What’s This Post All About?
We list thousands of Cybersecurity Conferences and events. This page lists your most recommended events of 2020!
We’ve been involved in the cybersecurity conference space for a long time – well, to be exact, since 2012 which I guess you could say is rather a long time.
Quick Link To Every Recommended Event In 2020
This post was originally written several years ago (2013) and it was very tricky to pin down “the best conferences” because the decision had been entirely our own choice.
Listing these events became a lot easier when we opened up the choice to our community and visitors.
What is also a challenge is appreciating what makes a conference amazing and worthwhile.
How Did We Select Events For This List? (2013 – 2019)
Glad you asked.
We used to do it a little differently. We used to just list the events that we thought looked cool and seemed to offer something a little bit different. We’d certainly steer away from ‘vendor pitch’ events because, well, they aren’t really a true reflection of the ethos of the community, so, as a result, we had to remove RSA from our list (which had a hallowed position back in 2014).
However, over time, we implemented different criteria. Namely, does the conference takes place every year, and secondly; does it include various bonus activities such as ‘Lock Picking’, ‘Training’ and ‘Capture The Flag’ events?
Specifically, here’s how we now, in 2020, rank conferences within our “Best Cybersecurity Conference Listing”:
1. How long has the conference been running?
2. Does it have a unique proposition?
3. Does it truly push the Cybersecurity Knowledge and make our industry a better place?
If the answer to ALL of those questions is yes, then the Conference we be placed within this resource.
* We have a resource dedicated to the more alternative “Hacker Conferences” (or Hacker Cons as they’re sometimes referred to).
** Also, real quick – if you are conference organizer – or if you’re a regular attendee of a kickass InfoSec Event that you think ought to be included within this list then go ahead and drop a message below and we’ll add it.
How Do We Now Select Events? (2020 – 2030)
We now, (well from the tail end of 2019) put it to the people! We’ve decided that it’s you guys that matter, after all, you’re the one that did a Google Search and found us. It doesn’t matter if you haven’t been to any of the events listed below, we’d still encourage you to cast a vote. Why? Because the sub-Cyber-culture is so strong these events have the power to cross-borders and inspire, and if an event listed below has helped you in your journey then in our books that totally entitles you to cast a vote!
So, please cast your vote below!
Update! Pretty amazing but the poll seems to have become VERY popular since we launched it two weeks ago (it’s now the middle of December 2019). DEF CON seems to be winning the race. We will let the poll run its’ course during the year and then do a mega tally at the end to see which event really is the most popular and widely respected.
Have you attended any of our recommended InfoSec Conferences?
If yes, then we’d love to share your experience with the greater community.
# DEF CON 28
Started by the legend that is Dark Tangent (Jeff Moss) DEF CON (spelled like that, i..e two separate words) is, really, the world”s best known “hacker convention” or “hacker conference.” DEF CON is held every year in Las Vegas, Nevada, USA, and the first DEF CON took place in June 1993 so it’s also one of the oldest (and therefore original) cybersecurity meetings.
By far, DEF CON, is the best known of all the conferences we have listed within our directory. It’s certainly become a rite of passage for any serious Cyber Pro.
In fact, we’d really encourage you to watch the DEF CON documentary
linked below this section; it really is a fascinating insight into how this iconic cyber conference came into being.
Of interest, DEF CON is a play on the military “readiness condition” which is abbreviated to “DEFCON” (Defense Condition). The cybersecurity grade within the military DEFCON (note how the military only uses one word) is actually referred to as Information Operations Condition (INFOCON), which is soon to be replaced by Cyber Operations Condition (CYBERCON).
“DEF CON” as a title for the event also plays nicely with the “Con” in “Conference”. Furthermore, a lot of the early members of the DEF CON group were phone phreakers and they liked that “DEF” also represents “3” on the North American Classic Key Pad.
Interesting facts about DEF CON: Where did the name come from?
The short answer is a combination of places! According to Jeff Moss:
“There was a SummerCon in the summer, a HoHoCon in the winter, a PumpCon during Halloween, etc. I didn’t want any association with a time of year. If you are a Phreak, or just use your phone a lot you’ll notes “DEF” is #3 on the phone. If you are into military lingo DEF CON is short for “Defense Condition.” Now being a fan of the movie War Games I took note that the main character, David Lightman, lived in Seattle, as I do, and chose to nuke Las Vegas with W.O.P.R. when given the chance. Well I knew I was doing a con in Vegas, so it all just sort of worked out.”
Reasons Why We Like DEF CON:
1. It’s a kick-ass event with awesome personalities.
Sure, over time it might have become slightly more corporate(ish) and journalists and FEDS are all over it, but it still attracts some of the world’s best cybersecurity researchers and hackers with interests in software, computer architecture, hardware modification, and anything else that can be “cracked or hacked.” Folk that attends DEF CON are by their nature very friendly, approachable and a lot of fun to be around.
