Top Ten Cybersecurity Conferences Happening In 2018 [Updated]

DEF CON, ToorCon, SchmooCon...

Reading Time: 8 Minutes

Summary: These InfoSec Events Will Be Rocking In 2018

What’s This Post All About?

We’ve been involved in the cybersecurity conference space for a long time – well, to be exact, since 2012 which I guess you could say is rather a long time.

Anyways – we list a ton of Information Security conferences (list is here) and this post is really just a reflection of the events that we think should merit being in our world-famous 2018 ‘Top Ten’ list!

The List Has Exceeded Ten

Yes, sorry about that.

This post was originally written several years ago (2013) and of course its been really hard to just pin down the plethora of Cybersecurity Conferences that take place each year to just ten.

How Do We Select Events?

Glad you asked.

We just list the events that we think have something a little bit extra to offer. We would rather steer away from ‘vendor pitch’ events because, well, they aren’t really a true reflection of the ethos of the community.

However – we do have fairly strict criteria: namely, that the conference takes place every year, and secondly, that the conference packs various bonus activities such as ‘Lock Picking’, ‘Training’ and ‘Capture The Flag’ events.

* If you are conference organizer and if you think that your event rocks then send us a message, we will gladly consider your event.

Update: August 11, 2017: We’ve replaced RSA and OWASP and replaced with NorthSec and CCC. Why? By Popular Demand!
Update: July 23, 2017: Niki Vonderwell, Organizer of TROOPERS agreed to an interview
Update: July 15, 2017: Gabriel Tremblay, Founder of NorthSec agreed to an interview
Update: June 23, 2017: Nicholas Percoco, Founder of THOTCON agreed to an interview
Update: September 4, 2017: Aseem Jakhar, Co-Founder of nullcon agreed to an interview

Here Are The Latest Top Ten Events For 2017

DEF CON ShmooCon ToorCon
Nuit du Hack Chaos Communication Congress NorthSec
nullcon RSA OWASP
#1 DEF CON Las Vegas, USA

DEF CON Summary

We start our list with the behemoth of all Cybersecurity Conferences: DEF CON.

Started by the legend that is Dark Tangent (Jeff Moss) DEF CON (spelt like that, i..e two separate words) is, really, the world”s best known “hacker convention” or “hacker conference.” DEF CON is held every year in Las Vegas, Nevada, USA and the first DEF CON took place in June 1993 so it’s also one of the oldest (and therefore original) cybersecurity meetings. In fact, we’d really encourage you to watch the DEF CON documentary linked below this section; it really is a fascinating insight into how this iconic cyber conference came into being.

Of interest, DEF CON, is a play on the military “readiness condition” which is abbreviated to “DEFCON” (Defense Condition). The cybersecurity grade within the military DEFCON (note how the military only use one word) is actually referred to as Information Operations Condition (INFOCON), which is soon to be replaced by Cyber Operations Condition (CYBERCON).

“DEF CON” as a title for the event also plays nicely with the “Con” in “Conference”. Furthermore, a lot of the early members of the DEF CON group were phone phreakers and they liked that “DEF” also represents “3” on the North American Classic Key Pad.

Interesting facts about DEF CON: Where did the name come from?

The short answer is a combination of places! According to Jeff Moss:

“There was a SummerCon in the summer, a HoHoCon in the winter, a PumpCon during Halloween, etc. I didn’t want any association with a time of year. If you are a Phreak, or just use your phone a lot you’ll notes “DEF” is #3 on the phone. If you are into military lingo DEF CON is short for “Defense Condition.” Now being a fan of the movie War Games I took note that the main character, David Lightman, lived in Seattle, as I do, and chose to nuke Las Vegas with W.O.P.R. when given the chance. Well I knew I was doing a con in Vegas, so it all just sort of worked out.”

Get DEF CON Alerts

Join our newsletter and receive ticket discounts, Call For Papers, news and much more!

Unsubscribe anytime | 50K Cyber Pro Community Strong!

Reasons Why We Like DEF CON:

1. It’s a kick-ass event with awesome personalities.

Sure, over time it might have become slightly more corporate(ish) and journalists and FEDS are all over it, but it still attracts some of the world’s best cyber security researchers and hackers with interests in software, computer architecture, hardware modification, and anything else that can be “cracked or hacked.” Folk that attend DEF CON are by their nature very friendly, approachable and a lot of fun to be around.

