You are here

The best security conferences of 2019

public://pictures/John-Mello-Journalist.png
John P. Mello Jr., Freelance writer

Security takes a team, and it's a journey. Boost your security approach by networking and knowledge sharing.

You can find a security conference tailored to every IT security pro's needs, covering  application security, information security and data security. Some are very large, while others are more intimate. Some are loud and boisterous; others are more formal and toned down. Some focus on vendors and their latest products, while others emphasize training and education. A few have a narrow scope, while others aim to be comprehensive.

Here is our list of the top security conferences in 2019. Not all dates, locations, and pricing were available at publication time, especially for events taking place later in the year. In those cases, we provided historical information to give you an idea of what to expect and what you'll get out of attending. (Keep checking back; we'll update this guide as more information becomes available.)

Stay up to speed on security—and move toward continuous security—with continuous learning.

[ Get valuable insights to improve your SOC’s maturity and success. Download the 2019 State of Security Operations report today. ]

January

BSides

Twitter: @SecurityBSides
Web: securitybsides.com
Date: January-December
Location: Multiple global locations
Cost: Most are free

Almost every week, there's a BSides conference taking place somewhere in the world. BSides describes itself as a community-driven framework for building events led by members of the security community, not by vendors. BSides events create opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration.

Who should attend: Security pros and hackers

Data Connectors' Cybersecurity Conferences

Twitter: @DataConnectors
Web: dataconnectors.com
Date: January-December
Location: 50 major cities
Cost: Free

These conferences are focused on best practices, products, and services in an educational environment. Topics covered by the forums include cloud computing, the evolving IT landscape, and how to combat cyber criminals.

Each event is built around regionally based vendors and speakers and qualify for CPE credits. The events are free, with registration. Data Connectors may share registration information with the sponsors of a conference who may use it to send marketing and promotional material to attendees.

Who should attend: Information, cyber, and network security professionals

ShmooCon

Twitter: @shmoocon
Web: shmoocon.org
Date: January 18-20
Location: Washington, DC, USA
Cost: $150

ShmooCon is a three-day conference organized by the Shmoo Group, a security think tank started by Bruce Potter in the 1990s. The conference has been compared to the Black Hat and Def Con conferences, but on a smaller scale, probably because of its appeal to folks who like to compromise devices, networks, and appliances.

Who should attend: Hackers, CSOs, and government security professionals

AppSec California

Twitter: @AppSecCali
Web: 2019.appseccalifornia.org
Date: January 22-25
Location: Santa Monica, California, USA
Cost: $99-$1,350

Open Web Application Security Project (OWASP) chapters in Los Angeles, Orange County, the San Francisco Bay Area, and the Inland Empire are sponsoring this event. It gives infosec pros an exceptional opportunity to learn and share knowledge and experiences about secure systems and secure development. Although a regional OWASP event, it attracts practitioners from around the world.

Who should attend: Information security professionals, developers, and QA and testing professionals

February

BlueHat IL

Twitter: @BlueHatIL
Web: bluehatil.com
Date: February 6-7
Location: Tel Aviv, Israel
Cost: Invitation only

This invitation-only event is sponsored by Microsoft. The event was cooked up by Fastly CSO Window Snyder, who designed the conference to get "blue hats"—an industry term for bug bounty hunters—communicating with Microsoft engineers, who could bring them up to speed on current and emerging security threats.

Who should attend: Security professionals and bug bounty hunters

Network and Distributed System Security Symposium

Twitter: @internetsociety / #ndss19
Web: ndss-symposium.org/ndss2019/
Date: February 24-27
Location: San Diego, California, USA
Cost: (2018) Workshop fees range from $320 to $390; for students, $230-$270. Symposium fees range from $860 to $1,100; students, $485-$585.

The Network and Distributed System Security Symposium caters to researchers and practitioners of network and distributed system security, with an emphasis on system design and implementation. A major goal of the conference is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Who should attend: University researchers and educators, chief technology and privacy officers, security analysts, system administrators, and operations and security managers

Nullcon

Twitter: @nullcon / #nullcon
Web: nullcon.net/website/
Date: Training, February 26-28; conference, March 1-2
Location: Goa, India
Cost: Training, $555-$993; conference, $150-$208; students, $57-$81 (time-sensitive and group discounts available)

Nullcon was founded in 2010 with the idea of providing an integrated platform for exchanging information on the latest attack vectors, zero-day vulnerabilities, and unknown threats. Security researchers and experts discuss and showcase the future of information security and the next generation of offensive and defensive security technology.

