Security in the dictionary

The best information security conferences of 2017

Not all information security conferences are the same, so we've assembled a list of events that offer attendees high-quality content in a variety of venues and environments, with different areas of emphasis.

Some are very large, while others are more intimate. Some are loud and boisterous, while others are more formal, and toned down. Some focus on vendors and their latest products, and others focus on training and education. A few have a narrow scope, while others aim to be comprehensive.

To help you decide where to do, we've grouped these conferences in four categories:

  • Must-attend 
  • Worth attending
  • Events with strong security tracks and content.
  • Large, quasi-legendary conferences with a size and breadth that make them interesting to security enthusiasts.
What Is the True State of Security in DevOps?

Why you should attend security conferences

Governments and businesses find± themselves scrambling to stay up to date on the latest vulnerabilities, technologies, and defense and prevention strategies as cyber attacks become more common, stealthy, sophisticated, costly, and brazen.

Fortunately, all of the conferences below share a goal of making attendees better informed and more savvy about protecting their organizations against the cyber threats they face around the clock from malicious hackers, the myriad forms of ever-evolving malware, disgruntled insiders, and other IT security risks and dangers.

Must-attend security conferences

This year's must-attend list of security conferences is based primarily on the level of interest among attendees, year-over-year. Many of are large conferences that attract widely known hackers and other experts, and conference organizers post special precautions about safeguarding your own personal data.

RSA Conference

Twitter: @rsaconference / #RSAC
Web: rsaconference.com/events/us17
Date: February 13-17, 2017
Location: Moscone Center, San Francisco, California
Cost: Ticket prices range from $100 for an early-bird expo pass to $2,695 for a full-conference pass bought on site.

One of the world’s largest security conferences, RSA celebrates its 26th anniversary in 2017. RSA became part of Dell Technologies in September, but the acquisition isn't expected to affect this year's conference or any future shows.

"Like many other exhibitors, I spent hours chatting with potential customers and technology partners," Tom Skeen, an IT, risk and security adviser with Safe-T Data, wrote about RSA 2016.

"Just about everyone had a common theme or two," Skeen noted. "What is the best way to protect information, at a reasonable cost and with the most operational supportability? This makes complete sense, given the continued challenges around advanced cybercrime and hyper-connectivity nowadays."

This is a very large event in terms of attendees, exhibitors, and sessions, which may signal robust growth in the IT security industry, and just how dangerous the threat landscape has become.

Attendees should do their pre-conference homework and sketch out a game plan, since this is a very large conference. In 2016 there were more than 40,000 attendees and about 700 speakers.

Who should attend: Security professionals.

BlackHat USA

Twitter: @BlackHatEvents / @ubm / BlackHat / #BHUSA
Web: blackhat.com
Date: July 22-27
Location: Mandalay Bay Hotel, Las Vegas, Nevada (Black Hat will also be held in London and Singapore in 2017.)
Cost: Starts at $495 for a business pass, which includes access to the business hall, sponsored workshops, sponsored sessions, and the Arsenal, and goes up to $2,795  for "briefing ticket." Training sessions are priced separately and individually, as outlined in this list.

First held in 1997, Black Hat has become one of the world’s biggest tech conferences, and one that security professionals either must attend or must follow closely from afar. It’s the preferred venue for researchers, security experts, vendors, and ethical hackers to disclose their latest vulnerability findings, the most dramatic of which become general-interest news globally.

For example, the 2015 conference exposed security gaps in cars that could let cyber criminals remotely disable key functions in moving vehicles, such as brakes. In 2016, a "danger drone" was aired that could hack into devices while flying over them, as well as a technique for planting ransomware on smart thermostats.

Black Hat features training sessions, a big expo floor, and A-list presenters and keynote speakers, as at many major tech conferences. But unlike most others, Black Hat requires that attendees keep certain precautions, given that they’ll be surrounded by thousands of the world’s finest hackers, some of whom will be looking to play pranks, test their latest vulnerability discoveries in a real-world setting or, at worst, attempt criminal acts, such as stealing personal, governmental, or corporate data.

"I kind of like Black Hat better than the RSA Conference," wrote Enterprise Strategy Group senior principal analyst Jon Oltsik after last year's conference. "At Black Hat, you talk about the real challenges facing our industry and discuss intellectual ways to overcome them. At RSA, everyone throws buzzwords at you and tells you how they solve all your problems."