2. If you are a “hacker” (in the curious-minded way) then DEF CON will not disappoint.

There”s a ton of things you can do. There are several learning tracks that are always populated with excellent speakers, and for the hacking-related stuff there are, for example, Wi-Fi Cracking stations, lock picking, drone-related hacking and Capture the Flag contests.

3. It’s extremely social.

There are live music shows at night (and our favorite SOMA FM played there a few DEF CON’s ago). For making friends, hanging out whilst learning security stuff (and how to break it) then this is the conference for you. Oh, and if you like shooting guns in the desert then that”s another reason to go, if you are not sure what I”m referring to watch the video in the link below, it’s pretty damn cool.

4. It’s basically the capital for cyber-culture

That”s right. If you are at all into cyber culture and everything that goes with it, then clearly this is a conference for you.

ShmooCon Summary

ShmooCon is an extremely popular “puritan” hacker conference. Founded in the late 1990″s by the Shmoo Group this is a “must attend” if you are interested in meeting some of the brightest minds in the cybersecurity space. For those that don”t know, the Shmoo Group are behind projects such as Linux Apache (yes the rather popular HTTP server!), PGP, OpenSSL and Snort! This event sells out every year and for a good resource: a lot of (serious) IT Security folk wanna go.

Get ShmooCon Alerts

Join our newsletter and receive ticket discounts, Call For Papers, news and much more!

Unsubscribe anytime | 50K Cyber Pro Community Strong!

Reasons Why We Like ShmooCon:

1. It’s rammed full of amazing hacking content.

This year”s event had 40 different talks and presentations on a variety of IT Security subjects spanning cryptography, computer security through to specific ShellCode, as well as there being unique schmoocon events such as Shmooganography.

2. It’s affordable!

Ticket prices are just $150 per person which is much cheaper when compared to other events. DEF CON is around $250 for example. Also, the organizers restrict the capacity of the event making the event feel a lot more manageable and not overwhelming.

3. Carefully selected speakers and talks.

What makes SchmooCo so popular is the quality of talks. A lot of emphasis is placed on sourcing speakers and subjects that have not been presented at other conferences.

#3 ToorCon San Diego, USA

ToorCon Summary

ToorCon (a play on the word “Root” in the computing sense) is another West Coast US event, which is considered as being pretty left-field. Having started in 1999 (in San Diego, CA) this hacker conference is named after the San Diego 2600 user group. ToorCon also organizes events in Seattle however I”m not too sure if they are still doing them there (please let us know in the comments below if they are still running them in Washington State!).

ToorCon do things somewhat differently. They organize camps and even world tours! ToorCon immediately differentiated itself by holding events in awesome venues; for example, ToorCamp in 2009 was held in an Eastern Washington abandoned missile silo, and their WorldToor 2013 was held in Antarctica on a cruise ship. Toorcamp is modeled after European hacker camps.

Get ToorCon Alerts

Join our newsletter and receive ticket discounts, Call For Papers, news and much more!

Unsubscribe anytime | 50K Cyber Pro Community Strong!

Reasons Why We Like ToorCon:

1. If you like it intimate then this is the one to go to.

ToorCon has a reputation as being well “thought-out” by bringing 400 people (maximum) annually with hands-on talks and demonstrations. They bring speakers and personalities together such as Joe Grand (whom we had on Hacker Hotshots) and Darren Kitchen from Hak5.

2. ToorCon is a great place to start your career in cybersecurity.

We”d recommend the ToorCamp as an ideal stomping ground to get to know others in the community. Having ToorCamp on your CV will generate some buzz and a “one of us” fuzzy feeling if you meet the right interviewer.

Interesting facts about ToorCon

ToorCon is San Diego’s exclusive hacker conference that traditionally takes place in late September. Started originally by the San Diego 2600 user group, ToorCon was founded in 1999 by Ben Greenberg and David Hulton (h1kari). ToorCon attracts many of the top leaders in the computer security community and has been known for its small-conference atmosphere, bringing together around 400 attendees annually. Along with two parallel tracks that run over the course of ToorCon weekend, there are also vendor tables and games. Usually featuring at least one book publisher such as Syngress or No Starch Press, a hardware vendor, and a T-shirt printer. Capture the Flag is one of the recurring games over the weekend.

