The best security conferences of 2018

You can find a security conference tailored to every IT security pro's need. Some are very large, while others are more intimate. Some are loud and boisterous; others are more formal and toned down. Some focus on vendors and their latest products, while others focus on training and education. A few have a narrow scope, while others aim to be comprehensive.

Here is our shortlist of the most popular security conferences in 2018. Not all dates, locations, and pricing were available at publication time, especially for events taking place later in 2018. In those cases, we have provided historical information on the event to give you an idea of what to expect and what you'll get out of attending. Keep checking back; we'll update this guide as more information becomes available.

Gartner Magic Quadrant for Application Security Testing 2018

January

BSides

Twitter: @SecurityBSides
Web: securitybsides.com/w/page/12194156/FrontPage
Date: January-December
Location: Multiple global locations
Cost: Free, and up to $25

Almost every week, there's a BSides conference taking place somewhere in the world. BSides describes itself as a community-driven framework for building events led by members of the security community, not vendors. BSides events create opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. "The best security conferences have two key elements: talks that inspire and challenge current thinking, as well as opportunities to connect with and learn from others," says Tripwire's director of corporate communications, Cindy Valladares. "Several of the BSides events that I've attended in the past have both of these elements."

Who should attend: Security pros and hackers

ShmooCon

Twitter: @shmoocon
Web: shmoocon.org
Date: January 19-21
Location: Washington, DC, USA
Cost: $150

ShmooCon is three-day conference organized by the Shmoo Group, a security think tank started by Bruce Potter in the 1990s. The conference has been compared to the Black Hat and Def Con conferences, but on a smaller scale, probably because of its appeal to folks who like to compromise devices, networks, and appliances. "In recent years, I've found some of the best content at this event, and I've learned a lot," notes Bill Brenner, a security scribe at Sophos. "It's also an excellent place to meet other security practitioners that can become important allies. Some of the most important contacts I've made were at ShmooCon."

Who should attend: Hackers, CSOs, and government security professionals

BlueHat IL

Twitter: @BlueHatIL / #BlueHatIL
Web: bluehatil.com/
Date: January 23-24
Location: Tel Aviv, Israel
Cost: Invitation only 

This invitation-only event is sponsored by Microsoft. The event was cooked up by Fastly CSO Window Snyder, who designed the conference to get "blue hats"—an industry term for bug bounty hunters—communicating with Microsoft engineers and bring them up to speed on current and emerging security threats. "BlueHat serves as a great opportunity for us to bring the brightest minds in the security ecosystem together to discuss and tackle some of the biggest challenges facing the industry today," says Microsoft.

Who should attend: Security professionals and bug bounty hunters

REcon Brussels

Twitter: @reconbrx
Web: recon.cx
Date: Training, January 31-February 1; conference, February 2-4
Location: Brussels, Belgium
Cost: Training, €1,750-€3,500; €500-€1,000; students, €250-€350; conference, €500-€1,000; students, €250-€350

REcon is an annual conference held in Brussels and Montreal that focuses on reverse engineering and advanced exploitation techniques. The single-track conference covers subjects such as performing software and hardware reverse engineering, finding vulnerabilities, writing exploits and bypassing security, and using software protections. In addition to the conference, training sessions lasting two to four days are offered. They teach attendees how to reverse engineer and/or hack operating systems, firmware, and IoT devices. The conference has a 300-ticket limit. Slides and recordings from the 2017 forum are available here and here.

Who should attend: Security researchers, programmers, developers, and information security team members and leaders

February

SecureWorld

Twitter: @SecureWorldExpo
Web: secureworldexpo.com/events
Date: February-November
Location: Multiple sites across the United States
Charlotte, North CarolinaKansas City, KansasHouston, Texas; Cincinnati, Ohio; Chicago, Illinois; Santa Clara, California; Boston, MassachusettsPhiladelphia, PennsylvaniaAtlanta, Georgia; Detroit, Michigan; St. Louis, Missouri; Dallas, Texas; Seattle, Washington; Minneapolis, Minnesota; and Denver, Colorado
Cost: Depends on the city; open sessions pass $45–$64, conference pass $195–$350

SecureWorld is a series of 15 regional conferences held annually in the United States. Conference agendas vary from region to region and include subjects of regional as well as broader interests. Phil Agcaoili, a senior vice president of U.S. Bank and Elavon CISO, recounts: "SecureWorld is that local event where I get to see and catch up with almost every regional security team once a year. SecureWorld has also become one of the must-attend local conferences for myself and teams. It is an affordable conference for the whole team and provides quality content."

