You are here

You are here

The best security conferences of 2020

public://pictures/John-Mello-Journalist.png
John P. Mello Jr. Freelance writer
 

Security takes a team, and it's a journey. Fortunately, you can keep up with the state of security through networking and knowledge sharing at industry conferences.

You can find security conferences tailored to every IT security pro's needs, including application security, information security, and data security. Some events are very large, while others are more intimate. Some are loud and boisterous; others are more formal and toned down. Some focus on vendors and their latest products, while others emphasize training and education. A few have a narrow scope, while others aim to be comprehensive.

TechBeacon's list of the top security conferences goes through all of these details so you can find the right ones for you. Stay up to speed on security—and move toward continuous security—with continuous learning.

January

BSides

Twitter: @SecurityBSides
Web: securitybsides.com
Dates: January-December
Locations: Multiple locations worldwide
Cost: Most are free

Almost every week, there's a BSides conference taking place somewhere in the world. BSides describes itself as a community-driven framework for building events led by members of the security community, not by vendors. BSides events create opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration.

Who should attend: Security pros and enthusiasts

Data Connectors cybersecurity conferences

Twitter: @DataConnectors
Web: dataconnectors.com
Dates: January-December
Locations: 50 major cities
Cost: Free

These conferences are focused on best practices, products, and services in an educational environment. Topics covered by the forums include cloud computing, the evolving IT landscape, and how to combat cyber criminals. Each event is built around regionally based vendors and speakers and qualify for CPE credits.

The events are free, with registration. Data Connectors may share registration information with the sponsors of a conference, who may use it to send marketing and promotional material to attendees.

Who should attend: Information, cyber, and network security professionals

OWASP AppSec California

Twitter: @AppSecCali
Web: 2020.appseccalifornia.org
Date: January 21-24
Location: Santa Monica, California, USA
Cost: $99 to $1,200

Open Web Application Security Project chapters in Los Angeles, Orange County, the San Francisco Bay Area, and the Inland Empire in Southern California are sponsoring this event. It gives infosec pros an opportunity to learn and share knowledge and experiences about secure systems and secure development. Although a regional OWASP event, it attracts practitioners from around the world.

Who should attend: Information security professionals, developers, and QA and testing professionals

Enigma

Twitter: #enigma2020
Web: usenix.org/conference/enigma2020
Date: January 27-29
Location: San Francisco, California, USA
Cost: $1,500 (academic, student, government, and nonprofit discounts available)

Enigma, a Usenix event, centers on a single track of talks covering a wide range of topics in security and privacy. Topics at the 2020 forum include "Securing the Software Supply Chain," "Third-Party Integrations: Friend or Foe?" "Catch Me If You Can!—Detecting Sandbox Evasion Techniques," and "Bringing Usable Crypto to Seven Million Developers."

Who should attend: Security practitioners, chief privacy officers, chief financial officers, researchers, developers, and cryptographers

ShmooCon

Twitter: @shmoocon
Web: shmoocon.org
Date: January 31-February 2
Location: Washington, DC, USA
Cost: Sold out

ShmooCon is a three-day conference organized by the Shmoo Group, a security think tank started by Bruce Potter in the 1990s. The conference has been compared to the Black Hat and Def Con conferences—probably because of its appeal to folks who like to compromise devices, networks, and appliances—but on a smaller scale.

Who should attend: Hackers, CSOs, and government security professionals

February

BlueHat IL

Twitter: @BlueHatIL
Web: bluehatil.com
Date: February 5-6
Location: Tel Aviv, Israel
Cost: Invitation only

This invitation-only event is sponsored by Microsoft. The conference was cooked up by Fastly CSO Window Snyder, who designed it to get "blue hats"—an industry term for bug bounty hunters—communicating with Microsoft engineers and to bring them up to speed on current and emerging security threats.

Who should attend: Security professionals and bug bounty hunters

Suits & Spooks DC

Twitter: @SuitsandSpooks
Web: tellaro.io
Date: February 6-7
Location: Washington, DC, USA
Cost: $298 to $798 (military and government employee discounts available)

Suits & Spooks bills itself as the "anti-conference" and offers boutique forums on top-line security issues. Among the issues discussed at the DC event are achieving early detection of terrorism in smart cities, the future of war and leadership in a connected and chaotic world, and the future of Big Tech in the era of GDPR and antitrust. In addition to the DC event, forums will also be held in Seattle, Washington (October 28; invitation only), and Los Angeles, California (November 18).