#4 THOTCON USA, Chicago


Perhaps this event might not be so well know but we like it enough to include it in our list.

Based in Chicago, US, this is another one of those classic hacker (cyber culture) events that we think are awesome. THOTCON is a non-profit and interestingly, non-commercial event that looks to provide the best possible conference experience for those amongst us that are on a budget, and for that reason, we included this event.

Get THOTCON Alerts

Join our newsletter and receive ticket discounts, Call For Papers, news and much more!

Unsubscribe anytime | 50K Cyber Pro Community Strong!

Reasons Why We Like THOTCON:

1. It’s very affordable!

Because it is so affordable tickets sell out real quick. Here”s an indication of what you can expect to pay for THOTCON next year in 2016: student prices $56.00, and early bird: $106.00!

2. Awesome talks.

If you are a security nerd you”ll love the quality and depth of the speakers they have had in the past and will likely continue to have in the future. If you live around the Chicago area then this is clearly a “must-go-to” event if you work in cybersecurity.

Interesting fact about THOTCON

The name THOTCON is made of the first letter in the words that represent the main Chicago Area Code (312); as in THree-One-Two. THOTCON is an American hacker conference that is organized by Nicholas J. Percoco, Matt Jakubowski, Jonathan Tomek, John Mocuta, David “VideoMan” Bryan and several other OPERs (volunteers from the local DEF CON 312 chapter). It is held in Chicago, Illinois United States at a somewhat different Top Secret location each year

THOTCON Gave Us Some Love!

Mega Update!

We interviewed THOTCON Founder Nicholas Percoco! To read the transcript please click here.

Black Hat Summary

Think of Black Hat as the commercial wing of DEF CON. Started (and then sold) by the same founder (Dark Tangent, aka Jeff Moss) Black Hat has global appeal and it functions throughout the world (Middle East, Asia, Europe and the US). Think of the Black Hat attendees as being more corporate and the DEF CON crowd as being more “street” and stereotypically “hackerish”. Here”s a nice comparison between DEF CON and Black Hat that I read that I thought sums it up neatly: at DEF CON you can only pay cash, whilst at Black Hat you can pay with the company and personal credit cards. Why? Because the type of people that go to DEF CON simply don”t want to be identified!

Get Black Hat Alerts

Join our newsletter and receive ticket discounts, Call For Papers, news and much more!

Unsubscribe anytime | 50K Cyber Pro Community Strong!

Reasons Why We Like Black Hat:

1. It’s a must if you want to be taken seriously

Black Hat (and DEF CON as well if truth be told) are “rights-of-passage” for most cybersecurity professionals. Attending one conference is a must for kudos, credibility and all round satisfaction in reminding yourself that you work in the coolest industry.

2. If you hear it first, then you heard it at Black Hat.

Black Hat is touted as being the premier place to hear “breaking news” for anything Cyber Related, especially with regards to vulnerabilities that are a “big deal”. Speakers are contracted to not talk about their research or present again for a few months after the event (don”t quote us on that, we just heard that here at our Concise Courses HQ.) Anyways – Black Hat is an awesome gig and you ought to get yourself down there, not least because they are global and annual, so you don”t really have an excuse not to ever go.

Interesting fact about Black Hat

Black Hat is typically scheduled prior to DEF CON with many attendees going to both conferences. Black Hat has been perceived by the security industry as a more corporate security conference whereas DEF CON is more informal.


Our understanding of TROOPERS (a German based information security conference) is that it has a solid reputation as being one of Europe”s more discerning hacker conferences. They always attract some of the world”s brightest cyber minds and they seem to have an awesome and carefree spirit. In their own words: “We are TROOPERS. There”s no need for another credo. it’s a slogan of unity. By definition you are a TROOPER if you stand up against the everyday challenges of IT security” Sounds good enough to us!

TROOPERS started in 2007 under the direction that they wouldn”t allow the “usual product/ vendor presentations and marketing”, instead they just seek more of a pure cybersecurity agenda. Nice!


Join our newsletter and receive ticket discounts, Call For Papers, news and much more!

Unsubscribe anytime | 50K Cyber Pro Community Strong!

