Micro Focus is now part of OpenText. Learn more >

You are here

You are here

The best security conferences of 2021

public://pictures/linda_rosencrance_photo-4.jpg
Linda Rosencrance Freelance writer/editor
 

The COVID-19 pandemic certainly threw a monkey wrench into the best-laid plans of organizers who were looking forward to holding in-person security conferences in 2020.

Some event planners decided to move their conferences online, some opted to postpone them until 2021, and others elected to cancel them entirely. Looking ahead, organizers again have to decide whether to hold face-to-face or virtual conferences in 2021.

Either way they go, attending these events, which span application security, information security, data security, as well as identity and access management, are important to expanding your knowledge. They will also help you keep abreast of the latest security trends and ever-evolving threats from experts in the field, and come away with best practices to help you be more productive.

Here is TechBeacon's list of the top security conferences in 2021.

January

Information Security Media Group cybersecurity and fraud summits

Twitter: @ISMGCorp
Web: events.ismg.io/summits
Dates: January-November
Locations: Vary; some in-person and others virtual
Cost (2020): $160 to $995

In 2021, this series of conferences about cybersecurity and fraud will be staged virtually and in person by the Information Security Media Group, which produces online publications. Content at the conferences is driven by the group's editorial team, and the events offer attendees an opportunity to learn from industry influencers, earn CPE credits, and meet with technology providers.

Who should attend: CISOs and cybersecurity professionals

BSides

Twitter: @SecurityBSides
Web: securitybsides.com
Dates: January-December
Locations: Virtual 
Cost: Most are free

There are a number of BSides conferences taking place throughout the year. BSides describes itself as a community-driven framework for building events led by members of the security community, not by vendors. BSides events create opportunities for individuals to both present and participate in an atmosphere that encourages collaboration.

Who should attend: Security pros and enthusiasts

Data Connectors cybersecurity conferences

Twitter: @DataConnectors
Web: dataconnectors.com
Dates: January-December
Locations: Virtual
Cost: Free

Data Connectors facilitates the collaboration between cybersecurity professionals and vendors. Its immersive virtual event platform provides every facet of its in-person conferences, organizers say, including real-time speaking sessions, live keynotes, presenter Q&A panels, a moderated CISO panel, and a solutions showcase with interactive virtual exhibit booths. The events are free with registration. Data Connectors may share registration information with the sponsors of a conference, who may use it to send marketing and promotional material to attendees.

Who should attend: Information, cyber, and network security professionals

Virtual Cybersecurity Summit: Financial Services

Twitter: @ISMGCorp
Web: events.ismg.io/event/virtual-financial-services-summit-2021/
Dates: January 12-13
Locations: Virtual
Cost: Free registration

At this summit, participants gain expert insight from practitioners, researchers, and vendors about the services and technologies that are driving the financial services transformation. Attendees can also chat with speakers and technology experts in what organizers call an "interactive exhibit and networking experience," as well as browse the resource center to download educational assets to review after the summit.

Who should attend: IT and security executives, CSOs, CISOs, banking and finance executives, and other security professionals

February

SecureWorld

Twitter: @SecureWorld
Web: secureworldexpo.com/events
Dates: February-December
Locations: Virtual
Cost (2020): $25

Security professionals take part in "high-quality training and collaboration" in this special series of virtual conferences, organizers promise. Attendees can earn six CPE credits through more than 20 educational elements, learning from nationally recognized industry leaders. Participants can attend keynotes, panel discussions, breakout sessions, and networking opportunities as well as evaluate products and meet with local chapters of security associations.

Who should attend: CSOs, CISOs, compliance officers, security consultants, directors, governance officers, cloud security practitioners, security researchers, and other security professionals

Enigma

Twitter: #enigma2021
Web: usenix.org/conference/enigma2021
Date: February 1-3
Location: Virtual
Cost: $125 (student and Usenix member discounts available)

Enigma, a Usenix event, centers on a single track of talks covering a wide range of topics about security and privacy. The goals of the event are to clearly explain emerging threats and defenses in the growing intersection of society and technology, and to foster an intelligent and informed conversation within the community and the world.

Who should attend: Security practitioners, chief privacy officers, chief financial officers, researchers, developers, and cryptographers

 

Network and Distributed System Security Symposium

Twitter: @internetsociety / #ndss21
Web: ndss-symposium.org/ndss2021
Date: February 21-24
Location: Virtual
Cost: TBD

This event is organized by the Internet Society. The symposium caters to researchers and practitioners of network and distributed system security, with an emphasis on system design and implementation. A major goal of the conference is to encourage and help the Internet community to apply, deploy, and advance the state of available security technologies.