Attendees should be prepared for a large conference (more than 11,000 people attended in 2015) where exciting revelations about security vulnerabilities will be detailed.

Who should attend: Security analysts, risk managers, security architects/engineers, penetration testers, security software developers, cryptographers.

Gartner Security & Risk Management Summit

Twitter: @Gartner_Events / #GartnerSEC
Web: gartner.com/events/na/security
Date: June 12-15
Location: Gaylord National Resort & Convention Center, National Harbor, Maryland. (This conference will also be held in Tokyo in July, and in Mumbai, India in August.)
Cost: Early-bird price is $3,100 (April 14 deadline); standard price is $3,400; public-sector price is $2,900. Group discounts are offered.

After attending the 2016 summit, Arun Balakrishnan, then with Symantec, wrote: "The summit lived up to its promise to provide the proven practices and strategies that are needed to maintain cost-effective security and risk programs to support digital business and drive enterprise success. Its theme was to build the trust and resilience needed to seize opportunities, reduce risks and deploy new security models."

"It was a rallying cry," Balakrishnan continued, "not only for those attending the summit, but for all enterprises committed to protecting their operations without compromise."

The organizers of the conference say its agenda addresses the latest threats, flexible new security architectures, governance strategies, the chief information security officer role and more.

As with all Gartner conferences, Gartner analysts will feature prominently in keynotes, panels, roundtables, how-to workshops, and one-on-one meetings, but there will be end-user companies presenting case studies, and many opportunities to network with other attendees during breakfast, lunch, and receptions.

Tracks for 2017 will focus on the role of the chief information security officer, (CISO), IT security, security architecture, business continuity management, risk management and compliance and the security marketplace.

Several hot topics will be discussed, including cybersecurity; threat management and context-aware digital trust; enabling safer cloud computing; risks and opportunities of smart machines, artificial intelligence, the internet of things and operational technology; data security and risk governance; mobile security for digital business; protecting vital infrastructure; privacy and data security; informed risk governance; adaptive security architecture; people-centric security strategies; and agile strategies to secure digital business.

Who should attend: CISOs, CSOs, enterprise IT security pros and executives, CxOs, business continuity and disaster recovery managers, network security managers

CanSecWest

Twitter: @CanSecWest / #CanSecWest
Web: cansecwest.com
Date: March 15-17
Location: Sheraton Wall Centre in Vancouver, British Columbia
Cost: Access to the conference ranges from CAD $2,100 to $2,500, depending on when the ticket is bought. Dojo registration cost depend on when you buy a ticket, but ranges from CAD $1,900 for one day to $7,400 for four days. Registration includes catered meals.  

"The technical depth and breadth of the research presented in Vancouver this year yet again lived up to expectations," Pieter Ockers, a senior security program manager at Adobe, wrote after CanSecWest 2016. 

"Of the security conferences that Adobe sponsors throughout the year, CanSecWest consistently draws a critical mass from the security research community, with offensive, defensive, and vendor communities well-represented," Ockers continued.

"The exposure to bleeding-edge research presented by subject matter security experts, and the opportunity to forge new relationships with the security research community sets CanSecWest apart from the security conferences Adobe attends throughout the year," he added.

 Organizers describe CanSecWest as "the world's most advanced conference focusing on applied digital security," and they take pride in attracting industry luminaries as speakers and in fostering a relaxed environment for collaboration and networking.

Now in its 17th year, the three-day, single-track conference features one-hour presentations delivered by experts in a lecture theater setting, with a focus on sharing best practices and real-world experiences, and detailing new vulnerabilities, attacks, and defenses. This year's presentations include Sandbox Escape with Generous Help from Security Software, Don't Trust Your Eye: Apple Graphics Is Compromised!, Bypassing Different Defense Schemes via Crash Resistant Probing of Address Space, and APT Reports and OPSEC Evolution: These Are Not the APT Reports You Are Looking For.

In addition to the presentations, CanSecWest features hands-on Dojo training courses from security instructors.

Who should attend: CISOs, CSOs, enterprise IT security pros and executives.

SANS 2016

Twitter: @sansinstitute / #SANS2017
Web: www.sans.org/event/sans-2017
Date: April 7-14
Location: Hyatt Regency, Orlando, Florida. Remote access also available.
Cost: Courses range from $1,520 to $6,610.

