‘Must Go To’ Cybersecurity Conferences (for Hackers)

As some of you know, we manage the web’s #1 Cybersecurity Conference List for 2015. If you want to check out our huge and continuously added conference list for 2015 hit this link or to download all events you can do so here [PDF]. (If you are an event organizer don’t forget to add your event for 2015 here, or here for all Cybersecurity Conferences that are scheduled for 2016. We add all events just so long as they are cybersecurity related.

With our experience and having been engrossed within the security conference world for several years now, we thought it was high-time to compile our “Top Ten Must Go To Hacking Conferences!”

DEF CON Overview:

Started by the legend that is Dark Tangent (Jeff Moss) DEF CON (two words) is, really, the world’s best known ‘hacker convention’. DEF CON is held every year in Las Vegas, Nevada, USA and the first DEF CON took place in June 1993 so it’s also one of the oldest (and therefore original) cyber security meetings.

Of interest, DEF CON, is a play on the military ‘readiness condition’ which is abbreviated to ‘DEFCON’ (Defense Condition). The cybersecurity grade within the military DEFCON (note how the military only use one word) is actually referred to as Information Operations Condition (INFOCON), which is soon to be replaced by Cyber Operations Condition (CYBERCON).

‘DEF CON’ as a title for the event also plays nicely with the “Con” in “Conference”. Furthermore, a lot of the early members of the DEF CON group were phone phreakers and they liked that ‘DEF’ also represents ‘3’ on the North American Classic Key Pad.

Reasons To Get Yourself To DEF CON:

1. It’s a kick-ass event with awesome personalities.
Sure, over time it might have become slightly more corporate(ish) and journalists and FEDS are all over it, but it still attracts some of the world’s best cyber security researchers and hackers with interests in software, computer architecture, hardware modification, and anything else that can be “cracked or hacked.” Folk that attend DEF CON are by their nature very friendly, approachable and a lot of fun to be around.

2. If you are a ‘hacker’ (in the curious-minded way) then DEF CON will not disappoint.
There’s a ton of things you can do. There are several learning tracks that are always populated with excellent speakers, and for the hacking-related stuff there are, for example, Wi-Fi Cracking stations, lock picking, drone-related hacking and Capture the Flag contests.

3. It’s extremely social.
There are live music shows at night (and our favorite SOMA FM played there a few DEF CON’s ago). For making friends, hanging out whilst learning security stuff (and how to break it) then this is the conference for you. Oh, and if you like shooting guns in the desert then that’s another reason to go, if you are not sure what I’m referring to watch the video in the link below, it’s pretty damn cool.

4. It’s basically the capital for cyber-culture
That’s right. If you are at all into cyber culture and everything that goes with it, then clearly this is a conference for you.

Official Site:
DEF CON Website

Related Media:
DEF CON – The Full Documentary [1 Hour 50 Minutes Long]
Other Hacking Documentaries

Date: August 4 – 7, 2016
Conference Title: DEF CON 24
Where: Paris/ Bally’s, Las Vegas, United States [TBC]

Date: July 27 – 30, 2017
Conference Title: DEF CON 25
Where: Paris/ Bally’s, Las Vegas, United States [TBC]

ShmooCon Overview:

ShmooCon is an extremely popular ‘puritan’ hacker conference. Founded in the late 1990’s by the Shmoo Group this is a ‘must attend’ if you are interested in meeting some of the brightest minds in the cybersecurity space. For those that don’t know, the Shmoo Group are behind projects such as Linux Apache (yes the rather popular HTTP server!), PGP, OpenSSL and Snort! This event sells out every year and for a good resource: a lot of (serious) IT Security folk wanna go.

Reasons To Get Yourself To ShmooCon:

1. It’s rammed full of amazing hacking content
This year’s event had 40 different talks and presentations on a variety of IT Security subjects spanning  cryptography, computer security through to specific ShellCode, as well as there being unique schmoocon events such as Shmooganography.

2. It’s affordable!
Ticket prices are just $150 per person which is much cheaper when compared to other events. DEF CON is around $250 for example. Also, the organizers restrict the capacity of the event making the event feel a lot more manageable and not overwhelming.

