With 2018 in the rear-view mirror, the information security industry is now fully invested in 2019. The new year will no doubt present its fair share of challenging digital security threats. But so too will the year enable infosec professionals to discuss shared difficulties at conferences and summits.
To help promote these collaborative events, we at The State of Security are proud once again to assemble a list of the top information security conferences. We hope you’ll consider attending at least one of the following 20 events, which are alphabetically sorted and not ranked in any way.
If we missed a conference, please let us know in the comments below!
When: TBA, 2019
AppSec Europe is an annual conference hosted by the Open Web Application Security Project (OWASP), a non-profit organization which strives to raise the visibility of software security worldwide. Each AppSec Europe conference features technical talks, debate panels, training sessions, hands-on learning workshops and keynote addresses from industry leaders.
Every event also includes a recruiting fair, CTF events and a vendor floor.
When: 25-26 June, 2019
Where: Boston Convention and Exhibition Letter, Boston, Massachusetts, USA
AWS re:Inforce is the first conference launched by Amazon Web Service that revolves around cloud security. At the event, attendees will learn about the latest approaches to security best practices and risk management utilizing AWS services, features and tools
The conference will present more than 100 sessions across two different event tracks. The technical track, for example, will help security engineers and developers learn how to build a proactive security posture. Meanwhile, the business enablement track tailored will help CISOs and other C-level executives with their strategic migration decisions.
Black Hat Conference Series
The Black Hat conference series is a favorite among infosec professionals for its technical emphasis. Black Hat USA, for example, has been in operation for the past 20 years; each of its iterations promotes a vendor-neutral environment and offers up top research that’s selected by a board of the industry’s most esteemed infosec professionals. This year’s Black Hat USA will take place on 3-8 August at the Mandalay Bay Resort and Casino in Las Vegas, Nevada, USA.
Black Hat events are held annually in the United States, Europe and Asia.
Security BSides is a community-driven framework that builds events for the information security community. Each meeting incorporates discussion, demonstrations and interaction into most of its technical presentations, thereby promoting collaboration and conversation among security professionals.
As of this writing, approximately 40 events have already been announced for 2019.
When: 20-22 March, 2019
Where: Sheraton Vancouver Wall Centre, Vancouver, British Columbia, Canada
CanSecWest is a three-day conference that boasts a single-track of enlightening one-hour presentations prepared by a knowledgeable professional and an educator. The event prides itself on bringing attendees together into a relaxed environment where they can collaborate and network.
The organizers of the conference are still putting together a speaker schedule for this year’s event. The deadline for the initial call for papers (CFPs) was 28 December 2018, whereas 7 January served as the submission deadline for a smaller number of speaking slots. CanSecWest’s organizers also revealed that the successful RF CTF from PacSec will be held at the conference.
Chaos Communication Congress
When: 27-30 December, 2019
Where: Leipziger Messehalle, Leipzig, Germany
Chaos Communication Congress is an annual conference sponsored by the Chaos Computer Club, Europe’s largest association of hackers. The event features lectures and workshops on diverse topics ranging concerning computer security, privacy and freedom of speech.
The Chaos Computer Club first hosted its Chaos Communication Congress in 1984. Since then, it’s held its event in December each and every year.
When: 9-11 August, 2019
Where: Paris Las Vegas, Paradise, NV, USA
DEF CON started out in 1993 as a gathering among 10 small hacker networks. It’s expanded over the last 26 years; today, it’s one of the oldest and largest security conferences in the world. DEF CON 22 (2014) attracted 14,500 attendees alone.
Each year, DEFCON offers an exciting roster of speakers who present on computer hacking.
When: 18-22 September, 2019
Where: The Marriott Hotel, Louisville, Kentucky, USA
DerbyCon is an infosec conference with a family feel. Each year’s event begins with a two-day training sequence, which includes sessions in pentesting, reverse engineering, malware analysis, hacking basics and other topics. These sessions precede a two-day conference that features an impressive lineup of speakers.
Over 2,000 individuals attended DerbyCon 4.0 in 2014. (No statistics are available for DerbyCon 5.0, 6.0, 7.0 or 8.0.) The conference’s organizers expect to attract even more attendees in 2019.
The Diana Initiative
When: TBA – August, 2019
Where: Caesars Palace, Las Vegas, Nevada, USA
The Diana Initiative is an organization that supports women interested in pursuing a career in information security, promoting diverse workplaces and helping to change workplace cultures to become inclusive of all employees regardless of gender.
The theme for The Diana Initiative’s 2019 conference is not yet known. But as with previous years’ events, attendees at this year’s session will no doubt have the chance to take advantage of numerous networking opportunities. They’ll be able to “meet a mentor” and attend presentations where speakers share their stories, experiences and insights.
FIRST Annual Conference
When: 16-21 June, 2019
Where: Edinburgh International Conference Centre, Edinburgh, Scotland
This five-day annual conference features incident response, management and technical tracks, keynote presentations, lightning talks and plenty of networking opportunities. In addition to learning the latest security strategies in incident management, attendees can earn up to 25 continuing professional education (CPE) credits and gain insight into analyzing network vulnerabilities.
