Recently, we compiled a list of the top 10 highest paying jobs in information security in an effort to help individuals navigate this exciting field as a career choice. That being said, we would be remiss if we stopped there. Information security is continuously evolving, so knowing which events offer the best opportunities for learning new ideas and making new connections is just as important as knowing which career path to pursue. With this in mind, here a list of the top 10 conferences in information security. (Note: These conferences are only organized alphabetically and are not ranked.)
10. AppSecUSA
AppSecUSA is an annual conference that functions as an outreach effort for the Open Web Application Security Project (OWASP), a non-profit community organization that has 200 chapters in over 100 countries. OWASP is dedicated to making software security more visible worldwide. It, therefore, makes sure that each and every AppSecUSA conference lives up to this mission by creating an impressive line-up of technical talks, debate panels, training sessions, hands-on learning workshops, and keynote addresses from industry leaders. Each AppSecUSA also includes a recruiting fair, CTF events and a vendor floor. When: September 22-25, 2015 Where: San Francisco, CA USA Website: https://2015.appsecusa.org/c/
9. Black Hat USA
The Black Hat Conference is a common favorite of many information security professionals, as it digs into the more technical themes of the industry. “At Black Hat, you hear more about problems and solutions and less about products,” said Lamar Bailey, Director of Security Research & Development at Tripwire. Black Hat USA has been in operation for the past 16 years. As one of the most technical information security events in the world, each year’s conference promotes a vendor-neutral environment and focuses on offering top security research, which is selected by a board of 23 of the industry’s most esteemed information security professionals. Black Hat events are held annually in the United States, Europe and Asia. When: August 1-6, 2015 Where: Mandalay Bay, Las Vegas, NV USA Website: https://www.blackhat.com/
8. BSides Series
As Senior Manager of Corporate Communications at Tripwire, Cindy Valladares is well-vetted in what makes an effective event in information security. “The best security conferences have two key elements: talks that inspire and challenge current thinking, and opportunities to connect with and learn from others," said Valladares. “Several of the BSides events that I’ve attended in the past have both of these elements." True to this description, BSides is a community-driven framework that uses its many events as a way to promote collaboration and conversation among professionals in the security field. It does so by scheduling technical presentations that actively encourage discussion, demonstrations and interaction. “I would have to say BSides is my favorite because it's a lot of fun, it’s very affordable and it’s accessible nearly everywhere,” says Alexandre Cox, SANS certified trainer and technology leader in Systems Engineering for Tripwire. “It’s also usually chock-full of nifty workshops. For example, I learned to pick locks and created a personal charging station in the form of a bandoleer at BSides PDX. How cool is that?” As of April of 2015, approximately 30 events are planned for the remainder of the year. When: Ongoing Where: Worldwide Website: http://www.securitybsides.com/w/page/12194156/FrontPage
7. DEFCON
Along with Black Hat USA and the BSides Series, DEFCON is another big name in the world of information security conferences. DEFCON started out in 1993 as a small gathering among 10 hacker networks. It has since expanded over the last 22 years to become one of the oldest and largest security conferences in the world. Last year's event attracted a record-breaking 14,500 attendees. Each year, DEFCON offers an exciting roster of speakers who present primarily on issues associated with computer hacking. As recently reported by Tripwire, DEFCON 23 this August will be the first security event to ever organize an Internet of Things (IoT) Hacking Village. When: August 6-9, 2015 Where: Paris/Bally’s, Las Vegas, NV, USA Website: https://www.defcon.org/
6. HitBSecConf
Hack in the Box Security Conference (HitBSecConf) is an annual event that is held in Kuala Lumpur, Malaysia (October) and Amsterdam in The Netherlands (May). Each event traditionally consists of two days of training sessions that explore next generation issues in the field of information security, as well as a two-day multi-track conference featuring well-known industry leaders. Those who routinely attend HitBSecConf value the event for its opportunities to network with other professionals, meet with leading security experts, and stay at the forefront of the computer security industry. This year’s HitBSecConf-Amsterdam will be held alongside HitB Haxpo 2015, “a 3-day technology expo for hackers, makers, builders and breakers.” When: May 26-29, 2015 Where: De Beurs van Berlage, Amsterdam, The Netherlands Website: http://conference.hitb.org/