Who should attend: Civilian and government cybersecurity professionals, and defense industry executives

Network and Distributed System Security Symposium

Twitter: @internetsociety / #ndss20
Web: ndss-symposium.org/ndss2020
Date: February 23-26
Location: San Diego, California, USA
Cost: Workshops, $235 to $395; symposium, $490 to $1,110 (time-sensitive and student discounts available)

The Network and Distributed System Security Symposium is organized by the Internet Society. The event caters to researchers and practitioners of network and distributed system security, with an emphasis on system design and implementation. A major goal of the conference is to encourage and help the Internet community to apply, deploy, and advance the state of available security technologies.

Who should attend: University researchers and educators, chief technology and privacy officers, security analysts, system administrators, and operations and security managers

RSA Conference

Twitter: @rsaconference / #RSAC2020
Web: rsaconference.com/usa
Date: February 24-28
Location: San Francisco, California, USA
Cost: Full conference pass $750 to $1,995 (time-sensitive, student, government, and loyalty discounts available)

This is one of the world's largest security conferences. Its size is a sign of the robust growth in the IT security industry and just how dangerous the threat landscape has become. Attendees should do their pre-conference homework and sketch out a game plan, since this is a very large conference.

The forum attracts more than 42,000 attendees and some 700 speakers across more than 550 sessions. In 2020, conference organizers are adding a new "Engagement Zone," a dedicated networking space meant to encourage interactive, collaborative, and cooperative learning for the thousands of cybersecurity experts in attendance.

Who should attend: Security professionals

March

SecureWorld

Twitter: @SecureWorld
Web: secureworldexpo.com/events
Dates: March-November
Locations: Multiple sites across the United States and Canada
Cost: $45 to $795

SecureWorld is a series of regional conferences held annually in the United States and Canada. Conference agendas vary from region to region and include subjects of local as well as broader interest. Cities lined up for 2020 are Charlotte, North Carolina; Philadelphia, Pennsylvania; Boston, Massachusetts; Houston, Texas; Cincinnati, Ohio; Toronto, Ontario; Kansas City, Kansas; Atlanta, Georgia; Chicago, Illinois; Santa Clara, California; St. Louis, Missouri; New York, New York; Detroit, Michigan; Dallas, Texas; Minneapolis, Minnesota; Denver, Colorado; and Seattle, Washington.

Who should attend: CSOs, CISOs, compliance officers, security consultants, directors, governance officers, cloud security practitioners, security researchers, and other security professionals

Nullcon

Twitter: @nullcon / #nullcon
Web: nullcon.net/website/
Date: Training, March 3-5; conference, March 6-7
Location: Goa, India
Cost: Training, $624 to $993; conference, $169 to $300 (student, group, and time-sensitive discounts available)

Nullcon was founded in 2010 with the idea of providing an integrated platform for exchanging information on the latest attack vectors, zero-day vulnerabilities, and other threats. Its motto—​"The neXt security thing!"—​drives the narrative of the conference.

Organizers promise a venue where security researchers and experts discuss and showcase the future of information security and the next generation of offensive and defensive security technology. The forum is known for responsibly disclosing new vulnerabilities, risks, and attacks on computers.

In that vein, the forum has a section called Desi Jugaad (Hindi for "Local Hack"), which invites researchers to cook up innovative approaches to real-life security problems.

Who should attend: Security practitioners (analysts, testers, developers, cryptographers, and hackers), security executives (CISOs and CXOs), business developers and venture capitalists (presidents, directors, vice presidents, and consultants), recruiters, and academics

TROOPERS20

Twitter: @WEareTROOPERS / #TR20
Web: troopers.de
Date: March 16-20
Location: Heidelberg, Germany
Cost: Conference, €2,190; training, €2,290; conference, training, and roundtables, €3,990

Troopers is an old-school, multitrack security conference that attracts speakers from more than 25 countries. Before the start of the two-day, three-track conference there are two-days of training. On the last day of the forum, a number of roundtable sessions are offered to allow attendees and speakers to discuss current security topics. There are also a number of special events—Telco Security Day, IoT Security Day, and IPv6State of Play Day.