Who should attend: University researchers and educators, chief technology and privacy officers, security analysts, system administrators, and operations and security managers

March

Nullcon 

Twitter: @nullcon / #nullcon
Web: nullcon.net/website/
Date: Training, March 1-4; conference, March 5-6
Location: Virtual
Cost: Training, $530 (time-sensitive discounts available); conference, free with registration

Nullcon was founded in 2010 with the idea of providing an integrated platform for exchanging information about the latest attack vectors, zero-day vulnerabilities, and other threats. Its motto—​"The neXt security thing!"—​drives the narrative of the conference. The focus of the conference is to showcase the next generation of offensive and defensive security technology.

Who should attend: Security practitioners (analysts, testers, developers, cryptographers, and hackers), security executives (CISOs and CxOs), business developers and venture capitalists (presidents, directors, vice presidents, and consultants), recruiters, and academics

Wild West Hackin' Fest

Twitter: @WWHackinFest
Web: wildwesthackinfest.com/way-west/
Date: March 1
Location: Virtual
Cost: TBD

Conference organizers say this is the most hands-on conference in the industry. Numerous labs are available to conference-goers, as well as capture-the-flag and escape-room events. In addition, the 50-plus presentations and speakers are encouraged to include actionable takeaways in their presentations.

Who should attend: Security pros, penetration testers, application security specialists, threat intelligence analysts, system architects, researchers, system administrators, and students

SANS 2021 – Live Online

Twitter: @sansinstitute / #SANSLiveOnline
Web: sans.org/event/sans-2021-live-online/
Date: March 22-27
Location: Virtual
Cost: Courses, $1,795 to $7,020

The SANS Institute, founded in 1989, focuses on security research and providing intensive, immersive security training via a variety of conferences, smaller events, and courses that reach about 165,000 security professionals around the world. This, its big annual event, doubles as a conference, with keynote speakers, networking opportunities, and training.

SANS pledges that what people learn in its courses and events can be applied immediately once they get back to their workplaces. For IT pros who can't make it to the conference, SANS offers many of the forum's courses in virtual classrooms, where they can participate in live sessions remotely.

Who should attend: IT security pros, CxOs, network and system administrators, security managers, and security testers

DevSecCon Singapore

Twitter: @devseccon / #DevSecCon
Web: devseccon.com/singapore/
Date: March 25-26
Location: Singapore
Cost: £139 to £281

This is the first in a series of conferences held throughout the year by MyDevSecOps, a global community connecting developers and security. According to the organizers, these events are run by practitioners for practitioners. The forums include talks by key industry figures about making DevOps and security work together, as well as interactive workshops. Additional forums will be in Boston, Massachusetts, USA, and London, UK.

Who should attend: DevSecOps and IT security professionals

Infosecurity Belgium

Twitter: @Infosecurity / @InfosecurityBE
Web: infosecurity.be
Date: March 31-April 1
Location: Brussels, Belgium
Cost: Free, with registration

This conference is organized by education and networking company Infosecurity Group. In addition to covering IT security, the conferences also discuss data management and cloud computing. Besides the Belgium forum, events are also planned for London, UK, and Utrecht, Netherlands.

Who should attend: Security pros, system architects, researchers, system administrators, database admins, and cloud computing pros

May

Black Hat Asia

Twitter: @BlackHatEvents / #bhasia
Web: blackhat.com/asia-20
Date: May 4-7
Location: TBD
Cost: TBD

This is the Asian sister of the famous North American conference for hackers held in Las Vegas. It combines hands-on training sessions taught by industry experts with briefings containing cutting-edge research, including the latest zero-day vulnerabilities. There's also a business hall for vendors and service providers, and an "arsenal" feature where the latest open-source security tools are demonstrated.

Who should attend: Security analysts, risk managers, security architects/engineers, penetration testers, security software developers, and cryptographers

AusCERT Conference

Twitter: @AusCERT / #AusCert2021
Web: conference.auscert.org.au
Date: May 11-14
Location: Gold Coast, Queensland, Australia; hybrid virtual and real world
Cost: TBD

The AusCERT conference is the longest-running information security conference in Australia. Each year it attracts around 800 participants to learn about network security, incident response and handling, cybercrime, intrusion detection, governance, risk management, compliance, threat hunting, and many more infosec topics.

