Skip to content ↓ | Skip to navigation ↓

Last week, we published a list of the top 10 conferences in information security. In our article, we strove to include some of the biggest events in the industry. But realizing that we likely missed a few, we invited you – our readers – to write in and let us know of the conferences you feel should have made the list. Thank you to those who provided your feedback.

Tripwire is pleased to publish your suggestions as an addendum to our list of the top conferences in information security.

We present this Readers’ Choice edition below.

(Note: the conferences listed below are organized alphabetically and are not ranked.)

COSAC Conference

conference -cosacCOSAC is a unique information security symposium that is run entirely by volunteers. The event prides itself on its participatory and productive atmosphere, which is bolstered by its impressive roster of presenters and facilitators, as well as by its international attendee base. Each conference provides participants with a choice of four full day forums or Master Classes, world-leading plenary sessions and evening forums, and a wide range of conference sessions organized in three streams, with two optional half-day workshops. Each conference attendee averages around 15 years’ experience in information security, risk management and other fields related to the security industry.

When: September 27 – October 1, 2015

Where: Killashee House Hotel, Naas, County Kildare, Ireland



conference - derbyconDerbyCon is an information security conference that prides itself on its family feel. As such, industry professionals, hobbyists and anyone with an interest in security are invited to attend. Each DerbyCon begins with a two-day training sequence, which includes sessions in penetration testing, reverse engineering, malware analysis, hacking basics, among other topics. This training period is then followed by a two-day conference that features an impressive lineup of speakers. Over 2,000 individuals attended DerbyCon 4.0 last year, and the conference organizers are hoping to attract even more attendees this year. DerbyCon is currently accepting papers and sponsor applications for its 2015 conference.

When: September 23-27, 2015

Where: Hyatt Regency in downtown Louisville, Kentucky, USA



conference - fedcyberFedCyber is an annual information security conference hosted by Matt Devost and Bob Gourley, two leaders in the industry. Matt Devost is an information expert with over two decades of experience working in issues related to international security. His specializations include critical infrastructure protection, risk management, information warfare and network security. Bob Gourley is partner and co-founder of Cognitio Corp, a board member for Centripetal Networks, and a Stars Mentor for MACH37 Cyber Accelerator, among other positions. The Cyber Threat, which he published in September of 2014, has received critical acclaim from Former NSA Director Keith Alexander, bestselling author Brad Meltzer, and others. Together, Devost and Gourley work to ensure that each FedCyber event provides a space for dialogue to those interested in discussing the intersections between information security and federal government.

When: November 10, 2015

Where: Tyson’s Corner Center, McLean, Virginia, USA


FIRST Conference

conference - firstFIRST Conference is an annual event that is sponsored by FIRST, a leader in the field of information security and incident response. As such, FIRST Conference brings together security professionals around the topic of incident response to share their expertise and experience. Each conference is a 4-5 day global event that features an impressive lineup of speakers who present research on the newest happenings in the security industry. These topics include incident response strategies, vulnerability analysis and policy issues. As all conference sessions are not hands-on focused and are open to both FIRST members and non-members, security professionals of all types are invited to attend FIRST Conference.

When: June 14-19, 2015

Where: Berlin, Germany

Website: is an open conference/convention that provides an opportunity for individuals to discuss computer and/or network security, privacy, and information technology. The event is regularly organized by the Computer Incident Response Center Luxembourg (CIRCL), a government initiative whose mission is to report on emerging threats in the digital realm. Each year, presents a series of informal tutorials spread over the course of three days, thereby allowing attendees to freely meet and share all kinds of information on the latest computer network attacks and threats. is currently accepting papers for its 2015 conference. This year, in addition to hosting 90 minute talks for its main sequence, it will also be hosting workshops in the afternoon on the first day.

When: October 20-22, 2015

Where: Grand-Duchy, Luxembourg


The National Information Security Conference (NISC)

conference - niscThe National Information Security Conference (NISC) is an annual event that brings together security professionals to discuss some of the most topical trends in information security. The conference, which is sponsored by Sapphire, an industry leader when it comes to data assurance and best-of-breed security solutions, has been in operation for 16 years. This longevity is a testament to the fact that NISC is still one of the United Kingdom’s biggest annual security events. For this year’s conference, several speakers will use their presentations to explore the security implications of the Internet of Things. Other topics, including computer crime and physical security, are also currently on the conference agenda.

When: September 16-18, 2015

Where: Glasgow, Ireland



conference - nullconNullCon is a unique security conference that was founded in 2010 with the idea that security researchers can brainstorm together about how to address today’s issues in information security. With this in mind, the motto “The next security thing” drives the conference to the extent that it highlights the shortcomings of current technology and leads attendees to wonder what should be the industry’s focus over the coming years. Zero-day vulnerabilities, unknown threats and the latest attack vectors are all covered in the conference’s many presentations. Additionally, a section of the event called Desi Jugaad (Hindi for “Local Hack”) features researchers who come up with innovative solutions to life’s challenges and who devise new initiatives.

When: February 4-7, 2015 (past)

Where: Goa, India



conference - thotconThotCon is a small hacking venue that has been held in Chicago, Illinois for the past five years. It was started by a group of Chicago-based hackers back in 2009 who wanted to create a low-cost, social, and uniquely casual conference that individuals with an interest in security can attend without having to worry about spending too much money on travel and other expenses. It is a non-profit, non-commercial event that uses all of the profits used from each conference to fund next year’s event. As such, ThotCon is dedicated to providing the best possible conference on a limited budget as the venue continues to grow.

When: May 14-15, 2015 (past)

Where: Chicago, Illinois, USA


Did we still miss your favorite conference? Write into the comments any security conferences that you believe deserve a top spot.

Also, be sure to read about some lesser-known gems in the world of information security conferences here.