SANS Institute, founded in 1989, focuses on security research and providing intensive, immersive security training via a variety of conferences, smaller events, and courses that reach about 165,000 security professionals around the world.

Its big annual event, SANS 2017, doubles as a conference, with keynote speakers and networking opportunities. SANS pledges that what people learn in its courses and events can be applied immediately once they get back to their workplaces.

Highlights of this year's event include more than 40 hands-on cyber security courses, Core and DFIR NetWars Tournaments, and a keynote by SANS Senior Instructor Eric Conrad on "Quality not Quantity: Continuous Monitoring's Deadliest Events."

The company also holds other big events, including SANS Security West in May, and SANSFire in Washington, D.C. in July.

SANS also offers even smaller, shorter events, as well as online training.

Who should attend: IT security pros, CxOs, network and system administrators, security managers.

Def Con 25

Twitter: @defcon #DEFCON
Web: defcon.org
Date: July 27-30
Location: Caesar's Palace, Las Vegas, Nevada.
Cost: TBD, cash only at the door. (Last Year: $230).

If history is any indicator, the 25th edition of this hackfest-par-excellence will feature recent, scary-as-hell computer system compromises affecting not only PCs and mobile devices but multiple other products not usually associated with digital intruders. These include cars—last year's Car Hacking Village was bigger than ever—Bluetooth low energy locks, solar arrays, seismic sensors and supervisory control and data acquisition (SCADA) controllers.

Def Con starts as soon as its Black Hat cousin ends in Las Vegas, so they share many topics and audiences, but Black Hat’s atmosphere is more polished, corporate, and professional, while Def Con is a wilder, more festive affair.

"I love Def Con because it's different," Jeff Moss, the hacker and entrepreneur behind both BlackHat and Def Con, told the International Business Times last year. "It's got a sense of fun but it's really about individual discovery."

Attendees should take extreme precautions to avoid getting hacked, as they’ll be surrounded by thousands of hackers. Last year 22,000 attended this large, informal conference with a party atmosphere. They should also be prepared to be approached by government headhunters looking for hacker talent for intelligence and law enforcement agencies.

Who should attend: Software developers, security administrators, hackers, researchers, government and law enforcement officials.

AppSecUSA

Twitter:  @appsecusa / #appsecusa
Web: 2016.appsecusa.org (2017 website coming soon)
Date: September 19-22
Location: Orlando, Florida
Cost: Conference regular admission is $995, with a variety of discounts available, including $80 tickets for full-time university students.

Focused on application security, this conference goes deep into topics such as DevOps, privacy, mobile security, secure development, app assessments, and cloud security. Highly technical, it is organized by the Open Web Application Security Project (OWASP), a nonprofit organization with 200 chapters in 100 countries devoted to improving app security from a vendor-neutral perspective.

In a blog post, AppSecUSA said it is the largest conference solely dedicated to application security. Unlike similar conferences, which only offer speaker sessions, AppSecUSA also offers cutting-edge training conducted by leaders in the field, opportunities for women and those transitioning from military service to network and develop their careers, and significant discounts for students to learn about security careers.

Headline speakers at the 2016 conference featured novelist, activist and journalist Corry Doctorow discussing the intersection of DRM and security research; Samy Kamkar, a researcher, hacktivist and entrepreneur who discussed how he uses side channels, physics, and low-cost tools to employ powerful attacks against modern technology; and Casey Ellis, co-founder of Bugcrowd, who talked about best practices for implementing an effective bug bounty program.

Who should attend: Developers, auditors, risk managers, technologists, and entrepreneurs.

Worth attending

The conferences here have a smaller attendance or target at specific industries. All are either directly aimed at security practitioners or focus on technologies and concepts that relate to security.

HPE Protect 2016

Twitter: @HPE / @HPE_Security / #HPEProtect
Web: h41382.www4.hpe.com/hpe_protect/
Date: September 11-13
Location: Washington Marriott Wardman Park, Washington, D.C.
Cost: Not available.

HPE’s largest security event of the year, Protect is a technical conference attended by about 2,000 people and designed for, among others, security professionals, infrastructure managers, IT/data center operations staff, network managers, and service, support, and delivery managers.

Last year's conference included several enlightening discussions, such as Encryption Myths Debunked by Federal Agencies, AppSec and DevOps: An Opportunity or Obstacle?, and Security Hold the Key to Fearless Innovation.

