What’s This Post All About?
We’ve been involved in the cybersecurity conference space for a long time – well, to be exact, since 2012 which I guess you could say is rather a long time.
Anyways, we post a lot of InfoSec conference information within our directory, and this post is really just a reflection of the events that we feel should merit being in our industry-famous ‘Best Cyber Security Conferences of 2020!
This post was originally written several years ago (2013) and it’s very tricky to pin down “the best conferences” because, of course, the decision has been entirely our own choice.
Categorizing cybersecurity events is easy, and we’ve done that here, but what is certainly more of a challenge is appreciating what makes a conference amazing and worthwhile.
How Did We Select Events For This List? (2013 – 2019)
Glad you asked.
We used to do it a little differently. We used to just list the events that we thought looked cool and seemed to offer something a little bit different. We’d certainly steer away from ‘vendor pitch’ events because, well, they aren’t really a true reflection of the ethos of the community, so, as a result we had to remove RSA from our list (which had a hallowed position back in 2014).
However, over time, we implemented different criteria. Namely, does the conference takes place every year, and secondly; does it include various bonus activities such as ‘Lock Picking’, ‘Training’ and ‘Capture The Flag’ events?
Specifically, here’s how we now, in 2020, rank conferences within our “Best Cybersecurity Conference Listing”:
1. How long has the conference been running?
2. Does it have a unique proposition?
3. Does it truly push the Cybersecurity Knowledge and make our industry a better place?
If the answer to ALL of those questions is yes, then the Conference we be placed within this resource.
* We have a resource dedicated to the more alternative “Hacker Conferences” (or Hacker Cons as they’re sometimes referred to).
** Also, real quick – if you are conference organizer – or if you’re a regular attendee of a kickass InfoSec Event that you think ought to be included within this list then go ahead and drop a message below and we’ll add it.
How Do We Now Select Events? (2020 – 2030)
We now, (well from the tail end of 2019) put it to the people! We’ve decided that it’s you guys that matter, after all, you’re the one that did a Google Search and found us. It doesn’t matter if you haven’t been to any of the events listed below, we’d still encourage you to cast a vote. Why? Because the sub-Cyber-culture is so strong these events have the power to cross-borders and inspire, and if an event listed below has helped you in your journey then in our books that totally entitles you to cast a vote!
So, please cast your vote below!
Update! Pretty amazing but the poll seems to have become VERY popular since we launched it two weeks ago (it’s now the middle of December 2019). DEF CON seems to be winning the race. We will let the poll run its’ course during the year and then do a mega tally at the end to see which event really is the most popular and widely respected.
Have you attended any of our recommended InfoSec Conferences?
If yes, then we’d love to share your experience with the greater community.
Quick link to every recommended event for 2020
Previously listed events
RSA (removed 2015)
OWASP (removed 2017)
We removed these because other events took their place and we’re trying to limit this resource to our “Top Ten” (or as close as possible to that).
# DEF CON 28
Started by the legend that is Dark Tangent (Jeff Moss) DEF CON (spelled like that, i..e two separate words) is, really, the world”s best known “hacker convention” or “hacker conference.” DEF CON is held every year in Las Vegas, Nevada, USA, and the first DEF CON took place in June 1993 so it’s also one of the oldest (and therefore original) cybersecurity meetings.
By far, DEF CON, is the best known of all the conferences we have listed within our directory. It’s certainly become an rite of passage for any serious Cyber Pro.
In fact, we’d really encourage you to watch the DEF CON documentary
linked below this section; it really is a fascinating insight into how this iconic cyber conference came into being.
Of interest, DEF CON is a play on the military “readiness condition” which is abbreviated to “DEFCON” (Defense Condition). The cybersecurity grade within the military DEFCON (note how the military only uses one word) is actually referred to as Information Operations Condition (INFOCON), which is soon to be replaced by Cyber Operations Condition (CYBERCON).
“DEF CON” as a title for the event also plays nicely with the “Con” in “Conference”. Furthermore, a lot of the early members of the DEF CON group were phone phreakers and they liked that “DEF” also represents “3” on the North American Classic Key Pad.