Reasons Why We Like TROOPERS:

1. Network with mega cyber professionals.

You can mingle with some of the heavy hitters in the European Cybersecurity space. Influential CISOs, IT auditors, cybersecurity sysadmins, security consultants etc from some of the biggest and baddest tech companies will rock up.

2. Heidelberg is beautiful.

Although I”ve never personally been to TROOPERS, I have in fact been to Heidelberg (where the event takes place) and I can happily say that it is absolutely beautiful. Heidelberg is in Baden-Württemberg which in my opinion (having lived in Europe for a long time) is one of the most beautiful parts of Europe.

Interesting fact about TROOPERS

OK, this is not really specifically a ‘fact’ about TROOPERS but we thought this is awesome: the first bicycle was invented by a graduate of the University of Heidelberg, Karl Drais.

Mega Update!

We interviewed TROOPERS Organizer Niki Vonderwell! To read the transcript please click here.

#7 Nuit du Hack France, Paris

Nuit du Hack Summary

We like this event because it just seems to have an edge about it. This cyber conference, which has been taking place in Paris since 2003, was influenced by a hacking collective called Hackerz Voice. This group were inspired by DEF CON (in much the same way that the other conferences in this list have mostly been).

Get Nuit du Hack Alerts

Join our newsletter and receive ticket discounts, Call For Papers, news and much more!

Unsubscribe anytime | 50K Cyber Pro Community Strong!

Reasons Why We Like Nuit du Hack:

1. It’s a very practical event

Nuit du Hack is one of France”s oldest underground hackers” events, bringing security professionals and amateurs of any levels to test their skills in one place. There are a bunch of resources at the event, in fact there really is something for everyone, they even have a kids section! They also have a very active CTF division.

2. They’ve got a hacker job board!

We love this. The folks behind Nuit du Hack have fired up a jobs portal for attendees and we think it’s a great idea.

Interesting fact about Nuit du Hack

Initiated in 2003 by a crew of people, including co-founder Paolo Pinto, who got together under the name of Hackerz Voice and inspired by the famous and biggest US hacking event named “DEFCON”. “La nuit du hack” is one of the oldest French underground hackers” event which bring together, professionals and amateurs of any skill level, around lectures and challenges. Regardless of their skill, guests come to see and talk about the latest advances in IT Security to assess and/or improve their level.

#8 Chaos Communication Congress Germany, Hamburg

Chaos Communication Congress Summary

Yes. We know. This was a “top ten” list of the “must-go” information security conferences – and due to messages from our community we”ve added Chaos Communication Congress, which is organized by the Computer Chaos Club, so, congratulations to CCC, you have broken our list and you”ve been given an honorary number 11th spot.

This event, which happens every year, features a mix of lectures and workshops on technical and hacker issues. Interestingly, CCC (as it is very often abbreviated to within the media) focuses on political issues (for example within hacktivism) as well.

This cyber event started way back in 1984 in Hamburg (older than DEF CON then!) and moved to Berlin in 1998, and then back again to Hamburg in 2012.

The event attracts over 10,000 which is extremely impressive.

Get Chaos Communication Congress Alerts

Join our newsletter and receive ticket discounts, Call For Papers, news and much more!

Unsubscribe anytime | 50K Cyber Pro Community Strong!

Reasons Why We Like Chaos Communication Congress:

1. Be part of the “real” Cyber Community in Europe

We”ve always know about CCC but we didn”t add the event since we tried to mix the events (within a balance of vendor-related gigs and pure “hacker events”) but judging by the feedback we got from our community not having included CCC led us to believe that we”d made an error not adding CCC! Anyways, don”t just take our word for it, CCC is a seriously interesting hacking collective. They have been involved in all sorts of escapades and as a result the type of person they attract to their events will very likely reflect the spirit of their mission.

2. CCC is the largest (real) hacker event in Europe

Our research shows that CCC is Europe”s largest association of hackers. A better networking event perhaps doesn”t exist! (When we say “networking” we are also referring to the social sense of that word, i.e. CCC, with so many European hackers is a superb place to meet like-minded folk).

#9 NorthSec Canada, Montreal

NorthSec Summary

We love this event. NorthSec is a newcomer to our list but we are delighted to include it.

Of particular awesomeness is their Capture The Flag competition (CTF).