Who should attend: Security pros, infrastructure managers, IT/data center operations, network managers, project and portfolio managers, service, support and delivery managers, digital security stakeholders.

DerbyCon

Twitter: @DerbyCon / #DerbyCon
Web: derbycon.com
Date: September 20-24
Location: Hyatt Regency Hotel, Louisville, Kentucky
Cost: Not available.

DerbyCon bills itself as a friendly, fun technology conference that welcomes not just experts, but also hobbyists and regular folk interested in security, so that they can learn, share ideas, and party together. It’s smaller than, Black Hat or Def Con, but has a reputation for featuring quality presenters.

Who should attend: Security pros, penetration testers, application security specialists, threat intelligence analysts, system architects, researchers, system administrators, and students.

Usenix Security Symposium

Twitter: @USENIXSecurity / #USENIXSecurity
Web: usenix.org/conference/usenixsecurity17
Date: August 16-18
Location: Sheraton Vancouver Wall Centre Hotel, Vancouver, Canada.
Cost: Conference rates range from $915 (before July 25) to $1065 for non-members. Workshop rates range from $295 (before July 25) to $690. Discounts available for members and students.

This conference, celebrating its 26th year in 2017, is designed for researchers, practitioners, system administrators, system programmers, and others in similar roles who are interested in computer systems and network security. Over the three-day conference, speakers present papers, give talks, participate in panel discussions, display posters, and talk about works in progress. Collocated workshops precede the Symposium.

Last year, researchers at this conference made headlines with a paper about keyless car theft. 

Who should attend: Researchers, practitioners, system administrators, system programmers.

Annual Computer Security Applications Conference

Twitter: @ACSAC_Conf / #ACSAC
Web: acsac.org
Date: December 4-8
Location: San Juan, Puerto Rico
Cost: Not available

More details will be available in March

First held in 1984, ACSAC focuses on applied security, and draws security professionals from academia, government, and industry. Its target audience is people developing practical solutions for network, system, and IT security problems. Proceedings include in-depth tutorials, workshops, case studies, panel discussions, and a technical track about peer-reviewed papers.

Who should attend: Researchers and a broad cross-section of security professionals drawn from industry, government, and academia.

38th IEEE Symposium on Security and Privacy

Twitter: @IEEESSP / #IEEESSP
Web: ieee-security.org/TC/SP2017
Date: May 22-24 - symposium; May 25 - privacy workshops.
Location: San Jose, California.
Cost: Not available.

The IEEE Symposium on Security and Privacy, first held in 1980, attracts both researchers and practitioners and describes itself as the “premier forum” to present developments in computer security and electronic privacy.

Workshops this year focus on privacy engineering; bio-inspired security, trust, assurance and resilience; language-theoretic security; mobile security technologies; technology and consumer protection; and traffic measurements for cybersecurity.

Who should attend: Researchers, security practitioners.

ThotCon

Twitter: @THOTCON / #THOTCON
Web: thotcon.org
Date: May 4-5.
Location: Chicago, Illinois. (The exact venue is disclosed only to registered attendees and speakers one week before the conference.)
Cost: $158.

Organizers describe this event as a low-cost “hacking conference” with a nonprofit and noncommercial goal and a limited budget. It’s been held annually in Chicago since 2010, born from its organizers’ desire to host an affordable security conference for hackers who live in and around the Windy City. Proceeds are used for the following year’s conference.

The content is high quality, and the atmosphere is relaxed and social, leading to valuable ad-hoc hallway exchanges, according to a 2015 attendee from Cisco. A local TV channel reported that about 1,000 people attended last year, and most were white-hat hackers. A presentation at the 2014 event about vulnerabilities in hospital medical equipment drew media attention.

Who should attend: Hackers, especially those from the Chicago area.

Hack In The Box Security Conference

Twitter: @HITBSecConf / #HITBSecConf
Web: conference.hitb.org/hitbsecconf2017ams
Date: April 10-14.
Location: Amsterdam, Netherlands.
Cost: Training tickets range from €1,999 to €2,999, while conference tickets range from €299 to €1,499.

HITBSecConf, or the Hack In The Box Security Conference, held annually in Amsterdam and now in its seventh year, targets security researchers and professionals globally, and focuses on "next-generation" computer security issues. The event typically consists of two or three days of training, followed by two days of multitrack conference sessions. It includes a competition, technology exhibit, and "hackerspaces" for hackers, makers, and breakers.

