What’s This Post All About?
We’ve been involved in the cybersecurity conference space for a long time – well, to be exact, since 2012 which I guess you could say is rather a long time.
Anyways – we post a ton of Information Security conference information on the web and within our directory, and this post is really just a reflection of the events that we think should merit being in our world-famous 2019 ‘Top Ten’ list!
This post was originally written several years ago (2013) and of course its been really hard to just pin down the plethora of Cybersecurity Conferences that take place each year to just ten.
How Do We Select Events?
Glad you asked.
We just list the events that we think have something a little bit extra to offer. We would rather steer away from ‘vendor pitch’ events because, well, they aren’t really a true reflection of the ethos of the community.
However – we do have fairly strict criteria: namely, that the conference takes place every year, and secondly, that the conference packs various bonus activities such as ‘Lock Picking’, ‘Training’ and ‘Capture The Flag’ events.
* We have a resource dedicated to the more alternative “Hacker Conferences” (or Hacker Cons as they’re sometimes referred to).
** Also, real quick – if you are conference organizer – or if you’re a regular attendee of a kickass InfoSec Event that you think ought to be included within this list then go ahead and drop a message below and we’ll add it.
Quick Links To Conferences Mentioned In Our Top Ten Events:
#1 DEF CON
Where: Las Vegas, Nevada, United States
When: August 8, 2019 - August 11, 2019
► Event Link
Started by the legend that is Dark Tangent (Jeff Moss) DEF CON (spelled like that, i..e two separate words) is, really, the world”s best known “hacker convention” or “hacker conference.” DEF CON is held every year in Las Vegas, Nevada, USA, and the first DEF CON took place in June 1993 so it’s also one of the oldest (and therefore original) cybersecurity meetings.
In fact, we’d really encourage you to watch the DEF CON documentary linked below this section; it really is a fascinating insight into how this iconic cyber conference came into being.
Of interest, DEF CON is a play on the military “readiness condition” which is abbreviated to “DEFCON” (Defense Condition). The cybersecurity grade within the military DEFCON (note how the military only uses one word) is actually referred to as Information Operations Condition (INFOCON), which is soon to be replaced by Cyber Operations Condition (CYBERCON).
“DEF CON” as a title for the event also plays nicely with the “Con” in “Conference”. Furthermore, a lot of the early members of the DEF CON group were phone phreakers and they liked that “DEF” also represents “3” on the North American Classic Key Pad.
Interesting facts about DEF CON: Where did the name come from?
The short answer is a combination of places! According to Jeff Moss:
“There was a SummerCon in the summer, a HoHoCon in the winter, a PumpCon during Halloween, etc. I didn’t want any association with a time of year. If you are a Phreak, or just use your phone a lot you’ll notes “DEF” is #3 on the phone. If you are into military lingo DEF CON is short for “Defense Condition.” Now being a fan of the movie War Games I took note that the main character, David Lightman, lived in Seattle, as I do, and chose to nuke Las Vegas with W.O.P.R. when given the chance. Well I knew I was doing a con in Vegas, so it all just sort of worked out.”
Reasons Why We Like DEF CON:
1. It’s a kick-ass event with awesome personalities.
Sure, over time it might have become slightly more corporate(ish) and journalists and FEDS are all over it, but it still attracts some of the world’s best cybersecurity researchers and hackers with interests in software, computer architecture, hardware modification, and anything else that can be “cracked or hacked.” Folk that attends DEF CON are by their nature very friendly, approachable and a lot of fun to be around.
2. If you are a “hacker” (in a curious-minded way) then DEF CON will not disappoint.
There”s a ton of things you can do. There are several learning tracks that are always populated with excellent speakers, and for the hacking-related stuff there are, for example, Wi-Fi Cracking stations, lock picking, drone-related hacking and Capture the Flag contests.
3. It’s extremely social.
There are live music shows at night (and our favorite SOMA FM played there a few DEF CON’s ago). For making friends, hanging out whilst learning security stuff (and how to break it) then this is the conference for you. Oh, and if you like shooting guns in the desert then that”s another reason to go, if you are not sure what I”m referring to watch the video in the link below, it’s pretty damn cool.
4. It’s basically the capital for cyber-culture
That”s right. If you are at all into cyberculture and everything that goes with it, then clearly this is a conference for you.