Who should attend: Network administrators; incident responders; governance, compliance, and risk managers; law enforcement; security team members and managers; security testers; security researchers; and consultants

THOTCON

Twitter: @THOTCON / #THOTCON
Web: thotcon.org
Date: May 14-15
Location: Chicago, Illinois, USA
Cost: Sold out

Organizers describe this event as a low-cost "hacking conference" with a nonprofit and noncommercial goal and a limited budget. It's been held annually in Chicago since 2010, born from its organizers' desire to host an affordable security conference for hackers who live in and around the Windy City. Proceeds are used for the following year's conference.

There's a bit of a cloak-and-dagger aura about the forum. Not only does its homepage have messages in Russian, but its exact location in Chicago is never revealed to attendees and speakers until a week before the conference.

Who should attend: Hackers, especially those from the Chicago area

RSA Conference

Twitter: @rsaconference / #RSAC2021
Web: rsaconference.com/usa
Date: May 17-20
Location: Virtual
Cost: TBD

This is one of the world's largest security conferences. The educational content will cover 20 tracks, and includes more than 300 sessions with keynotes, partner seminars, and sponsor briefings as well as interactive and traditional sessions. RSAC 2021 will include many of the conference's signature programs, including an innovation sandbox contest, capture-the-flag events, birds-of-a-feather discussions, multiple opportunities for attendees to connect with one another, and an expansive sponsor resource center. The theme of the 2021 event is resilience.

Who should attend: IT security pros, CxOs, network and system administrators, security managers, and security testers

NorthSec

Twitter: @NorthSec_io 
Web: nsec.io
Date: May 20-28
Location: Virtual
Cost: Training sessions, TBD (student and time-sensitive discounts available); conference, free

NorthSec, an applied security event, aims to raise the knowledge and technical expertise of professionals and students.

The event offers a single-track conference, training workshops, and a capture-the-flag competition. Speakers will address topics ranging from application and infrastructure security to cryptography and ethics. Workshops and training cover subjects including penetration testing, network security, software and hardware exploitation, web hacking, reverse engineering, malware, and encryption.

Who should attend: CSOs, CISOs, CTOs, software developers, software engineers, programmers, industry analysts and consultants, security researchers, security engineers, cryptographers, privacy advocates, computer scientists, penetration testers, and reverse engineers

IEEE Symposium on Security and Privacy

Twitter: @IEEESSP
Web: ieee-security.org/TC/SP2021/
Date: May 23-27
Location: Virtual
Cost: TBD

Since 1980, this IEEE symposium has been a venue for airing developments in computer security and electronic privacy. The conference attracts both researchers and practitioners ready to share their knowledge on a broad range of security topics. In addition to the symposium, the IEEE offers a number of workshops that allow forum-goers to take a deeper dive into specific aspects of security and privacy.

Who should attend: Researchers, security practitioners, and students

June

REcon Montreal

Twitter: @reconmtl
Web: recon.cx
Date: June 18-20
Location: Montreal, Quebec, Canada
Cost: TBD

REcon focuses on reverse engineering and advanced exploitation techniques. The single-track conference covers subjects such as software and hardware reverse engineering, finding vulnerabilities and writing exploits, and bypassing security protections.

In addition to the conference, training sessions with durations from two to four days are offered. They cover subjects such as hacking operating systems, firmware, and IoT devices.

Who should attend: Security researchers, programmers, developers, and information security team members, plus leaders of those disciplines

Infosecurity Europe

Twitter: @Infosecurity
Web: infosecurityeurope.com
Date: June 8-10
Location: London, UK
Cost: Free with registration; after 5 p.m., June 9, £69 to register online or at the show

This conference is organized by education and networking company Infosecurity Group. In addition to covering IT security, the conference also discusses data management and cloud computing.

Who should attend: Security pros, executives, and managers

ICS Cyber Security Conference

Twitter: @SecurityWeek
Web: icscybersecurityconference.com/singapore/
Date (2020): June 16-18
Location (2020): Virtual
Cost (2020): $495

Organized by SecurityWeek, this is the longest-running cybersecurity-focused conference for the industrial control systems sector. Its target audience consists of energy, utility, chemical, transportation, manufacturing, and other industrial and critical-infrastructure organizations.

Most attendees are control systems users, working as control engineers, in operations management, or in IT. Topics addressed in the forum include protection for supervisory control and data acquisition (SCADA) systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers, and other field control system devices.

