10 ‘Must Go To’ Cybersecurity Conferences DEF CON, ToorCon, SchmooCon and more!

Welcome to our ‘Top Ten’ Cybersecurity Conference List! If you are interested in local events then hit either of the two buttons below.


Cyber Security Conferences 2016 Cyber Security Conferences 2017


What is this post all about?

Since 2012 we’ve posted a ton of information on Cyber events happening around the world. Some might even say that nothing escapes the reach of the concise super-conference bot. Anyways! This post is a summary of events that we think are the most happening. Also – worth mentioning that we always listen to our readers and visitors to this page. For example, a few months back (early 2016) we had an enquiry saying that we should add the Chaos Communication Congress (a conference organized by the Computer Chaos Club) which we did.

In summary, with our experience and having been engrossed within the security conference world for several years now, we thought it was high-time to compile our “Top Ten Must Go To Hacking Conferences!”

Looking for cyber conferences in your country or city?
We’ve launched a bunch of posts for regional parts of the world where’s there is a ton of demand for attending cyber conferences and events, here they are:

Washinton DC (City) San Francisco (City) New York City (City) Las Vegas (City) London (City) Texas (State) California (State) Australia (Country) India (Country) USA (Country) Africa (Continent) South America (Continent) Middle East (MENA Region) SE Asia (Region) Europe (Region)


Upcoming DEFCON Dates

blog.post.top.ten.conference-defcon

DEF CON Overview:

Started by the legend that is Dark Tangent (Jeff Moss) DEF CON (two words) is, really, the world’s best known ‘hacker convention’. DEF CON is held every year in Las Vegas, Nevada, USA and the first DEF CON took place in June 1993 so it’s also one of the oldest (and therefore original) cyber security meetings.

Of interest, DEF CON, is a play on the military ‘readiness condition’ which is abbreviated to ‘DEFCON’ (Defense Condition). The cybersecurity grade within the military DEFCON (note how the military only use one word) is actually referred to as Information Operations Condition (INFOCON), which is soon to be replaced by Cyber Operations Condition (CYBERCON).

‘DEF CON’ as a title for the event also plays nicely with the “Con” in “Conference”. Furthermore, a lot of the early members of the DEF CON group were phone phreakers and they liked that ‘DEF’ also represents ‘3’ on the North American Classic Key Pad.

Reasons To Get Yourself To DEF CON:

1. It’s a kick-ass event with awesome personalities.
Sure, over time it might have become slightly more corporate(ish) and journalists and FEDS are all over it, but it still attracts some of the world’s best cyber security researchers and hackers with interests in software, computer architecture, hardware modification, and anything else that can be “cracked or hacked.” Folk that attend DEF CON are by their nature very friendly, approachable and a lot of fun to be around.

2. If you are a ‘hacker’ (in the curious-minded way) then DEF CON will not disappoint.
There’s a ton of things you can do. There are several learning tracks that are always populated with excellent speakers, and for the hacking-related stuff there are, for example, Wi-Fi Cracking stations, lock picking, drone-related hacking and Capture the Flag contests.

3. It’s extremely social.
There are live music shows at night (and our favorite SOMA FM played there a few DEF CON’s ago). For making friends, hanging out whilst learning security stuff (and how to break it) then this is the conference for you. Oh, and if you like shooting guns in the desert then that’s another reason to go, if you are not sure what I’m referring to watch the video in the link below, it’s pretty damn cool.

4. It’s basically the capital for cyber-culture
That’s right. If you are at all into cyber culture and everything that goes with it, then clearly this is a conference for you.

Official Site:
DEF CON Website

Related Media:
DEF CON – The Full Documentary [1 Hour 50 Minutes Long]
Other Hacking Documentaries

Upcoming Shmoocon Dates

blog.post.top.ten.conference-shmoocon

ShmooCon Overview:

ShmooCon is an extremely popular ‘puritan’ hacker conference. Founded in the late 1990’s by the Shmoo Group this is a ‘must attend’ if you are interested in meeting some of the brightest minds in the cybersecurity space. For those that don’t know, the Shmoo Group are behind projects such as Linux Apache (yes the rather popular HTTP server!), PGP, OpenSSL and Snort! This event sells out every year and for a good resource: a lot of (serious) IT Security folk wanna go.