3. Carefully selected speakers and talks
What makes SchmooCo so popular is the quality of talks. A lot of emphasis is placed on sourcing speakers and subjects that have not been presented at other conferences.

Official Site:
ShmooCon Website

Related Media:
SchmooCon Presentations – A lot of previous presentations are located here


ToorCon Overview:

ToorCon (a play on the word ‘Root’ in the computing sense) is another West Coast US event, which is considered as being pretty left-field. Having started in 1999 (in San Diego, CA) this hacker conference is named after the San Diego 2600 user group. ToorCon also organizes events in Seattle however I’m not too sure if they are still doing them there (please let us know in the comments below if they are still running them in Washington State!).

ToorCon do things somewhat differently. They organize camps and even world tours! ToorCon immediately differentiated itself by holding events in awesome venues; for example, ToorCamp in 2009 was held in an Eastern Washington abandoned missile silo, and their WorldToor 2013 was held in Antarctica on a cruise ship. Toorcamp is modeled after European hacker camps.

Reasons To Get Yourself To ToorCon:

1. If you like it intimate then this is the one to go to…
ToorCon has a reputation as being well ‘thought-out’ by bringing 400 people (maximum) annually with hands-on talks and demonstrations. They bring speakers and personalities together such as Joe Grand (whom we had on Hacker Hotshots) and Darren Kitchen from Hak5.

2. ToorCon is a great place to start your career in cybersecurity
We’d recommend the ToorCamp as an ideal stomping ground to get to know others in the community. Having ToorCamp on your CV will generate some buzz and a ‘one of us’ fuzzy feeling if you meet the right interviewer.

Official Site:
ToorCon Website

Related Media:
ToorCamp 2012 Video [YouTube 6 mins long]

OWASP Overview:

The Open Web Application Security Project (simply abbreviated to OWASP) is a not-for-profit charitable organization that was created to improve the security of software. Their mission is to: “make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks”.

There is one main OWASP Conference (AppSec USA 2015) which takes place in San Francisco, USA, and a bunch of other OWASP events that include:

  • OWASP Dublin Training Security Boot Camp – Dublin, Ireland
  • OWASP EEE, Austria, Armenia, Poland, Romania, Hungary, Lithuania, Russia
  • AppSec IL, Israel
  • New York Metro Joint Cyber-Security Conference 2015, New York, NY
  • LASCON 2015, Austin, TX
  • AppSec Rio de la Plata 2015, Montevideo, Uruguay
  • AppSec Cali 2016, Santa Barbara, CA

There are also a bunch of other partner OWASP events and cyber conferences, all which can be discovered here.

Reasons To Get Yourself To an OWASP event:

1. If you work in App Security (developer, programmer etc) then OWASP Events are a must
OWASP speakers and presentations are completely pertinent to the Web Application Security space. Clearly writing secure code is a huge part of security apps preventing data theft and improving overall security. Secure coding (and adhering to better practices) are vital skills that you can learn from OWASP events, that will, ultimately, help you progress with your career.

2. Massive networking opportunity
OWASP is a massive organization. Sure, it is a charity (non-profit) but that doesn’t mean that you can’t use the organization to advance your own personal career. Anyone who is anyone within the secure software world has an association with OWASP. At the very least mentioning your involvement with OWASP on your CV will add credibility when it comes to advancing your cyber career.

Official Site:
OWASP Website

Related Media:
Legendary OWASP Top Ten List of most common vulnerabilities
Watch our interview/ presentation with Michael Coates, Twitter TISO/ OWASP Board Member

Next Event:

* The AppSecUSA is the main OWASP event.

For all other OWASP events please follow this link.

RSA Overview:

No list for the ‘Top Ten Must-Go Cybersecurity Conferences’ would be complete without a mention, or better yet, an inclusion of RSA. RSA (named after Rivest, Shamir, and Adelman, the public-key encryption technology inventors) is the ‘must-go’ cybersecurity vendor-rich conference. Period. Whilst certain elements of the hardcore cyber culture might abhor at the thought of going to RSA, (not least the antisec crew) it is without doubt where deals and cyber business is made.