"Those who routinely attend HITBSecConf value the event for the opportunities to network with other professionals, meet with leading security experts, and stay at the forefront of the computer security industry," noted information security firm Tripwire, which placed the Dutch conference in its Top 11 Information Security Conferences of 2016.

Who should attend: Security pros.

InfoSecurity Europe

Twitter: @Infosecurity / #Infosec17
Web: infosecurityeurope.com
Date: June 6-8.
Location: London, UK.
Cost: Not available

Organizers claim that this is Europe's “biggest and most-attended” information security industry event. They say that in 2016, 17,972 information security professionals, service providers, vendors, and thought-leaders networked, engaged and conducted business at the event. It boasts more than 160 hours of free education sessions and a big expo floor.

Who should attend: Security pros, executives, and managers.

Hack.lu

Twitter: @hack_lu / #hacklu
Web: 2016.hack.lu
Date: October 16-19.
Location: Luxembourg.
Cost: Not available.

Organizers claim that Hack.lu is one of the oldest and largest IT conferences in Europe. Here attendees discuss computer security, privacy, information technology, and its cultural/technical implication on society.

The 2016 presentations, workshops and lightning talks can be viewed as video or text.

Who should attend: Security pros.

ICS Cyber Security Conference

Twitter: #ICS
Web: icscybersecurityconference.com/singapore
Date: April 24-27.
Location: Singapore
Cost: Registrations range from SD$995 (before Feb. 1) to SD$1,095.00 (before March 1) to SD$1695.

Organizers claim that this is the longest-running cybersecurity-focused conference for the industrial control systems sector. Its target audience consists of the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations. Most attendees are control systems users, working as control engineers, in operations management, or in IT.

Industrial control systems security topics addressed include protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices.

Who should attend: Operations, control systems, and IT security professionals.

ASIS 2017

Twitter: @ASIS_Intl / #asis17
Web: securityexpo.asisonline.org
Date: September 25-28.
Location: Dallas, Texas.
Cost: Not available.

Organized by ASIS International, an industry organization of security management professionals founded in 1955, this conference covers the full spectrum of security topics, technologies, and issues, including data and infrastructure protection, loss prevention, cybersecurity, employee safety, counterterrorism, and facilities security.

In 2016, the conference attracted 22,000 security professionals from 109 countries. It featured keynotes by U.S. Homeland Security Secretary Jeh C. Johnson and FBI Director James B. Comey. Conference themes included the rise of lone wolf attacks, the risk of a cyberattack on critical infrastructure , and the need for greater public-private sector collaboration.

Who should attend: Security pros.

InfoSec Southwest 2017

Twitter: @InfoSecConf / #ISSW
Web: infosecsouthwest.com
Date: April 7-9.
Location: Austin Convention Center in Austin, Texas.
Cost: Tickets for the conference range from $100 to $160, depending on when you buy your tickets. Student tickets are $60 and military $80. Training sessions are extra.

InfoSec Southwest, held annually in Austin, was created with the local hacker community in mind, so part of its mission is to bring together security pros and hackers who live in and around the city of Austin. Organizers say the scope of topics covered is broad, and includes deep technical dives into cutting-edge research and the social and legal implications of hacker culture.

Who should attend: Hackers and security pros, especially from the Austin area.

InfowarCon

Twitter: @InfowarCon / #InfowarCon
Web: infowarcon.com
Date: April 24-26.
Location: Nashville, Tennessee.
Cost: $300, but in order to be invited, attendees must submit a few paragraphs explaining what value they would bring to the conference, because organizers want active participants. “No wallflowers allowed,” reads the registration page.

As its name implies, this conference focuses on cyber and information technology warfare topics, and on how the "weaponization" of technology affects national security, the global balance of power, private-sector intellectual property, and the well-being of individuals.

First held in 1994, InfowarCon has run in the United States and Europe, and its goal is to bring together attendees from the military, law enforcement, emergency management, intelligence, government, academia, and the private sector. Main topics at InfowarCon include cyberterrorism, infowar, policy, and homeland defense.

Who should attend: Government, law enforcement, academia, corporations, product vendors, and individuals interested in cybersecurity.