Interesting facts about DEF CON: Where did the name come from?
The short answer is a combination of places! According to Jeff Moss:
“There was a SummerCon in the summer, a HoHoCon in the winter, a PumpCon during Halloween, etc. I didn’t want any association with a time of year. If you are a Phreak, or just use your phone a lot you’ll notes “DEF” is #3 on the phone. If you are into military lingo DEF CON is short for “Defense Condition.” Now being a fan of the movie War Games I took note that the main character, David Lightman, lived in Seattle, as I do, and chose to nuke Las Vegas with W.O.P.R. when given the chance. Well I knew I was doing a con in Vegas, so it all just sort of worked out.”
Reasons Why We Like DEF CON:
1. It’s a kick-ass event with awesome personalities.
Sure, over time it might have become slightly more corporate(ish) and journalists and FEDS are all over it, but it still attracts some of the world’s best cybersecurity researchers and hackers with interests in software, computer architecture, hardware modification, and anything else that can be “cracked or hacked.” Folk that attends DEF CON are by their nature very friendly, approachable and a lot of fun to be around.
2. If you are a “hacker” (in a curious-minded way) then DEF CON will not disappoint.
There”s a ton of things you can do. There are several learning tracks that are always populated with excellent speakers, and for the hacking-related stuff, there are, for example, Wi-Fi Cracking stations, lock picking, drone-related hacking and Capture the Flag contests.
3. It’s extremely social.
There are live music shows at night (and our favorite SOMA FM played there a few DEF CON’s ago). For making friends, hanging out whilst learning security stuff (and how to break it) then this is the conference for you. Oh, and if you like shooting guns in the desert then that”s another reason to go, if you are not sure what I”m referring to watch the video in the link below, it’s pretty damn cool.
4. It’s basically the capital for cyber-culture
That’s right. If you are at all into cyberculture and everything that goes with it, then clearly this is a conference for you.
5. If you have to visit one event before you die…this is it…
No BS. If you only ever get ONE chance to attend one Cyber event, then this is it. It’s got a little something for everyone, and I guarantee you, you’ll meet some incredibly creative and interesting (introverted?) personalities.
6. DEF CON is really an umbrella “conferences-within-conferences”
DEF CON has a ton of things going on and that’s why it will almost certainly remain within our recommended cyber events resource for the indefinite future. Events include
If you need more convincing that DEF CON is damn incredible then check out this, at DEF CON 27 (2019) here’s a list of all activities that took place. Now – you tell me if you aren’t gonna get your money’s worth!
DEF CON offers mini-conferences in the Mega Con which is DEF CON:
AI Village CTF | Clearly aimed at those with a love interest with anything to do with AI and, heck, of course being able to do
Beverage Cooling Contraption Contest | Hold my beer…
Car Hacking Village CTF | Car hacking back in 2015 or so was all the rage. Indeed, there was a famous DEF CON and Black Hat talks on the subject which we’ve covered in a separate blog post.
CMD+CTRL CyberRange | Like Marcus Aurelius said in the flick Gladiator: “At my signal, unleash hell!” Well, attending this mini-con at DEF CON and you’ll be half-way there!
Coindroids | These Are Not the Droids You Are Looking For…
Crack Me If You Can | Love the title and I can guarantee it will be incredibly educational and nefarious.
Creative Writing Short Story Contest | Like I said, there’s a little something for everyone!
DarkNet Project | This is to help you learn all about ciphers, cryptography and all that good stuff. If you’re into the whole encryption thing you’ll love this mini-event.
DEF CON Beard Contest | Say no more. Could this be the coolest mini-event that DEF CON has to offer?
Defcon Ham Radio Fox Hunting Contest | Clearly if HAM Radio’s float your boat then you’ll love this event. That’s the coost thing about DEF CON, you meet a ton of awesome like-minded folk.
Defcon Scavenger Hunt | Not sure about this event but someone out there will!
Drunk Hacker History | This mini-event seems to revolve around C2H6O!
Dungeons@Defcon | Umm, not sure about this. Seems to be some sort of board game or other.
