Skip to main content
Exploring what’s next in tech – Insights, information, and ideas for today’s IT leaders

The top security conferences to attend in 2020

You can learn a lot of security in a little time at a good security conference. Very often, you can have fun doing it. Which conference is best for you? There are many to choose from.

If security is part of your job, then keeping up with the technology and the market is an important part of it. Attendance at a security conference can provide you with invaluable training on important products and technologies, exposure to new techniques, the opportunity to talk directly with vendors, and the ability to network with others who do what you do. And lots of people have gotten better jobs through recruiting at a conference or the connections they make there.

We made a broad list of events in 2020 and one coming at the end of 2019. Many are hacker shows where attendees learn to attack and compromise systems, and there are many good reasons for this. DEF CON, the largest of these shows, drew 30,000 attendees in August 2019.

There are large security shows, like the RSA Conference, that take a broad approach including large trade shows. Whatever you're looking for is probably there. There are shows that focus on specific application areas, like FloCon, which specializes in data collection and analysis. There are shows that focus on business and the intersection of public policy and security, as well as shows that reach out to underrepresented communities. There are shows in the U.S., shows in Canada, shows in Europe, and shows in Asia.

Because there is no universal "best" conference for everyone, the listings in this guide are ordered by date rather than a rating.

 

Chaos Communication Congress

Twitter: @chaosupdates
Website: www.ccc.de/en/updates/2019/36c3-in-leipzig
Dates and location: Dec. 27-30, 2019, Leipzig Trade Fair, Germany
Cost: It's complicated, and it may be too late. See here for an obscure explanation.

A production of the hacker group Chaos Computer Club (CCC), Chaos Communication Congress has been held annually between Christmas and New Year's since 1984. The CCC calls it the largest hacker conference in Europe.

The CCC describes itself as "one of the longest established and most influential civil society organizations dealing with the security and privacy aspects of technology in the German-speaking world." Members have been involved in prominent hacking research, such as their 2013 demonstration of a bypass of Apple's TouchID.

The CCC site doesn't describe details of the show content, but there will be "approximately 120 curated talk slots with high-quality content."

FloCon

Twitter: @FloCon_News
Website: https://resources.sei.cmu.edu/news-events/events/flocon
Dates and location: Jan. 6-9, 2020, Hyatt Regency, Savannah, Georgia
Cost: Standard $1,200, academic $850, government $825, training day $725, student $400

FloCon focuses on data analytics in support of security operations. The 2020 theme is the same as it was in 2019: "Using data to defend." Think network defense, encrypted traffic, threat detection and mitigation, operational data visualization, data fusion, and optimization of analyst workflow. The audience is comprised of operational analysts, tool developers, researchers, and other security professionals from industry, government, and academia—all working on analyzing and visualizing large datasets to protect and defend network systems.

FloCon is affiliated with Carnegie Mellon University's Software Engineering Institute. The conference originally was specifically about network flow but has expanded to all types of data analysis.

Real World Crypto Symposium

Twitter: @RealWorldCrypto
Website: https://rwc.iacr.org/2020
Dates and location: Jan. 8-10, 2020, Alfred Lerner Hall, Columbia University, New York
Cost: Registration including IACR dues: regular $280, student $140

Organized by the International Association for Cryptologic Research (IACR), the goal of the Real World Crypto Symposium is to bring academic and commercial cryptographers together. The main topics are "uses of cryptography in real-world environments such as the Internet, the cloud, and embedded devices." Enticing talks on the program include:

  • Protocols for Checking Compromised Credentials
  • Weaknesses in the Moscow Internet Voting System
  • Everybody Be Cool, This Is a Robbery!

ShmooCon

Twitter: @shmoocon
Website: https://shmoocon.org
Dates and location: Jan. 31 – Feb. 2, 2020, Washington Hilton Hotel, Washington, D.C.
Cost: General admission $150

ShmooCon is a small hacker conference that is both interesting and affordable. The organizers emphasize the free and open exchange of information and a friendly atmosphere.

Day 1 is a single track of speed talks called One Track Mind. Days 2 and 3 are split into three tracks called Build It, Belay It, and Bring It On. At the same time, attendees can visit the Lockpick Village, ShmooCon Labs, Hack Fortress, and other side events.

