This guide presents our recommended selection of InfoSec events taking place across the United States. Given the scale of the US cybersecurity ecosystem, compiling a “top” list is particularly challenging — there are hundreds of conferences, regional events, and niche security forums running throughout the year.
To cut through the noise, we’ve focused on identifying events that deliver genuine value, actionable insights, and strong networking opportunities for security professionals.
Quick note: We also maintain a separate resource that tracks all US cybersecurity events year-round. Unlike this curated list, that directory is continuously updated as new events are confirmed.
Whether you’re a CISO, SOC analyst, security architect, risk executive, or compliance professional, the right event can meaningfully influence your security strategy and operational resilience.
#1 Zero Trust World
Zero Trust World brings IT and security practitioners together for three days of hands-on learning focused on hardening real-world environments. Built around practical, “use it Monday” takeaways, the program digs into Zero Trust strategy, attack trends, and defensive techniques that reduce noise while improving control. Expect a mix of expert-led sessions, frontline case studies, and peer-to-peer problem solving aimed at security teams managing endpoint risk and everyday operational pressure. It’s designed for everyone from Zero Trust-curious defenders to teams already deep in implementation who want sharper tactics, clearer visibility into weaknesses, and better ways to operationalize protection.
Zero Trust World | |
|---|---|
Niche: Endpoint Security | |
Free or Paid? Not Free | Country: United States |
Date: 4 March | City: Orlando |
#2 Insider Risk Summit West
Insider Risk Summit West convenes security leaders from government and industry to tackle one of the toughest problems in modern defense: trusted-user risk. The agenda emphasizes practical approaches for detecting, investigating, and reducing insider threats—whether driven by malice, coercion, or simple human error. Attendees can expect sessions that blend policy and technology, including behavioral analytics, monitoring strategies, and program design that balances security with privacy and organizational culture. With perspectives spanning big tech, energy, and public-sector stakeholders, it’s geared toward program owners, SOC leaders, risk teams, and decision-makers looking to strengthen prevention and response while building cross-sector collaboration.
Insider Risk Summit West | |
|---|---|
Niche: TBC | |
Free or Paid? Not Free | Country: United States |
Date: 18 March | City: Monterey |
#3 Gartner IT Infrastructure, Operations & Cloud Strategies Conference: USA
This Gartner conference is built for infrastructure, operations, and cloud leaders who need to modernize platforms without losing control of cost, reliability, and risk. The program centers on practical strategy: operating hybrid environments, strengthening resilience, applying automation and AI responsibly, and improving how teams deliver and support critical services. Attendees typically include IT executives, I&O managers, platform and cloud architects, and senior practitioners looking to benchmark priorities and pressure-test roadmaps. Expect research-driven sessions, real-world operational guidance, and peer conversations that focus on what actually works in enterprise environments—especially where complexity, legacy constraints, and rapid change collide.
Gartner IT Infrastructure, Operations & Cloud Strategies Conference: USA | |
|---|---|
Niche: TBC | |
Free or Paid? Not Free | Country: United States |
Date: 9 December | City: Las Vegas |
#4 Southeast Cybersecurity Summit
Southeast Cybersecurity Summit is a regional gathering designed to strengthen the security community across the southeastern United States through education, collaboration, and practical skill-building. Hosted with support from Central Alabama ISSA, InfraGard Birmingham, and TechBirmingham, the event blends relationship-driven networking with sessions focused on current challenges and solutions. Expect a program that highlights real-world defensive practices, information sharing, and training that’s relevant for day-to-day security work. The audience typically includes cybersecurity practitioners, IT leaders, and local innovators who want to connect with peers, learn what’s working in the region, and help grow the area’s security talent and industry impact.
Southeast Cybersecurity Summit | |
|---|---|
Niche: Cloud Security | |
Free or Paid? Not Free | Country: United States |
Date: 15 April | City: Birmingham |
#5 PHREAKNIC
PHREAKNIC continues a long-running hacker and tech-culture tradition, bringing together a friendly mix of security enthusiasts, builders, and curious newcomers in a community-first setting. The event typically blends talks with hands-on learning and informal hallway conversations, covering everything from practical security skills to creative experiments that sit at the intersection of hacking, privacy, and making. Expect a welcoming vibe that encourages collaboration and respectful curiosity, with sessions and activities that suit both first-time attendees and seasoned practitioners. For anyone who wants a smaller, more personal conference experience—without losing technical substance—PHREAKNIC is a solid way to learn, meet peers, and tap into grassroots infosec culture.