Network and Distributed System Security Symposium

Twitter: @internetsociety / #ndss17
Web: internetsociety.org/events/ndss-symposium/ndss-symposium-2017
Date: February 25-March 1.
Location: Catamaran Resort Hotel & Spa in San Diego, California.
Cost: Workshop fees range from $305 (by Feb. 3) to $370 ($220-$260 for students); Symposium fees range from $810 (by Feb. 3) to $1,075 ($455-$555 for students).

The Network and Distributed System Security Symposium caters to researchers and practitioners of network and distributed system security, with an emphasis on system design and implementation.

Who should attend: University researchers and educators, chief technology and privacy officers, security analysts, system administrators, and operations and security managers.

REcon 2016

Twitter: @reconmtl / #reconmtl
Web: recon.cx
Date: Conference, June 16-18; training, June 12-15.
Location: Hyatt Regency Montreal in Montreal, Quebec.
Cost: Available when CFP launches.

REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal.

Videos of the 2016 sessions are available at the Recon website.

Who should attend: Security pros.

ACM Conference on Computer and Communications Security

Twitter: @TheOfficialACM
Web:  www.sigsac.org/ccs/CCS2017
Date: October 30-November 3.
Location: Dallas, Texas.
Cost: Not available.

The primarily research-focused ACM Conference on Computer and Communications Security (CCS) is the flagship annual conference of the Special Interest Group on Security, Audit and Control (SIGSAC) of the Association for Computing Machinery (ACM).

Who should attend: Information security researchers, practitioners, developers, and users.

International Cryptographic Module Conference

Twitter: @CryptoModConf
Web: icmconference.org
Date: May 16-19
Location: Westin Arlington Gateway, Washington, D.C.
Cost: Tickets range from $300 (by April 4) to $1,370.

Conference agenda this year includes efforts to audit, improve and certify the security of the leading operating system crypto projects; CM products, certifications, and vulnerabilities for organizations that rely on crypto security; application of embedded encryption in specific industry verticals;  quantum computing threat and efforts to transition to quantum-safe algorithms; and balancing privacy rights and government access to encrypted communications.

The conference is aimed at those interested in developing, specifying, and procuring certified commercial off-the-shelf cryptographic modules; manufacturers of cryptographic modules compliant with FIPS 140-2 or ISO/IEC 19790 around the world; laboratories and government departments responsible for testing cryptographic modules against FIPS 140-2 or ISO/IEC 19790; key players and stakeholders in standards development; members of the academic community; embedded systems OEMs; and the side channel research community.

Who should attend: Those interested in commercial cryptography.

Hacker Halted

Twitter: @HackerHalted / #hackerhalted
Web: www.hackerhalted.com
Date: October 9-10.
Location: Atlanta, Georgia.
Cost: Conference, $199; ethical hacking courses, $2,999.

Organizers describe Hacker Halted as a global series of computer and information security conferences with the goal of raising international awareness regarding education and ethics in IT security. The theme for Hacker Halted in 2016 was the Cyber Butterfly Effect: When Small Mistakes Lead to Big Disasters.

Who should attend: Security pros.

BSides

Date: Multiple dates.
Location: Multiple locations.
Web: securitybsides.com/w/page/12194156/FrontPage
Cost: Free to $25.

Almost every week, there's a BSides conference taking place somewhere in the world. BSides describes itself as "a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time.  It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event, with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening."

"The best security conferences have two key elements: talks that inspire and challenge current thinking, as well as opportunities to connect with and learn from others," says Tripwire director of corporate communications Cindy Valladares. "Several of the BSides events that I've attended in the past have both of these elements."

Who should attend: Security pros and hackers.

Cross-discipline conferences

Conferences in this category are targeted at specific industries or technologies. Although you won’t see “security” in the conference titles here, these gatherings will hold interest for many security specialists and professionals.

JavaOne

Twitter: @JavaOneConf / #JavaOne
Web: oracle.com/javaone
Date: October 1-5.
Location: San Francisco, California.
Cost: Not available.

First held in 1996 by Sun Microsystems, JavaOne is billed as the largest conference for Java developers. At the 2015 conference in San Francisco, Oracle, which now sponsors this event, marked the 20th anniversary of Java’s creation, saying its popularity continues to grow. After all, it’s in use by about 10 million developers worldwide. The company pledged to continue developing Java, promising major improvements and innovations in Java 9 and beyond.