ShmooCon sells out quickly. Tickets are sold in three rounds, on Nov. 1, Dec. 1, and Dec. 13. Tickets in the first round sold out in 5.79 seconds. No tickets will be sold at the door.

SANS Open-Source Intelligence Summit

Twitter: @sansinstitute
Website: www.sans.org/event/osint-summit-2020
Dates and location: Summit Feb. 18, 2020; training Feb. 19-24, 2020, Hilton Alexandria Old Town, Alexandria, Virginia
Cost: Summit $875; 4-6 day courses $6,000-plus (certifications available)
Discounts: Pay by Dec. 31 for savings

The SANS Institute runs security training seminars all year and across the world. OSINT Summit 2020 combines a day of expert talks on the latest in data collection and analysis. The talks include:

  • OSINT for Counter Diversion and Brand Protection Investigations
  • Real-Time OSINT: Investigating Events as They Happen
  • Weaponizing the Deep Web

On Days 2 and 3, four courses are offered, along with associated optional certifications.

Network and Distributed System Security Symposium

Twitter: @NDSSSymposium
Website: www.ndss-symposium.org/ndss2020
Dates and location: Feb. 23-26, 2020, Catamaran Resort Hotel & Spa, San Diego
Cost: Symposium (including evening activities) $1,110, workshop $395, symposium one-day pass (no evening activities) $420
Discounts: Early bird and student; see web page for details

The NDSS Symposium is a four-day event combining a one-day series of workshops and three days of presentations on security research topics. The symposium is organized by the Internet Society, an international organization that supports and promotes the work of standards-setting bodies, such as the IETF. Typical participants at the conference include CTOs, privacy officers, security analysts, sysadmins, operations and security managers, as well as university researchers and educators. Attendance is limited.

The 2020 agenda has not been released. Workshops in 2019 involved binary analysis research, decentralized IoT systems and security, and usability security and privacy. The 2019 presentations covered a vast array of subject areas, including mobile security, blockchain, adversarial machine learning, and censorship.

RSA Conference

Twitter: @rsaconference
Website: www.rsaconference.com/events
Dates and location: Feb. 24-28, 2020, Moscone Center, San Francisco
Cost: Pricing is complicated; see website for details

RSA is perhaps the largest security conference of the year, drawing more than 40,000 attendees. There are more keynotes, educational sessions, product demos, and other events than you could hope to attend. In mid-November 2019, the conference organizers are beginning to release information on what to expect, including some of the speakers and an e-book describing trends in cybersecurity based on session submissions for the conference.

The conference also includes a large trade show where everyone who's anyone in security exhibits.

CanSecWest Vancouver 2020

Twitter: @CanSecWest
Website: https://cansecwest.com
Dates and location: March 18-20, 2020, Sheraton Wall Centre, Vancouver
Cost: After March 15, full price CA$2,700 (US$2,032); training courses priced separately
Discounts: Early bird

CanSecWest Vancouver bills itself as "the world's most advanced conference focusing on applied digital security," drawing respected researchers and vendors. The show features a single track of one-hour presentations on all three days. The 2019 presentations included:

  • Attacking .NET Through CLR
  • Hacking Microcontroller Firmware Through USB
  • Dive Into Windows Hello: Is It Really More Secure Than a Password?

The famous Pwn2Own hacking contest, run by the Zero Day Initiative, is held alongside CanSecWest. Top hackers congregate to win hundreds of thousands of dollars by attacking edgy targets like connected cars, as well as the usual suspects—i.e., web browsers. The best source of news on Pwn2Own is the Zero Day Initiative Twitter feed.

InfoSecWorld

Twitter: @InfoSec_World
Website: http://infosecworld.misti.com
Dates and location: March 30 – April 1, 2020, Disney Contemporary Resort, Lake Buena Vista, Florida
Cost: World pass $3,695, main conference $1,795
Discount: Expo only, government rate

InfoSecWorld focuses on the "business of security," helping attendees to be more secure on their own and to be a more secure business partner. Program tracks include Security Strategies, Management & Leadership, Privacy & Risk, and Infrastructure & Operations. The conference also includes summits and workshops, an exhibition floor, a "Capture the Flag" contest, and an opportunity to earn CPE credits.