Who should attend: Operations, control systems, and IT security professionals

Global AppSec Dublin

Twitter: @owasp / #globalsppsec
Web: dublin.globalappsec.org
Date: TBD
Location: TBD
Cost: TBD

Focused on application security, this conference goes deep into topics such as DevOps, privacy, mobile security, secure development, app assessments, and cloud security. 

Highly technical, it is organized by the Open Web Application Security Project (OWASP), a nonprofit organization with 200 chapters in 100 countries devoted to improving app security from a vendor-neutral perspective.

In addition to speaker sessions, the event offers training conducted by leaders in their fields and opportunities for women and military vets to network and develop their careers.

Who should attend: Developers, application security engineers, auditors, risk managers, technologists, students, military veterans, and entrepreneurs

July

Suits & Spooks DC

Twitter: @SuitsandSpooks
Web: tellaro.io
Date: July 9
Location: Washington, DC, USA (physical and virtual event)
Cost: TBD. Last year this event cost from $298 to $798

Suits and Spooks bills itself as the "anti-conference" and offers boutique forums on top-line security issues. Among the issues to be discussed at the DC event are achieving early detection of terrorism in smart cities, the future of war and leadership in a connected and chaotic world, and the future of Big Tech in the era of GDPR and antitrust.

Who should attend: Civilian and government cybersecurity professionals, and defense industry executives

ISC West

Twitter: @ISCEvents
Web: iscwest.com
Date: July 19-21
Location: Las Vegas, Nevada, USA
Cost: $475 to $1,075 (time-sensitive discounts apply)

This conference encompasses both physical and connected security. It attracts some 30,000 security and public safety professionals each year. More than 1,000 security brands and exhibitors are represented at the event.

A wide array of technologies is covered at the forum—everything from video surveillance and access control to smart-home technologies, IoT, and unmanned security. A sister conference will be held November 17-18 in New York City.

Who should attend: Security and public safety professionals

Black Hat USA

Twitter: @BlackHatEvents / #BHUSA
Web: blackhat.com
Date: July 31-August 5
Location: Las Vegas, Nevada, USA
Cost: $1.495 to $2,595 (time-sensitive discounts available)

First held in 1997, Black Hat has become one of the world's biggest tech conferences. It's something that most security professionals are compelled to attend or at least follow closely online. It's the preferred venue for researchers, security experts, vendors, and ethical hackers to disclose their latest vulnerability findings, the most dramatic of which often become mainstream news globally. Black Hat features training sessions, a big expo floor, and A-list presenters and keynote speakers.

Who should attend: Security analysts, risk managers, security architects/engineers, penetration testers, security software developers, and cryptographers

August

Def Con 29

Twitter: @defcon
Web: defcon.org
Date: August 5-8
Location: TBD (virtual or Las Vegas, Nevada, USA)
Cost​​​​: 2020, free virtual event; 2019 in-person event, $300, cash only

Def Con starts as soon as Black Hat ends—in the same locale, though a different venue—so they share many topics and audiences. But Black Hat's atmosphere is more polished, corporate, and professional, while Def Con is a wilder, more festive affair.

Attendees should take precautions to avoid getting hacked, since they'll be surrounded by thousands of hackers. They should also be prepared to be approached by government headhunters recruiting for intelligence and law enforcement agencies.

In the past, the event has received criticism for a "college fraternity-like atmosphere" that doesn't feel welcoming to some attendees. But like many conferences, Def Con has adopted a code of conduct to address those issues.

Who should attend: Software developers, security administrators, hackers, researchers, and government and law enforcement officials

30th Usenix Security Symposium

Twitter: @USENIXSecurity
Web: usenix.org/conference/usenixsecurity21
Date: August 11-13
Location: Vancouver, British Columbia, Canada
Cost: TBD

During this three-day conference, speakers present papers, give talks, participate in panel discussions, display posters, and talk about works in progress. Several vulnerabilities revealed at this conference have made headlines in tech news cycles.

Who should attend: Researchers, practitioners, system administrators, and system programmers

September

GrrCON

Twitter: @GrrCON
Web: grrcon.com
Date: September 16-17
Location: TBD
Cost: TBD

This is one of the largest infosec conferences in the Midwest, attracting more than 1,700 attendees annually. Conference organizers say the event's mission is to provide the community with a venue to come together and share ideas, information, and solutions; forge relationships; and engage with like-minded people in a fun atmosphere without all the elitist "diva" nonsense. The forum has workshops, a solutions arena, and three presentation tracks.