The forum is known for responsibly disclosing new vulnerabilities, risks, and attacks on computers. In that vein, the event has a section called Desi Jugaad—Hindi for "Local Hack"—which invites researchers to cook up innovative approaches to real-life security problems.

Who should attend: Security practitioners (analysts, testers, developers, cryptographers, and hackers); security executives (CISOs and CXOs); business developers and venture capitalists (presidents, directors, vice presidents, and consultants); recruiters; and academics

March

SecureWorld

Twitter: @SecureWorld
Web: secureworldexpo.com/events
Date: March-June
Location: Multiple sites across the United States and Canada
Cost: $45-$625

SecureWorld is a series of regional conferences held annually in the United States and Canada. Conference agendas vary from region to region and include subjects of regional as well as broader interests.

City lineups for 2019 are Charlotte, North Carolina (March 14); Boston, Massachusetts (March 27-28); Philadelphia, Pennsylvania (April 10-11); Houston, Texas (April 18); Toronto, Ontario, Canada (April 24); Kansas City, Kansas (May 8); Cincinnati, Ohio (May 16); Atlanta, Georgia (May 29-30); and Chicago, Illinois (June 13).

Who should attend: CSOs, CISOs, compliance officers, security consultants, directors, governance officers, cloud security practitioners, security researchers, and security professionals

RSA Conference

Twitter: @rsaconference / #RSAC2019
Web: rsaconference.com/events/us19
Date: March 4-8
Location: San Francisco, California, USA
Cost: Full conference pass $1,795 to $2,895 (time-sensitive discounts available)

This is one of the world's largest security conferences. Its size is a sign of the robust growth in the IT security industry and just how dangerous the threat landscape has become. The forum attracts more than 42,000 attendees and some 700 speakers across more than 550 sessions. Attendees should do their pre-conference homework and sketch out a game plan.

A major emphasis at this year's conference will be diversity. As part of that initiative, there will be no all-male panels on the keynote stages of the conference.

Who should attend: Security professionals

TROOPERS18

Twitter: @WEareTROOPERS / #TR19
Web: https://www.troopers.de/
Date: March 18-22
Location: Heidelberg, Germany
Cost: Conference and training packages range from €1,990 to €3,590

Troopers is an old-school, multi-track security conference that attracts speakers from more than 25 countries. This year, an invitation-only session has been added for researchers, vendors, and practitioners from the telecommunication and mobile security field.

A number of social events are also available to conference-goers, such as the game PacketWars, a 10K run, and a shared dinner at one of Heidelberg's finest restaurants. On the last day of the forum, a number of roundtable sessions are offered to allow attendees and speakers to have discussions on current security topics.

Who should attend: Security researchers and managers; security team members and leaders; network administrators; security testers; operations managers; Windows, Linux, and SAP administrators; CISOs; and CSOs

CanSecWest

Twitter: @CanSecWest / #CanSecWest
Web: cansecwest.com
Date: March 14-16
Location: Vancouver, British Columbia, Canada
Cost: C$1,900 to C$2,600 (time-sensitive discounts available)

CanSecWest is a three-day, single-track conference featuring one-hour presentations in a lecture-hall setting and hands-on dojo training courses from security instructors. When selecting material for the forum, preference is given to new and innovative material, highlighting important and emergent technologies and techniques, or best industry practices.

Who should attend: CISOs, CSOs, enterprise IT security pros, and executives

Suits and Spooks AI Security Summit

Twitter: @SuitsandSpooks
Web: suitsandspooks.com/ai-natsec-summit-2019
Date: March 29
Location: Washington, DC, USA
Cost: $298 (time-sensitive discounts available; federal and military employees can attend free of charge)

Suits and Spooks bills itself as the "anti-conference" and offers boutique forums about top line security issues. Among the issues discussed at the AI Summit will be the AI arms race, the challenges of explainability and predictability, pathways for adversary exploitation, and the potential for AI to shift the balance in combat, and the security impact of artificial intelligence on transportation, finance, and defense. Attendance is limited to 100 people.