Reasons To Get Yourself To ShmooCon:

1. It’s rammed full of amazing hacking content
This year’s event had 40 different talks and presentations on a variety of IT Security subjects spanning cryptography, computer security through to specific ShellCode, as well as there being unique schmoocon events such as Shmooganography.

2. It’s affordable!
Ticket prices are just $150 per person which is much cheaper when compared to other events. DEF CON is around $250 for example. Also, the organizers restrict the capacity of the event making the event feel a lot more manageable and not overwhelming.

3. Carefully selected speakers and talks
What makes SchmooCo so popular is the quality of talks. A lot of emphasis is placed on sourcing speakers and subjects that have not been presented at other conferences.

Official Site:
ShmooCon Website

Related Media:
SchmooCon Presentations – A lot of previous presentations are located here

Upcoming ToorCon Dates

blog.post.top.ten.conference-toorcon

ToorCon Overview:

ToorCon (a play on the word ‘Root’ in the computing sense) is another West Coast US event, which is considered as being pretty left-field. Having started in 1999 (in San Diego, CA) this hacker conference is named after the San Diego 2600 user group. ToorCon also organizes events in Seattle however I’m not too sure if they are still doing them there (please let us know in the comments below if they are still running them in Washington State!).

ToorCon do things somewhat differently. They organize camps and even world tours! ToorCon immediately differentiated itself by holding events in awesome venues; for example, ToorCamp in 2009 was held in an Eastern Washington abandoned missile silo, and their WorldToor 2013 was held in Antarctica on a cruise ship. Toorcamp is modeled after European hacker camps.

Reasons To Get Yourself To ToorCon:

1. If you like it intimate then this is the one to go to…
ToorCon has a reputation as being well ‘thought-out’ by bringing 400 people (maximum) annually with hands-on talks and demonstrations. They bring speakers and personalities together such as Joe Grand (whom we had on Hacker Hotshots) and Darren Kitchen from Hak5.

2. ToorCon is a great place to start your career in cybersecurity
We’d recommend the ToorCamp as an ideal stomping ground to get to know others in the community. Having ToorCamp on your CV will generate some buzz and a ‘one of us’ fuzzy feeling if you meet the right interviewer.

Official Site:
ToorCon Website

Related Media:
ToorCamp 2012 Video [YouTube 6 mins long]

Next Event:
Date: October 21 – 25, 2015
Conference Title: ToorCon
Where: San Diego, CA, United States
Link To Event

Upcoming OWASP Dates

blog.post.top.ten.conference-owasp

OWASP Overview:

The Open Web Application Security Project (simply abbreviated to OWASP) is a not-for-profit charitable organization that was created to improve the security of software. Their mission is to: “make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks”.

There is one main OWASP Conference (AppSec USA 2015) which takes place in San Francisco, USA, and a bunch of other OWASP events that include:

There are also a bunch of other partner OWASP events and cyber conferences, all which can be discovered here.

Reasons To Get Yourself To an OWASP event:

1. If you work in App Security (developer, programmer etc) then OWASP Events are a must
OWASP speakers and presentations are completely pertinent to the Web Application Security space. Clearly writing secure code is a huge part of security apps preventing data theft and improving overall security. Secure coding (and adhering to better practices) are vital skills that you can learn from OWASP events, that will, ultimately, help you progress with your career.

2. Massive networking opportunity
OWASP is a massive organization. Sure, it is a charity (non-profit) but that doesn’t mean that you can’t use the organization to advance your own personal career. Anyone who is anyone within the secure software world has an association with OWASP. At the very least mentioning your involvement with OWASP on your CV will add credibility when it comes to advancing your cyber career.

Official Site:
OWASP Website

Related Media:
Legendary OWASP Top Ten List of most common vulnerabilities
Watch our interview/ presentation with Michael Coates, Twitter TISO/ OWASP Board Member

Next Event:

* The AppSecUSA is the main OWASP event.