CypherCon 5.0

Twitter: @Cyphercon
Website: https://cyphercon.com
Dates and location: April 2-3. 2020, Wisconsin Convention Center, Milwaukee
Cost: Plain all-access "analog" badge $150; fancy interactive badge $220

CypherCon is "Wisconsin's Hacker Conference!" It's small by the standards of RSA, but it has enough to keep any hacker busy and interested for two days. There are talks, informal discussions, contests and challenges, and "over a dozen mind-blowing but approachable villages (specializations)." More than 20 speakers present on a variety of topics, and CypherCon endeavors to be welcoming to beginners and non-hackers.

INFILTRATE

Twitter: @InfiltrateCon
Website: https://infiltratecon.com
Dates and location: April 19-24, 2020, Miami Beach; conference: Fontainebleau; training: Eden Roc
Cost: $2,500
Discounts: Early bird; $1,000 for the conference when bundled with training

INFILTRATE is an "inSecurity Conference" hosted by Immunity, a prominent security consulting firm. The conference is "deeply technical" and focuses on offensive security issues―i.e., how to attack. Attendees are promised research and techniques that cannot be found elsewhere.

The first four days of the conference are dedicated to training sessions on Linux kernel exploitation, web hacking, advanced IoT exploit development for ARM 32 bit, and reverse engineering with Ghidra (a free and open source set of reverse-engineering tools developed by the U.S. National Security Agency). There will also be an event at which you can try your hand at Brazilian Jiu Jitsu.

The agenda for briefings on Days 5 and 6 is not yet available, but the 2019 archives show presentations on exploiting Chrome on Android, how to use Ghidra, and "large-scale JavaScript compiler fuzzing."

Hack in the Box Security Conference

Twitter: @HITBSecConf
Website: http://conference.hitb.org
Dates and locations: Amsterdam, April 20-24, 2020, Hotel NH Collection Amsterdam Grand Hotel Krasnapolsky; Singapore, July 20-24, 2020, site TBA
Cost: Amsterdam, TBD; 2019 pricing: conference €1,199 (US$1,320), two-day training €2,599 (US$2,863), three-day training €3,199 (US$3,524). Singapore, TBD; 2019 pricing: conference S$1,999 (US$2,735), three-day training S$3,999 ($5,473). Note: Training and conference tickets include HAXPO access.
Discounts: Early bird, student conference pass

The Hack in the Box Security Conference (HITBSecConf) is a major international event for security researchers and other technical security professionals. It features two days of technical sessions, multiple keynote speakers, a two-day "Attack and Defense" capture-the-flag competition, developer hackathons, and an exhibitor space.

ICS Cyber Security

Twitter: @DefenceIQ
Website: www.defenceiq.com/events-icscybersecurity
Dates and location: April 28-30, 2020, London
Cost: Operators £1,699 (US$2,196), including April 28 workshop £1,899 (US$2,454); vendors and solution providers £699 (US$903), including April 28 workshop £899 (US$1,162)
Discounts: Early bird; see website for details

The ICS Cyber Security conference focuses on industrial control systems (ICS), a critical class of systems that are not widely understood in the security community. ICS attacks in the past have led to major damage to systems. The conference seeks to bring interested parties from across Europe together to discuss best practices in the defense of ICS.

LocoMoco Security Conference

Twitter: @locomocosec
Website: https://locomocosec.com
Dates and location: May 26-29, 2020, The Westin Maui Resort and Spa, Hawaii
Cost: Many options for conference and training passes and social events, including daycare; see website for details

The LocoMoco Security Conference and Training has a single track of presentations on a variety of topics for developers and security professionals.

LocoMocoSec, founded by Hawaii residents, takes place on a different Hawaiian island every year, this year on Maui. The organizers make an effort to bring the local community, including students and government officials, and to be as inclusive as possible. A grant for training as well as travel and accommodations is available for the "best fitting" candidates.