Who should attend: Security researchers and managers; security team members and leaders; network administrators; security testers; operations managers; Windows, Linux, and SAP administrators; CISOs; and CSOs

SMG Cybersecurity and Fraud summits

Twitter: @ISMGCorp
Web: events.ismg.io/summits
Dates: March-December
Locations: Multiple sites worldwide
Cost: $160 to $995

This series of conferences on cybersecurity and fraud are staged around the world by the Information Security Media Group, a publisher of online information security publications. Content at the conferences is driven by the group's editorial team, and the events offer attendees an opportunity to learn from industry influencers, earn CPE credits, and meet with technology providers.

Who should attend: CISOs and cybersecurity professionals

Wild West Hackin' Fest

Twitter: @WWHackinFest
Web: wildwesthackinfest.com/sandiego
Date: March 10-13
Location: San Diego, California, USA
Cost: $325

Conference organizers say this is the most hands-on conference in the industry. Numerous labs are available to conference-goers, as well as "Capture the Flag" and escape room events. In addition, the over 50 presentations and speakers are encouraged to include actionable takeaways in their presentations. A sister conference is scheduled for September in Deadwood, South Dakota, USA.

Who should attend: Security pros, penetration testers, application security specialists, threat intelligence analysts, system architects, researchers, system administrators, and students

ISC West

Twitter: @ISCEvents
Web: iscwest.com/Home
Date: March 17-20
Location: Las Vegas, Nevada, USA
Cost: $75

This conference encompasses both physical and connected security. It attracts some 30,000 security and public safety professionals each year. More than 1,000 security brands and exhibitors are represented at the event.

A wide array of technologies are covered at the forum—everything from video surveillance and access control to smart home technologies, IoT, and unmanned security. A sister conference will be held November 18-19 in New York City.

Who should attend: Security and public safety professionals

CanSecWest

Twitter: @CanSecWest
Web: cansecwest.com
Date: March 18-20
Location: Vancouver, British Columbia, Canada
Cost: Conference, C$2,300 to C$2700; training, C$6,600 to C$7,500 (time-sensitive discounts available for conference and training)

CanSecWest is a three-day, single-track conference featuring one-hour presentations in a lecture theater setting and hands-on dojo training courses from security instructors. Organizers say that preference is given to new and innovative material, highlighting important and emergent technologies or techniques, or best industry practices.

Who should attend: CISOs, CSOs, enterprise IT security pros, and executives

Infosecurity Belgium

Twitter: @Infosecurity / @InfosecurityBE
Web: infosecurity.be
Date: March 18-19
Location: Brussels, Belgium
Cost: Free, with registration

This is the first in a series of conferences organized by education and networking company Infosecurity Group. In addition to covering IT security, the conferences also discuss data management and cloud computing. Besides the Belgium forum, events are also planned for Copenhagen, Denmark; Mexico City, Mexico; São Paulo, Brazil; Utrecht, Netherlands; and New York, New York.

Who should attend: Security pros, executives, and managers

DevSecCon Singapore

Twitter: @devseccon \ #DevSecCon
Web: devseccon.com/singapore-2020
Date: March 18-19
Location: Singapore
Cost: £245 to £495

This is the first in a series of conferences held throughout the year by MyDevSecOps, a global community connecting developers and security. According to the organizers, these events are run by practitioners for practitioners. The forums include talks by key industry figures about making DevOps and security work together, as well as interactive workshops. Additional forums will be held in Sydney, Australia; Boston, Massachusetts; London, UK; Tel Aviv, Israel; on the West Coast of the United States; and online.