Who should attend: CISOs, hackers, security practitioners, researchers, and students

Gartner Security & Risk Management Summit

Twitter: #GartnerSEC
Web: gartner.com/en/conferences/na/security-risk-management-us
Date: September 20-22
Location: Orlando, Florida, USA
Cost: TBD

As with all Gartner conferences, Gartner analysts will feature prominently in keynotes, panels, roundtables, how-to workshops, and one-on-one meetings, but there will also be companies presenting case studies, and many opportunities to network.

Who should attend: CISOs, CSOs, enterprise IT security pros and executives, CxOs, business continuity and disaster recovery managers, and network security managers

GSX 2021

Twitter: @ASIS_Intl
Web: gsx.org
Date: September 27-29
Location: Orlando, Florida, USA
Cost: TBD

Organized by ASIS International, an organization of security management industry professionals founded in 1955, this conference covers the full spectrum of security topics. Formerly called the Security Expo, this multi-track conference has been renamed the Global Security Exchange, and it attracts more than 22,000 professionals from more than 100 countries each year.

Event organizers say the conference unites the full spectrum of infosec pros for a comprehensive security event.

Who should attend: Cyber and operational security professionals from across the private and public sectors, business leaders, brand protection experts, continuity experts, IoT security professionals, loss prevention professionals, researchers, and risk management professionals

October

Authenticate 2021

Twitter: @AuthenticateCon
Web: authenticatecon.com
Date: October 19-20
Location: Seattle, Washington, USA
Cost: TBD

With perimeter defenses crumbling, authentication has become a critical component of any scheme to protect the digital assets of an organization. This conference, organized by the FIDO Alliance, is dedicated to the who, what, why, and how of user authentication—with a focus on the FIDO standards-based approach. It's a place to get the education, tools, and best practices to roll out modern authentication across web, enterprise, and government applications.

Who should attend: CISOs, security strategists, enterprise architects, and product and business leaders

ICS Cyber Security Conference (USA)

Twitter: @SecurityWeek
Web: icscybersecurityconference.com
Date (2020): October 19-22
Location (2020): Virtual
Cost (2020): Basic conference and expo pass, free; Premium pass, plus "Red vs. Blue" training workshop, $495

Organized by SecurityWeek, this is the longest-running cybersecurity-focused conference for the industrial control systems sector. Its target audience consists of energy, utility, chemical, transportation, manufacturing, and other industrial and critical-infrastructure organizations.

Most attendees are control systems users, working as control engineers, in operations management, or in IT. Topics addressed in the forum include protection for supervisory control and data acquisition (SCADA) systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers, and other field control system devices.

Who should attend: Operations, control systems, and IT security professionals

November

ACM Conference on Computer and Communications Security

Twitter: @acm_ccs
Web: sigsac.org/ccs/CCS2021/
Date: November 14-19
Location: Seoul, South Korea
Cost: TBD

This primarily research-focused event is the flagship annual conference of the Special Interest Group on Security, Audit and Control (SIGSAC) within the Association of Computing Machinery. The conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results.

Who should attend: Information security researchers, practitioners, developers, and users

ISC East

Twitter: @ISCEvents
Web: isceast.com
Date: November 17-18
Location: New York City, New York, USA
Cost: TBD

This conference encompasses both physical and connected security. It attracts some 30,000 security and public safety professionals each year. More than 1,000 security brands and exhibitors are represented at the event.

A wide array of technologies are covered at the forum—everything from video surveillance and access control to smart home technologies, IoT, and unmanned security.

Who should attend: Security and public safety professionals

December

Annual Computer Security Applications Conference

Twitter: @ACSAC_Conf / #ACSAC2020
Web: acsac.org
Date (2020): December 7-11
Location (2020): Virtual
Cost: Technical program, student $50, professional, $125

First held in 1984, ACSAC focuses on applied security and draws professionals from academia, government, and industry. Its target audience is people developing practical solutions for network, system, and IT security problems. Proceedings include in-depth tutorials, workshops, case studies, panel discussions, and a technical track that discusses peer-reviewed papers.

Who should attend: Researchers and security practitioners

Mark your calendars and make your choices soon. Prices may vary based on how early you register. Also, remember that hotel and travel costs are generally separate from the conference pricing.

Note: Not all dates, locations, and pricing were available at publication time, especially for events taking place later in the year. In those cases, we provided historical information to give you an idea of what to expect and what you'll get out of attending. (Keep checking back; we'll update this guide as more information becomes available.)

Image source: @olivier_boschko

Keep learning

Read more articles about: SecurityInformation Security