There is normally a hiatus in security conferences between September and February that allows those of us who have been drinking from the fire hose to stop and take a breath. This breathing space permits us to implement, adjust, engage and otherwise ensure we are where we need to be with respect to securing our data, our clients’ data and our customers’ data. The hiatus also gives us the opportunity to decide which security conferences will give us the biggest bang for our buck in terms of education and industry awareness in the coming year.

Let’s look at a few of the conference worthy of consideration for the security leader or CISO, security professional and operational business leader.

ShmooCon 2017

ShmooCon 2017 is a three-day security conference taking place in Washington, D.C. in January 2017. The format lends itself to those engaged in maintaining and breaking cybersecurity devices, network and appliances.

The conference format has one day full of lightening presentations and then the next two days scheduled in a multitrack format. Its purpose, in the organizer’s own words, is to demonstrate “technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues.”

The schedule from the January 2016 conference is available for review for a more substantive peek into the type of presentations one would encounter at SchmooCon. The 34 presentations selected for 2016 were culled from over 200 submitted proposals, and the exclusivity is a big part of the appeal. There are 1,500 seats available at ShmooCon; the 2016 conference sold out in less than three minutes, and the waitlist was full before the fourth minute.

Cyber Threat Intelligence Summit 2017

The Cyber Threat Intelligence Summit is a two-day security conference hosted by the SANS Institute in Arlington, Virginia. Four days of training seminars and classes will precede the conference in late January 2017.

The summit targets system administrators as well as those in need of hands-on instruction and education in the growing discipline of cyber threat intelligence. According to the organizers, the summit “aims to provide specific analysis techniques and capabilities that can be utilized to properly create and maintain cyber threat intelligence in your organization.”

RSA 2017

The RSA Conference is the largest of all the security conferences, to be held in San Francisco in mid-February 2017. In the run up to the conference, we will see major vendors release a plethora of new studies and product announcements. Then there’s a multitude of agnostic and vendor-driven training forums. Many will find the enormous expo areas an excellent means by which to learn about solutions from vendors and receive some introductory training on these tools.

In addition, some vendors conduct off-premises demonstrations, symposiums and briefs that may be of interest to those who have their eye on a particular solution. Many security teams find that if they can bring their C-suite to only one conference to meet with prospective vendors, the RSA conference is the best option.

IAPP 2017 Conferences

The International Association of Privacy Professionals (IAPP) hosts a variety of global conferences focused on educating attendees on the broad topic of privacy.

They are relatively small, with hundreds — not thousands — of participants. The conferences will “gather the top minds in the privacy field to discuss current and emerging privacy issues.” Those tasked with creating privacy solutions within enterprises, such as chief privacy officers, would find the IAPP conference of utility.

IBM InterConnect 2017

InterConnect is IBM’s premier annual conference for security, cloud and mobile. The 2017 event is scheduled for mid-March in Las Vegas and will once again feature more than 2,000 sessions, ranging from deep-dive technical demonstrations to business content to hands-on labs and workshops.

Security is always at the top of the InterConnect agenda, with dozens of speakers sharing the expertise and the latest findings of the IBM X-Force research team on showcase.

InfoSec World 2017

InfoSec World is a security conference and expo scheduled to take place in ChampionsGate, Florida, in April 2017. The conference will feature security practitioners who speak from experience on the real-world challenges companies are facing today.

The conference is most suitable for those whose responsibilities include creating solutions. The organizers bill it as a training conference.

FIRST 2017

The international Forum of Incident Response and Security Teams (FIRST) Conference will take place in San Juan, Puerto Rico, in June 2017. Those involved in incident response at the national, local or enterprise level will benefit from attending.

The FIRST organization comprises over 300 incident response teams from 70 countries, thus ensuring a cross-pollination of both experience and practices. The conference provides access to best practices, tools and, most importantly, the opportunity to create a network of like-minded individuals and teams.

Black Hat 2017 Security Conferences

The Black Hat security conferences are held in Las Vegas each summer and elsewhere in the world (in Asia and Europe) at varying times. According to the organizers, more than two-thirds of attendees are information security professionals with the CISSP distinction. The conference is light on vendor displays and heavy on practical demonstrations of new exploits and discoveries, so it’s definitely a worthwhile event for security professionals and those IT workers on the ground.

DEF CON 2017

DEF CON takes place annually in Las Vegas, and the next conference will occur in late July 2017. The organizers bill the conference as “the hacking conference,” and past attendees will certainly attest to the veracity of this claim.

The conference emphasizes practical hacking, with the 2016 conference focused on the Internet of Things (IoT). It is suitable for security researchers, as well as systems and network administrators dealing with today’s security challenges and interested in learning about the latest exploits that may affect their populace.

While the aforementioned security conferences are by no means all-inclusive, they are always on this writer’s calendar for consideration. They should be on yours as well.

More from CISO

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

What’s new in the 2023 Cost of a Data Breach report

3 min read - Data breach costs continue to grow, according to new research, reaching a record-high global average of $4.45 million, representing a 15% increase over three years. Costs in the healthcare industry continued to top the charts, as the most expensive industry for the 13th year in a row. Yet as breach costs continue to climb, the research points to new opportunities for containing breach costs. The research, conducted independently by Ponemon Institute and analyzed and published by IBM Security, constitutes the…

Cyber leaders: Stop being your own worst career enemy. Here’s how.

24 min read - Listen to this podcast on Apple Podcasts, Spotify or wherever you find your favorite audio content. We’ve been beating the cyber talent shortage drum for a while now, and with good reason. The vacancy numbers are staggering, with some in the industry reporting as many as 3.5 million unfilled positions as of April 2023 and projecting the disparity between supply and demand will remain until 2025. Perhaps one of the best (and arguably only) ways we can realistically bridge this gap is to…

Poor communication during a data breach can cost you — Here’s how to avoid it

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…