OWASP Global AppSec

Twitter: @OWASP
Website: www.globalappsec.org
Dates and location: June 2020, Dublin; September 2020, San Francisco
Cost: TBD

OWASP is a world-wide organization that promotes security best practices through free online resources, local events, and larger conferences such as Global AppSec.

Global AppSec includes technical talks by experts, panels, keynotes, training sessions, and a show floor.

The OWASP page shows two Global AppSec events this year, in Dublin and San Francisco, but the exact venue and costs are not mentioned. The organizers move the event around to different cities all the time, so previous events are not a good predictor of where this year's event will be and how much it will cost.

Gartner Security & Risk Management Summit

Twitter: @Gartner_inc
Website: www.gartner.com/events/na/security
Dates and location: June 1-4, 2020, Gaylord National Resort & Convention Center, National Harbor, Maryland
Cost: Early bird (until April 3, 2020) $3,475, standard $3,825, public sector $3,150

The Gartner summit brings heavy hitters to discuss big-picture issues in security for businesses and government. It's not a place to get down in the weeds of technical details but rather to discuss broader strategies. It is also an excellent venue for networking. Attendees will learn "new best practices for cloud security, AI, IoT, blockchain, DevOps, and other challenges."

InfoSecurity Europe

Twitter: @Infosecurity
Website: www.infosecurityeurope.com
Dates and location: June 2-4, 2020, Olympia Grand, London
Cost: Registration is free until June 1; on-site registration is €69 (US$76)

InfoSecurity Europe brings together more than 15,000 attendees and 400 vendors. The 2019 conference program included more than 200 presentations on a broad variety of topics. Other opportunities include a Women in Cybersecurity networking event, symposia for security in critical national infrastructure, and hands-on workshops.

CircleCityCon

Twitter: @circlecitycon
Website: https://circlecitycon.com
Dates and location: June 12-14, 2020, The Westin, Indianapolis
Cost: $150 (plus $6.50 fee)

CircleCityCon 7.0, the only Indianapolis show in this list, is notable for its affordability, but it also tries to be fun. The themes are fun, and there are hacker game shows to watch and participate in.

Training is free, and you can reserve a seat for a modest fee. Past classes included Wi-Fi exploits, threat hunting with ELK, social engineering, persuasive communication skills, Splunk, Cuckoo sandboxing, exploit development, memory forensics, and client-side attacks.

AWS re:Inforce

Twitter: @awscloud
Website: https://reinforce.awsevents.com
Dates and location: June 30 – July 1, 2020, Houston
Cost: $1,099 for full conference pass
Discount: $100 discount for early registration

AWS re:Inforce focuses on cloud security, identity, and compliance, obviously with an emphasis on Amazon Web Services.

There are hundreds of technical sessions and keynotes featuring senior AWS leadership. If your business has a commitment to AWS, re:Inforce is a logical event to attend.

Hack in the Box Security Conference Singapore 2020

Twitter: @hitbsecconf
Website: http://conference.hitb.org
Dates and location: July 20-24, 2020, TBA
Cost: Conference is $1,199; training ranges from $2,599 to $4,299
Discounts: Early bird, student

The Hack in the Box Security Conference (HITBSecConf) is a major international event for security researchers and other technical security professionals. It features two days of technical sessions, multiple keynote speakers, a two-day "Attack and Defense" capture-the-flag competition, developer hackathons, and an exhibitor space.

HITBSecConf is held annually in Amsterdam and cities in Asia. There will be an event in Amsterdam April 20-24, 2020.

Black Hat USA 2020

Twitter: @BlackHatEvents
Website: http://blackhat.com
Dates and location: Aug. 1-6, 2020, Mandalay Bay, Las Vegas
Cost: TBD (details expected in January 2020); see 2019 prices. You may also purchase a pass to DEF CON, which always follows Black Hat in Las Vegas, for $300.

Black Hat is one of the most prominent infosec conferences in any year. It bills itself as "the most technical and relevant information security event series in the world." Four days of training, with a vast selection of topics, precede the two-day briefings.

The size and prominence of Black Hat USA briefings brings attendees some of the best research available. The 2019 schedule had talks in 21 different tracks, by well-known security experts including Bruce Schneier, Dino Dai Zovi, and Mikko Hypponen.