# 2 ShmooCon
Where: Washington DC, Maryland, United States
When: January 18, 2019 - January 20, 2019
► Event Link
ShmooCon is an extremely popular “puritan” hacker conference. Founded in the late 1990″s by the Shmoo Group this is a “must attend” if you are interested in meeting some of the brightest minds in the cybersecurity space. For those that don”t know, the Shmoo Group are behind projects such as Linux Apache (yes the rather popular HTTP server!), PGP, OpenSSL, and Snort! This event sells out every year and for a good resource: a lot of (serious) IT Security folk wanna go.
Reasons Why We Like ShmooCon:
1. It’s rammed full of amazing hacking content.
This year”s event had 40 different talks and presentations on a variety of IT Security subjects spanning cryptography, computer security through to specific ShellCode, as well as there being unique schmoocon events such as Shmooganography.
2. It’s affordable!
Ticket prices are just $150 per person which is much cheaper when compared to other events. DEF CON is around $250 for example. Also, the organizers restrict the capacity of the event making the event feel a lot more manageable and not overwhelming.
3. Carefully selected speakers and talks.
What makes SchmooCo so popular is the quality of the talks. A lot of emphases is placed on sourcing speakers and subjects that have not been presented at other conferences.
# 3 ToorCon
ToorCon (a play on the word “Root” in the computing sense) is another West Coast US event, which is considered as being pretty left-field. Having started in 1999 (in San Diego, CA) this hacker conference is named after the San Diego 2600 user group. ToorCon also organizes events in Seattle, however, I’m not too sure if they are still doing them there (please let us know in the comments below if they are still running them in Washington State!).
ToorCon does things somewhat differently. They organize camps and even world tours! ToorCon immediately differentiated itself by holding events in awesome venues; for example, ToorCamp in 2009 was held in an Eastern Washington abandoned missile silo, and their WorldToor 2013 was held in Antarctica on a cruise ship. Toorcamp is modeled after European hacker camps.
Reasons Why We Like ToorCon:
1. If you like it intimate then this is the one to go to.
ToorCon has a reputation as being well “thought-out” by bringing 400 people (maximum) annually with hands-on talks and demonstrations. They bring speakers and personalities together such as Joe Grand (whom we had on Hacker Hotshots) and Darren Kitchen from Hak5.
2. ToorCon is a great place to start your career in cybersecurity.
We”d recommend the ToorCamp as an ideal stomping ground to get to know others in the community. Having ToorCamp on your CV will generate some buzz and a “one of us” fuzzy feeling if you meet the right interviewer.
Interesting facts about ToorCon
ToorCon is San Diego’s exclusive hacker conference that traditionally takes place in late September. Started originally by the San Diego 2600 user group, ToorCon was founded in 1999 by Ben Greenberg and David Hulton (h1kari).
ToorCon attracts many of the top leaders in the computer security community and has been known for its small-conference atmosphere, bringing together around 400 attendees annually. Along with two parallel tracks that run over the course of ToorCon weekend, there are also vendor tables and games. Usually featuring at least one book publisher such as Syngress or No Starch Press, a hardware vendor, and a T-shirt printer. Capture the Flag is one of the recurring games over the weekend.
# 4 THOTCON
Where: Chicago, Illinois, United States
When: May 3, 2019 - May 4, 2019
► Event Link
Perhaps this event might not so well know but we like it enough to include it in our list.
Based in Chicago, United States, this is another classic “hacker event” (cyberculture) that we think is awesome.
THOTCON is a non-profit and interestingly, non-commercial event that looks to provide the best possible conference experience for those amongst us that are on a budget, and for that reason, we included in this event.
Reasons Why We Like THOTCON:
1. It’s very affordable!
Because it is so affordable tickets sell out real quick. Here”s an indication of what you can expect to pay for THOTCON next year in 2016: student prices $56.00, and early bird: $106.00!
2. Awesome talks.
If you are a security nerd you”ll love the quality and depth of the speakers they have had in the past and will likely continue to have in the future. If you live around the Chicago area then this is clearly a “must-go-to” event if you work in cybersecurity.
