What does it take to crack the code of cybersecurity when it comes to best practices?
A 2019 Fortinet survey asked chief information security officers (CISOs) to comment on how the expanding complexity of cybersecurity impacts their ability to fulfill their responsibilities. CISOs said there is an increased need for learning and development for security team members. Other concerns included risk management and cybersecurity and strategy awareness.
Enter cybersecurity conferences. Taking place across the U.S. and the world, cybersecurity conferences can offer unique opportunities for cybersecurity professionals, such as hands-on workshops, networking and certifications. They also provide cybersecurity leaders with greater security awareness of threats, tactics and best practices needed to effectively thwart attacks on the systems and assets they protect.
Here, Security brings you a list of the top 20 cybersecurity conferences in the U.S. in 2020.
1. The Human Hacking Conference
Lake Buena Vista, Fla.
The Human Hacking Conference is an all-encompassing training event that teaches business, security, technology and psychology professionals the latest expert techniques in human deception, body language analysis, cognitive agility, intelligence research and security best practices. The conference is put together by the Social Engineering Village (SEVillage), which seeks to progress social engineering as a professional practice.
The conference includes:
- Five multi-hour workshops taught by leaders in behavior, physiology, deception, technology and psychology.
- Specialized learning tracks including Hacking the C-Level & Hacking Business, Mind Hacking, Penetration testing and Red Teaming.
- A variety of speaking sessions from expert-level presenters, varying from fast-paced concentrated content to panels and keynotes.
- Three Evening Events plus many opportunities for networking
2. 2020 Global Insider Threat Summit
San Francisco, Calif.
If you’re attending RSA, the 2020 Global Insider Threat Summit is the perfect conference to kick off your week. At this year’s Summit, CISOs, CSOs, CTOs and other leading experts from top organizations such as MITRE and Flex will share how they are utilizing data to build stronger business and security strategies. In exclusive knowledge-sharing sessions, speakers will discuss:
- How to implement a data-driven security strategy.
- How the MITRE ATT&CK framework can be utilized to drive insider threat detection.
- The latest cutting-edge research into insider threats.
- How to use data to elevate security to a board-level discussion.
- Why an effective insider threat approach has far-reaching benefits across security and across the business.
3. RSA Conference
San Francisco, Calif.
At RSA, top cybersecurity leaders and a dedicated community of peers will exchange though-provoking cybersecurity solutions to the latest threats. Dr. Lorrie Cranor, Director and Bosch Distinguished Professor of the CyLab Security and Privacy Institute, is one of the featured speakers at RSA. Chris Krebs, Director of the Cybersecurity and Infrastructure Security Agency, is one of the keynote speakers. He will discuss CISA’s expansive role as the Nation’s risk advisor, and how CISA builds partnerships across the U.S.
Seminars include a discussion around:
- Emerging Threats.
- Privacy and Security in the Cloud.
- Establishing a Culture of Protect, Detect and Respond.
- Lethal Threat Hunting and Incident Response Techniques.
- DevOps: 2020 DevSecOps Days.
- Personnel Management and Building Successful Cybersecurity Teams.
Panel discussions include:
- The Cryptographers’ Panel: Whitfield Diffie, Cryptographer and Security Expert, Cryptomathic; Tal Rabin, Head of Research, Algorand Foundation; Ronald Rivest, Professor, Massachusetts Institute of Technology; Adi Shamir, Borman Professor of Computer Science, The Weizmann Institute, Israel; and Zulfikar Ramzan, Chief Technology Officer, RSA (Moderator)
- The SANS Institute Panel: Heather Mahalik, Senior Instructor, SANS Institute and Director of Digital Intelligence, Cellebrite; Ed Skoudis, Instructor, SANS Institute; Johannes Ullrich, Ph.D., Dean of Research, SANS Technology Institute; and Alan Paller; Research Director and Founder, SANS Institute (Moderator)
- How to Reduce Supply Chain Risk – Lessons from Efforts to Block Huawei Panel: Katie Arrington, Cyber Information Security Officer of Acquisitions, U.S. Dept of Defense / OUSD for Acquisitions; Donald (Andy) Purdy, Chief Security Officer, Huawei Technologies USA; Bruce Schneier, Security Technologist, Researcher & Lecturer, Harvard Kennedy School; Kathryn Waldron, Fellow, R Street Institute; and Craig Spiezle, Founder, Agelight Advisory & Research Group (Moderator).