2. If you are a “hacker” (in a curious-minded way) then DEF CON will not disappoint.
There”s a ton of things you can do. There are several learning tracks that are always populated with excellent speakers, and for the hacking-related stuff, there are, for example, Wi-Fi Cracking stations, lock picking, drone-related hacking and Capture the Flag contests.
3. It’s extremely social.
There are live music shows at night (and our favorite SOMA FM played there a few DEF CON’s ago). For making friends, hanging out whilst learning security stuff (and how to break it) then this is the conference for you. Oh, and if you like shooting guns in the desert then that”s another reason to go, if you are not sure what I”m referring to watch the video in the link below, it’s pretty damn cool.
4. It’s basically the capital for cyber-culture
That’s right. If you are at all into cyberculture and everything that goes with it, then clearly this is a conference for you.
5. If you have to visit one event before you die…this is it…
No BS. If you only ever get ONE chance to attend one Cyber event, then this is it. It’s got a little something for everyone, and I guarantee you, you’ll meet some incredibly creative and interesting (introverted?) personalities.
6. DEF CON is really an umbrella “conferences-within-conferences”
DEF CON has a ton of things going on and that’s why it will almost certainly remain within our recommended cyber events resource for the indefinite future. Events include
If you need more convincing that DEF CON is damn incredible then check out this, at DEF CON 27 (2019) here’s a list of all activities that took place. Now – you tell me if you aren’t gonna get your money’s worth!
So, in summary, DEF CON is amazing. It’s really a “way of life” for many. It’s difficult to beat this security event.
ShmooCon is an extremely popular “puritan” hacker conference. Founded in the late 1990″s by the Shmoo Group this is a “must-attend” if you are interested in meeting some of the brightest minds in the cybersecurity space. For those that don”t know, the Shmoo Group is behind projects such as Linux Apache (yes the rather popular HTTP server!), PGP, OpenSSL, and Snort! This event sells out every year and for a good resource: a lot of (serious) IT Security folk wanna go.
By the way, if you’re into the old school and want to check out some OLD Cyber Events then hit up this post where we talk about conferences like PumpCon, HoHoCon, HOPE (which actually we believe is still going on) and a bunch of other kickass old school events.
Reasons Why We Like ShmooCon:
1. It’s rammed full of amazing hacking content.
This year”s event had 40 different talks and presentations on a variety of IT Security subjects spanning cryptography, computer security through to specific ShellCode, as well as there being unique schmoocon events such as Shmooganography.
2. It’s affordable!
Ticket prices are just $150 per person which is much cheaper when compared to other events. DEF CON is around $250 for example. Also, the organizers restrict the capacity of the event making the event feel a lot more manageable and not overwhelming.
3. Carefully selected speakers and talks.
What makes SchmooCo so popular is the quality of the talks. A lot of emphases is placed on sourcing speakers and subjects that have not been presented at other conferences.
# 3 ToorCon
ToorCon (a play on the word “Root” in the computing sense) is another West Coast US event, which is considered as being pretty left-field. Having started in 1999 (in San Diego, CA) this hacker conference is named after the San Diego 2600 user group. ToorCon also organizes events in Seattle, however, I’m not too sure if they are still doing them there (please let us know in the comments below if they are still running them in Washington State!).
ToorCon does things somewhat differently. They organize camps and even world tours! ToorCon immediately differentiated itself by holding events in awesome venues; for example, ToorCamp in 2009 was held in an Eastern Washington abandoned missile silo, and their WorldToor 2013 was held in Antarctica on a cruise ship. Toorcamp is modeled after European hacker camps.
Reasons Why We Like ToorCon:
1. If you like it intimate then this is the one to go to.
ToorCon has a reputation as being well “thought-out” by bringing 400 people (maximum) annually with hands-on talks and demonstrations. They bring speakers and personalities together such as Joe Grand (whom we had on Hacker Hotshots) and Darren Kitchen from Hak5.
2. ToorCon is a great place to start your career in cybersecurity.
We”d recommend the ToorCamp as an ideal stomping ground to get to know others in the community. Having ToorCamp on your CV will generate some buzz and a “one of us” fuzzy feeling if you meet the right interviewer.
Interesting facts about ToorCon
ToorCon is San Diego’s exclusive hacker conference that traditionally takes place in late September. Started originally by the San Diego 2600 user group, ToorCon was founded in 1999 by Ben Greenberg and David Hulton (h1kari).