The event is sponsored by the Forum of Incident Response and Security Teams (FIRST), an international confederation of more than 350 trusted computer incident response teams spread across over 80 countries.
FS-ISAC Annual Summit
When: 28 April-1 May, 2019
Where: Walt Disney Swan and Dolphin Resort, Orlando, Florida, USA
Each FS-ISAC Annual Summit is hosted by the Financial Services Information Sharing and Analysis Center, which helps members of the global financial industry share and analyze intelligence on digital and physical threats.
Attendees of this annual event have the opportunity to hear over 40 expert sessions and talks on the newest threats facing the global financial services sector spread across four days. Everyone from CEOs and Heads of Threat Intelligence to Payment Operations Directors and Payment Line of Business Managers are encouraged to attend.
Gartner Security & Risk Management Summit
When: 17-20 June, 2019
Where: Gaylord National Resort and Convention Center, National Harbor, Maryland, USA
Each of Gartner’s Security & Risk Management Summits attracts CISOs as well as top risk management and security professionals for the purpose of helping them build resilience and hone their security strategy across the enterprise. Attendees gain those insights via end-user case studies, workshops and one-on-one meetings with a Gartner analyst.
This year’s conference will discuss key topics like BCM, cloud security, privacy and IoT security. It will also highlight new threats and emerging tech such as AI, machine learning, analytics and blockchain while helping respondents address the ongoing skills gap.
When: 6-10 May, 2019
Where: Hilton DoubleTree / Beurs van Berlage, Amsterdam, The Netherlands
Hack in the Box Security Conference (HITBSecConf) is an annual event held in Amsterdam, The Netherlands. In fact, this year’s iteration marks the 10th anniversary of Hack in the Box (HiTB) in the Netherlands.
Those who regularly attend HITBSecConf value it for all the networking opportunities and the chance to stay current with critical computer security issues.
The CFP for this year’s conference is set to close on 28 February.
When: 4-6 June, 2019
Where: Olympia, London, United Kingdom
InfoSecurity Europe is an annual conference that’s evolved into one of Europe’s largest and most highly-regarded information security events. Its reputation is bolstered by the conference’s free rate of admission.
Last year, more than 19,500 visitors came out to see hundreds of speakers present on security-related topics and visit over 400 different exhibitors’ booths. At this year’s conference, attendees will be able to choose from 240+ free to attend conference sessions led by industry influencers.
When: 1-3 April, 2019
Where: Disney’s Contemporary Resort, Lake Buena Vista, Florida, USA
Every year, InfoSec World attracts attendees with its diverse line-up of speakers and an exhibition hall filled with some of the most impressive information security technologies and solutions in the industry.
MIS Training Institute, a leader in IT auditing and infosec training, organizes the event every year. Each iteration of InfoSec World consists of seminars, conferences, e-learning workshops, in-house training sessions and executive programs.
When: 4-8 March, 2019
Where: Moscone Center, San Francisco, CA USA
When a security event gives rise to multiples conferences that draw more than 50,000 attendees a year, it’s hard not to take notice.
Besides its size, RSA, including RSA Conference USA, prides itself on providing a venue where both established and new security professionals can present their research to conference attendees and prepare themselves for future challenges in information security.
The SANS Series is sponsored by the SANS Institute, a research and education organization which promotes infosec training and certification around the world. Its programs consist of intensive training usually spread out over several days.
One of the biggest events planned for this year is SANS 2019. It’ll feature more than 45 hands-on information security courses taught by leading experts. This training conference is scheduled for 1-8 April in Orlando, Florida, USA. Learn more here.
When: 18-20 January, 2019
Where: Washington Hilton Hotel, Washington District of Columbia, USA
ShmooCon is an annual hacking conference that takes place on the east coast of the United States every January. The first full day of the conference features a single track of speed talks called “One Track Mind.” This is followed by two full days of three event tracks: “Build It,” “Belay It” and “Bring It On.”
The conference’s major themes include exploiting technology and using hardware and software solutions to address critical issues in information security.
Attendees can also enjoy several events that run concurrent to the conference including the Lockpick Village, ShmooCon Labs and Hack Fortress.
When: 3-4 May, 2019
Where: TBA, Chicago, Illinois, USA
THOTCON is a non-profit, non-commercial conference that will feature four tracks over two days. Included speaker sessions will range in length from 25 minutes to two hours and focus on a range of topics including the Internet of Things, medical devices and industrial control systems.
This event is unique in that speakers and attendees won’t learn of its location until the week before the conference. That being said, THOTCON will occur somewhere in the city of Chicago, not far from the Blue Line.
USENIX Security Symposium
When: 14-16 August, 2019
Where: Hyatt Regency Santa Clara, Santa Clara, California, United States
Now in its 28th year, the annual conference of the USENIX Association (otherwise known as the Advanced Computing Systems Association) brings together researchers, practitioners, sysadmins and other individuals who are interested in staying abreast of important computer security and privacy developments. The event consists of invited talks, panel discussions and Birds-of-a-Feather sessions.
All researchers are invited to submit a paper for consideration of presenting at USENIX’s Security Symposium 2019 until 21 February.