Who should attend: DevSecOps and IT security professionals

Black Hat Asia

Twitter: @BlackHatEvents / #bhasia
Web: blackhat.com/asia-20
Date: March 31-April 3
Location: Singapore
Cost: Briefings, S$1,700 to S$2,200; training, S$4,000 to S$6,620; (time-sensitive discounts available for briefings and training)

This is the Asian sister of the famous North American conference for hackers held in Las Vegas. It combines hands-on training sessions taught by industry experts with briefings containing cutting-edge research, including the latest zero-day vulnerabilities. There's also a business hall for solutions and service providers, and an "arsenal" feature where the latest open-source security tools are demonstrated.

Who should attend: Security analysts, risk managers, security architects/engineers, penetration testers, security software developers, and cryptographers

April

SANS 2020

Twitter: @sansinstitute / #SANS2020
Web: sans.org/event/sans-2020
Date: April 3-10
Location: Orlando, Florida, USA
Cost: Courses, $2,800 to $7,610

The SANS Institute, founded in 1989, focuses on security research and providing intensive, immersive security training via a variety of conferences, smaller events, and courses that reach about 165,000 security professionals around the world. Its big annual event, SANS 2020, doubles as a conference, with keynote speakers and networking opportunities, and a training event.

SANS pledges that what people learn in its courses and events can be applied immediately once they get back to their workplaces. For IT pros who can't make it to the conference, SANS offers many of the forum's courses in virtual classrooms, where they can participate in live sessions remotely.

Who should attend: IT security pros, CxOs, network and system administrators, security managers, and security testers

Hack In The Box Security Conference

Twitter: @HITBSecConf / #HITB2020AMS
Web: conference.hitb.org/hitbsecconf2020ams
Date: April 20-24
Location: Amsterdam, Netherlands
Cost: Training, €1,899 to €4,299; conference, €799 to €1,499 (student and time-sensitive discounts available)

HITB emerged during the early dotcom days as a news and resource portal for hacking and network security. In 2003, its operators decided to try their hand at staging a conference. The result was the Hack In The Box Security Conference, which is held annually in Amsterdam.

It focuses on "next-generation" computer security issues. It includes a competition, technology exhibit, and "hackerspaces" for hackers, makers, and breakers. In addition to Amsterdam, conferences will be held in Singapore in July and Abu Dhabi in October.

Who should attend: Security pros, researchers, and hackers

ICS Cyber Security Conference

Twitter: @SecurityWeek
Web: icscybersecurityconference.com/singapore/
Date: April 21-23
Location: Singapore
Cost: $895 to $1,295 (time-sensitive, military, and government discounts available)

Organized by SecurityWeek, this is the longest-running cybersecurity-focused conference for the industrial control systems sector. Its target audience consists of energy, utility, chemical, transportation, manufacturing, and other industrial and critical-infrastructure organizations.

Most attendees are control systems users, working as control engineers, in operations management, or in IT. Topics addressed in the forum include protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers, and other field control system devices.

Who should attend: Operations, control systems, and IT security professionals

May

RuhrSec

Twitter: @ruhrsec
Web: ruhrsec.de/2020
Date: May 5-8
Location: Bochum, Germany
Cost (2018): €199 to €1,599

True to its location at Ruhr University, the conference has a collegiate feel to it, with both academic and industry talks planned for the event. In the past, the conference has made headlines with research about exploiting vulnerabilities in popular printer models. All profits from the conference will be donated to a local nongovernmental youth organization.

Who should attend: Hardware/IoT security practitioners, application developers, security researchers, software testers and QA professionals, network administrators, academics, and computer science students

THOTCON

Twitter: @THOTCON / #THOTCON
Web: thotcon.org
Date: May 8-9
Location: Chicago, Illinois, USA
Cost: Sold out

Organizers describe this event as a low-cost "hacking conference" with a nonprofit and noncommercial goal and a limited budget. It's been held annually in Chicago since 2010, born from its organizers' desire to host an affordable security conference for hackers who live in and around the Windy City. Proceeds are used for the following year's conference.

There's a bit of a cloak-and-dagger aura about the forum. Not only does its homepage have messages in Russian, but its exact location in Chicago is never revealed to attendees and speakers until a week before the conference.