Who should attend: Civilian and government cybersecurity professionals and defense industry executives

[ Effective SecOps requires staying one step ahead. Get up to speed with this Webinar covering UEBA and MITRE ATT&CK ]

April

ICS Cyber Security Conference

Twitter: @SecurityWeek / #ICSCC
Web: icscybersecurityconference.com/singapore/
Date: April 16-18
Location: Singapore
Cost: $895-$1,295; government and military, $795-$1,095

Organized by SecurityWeek, this is the longest-running cybersecurity-focused conference for the industrial control systems sector. Its target audience consists of energy, utility, chemical, transportation, manufacturing, and other industrial and critical-infrastructure organizations. Most attendees are control systems users, working as control engineers, in operations management, or in IT.

Topics addressed in the forum include protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers, and other field control-system devices.

Who should attend: Operations, control system, and IT security professionals

SANS 2019

Twitter: @sansinstitute / #SANS2019
Web: sans.org/event/sans-2019
Date: April 1-8
Location: Orlando, Florida, USA
Cost: Courses range from $1,320 to $6,910 (bundle bonuses available)

The SANS Institute, founded in 1989, focuses on security research and providing intensive, immersive security training via a variety of conferences, smaller events, and courses that reach about 165,000 security professionals around the world.

Its big annual event, SANS 2019, doubles as a conference, with keynote speakers and networking opportunities. SANS pledges that what people learn in its courses and events can be applied immediately once they get back to their workplaces. For IT pros who can't make it to the conference, SANS offers many of the forum's courses in virtual classrooms, where they can participate in live sessions remotely.

Who should attend: IT security pros, CxOs, network and system administrators, security managers, and security testers

May

ThotCon

Twitter: @THOTCON / #THOTCON
Web: thotcon.org/
Date: May 4-5
Location: Chicago, Illinois, USA
Cost: Sold out

Organizers describe this event as a low-cost "hacking conference" with a nonprofit and noncommercial goal and a limited budget. It's been held annually in Chicago since 2010, born from its organizers' desire to host an affordable security conference for hackers who live in and around the Windy City. Proceeds are used for the following year's conference.

There's a bit of a cloak-and-dagger aura about the forum. Not only does its home page have messages in Russian, but its exact location in Chicago is never revealed to attendees and speakers until a week before the conference. Tickets went fast for this conference; it was sold out in November 2018.

Who should attend: Hackers, especially those from the Chicago area

Hack In The Box Security Conference

Twitter: @HITBSecConf / #HITB2018AMS
Web: conference.hitb.org/hitbsecconf2018ams/
Date: May 6-10
Location: Amsterdam, The Netherlands
Cost (2018): Training, €2,599-€2,999; conference, €999-€1,599; students, €299

HITB emerged during the early dotcom days as a news and resource portal for hacking and network security. In 2003, its operators decided to try their hand at staging a conference. The result was the Hack In The Box Security Conference, which is held annually in Amsterdam. It focuses on "next-generation" computer security issues. It includes a competition, technology exhibit, and "hackerspaces" for hackers, makers, and breakers.

In addition to Amsterdam, conferences will be held in Singapore (August 20-24); Dubai, UAE (October 14-18); and Beijing, China.

Who should attend: Security pros, researchers, and hackers

RiskSec

Twitter: @SC_RiskSec
Web: risksecconference.co
Date:  May 8
Location:  Philadelphia, Pennsylvania, USA
Cost: $299 to $399 (group discounts available)

This is a new interactive threat intelligence and risk management event designed for senior cyber leaders. Topics include what disinformation and social media campaigns mean to your organization, legislating cybersecurity, actionable information sharing, plugging the holes left by the Internet of Things, and security, management, and the cloud in a cost-cutting world. Event includes "interactive floor" when companies demo products. Earn up to nine CPE credits can by attending the forum.

Who should attend: CISOs, cybersecurity professionals, government IT executives

NorthSec

Twitter: @NorthSec_io / #nsec19
Web: https://www.nsec.io/
Date: May 12-19
Location: Montreal, Quebec, Canada
Cost: Conference, C$180-C$340; competition, C$90-C$140; conference and competition, $230-$450 (time-sensitive discounts available); students, 50% off full price for competition and conference

Attracting more than 600 attendees annually, NorthSec is the biggest applied security event in Canada. It's aimed at raising the knowledge and technical expertise of both professionals and students.