The conference consistently features important speakers from the Java world. The top 12 sessions from last year's conference have been posted online.

Who should attend: Java developers.

Fluent

Twitter: @fluentconf / @OReillyMedia  #FluentConf
Web: conferences.oreilly.com/fluent/javascript-html-us
Date: Training, June 19-20; Conference, June 20-22.
Location: San Jose, California.
Cost: Not Available.

Keynotes and additional material from last year's conference are available online.

Fluent aims to cover the "full scope of the Web platform," according to its organizers. Now in its fourth year, the conference focuses on practical training in JavaScript, HTML5, CSS, and associated technologies and frameworks, including WebGL, CSS3, mobile APIs, Node.js, AngularJS, and ECMAScript 6.

Because the conference was designed to attract people from across the web stack, Fluent has been described as a great way to get up to date with new techniques and ideas

Who should attend: Web designers and developers, including mobile and web infrastructure teams, JavaScript developers, architects, UI/UX designers, and systems developers.

Microsoft Ignite

Twitter: @MS_Ignite / #MSIgnite
Web: ignite.microsoft.com
Date: September 25-29.
Location: Orlando, Florida.
Cost: Not Available.

Video of last year's keynotes and sessions are available at the Ignite home page.

Microsoft created Ignite in 2014 to consolidate several smaller conferences into a big one: the Microsoft Management Summit, Microsoft Exchange Conference, SharePoint Conference, Lync Conference, Project Conference, and TechEd. It covers architecture, deployment, implementation and migration, development, operations and management, security, access management and compliance, and usage and adoption. It's organized by Microsoft and focuses on the company and its products, but the conference also draws more than 100 vendors that participate in the expo and as sessions speakers.

Agile Dev West and East

Twitter: @TechWell #BetterSoftwareCon
Cost: Ticket prices (for both East and West) range from $595 for the Agile Leadership Summit (before April 8) to $3,995 for five full days at the conference and three days of training.

Agile Dev West
Web: adcwest.techwell.com
Date: June 4-9.
Location: Las Vegas, Nevada.

Agile Dev East
Web: adceast.techwell.com
Date: November 5-10.
Location: Orlando, Florida.

The Agile Dev conferences focus on the latest agile methods, tools, and principles of interest to both new and experienced agile practitioners. These conferences are held in conjunction with Better Software Conferences and DevOps Conferences, giving attendees three programs to choose from.

Agile Testing Days

Twitter: @AgileTD / #agiletd
Web: agiletestingdays.com
Date: November 13-17.
Location: Potsdam/Berlin, Germany.
Cost: Not Available.

Agile Testing Days USA

Twitter: @Agile_USA / #ATD_USA
Web: https://agiletestingdays.us/
Date: Tutorials, June 19; conference, June 20-21.
Location: Boston, Massachusetts.
Cost: Tutorials, $799 each; conference, $1798 (two days), $899 (one day.)

Considered one of Europe’s main software testing events, this year Agile Testing Days will jump the pond and hold a New World version of its itself in Boston for North, Middle and South American software testers with an agile mindset. In the past, the German version of the conference has offered a mix of fun interludes and serious sessions that make the experience both enjoyable and worthwhile. The conference also features opportunities to learn by doing via DIY experiments and strives to offer a warm, collegial, friendly, and fun atmosphere.

Who should attend: Security pros, developers.

STAR Software Testing Conferences

Twitter: @TechWell
Web: techwell.com/software-conferences/star-software-testing-conferences
Dates and locations: 

Star East: May 7-12, Rosen Centre Hotel, Orlando, Florida.

Star West: October 1-6, Disneyland Hotel, Anaheim, California.

Star Canada: October 15-20, Hyatt Regency, Toronto, Ontario.

Cost: Star East prices range from $595 (before March 11) for the testing and quality leadership summit to $4,245 for three days training, ISTQB certification exam and five conference days. Star West has similar pricing, but top tier pricing is $3,295 and includes two tutorial days and five conference days. Star Canada pricing ranges from $795 (before August 19) for one tutorial day to $3,995 for three days of training and five conference days.

These conferences, organized by TechWell, are designed specifically for testing and QA pros. Conferences touch on topics ranging from test management and leadership, software testing techniques, and mobile app testing to test automation, certifications, QA methodologies, tools, agile testing, performance testing, exploratory testing, QA careers, and more.