Who should attend: CSOs, CISOs, compliance officers, security consultants, directors, governance officers, cloud security practitioners, security researchers, and security professionals

Network and Distributed System Security Symposium

Twitter: @internetsociety / #ndss18
Web: ndss-symposium.org/ndss2018/
Date: February 18-21
Location: San Diego, California, USA
Cost: Workshop fees range from $320 to $390; for students, $230-$270. Symposium fees range from $860 to $1,100; students, $485-$585.

The Network and Distributed System Security Symposium caters to researchers and practitioners of network and distributed system security, with an emphasis on system design and implementation.

Who should attend: University researchers and educators, chief technology and privacy officers, security analysts, system administrators, and operations and security managers

March

Nullcon

Twitter: @nullcon / #nullcon
Web: nullcon.net/website/
Date: Training, February 27-March 1; conference, March 2-3
Location: Goa, India
Cost: Training, $624-$993; conference, $162-$300; students, $69-$81

Now in its ninth year, Nullcon emerged from "null," which is the largest open security community in India, with chapters in Bangalore, Mumbai, Chennai, Pune, Hyderabad, Mysore, Trivandrum, and Delhi. The forum focuses on the technical, strategic, and business aspects of information security. It aims to help organizations take proactive and protective measures to safeguard their critical data and assets. The forum is known for responsibly disclosing new vulnerabilities, risks, and attacks on computers along with their prevention mechanisms. In that vein, the event has a section called Desi Jugaad (Hindi for "Local Hack"), which invites researchers to cook up innovative approaches to real-life security problems.

Who should attend: Security practitioners (analysts, testers, developers, cryptographers, and hackers); security executives (CISOs and CXOs); business developers and venture capitalists (presidents, directors, vice presidents, and consultants); recruiters; and academics

TROOPERS18

Twitter: @WEareTROOPERS / #TR18
Web: https://www.troopers.de/
Date: March 12-16
Location: Heidelberg, Germany
Cost: Conference and training packages range from €1,790 to €3,390, plus 19% VAT.

Troopers is an old school, multi-track security conference that attracts speakers from more than 25 countries. There's an Attack and Research track, which features presentations on the latest research and attack techniques. A Defense and Management track focuses on infosec management topics. There are also special tracks on SAP and Active Directory. A number of social events are also available to conference-goers, such as the game PacketWars, a 10K run, and a shared dinner at one of Heidelberg's finest restaurants. On the last day of the forum, a number of roundtable sessions are offered to allow attendees and speakers to have discussions on current security topics.

Who should attend: Security researchers and managers; security team members and leaders; network administrators; security testers; operations managers; Windows, Linux, and SAP administrators; CISOs; and CSOs

CanSecWest

Twitter: @CanSecWest / #CanSecWest
Web: cansecwest.com
Date: March 14-16
Location: Vancouver, British Columbia, Canada
Cost: Dojo training, C$1,900-C$7,400; conference, C$1,800-C$2,400

CanSecWest is a three-day, single-track conference featuring one-hour presentations in a lecture theater setting and hands-on dojo training courses from security instructors. Adobe Security technical program manager Tracie Martin wrote this after attending the event: "As a first-time attendee, I was impressed not just by the depth and breadth of the talks, but also by the incredibly inclusive community of security professionals that makes up the CanSec family. Adobe sponsors many conferences throughout the year, but the intimate feel of CanSecWest is unique."

Who should attend: CISOs, CSOs, enterprise IT security pros, and executives

April

SANS 2018

Twitter: @sansinstitute / #SANS2018
Web: sans.org/event/sans-2018
Date: April 3-10
Location: Orlando, Florida, USA
Cost: Courses range from $2,480 to $6,210.