The event offers a single-track conference, training workshops, and a capture-the-flag competition. Speakers address topics ranging from application and infrastructure security to cryptography and ethics. Workshops and training sessions cover subjects such as penetration testing, network security, software and hardware exploitation, web hacking, reverse engineering, malware, and encryption.

Who should attend: CSOs, CISOs, CTOs, software developers, software engineers, programmers, industry analysts and consultants, security researchers, security engineers, cryptographers, privacy advocates, computer scientists, penetration testers, and reverse engineers

SecureGuild

Twitter: @GUILDCONFERENCES / #SECUREGUILD
Web: secureguild.com
Date: May 20-21
Location: Online conference
Cost: $197

This online conference is dedicated security testing, with practical-hands on sessions aimed both at testers who are new to security and test security pros. The sessions will be "hands on and actionable," says organizer Joe Colantonio.

IEEE Symposium on Security and Privacy

Twitter: @IEEESSP
Web: ieee-security.org/TC/SP2019/
Date: May 20-22
Location: San Francisco, California, USA
Cost (2018): Symposium, $1,565; workshop, $530 (time, member, and student discounts available)

Since 1980, the IEEE Symposium on security has been a venue for airing developments in computer security and electronic privacy. The conference attracts both researchers and practitioners ready to share their knowledge on a broad range of security topics. In addition to the symposium, the IEEE offers a number of workshops that allow forum-goers to take a deeper dive into specific aspects of security and privacy.

Who should attend: Researchers, security practitioners, and students

RuhrSec

Twitter: @ruhrsec
Web: https://www.ruhrsec.de/2018/
Date: Conference, May 27-29
Location: Bochum, Germany
Cost (2018): €199-€1,599

True to its location at Ruhr University, the conference has a collegiate feel to it, with both academic and industry talks planned for the event. In the past, the conference has made headlines with research about exploiting vulnerabilities in popular printer models. All profits from the conference will be donated to a local nongovernmental youth organization.

Who should attend: Hardware/IoT security practitioners, application developers, security researchers, software testers and QA professionals, network administrators, academics, and computer science students

AusCERT Conference

Twitter: @AusCERT / #AusCERT2019
Web: conference.auscert.org.au/
Date: May 28-31
Location: Gold Coast, Queensland, Australia
Cost (2018): Members, A$925-A$1,299; delegates, A$2,099-A$2,499; day passes: members, A$699; delegates, A$1,299; exhibitors, A$249

The AusCERT conference is the longest-running information security conference in Australia. Each year it attracts around 800 participants to learn about network security; incident response and handling; cybercrime; intrusion detection; governance, risk management, and compliance; threat hunting; and many more infosec topics.

Who should attend: Network administrators; incident responders; governance, compliance, and risk managers; law enforcement; security team members and managers; security testers; security researchers; and consultants

June

REcon Montreal

Twitter: @reconmtl, @reconbrx
Web: recon.cx
Date: June 15-17
Location: Montreal, Quebec, Canada
Cost (2018): Training sessions, C$2,500-C$5,000; conference, C$700-C$1,400; students, C$350-C$450

REcon is an annual conference held in Brussels and Montreal that focuses on reverse engineering and advanced exploitation techniques. The single-track conference covers subjects such as software and hardware reverse engineering, finding vulnerabilities and writing exploits, and bypassing security protections.

In addition to the conference, training sessions lasting from two to four days are available. They cover subjects such as reverse engineering and hacking operating systems, firmware, and IoT devices.

Who should attend: Security researchers, programmers, developers, and information security team members, plus leaders of those disciplines

Open Security Summit

Twitter: @opensecsummit
Web: open-security-summit.org
Date: June 3-7
Location: Bedford, UK
Cost: £150-£1,500, plus VAT (time-sensitive discounts available)

This is not a typical unidirectional conference. It's built around work sessions focused on specific application security challenges and actionable outcomes. During the five-day event, attendees have an opportunity to collaborate with key industry players to address real problems. Topics addressed in conference tracks include API security, automation, threat modeling, and OWASP projects.

Who should attend: Developers, application security practitioners

InfoSecurity Europe

Twitter: @Infosecurity / #Infosec19
Web: infosecurityeurope.com
Date: June 4-6
Location: London, UK
Cost: $1,795 to $2,295 (early registration discounts available)

Organizers claim this is Europe's "biggest and most-attended" information security industry event, attracting more than 400 exhibitors and more than 19,500 information security professionals. More than 240 free conference sessions led by industry influencers are available.

