Conference season kicks off much earlier in 2023 (say goodbye pandemic!), and we're looking forward to a full year of great events. Below is a list of the very best cybersecurity conferences (many of which we are attending or sponsoring).
ShmooCon
Washington, DC
January 20 - 22, 2023
Shmoocon, the annual east coast hacker convention focuses on creating an interesting atmosphere for exactly 1,425 attendees, demonstrating technology exploitation and open discussions of critical infosec issues. Day 1 is a single track of speed talks called One Track Mind, and the next two days are split across three tracks: Build It, Belay It, and Bring It On. There’s truly something for everyone here, set in an open and friendly environment.
If you don’t already have a ticket for the 2023 conference, set an alarm for December 17th at 11:59am EST for the final round of tickets. On average each round of tickets sells out in about 9 seconds, including their waitlist!
CactusCon 11
Mesa, AZ + Virtual
January 27 - 28, 2023
CactusCon is an annual gathering of 1500 cybersecurity professionals committed to providing in-depth education on numerous areas of security. This is an outstanding regional conference for folks in the Southwest. There are no fluffy talks here, just authentic networking, fun CTF’s, and hands-on workshops and villages.
One highlight is the CactusCon Greenhouse, where people who are looking to break into pentesting are able to play in a sandbox environment. The Greenhouse is a series of four tables, each one with an exercise in a pentesting fundamental; enumeration using nmap, web applications using BurpSuite, exploitation with Metasploit, and password cracking with john the ripper and hashcat. Each table is designed to take about 30 minutes to complete and by the end of the four tables you will have a broad view of the skills needed to become a pentester.
SANS Cyber Threat Intelligence Summit
Arlington, VA + Virtual
January 30 - 31, 2023
SANS holds multiple summits year-round, which are typically free for virtual attendees. For 2023, they have added an in-person conference in Arlington, VA (not free, but relatively inexpensive) which will include sessions about “Deconstructing the Analyst Mindset” and “Unmasking the Iranian APT COBALT MIRAGE” among 25+ sessions across two tracks.
If you work in the threat intelligence space, this is a must-attend conference.
CloudNativeSecurityCon
Seattle, WA
February 1 - 2, 2023
CloudNativeSecurityCon is a two-day event designed to foster collaboration, discussion and knowledge sharing of cloud native security projects and how to best use these to address security challenges and opportunities. The goal is not just to propose solutions that incrementally improve what has come before, but to give room to breakthrough technology and advances in modern security approaches. Attendees of CloudNativeSecurityCon have an opportunity to learn from their peers and dive deep into topics that include: architecture and policy, secure software development, supply chain security, identity and access, forensics, and more.
Nullcon
Berlin, Germany
March 6 - 10, 2023
As a conference that began in 2010 in Goa, India, Nullcon is now in its 13th year as an India-based, global non-profit that is dedicated to offering a unique platform for security research and technology. They launched their first German conference in 2022 and are back for the second time in Berlin with innovative talks by security researchers, an open source arsenal, workshops, CTF’s, and a dedicated networking platform.
New2Cyber Summit 2023
Baltimore, MD + Virtual
March 14, 2023
Are you trying to enter the cybersecurity workforce?If so, this free virtual event could be one of the single most important events of the year. SANS events are well-staffed with some of the best advocates and mentors, plus highly-relevant agendas of content. Although SANS doesn’t have the landing page up for this event, this blog recapping the 2022 event gives a great summary of what to expect: https://www.sans.org/blog/visual-summary-sans-new2cyber-summit-2022/
Summit attendees also receive access to the SANS New2Cyber Summit Slack workspace, where you can interact with and ask questions of speakers and fellow attendees during the event, and it is a great space to network with your peers.
WICYS Conference
Denver, CO
March 16 - 18, 2023
Another great conference for those who are hoping to advance their career in cybersecurity, or for those who are just getting started, is WICYS. The 10th Annual WICYS Conference is the flagship conference for women in cybersecurity, and is the largest cybersecurity conference with equal representation of professionals and students.
The goal of WICYS is to help organizations recruit, retain and advance women in cybersecurity — all while creating a community of engagement, encouragement and support at a technical conference. For those looking for the more technical aspects, there are CTFs, birds of a feather talks, lightning talks, and keynotes spread across the three day conference.