EFF Tech Trivia | Where would we be without the Mighty EFF. These guys have been around since Year One and have a total relentless dedication to privacy within Cybersecurity.
Hack the Plan[e]t | This is basically a CTF within, our understanding of DEF CON 27, an ICS/SCADA Cybersecurity environment
Hacker Jeopardy | This has actually been going on for years. It first started, we believe, at DEF CON 3.
Hackfortress | This, I believe, is another CTF-type of event. Get your hacker tools out and get cracking!
H@ck3r Runw@y | If you like playing around with LED’s and the Magical DEF CON badges then you’re likely to love this mini-conference.
Homebrew Hardware Contest | This is all about hardware and hacking equipment. Darren from HAK5 will likely make an appearance at this one!
Hospital Under Siege | Cybersecurity Healthcare is a growing niche and for all the right reasons. We imagine this is hardware related too…
Maps of the Digital Lands | Seems to be about networking and securing the perimeter, DMZ and inside of course.
OpenCTF | Yet another CTF. Kali Linux in this instance and a solid knowledge of Hacking Tools is your friend
OpenSOC Blue Team CTF | Same as above but a Blue Team? Back in our day “Blue” meant Microsoft but its been a while….
OSINT CTF for Missing Persons | OSINT and for amazing causes! OSINT for those that don’t know is Open Source Intelligence.
Red Alert ICS CTF | SCADA and ICS is all the rage these days and will likely continue to be so during 2020
Schemaverse | This is Database Hacking
SECTF, SECTF4Kids & SECTF4Teens | These three events are all about the kids. If you’ve got ’em bring ’em along!
Secure Code Review Challenge | DEF CON attracts, of course, a bunch of serious coders and programs (obviously) so this is a must-attend workshop for those individuals and OWASP-minded folk.
SOHOpelessly Broken | Yes another CTF but this time focusing in on WiFi Wireless Hacking
SpellCheck: The Hacker Spelling Bee | Um. Not sure about this?
Spy Contest (Who’s the Best Social Engineer) | Social Engineering Cybersecurity Events are growing in popularity. We’ve noticed a bunch of new events for 2020.
TD Francis X-hour Film Contest | I think this is to be part of the film-documentary aspect of DEF CON.
TeleChallenge | This is a challenge, or perhaps better explained as a competition to being able to solve psychological riddles.
The d(struction)20 CTF | …and another CTF! This one seems offensive in nature.
The Gold Bug – Crypto & Privacy Village Puzzle | Crypto Conferences are growing in popularity in 2020.
Threat Modeling Challenge | This is fantastic for all professional Cybersecurity Professionals to get involved with.
Tinfoil Hat | This is, literally, a Tin-Foil hat event.
warl0ck gam3z CTF | If you’re a gamer you’ll love hacking/CTF-ing your way into this software.
Whose Slide Is It Anyway? | This is a bit like “faking it to make it”. The contestant basically is given a deck of slides, five minutes to prepare and they have to wing it. Hackers are great at this sort of thing.
Wireless Capture the Flag | Likely this is one of the more popular events at DEF CON, involving Wireless Hacking.
8th Annual DEF CON Bike Ride | This group heads out on a, gulp, 15 mile bike ride! OK…clearly some folk just can’t get enough exercise!
DEAF CON Meetup | We LOVE this and good for the folks at DEF CON for doing this to the DEAF & HH community.
Ham Radio Exams | You can get a license if you’re into HAM Radio’s. Attend the “Defcon Ham Radio Fox Hunting Contest” (see above) if you’re into the whole HAM scene.
Mohawk-Con | The Cyberpunk look reigns at this event.
Toxic BBQ | Actually, this is a BBQ event!
So, in summary, DEF CON is amazing. It’s really a “way of life” for many. It’s difficult to beat this security event.
ShmooCon is an extremely popular “puritan” hacker conference. Founded in the late 1990″s by the Shmoo Group this is a “must attend” if you are interested in meeting some of the brightest minds in the cybersecurity space. For those that don”t know, the Shmoo Group are behind projects such as Linux Apache (yes the rather popular HTTP server!), PGP, OpenSSL, and Snort! This event sells out every year and for a good resource: a lot of (serious) IT Security folk wanna go.