Next Event:
Date: September 22 – 23, 2015
Conference Title: OWASP AppSecUSA
Where: San Francisco, United States
Link To Event

For all other OWASP events please follow this link.

Upcoming RSA Dates

blog.post.top.ten.conference-rsa

RSA Overview:

No list for the ‘Top Ten Must-Go Cybersecurity Conferences’ would be complete without a mention, or better yet, an inclusion of RSA. RSA (named after Rivest, Shamir, and Adelman, the public-key encryption technology inventors) is the ‘must-go’ cybersecurity vendor-rich conference. Period. Whilst certain elements of the hardcore cyber culture might abhor at the thought of going to RSA, (not least the antisec crew) it is without doubt where deals and cyber business is made.

The RSA Conference started life as a cryptography event but has since evolved into an a wider information security-related cyber event. RSA is vendor-independent and managed by RSA, the Security Division of EMC, and is well supported by some of the heavyweights in cybersecurity.

Over the last few years this conference has operated under two entities: the conference, which typically have some of the biggest names in the cyber world, and a vendor exhibition. The conference itself consists of various learning tracks.

Reasons To Get Yourself To an RSA Event:

1. Boost your Cybersecurity Career!
RSA is a cybersecurity career enhancer. Literally every major vendor you can think of will be there and if you have a deal to make or a job to source then this is likely the best cybersecurity conference for you to attend.

2. Learn the ropes.
If you are new to cybersecurity then getting your bearings at a large event like RSA and making it work to your advantage will be a huge bonus.

Official Site:
RSA Conference Website

Related Media:
Legendary OWASP Top Ten List of most common vulnerabilities
Watch our interview/ presentation with Michael Coates, Twitter TISO/ OWASP Board Member

Next Event:
Date: July 22 – 24, 2015
Conference Title: RSA Conference Singapore
Where: Marina Bay Sands, Singapore
Link To Event

Date: November 4 – 5, 2015
Conference Title: RSA Conference Abu Dhabi
Where: Emirates Palace, Abu Dhabi, UAE
Link To Event

Date: February 29 – March 4, 2016
Conference Title: RSA Conference USA
Where: Moscone Center, San Francisco, United States
Link To Event

Upcoming THOTCON Dates

blog.post.top.ten.conference-thotcon

THOTCON Overview:

Perhaps this event might not be so well know but we like it enough to include it in our list. Based in Chicago, US, this is another one of those classic hacker (cyber culture) events that we think are awesome. THOTCON is a non-profit and interestingly, non-commercial event that looks to provide the best possible conference experience for those amongst us that are on a budget, and for that reason, we included this event.

Reasons To Get Yourself To a THOTCON Event:

1. It’s very affordable!
Because it is so affordable tickets sell out real quick. Here’s an indication of what you can expect to pay for THOTCON next year in 2016: student prices $56.00, and early bird: $106.00!

1. Awesome talks
If you are a security nerd you’ll love the quality and depth of the speakers they have had in the past and will likely continue to have in the future. If you live around the Chicago area then this is clearly a ‘must-go-to’ event if you work in cybersecurity.

Official Site:
THOTCON Conference Website

Related Media:
Here’s THOTCON’s entire archive: enjoy!

Next Events:

Date: May 14 – 15, 2015
Conference Title: THOTCON 0x6
Where: Chicago, United States
Link To Event

Date: May 5 – 6, 2016
Conference Title: THOTCON 0x7
Where: Chicago, United States
Link To Event

Upcoming BlackHat Dates

blog.post.top.ten.conference-blackhat

Black Hat Overview:

Think of Black Hat as the commercial wing of DEF CON. Started (and then sold) by the same founder (Dark Tangent, aka Jeff Moss) Black Hat has global appeal and it functions throughout the world (Middle East, Asia, Europe and the US). Think of the Black Hat attendees as being more corporate and the DEF CON crowd as being more ‘street’ and stereotypically ‘hackerish’. Here’s a nice comparison between DEF CON and Black Hat that I read that I thought sums it up neatly: at DEF CON you can only pay cash, whilst at Black Hat you can pay with the company and personal credit cards. Why? Because the type of people that go to DEF CON simply don’t want to be identified!