ToorCon attracts many of the top leaders in the computer security community and has been known for its small-conference atmosphere, bringing together around 400 attendees annually. Along with two parallel tracks that run over the course of ToorCon weekend, there are also vendor tables and games. Usually featuring at least one book publisher such as Syngress or No Starch Press, a hardware vendor, and a T-shirt printer. Capture the Flag is one of the recurring games over the weekend.
Perhaps this event might not so well know but we like it enough to include it on our list.
Based in Chicago, United States, this is another classic “hacker event” (cyberculture) that we think is awesome.
THOTCON is a non-profit and interestingly, non-commercial event that looks to provide the best possible conference experience for those amongst us that are on a budget, and for that reason, we included in this event.
Reasons Why We Like THOTCON:
1. It’s very affordable!
Because it is so affordable tickets sell out real quick. Here”s an indication of what you can expect to pay for THOTCON next year in 2016: student prices $56.00, and early bird: $106.00!
2. Awesome talks.
If you are a security nerd you’ll love the quality and depth of the speakers they have had in the past and will likely continue to have in the future. If you live around the Chicago area then this is clearly a “must-go-to” event if you work in cybersecurity.
An interesting fact about THOTCON
The name THOTCON is made of the first letter in the words that represent the main Chicago Area Code (312); as in THree-One-Two. THOTCON is an American hacker conference that is organized by Nicholas J. Percoco, Matt Jakubowski, Jonathan Tomek, John Mocuta, David “VideoMan” Bryan and several other OPERs (volunteers from the local DEF CON 312 chapter). It is held in Chicago, Illinois United States at a somewhat different Top Secret location each year
# Black Hat USA
# Black Hat Europe
# Black Hat Asia
Think of Black Hat as the commercial wing of DEF CON. Started (and then sold) by the same founder (Dark Tangent, aka Jeff Moss) Black Hat has global appeal and it functions throughout the world (Middle East, Asia, Europe, and the US). Think of the Black Hat attendees as being more corporate and the DEF CON crowd as being more “street” and stereotypically “hackerish”.
Here”s a nice comparison between DEF CON and Black Hat that I read that I thought sums it up neatly: at DEF CON you can only pay cash, whilst at Black Hat, you can pay with the company and personal credit cards. Why? Because the type of people that go to DEF CON simply don”t want to be identified!
Reasons Why We Like Black Hat:
1. It’s a must if you want to be taken seriously
Black Hat (and DEF CON as well if truth be told) are “rights-of-passage” for most cybersecurity professionals. Attending one conference is a must for kudos, credibility and all-round satisfaction in reminding yourself that you work in the coolest industry.
2. If you hear it first, then you heard it at Black Hat.
Black Hat is touted as being the premier place to hear “breaking news” for anything Cyber-Related, especially with regards to vulnerabilities that are a “big deal”. Speakers are contracted to not talk about their research or present again for a few months after the event (don”t quote us on that, we just heard that here at our Concise Courses HQ.) Anyways – Black Hat is an awesome gig and you ought to get yourself down there, not least because they are global and annual, so you don”t really have an excuse not to ever go.
An Interesting Fact About Black Hat
Black Hat is typically scheduled prior to DEF CON with many attendees going to both conferences. Black Hat has been perceived by the security industry as a more corporate security conference whereas DEF CON is more informal.
Our understanding of TROOPERS (a German-based information security conference) is that it has a solid reputation as being one of Europe”s more discerning hacker conferences. They always attract some of the world’s brightest cyber minds and they seem to have an awesome and carefree spirit. In their own words: “We are TROOPERS. There”s no need for another credo. it’s a slogan of unity. By definition, you are a TROOPER if you stand up against the everyday challenges of IT security” Sounds good enough to us!
TROOPERS started in 2007 under the direction that they wouldn’t allow the “usual product/ vendor presentations and marketing”, instead they just seek more of a pure cybersecurity agenda. Nice!
Reasons Why We Like TROOPERS:
1. Network with mega cyber professionals.
You can mingle with some of the heavy hitters in the European Cybersecurity space. Influential CISOs, IT auditors, cybersecurity sysadmins, security consultants, etc from some of the biggest and worst tech companies will rock up.
2. Heidelberg is beautiful.
Although I’ve never personally been to TROOPERS, I have in fact been to Heidelberg (where the event takes place) and I can happily say that it is absolutely beautiful. Heidelberg is in Baden-Württemberg which in my opinion (having lived in Europe for a long time) is one of the most beautiful parts of Europe.
Interesting fact about TROOPERS
OK, this is not really specifically a ‘fact’ about TROOPERS but we thought this is awesome: the first bicycle was invented by a graduate of the University of Heidelberg, Karl Drais.
We like this event because it just seems to have an edge to it. This cyber conference, which has been taking place in Paris since 2003, was influenced by a hacking collective called Hackerz Voice. This group was inspired by DEF CON (in much the same way that the other conferences in this list have mostly been).