5. InfoSecurity Europe
InfoSecurity Europe is the founding security event of the InfoSecurity Group, an organization that heads both InfoSecurity Magazine and the Global Executive Network, as well as promotes the advancement of the information security industry via interpersonal, print- and web-based relationships. This annual conference has evolved into one of the largest and highly regarded security events to be held in Europe, a reputation that is bolstered by the conference’s free admission. Last year, approximately 11,500 visitors from over 70 countries attended InfoSecurity Europe. This year, the conference’s organizers hope to draw in even more with the event’s ever-expanding educational program and diverse 345-exhibitor vendor floor. When: June 2-4, 2015 Where: Olympia in London, United Kingdom Website: http://www.infosecurityeurope.com/
4. InfoSec World Expo
InfoSec World Expo focuses on attracting attendees using its diverse line-up of speakers and its exhibition hall of some of the most impressive information security technologies and solutions in the industry today. The event is organized by the MIS Training Institute, an international leader in IT audit and information security training. Each year, MIS TI offers a series of seminars, conferences, e-learning workshops, in-house training sessions, and executive programs in an effort to advance the field of information security. When: March 23-25, 2015 (past) Where: Disney’s Contemporary Resort, Orlando, FL USA Website: http://www.infosec-world.com/
3. RSA Conference USA
When a single security event gives rise to four conferences that are spread across three regions, drawing in more than 30,000 attendees a year, it’s hard not to take notice. “RSA would have to be one of my favorites, since it is the biggest conference in the world,” states Lamar Bailey. Besides its size, however, RSA, including RSA Conference USA, prides itself on attracting new industry voices and providing a venue where leading security professionals can present their exciting new research to conference attendees. “There’s lots of content every year at RSA,” Bailey goes on to explain. “Every security company showcases what they are doing and what is new in the industry.” With all that it has to offer, it is no wonder that Cindy Valladares feels that RSA is still unmatched with regards to the quality of connections it has to offer. “RSA still provides the best opportunity to network with friends, foes, partners, customers and the security community in general.” When: April 20-24, 2015 (past) Where: Moscone Center, San Francisco, CA USA Website: http://www.rsaconference.com/
2. SANS Series
The SANS Series is sponsored by the SANS Institute, a research and education organization that is dedicated to promoting information security training and security certification around the world. Its programs, which consist of intensive, immersion training that is spread out over several days, now reaches 165,000 security professionals. SANS Institute also operates the SANS Information Security Reading Room, which houses more than 2310 original research papers in 86 important categories of security, as well as the Internet Storm Center, the so-called “Internet’s early warning system.” To search a complete catalog of SANS Institute’s local training sessions offered through the spring of 2016, please click here. When: Ongoing Where: Worldwide Website: https://www.sans.org/
1. ShmooCon
ShmooCon is an annual hacking conference that is held on the east coast of the United States every year. The first full day of the conference is called “One Track Mind” and consists of a single track of speed talks. This is followed by two full days of three difference event tracks: “Build It,” “Belay It,” and “Bring It On.” The event’s major themes include exploiting technology and critical issues in information security, as well as how various hardware and software solutions can address these two areas of focus. The conference also has a number of events that are ongoing during the entirety of the event. These include the Lockpick Village, ShmooCon Labs, and Hack Fortress. When: January 16-18, 2015 Where: Washington Hilton, Washington DC, USA Website: https://www.shmoocon.org/ Did we miss one? Be sure to write in the comments any security conferences that you believe deserve a top spot.
Meet Fortra™ Your Cybersecurity Ally™
Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business.