- Genomics – A New Frontier Panel: Kathy Hibbs, Chief Legal and Regulatory Officer, 23andMe; Dr. Patrick Courneya, Chief Medical Officer, Kaiser Permanente; Dr. Richard Migliori, Chief Medical Officer, UnitedHealth Group; and Rajeev Chand, Partner and Head of Research, Wing Venture Capital (Moderator)
4. Atlanta Cybersecurity Conference
The Atlanta Cybersecurity Conference features a Keynote Speaker Session, a CISO Panel and 8-10 additional educational speaker sessions discussing current cybersecurity threats and solutions. The Keynote will be Assistant Special Agent in Charge Mark Grantz, US Secret Service.
The CISO Panel will feature:
- Gary Brantley, CISO, City of Atlanta
- Jose Marroquin, CISO, Encompass Digital Media
- Chris Paravate, CSO, Northeast Georgia Medical Center
- Chris Stouff, CSO, Armor
- Steven Ferguson, CIO, Technical College System of Georgia
- John Slaughter, CIO, Alliant Health
- Gaurav Singal, VP and CIO, Georgia Lottery Corporation
- Sergio Rio, CIO, Innovative Water Care
In addition, attendance includes CPE credits and certificates of attendance.
5. Women in Cybersecurity
Each year WiCyS, a non-profit membership organization that is dedicated to bringing together women in cybersecurity from academia, holds the Women in Cybersecurity Conference with local host college partners. It’s an excellent opportunity to network with other women in cybersecurity.
In addition, companies looking to recruit can also connect with students and candidates and experienced leaders and professionals in the cybersecurity field.
The leadership summit, a forum for cybersecurity industry experts, will address challenges in the following four tracks:
- Strengthening the diverse cybersecurity workforce pipeline.
- Creating an inclusive work environment.
- Furthering opportunities for various groups such as veteran female cybersecurity aspirants or those transitioning or returning to cybersecurity workforce.
- Advancing women in technical and non-technical leadership roles.
Workshops, panel discussions and presentations will feature CISOs, Information Security, Directors and more leaders from the MITRE Corp., CISA, U.S. Army, Microsoft, Netflix, Amazon, F5 Labs, HCA Healthcare, John Hopkins, University of Alabama in Huntsville, University of Texas at San Antonio and many more.
For the full agenda, click here.
6. InfoSec World
Lake Buena Vista, Fla.
March 30-April 1
Join peers and experts at InfoSec World 2020 Conference & Expo to not only address the disruptive technologies and threats on the horizon, but to create a plan for managing the people, processes and tools for how your organizations react and cope with these intrusive circumstances. Security professionals have the opportunity to earn up to 45 CPE credits over the course of one week and numerous opportunities to network with more than 1,000 attendees.
Keynote speakers are:
- Jamil Farshchi, CISO, Equifax
- Jimmy Sanders, Head of Information Security, Netflix DVD
- Parham Eftekhari, Executive Director, Institute for Critical Infrastructure Technology (ICIT)
- Badri Raghunathan, Director Product Management – Container and Serverless Security, Qualys
- Mark Kelton, Retired Senior Executive, Central Intelligence Agency
- Chuck Brooks, Brand Ambassador, The Cybersecurity Collaborative
7. SANS 2020
Each year, SANS hosts five large scale national events that attract anywhere from 900-1300 attendees. This two-day SANS 2020 Summit will offer a focus on threat intelligence, with more than 50 hands-on, immersive-style courses that apply to new and experienced cybersecurity professionals. SANS 2020 will provide cybersecurity training and GIAC certifications. The courses, taught by real-world practitioners, are geared towards professionals who work in development, incident response & forensics, management, audit, legal, industrial control systems and more.
For a full list of all courses, click here.