Who should attend: Hackers, especially those from the Chicago area

NorthSec

Twitter: @NorthSec_io / #nsec20
Web: nsec.io
Date: May 10-17
Location: Montreal, Quebec, Canada
Cost: Conference, C$150 to C$5,300 (student and time-sensitive discounts available)

Attracting more than 600 attendees annually, NorthSec is the biggest applied security event in Canada. It's aimed at raising the knowledge and technical expertise of both professionals and students.

The event offers a single-track conference, training workshops, and a capture-the-flag competition. Speakers address topics ranging from application and infrastructure security to cryptography and ethics. Workshops and training cover subjects such as penetration testing, network security, software and hardware exploitation, web hacking, reverse engineering, malware, and encryption.

Who should attend: CSOs, CISOs, CTOs, software developers, software engineers, programmers, industry analysts and consultants, security researchers, security engineers, cryptographers, privacy advocates, computer scientists, penetration testers, and reverse engineers

IEEE Symposium on Security and Privacy

Twitter: @IEEESSP
Web: ieee-security.org/TC/SP2020
Date: May 18-20
Location: San Francisco, California, USA
Cost (2019): Symposium, $745 to $1,565; workshop, $380 to $530 (time-sensitive, member, and student discounts available for both symposium and workshops)

Since 1980, this IEEE symposium has been a venue for airing developments in computer security and electronic privacy. The conference attracts both researchers and practitioners ready to share their knowledge on a broad range of security topics. In addition to the symposium, the IEEE offers a number of workshops that allow forum-goers to take a deeper dive into specific aspects of security and privacy.

Who should attend: Researchers, security practitioners, and students

June

REcon Montreal

Twitter: @reconmtl, @reconbrx
Web: recon.cx
Date: June
Location: Montreal, Quebec, Canada
Cost (2019): C$800 to C$1,400 (student and time-sensitive discounts available)

REcon is an annual conference held in Brussels and Montreal that focuses on reverse engineering and advanced exploitation techniques. The single-track conference covers subjects such as software and hardware reverse engineering, finding vulnerabilities and writing exploits, and bypassing security protections.

In addition to the conference, training sessions lasting two to four days are offered. They cover subjects such as hacking operating systems, firmware, and IoT devices.

Who should attend: Security researchers, programmers, developers, and information security team members, plus leaders of those disciplines

Gartner Security & Risk Management Summit

Twitter: #GartnerSEC
Web: gartner.com/en/conferences/na/security-risk-management-us
Date: June 1-4
Location: National Harbor, Maryland, USA
Cost: $3,250 to $3,825 (time-sensitive and public sector discounts available)

As with all Gartner conferences, Gartner analysts will feature prominently in keynotes, panels, roundtables, how-to workshops, and one-on-one meetings, but there will also be companies presenting case studies, and many opportunities to network.

Who should attend: CISOs, CSOs, enterprise IT security pros and executives, CxOs, business continuity and disaster recovery managers, and network security managers

Authenticate 2020

Twitter: @AuthenticateCon
Web: authenticatecon.com
Date: June 2-3
Location: Seattle, Washington, USA
Cost (early bird): FIDO member, $500; non-member, $750

With perimeter defenses crumbling, authentication has become a critical component of any scheme to protect the digital assets of any organization. This conference, organized by the FIDO Alliance, is dedicated to the who, what, why, and how of user authentication—with a focus on the FIDO standards-based approach. It's a place to get the education, tools, and best practices to roll out modern authentication across web, enterprise, and government applications.

Who should attend: CISOs, security strategists, enterprise architects, and product and business leaders

AusCERT Conference

Twitter: @AusCERT, #AusCERT2020
Web: conference.auscert.org.au
Date: June 2-5
Location: Gold Coast, Queensland, Australia
Cost: Members, A$699 to A$1,299; delegates, A$1,299 to A$2,499 (time-sensitive discounts available)

The AusCERT conference is the longest-running information security conference in Australia. Each year it attracts around 800 participants to learn about network security, incident response and handling, cybercrime, intrusion detection, governance, risk management, compliance, threat hunting, and many more infosec topics.

