With more than 100+ information security conferences and events taking place in the US each year, it can be a challenge to decide which ones to attend. Following is my take on the must-attend events and why.
Conferences bring together leading vendors, speakers, thought-leaders and clients to network, discuss trends, and display new cybersecurity products and solutions. Before we dive into factors that you ought to consider when choosing which conferences to attend, let's just agree on two major benefits of attending conferences:
Benefit 1: Networking with Security Professionals!
Obviously, one of the key benefits of attending conferences is that you are physically present, meaning that you can connect with colleagues in a personal and amicable fashion. Connecting virtually and through social media (like Twitter and LinkedIn) has advantages but nothing beats a physical meeting. Remember as well that most deals are often made in the bar after-hours!
Benefit 2: Learn the latest and greatest
Regardless of what 'type' of conference you attend (whether it's a 'hackercon' or a traditional 'Information Security Conference') you'll learn a great deal. The effort that goes into presenting at a conference implies that the subject matter has been thoroughly researched and understood. Attending talks (often referred to as 'learning tracks') will, obviously, help your career - and should be a major reason to attend information security conferences.
OK, so now that we've established reasons to get yourself out of the office and network with leaders in our community, let's dig into factors that ought to determine which security conferences you should attend.
There are three 'main' types of Information Security (InfoSec) Conferences: 'Hacker Cons', e.g. DEF CON, 'Vendor IT Security Conferences', RSA, 'Web Application/ Niche-Specific Cyber Security Conferences', e.g. LASCON.
The first thing to decide when choosing which information security events to attend when planning your yearly calendar is, of course, to look at events pertinent to your profession within cybersecurity. If you are involved in Industrial Control Systems then SCADA related conferences would be your target, likewise, if you are a web-app developer then you're likely to register for "Application Security Conferences" such as LASCON or any OWASP event. Fortunately, there is a wide variety of information security conferences available to you.
To pick the right security conference, take a look at the speakers list pre-conference - is there anyone there that you admire within your vertical, and if so, then that ought to form part of your algorithm when choosing suitable events to attend. What about previous or current sponsors? It stands to reason that if the sponsors are security vendors within your space then the type of person that their audience (and perhaps yours too) will be in attendance. When reviewing the speaker and vendor (sponsor) list try to establish who should be considered as a potential prospect, vendor or JV partner.
Contact folk before attending the conference! The information security community is a tight-knit group, and networking with people is a great way to get the “real skinny.” A key tip and one which is going to swell your business connections is to contact potential interests before attending with ideally setting up meetings during breaks or after specific talks. Use LinkedIn to your advantage. The chances are that the conference organizers would have created a LinkedIn group page (or Facebook) which you can join and start discussions.
Here's my super quick round-up of the top five information security conferences to attend for 2015 and beyond!
1. DEF CON
Started by the legend that is Dark Tangent (Jeff Moss) DEF CON (two words) is, really, the world’s best known ‘hacker con’. They don't accept credit cards (cash only) so they attract the uber-security-conscious type of hacker! DEF CON is held every year in Las Vegas, Nevada, USA, and the first DEF CON took place in June 1993 so it’s also one of the oldest (and therefore original) cybersecurity meetings.
ShmooCon is an extremely popular ‘puritan’ hacker event. Founded in the late 1990s by the Shmoo Group this is a highly recommended event if you are interested in meeting some of the brightest minds in the cybersecurity space. For those that don’t know, the Shmoo Group are behind projects such as Linux Apache (yes the rather popular HTTP server!), PGP, OpenSSL and other popular hacking tools such as Snort!
LASCON has, for several years now, been a gathering of thought leaders, web developers, security engineers, mobile developers and information security professionals within the web application security space. It's a growing conference with awesome speakers. Here's more information on the event. We had the co-founder James Wickett on our Hacker Hotshots web show back in August of 2013 in which he talks about how we started LASCON (hint, over pizza and beer!).
RSA (named after Rivest, Shamir, and Adelman, the public-key encryption technology inventors) is the ‘must-go’ cybersecurity vendor-rich conference. Whilst certain elements of the hardcore cyberculture might abhor at the thought of going to RSA, (not least the antisec crew) it is without a doubt where deals and cyber business is made. It’s a huge conference, and it’s always in San Francisco, which can be a nice bonus if you can get a day or two before or after the event to do a little sightseeing.
5. Security B-Sides
OK, B-Sides is the ‘swerve ball’ in our list. The reason for that is because it is not really a conference but rather a global movement of security meetings. There are B-Sides gatherings all over the world. Each B-Sides Event is a community-driven philosophy whereby volunteers all get together and discuss tech and security issues. They are famous for being the most affordable security conferences to attend, often costing only $20 or so. They are also very approachable if you want to start giving talks at security conferences – it’s typically a friendly community gathering, quite accepting of “noob” speakers.
You can see a list of next year's security conferences here - it's being constantly updated.