Writing recently on TechBeacon, Gerie Owen, a test architect, called the Star conferences “among the most prestigious QA and testing conferences in North America,” and “suitable for junior-level testers as well as seasoned test professionals and test managers.”

According to the TechWell website, these are “the premier conferences for software testing and quality assurance professionals. Come away from a STAR conference ready to put your knowledge to work immediately. Our comprehensive program includes short sessions, half- and full-day tutorials, multi-day in-depth training, and a Leadership Summit.”

Who should attend: Security pros.

Gartner Catalyst Conference

Twitter: @Gartner_Events / #GartnerCATGartnerCAT
Web: gartner.com/events/na/catalyst
Date: August 21-24.
Location: Manchester Grand Hyatt San Diego, San Diego, California.
Cost: Standard conference price is $3,400 ($3100 before June 24); public sector price: $2.900,

Featuring more than 50 Gartner analysts, Catalyst promises a ”deep dive” into the digital enterprise’s architectural requirements, touching on areas such as mobility strategy and execution, cloud architecture, data analytics, enterprise-scale security and identity, software-defined data centers (SDDC), DevOps, and digital productivity via mobile and cloud.

Gartner describes Catalyst as "technically focused and committed to pragmatic, how-to content" so that attendees go back to their places of work "with a blueprint for project planning and execution."

Who should attend: Security pros.

Other conferences

Here are a few other conferences that you should know about as you plan your 2017 travel calendar. If you’re planning your conference travel and budget around security shows, you might want to save a little room on your plate for one or more of these events.

SXSW (South By Southwest)

Twitter: @sxsw / #SXSW2017
Web: http://www.sxsw.com/schedule
Date: March 10-19.
Location: Austin, Texas.
Cost: Prices range from $495 to $1,550.

While music and film are key elements of SXSW, the event also has a strong technology component, with topics this year including startups, wearables, healthcare IT, virtual reality, IoT, smart cities, digital media, online marketing, software design and development, open source, mobile design, and user experience.

TechCrunch Disrupt

Twitter: @TechCrunch / #tcdisrupt
Date: May 15-17.
Location: New York, New York.
Web: techcrunch.com/event-info/disrupt-ny-2017/
Date: September 18-20.
Location:  San Francisco, California.
Cost: Extra early-bird ticket for full, three-day access is $1,995. Other packages for exhibitors and individuals available.

Disrupt is the conference for anyone involved with or interested in startups, entrepreneurs, venture capital, and emerging technologies. It features hackathons, provocative panel discussions, and A-list speakers. Many established companies used Disrupt as a springboard.

Gartner’s Symposium/ITxpo

Twitter: @Gartner_SYM / #ITxpo #GartnerSYM
Web: http://www.gartner.com/events/na/orlando-symposium
Date: October 30-November 2.
Location: Gold Coast, Australia.
Cost: Standard conference price is A$4,350. Public-sector price is A$3,575. Group discounts are available.

The mother of all Gartner conferences, the Symposium/ITxpo is aime at CIOs and technology executives, addressing from an enterprise IT perspective topics such as mobility, cybersecurity, cloud computing, application architecture, application development, IoT, and digital business.

E3 Expo

Twitter: @E3 / #E32017
Web: https://www.e3expo.com/
Date: June 13-15.
Location: Los Angeles, California.
Cost: Not available.

Highlights of 2016 conference are available online.

A massive gaming show that covers mobile, video and computer games, and related products, it covers topics of interest to software developers, buyers and retailers, distributors, entertainment industry executives, venture capitalists, manufacturers, and resellers.

Interop Las Vegas

Twitter: @interop #Interop
Web: interop.com/lasvegas/
Date: May 15-19.
Location: Las Vegas, Nevada.
Cost: Ranges from $249 (before April 1) to $3,299.

A venerable tech conference, Interop delves into topics like applications, cloud computing, collaboration, networking, IT leadership, security, software-defined networking, storage, virtualization and data center architecture, and mobility.

Did we miss any conferences or events?

We've done our best to compile this comprehensive list of the top information security conferences to attend in 2017, but nobody's perfect. This is a list in progress.

Please let us know in the comments below if there are other events or conferences you think we should add.

What Is the True State of Security in DevOps?

Image credit: Flickr

Topics: Security