I tend to go to a lot of conferences, especially over the last five years as I have taken a more active pursuit toward a full time information security career rather than merely participating in the community. There are hundreds (yes hundreds) of conferences yearly, located all over the world. Below are some of the larger conferences I have attended in the past. Keep in mind your miles may vary depending on what you can afford, how far you are willing to travel, and the crowd you are used to. I will describe a couple simple things from my perspective.
- The conference (along with a quick overview)
- The location, and when it occurs (approximately)
- The cost for admission
**Updated note** If a conference has early registration, REGISTER EARLY. Be attentive to when or if the registration opens at certain times. In some cases, the registration prices increase closer to the conference date. In other cases where the attendance is capped and the conference is popular, it will sell out fast.
One of the largest conferences I have attended. It has grown to literally epic proportions over the last few years with 2016 being the 24th year. There are multiple layers to the conference ranging from contests to events which would take many years to experience them all. There is enough content in this conference for every level of skill from casual hobbyist, to seasoned infosec professional (and even their managers) to benefit. It has grown large enough to even have a documentary.
Location: Las Vegas, Nevada
When: Late July/Early August
Aside from being local for me, this one is one of my favorites because of the talks. While I’ve learned a lot even from the most non-technical talks (e.g. travel hacking), the technical ones were not your run of the mill “just click on these and you’ll be an expert” talk. They even have seminars occurring before the conference weekend.
Location: San Diego, California
When: Mid October
Cost: $80-120 (depending on when you register)
Security BSides has become one of my favorites not only because of the content and quality of the talks, but the old school grass roots nature of the conferences, and the fact there are BSides conferences all over the world at different dates, so its not unfeasible to attend more than one, or even several in a year if you are feeling up to it. Keep in mind that due to either the strength of the infosec community or politics at any given location, your miles may vary.
When: Depends on the location
Cost: Typically $0-40 (register early, or volunteer)
While I did go to blackhat, it was in a more limited capacity. There are multiple levels of entry and considering the standard cost is around $1500-1700, the business pass allows you access to the vendor areas and demo rooms which may not be much but it was worth the $400. If I were to determine who to send, it would be senior professionals, to management or even C-Level folks as this conference is the more buttoned up version of DEFCON where the content is geared more toward the decision makers. As for the more senior (non-management) professionals, there are a lot of good seminars and trainings that they would benefit more from than the talks.
Location: Las Vegas, Nevada
When: Late July/Early August (before DEFCON)
Cost: multiple $400-1500
The moment I arrived at DerbyCon, I noticed a very familiar feeling and its similarities to Toorcon, and some of the earlier DEFCONs in terms of volume of people, venue, and the quality of the talks which were a good balance of varying levels but definitely relevant for the folks in the trenches. In fact, they also have seminars similar to Toorcon. One of the biggest differences was getting a feel for the infosec scene away from California in the midwest.
Location: Louisville, Kentucky
When: Mid-Late September
I like this conference as it is another good one that is local (to Southern California). The volume of people is not too small, but isn’t too overwhelming either. The talks were pretty technical, and as the name of the conference implies, there are a lot of other hands on events ranging from lock picking, and CTFs to a hardware hacking village you can do some soldering in. If you understand and appreciate the history behind the term “hacker”, you will understand the spirit of this conference.
Location: Los Angeles, CA
When: Late May
Cost: $100-160 (registering early is encouraged)
I recently attended my first CircleCity Con and I have to say, it was not only a good conference, but after all of these conferences, I have noticed a lot of common factors in what makes a good conference. I learned quite a bit whether it was from mentors I have ran into in the past, or even speakers teaching one of the classes offered, it was a great experience. Aside from that, there were a lot of events and activities considering the size of the conference. If you live in the midwest and have the time I highly recommend it.
Location: Indianapolis, Indiana
When: Early-Mid June
So after attending these conferences, I’ve made some observations on what I found valuable about them, and talk more about this in part 2.