its size, RSA, including RSA Conference USA, prides itself on providing a venue where established and new security professionals alike can present their exciting new research to conference attendees and better prepare themselves for future infosec challenges.

3. BSides Series

index1When: Ongoing

Where: Worldwide


BSides is a community-driven framework whose events incorporate discussion, demonstrations, and interaction into most of their technical presentations, thereby promoting collaboration and conversation among security professionals.

As of this writing, approximately 30 events have already been announced for 2017.

2. Black Hat Conference Series

Black-hatWhen: Variable

Where: Variable


The Black Hat conference series is a favorite among infosec professionals for its emphasis on the more technical themes of the industry.

Black Hat USA, for example, has been in operation for the past 18 years. As one of the most technical infosec in the world, each of its iterations promotes a vendor-neutral environment and offers up top research that’s selected by a board of the industry’s most esteemed infosec professionals. This year’s Black Hat USA will take place on July 22-27 at the Mandalay Bay Resort and Casino in Las Vegas, Nevada, USA.

Black Hat events are held annually in the United States, Europe, and Asia.


dc-logoWhen: July 27-30, 2017

Where: Caesar’s Palace Hotel and Casino, Las Vegas, NV, USA


DEF CON started out in 1993 as a gathering among 10 small hacker networks. It’s since expanded over the last 24 years, becoming one of the oldest and largest security conferences in the world. DEF CON 22 (2014) alone attracted a record-breaking 14,500 attendees.

Each year, DEFCON offers an exciting roster of speakers who present on computer hacking.

DEF CON 25 has adopted the theme “Community, Discovery and the Unintended Uses of Technology,” a retrofuturist event which will celebrate the conference’s 25-year history and look to the future.