By the way, if you’re into the old school and want to check out some OLD Cyber Events then hit up this post where we talk about conferences like PumpCon, HoHoCon, HOPE (which actually we believe is still going on) and a bunch of other kickass old school events.
Reasons Why We Like ShmooCon:
1. It’s rammed full of amazing hacking content.
This year”s event had 40 different talks and presentations on a variety of IT Security subjects spanning cryptography, computer security through to specific ShellCode, as well as there being unique schmoocon events such as Shmooganography.
2. It’s affordable!
Ticket prices are just $150 per person which is much cheaper when compared to other events. DEF CON is around $250 for example. Also, the organizers restrict the capacity of the event making the event feel a lot more manageable and not overwhelming.
3. Carefully selected speakers and talks.
What makes SchmooCo so popular is the quality of the talks. A lot of emphases is placed on sourcing speakers and subjects that have not been presented at other conferences.
# 3 ToorCon
ToorCon (a play on the word “Root” in the computing sense) is another West Coast US event, which is considered as being pretty left-field. Having started in 1999 (in San Diego, CA) this hacker conference is named after the San Diego 2600 user group. ToorCon also organizes events in Seattle, however, I’m not too sure if they are still doing them there (please let us know in the comments below if they are still running them in Washington State!).
ToorCon does things somewhat differently. They organize camps and even world tours! ToorCon immediately differentiated itself by holding events in awesome venues; for example, ToorCamp in 2009 was held in an Eastern Washington abandoned missile silo, and their WorldToor 2013 was held in Antarctica on a cruise ship. Toorcamp is modeled after European hacker camps.
Reasons Why We Like ToorCon:
1. If you like it intimate then this is the one to go to.
ToorCon has a reputation as being well “thought-out” by bringing 400 people (maximum) annually with hands-on talks and demonstrations. They bring speakers and personalities together such as Joe Grand (whom we had on Hacker Hotshots) and Darren Kitchen from Hak5.
2. ToorCon is a great place to start your career in cybersecurity.
We”d recommend the ToorCamp as an ideal stomping ground to get to know others in the community. Having ToorCamp on your CV will generate some buzz and a “one of us” fuzzy feeling if you meet the right interviewer.
Interesting facts about ToorCon
ToorCon is San Diego’s exclusive hacker conference that traditionally takes place in late September. Started originally by the San Diego 2600 user group, ToorCon was founded in 1999 by Ben Greenberg and David Hulton (h1kari).
ToorCon attracts many of the top leaders in the computer security community and has been known for its small-conference atmosphere, bringing together around 400 attendees annually. Along with two parallel tracks that run over the course of ToorCon weekend, there are also vendor tables and games. Usually featuring at least one book publisher such as Syngress or No Starch Press, a hardware vendor, and a T-shirt printer. Capture the Flag is one of the recurring games over the weekend.
Perhaps this event might not so well know but we like it enough to include it in our list.
Based in Chicago, United States, this is another classic “hacker event” (cyberculture) that we think is awesome.
THOTCON is a non-profit and interestingly, non-commercial event that looks to provide the best possible conference experience for those amongst us that are on a budget, and for that reason, we included in this event.
Reasons Why We Like THOTCON:
1. It’s very affordable!
Because it is so affordable tickets sell out real quick. Here”s an indication of what you can expect to pay for THOTCON next year in 2016: student prices $56.00, and early bird: $106.00!
2. Awesome talks.
If you are a security nerd you’ll love the quality and depth of the speakers they have had in the past and will likely continue to have in the future. If you live around the Chicago area then this is clearly a “must-go-to” event if you work in cybersecurity.