Interesting fact about THOTCON
The name THOTCON is made of the first letter in the words that represent the main Chicago Area Code (312); as in THree-One-Two. THOTCON is an American hacker conference that is organized by Nicholas J. Percoco, Matt Jakubowski, Jonathan Tomek, John Mocuta, David “VideoMan” Bryan and several other OPERs (volunteers from the local DEF CON 312 chapter). It is held in Chicago, Illinois United States at a somewhat different Top Secret location each year
# 5 Black Hat (USA)
Where: Las Vegas, Nevada, United States
When: August 3, 2019 - August 8, 2019
► Event Link
# 5 Black Hat (Asia)
Where: Singapore (City), Singapore
When: March 26, 2019 - March 29, 2019
► Event Link
Think of Black Hat as the commercial wing of DEF CON. Started (and then sold) by the same founder (Dark Tangent, aka Jeff Moss) Black Hat has global appeal and it functions throughout the world (Middle East, Asia, Europe, and the US). Think of the Black Hat attendees as being more corporate and the DEF CON crowd as being more “street” and stereotypically “hackerish”. Here”s a nice comparison between DEF CON and Black Hat that I read that I thought sums it up neatly: at DEF CON you can only pay cash, whilst at Black Hat, you can pay with the company and personal credit cards. Why? Because the type of people that go to DEF CON simply don”t want to be identified!
Reasons Why We Like Black Hat:
1. It’s a must if you want to be taken seriously
Black Hat (and DEF CON as well if truth be told) are “rights-of-passage” for most cybersecurity professionals. Attending one conference is a must for kudos, credibility and all round satisfaction in reminding yourself that you work in the coolest industry.
2. If you hear it first, then you heard it at Black Hat.
Black Hat is touted as being the premier place to hear “breaking news” for anything Cyber-Related, especially with regards to vulnerabilities that are a “big deal”. Speakers are contracted to not talk about their research or present again for a few months after the event (don”t quote us on that, we just heard that here at our Concise Courses HQ.) Anyways – Black Hat is an awesome gig and you ought to get yourself down there, not least because they are global and annual, so you don”t really have an excuse not to ever go.
An Interesting Fact About Black Hat
Black Hat is typically scheduled prior to DEF CON with many attendees going to both conferences. Black Hat has been perceived by the security industry as a more corporate security conference whereas DEF CON is more informal.
# 6 TROOPERS
Our understanding of TROOPERS (a German-based information security conference) is that it has a solid reputation as being one of Europe”s more discerning hacker conferences. They always attract some of the worlds brightest cyber minds and they seem to have an awesome and carefree spirit. In their own words: “We are TROOPERS. There”s no need for another credo. it’s a slogan of unity. By definition, you are a TROOPER if you stand up against the everyday challenges of IT security” Sounds good enough to us!
TROOPERS started in 2007 under the direction that they wouldn’t allow the “usual product/ vendor presentations and marketing”, instead they just seek more of a pure cybersecurity agenda. Nice!
Reasons Why We Like TROOPERS:
1. Network with mega cyber professionals.
You can mingle with some of the heavy hitters in the European Cybersecurity space. Influential CISOs, IT auditors, cybersecurity sysadmins, security consultants etc from some of the biggest and worst tech companies will rock up.
2. Heidelberg is beautiful.
Although I’ve never personally been to TROOPERS, I have in fact been to Heidelberg (where the event takes place) and I can happily say that it is absolutely beautiful. Heidelberg is in Baden-Württemberg which in my opinion (having lived in Europe for a long time) is one of the most beautiful parts of Europe.
Interesting fact about TROOPERS
OK, this is not really specifically a ‘fact’ about TROOPERS but we thought this is awesome: the first bicycle was invented by a graduate of the University of Heidelberg, Karl Drais.
# 7 Nuit du Hack
We like this event because it just seems to have an edge to it. This cyber conference, which has been taking place in Paris since 2003, was influenced by a hacking collective called Hackerz Voice. This group was inspired by DEF CON (in much the same way that the other conferences in this list have mostly been).
Reasons Why We Like Nuit du Hack:
1. It’s a very practical event
Nuit du Hack is one of France”s oldest underground hackers” events, bringing security professionals and amateurs of any levels to test their skills in one place. There are a bunch of resources at the event, in fact, there really is something for everyone, they even have a kids section! They’ve also got a very active CTF division.
2. They’ve got a hacker job board!
We love this. The folks behind Nuit du Hack have fired up a jobs portal for attendees and we think it’s a great idea.