The SANS Institute, founded in 1989, focuses on security research and providing intensive, immersive security training via a variety of conferences, smaller events, and courses that reach about 165,000 security professionals around the world. Its big annual event, SANS 2018, doubles as a conference, with keynote speakers and networking opportunities. SANS pledges that what people learn in its courses and events can be applied immediately once they get back to their workplaces. For IT pros who can't make it to the conference, SANS offers many of the forum's courses in virtual classrooms, where they can participate in live sessions remotely.

Who should attend: IT security pros, CxOs, network and system administrators, security managers, and security testers

Hack In The Box Security Conference

Twitter: @HITBSecConf / #HITB2018AMS
Web: conference.hitb.org/hitbsecconf2018ams/
Date: April 9-13
Location: Amsterdam, Netherlands
Cost: Training, €2,599-€2,999; conference, €999-€1,599; students, €299

HITB emerged during the early dotcom days as a news and resource portal for hacking and network security. In 2003, its operators decided to try their hand at staging a conference. The result was the Hack In The Box Security Conference, which is held annually in Amsterdam. It focuses on "next-generation" computer security issues. It includes a competition, technology exhibit, and "hackerspaces" for hackers, makers, and breakers. According to ITSP magazine, the forum is "an annual must-attend event in the calendars of security researchers and professionals around the world."

Who should attend: Security pros, researchers, and hackers

RSA Conference

Twitter: @rsaconference / #RSAC2018
Web: rsaconference.com/events/us18
Date: April 16-20
Location: San Francisco, California, USA
Cost: Ticket prices range from $100 for an early-bird expo pass to $2,695 for a full-conference pass bought on site.

This is one of the world's largest security conferences. Its size is a sign of the robust growth in the IT security industry and just how dangerous the threat landscape has become. Attendees should do their pre-conference homework and sketch out a game plan, since this is a very large conference. The forum attracts more than 50,000 attendees and some 700 speakers.

Who should attend: Security professionals

ICS Cyber Security Conference

Twitter: @SecurityWeek / #ICSCC
Web: icscybersecurityconference.com/
Date: April 24-26
Location: Singapore
Cost: $1,195-$1.495; government and military, $995-$1,295

Organized by SecurityWeek, this is the longest-running cybersecurity-focused conference for the industrial control systems sector. Its target audience consists of energy, utility, chemical, transportation, manufacturing, and other industrial and critical-infrastructure organizations. Most attendees are control systems users, working as control engineers, in operations management, or in IT. Topics addressed in the forum include protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers, and other field control system devices.

Who should attend: Operations, control systems, and IT security professionals

May

ThotCon

Twitter: @THOTCON / #THOTCON
Web: thotcon.org/
Date: May 4-5
Location: Chicago, Illinois, USA
Cost: General admission, $129-$169; VIP, $299; students, $69

Organizers describe this event as a low-cost "hacking conference" with a nonprofit and noncommercial goal and a limited budget. It's been held annually in Chicago since 2010, born from its organizers' desire to host an affordable security conference for hackers who live in and around the Windy City. Proceeds are used for the following year's conference. There's a bit of a cloak-and-dagger aura about the forum. Not only does its homepage have messages in Russian, but its exact location in Chicago is never revealed to attendees and speakers until a week before the conference. Tickets go fast for this conference, and you probably need to buy them more than five months in advance.

Who should attend: Hackers, especially those from the Chicago area

NorthSec

Twitter: twitter.com/NorthSec_io / #nsec18
Web: https://www.nsec.io/
Date: May 14-20
Location: Montreal, Quebec, Canada
Cost: Conference, C$160-C$420; competition, C$87.10-C$130; training, N/A; students, 50% off full price for competition and conference

Attracting more than 600 attendees annually, NorthSec is the biggest applied security event in Canada. It's aimed at raising the knowledge and technical expertise of both professionals and students. The event offers a single-track conference, training workshops, and a capture-the-flag competition. Speakers address topics ranging from application and infrastructure security to cryptography and ethics. Workshops and training sessions cover subjects such as penetration testing, network security, software and hardware exploitation, web hacking, reverse engineering, malware, and encryption.