FS-ISAC 2023 Americas Spring Summit
Denver, CO
March 19 - 22, 2023
For those in FinTech, the FS-ISAC summits are marquee events for the industry. The Financial Services Information Sharing and Analysis Center (FS-ISAC) is the only global cyber intelligence sharing community solely focused on financial services. The organization leverages its intelligence platform, resiliency resources, and a trusted peer-to-peer network of experts to anticipate, mitigate, and respond to cyber threats.
The 2023 Americas Summit will have sessions focused on securing the software supply chain, protecting digital assets (and learning how to secure Web 3.0), and combating cyber fraud. In an industry that is one of the primary targets of cyber attacks, staying on the cutting edge is increasingly important.
CypherCon
Milwaukee, WI
March 30 - 31, 2023
CypherCon has flown slightly under the radar for the last few years, but in its 6th year, is now one of the largest hacker conferences in the midwest. The conference gathers 1100+ hacker and infosec practitioners for an open discussion about strong cryptography, privacy, and strives for the improvement of cybersecurity education for the general public. 2023’s theme is ‘underground singularity’,focusing on AI and paradigm shifts in our industry.
RSA Conference
San Francisco, CA
April 24 - 27, 2023
RSA Conference (or RSAC for the pros) is one of the largest infosec conferences of the entire year. The conference has historically drawn 60,000 attendees to the Moscone Center in downtown San Francisco, though in the post-covid era, that number is closer to about 30,000 attendees.
There are an impressive number of content tracks and sessions to choose from, plus a massively diverse peer group - you’ll see cryptographers, hackers, and professionals from around the world. Given the sometimes overwhelming amount of activities to choose from, we advise new attendees to RSAC to make the most of their time by attending one of the conference’s many virtual orientation sessions.
THOTCON
Chicago, IL
May 19 - 20, 2023
THOTCON is a hacking conference based in Chicago IL, USA. Once you attend a THOTCON event, you will have experienced one of the best information security conferences in the world combined with a uniquely casual and social experience. The conference will be held at a location only to be disclosed to attendees and speakers during the week before the event
While general admission and VIP tickets have already sold out for 2023, there are still a limited number of tickets available for students.
44th IEEE Symposium on Security and Privacy
San Francisco, CA
May 22 - 25, 2023
Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. This conference draws speakers from around the world, presenting some of the most interesting and newest research on security and privacy. While the talks shouldn’t be missed, we also recommend checking out their workshops, including DLSP: Deep Learning Security and Privacy and WOOT: Workshop on Offensive Technologies.
Gartner Security & Risk Management Summit
National Harbor, MD
June 5 - 7, 2023
Gartner Symposiums are decidedly much more “corporate” than your average hacker conference with most trading their subversive t-shirts for business attire. The focus here is on “CxOs,” or a blend of CISOs, CIOs, and other security and risk executives, as well the cybersecurity analysts who research and define incoming trends in the industry.
At the 2022 summit, the top sessions included: “Accelerating the Evolution of Cybersecurity”, “The Future of Cybersecurity Mesh”, and an “Outlook for Data Security”. The 2023 event will bring even more insights from subject matter experts on our rapidly evolving industry.
Fwd:cloudsec
Anaheim, CA
June 12, 2023
Much like ShmooCon, tickets for fwd:cloudsec sell out within minutes of being released. Fwd:cloudsec has typically been paired with AWS re:Inforce, taking place the day prior to re:Inforce. The focus of the conference is on quality research and peer to peer sharing of best practices. The 2022 event was limited to only a few hundred attendees, but the sessions are available to watch on-demand for free if you weren’t able to snag a spot.
AWS re:Inforce
Anaheim, CA
June 13 - 14, 2023
AWS re:Inforce is slated to be one of the year’s top events for cloud-native security professionals — including both cloud specialists and security teams. If you liked the recent AWS re:Invent conference, there’s a strong chance you’ll love re:Inforce. At re:Inforce, AWS leaders, builders, and experts cover the latest advancements in AWS security, compliance, identity, and privacy solutions.
Splunk Conf
Las Vegas, NV + Virtual
July 17 - 20, 2023
Not your typical cybersecurity conference, but if you are a Splunk user and are in the cybersecurity field, this is a must-attend event. At Splunk Conf, you are able to learn from Splunk experts, your peers and Splunk partners about how they’re addressing real-world security challenges. You are able to get hands-on with Splunk security products and learn best practices to strengthen your security posture and enhance your skills. Plus, everyone knows Splunk has the most coveted t-shirts ;)
Black Hat USA
Las Vegas + Virtual
August 5 - 10, 2023
Black Hat has been a major infosec conference for 25 years and a key part of the annual “hacker summer camp,” a back-to-back series of infosec conferences that take place at the height of summer in Las Vegas. Much like RSAC, this conference is known for its high-value content, as well as some truly memorable after-parties. Black Hat is well known for their training programs, but also be sure to check out their Innovation City where you can find early stage startups doing incredibly innovative work.