Interesting fact about Nuit du Hack
Initiated in 2003 by a crew of people, including co-founder Paolo Pinto, who got together under the name of Hackerz Voice and inspired by the famous and biggest US hacking event named “DEFCON”. “La nuit du hack” is one of the oldest French underground hackers” event which brings together, professionals and amateurs of any skill level, around lectures and challenges. Regardless of their skill, guests come to see and talk about the latest advances in IT Security to assess and/or improve their level.
# 8 Chaos Communication Congress
Yes. We know. This was a “top ten” list of the “must-go” information security conferences – and due to messages from our community we”ve added Chaos Communication Congress, which is organized by the Computer Chaos Club, so, congratulations to CCC, you have broken our list and you’ve been given an honorary number 11th spot.
This event, which happens every year, features a mix of lectures and workshops on technical and hacker issues. Interestingly, CCC (as it is very often abbreviated to within the media) focuses on political issues (for example within hacktivism) as well.
This cyber event started way back in 1984 in Hamburg (older than DEF CON then!) and moved to Berlin in 1998, and then back again to Hamburg in 2012.
The event attracts over 10,000 which is extremely impressive.
Reasons Why We Like Chaos Communication Congress:
1. Be part of the “real” Cyber Community in Europe
We”ve always know about CCC but we didn’t add the event since we tried to mix the events (within a balance of vendor-related gigs and pure “hacker events”) but judging by the feedback we got from our community not having included CCC led us to believe that we”d made an error not adding CCC! Anyways, don”t just take our word for it, CCC is a seriously interesting hacking collective. They have been involved in all sorts of escapades and as a result, the type of person they attract to their events will very likely reflect the spirit of their mission.
2. CCC is the largest (real) hacker event in Europe
Our research shows that CCC is Europe”s largest association of hackers. A better networking event perhaps doesn’t exist! (When we say “networking” we are also referring to the social sense of that word, i.e. CCC, with so many European hackers is a superb place to meet like-minded folk).
# 9 NorthSec
We love this event. NorthSec is a newcomer to our list but we are delighted to include it.
Of particular awesomeness is their Capture The Flag competition (CTF).
Reasons Why We Like NorthSec:
They’ve organized three tracks (in 2017) which we feel offer a wide diversity which was: Application & infrastructure, Cryptography/ Obfuscation and Society/ Ethics.
Also, their Capture The Flag (CTF) is pretty awesome; last year (2017) it included 400 competitors with 50 teams that lasted over three days! If you are just starting out in Cybersecurity then taking part in their CTF would be an awesome addition to your CV (better still would be to win it!). For more information please refer to the interview with Gabriel listed below.
# 10 nullcon
Where: Goa, India
When: March 1, 2019 - March 2, 2019
► Event Link
A lot of our visitors to our website are from India so we had to include at least one Indian Cybersecurity Conference in this post (we actually have a devoted India InfoSec Events page here), but here’s our top pick for a Cyber Conference in India: nullcon.
The folks behind this event are a very friendly bunch and over the years they’ve consistently added their events to our main InfoSec Directory.
This event was launched in 2010 with the intention of providing an “integrated platform for exchanging information on the latest attack vectors, zero-day vulnerabilities and unknown threats” (organizers own words).
The event even has a motto: “The neXt security thing!” which acts as a driver for the content of these conferences.
Also! We have discovered that the same team is also responsible for organizing another Conference in Europe called: Hardware.io (Hardware Security Conference & Training), which takes place in the The Hague, Netherlands, September 19th – 22nd 2017.
Reasons Why We Like nullcon:
1. The nullcon Desi Jugaad Concept (which is Hindi for “Local Hack”)
These guys have an event which is referred to as ‘Desi Jugaad’ which is dedicated to allowing researchers and hackers to present their innovative hacks and/ or to solve real-life challenges.
2. The Big Efforts They Make!
The organizers care and make a lot of effort to make sure that their Conference is packed full of useful and actionable materials and content such as there being ‘Interactive Events’, ‘Hacking Challenges’ and – the presentations are also delivered online!
3. The Organizers Are A Friendly Bunch
The folk behind nullcon are a very approachable and friendly bunch and they didn’t hesitate to offer us a complimentary ticket when they discovered we’d put this resource together.