Who should attend: CSOs, CISOs, CTOs, software developers, software engineers, programmers, industry analysts and consultants, security researchers, security engineers, cryptographers, privacy advocates, computer scientists, penetration testers, and reverse engineers

RuhrSec

Twitter: @ruhrsec
Web: https://www.ruhrsec.de/2018/
Date: Conference, May 17-18; training, May 15-16
Location: Bochum, Germany
Cost: €199-€1,599

True to its location at Ruhr University, the conference has a collegiate feel to it, with both academic and industry talks planned for the event. You can get a good sense of what this forum has to offer in these videos from prior events. In the past, the conference has made headlines with research about exploiting vulnerabilities in popular printer models. All profits from the conference will be donated to a local nongovernmental youth organization.

Who should attend: Hardware/IoT security practitioners, application developers, security researchers, software testers and QA professionals, network administrators, academics, and computer science students

IEEE Symposium on Security and Privacy

Twitter: @IEEESSP
Web: ieee-security.org/TC/SP2018/
Date: May 21-23
Location: San Francisco, California, USA
Cost: 2017 data

Since 1980, the IEEE Symposium on security has been a venue for airing developments in computer security and electronic privacy. The conference attracts both researchers and practitioners ready to share their knowledge on a broad range of security topics. In addition to the symposium, the IEEE offers a number of workshops that allow forum-goers to take a deeper dive into specific aspects of security and privacy. 

Who should attend: Researchers, security practitioners, and students

AusCERT Conference

Twitter: @AusCERT, #AusCERT2018
Web: conference.auscert.org.au/
Date: May 29-June 1
Location: Gold Coast, Queensland, Australia
Cost: Members, A$925-A$1,299; delegates, A$2,099-A$2,499; day passes: members, A$699; delegates, A$1,299; exhibitors, A$249

The AusCERT conference is the longest-running information security conference in Australia. Each year it attracts more than 700 participants to learn about network security; incident response and handling; cybercrime; intrusion detection; governance, risk management, and compliance; threat hunting; and many more infosec topics. 

Who should attend: Network administrators; incident responders; governance, compliance, and risk managers; law enforcement; security team members and managers; security testers; security researchers; and consultants

June

InfoSecurity Europe

Twitter: @Infosecurity / #Infosec18
Web: infosecurityeurope.com
Date: June 5-7
Location: London, UK
Cost: Free, if registered before June 5

Organizers claim that this is Europe's "biggest and most-attended" information security industry event, attracting more than 400 exhibitors and more than 19,000 information security professionals. More than 240 free conference sessions led by industry influencers are available. Conference-goers have an opportunity to meet face to face with vendors and network with peers to share information about threats and the tools to defend against them. In addition, they can collect CPE/CPD credits by attending the forum.

Who should attend: Security pros, executives, and managers

REcon Montreal

Twitter: @reconmtl
Web: recon.cx
Date: Training, June 11-14; conference, June 15-17
Location: Montreal, Quebec, Canada
Cost: Training sessions, C$2,500-$5,000; conference, C$700-C$1,400; students, C$350-C$450

REcon is an annual conference held in Brussels and Montreal that focuses on reverse engineering and advanced exploitation techniques. The single-track conference covers subjects such as software and hardware reverse engineering, finding vulnerabilities and writing exploits, and bypassing security protections. In addition to the conference, training sessions lasting two to four days are offered. They cover subjects such as reverse engineering and hacking operating systems, firmware, and IoT devices.

Who should attend: Security researchers, programmers, developers, and information security team members, plus leaders of those disciplines

Gartner Security & Risk Management Summit

Twitter: @Gartner_Events /#GartnerSEC
Web: gartner.com/events/na/security
Date: June 4-7
Location: National Harbor, Maryland, USA
Cost: $3,250-$3,575; public sector, $2,900; group rates available

As with all Gartner conferences, Gartner analysts will feature prominently in keynotes, panels, roundtables, how-to workshops, and one-on-one meetings, but there will also be companies presenting case studies, and many opportunities to network.