Get NorthSec Alerts

Join our newsletter and receive ticket discounts, Call For Papers, news and much more!

Unsubscribe anytime | 50K Cyber Pro Community Strong!

Reasons Why We Like NorthSec:

They’ve organized three tracks (in 2017) which we feel offer a wide diversity which were: Application & infrastructure, Cryptography/ Obfuscation and Society/ Ethics.

Also, their Capture The Flag (CTF) is pretty awesome; last year (2017) it included 400 competitors with 50 teams that lasted over three days! If you are just starting out in Cybersecurity then taking part in their CTF would be an awesome addition to your CV (better still would be to win it!). For more information please refer to the interview with Gabriel listed below.

Mega Update!

We interviewed NorthSec Founder Gabriel Tremblay! To read the transcript please click here.

nullcon Summary

A lot of our visitors to our website are from India so we had to include at least one Indian Cybersecurity Conference in this post (we actually have a devoted India InfoSec Events page here), but here’s our top pick for a Cyber Conference in India: nullcon.

The folks behind this event are a very friendly bunch and over the years they’ve consistently added their events to our main InfoSec Directory.

This event was launched in 2010 with the intention of providing an “integrated platform for exchanging information on the latest attack vectors, zero day vulnerabilities and unknown threats” (organizers own words).

The event even has a motto: “The neXt security thing!” which acts as a driver for the content of these conferences.

Also! We have discovered that the same team are also responsible for organizing another Conference in Europe called: (Hardware Security Conference & Training), which takes place in the The Hague, Netherlands, September 19th – 22nd 2017.

Mega Update!

We interviewed nullcon Co-Founder Aseem Jakhar! To read the transcript please click here.

Get nullcon Alerts

Join our newsletter and receive ticket discounts, Call For Papers, news and much more!

Unsubscribe anytime | 50K Cyber Pro Community Strong!

Reasons Why We Like nullcon:

1. The nullcon Desi Jugaad Concept (which is Hindi for “Local Hack”)

These guys have an event which is referred to as ‘Desi Jugaad’ which is dedicated to allowing researchers and hackers to present their innovative hacks and/ or to solve real life challenges.

2. The Big Efforts They Make!

The organizers care and make a lot of effort to make sure that their Conference is packed full of useful and actionable materials and content such as there being ‘Interactive Events’, ‘Hacking Challenges’ and – the presentations are also delivered online!

3. The Organizers Are A Friendly Bunch

The folk behind nullcon are a very approachable and friendly bunch and they didn’t hesitate to offer us a complimentary ticket when we they discovered we’d put this resource together.


Interesting fact about nullcon Congress

They’ve been at it since 2010 and accumulated a ton of great speakers and presentations, and of course, community!

Interviews With The Event Founders!

Interview with Nicholas Percoco, Founder of THOTCON

Do you have any intention of expanding THOTCON outside of Chicago?

We have had a few requests over the years, but as of right now there are no plans to do a THOTCON outside of Chicago. The event is put on by volunteers and a two day event once per years is already a pretty large time commitment for many of the lead volunteers.

You’ve hosted amazing presentations at THOTCON over the years, how do you select CFP applicants? Do you look for ‘specific achievements’ or ‘talents’? The reason we ask is so that we can share your selection criteria with people reading this interview that might like to apply to speak at THOTCON.

We tend to focus on a mix of modern topics mixed with some old-school technology. We feel that a new generation of hackers needs to be exposed to technology that may seem outdated but are still being actively used in the real world. We also like to find a mix of well-known speaks with those who are up and coming in the security industry. We’ve been able to do so by just focusing on the content we want to present to our audience. We think of THOTCON as a two-day event not just a conference so careful thought has to be put into the selection of talks. We’ve actually turned away some well known speakers because their content didn’t fit the mix of talks we wanted for the event. We also look to invite at least 4 well-known speakers as keynotes each year.

How would you like to see THOTCON evolve in the future?

We announced that we are now a tax-exempt 501(c)(3) nonprofit organization recently.

This will allow us more options when planning events. It will also allow our attendees and other supports to make tax deductible donations. We’ve been approach by several people in the past and this will allow us to provide more longevity for THOTCON.

We love your contests! How did you come up with these ideas? (It certainly makes for an interesting event!)

