There is normally a hiatus in security conferences between September and February that allows those of us who have been drinking from the fire hose to stop and take a breath. This breathing space permits us to implement, adjust, engage and otherwise ensure we are where we need to be with respect to securing our data, our clients’ data and our customers’ data. The hiatus also gives us the opportunity to decide which security conferences will give us the biggest bang for our buck in terms of education and industry awareness in the coming year.

Let’s look at a few of the conference worthy of consideration for the security leader or CISO, security professional and operational business leader.

ShmooCon 2017

ShmooCon 2017 is a three-day security conference taking place in Washington, D.C. in January 2017. The format lends itself to those engaged in maintaining and breaking cybersecurity devices, network and appliances.

The conference format has one day full of lightening presentations and then the next two days scheduled in a multitrack format. Its purpose, in the organizer’s own words, is to demonstrate “technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues.”

The schedule from the January 2016 conference is available for review for a more substantive peek into the type of presentations one would encounter at SchmooCon. The 34 presentations selected for 2016 were culled from over 200 submitted proposals, and the exclusivity is a big part of the appeal. There are 1,500 seats available at ShmooCon; the 2016 conference sold out in less than three minutes, and the waitlist was full before the fourth minute.

Cyber Threat Intelligence Summit 2017

The Cyber Threat Intelligence Summit is a two-day security conference hosted by the SANS Institute in Arlington, Virginia. Four days of training seminars and classes will precede the conference in late January 2017.

The summit targets system administrators as well as those in need of hands-on instruction and education in the growing discipline of cyber threat intelligence. According to the organizers, the summit “aims to provide specific analysis techniques and capabilities that can be utilized to properly create and maintain cyber threat intelligence in your organization.”

RSA 2017

The RSA Conference is the largest of all the security conferences, to be held in San Francisco in mid-February 2017. In the run up to the conference, we will see major vendors release a plethora of new studies and product announcements. Then there’s a multitude of agnostic and vendor-driven training forums. Many will find the enormous expo areas an excellent means by which to learn about solutions from vendors and receive some introductory training on these tools.

In addition, some vendors conduct off-premises demonstrations, symposiums and briefs that may be of interest to those who have their eye on a particular solution. Many security teams find that if they can bring their C-suite to only one conference to meet with prospective vendors, the RSA conference is the best option.

IAPP 2017 Conferences

The International Association of Privacy Professionals (IAPP) hosts a variety of global conferences focused on educating attendees on the broad topic of privacy.

They are relatively small, with hundreds — not thousands — of participants. The conferences will “gather the top minds in the privacy field to discuss current and emerging privacy issues.” Those tasked with creating privacy solutions within enterprises, such as chief privacy officers, would find the IAPP conference of utility.

IBM InterConnect 2017

InterConnect is IBM’s premier annual conference for security, cloud and mobile. The 2017 event is scheduled for mid-March in Las Vegas and will once again feature more than 2,000 sessions, ranging from deep-dive technical demonstrations to business content to hands-on labs and workshops.

Security is always at the top of the InterConnect agenda, with dozens of speakers sharing the expertise and the latest findings of the IBM X-Force research team on showcase.

InfoSec World 2017

InfoSec World is a security conference and expo scheduled to take place in ChampionsGate, Florida, in April 2017. The conference will feature security practitioners who speak from experience on the real-world challenges companies are facing today.

The conference is most suitable for those whose responsibilities include creating solutions. The organizers bill it as a training conference.

FIRST 2017

The international Forum of Incident Response and Security Teams (FIRST) Conference will take place in San Juan, Puerto Rico, in June 2017. Those involved in incident response at the national, local or enterprise level will benefit from attending.

The FIRST organization comprises over 300 incident response teams from 70 countries, thus ensuring a cross-pollination of both experience and practices. The conference provides access to best practices, tools and, most importantly, the opportunity to create a network of like-minded individuals and teams.

Black Hat 2017 Security Conferences

The Black Hat security conferences are held in Las Vegas each summer and elsewhere in the world (in Asia and Europe) at varying times. According to the organizers, more than two-thirds of attendees are information security professionals with the CISSP distinction. The conference is light on vendor displays and heavy on practical demonstrations of new exploits and discoveries, so it’s definitely a worthwhile event for security professionals and those IT workers on the ground.

DEF CON 2017

DEF CON takes place annually in Las Vegas, and the next conference will occur in late July 2017. The organizers bill the conference as “the hacking conference,” and past attendees will certainly attest to the veracity of this claim.

The conference emphasizes practical hacking, with the 2016 conference focused on the Internet of Things (IoT). It is suitable for security researchers, as well as systems and network administrators dealing with today’s security challenges and interested in learning about the latest exploits that may affect their populace.

While the aforementioned security conferences are by no means all-inclusive, they are always on this writer’s calendar for consideration. They should be on yours as well.

More from CISO

How to Solve the People Problem in Cybersecurity

You may think this article is going to discuss how users are one of the biggest challenges to cybersecurity. After all, employees are known to click on unverified links, download malicious files and neglect to change their passwords. And then there are those who use their personal devices for business purposes and put the network at risk. Yes, all those people can cause issues for cybersecurity. But the people who are usually blamed for cybersecurity issues wouldn’t have such an…

The Cyber Battle: Why We Need More Women to Win it

It is a well-known fact that the cybersecurity industry lacks people and is in need of more skilled cyber professionals every day. In 2022, the industry was short of more than 3 million people. This is in the context of workforce growth by almost half a million in 2021 year over year per recent research. Stemming from the lack of professionals, diversity — or as the UN says, “leaving nobody behind” — becomes difficult to realize. In 2021, women made…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…