This information security conference has two main tracks: Black Hat Briefings, and Black Hat Trainings. Cybersecurity Training is a pretty dominant factor in all cybercons but at Black Hat (which is the world’s largest IT Security Conference organization in terms of global reach) places particular emphasis on the training. Organizations offering training include Cisco and Offensive Security, the same folk behind Kali Linux.

Reasons To Get Yourself To a Black Hat Event:

1. It’s a must if you want to be taken seriously
Black Hat (and DEF CON as well if truth be told) are ‘rights-of-passage’ for most cybersecurity professionals. Attending one conference is a must for kudos, credibility and all round satisfaction in reminding yourself that you work in the coolest industry.

2. If you hear it first, then you heard it at Black Hat
Black Hat is touted as being the premier place to hear ‘breaking news’ for anything Cyber Related, especially with regards to vulnerabilities that are a ‘big deal’. Speakers are contracted to not talk about their research or present again for a few months after the event (don’t quote us on that, we just heard that here at our Concise Courses HQ.) Anyways – Black Hat is an awesome gig and you ought to get yourself down there, not least because they are global and annual, so you don’t really have an excuse not to ever go.

Official Site:
Black Hat Conference Website

Related Media:
A Bunch of YouTube Video’s from BlackHat’s Official Channel

Next Events:

Date: August 1 – 4, 2016
Conference Title: Black Hat | USA
Where: Mandalay Bay, Las Vegas, United States

Date: November 10 – 13, 2016
Conference Title: Black Hat | Europe
Where: Amsterdam RAI, The Netherlands

Date: December 8 – 10, 2016
Conference Title: Black Hat | USA
Where: Omni Montelucia Resort, AZ, United States

Date: March 29 – April 1, 2016
Conference Title: Black Hat Asia 2016
Where: Marina Bay Sands, Singapore

Date: July 30 – August 4, 2016
Conference Title: Black Hat USA 2016
Where: Las Vegas, United States
Link To Event

Upcoming TROOPERS Dates

blog.post.top.ten.conference-trooper

TROOPERS Overview:

Our understanding of TROOPERS (a German based information security conference) is that it has a solid reputation as being one of Europe’s more discerning hacker conferences. They always attract some of the world’s brightest cyber minds and they seem to have an awesome and carefree spirit. In their own words: “We are TROOPERS. There’s no need for another credo. It’s a slogan of unity. By definition you are a TROOPER if you stand up against the everyday challenges of IT security” Sounds good enough to us!

TROOPERS started in 2007 under the direction that they wouldn’t allow the ‘usual product/ vendor presentations and marketing’, instead they just seek more of a pure cybersecurity agenda. Nice!

Reasons To Get Yourself To a TROOPERS Event:

1. Network with mega cyber professionals
You can mingle with some of the heavy hitters in the European Cybersecurity space. Influential CISOs, IT auditors, cybersecurity sysadmins, security consultants etc from some of the biggest and baddest tech companies will rock up.

2. Heidelberg is beautiful.
Although I’ve never personally been to TROOPERS, I have in fact been to Heidelberg (where the event takes place) and I can happily say that it is absolutely beautiful. Heidelberg is in Bavaria which in my opinion (having lived in Europe for a long time) is one of the most amazing parts of Europe.

Official Site:
Black Hat Conference Website

Related Media:
Here’s the entire TROOPERS Archive

Next Events:

Date: March 16 – 20, 2015
Conference Title: TROOPERS15
Where: Heidelberg, Germany
Link To Event

Date: March 14 – 18, 2016
Conference Title: TROOPERS16
Where: Heidelberg, Germany
Link To Event

Search Our Main Directory for Nuit Du Hack Dates

blog.post.top.ten.conference-hack-nuit

Nuit du Hack Overview:

We like this event because it just seems to have an edge about it. This cyber conference, which has been taking place in Paris since 2003, was influenced by a hacking collective called Hackerz Voice. This group were inspired by DEF CON (in much the same way that the other conferences in this list have mostly been).