Who should attend: Network administrators; incident responders; governance, compliance, and risk managers; law enforcement; security team members and managers; security testers; security researchers; and consultants

Open Security Summit

Twitter: @opensecsummit, #OSS20
Web: open-security-summit.org
Date: June 15-19
Location: Woburn Forest, Bedfordshire, UK
Cost: £259.31 to £1,348.09 until April 3, then prices will rise; some packages include accommodations

This is not a typical unidirectional conference. It's built around work sessions focused on specific application security challenges and actionable outcomes. During the five-day event, attendees can collaborate with key industry players to address real problems. Topics addressed in conference tracks include API security, automation, threat modeling, and OWASP projects.

Who should attend: Developers, application security practitioners

Global AppSec Dublin

Twitter: @owasp / #globalsppsec
Web: dublin.globalappsec.org
Date: June 18-19
Location: Dublin, Ireland
Cost: Conference, €400 to €650; training, $850 per day (time-sensitive and OWASP member discounts available)

Focused on application security, this conference goes deep into topics such as DevOps, privacy, mobile security, secure development, app assessments, and cloud security.

Highly technical, it is organized by the Open Web Application Security Project (OWASP), a nonprofit organization with 200 chapters in 100 countries devoted to improving app security from a vendor-neutral perspective.

In addition to speaker sessions, the event offers training conducted by leaders in their fields and opportunities for women and military vets to network and develop their careers. A sister conference will be held October 22-23 in San Francisco.

Who should attend: Developers, application security engineers, auditors, risk managers, technologists, students, military veterans, and entrepreneurs

August

Black Hat USA

Twitter: @BlackHatEvents / #BHUSA
Web: blackhat.com
Date: August 1-6
Location: Las Vegas, Nevada, USA
Cost (2019): $2,295 to $2,895 (time-sensitive discounts available)

First held in 1997, Black Hat has become one of the world's biggest tech conferences. It's something that most security professionals are compelled to attend or at least follow closely online. It's the preferred venue for researchers, security experts, vendors, and ethical hackers to disclose their latest vulnerability findings, the most dramatic of which often become mainstream news globally.

Black Hat features training sessions, a big expo floor, and A-list presenters and keynote speakers. Attendees should be prepared for a large conference—more than 19,000 attendees, 300 speakers and trainers, 80 deep technical sessions, and 120 briefings—where exciting revelations about security vulnerabilities will be detailed.

Who should attend: Security analysts, risk managers, security architects/engineers, penetration testers, security software developers, and cryptographers

Def Con 28

Twitter: @defcon / #DEFCON28
Web: defcon.org
Date: August 6-9
Location: Las Vegas, Nevada, USA
Cost (2019)​​​​: $300, cash only

Def Con starts as soon as Black Hat ends—in the same locale, though a different venue—so they share many topics and audiences. But Black Hat's atmosphere is more polished, corporate, and professional, while Def Con is a wilder, more festive affair.

Attendees should take precautions to avoid getting hacked, since they'll be surrounded by thousands of hackers. They should also be prepared to be approached by government headhunters recruiting for intelligence and law enforcement agencies.

In the past, the event has received criticism for a "college fraternity-like atmosphere" that feels unwelcoming to some attendees. But like many conferences, Def Con has adopted a code of conduct to address those issues.

Who should attend: Software developers, security administrators, hackers, researchers, and government and law enforcement officials

29th Usenix Security Symposium

Twitter: @USENIXSecurity
Web: usenix.org/conference/usenixsecurity20
Date: August 12-14
Location: Boston, Massachusetts, USA
Cost (2018): Members, $790-$940; non-members, $915-$1,065 (time-sensitive and student discounts available)

During this three-day conference, speakers present papers, give talks, participate in panel discussions, display posters, and talk about works in progress. Several vulnerabilities revealed at this conference have made headlines in tech news cycles.

Who should attend: Researchers, practitioners, system administrators, and system programmers

September

Global Security Exchange

Twitter: @ASIS_Intl / #GSX2020
Web: gsx.org
Date: September 21-25
Location: Atlanta, Georgia, USA
Cost (2019): Members, $930 to $1,130; nonmembers, $1,185 to $1,385 (time-sensitive, government, military and student discounts available)

Organized by ASIS International, an organization of security management industry professionals founded in 1955, this conference covers the full spectrum of security topics. Formerly called the Security Expo, this multi-track conference has been renamed the Global Security Exchange, and it attracts more than 22,000 professionals from more than 100 countries each year.