Other SANS 2020 events include:
- SANS Security West 2020 – San Diego, California, May 12
- SANSFIRE 2020 – Washington, D.C., June 17
- SANS Network Security 2020 – Las Vegas, Nevada, September 22
- Cyber Defense Initiative 2020 – Washington, D.C., December 16
For a full list of all SANS local and regional events and solution forums, click here.
8. CSO50 Conference+Awards
The CSO50 Conference+Awards will focus on “Bringing Risk into Focus” and feature innovation stories from the nation’s top security leaders. Winning projects and initiatives will be featured in lively sessions spanning important security topics such as:
- Access and Identity Management
- Critical Infrastructure
- Data Loss Prevention and Recovery
- IoT and Machine Learning
- Managing Third-Party Risk
- Minimizing Risk and Fraud
- Security Awareness and Training
- Bob Bragdon, SVP & Publisher, CSO
- Kevin Charest, CISO, Health Care Service Corp.
- Seth Fogie, Director, Information Security, Penn Medicine
- Raj Madan, Managing Director, Technology, BNY Mellon/Pershing
- Shawn Riley, CIO, ND Information Technology Department
- Kandice Samuelson, Senior Director, Information Technology Governance, PPD
- Jeffrey Thomas, VP, Global Security, Prudential Financial
- Brad Wells, Executive Director, Information Security, PDD
9. THINK 2020
San Francisco, Calif.
THINK 2020 is the annual IBM business and technology conference. Here, security professionals have the opportunity to join strategy discussions, hands-on training, more than 1,000 targeted technical training and demos. Conference education will cover the breadth and depth of technology and business topics including automation, blockchain, cloud, code, data and AI, analytics, infrastructure, Internet of Things, mobile security, supply chain and many more.
Join IBM’s Chairman, President and CEO, Ginni Rometty for the THINK 2020 Chairman’s Address, including some of the world’s top CEOs and leaders, such as Muriel Médard, Cecil H. Green Professor of EECS, MIT, Ralph Clark, President and CEO, ShotSpotter, and Saška Mojsilović, IBM Fellow, Head of Trustworthy AI and Co-Director of Science for Social Good, IBM Research.
THOTCON is a hacking conference based in Chicago, which started in late 2009 by a group of Chicago hackers who wanted to start a local and low-cost conference. “Once you attend a THOTCON event, you will have experienced one of the best information security conferences in the world combined with a uniquely casual and social experience,” claims the website.
Topics that will be discussed during speaker and keynote are: Internet of Things, Medical Devices, Industrial Control Systems, Computer/Human Interfaces, Wearable Computing, Offensive/Defensive Techniques, Chaotic Actors, Surveillance, Intelligence Gathering, Data Visualization, Transportation Systems, Legal Issues and more.
At the time of this writing, THOTCON has yet to announce who the speakers and keynotes are.
11. IEEE Symposium on Security and Privacy
San Francisco, Calif.
The Institute of Electrical and Electronics Engineers (IEEE) Symposium for Security and Privacy has been one of the premier forums for computer security research, presenting the latest developments and bringing together researchers and practitioners.
IEEE solicits previously unpublished papers that offer novel research contributions in any aspect of security and privacy. Papers may present advances in the theory, design, implementation, analysis, verification or empirical evaluation and measurement of secure systems. Topics can range from access control and authorization to application security, authentication, blockchain, cloud security, cyber physical systems security, security and privacy metrics and more.
If you’re interested in submitting, IEEE accepts paper submissions 12 times a year, on the first of each month.
12. National Cyber Summit
Described as the “nation’s most innovative cybersecurity technology event,” the National Cyber Summit offers unique educational, collaborative and workforce development opportunities for industry visionaries and rising leaders. Their core focus is on three things: education, collaboration and innovation.
Keynote speakers are:
- Jon “maddog” Hall – Board Chair, Linux Professional Institute
- Major General Thomas Murphy – Director of DoD’s Protecting Critical Technology Task Force, Air Force
- Robert Powell – Senior Advisor for Cybersecurity, NASA
13. Gartner Security & Risk Management Summit
National Harbor, Md.