Who should attend: CISOs, CSOs, enterprise IT security pros and executives, CxOs, business continuity and disaster recovery managers, and network security managers

August

BlackHat USA

Twitter: @BlackHatEvents / #BHUSA
Web: blackhat.com
Date: August 4-9
Location: Las Vegas, Nevada, USA
Cost: From 2017: $2,095-$2,795

First held in 1997, Black Hat has become one of the world's biggest tech conferences. It's a conference that most security professionals are compelled to attend or at least follow closely online. It's the preferred venue for researchers, security experts, vendors, and ethical hackers to disclose their latest vulnerability findings, the most dramatic of which often become mainstream news globally. Black Hat features training sessions, a big expo floor, and A-list presenters and keynote speakers. Attendees should be prepared for a large conference (more than 17,000 people) where exciting revelations about security vulnerabilities will be detailed.

Who should attend: Security analysts, risk managers, security architects/engineers, penetration testers, security software developers, and cryptographers

Def Con

Twitter: @defcon / #DEFCON
Web: defcon.org
Date: August 9-12
Location: Las Vegas, Nevada, USA
Cost: (2017) $260, cash only

Def Con starts as soon as Black Hat ends,—in the same locale (though a different venue)—so they share many topics and audiences, but Black Hat's atmosphere is more polished, corporate, and professional, while Def Con is a wilder, more festive affair. Attendees should take precautions to avoid getting hacked, since they'll be surrounded by thousands of hackers. They should also be prepared to be approached by government headhunters recruiting for intelligence and law enforcement agencies. If you're considering attending Def Con, you should be aware that the event has received criticism in the past several years for a "college fraternity-like atmosphere" that feels unwelcoming to some attendees.

Who should attend: Software developers, security administrators, hackers, researchers, and government and law enforcement officials

Usenix Security Symposium

Twitter: @USENIXSecurity 
Web: usenix.org/conference/usenixsecurity18
Date: August 15-17
Location: Baltimore, Maryland, USA
Cost: From 2017: Technical sessions, $790-$1,065; student technical sessions, $495; workshop passes, one-day, $295-$345; two-day, $590-$690

During this three-day conference, speakers present papers, give talks, participate in panel discussions, display posters, and talk about works in progress. Co-located workshops on August 13 and 14 precede the Symposium. Several vulnerabilities revealed at this conference have made headlines in tech news cycles.

Who should attend: Researchers, practitioners, system administrators, and system programmers

September

ToorCon

Twitter: @toorcon
Web: toorcon.net
Date: Fall 2018
Location: San Diego, California, USA
Cost: Conference, $120-$220; workshops, $2,200-$3,800

ToorCon is one of the oldest security conferences in existence. It was founded in 1999 by the San Diego 2600 users group. It has a small-forum atmosphere, drawing around 400 participants to the event each year. Recently, four days of workshops were offered, along with a three-day, two-track conference. 

Who should attend: Security researchers and consultants, security operations center managers, reverse engineers, application security engineers, cryptographers, and computer science faculty and students

Micro Focus Protect

Twitter: @MicroFocusSec
Web: softwareevents.microfocus.com/
Date: September
Location: Washington, DC, USA
Cost: N/A

Formerly run by HPE, this event was taken over by Micro Focus after it acquired HPE's software business. The forum is a technical conference attended by about 2,000 people, and conference tracks focus on application security, data security, intelligent SOC, and public-sector security.

Who should attend: Security pros; infrastructure managers; IT/data center operations; network managers; project and portfolio managers; service, support and delivery managers; and digital security stakeholders

OWASP AppSec USA

Twitter: @appsecusa / #appsecusa
Web: 2017.appsecusa.org/
Date: September
Location: Orlando, Florida, USA
Cost: From 2017: $750-$945; single day: $500; students and teachers, $80; group discounts available; training, one day, $800; two days, $1,600

Focused on application security, this conference goes deep into topics such as DevOps, privacy, mobile security, secure development, app assessments, and cloud security. Highly technical, it is organized by the Open Web Application Security Project (OWASP), a nonprofit organization with 200 chapters in 100 countries devoted to improving app security from a vendor-neutral perspective. In addition to speaker sessions, AppSecUSA also offers training conducted by leaders in their fields, opportunities for women and those transitioning from military service to network and develop their careers, and significant discounts for students to learn about security careers.