Conference-goers have an opportunity to meet face to face with vendors and network with peers to share information about threats and the tools to defend against them. In addition, they can collect CPE/CPD credits by attending the forum. Video highlights of 2018 conference are available online.

Who should attend: Security pros, executives, and managers

Gartner Security & Risk Management Summit

Twitter: @Gartner_Events /#GartnerSEC
Web: gartner.com/events/na/security
Date: June 17-20
Location: National Harbor, Maryland, USA
Cost: $3,350-$3,700 (time-sensitive discounts available); public sector, $3,050

As with all Gartner conferences, Gartner analysts will feature prominently in keynotes, panels, roundtables, how-to workshops, and one-on-one meetings. But there will also be companies presenting case studies, and many opportunities to network.

Who should attend: CISOs, CSOs, enterprise IT security pros and executives, CxOs, business continuity and disaster recovery managers, and network security managers

August

BlackHat USA

Twitter: @BlackHatEvents / #BHUSA
Web: blackhat.com
Date: August 3-8
Location: Las Vegas, Nevada, USA
Cost (2018): $2,195-$2,795 (time-sensitive discounts available)

First held in 1997, Black Hat has become one of the world's biggest tech conferences. It's a conference that most security professionals are compelled to attend or at least follow closely online. It's the preferred venue for researchers, security experts, vendors, and ethical hackers to disclose their latest vulnerability findings, the most dramatic of which often become mainstream news globally.

Black Hat features training sessions, a big expo floor, and A-list presenters and keynote speakers. Attendees should be prepared for a large conference—more than 19,000 attendees, 300 speakers and trainers, 80 deep technical sessions, and 120 briefings. Black Hat conferences are also held in Europe and Asia during the year.

Who should attend: Security analysts, risk managers, security architects/engineers, penetration testers, security software developers, and cryptographers

Def Con 27

Twitter: @defcon / #DEFCON27
Web: defcon.org
Date: August 8-11
Location: Las Vegas, Nevada, USA
Cost (2018): $280, cash only

Def Con starts as soon as Black Hat ends—in the same locale though a different venue—so they share many topics and audiences. Black Hat's atmosphere is more polished, corporate, and professional, while Def Con is a wilder, more festive affair.

Attendees should take precautions to avoid getting hacked, since they'll be surrounded by thousands of hackers. They should also be prepared to be approached by government headhunters recruiting for intelligence and law enforcement agencies.

If you're considering attending Def Con, you should be aware that the event has received criticism in the past several years for a "college fraternity-like atmosphere" that feels unwelcoming to some attendees. Video from the most recent conference is available on Def Con's YouTube Channel.

Who should attend: Software developers, security administrators, hackers, researchers, and government and law enforcement officials

Cybersecurity Summit: New York

Twitter: @ISMGCorp
Web: events.ismg.io/event/cybersecurity-summit-new-york-city-ny-2019
Date: August 13-14
Location: New York, New York, USA
Cost: $895

This event is one in a series of conferences sponsored by the Information Security Media Group. The forums focus on global security topics, such as fraud and breach prevention in a number of industry verticals, including finance, government, retail, energy and healthcare. Other cybersecurity summits are scheduled for Toronto, Lisbon, London, and Mumbai.

Who should attend: CISOs and cybersecurity professionals.

Usenix Security Symposium

Twitter: @USENIXSecurity
Web: https://www.usenix.org/node/207815
Date: August 14-16
Location: Santa Clara, California, USA
Cost (2018): Members, $790-$940; non-members, $915-$1,065 (time-sensitive discounts available); student, $495

During this three-day conference, speakers present papers, participate in panel discussions, and talk about works in progress. Several vulnerabilities revealed at this conference have made headlines in tech news cycles.

Who should attend: Researchers, practitioners, system administrators, and system programmers

September

Global Security Exchange

Twitter: @ASIS_Intl / #GSX19
Web: gsx.org
Date: September 8-12
Location: Chicago, Illinois, USA
Cost (2018): Members, $1,095; non-members, $1,350; government employees, $1,145; students, $400

Organized by ASIS International, an organization of security management industry professionals founded in 1955, this conference covers the full spectrum of security topics. Formerly called the Security Expo, this multi-track conference has been renamed the Global Security Exchange, and it attracts more than 22,000 professionals from more than 100 countries each year.