PHREAKNIC | |
|---|---|
Niche: TBC | |
Free or Paid? Not Free | Country: United States |
Date: 14 November | City: Murfreesboro |
#6 DEF CON
DEF CON returns to Las Vegas as a high-energy meeting point for hackers, security researchers, and hands-on builders. The program is known for deep technical talks, live demos, and “learn by doing” experiences—often delivered through specialized villages, labs, and community-run activities. It attracts a wide range of attendees: independent researchers, red and blue team pros, students, and engineers who want to test ideas, sharpen skills, and trade lessons learned. The tone is informal, but the learning is serious, with a strong culture of curiosity and peer-driven discovery. For many practitioners, DEF CON is where emerging techniques get stress-tested before they become mainstream.
DEF CON | |
|---|---|
Niche: TBC | |
Free or Paid? Not Free | Country: United States |
Date: 6 August | City: Las Vegas |
#7 ThreatModCon
ThreatModCon is a practitioner-focused event dedicated entirely to threat modeling and secure-by-design thinking. As a community-driven conference from Threat Modeling Connect, it’s built for people who want to get better at finding design flaws early, communicating risk clearly, and integrating security into product and engineering workflows. Expect real-world case studies, practical techniques, and sessions that cover everything from getting started to leveling up mature programs across teams and industries. The audience typically includes AppSec engineers, security architects, product security leaders, and developers who work close to design decisions. If threat modeling is part of the job—or should be—this conference keeps the spotlight on the craft.
ThreatModCon | |
|---|---|
Niche: TBC | |
Free or Paid? Not Free | Country: United States |
Date: 7 November | City: Washington |
#8 Cyber Resilience Awareness Day
Cyber Resilience Awareness Day is a virtual, practitioner-friendly event focused on building resilience into systems by design—not just meeting compliance checkboxes. Hosted by ISSA’s Cyber Resilience SIG, the program emphasizes actionable strategies for withstanding incidents, recovering quickly, and adapting operations under pressure. Sessions typically explore resilient architecture patterns, layered defenses, and implementation lessons that help teams move from abstract frameworks to real-world execution. It’s a strong fit for CISOs, architects, incident response and continuity teams, and anyone tasked with making critical services more dependable when attacks happen. With a clear “how-to” tilt, it’s designed to help attendees translate resilience concepts into daily engineering and operational decisions.
Cyber Resilience Awareness Day | |
|---|---|
Niche: TBC | |
Free or Paid? Free | Country: United States |
Date: 15 October | City: Houston |
#9 The AI Conference
The AI Conference brings builders, researchers, and product leaders together to explore what’s actually shipping in modern AI—alongside the hard questions around safety, governance, and real-world impact. With multiple tracks and a big speaker lineup, the agenda spans core technical topics (models, infrastructure, and applied ML) plus practical sessions for teams deploying AI in production. Beyond talks, the event leans into networking through mixers and founder-focused programming, including a startup showcase where early-stage companies pitch ideas to investors and industry peers. It’s best suited to engineers, data leaders, founders, and operators who want signal over hype and a clearer view of where AI is heading next.
The AI Conference | |
|---|---|
Niche: TBC | |
Free or Paid? Not Free | Country: United States |
Date: 17 September | City: San Francisco |
#10 Black Hat USA
Black Hat USA is a major infosec event known for combining advanced, hands-on training with research-driven briefings that spotlight emerging risks and techniques. It draws a global mix of security engineers, red teamers, defenders, managers, and security leadership who want deep technical learning plus a clear view of what’s next. Attendees can expect a packed program spanning offensive and defensive research, vulnerability discovery, malware analysis, application and cloud security, and practical risk management. The expo-style Business Hall adds a strong vendor and solutions angle, making it useful for teams evaluating tools and partnerships. For professionals who want both skills development and cutting-edge research in one week, Black Hat remains a staple.
Black Hat USA | |
|---|---|
Niche: TBC | |
Free or Paid? Not Free | Country: United States |
Date: 2 August | City: Las Vegas |
In Summary
We hope that our overview highlights a solid selection of high-impact cybersecurity events taking place across the United States, reflecting the scale and diversity of the world’s largest InfoSec ecosystem.
The list spans practitioner-driven conferences such as Zero Trust World, ThreatModCon, and Insider Risk Summit West, alongside globally recognised flagship events including DEF CON and Black Hat USA.
It also features strategic and operational forums like Gartner’s Infrastructure & Cloud conference and Cyber Resilience Awareness Day, which address resilience, governance, and enterprise security execution.
Community-focused gatherings such as PHREAKNIC and regional events like Southeast Cybersecurity Summit add grassroots perspectives and hands-on learning, while broader technology events like The AI Conference explore the intersection of AI, security, and real-world deployment.
Given the volume of US cybersecurity events, this selection prioritises practical value, technical depth, and meaningful networking.
Collectively, these conferences offer CISOs, architects, engineers, analysts, and risk leaders opportunities to sharpen strategy, exchange insights, and strengthen operational resilience.