Who should attend: Developers, application security engineers, auditors, risk managers, technologists, and entrepreneurs

GrrCON

Twitter: @GrrCON
Web: grrcon.com/
Date: September 6-7
Location: Grand Rapids, Michigan, USA
Cost: From 2017: Conference, $150; training, $995-$1,195 for classroom sessions and $371.56-$741.07 for online sessions

GrrCON is a regional security conference with a sense of humor. Past topics have included "Strategies on Securing Your Banks & Enterprises (from Someone Who Robs Banks & Enterprises for a Living!)," "10 Cent Beer Night: The World We Now Live In," and "Population Control Through the Advances in Technology to Embedding Security in Embedded Systems." There are also a number of "hacking villages" hosted at the conference—areas to give people a free, legal environment to learn the tricks of the trade in hacking, test exploits, identify new exploits, and learn from others.

Who should attend: Fortune 500 executives, security researchers, industry professionals, students, and "hackers of flexible morals"

Global Security Exchange

Twitter: @ASIS_Intl / #ASIS18
Web: securityexpo.asisonline.org
Date: September 23-27
Location: Las Vegas, Nevada, USA
Cost: Members, $1,095; nonmembers, $1,350; government employees, $1,145; students, $400

Organized by ASIS International, an organization of security management industry professionals founded in 1955, this conference covers the full spectrum of security topics. Formerly called the Security Expo, this conference has been renamed the Global Security Exchange. "This name reflects the Society's commitment to unite the full spectrum of security—cyber and operational security professionals from all verticals across the private and public sector, allied organizations and partners, and the industry's leading service and solution providers—for the most comprehensive security event in the world," says ASIS CEO Peter J. O'Neil.

Who should attend: Security pros

October

O'Reilly Security Conference

Twitter: @OReillySecurity / #OReillySecurity
Web: conferences.oreilly.com/security/sec-ny
Date: October
Location: To be announced
Cost: $1,600

According to Women in Security and Privacy, the O'Reilly Security Conference brings together in-the-trenches security practitioners from organizations of every size, across a wide breadth of industries to share actionable insight in a supportive, hype-free environment. Jennifer Leggio, writing for Zero Day, adds that the forum is a good example of a young conference that is addressing the tough challenge of showcasing lesser-known talent as well as larger names who draw crowds. "O'Reilly has also accomplished some conference firsts, including the debut of the interactive, multimedia hacker art exhibit hácek," she notes.

Who should attend: Defensive security professionals; security, forensic, malware, and risk analysts; security engineers; software developers; system and network administrators; CISOs and CSOs; data scientists; security administrators; incident responders; governance and policy makers; academic and industry researchers

ACM Conference on Computer and Communications Security

Twitter: @TheOfficialACM
Web: sigsac.org/ccs/CCS2017/index.html
Date: October
Location: N/A
Cost: From 2017: Members, $750-$850; nonmembers, $850-950; students, $600-$700; workshops, $380-$425; tutorials, $250-$450

The primarily research-focused ACM Conference on Computer and Communications Security (CCS) is the flagship annual conference of the Special Interest Group on Security, Audit and Control (SIGSAC) within ACM. The conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results. 

Who should attend: Information security researchers, practitioners, developers, and users

DerbyCon

Twitter: @DerbyCon / #DerbyCon
Web: derbycon.com/
Date: October 3-7
Location: Louisville, Kentucky, USA
Cost: $175 (unconfirmed for 2018)

This conference prides itself on its friendliness. It's a fun technology conference that welcomes not just experts, but also hobbyists and regular folk interested in security, so that they can learn, share ideas, and party together. "The feel of DerbyCon cybersecurity conference is not unlike a miniature Def Con—but with a higher emphasis on the lounge areas—and that appearance seems intentional," writes Michael Heller for TechTarget. "Just like Def Con, the parties in the evening get as much promotion as the daytime talks ... and just like Def Con, DerbyCon hosts 'villages' for hands-on experiences with lock-picking, social engineering, IoT hacking, hacking your derby hat, and more."