Event organizers say the conference unites the full spectrum of infosec pros—cyber and operational security professionals from across the private and public sectors, allied organizations and partners, and the industry’s leading solution providers—for a comprehensive security event.

Who should attend: Architects and engineers, audit and risk professionals, brand protection experts, business people, enterprise security risk management executives, government and military professionals, homeland security professionals, investigators, IoT security professionals, law enforcement professionals, loss prevention professionals, researchers, risk management professionals, security professionals, law enforcement instructors

Global AppSec - DC

Twitter: @owasp / #globalsppsec
Web: dc.globalappsec.org
Date: September 9-13
Location: Washington, D.C., USA
Cost: conference, $720 to $895; training, $850 to $2,550.

Focused on application security, this conference goes deep into topics such as DevOps, privacy, mobile security, secure development, app assessments, and cloud security. Highly technical, it is organized by the Open Web Application Security Project (OWASP), a nonprofit organization with 200 chapters in 100 countries devoted to improving app security from a vendor-neutral perspective. In addition to speaker sessions, the event offers training conducted by leaders in their fields, opportunities for women, and those transitioning from military service to network and develop their careers, and significant discounts for students to learn about security careers.

Who should attend: Developers, application security engineers, auditors, risk managers, technologists, students, military veterans, and entrepreneurs

ToorCon

Twitter: @toorcon / #toorcon
Web: toorcon.net
Date: September 10-16
Location: San Diego, California, USA
Cost : $163 to $2,674

ToorCon is one of the oldest security conferences in existence. It was founded in 1999 by the San Diego 2600 users group. It has a small-forum atmosphere, drawing around 400 participants to the event each year. Recently, four days of workshops were offered, along with a three-day, two-track conference.

Who should attend: Security researchers and consultants, security operations center managers, reverse engineers, application security engineers, cryptographers, and computer science faculty and students.

DevSecCon Seattle

Twitter: @devseccon
Web: devseccon.com/seattle-2019
Date: September 16-17
Location: Seattle, Washington, USA
Cost: $249 to $495 (time-sensitive discounts available)

This conference is focused on implementing security in the overall development process, from the supply chain to the customer experience. Sessions cover topics ranging from security automation and secure development to threat modeling and serverless and container security. A European edition of the conference is being held in London in November.

Who should attend: DevSecOps and IT security professionals.

DerbyCon

Twitter: @DerbyCon / #DerbyCon
Web: derbycon.com
Date: Training, September 18-19; conference, September 20-22
Location: Louisville, Kentucky, USA
Cost (2018): $175 

This conference prides itself on its friendliness. It's a fun technology conference that welcomes not just experts, but also hobbyists and regular folk interested in security, so that they can learn, share ideas, and party together.

Who should attend: Security pros, penetration testers, application security specialists, threat intelligence analysts, system architects, researchers, system administrators, and students

October

OWASP AppSec USA

Twitter: @appsecusa / #appsecusa
Web: 2018.appsecusa.org/
Date: October 8-12
Location: San Jose, California, USA
Cost (from 2017): $750-$945; single day: $500; students and teachers, $80; group discounts available; training, one day, $800; two days, $1,600

Focused on application security, this conference goes deep into topics such as DevOps, privacy, mobile security, secure development, app assessments, and cloud security. Highly technical, it is organized by the Open Web Application Security Project (OWASP), a nonprofit organization with 200 chapters in 100 countries devoted to improving app security from a vendor-neutral perspective. In addition to speaker sessions, AppSecUSA also offers training conducted by leaders in their fields, opportunities for women, and those transitioning from military service to network and develop their careers, and significant discounts for students to learn about security careers.

Who should attend: Developers, application security engineers, auditors, risk managers, technologists, students, military veterans, and entrepreneurs

HackIT 5.0

Twitter: @hackITconf
Web: hackit.ua
Date: October 
Location: Kiev, Ukraine
Cost (2018): $179-$479

This forum aims to connect tech developers and security experts in an environment free of commercial pitches. In 2018, the conference featured an onsite bug bounty marathon, intensive training workshops, and a guided tour of the Chernobyl Nuclear Power Station.

