August 26, 2016 By Christopher Burgess 4 min read

There is normally a hiatus in security conferences between September and February that allows those of us who have been drinking from the fire hose to stop and take a breath. This breathing space permits us to implement, adjust, engage and otherwise ensure we are where we need to be with respect to securing our data, our clients’ data and our customers’ data. The hiatus also gives us the opportunity to decide which security conferences will give us the biggest bang for our buck in terms of education and industry awareness in the coming year.

Let’s look at a few of the conference worthy of consideration for the security leader or CISO, security professional and operational business leader.

ShmooCon 2017

ShmooCon 2017 is a three-day security conference taking place in Washington, D.C. in January 2017. The format lends itself to those engaged in maintaining and breaking cybersecurity devices, network and appliances.

The conference format has one day full of lightening presentations and then the next two days scheduled in a multitrack format. Its purpose, in the organizer’s own words, is to demonstrate “technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues.”

The schedule from the January 2016 conference is available for review for a more substantive peek into the type of presentations one would encounter at SchmooCon. The 34 presentations selected for 2016 were culled from over 200 submitted proposals, and the exclusivity is a big part of the appeal. There are 1,500 seats available at ShmooCon; the 2016 conference sold out in less than three minutes, and the waitlist was full before the fourth minute.

Cyber Threat Intelligence Summit 2017

The Cyber Threat Intelligence Summit is a two-day security conference hosted by the SANS Institute in Arlington, Virginia. Four days of training seminars and classes will precede the conference in late January 2017.

The summit targets system administrators as well as those in need of hands-on instruction and education in the growing discipline of cyber threat intelligence. According to the organizers, the summit “aims to provide specific analysis techniques and capabilities that can be utilized to properly create and maintain cyber threat intelligence in your organization.”

RSA 2017

The RSA Conference is the largest of all the security conferences, to be held in San Francisco in mid-February 2017. In the run up to the conference, we will see major vendors release a plethora of new studies and product announcements. Then there’s a multitude of agnostic and vendor-driven training forums. Many will find the enormous expo areas an excellent means by which to learn about solutions from vendors and receive some introductory training on these tools.

In addition, some vendors conduct off-premises demonstrations, symposiums and briefs that may be of interest to those who have their eye on a particular solution. Many security teams find that if they can bring their C-suite to only one conference to meet with prospective vendors, the RSA conference is the best option.

IAPP 2017 Conferences

The International Association of Privacy Professionals (IAPP) hosts a variety of global conferences focused on educating attendees on the broad topic of privacy.

They are relatively small, with hundreds — not thousands — of participants. The conferences will “gather the top minds in the privacy field to discuss current and emerging privacy issues.” Those tasked with creating privacy solutions within enterprises, such as chief privacy officers, would find the IAPP conference of utility.

IBM InterConnect 2017

InterConnect is IBM’s premier annual conference for security, cloud and mobile. The 2017 event is scheduled for mid-March in Las Vegas and will once again feature more than 2,000 sessions, ranging from deep-dive technical demonstrations to business content to hands-on labs and workshops.

Security is always at the top of the InterConnect agenda, with dozens of speakers sharing the expertise and the latest findings of the IBM X-Force research team on showcase.

InfoSec World 2017

InfoSec World is a security conference and expo scheduled to take place in ChampionsGate, Florida, in April 2017. The conference will feature security practitioners who speak from experience on the real-world challenges companies are facing today.

The conference is most suitable for those whose responsibilities include creating solutions. The organizers bill it as a training conference.

FIRST 2017

The international Forum of Incident Response and Security Teams (FIRST) Conference will take place in San Juan, Puerto Rico, in June 2017. Those involved in incident response at the national, local or enterprise level will benefit from attending.

The FIRST organization comprises over 300 incident response teams from 70 countries, thus ensuring a cross-pollination of both experience and practices. The conference provides access to best practices, tools and, most importantly, the opportunity to create a network of like-minded individuals and teams.

Black Hat 2017 Security Conferences

The Black Hat security conferences are held in Las Vegas each summer and elsewhere in the world (in Asia and Europe) at varying times. According to the organizers, more than two-thirds of attendees are information security professionals with the CISSP distinction. The conference is light on vendor displays and heavy on practical demonstrations of new exploits and discoveries, so it’s definitely a worthwhile event for security professionals and those IT workers on the ground.

DEF CON 2017

DEF CON takes place annually in Las Vegas, and the next conference will occur in late July 2017. The organizers bill the conference as “the hacking conference,” and past attendees will certainly attest to the veracity of this claim.

The conference emphasizes practical hacking, with the 2016 conference focused on the Internet of Things (IoT). It is suitable for security researchers, as well as systems and network administrators dealing with today’s security challenges and interested in learning about the latest exploits that may affect their populace.

While the aforementioned security conferences are by no means all-inclusive, they are always on this writer’s calendar for consideration. They should be on yours as well.

More from CISO

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today