The RSA Conference started life as a cryptography event but has since evolved into an a wider information security-related cyber event. RSA is vendor-independent and managed by RSA, the Security Division of EMC, and is well supported by some of the heavyweights in cybersecurity.

Over the last few years this conference has operated under two entities: the conference, which typically have some of the biggest names in the cyber world, and a vendor exhibition. The conference itself consists of various learning tracks.

Reasons To Get Yourself To an RSA Event:

1. Boost your Cybersecurity Career!
RSA is a cybersecurity career enhancer. Literally every major vendor you can think of will be there and if you have a deal to make or a job to source then this is likely the best cybersecurity conference for you to attend.

2. Learn the ropes.
If you are new to cybersecurity then getting your bearings at a large event like RSA and making it work to your advantage will be a huge bonus.

Official Site:
RSA Conference Website

Related Media:
Legendary OWASP Top Ten List of most common vulnerabilities
Watch our interview/ presentation with Michael Coates, Twitter TISO/ OWASP Board Member


THOTCON Overview:

Perhaps this event might not be so well know but we like it enough to include it in our list. Based in Chicago, US, this is another one of those classic hacker (cyber culture) events that we think are awesome. THOTCON is a non-profit and interestingly, non-commercial event that looks to provide the best possible conference experience for those amongst us that are on a budget, and for that reason, we included this event.

Reasons To Get Yourself To a THOTCON Event:

1. It’s very affordable!
Because it is so affordable tickets sell out real quick. Here’s an indication of what you can expect to pay for THOTCON next year in 2016: student prices $56.00, and early bird: $106.00!

1. Awesome talks
If you are a security nerd you’ll love the quality and depth of the speakers they have had in the past and will likely continue to have in the future. If you live around the Chicago area then this is clearly a ‘must-go-to’ event if you work in cybersecurity.

Official Site:
THOTCON Conference Website

Related Media:
Here’s THOTCON’s entire archive: enjoy!

Next Events:

Date: May 5 – 6, 2016
Conference Title: THOTCON 0x7
Where: Chicago, United States
Link To Event

Black Hat Overview:

Think of Black Hat as the commercial wing of DEF CON. Started (and then sold) by the same founder (Dark Tangent, aka Jeff Moss) Black Hat has global appeal and it functions throughout the world (Middle East, Asia, Europe and the US). Think of the Black Hat attendees as being more corporate and the DEF CON crowd as being more ‘street’ and stereotypically ‘hackerish’. Here’s a nice comparison between DEF CON and Black Hat that I read that I thought sums it up neatly: at DEF CON you can only pay cash, whilst at Black Hat you can pay with the company and personal credit cards. Why? Because the type of people that go to DEF CON simply don’t want to be identified!

This information security conference has two main tracks: Black Hat Briefings, and Black Hat Trainings. Cybersecurity Training is a pretty dominant factor in all cybercons but at Black Hat (which is the world’s largest IT Security Conference organization in terms of global reach) places particular emphasis on the training. Organizations offering training include Cisco and Offensive Security, the same folk behind Kali Linux.

Reasons To Get Yourself To a Black Hat Event:

1. It’s a must if you want to be taken seriously
Black Hat (and DEF CON as well if truth be told) are ‘rights-of-passage’ for most cybersecurity professionals. Attending one conference is a must for kudos, credibility and all round satisfaction in reminding yourself that you work in the coolest industry.

2. If you hear it first, then you heard it at Black Hat
Black Hat is touted as being the premier place to hear ‘breaking news’ for anything Cyber Related, especially with regards to vulnerabilities that are a ‘big deal’. Speakers are contracted to not talk about their research or present again for a few months after the event (don’t quote us on that, we just heard that here at our Concise Courses HQ.) Anyways – Black Hat is an awesome gig and you ought to get yourself down there, not least because they are global and annual, so you don’t really have an excuse not to ever go.