An interesting fact about THOTCON
The name THOTCON is made of the first letter in the words that represent the main Chicago Area Code (312); as in THree-One-Two. THOTCON is an American hacker conference that is organized by Nicholas J. Percoco, Matt Jakubowski, Jonathan Tomek, John Mocuta, David “VideoMan” Bryan and several other OPERs (volunteers from the local DEF CON 312 chapter). It is held in Chicago, Illinois United States at a somewhat different Top Secret location each year
# Black Hat USA
# Black Hat Europe
# Black Hat Asia
Think of Black Hat as the commercial wing of DEF CON. Started (and then sold) by the same founder (Dark Tangent, aka Jeff Moss) Black Hat has global appeal and it functions throughout the world (Middle East, Asia, Europe, and the US). Think of the Black Hat attendees as being more corporate and the DEF CON crowd as being more “street” and stereotypically “hackerish”. Here”s a nice comparison between DEF CON and Black Hat that I read that I thought sums it up neatly: at DEF CON you can only pay cash, whilst at Black Hat, you can pay with the company and personal credit cards. Why? Because the type of people that go to DEF CON simply don”t want to be identified!
Reasons Why We Like Black Hat:
1. It’s a must if you want to be taken seriously
Black Hat (and DEF CON as well if truth be told) are “rights-of-passage” for most cybersecurity professionals. Attending one conference is a must for kudos, credibility and all round satisfaction in reminding yourself that you work in the coolest industry.
2. If you hear it first, then you heard it at Black Hat.
Black Hat is touted as being the premier place to hear “breaking news” for anything Cyber-Related, especially with regards to vulnerabilities that are a “big deal”. Speakers are contracted to not talk about their research or present again for a few months after the event (don”t quote us on that, we just heard that here at our Concise Courses HQ.) Anyways – Black Hat is an awesome gig and you ought to get yourself down there, not least because they are global and annual, so you don”t really have an excuse not to ever go.
An Interesting Fact About Black Hat
Black Hat is typically scheduled prior to DEF CON with many attendees going to both conferences. Black Hat has been perceived by the security industry as a more corporate security conference whereas DEF CON is more informal.
Our understanding of TROOPERS (a German-based information security conference) is that it has a solid reputation as being one of Europe”s more discerning hacker conferences. They always attract some of the worlds brightest cyber minds and they seem to have an awesome and carefree spirit. In their own words: “We are TROOPERS. There”s no need for another credo. it’s a slogan of unity. By definition, you are a TROOPER if you stand up against the everyday challenges of IT security” Sounds good enough to us!
TROOPERS started in 2007 under the direction that they wouldn’t allow the “usual product/ vendor presentations and marketing”, instead they just seek more of a pure cybersecurity agenda. Nice!
Reasons Why We Like TROOPERS:
1. Network with mega cyber professionals.
You can mingle with some of the heavy hitters in the European Cybersecurity space. Influential CISOs, IT auditors, cybersecurity sysadmins, security consultants, etc from some of the biggest and worst tech companies will rock up.
2. Heidelberg is beautiful.
Although I’ve never personally been to TROOPERS, I have in fact been to Heidelberg (where the event takes place) and I can happily say that it is absolutely beautiful. Heidelberg is in Baden-Württemberg which in my opinion (having lived in Europe for a long time) is one of the most beautiful parts of Europe.
Interesting fact about TROOPERS
OK, this is not really specifically a ‘fact’ about TROOPERS but we thought this is awesome: the first bicycle was invented by a graduate of the University of Heidelberg, Karl Drais.
We like this event because it just seems to have an edge to it. This cyber conference, which has been taking place in Paris since 2003, was influenced by a hacking collective called Hackerz Voice. This group was inspired by DEF CON (in much the same way that the other conferences in this list have mostly been).
Reasons Why We Like Nuit du Hack:
1. It’s a very practical event
Nuit du Hack is one of France”s oldest underground hackers” events, bringing security professionals and amateurs of any levels to test their skills in one place. There are a bunch of resources at the event, in fact, there really is something for everyone, they even have a kids section! They’ve also got a very active CTF division.
2. They’ve got a hacker job board!
We love this. The folks behind Nuit du Hack have fired up a jobs portal for attendees and we think it’s a great idea.