Who should attend: Security researchers, investors, CxOs, engineers, developers, enthusiasts, tech bloggers

GrrCON

Twitter: @GrrCON
Web: grrcon.com/
Date: October 24-25
Location: Grand Rapids, Michigan, USA
Cost: $150

This is one of the largest infosec conferences in the Midwest, attracting more than 1,000 attendees annually. Conference organizers say the event's mission is to provide the community with a venue to come together and share ideas, information, and solutions; forge relationships; and engage with like-minded people in a fun atmosphere without "all the elitist diva" nonsense. The forum has three presentation tracks, workshops, and a solutions arena.

Who should attend: CISOs, hackers, security practitioners, researchers, and students

November

DefCamp 10

Twitter: @DefCampRO / #defcamp
Web: def.camp
Date: November 7-8
Location: Bucharest, Romania
Cost: €89 to €318 (time and student discounts available_

DefCamp is a large regional security conference held in Central Europe. The event has attracted more than 1,300 members of the security community and 40 speakers from all over the world. The multi-track conference tackles a wide range of topics, including infrastructure security, the GDPR, cyber warfare, ransomware, malware, social engineering, and offensive and defensive security measurements. The event also has a "Hacking Village," where attendees can compete for prizes and money.

Who should attend: Security researchers, consultants, managers, cloud security engineers, security testers, software developers, smart-city planners, hackers, and network administrators

ACM SIGSAC Conference on Computer and Communications Security

Twitter: @acm_ccs
Web: sigsac.org/ccs/CCS2019
Date: November 11-15
Location: London, UK
Cost (2018): Conference—member C$1,050-C$1,750; non-member, C$1,200-C$1,900; student, $850-$1,375 (time-sensitive discounts available); workshops and tutorials—members $425-$600; non-members, $550-625; students, $350-$450 (time-sensitive discounts available)

The primarily research-focused ACM Conference on Computer and Communications Security (CCS) is the flagship annual conference of the Special Interest Group on Security, Audit and Control (SIGSAC) within ACM. The conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results.

Who should attend: Information security researchers, practitioners, developers, and users

Infosecurity ISACA North America Expo and Conference

Twitter: @Infosecurity / #INFOSEC19
Web: infosecuritynorthamerica.com
Date: November 20-21
Location: New York, New York, USA
Cost: ISACA members, $149 to $1,400; workshops, from $650. Non-members, $50 to $1,550; workshops, from $850.

In 2019, ISACA, an international professional association focused on IT governance, will join the Infosecurity Group in staging this conference. The event is expected to draw more than 2,000 attendees and more than 120 exhibitors. Professionals can also gain a range of CPE credits for attending the conference and associated events.

Who should attend: CISOs, CSOs, CTOs, security researchers and practitioners, privacy officers, law enforcement and government officials, and security pros

 

ISC East

Twitter: @ISCEvents
Web: isceast.com/Home
Date: November 20-21
Location: New York, New York, USA
Cost: $25

This conference encompasses both physical and connected security. It attracts some 7,000 security and public safety professionals each year. More than 300 security brands are represented at the event, which covers everything from video surveillance and access control to smart home technologies, IoT, and unmanned security. Education sessions in 2019 include an overview of federal policies on drone use in security applications, protecting video surveillance systems from camera to server, and AI for video surveillance.

Who should attend: Security and public safety professionals.

December

Annual Computer Security Applications Conference

Twitter: @ACSAC_Conf / #ACSAC1
Web: https://www.acsac.org/
Date: December
Location (2018): San Juan, Puerto Rico
Cost (2018): Technical program, $600-$1,100; workshops, $125-$675 (time-sensitive and student discounts available)

First held in 1984, ACSAC focuses on applied security and draws security professionals from academia, government, and industry. Its target audience is people developing practical solutions for network, system, and IT security problems. Proceedings include in-depth tutorials, workshops, case studies, panel discussions, and a technical track about peer-reviewed papers.

Who should attend: Researchers and a broad cross-section of security professionals drawn from industry, government, and academia

Mark your calendars and make your choices soon. Prices may vary based on how early you register. Also, remember that hotel and travel costs are generally separate from the conference pricing.

What are your favorite conferences and why? Post your comments below, and let us know if there are any other events or conferences we missed.

Image courtesy of ShmooCon.

[ Data privacy regs GDPR and CCPA are the new norm. Learn best practices from top organizations for staying on the right side of the law. ]