USENIX Security Symposium
Anaheim, CA
August 9 - 11, 2023
Gathering for the 32nd year, the USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security and privacy of computer systems and networks. SOme interesting sessions for the 2023 conference include “Egg Hunt in Tesla Infotainment: A First Look at Reverse Engineering of Qt Binaries” and “DISTDET: A Cost-Effective Distributed Cyber Threat Detection System”.
DEFCON 31
Las Vegas, NV
August 10 - 13, 2023
DEFCON is among the most iconic hacker conferences in the world. The event is fiercely non-commercial and renowned for its intense dedication to presenting premium security content, ranging from hands-on exploit demos to interactive tabletops, and workshops on cloud threat hunting.There are also a number of highly competitive CTF’s and villages for gathering of subject matter experts. The theme for DEFCON 31 is ‘the future will prevail’ because the hacking community has always played a major role in bringing about change in cybersecurity and that will only continue as the industry continues to rapidly evolve. DEFCON 31 is the perfect ending to 2023’s “hacker summer camp”.
GSX
Dallas, TX + Virtual
September 11 - 13, 2023
Security demands staying a step ahead. Attending Global Security Exchange (GSX) yearly ensures you never fall behind. Be there—on-site or online—when the worldwide security industry reconvenes next September to stay informed, connected, and prepared for what’s next.
Brought to you by ASIS International—the world’s largest membership organization for security management professionals—involvement in GSX directly supports the funding of scholarships for security professionals and the administration of essential industry certifications, standards, and guidelines.
National Cyber Summit
Huntsville, AL
September 20 - 21, 2023
National Cyber Summit (NCS) offers two full days of educational training from experienced industry practitioners. For 2023, NCS will have over 60 expert speakers spread across seven specialty tracks (Executive, Practitioner/Technical, Compliance/Law, and Academic Research). NCS offers more value than similar cyber conferences with diverse focus-areas, premier speakers, and unmatched accessibility.
Held in Huntsville, Alabama, the NCS attracts both government and commercial participants. Home to Department of Defense organizations and civilian departments and agencies including DHS, NIST, NASA, TVA, NSA and DOE. For practitioners within the DoD sphere, NCS is a top tier event.
BruCON 2022
Mechelen, Belgium + Virtual
September 28 - 29, 2023
BruCON is an annual security and hacker conference over two days, covering critical infosec issues, privacy, information technology and its cultural and technical implications on society. BruCON is a conference produced by and for the security and hacker community in Belgium and throughout the EU. Highlights include their hands-on trainings focused on topics such as Corelan Advanced, Azure Cloud for Red and Blue Teams, and Hands-On Threat Modeling.
GrrCON
Grand Rapids, MI
September 28 - 29, 2023
Hacker conferences should be fun, inclusive, and quirky, which is precisely what to expect from GrrCON. GrrCON is an information security and hacking conference set in Grand Rapids with a fun atmosphere to draw together like minded people in infosec.
GrrCON is intentionally capped at 2,000 attendees to allow for true collaboration and networking. Whether you are a Fortune 500 executive, security researcher, industry professional, student, or a hacker of “flexible” morals you will find something for you at GrrCON.
Texas Cyber Summit
Austin, TX + Virtual
September 28 - 30, 2023
Texas Cyber Summit is a multi-track multi-day deeply technical cybersecurity event held annually in Texas. The conference features tracks focused on teaching responsibilities and ethics in fields such as digital forensics, Red Team tools, Blue Team art of defense, critical infrastructure, and much more.
Given its location in the Texas capital, it's the ideal venue for networking with cybersecurity professionals from oil & gas, wind, solar and energy generation, bio-science and -research, aerospace, and the DoD.
BSides NoVA
Northern Virginia
TBD - Fall 2023
BSides NOVA is one of BSides’ most popular events and given the proximity to Washington, DC, it is very popular with security professionals who work for defense contractors. The cover a number of different topics across three tracks and offer a variety of hands-on workshops for practitioners looking to uplevel their skill set.