Reasons Why We Like Nuit du Hack:
1. It’s a very practical event
Nuit du Hack is one of France’s”s oldest underground hackers” events, bringing security professionals and amateurs of any levels to test their skills in one place. There are a bunch of resources at the event, in fact, there really is something for everyone, they even have a kids section! They’ve also got a very active CTF division.
2. They’ve got a hacker job board!
We love this. The folks behind Nuit du Hack have fired up a jobs portal for attendees and we think it’s a great idea.
An interesting fact about Nuit du Hack
Initiated in 2003 by a crew of people, including co-founder Paolo Pinto, who got together under the name of Hackerz Voice and inspired by the famous and biggest US hacking event named “DEFCON”. “La Nuit du hack” is one of the oldest French underground hackers” events which brings together, professionals and amateurs of any skill level, around lectures and challenges. Regardless of their skill, guests come to see and talk about the latest advances in IT Security to assess and/or improve their level.
# 8 Chaos Communication Congress
Yes. We know. This was a “Top Ten Blog Post” list of the “must-go” information security conferences – and due to messages from our community we’ve added Chaos Communication Congress, which is organized by the Computer Chaos Club, so, congratulations to CCC, you have broken our list and you’ve been given an honorary number 11th spot.
This event, which happens every year, features a mix of lectures and workshops on technical and hacker issues. Interestingly, CCC (as it is very often abbreviated to within the media) focuses on political issues (for example within hacktivism) as well.
This cyber event started way back in 1984 in Hamburg (older than DEF CON then!) and moved to Berlin in 1998, and then back again to Hamburg in 2012.
The event attracts over 10,000 which is extremely impressive.
Reasons Why We Like Chaos Communication Congress:
1. Be part of the “real” Cyber Community in Europe
We’ve always known about CCC but we didn’t add the event since we tried to mix the events (within a balance of vendor-related gigs and pure “hacker events”) but judging by the feedback we got from our community not having included CCC led us to believe that we”d made an error not adding CCC! Anyways, don”t just take our word for it, CCC is a seriously interesting hacking collective. They have been involved in all sorts of escapades and as a result, the type of person they attract to their events will very likely reflect the spirit of their mission.
2. CCC is the largest (real) hacker event in Europe
Our research shows that CCC is Europe”s largest association of hackers. A better networking event perhaps doesn’t exist! (When we say “networking” we are also referring to the social sense of that word, i.e. CCC, with so many European hackers is a superb place to meet like-minded folk).
# NorthSec Conference
We love this event. NorthSec is a newcomer to our list but we are delighted to include it.
Of particular awesomeness is their Capture The Flag competition (CTF).
Reasons Why We Like NorthSec:
They’ve organized three tracks (in 2017) which we feel offer a wide diversity which was: Application & infrastructure, Cryptography/ Obfuscation and Society/ Ethics.
Also, their Capture The Flag (CTF) is pretty awesome; last year (2017) it included 400 competitors with 50 teams that lasted over three days! If you are just starting out in Cybersecurity then taking part in their CTF would be an awesome addition to your CV (better still would be to win it!). For more information please refer to the interview with Gabriel listed below.
A lot of our visitors to our website are from India so we had to include at least one Indian Cybersecurity Conference in this post (we actually have a devoted India InfoSec Events page here), but here’s our top pick for a Cyber Conference in India: nullcon.
The folks behind this event are a very friendly bunch and over the years they’ve consistently added their events to our main InfoSec Directory.
This event was launched in 2010 with the intention of providing an “integrated platform for exchanging information on the latest attack vectors, zero-day vulnerabilities and unknown threats” (organizers own words).
The event even has a motto: “The neXt security thing!” which acts as a driver for the content of these conferences.
Also! We have discovered that the same team is also responsible for organizing another Conference in Europe called: Hardware.io (Hardware Security Conference & Training), which takes place in the The Hague, Netherlands, around September each year.
Reasons Why We Like nullcon:
1. The nullcon Desi Jugaad Concept (which is Hindi for “Local Hack”)
These guys have an event which is referred to as ‘Desi Jugaad’ which is dedicated to allowing researchers and hackers to present their innovative hacks and/ or to solve real-life challenges.
2. The Big Efforts They Make!
The organizers care and make a lot of effort to make sure that their Conference is packed full of useful and actionable materials and content such as there being ‘Interactive Events’, ‘Hacking Challenges’ and – the presentations are also delivered online!
3. The Organizers Are A Friendly Bunch
The folk behind nullcon are a very approachable and friendly bunch and they didn’t hesitate to offer us a complimentary ticket when they discovered we’d put this resource together.