Reasons To Get Yourself To a Nuit du Hack Event:

1. It’s a very practical event so if you are a ‘hacker’ in the real sense of the term, you’ll love it
Nuit du Hack is one of France’s oldest underground hackers’ events, bringing security professionals and amateurs of any levels to test their skills in one place. There are a bunch of resources at the event, in fact there really is something for everyone, they even have a kids section! They also have a very active CTF division.

2. They’ve got a hacker job board!
We love this. The folks behind Nuit du Hack have fired up a jobs portal for attendees. It’s a great idea.

Official Site:
Nuit du Hack Conference Website

Related Media:
Here’s their official YouTube channel with a bunch of videos from previous talks

Next Events:

Date: June 20 – 21, 2015
Conference Title: Nuit du Hack 2015
Where: Paris, France
Link To Event

Upcoming BSides Dates

blog.post.top.ten.conference-b-sides

Security B-Sides Overview:

OK, B-Sides is our ‘swerve ball’ in our “Top Ten Must Go Cybersecurity Conferences” list. The reason for that is because it is not really a conference but rather a global movement of security meetings. Each B-Sides Event is a community-driven philosophy whereby volunteers all get together and discuss tech and security issues.

B-Sides do truly strive to keep cyber security information, knowledge, and know-how, free. There are literally hundreds of events happening at a local level around the world and we’d highly recommend that you get involved.

Reasons To Get Yourself To a B-Sides Event:

1. They are FREE!
Difficult to beat this reason! Unlike some of the conferences listed above that can be very expensive, B-Sides is, and looks like they always will be, free!

2. They are everywhere
If you live in a big city we’d be surprised if you were not able to find a B-Sides event happening near you.

3. They are a cheap and cheerful way to network and learn
If you are interested in making a career in cybersecurity then you must become a member of B-Sides and get involved. Not only will you learn a ton but you will also network with a whole bunch of other like-minded professionals.

Official Site:
Nuit du Hack Conference Website

Related Media:
Here’s their official YouTube channel with a bunch of videos from previous talks

Next Events (there are hundreds!)

Conference Titles: Global B-Sides Events!
Where: Global!
Link To All Events

Chaos Communication Congress Overview:

Yes. We know. This was a ‘top ten’ list of the ‘must-go’ information security conferences – and due to messages from our community we’ve added Chaos Communication Congress, which is organized by the Computer Chaos Club, so, congratulations to CCC, you have broken our list and you’ve been given an honorary number 11th spot.

This event, which happens every year, features a mix of lectures and workshops on technical and hacker issues. Interestingly, CCC (as it is very often abbreviated to within the media) focuses on political issues (for example within hacktivism) as well.

This cyber event started way back in 1984 in Hamburg (older than DEF CON then!) and moved to Berlin in 1998, and then back again to Hamburg in 2012.

The event attracts over 10,000 which is extremely impressive.

Reasons To Get Yourself To a Chaos Communication Congress Event:

1. Be part of the ‘real’ Cyber Community in Europe
We’ve always know about CCC but we didn’t add the event since we tried to mix the events (within a balance of vendor-related gigs and pure ‘hacker events’) but judging by the feedback we got from our community not having included CCC led us to believe that we’d made an error not adding CCC! Anyways, don’t just take our word for it, CCC is a seriously interesting hacking collective. They have been involved in all sorts of escapades and as a result the type of person they attract to their events will very likely reflect the spirit of their mission.

2. CCC is the largest (real) hacker event in Europe
Our reasearch shows that CCC is Europe’s largest association of hackers. A better networking event perhaps doesn’t exist! (When we say ‘networking’ we are also referring to the social sense of that word, i.e. CCC, with so many European hackers is a superb place to meet like-minded folk).

Official Site:
CCC Camp Website

Related Media:
Here’s their official Video Stream for 2014. Change the URL string to see the videos for 2015 when they are published.

Next Event
Conference (Event) Title: Chaos Communication Camp
Where: Ziegeleipark Mildenberg, Zehdenick, Germany


 

In Summary
Thank you for bearing with us and well done for getting to the end of this post! What do you think about our list? Do you think we ought to include another event or remove one or two? Let us know your thoughts below!

Don’t forget to check out regularly updated information security conference list for 2015 and 2016.