The annual Pwnie Awards are given at Black Hat USA each year for special achievement—and failure—in security.

The name implies more of a "bad boy" image than the conference deserves, but the real rule-breaking, attack-mode action is at DEF CON, which is always held in Las Vegas immediately after Black Hat USA. Many attendees go for both, and you may buy a DEF CON pass with your Black Hat registration.

BSides Las Vegas

Twitter: @bsideslv
Website: https://www.bsideslv.org
Dates and location: Aug. 4-5, 2020, Tuscany Suites, Las Vegas
Cost: Pricing is complicated; see details on the website

BSides Las Vegas is organized by a nonprofit of the same name, with the goal "to increase infosec awareness, provide low to no-cost education, initiate conversations, and foster community and collaboration." The 2019 schedule shows a variety of themes, practical sessions like Beginner's Lock Picking, and hacker stand-up comedy.

The conference is nominally a free event. The free on-site passes go quickly. One can normally reserve a seat through several methods, including a small donation, submitting a presentation and having it accepted, volunteering time for the event, reserving a room in the conference block, or having your organization sponsor the event. All of these can run out of space. Look at the Join Us page and don't panic. If, at the bottom, it says "This page last updated August 1, 2019," it is referring to the 2019 conference.

DEF CON 28

Twitter: @defcon
Website: www.defcon.org/index.html
Dates and location: Aug. 6-9, 2020, Caesars Forum (a new venue, not to be confused with Caesars Palace), Harrah's, Linq, and Flamingo, Las Vegas
Cost: TBD (previously $300); cash only in U.S. dollars

You see a website and you want to hack it. You see an Internet camera and you want to take control of it. Rules? Payment? That's for other people. This is why you go to DEF CON. Seriously though, while you may think yourself an accomplished hacker, most people at DEF CON are legitimate security professionals and the outlaw bit is cosplay. And it's big: An estimated 30,000 people attended DEF CON 27 in 2018.

DEF CON is the biggest and baddest of the hacker conferences. If you want a sense of DEF CON, you can view the video of 92 sessions from last year on YouTube.

DEF CON Las Vegas hosts the most prestigious capture-the-flag event of the year, bringing top hackers from all over the world. The victors in this and certain other events win the heralded Black Badge, which entitles the winner to lifetime attendance at the conference and a lot of bragging rights.

The Diana Initiative

Twitter: @dianainitiative
Website: http://dianainitiative.com
Dates and location: Aug. 6-7, 2020, The Westin, Las Vegas
Cost: $30

"This event is open to people of all genders and identities interested in information security and diversity in the tech landscape. Although we tend to focus on women, we want to make sure we are welcoming to everyone, especially our supporters and allies."

Founded by nine women attending DEF CON 23, the goal of The Diana Initiative is to be "a conference for all those who identify as women/non-binaries, and to help them meet the challenges that come with being a woman in information security with resilience, strength, and determination." The conference is open to everyone, but the goal is to bring such persons together to discuss hacking and other infosec topics. Attendance at the conference is very inexpensive, and the organization looks for sponsors and donations.

The 2019 event had a capture-the-flag session; career, lock-pick, and soldering villages; and many parties.

29th USENIX Security Symposium

Twitter: @usenixsecurity
Website: https://www.usenix.org/conference/usenixsecurity20
Dates and location: Aug. 12-14, 2020, Boston Marriott Copley Place, Boston
Cost: TBD; separate fees for many colocated events
Discount: USENIX members; deep discount for students

At the USENIX Security Symposium, as with all USENIX events, a great deal of original research is presented. The list of papers presented at the 2019 symposium shows mostly academic sources and a mixture of pure research and projects with a practice bent.

The program also includes topic-oriented workshops, birds-of-a-feather sessions, and fun stuff like Board Game Night.

USENIX is a nonprofit organization that promotes vendor-neutral and open research and events.

Did we miss any conferences or events?

We worked hard to bring you the best conferences and events on security, but if we missed a conference or event you find useful for any reason, please share that info with us on Twitter at @enterprisenxt.

Useful links:

This article/content was written by the individual writer identified and does not necessarily reflect the view of Hewlett Packard Enterprise Company.