The Gartner Security & Risk Management Summit 2020 is one conference to attend if you want to hear independent experts on what matters most now and how to prepare for what’s ahead. Here you can learn how to create the security and IT risk management plans you need for your enterprise.
More than 3,500 peers and 65 Gartner experts gather at the conference, so you have a chance to network and gather meaningful insights to help you thrive in the evolving digital landscape. The conferences hosts more than 130 research-driven sessions, as well, to evaluate cybersecurity and risk management strategies.
14. Blue Team Con
The Blue Team Con, an information security conference, is tailored for those that are performing blue team type work at enterprises. Blue Team Con claims that its goal is to help fill in the gap within the information security industry, specifically between the information sharing network for red teams and offensive research and that of the blue team.
The conference hosts talks that are almost exclusively focused on sharing information among defenders and protectors of organizations. This can span from SOC Analysts to CISOs, auditors and compliance personnel or application developers focusing on security.
Some of Keynote speakers include:
- Sean Metcalf, Consultant, Trimarc
- Dana Baril, Security Research Architect at Microsoft
- AJ Van Beest, founding member of the WI SLTT Cyber Response Team
- Amanda Berlin, Co-Author of the Defensive Security Handbook
- Cheryl Biswas, Strategic Threat Intel Analyst, TD Bank
- Jesse Bowling, Security Architect & CSIRT Program Manager, Duke University
For a full list of all speakers, click here.
15. Black Hat
Las Vegas, Nev.
Now in its 23rd year, Black Hat USA is an information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2020 opens with four days of technical Trainings (August 1-4) followed by the two-day main conference (August 5-6) featuring Briefings, Arsenal, Business Hall, and more. You’ll also have the opportunity to network with 19,000 InfoSec professionals.
Trainings include hands-on offensive and defensive skill-building opportunities. These courses are taught by some of the most sought-after international industry & subject matter experts, with the goal of defining and defending tomorrow's InfoSec landscape.
Briefings include presentations on cutting-edge research on information security risks and trends. Security experts from around the world will share their latest findings, open-source tools, zero day exploits and more.
16. Bsides Vegas
Las Vegas, Nev.
Founded in 2009, BSides Las Vegas claims to be “the impetus that sparked a global movement.” Whether you're looking for your next big thing, career advice, or your first talk on a national stage, join the cybersecurity professionals at this two-day event.
The conference is free, but attendance can only be guaranteed if individuals stay for a minimum of three nights at the Tuscany on the BSidesLV room block.
The Call for Presentations for Providing Ground mentors program, which gives first-time speakers the opportunity to work with a seasoned industry professional to improve public speaking skills to present their research, is still open and closes on February 29, 2020.
The General Call for Presentations will be open from March 1st through April 15th.
17. Global CISO Executive Summit
The Global CISO Executive Summit is “built by CISOs, for CISOs.” This conference focuses on sharing best practices and developing leadership skills that enhance a CISO’s organization’s ability to impact their security climate.
- Tim Callahan, Global Chief Security Officer, Aflac
- Meredith Harper, Vice President, Chief Information Security OfficerLilly
- Meredith Harper, VP, CISO, Eli Lilly & Company
- Nasrin Rezai, EVP, Global Chief Information Security and Product Security Officer, General Electric
- Ben Sapiro, Global CISO, Great-West Life Assurance
The agenda is yet to be announced.
18. GrrCON Cyber Security Summit & Hacker Conference
Grand Rapids, Mich.
The GrrCON Cyber Security Summit & Hacker Conference is an information security and hacking conference that provides the Midwest InfoSec community with a fun atmosphere to come together and network. GrrCON is small compared to other conferences, with around 1,700 individuals in attendance. Whether you are a Fortune 500 executive, security researcher, industry professional, student, or a hacker, you will find something for you at GrrCON.
Student and Early Bird tickets open on March 1, 2020. Regular tickets go on sale April 1. Keep in mind it’s important to buy tickets early, says GrrCon, as they usually sell out completely. Conference dates have not been announced yet, but the conference is usually in October.