Who should attend: Security pros, penetration testers, application security specialists, threat intelligence analysts, system architects, researchers, system administrators, and students

Infosecurity North America

Twitter: @Infosecurity / #INFOSEC18
Web: infosecuritynorthamerica.com
Date: October 3-4
Location: Boston, Massachusetts, USA
Cost: N/A

This fairly new conference features two full days of education, networking, and career development opportunities. "We've added customized programs to address many of the real-world challenges IT security pros face, beyond just tackling daily security threats plaguing networks," says exhibition director John Hyde. "The program is uniquely designed to foster networking and collaboration among IT security pros, end users, students, women in security, startup entrepreneurs, and venture capitalists."

Who should attend: CISOs, CSOs, CTOs, security researchers and practitioners, privacy officers, law enforcement and government officials, and security pros

CSX North America

Twitter: @ISACANews / #CSXNA
Web: isaca.org/ecommerce/pages/csx-north-america.aspx
Date: October 15-17
Location: Las Vegas, Nevada, USA
Cost: Members, $1,350-$1,950; nonmembers, $1,550-$2,150

The conference is sponsored by ISACA, an independent, nonprofit, global organization dedicated to improved information systems. The forum addresses a broad array of security subjects such as the cybersecurity kill chain, governance, data classification, security for smart cities, startups, and the supply chain. As one of the larger security events held in North America, the event gives members of the security community a chance to catch up on the latest trends and network with professionals from around the world.

Who should attend: CSOs, CISOs, defense contractors, national security pros, recruiters, hackers, risk managers, security team members and leaders, and security researchers

November

CyberConnect

Twitter: #CyberConnect
Web: cyberconnect2018.com (URL not yet active)
Date: November 2018
Location: New York, New York, USA
Cost: N/A

CyberConnect is a conference underwritten by Centrify in collaboration with the Institute for Critical Infrastructure Technology. The event departs from traditional security gatherings by integrating thought leadership, collaborative roundtable sessions, and in-depth training. Past conferences have featured guests such as former National Security Agency director Gen. (ret.) Keith B. Alexander and attracted more than 500 members of the security community, with another 1,500 watching a live stream of the forum's events.

Who should attend: CISOs, CIOs, directors, thought leaders, network administrators and architects, product managers, and security professionals

DefCamp

Twitter: @DefCampRO, #defcamp
Web: def.camp
Date: November
Location: Bucharest, Romania
Cost: €257.74 (unconfirmed for 2018)

DefCamp is a large regional security conference held in Central Europe. The event has attracted more than 1,300 members of the security community and 40 speakers from all over the world. The multi-track conference tackles a wide range of topics, including infrastructure security, the GDPR, cyber warfare, ransomware, malware, social engineering, and offensive and defensive security measurements. The event also has a "Hacking Village," where attendees can compete for prizes and money. "This was my first time at DefCamp in Romania, and it was definitely a good experience," writes Axelle Apvrille, an antivirus malware researcher at Fortinet. "DefCamp was an interesting mixture of not so technical talks (but with acute insights) and technical ones."

Who should attend: Security researchers, consultants, managers, cloud security engineers, security testers, software developers, smart-city planners, hackers, and network administrators

December

Annual Computer Security Applications Conference

Twitter: @ACSAC_Conf / #ACSAC17
Web: https://www.acsac.org/
Date: December 3-7
Location: San Juan, Puerto Rico
Cost: $125-$1,000 (unconfirmed for 2018)

First held in 1984, ACSAC focuses on applied security and draws security professionals from academia, government, and industry. Its target audience is people developing practical solutions for network, system, and IT security problems. Proceedings include in-depth tutorials, workshops, case studies, panel discussions, and a technical track about peer-reviewed papers.

Who should attend: Researchers and a broad cross-section of security professionals drawn from industry, government, and academia

Mark your calendars and make your choices soon! Prices may vary based on how early you register. Also, remember that hotel and travel costs are generally separate from the conference pricing.

What are your favorite conferences and why? Post your comments below, and let us know if there are any other events or conferences we missed.

Gartner Magic Quadrant for Application Security Testing 2018
Topics: Security