Update: HITB no longer runs in the Netherlands.
The Amsterdam edition wrapped permanently in 2023, and the conference series has consolidated around Bangkok, Phuket, Singapore, and Abu Dhabi (HITB+in:cyber).
For European researchers used to making the spring trip to Amsterdam, this is the new reality — and the content remains worth the longer flight for organisations that take the technical depth seriously.
The Conference at a Glance
Founded in 2003, HITBSecConf has built its reputation on two days of trainings followed by a two-day, multi-track conference of deeply technical talks, paired with capture-the-flag competitions and an exhibition that mixes vendors with hackerspaces and community groups.
The flagship Asian edition typically runs in late August in Thailand — recent venues have included Phuket and Bangkok — with the UAE event extending the calendar into spring.
The brand also runs smaller Out Of The Box (OOTB) events in Bangkok and Jakarta, which serve as more intimate technical gatherings between the larger conferences.
Who It’s For
HITB is a researcher’s conference.
Expect zero-day disclosures, novel exploitation techniques, deep dives into mobile, embedded, automotive, and ICS security, and the kind of hardware hacking content that doesn’t make it into more commercial events.
The audience is heavily technical — corporate researchers, government practitioners, and the international hacker community — with a thinner CISO-track presence than Black Hat or RSAC.
For senior leaders, the more useful question is which of your researchers and red-team leads should attend, and what you want them to bring back.
Drone, automotive, and IoT specialists tend to find HITB particularly valuable.
Highlights and Themes from the Most Recent Edition
Recent editions have leaned into automotive and drone security, mobile platform vulnerabilities, AI/ML offensive research, reverse engineering of consumer and embedded devices, and the security properties of cryptographic libraries.
The CTFs are widely respected — HITB’s two-day team-based attack-and-defence competition has been described as one of the more gruelling on the global circuit, and the Jeopardy-style individual challenges draw a serious international field.
The conference culture remains explicitly anti-vendor-pitch, which is why researchers continue to bring original work that wouldn’t fit a commercial event’s selection criteria.
The Review Boards include some of the longer-serving names in the international research community, which keeps the technical bar high.
What to Expect Going Forward
HITB+in:cyber in Abu Dhabi has rapidly become the largest gathering of cybersecurity professionals in the UAE capital, and the Bangkok and Phuket events continue to anchor the Asian calendar.
For organisations with operations in APAC or the Gulf, attending the regional HITB has become a meaningful investment in local technical relationships and threat intelligence.
The CFP windows for 2026 events are typically announced through the @HITBSecConf social channels and the conference website rather than via mass mailing, so following them is the easiest way to track schedules.
The Bottom Line
For CISOs, HITB is best treated as a place to send your senior researchers and red-team leads.
They’ll come back with novel attack techniques, useful contacts in regions where having local technical relationships matters, and a sharper sense of what’s possible.
For organisations with material APAC or Middle East exposure, the regional editions also offer something the bigger conferences don’t: genuine engagement with the local security community in a setting built for it.
Treat the travel as part of the investment, not an obstacle to it.