19. Cybersecurity & Fraud Summit
The Cybersecurity & Fraud Summit is part of ISMG’s Global Summit Series, which takes place across four continents. This summit will focus on fraud and breach prevention that can apply to many industry verticals such as finance, government, retail, energy and healthcare.
The event provides cybersecurity leaders the opportunity to earn CPE credits. A few keynote panels that spark interest are:
- Cybersecurity in the Era of Donald Trump.
- The Rise of Cybercrime as a Service: Which Threats Should We Address First?
- Why Organizations Fail to Implement Proper Security Safeguards and What They Can Do About It.
- We’ve Been Breached: Now What? How to Effectively Work with Law Enforcement and Regulators.
Call for speakers is still open. Find out more here.
FutureCon holds more than 25 events per year. Here, you’ll be able to interact with CISOs and Senior Level Executives who have experience in mitigating the risk of cyberattacks. At each FutureCon Event, you will receive cybersecurity training and learn cutting-edge security approaches to manage risks in the constantly evolving world of cyber threats.
- Dallas, Texas – February 12, 2020
- Los Angeles, Calif. – February 19, 2020
- Chicago, Ill. – March 11, 2020
- St. Louis, Mo. – March 25, 2020
- Raleigh, N.C. – April 1, 2020
- Houston, Texas – April 15, 2020
- New Jersey – April 29, 2020
- Kansas City, Mo. – May 13, 2020
- San Diego, Calif. – June 10, 2020
- Indianapolis, Ind. – June 25, 2020
- Detroit, Mich. – July 8, 2020
- Denver, Colo. – July 22, 2020
- Omaha, Nev. – July 29, 2020
- Seattle, Wash. – August 5, 2020
- Columbus, Ohio – August 19, 2020
- Des Moines, Iowa – September 2, 2020
- Toronto, Ontario – September 16, 2020
- Minneapolis, Minn. – September 30, 2020
- Boston, Mass. – October 14, 2020
- Tampa, Fla. – October 28, 2020
- Orange County, Calif. – November 4, 2020
- San Antonio, Texas – November 18, 2020
- Nashville, Tenn. – December 3, 2020
- South Florida, Fla. – December 9, 2020
Additional Conferences to Attend
Security Professionals Conference
The EDUCAUSE Security Professionals Conference is created just for the higher education information security and privacy community. This is a great opportunity to connect and collaborate with colleagues around the latest information security, privacy and risk management innovations and strategies.
This year's conference will introduce new offerings like leadership training, more workshops, track sessions and lightning talks to cover a broad range of skill levels and topics, both technical and strategic.
CMMC Forum 2020
Falls Church, Va.
April 2, 2020
On Jan. 31st, the Department of Defense (DoD) officially released its Cybersecurity Maturity Model Certification (CMMC) to certify DoD contractors’ cybersecurity practices and bolster supply chain security. CMMC’s revision has moved away from self-certification, replacing current National Institute of Science and Technology’s (NIST) standards for cybersecurity with a five-level system of requirements for defense contractors.
The forum will feature Katie Arrington, chief information security officer at the Office of the Assistant Secretary of Defense for Acquisition and a 2020 Wash100 Award recipient, as a keynote speaker. She will address the CMMC’s timeline, how the certification process could change and will provide a memorandum of understanding with a newly established CMMC accrediting body.
Cybersecurity Collaboration Forum
The Cybersecurity Collaboration Forum puts together various conferences throughout the year to foster information security communication and idea sharing across the C-Suite, enabling leaders to better defend, preserve and protect local and global enterprises.
It also brings together CISOs, CIOs, Heads of Risk, Compliance, Audit, Technology, Privacy and stakeholders charged with protecting and securing their organizations. Upcoming events include:
- Chicago Cybersecurity Best Practice Exchange
- Cleveland Cybersecurity Collaboration Forum
- Nashville Cybersecurity Collaboration Forum
- Portland Cybersecurity Collaboration Forum
- Salt Lake City Cybersecurity Collaboration Forum
- San Antonio Cybersecurity Collaboration Forum
- St. Louis Cybersecurity Collaboration Forum
This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security Magazine. Subscribe here.