Official Site:
Black Hat Conference Website

Related Media:
A Bunch of YouTube Video’s from BlackHat’s Official Channel

Next Events:

Date: August 1 – 4, 2016
Conference Title: Black Hat | USA
Where: Mandalay Bay, Las Vegas, United States

Date: November 10 – 13, 2016
Conference Title: Black Hat | Europe
Where: Amsterdam RAI, The Netherlands

Date: December 8 – 10, 2016
Conference Title: Black Hat | USA
Where: Omni Montelucia Resort, AZ, United States

Date: March 29 – April 1, 2016
Conference Title: Black Hat Asia 2016
Where: Marina Bay Sands, Singapore

Date: July 30 – August 4, 2016
Conference Title: Black Hat USA 2016
Where: Las Vegas, United States
Link To Event

TROOPERS Overview:

Our understanding of TROOPERS (a German based information security conference) is that it has a solid reputation as being one of Europe’s more discerning hacker conferences. They always attract some of the world’s brightest cyber minds and they seem to have an awesome and carefree spirit. In their own words: “We are TROOPERS. There’s no need for another credo. It’s a slogan of unity. By definition you are a TROOPER if you stand up against the everyday challenges of IT security” Sounds good enough to us!

TROOPERS started in 2007 under the direction that they wouldn’t allow the ‘usual product/ vendor presentations and marketing’, instead they just seek more of a pure cybersecurity agenda. Nice!

Reasons To Get Yourself To a TROOPERS Event:

1. Network with mega cyber professionals
You can mingle with some of the heavy hitters in the European Cybersecurity space. Influential CISOs, IT auditors, cybersecurity sysadmins, security consultants etc from some of the biggest and baddest tech companies will rock up.

2. Heidelberg is beautiful.
Although I’ve never personally been to TROOPERS, I have in fact been to Heidelberg (where the event takes place) and I can happily say that it is absolutely beautiful. Heidelberg is in Bavaria which in my opinion (having lived in Europe for a long time) is one of the most amazing parts of Europe.

Official Site:
Black Hat Conference Website

Related Media:
Here’s the entire TROOPERS Archive


Nuit du Hack Overview:

We like this event because it just seems to have an edge about it. This cyber conference, which has been taking place in Paris since 2003, was influenced by a hacking collective called Hackerz Voice. This group were inspired by DEF CON (in much the same way that the other conferences in this list have mostly been).

Reasons To Get Yourself To a Nuit du Hack Event:

1. It’s a very practical event so if you are a ‘hacker’ in the real sense of the term, you’ll love it
Nuit du Hack is one of France’s oldest underground hackers’ events, bringing security professionals and amateurs of any levels to test their skills in one place. There are a bunch of resources at the event, in fact there really is something for everyone, they even have a kids section! They also have a very active CTF division.

2. They’ve got a hacker job board!
We love this. The folks behind Nuit du Hack have fired up a jobs portal for attendees. It’s a great idea.

Official Site:
Nuit du Hack Conference Website

Related Media:
Here’s their official YouTube channel with a bunch of videos from previous talks


Security B-Sides Overview:

OK, B-Sides is our ‘swerve ball’ in our “Top Ten Must Go Cybersecurity Conferences” list. The reason for that is because it is not really a conference but rather a global movement of security meetings. Each B-Sides Event is a community-driven philosophy whereby volunteers all get together and discuss tech and security issues.

B-Sides do truly strive to keep cyber security information, knowledge, and know-how, free. There are literally hundreds of events happening at a local level around the world and we’d highly recommend that you get involved.

Reasons To Get Yourself To a B-Sides Event:

1. They are FREE!
Difficult to beat this reason! Unlike some of the conferences listed above that can be very expensive, B-Sides is, and looks like they always will be, free!

2. They are everywhere
If you live in a big city we’d be surprised if you were not able to find a B-Sides event happening near you.

3. They are a cheap and cheerful way to network and learn
If you are interested in making a career in cybersecurity then you must become a member of B-Sides and get involved. Not only will you learn a ton but you will also network with a whole bunch of other like-minded professionals.

Official Site:
Nuit du Hack Conference Website

Related Media:
Here’s their official YouTube channel with a bunch of videos from previous talks

Next Events (there are hundreds!)

Conference Titles: Global B-Sides Events!
Where: Global!

July 16, 2015

Full article:

Source: 10 ‘Must Go To’ Cybersecurity Conferences (for Hackers)


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.