Interesting fact about Nuit du Hack
Initiated in 2003 by a crew of people, including co-founder Paolo Pinto, who got together under the name of Hackerz Voice and inspired by the famous and biggest US hacking event named “DEFCON”. “La nuit du hack” is one of the oldest French underground hackers” event which brings together, professionals and amateurs of any skill level, around lectures and challenges. Regardless of their skill, guests come to see and talk about the latest advances in IT Security to assess and/or improve their level.
# 8 Chaos Communication Congress
Yes. We know. This was a “Top Ten Blog Post” list of the “must-go” information security conferences – and due to messages from our community we’ve added Chaos Communication Congress, which is organized by the Computer Chaos Club, so, congratulations to CCC, you have broken our list and you’ve been given an honorary number 11th spot.
This event, which happens every year, features a mix of lectures and workshops on technical and hacker issues. Interestingly, CCC (as it is very often abbreviated to within the media) focuses on political issues (for example within hacktivism) as well.
This cyber event started way back in 1984 in Hamburg (older than DEF CON then!) and moved to Berlin in 1998, and then back again to Hamburg in 2012.
The event attracts over 10,000 which is extremely impressive.
Reasons Why We Like Chaos Communication Congress:
1. Be part of the “real” Cyber Community in Europe
We’ve always know about CCC but we didn’t add the event since we tried to mix the events (within a balance of vendor-related gigs and pure “hacker events”) but judging by the feedback we got from our community not having included CCC led us to believe that we”d made an error not adding CCC! Anyways, don”t just take our word for it, CCC is a seriously interesting hacking collective. They have been involved in all sorts of escapades and as a result, the type of person they attract to their events will very likely reflect the spirit of their mission.
2. CCC is the largest (real) hacker event in Europe
Our research shows that CCC is Europe”s largest association of hackers. A better networking event perhaps doesn’t exist! (When we say “networking” we are also referring to the social sense of that word, i.e. CCC, with so many European hackers is a superb place to meet like-minded folk).
# NorthSec Conference
We love this event. NorthSec is a newcomer to our list but we are delighted to include it.
Of particular awesomeness is their Capture The Flag competition (CTF).
Reasons Why We Like NorthSec:
They’ve organized three tracks (in 2017) which we feel offer a wide diversity which was: Application & infrastructure, Cryptography/ Obfuscation and Society/ Ethics.
Also, their Capture The Flag (CTF) is pretty awesome; last year (2017) it included 400 competitors with 50 teams that lasted over three days! If you are just starting out in Cybersecurity then taking part in their CTF would be an awesome addition to your CV (better still would be to win it!). For more information please refer to the interview with Gabriel listed below.
A lot of our visitors to our website are from India so we had to include at least one Indian Cybersecurity Conference in this post (we actually have a devoted India InfoSec Events page here), but here’s our top pick for a Cyber Conference in India: nullcon.
The folks behind this event are a very friendly bunch and over the years they’ve consistently added their events to our main InfoSec Directory.
This event was launched in 2010 with the intention of providing an “integrated platform for exchanging information on the latest attack vectors, zero-day vulnerabilities and unknown threats” (organizers own words).
The event even has a motto: “The neXt security thing!” which acts as a driver for the content of these conferences.
Also! We have discovered that the same team is also responsible for organizing another Conference in Europe called: Hardware.io (Hardware Security Conference & Training), which takes place in the The Hague, Netherlands, around September each year.
Reasons Why We Like nullcon:
1. The nullcon Desi Jugaad Concept (which is Hindi for “Local Hack”)
These guys have an event which is referred to as ‘Desi Jugaad’ which is dedicated to allowing researchers and hackers to present their innovative hacks and/ or to solve real-life challenges.
2. The Big Efforts They Make!
The organizers care and make a lot of effort to make sure that their Conference is packed full of useful and actionable materials and content such as there being ‘Interactive Events’, ‘Hacking Challenges’ and – the presentations are also delivered online!
3. The Organizers Are A Friendly Bunch
The folk behind nullcon are a very approachable and friendly bunch and they didn’t hesitate to offer us a complimentary ticket when they discovered we’d put this resource together.