The contests are the brain children of Jaku and Sake. They spent a number of years competing in the Mystery Challenge at DEF CON and have built upon those experiences to create highly engaging and creative challenges year after year.

Lastly, what do you feel differentiates THOTCON from the rest of the conferences out there? Or, better said, what in your view makes THOTCON special?

THOTCON is very focused on the experience for our attendees, volunteers, and speakers. We also do not take any sponsorship money for the conference itself. This means the THOTCON brand stands on its own in most forms for presentation – from the items in every attendees bag to the signage at the event. It is also about THOTCON and the community that supports it, not about who provided the most funding.

We do believe engagement between the security community and vendors is important as well, so we focus that energy into throwing an amazing after party by utilizing 100% of the funds raised from the after party sponsorships. At the event the sponsorship get to mingle and build relationships in a casual party venue.

Unlike many of the security or hacking conferences out there, THOTCON is not a source of income for any of the organizers. All money raised from ticket sales goes directly into funding and improving the conference each year.

Interview with Gabriel Tremblay, Founder of NorthSec

What prompted you to start NorthSec?

We used to run a CTF competition team called the CISSP Groupies in Montreal. One of our biggest challenge was to recruit talent and even if we did so province-wide, we still struggled to find properly trained people with CTF experience. By looking at the local ecosystem of contest and conference, we realized that there was no event hard enough or well structured enough to help people become talent in that space. A year or two before NorthSec existed, there was a properly good CTF in a smaller Quebec town called Hackus. Their event was eventually cancelled but part of their team were already participating with our small competition team to other CTF. With the help of a part of Hackus staff, we then decided to create our own CTF that would be built from scratch to be the hardest CTF possible, while still staying enjoyable for newcomers with sufficient experience.

We really wanted to have an event “by the community, for the community”, so we decided to make it a non-profit.

With technical elitism, mental trauma and bleeding noses in mind, our CTF was born.

During the years that followed, it became clear that we would need more money to scale the event. With our strict guidelines on sponsorship, banning any company with known dubious morals, intelligence agencies, people who exploits the image of women’s, and weapons dealers we had to find ways to stay alive. Logically, the next step was to start a conference with a slightly higher price point to fund the CTF. This approach worked really well and spawned what is now a 2 days 350+ attendee conference, mainly targeted at industry specialists.

And eventually, the different perks we offered at both the conference and the CTF, such as open microbrew bar all event long and our electronic badge started to drill holes in the budget. To solve this issue, we decided two years ago to spawn two days of professional trainings before the conference. This approach also proven itself worth the investment, as we now attract trainers from all around the world. And this is where we are today.

Your CTF competition looks amazing. How would you like see the CFT improve/ evolve in 2018? (By the way we love the dual functionality of a practical CTF combined with talks).

Our CTF is really one of a kind.

With over 400 participants spread across 50 teams trying to break around 200 challenges for more than 48Hours, it is the largest on-site CTF worldwide. It covers most of the fields of infosec, whether it be Web, exploitation, malware, reversing, crypto, forensics, hardware (with electronic badges for every participant), lockpicking, social engineering and more. This requires a crazy infrastructure where we simulate an Internet for every single team hosted in about 12 000 linux containers, using 10 000 BGP routers, and almost 4M IPv6 table routing entries. This wouldn’t be possible without the invaluable time investment by an incredible team of more than 40 volunteers that help make this event come to life. Every year, we also make sure to create a special ambiance in line with the scenario, which makes an on-site CTF much more appreciable, like cooking sourdough bread for everyone or having custom-crafted passports & voting booth that participants must find vulnerabilities into.

At the growth rate we have, with attendees coming from around the globe, 2018 is probably going to be our biggest year ever. Our technical infrastructure is very good and still has room for more capacity, thanks to our great sponsors that provide us with the high-end equipment this kind of event requires, but we are eventually going to reach our immense room’s physical limit and will be looking for a bigger venue that allows us to scale this to even bigger proportions in the coming years.

The one thing we need now, is more volunteers to help us during the event and throughout the year. We also need dedicated challenge designers that are able to work with the team during the year and deliver high quality & interesting security challenges for the attendees to solve.

How much does NorthSec cost for students and non-students? The reason we ask is because I am sure a lot of young people would love to get involved with the CTF aspect of NorthSec.