Event organizers say the conference unites the full spectrum of infosec pros——for a comprehensive security event.

Who should attend: Cyber and operational security professionals from across the private and public sectors, business leaders, brand protection experts, continuity experts, IoT security professionals, loss prevention professionals, researchers, and risk management professionals

October

GrrCON

Twitter: @GrrCON
Web: grrcon.com
Date (2019): October
Location: Grand Rapids, Michigan, USA
Cost (2019): $50 to $150; 2020 tickets go on sale in March

This is one of the largest infosec conferences in the Midwest, attracting more than 1,700 attendees annually. Conference organizers say the event's mission is to provide the community with a venue to come together and share ideas, information, and solutions; forge relationships; and engage with like-minded people in a fun atmosphere without all the elitist "diva" nonsense. The forum has workshops, a solutions arena, and three presentation tracks.

Who should attend: CISOs, hackers, security practitioners, researchers, and students

November

DefCamp 11

Twitter: @DefCampRO, #defcamp
Web: def.camp
Date (2019): November
Location: Bucharest, Romania
Cost: €55 to €318 (time-sensitive and student discounts available)

DefCamp is a large regional security conference held in Central Europe. The event attracts more than 1,300 members of the security community and more than 60 speakers from all over the world.

The multitrack conference tackles a wide range of topics, including infrastructure security, the GDPR, cyber warfare, ransomware, malware, social engineering, and offensive and defensive security measurements. The event also has a "Hacking Village," where attendees can compete for prizes and money.

Who should attend: Security researchers, consultants, managers, cloud security engineers, security testers, software developers, smart-city planners, hackers, and network administrators

ACM Conference on Computer and Communications Security

Twitter: @acm_ccs
Web: sigsac.org/ccs/CCS2020
Date: November 9-13
Location: Orlando, Florida, USA
Cost (2019): Conference, member, £1,050 to £1,220; non-member, £1,180 to £1,350; workshops and tutorials, members £370 to £440; non-members, £400 to £470 (time-sensitive and student discounts available for conference and workshops)

This primarily research-focused event is the flagship annual conference of the Special Interest Group on Security, Audit and Control (SIGSAC) within the Association of Computing Machinery. The conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results.

Who should attend: Information security researchers, practitioners, developers, and users

Infosecurity ISACA North America Expo and Conference

Twitter: @Infosecurity / #INFOSEC20
Web: infosecuritynorthamerica.com
Date (2019): November
Location (2019): New York, New York, USA
Cost (2019): Conference, ISACA member, $1,400; non-member, $1,550

In 2019, ISACA, an international professional association focused on IT governance, joined the Infosecurity Group in staging this conference. The event draws more than 2,000 attendees and more than 120 exhibitors. Professionals can also earn CPEs for attending the conference and associated events.

Who should attend: CISOs, CSOs, CTOs, security researchers and practitioners, privacy officers, law enforcement and government officials, and security pros

December

Annual Computer Security Applications Conference

Twitter: @ACSAC_Conf / #ACSAC2020
Web: acsac.org
Date: December 7-11
Location: Austin, Texas, USA
Cost (2018): Technical program, $600 to $1,100; workshops, $180 to $650 (time-sensitive and student discounts available)

First held in 1984, ACSAC focuses on applied security and draws security professionals from academia, government, and industry. Its target audience is people developing practical solutions for network, system, and IT security problems. Proceedings include in-depth tutorials, workshops, case studies, panel discussions, and a technical track that discusses peer-reviewed papers.

Who should attend: Researchers and security practitioners

Mark your calendars and make your choices soon! Prices may vary based on how early you register. Also, remember that hotel and travel costs are generally separate from the conference pricing.

Note: Not all dates, locations, and pricing were available at publication time, especially for events taking place later in the year. In those cases, we provided historical information to give you an idea of what to expect and what you'll get out of attending. (Keep checking back; we'll update this guide as more information becomes available.)

What are your favorite conferences and why? Post your comments below, and let us know if there are any other events or conferences we missed.

Image courtesy of OWASP's AppSec California.

Keep learning