The CTF costs USD 100 and the Conference+Workshops USD 220 for professionals. Students get 50% OFF for the entire event (USD 50/110) and we also have multiple Early Bird pricing rebates. This very affordable pricing reflects our objective to train better infosec professionals and make the event accessible to everyone whatever their budget. Most student associations are able to front the costs and send a full team to the competition.

What criteria do you look for when selecting speakers? Do you allow any vendor-related presentations or is NorthSec strictly to demonstrate research based security concepts?

NorthSec is an applied security event, therefore speakers are selected based on the quality of the subject presented and its practical use in the infosec world, generally spread across three different fields: Application & Infrastructure Security, Cryptography and Society & Ethics. We do not allow vendor-related/sponsored presentations and are very concerned with keeping a highly technical content for the presented talks and workshops during the conference. Attendee feedback is very important and we want to make sure they get the most out of the time and money they spend to attend the event. We thrive in selecting the most talented experts for the event in order to bring attendees slightly out of their technical comfort zone and acquire new knowledge, whether it is for the conference, workshops, or the exclusive professional training sessions we propose during NorthSec.

How would you like to see NorthSec evolve over time: more towards the speaking side or the CTF/ ‘practical tech’ side?

The two biggest challenges of NorthSec remains the same since day 0: Stay cutting-edge in term of security/technology and avoid going bankrupt. For that, I think one the best solution is to scale the whole operation as much as we can. To stay on top of our game, we need to keep attracting new talented challenge designers and people who can give their time to our event. Scaling and reaching more people help in recruiting those much needed volunteers. I don’t see the CTF existing in it’s format, and size, without the framework that we built around it with the rest of the event. It goes the same with the conference and the trainings. I see NorthSec becoming much bigger, in all it’s aspects, and certainly not easier.

Lastly, what’s the best way for people to follow you and NorthSec? Do you have a Twitter handle or Facebook page you’d like to share here?

The best way to connect and stay in touch is through our Twitter account @northsec_io but we also have a Facebook page and our Website is at where we publish news about the event.

Interview with Niki Vonderwell, Organizer TROOPERS

What prompted you to start TROOPERS?

We had some ideas in mind when we first started. We wanted to set up something that enabled people to learn (knowledge sharing) and have fun while doing so. TROOPERS was also about interaction and bringing people together that would not otherwise meet. Then, hopefully they would walk away with some new ideas and perspectives. Ideas that would “Make the World a Safer place.”

Being in a place where we can look back over the years we can honestly say that these ideas have really built the foundation of TROOPERS, and made it what it is today.

Why is the conference called TROOPERS? (Which is a great name by the way!)

We came up with the name as sort of a “TROOPERS in the fight against bugs”. It has evolved a bit more to also mean “family”, “quality”, “InfoSec”, and “#TheBestYearEver.

Aside from Heidelberg being a very beautiful place why does the conference take place there?

Heidelberg is home. It is where we work, do groundbreaking research, and play. Our roots are here, and so it makes sense to bring everyone here to enjoy a week of ideas, research, and family. If you want to get a better overview of TROOPERS and why we have kept the conference here for the last 8 years check out our 10 year anniversary video:

What criteria do you look for when selecting speakers? Do you allow any vendor-related presentations or is TROOPERS strictly to demonstrate security concepts and flaws?

Hands-down, TROOPERS has the best speakers in the world gracing our stage year after year! When we are selecting speakers we want to not only look at the research and methodology, but we want to know that after the talk is over the attendees have really taken something from that talk that they can apply to their own work/research/mantras. As said before, knowledge sharing is a core value of the conference, and it is the speakers and trainers who really drive this through their presentations and workshops. This spirit also means no vendor pitches, as we want to keep the high-end quality and content sharing as top priorities. To our Speakers, thank you for everything! For our future TROOPERS Speakers, see you soon! ;-).

How would you like to see TROOPERS evolve over time?

We’ve been lucky to have celebrated 10 years of TROOPERS this past March, and we think we have found a great balance of bringing together people from all over the IT Security spectrum. We typically have a ratio of around 1 speaker for every 4 attendees, which really allows for knowledge sharing and really feeling like part of the TROOPERS family. Our internal slogan is “Best Year Ever” where we are constantly pushing to make the current year even better than the last. This gives us a lot of room to try new things and bring in new people and research..

Is there any cross-over with the folks over at CCC (Chaos Communication Congress)? Do you know of each other?

We do know each other! We are lucky to have several of our Crew attending, speaking, and even helping to organize CCC..

Lastly, what’s the best way for people to follow you and TROOPERS? Do you have a Twitter handle you’d like to share here?

We are pretty active on Twitter! You can follow us @WeAreTROOPERS. We also share our talk videos on our Youtube channel:

Interview with Aseem Jakhar, Co-Founder nullcon

What is the origin of nullcon and what is the meaning behind the name?

In 2008 we started a non-profit security community in India called null – The open security community. The idea was simple i.e. to learn and share by having monthly meets, focused workshops. (Today It is run by volunteers all around the world and had 9 chapters Pan-India and 3 chapters outside – Singapore, Dubai, Amsterdam. For more details So, somewhere in 2009 after seeing the interest in security folks here we decided to organize a conference.

Interestingly we had created a list of names including hacker-camp, hackfest etc. Finally we decided on nullcon as a tribute to the community. Some people till date think that nullcon is organized by null. However, it is organized by our company Payatu Technologies as mentioned on our website as well.

null on the other hand, is our principal community partner for the conference. After all, our journey started from null and it has been a great source of inspiration and an excellent teacher 🙂

I understand that you also have a bunch of other events in India and the rest of the world, can you explain a little more about them?

Oh yes, we mainly organize two difference conferences nullcon and In 2014, we started seeing a lot of hardware based attacks and got interested in it. We also had a lot of interest in hardware security. When we looked in the security market there were hardly any conferences focussing specifically on hardware security from both offensive and defensive perspective. It did not take us time to finalize that we are going to organize a hardware security conference. However, choosing a place took most of the time. We looked at most European countries and finally zeroed in on The Hague, The Netherlands.

The conference name was another challenge, we came up with a list and finally chose – hardwear. It signifies hardware protection.

What makes nullcon different to the other Cybersecurity Conferences in India?

Every event has its charm. All I will say about nullcon is that it is the place where almost all security researchers, hackers and companies meet once a year and have loads of fun, networking, learning and hacking at the beach. We are proud to create a balanced conference that has the hacker touch and also appeals to the corporate, given the amount of HiTech knowledge that is shared at the conference. Also, I cannot find words to describe the atmosphere and vibe at nullcon, you have to come and see for yourself. So, if you are in Asia and have not been to nullcon, you are missing one of the largest security community gathering in Asia.

How do you select speakers and their research? The reason we ask is to help people that might be interested in applying to speak at nullcon in 2018.

The speakers submit their talks to our Call for Papers. We have an external review panel that reviews and scores the submissions. We then take the cumulative scoring and go through the papers ourselves to finally select the finest papers. For speakers few things to take care when submitting:

[Three recommended criteria to consider when submitting CFP’s for nullcon]

– Provide as much in-depth technical details as possible.
– Typically research already presented elsewhere mostly gets a little less scoring as we want the present the latest research to our attendees. Usually submitters think that if their paper is accepted at a big conference, it is most likely going to be accepted at regional conferences. However, thats exactly the opposite at nullcon as we prefer to have more new research than old.
– Submissions that mention “we can’t disclose it in CFP due to Bla Bla” also get filtered out in the last stage.

How would you like to see nullcon evolve in the future?

The future plans for nullcon include moving to south east Asia in addition to Goa, we are still looking at cities where we can organize nullcon. In addition to conferences, we plan to organize training only events in Asia. For we are moving to the US, in addition to The Hague, in an year and then may be Asia in another 3-4 years. If the community has any suggestions, please do let us know.

Do you see a growth in Cybersecurity in general in India?


Looking back, when we started nullcon, it was too difficult to convince corporates why they need to invest in security and convince security professionals the importance of participating in a security conference. Since then, our efforts at null, nullcon, general cyber attacks and cyber crimes around the country have changed the mindset of corporates as individuals. Many companies are now investing in opening their security centers in India.

Lot of companies come to nullcon to recruit. There is a growing demand for security products in India. Finally there is awesome security talent in India. We were surprised to see really good submissions from India starting from the second nullcon in 2011 onwards.

Back To Top

Reviews From Delegates

Oops! We could not locate your form.

Back To Top