Micro Focus is now part of OpenText. Learn more >

You are here

You are here

The best security conferences of 2022

public://pictures/linda_rosencrance_photo-4.jpg
Linda Rosencrance Freelance writer/editor
 

To keep ahead of the security curve, you have to be constantly learning. As malicious threats become more sophisticated on an almost daily basis, continuously evolving your security knowledge is really the only way to keep up.

One of the best ways to expand your expertise is by attending cybersecurity conferences, where you can hear from some of the tops experts in the industry, discover new technology and best practices, and network.

Select security conferences that match your company's priorities; this is key for getting the most value for your time and money.

Here is TechBeacon's list of the top security conferences in 2022.

January

BSides

Twitter: @SecurityBSides
Web: securitybsides.com
Dates: January–December
Locations: Virtual/In-person
Cost: Most are free

There are a number of BSides conferences taking place throughout the year. BSides describes itself as a community-driven framework for building events led by members of the security community, not by vendors. BSides events "create opportunities for individuals to both present and participate in an atmosphere that encourages collaboration," organizers say.

Who should attend: Security pros and enthusiasts

Data Connectors Cybersecurity Conferences/Virtual Summit Series

Twitter: @DataConnectors
Web: dataconnectors.com
Dates: January–December
Locations: Virtual, and various locations for in-person events
Cost: Virtual, free; in-person, TBD

These events feature industry experts, government agencies, and vendors—all bringing real-world experience and knowledge about specific cybersecurity topics and concerns.

Who should attend: Information, cyber, and network security professionals

The Official Cyber Security Summit - Cyber Summit USA

Twitter: @CyberSummitUSA, #CyberSecuritySummit
Web: cybersecuritysummit.com
Dates: January–December
Locations: Varies (in-person and virtual)
Cost: By invitation only (attendees are pre-screened and approved in advance)

During interactive panels and roundtable discussions, attendees will learn from renowned security experts from around the globe on how to protect their businesses from cyberattack. They will also have the opportunity to see and evaluate demonstrations from dozens of solution providers that promise ways to protect their enterprises from the latest threats.

Who should attend: C-level and senior executives responsible for protecting their companies' critical infrastructures

SANS Cyber Threat Intelligence Summit & Training 2022 - Live Online

Twitter: @sansinstitute
Web: sans.org/cyber-security-training-events/cyber-threat-intelligence-summit-2022-live-online/
Date: January 27–February 5
Location: Virtual
Cost: $849 to $1,545, with time-sensitive discounts available before New Year's Day

At this year’s Cyber Threat Intelligence Summit, attendees will have the chance to learn, connect, and share with thousands of cybersecurity professionals from around the globe. Attendees will hear interesting perspectives and case studies that challenge assumptions and result in a shift in their understanding.

Who should attend: IT security pros, CxOs, network and system administrators, security managers, and security testers

February

SecureWorld

Twitter: @SecureWorld
Web: secureworld.io/events
Dates: February–November
Locations: Varies
Cost: Varies

Security professionals will take part in "high-quality training and collaboration" in this series of virtual conferences, organizers promise. Attendees can earn six CPE credits through more than 20 educational elements, learning from nationally recognized industry leaders. Participants can attend keynotes, panel discussions, breakout sessions, and networking opportunities as well as evaluate products and meet with local chapters of security associations.

Who should attend: CSOs, CISOs, compliance officers, security consultants, directors, governance officers, cloud security practitioners, security researchers, and other security professionals

Enigma 2022

Twitter: @usenix
Web: usenix.org/conference/enigma2022
Date: February 1–3
Location: Santa Clara, California, USA and virtual
Cost: In-person, $1,200; virtual, $600; early-bird, member, and student discounts available

Enigma, a Usenix event, centers on a single track of talks covering a wide range of topics about security and privacy. The goals of the event are to clearly explain emerging threats and defenses in the growing intersection of society and technology, and "to foster an intelligent and informed conversation within the community and the world."

Who should attend: Security practitioners, chief privacy officers, chief financial officers, researchers, developers, and cryptographers

Network and Distributed System Security Symposium

Twitter: @NDSSSymposium
Web: ndss-symposium.org/ndss2022/
Date: February 27–March 3
Location: San Diego, California, USA
Cost: TBD

This event, organized by the Internet Society, caters to researchers and practitioners of network and distributed system security, with an emphasis on system design and implementation. A major goal of the conference is to encourage and help the Internet community to apply, deploy, and advance the state of available security technologies.

Who should attend: University researchers and educators, chief technology and privacy officers, security analysts, system administrators, and operations and security managers

March

ISC West

Twitter: @ISCEvents
Web: iscwest.com
Date: March 22–25
Location: Las Vegas, Nevada, USA
Cost: TBD

This conference encompasses both physical and connected security. It attracts some 30,000 security and public safety professionals each year. More than 1,000 security brands and exhibitors are represented.

A wide array of technologies is covered at the forum—everything from video surveillance and access control to smart-home technologies, IoT, and unmanned security. A sister conference will be held November 16–17 in New York.

Who should attend: Security and public safety professionals

April

Nullcon

Twitter: @nullcon#nullcon
Web: nullcon.net
Date: April 5–9
Location: Berlin, Germany
Cost: €150 to €2,800

The Nullcon conference is a platform for security companies and evangelists to showcase their research and technology. Nullcon hosts prototypes, exhibition, training, free workshops, and a Null job fair at the conference. 

Who should attend: Security practitioners (analysts, testers, developers, cryptographers, and hackers), security executives, business developers, venture capitalists, recruiters, and academics

May

Wild West Hackin' Fest

Twitter: @WWHackinFest
Web: wildwesthackinfest.com/way-west/
Date: May 4–6
Location: San Diego, California, USA, and virtual
Cost: In-person, $350; virtual, $140

Infosec professionals can respond to one another's work, which leads to new developments and fresh insights that practitioners can incorporate into practices at their own organizations. In addition to "some of the best keynote speakers in the industry," organizers promise, conference attendees can expect to find hands-on labs and engaging workshops in a highly interactive environment.

Who should attend: Penetration testers, application security specialists, threat intelligence analysts, system architects, researchers, system administrators, and students

AusCERT Conference

Twitter: @AusCERT#AusCert2021
Web: conference.auscert.org.au
Date (2021): May 11–14
Location (2021): Gold Coast, Queensland, Australia, and virtual
Cost: TBD

The AusCERT conference is the longest-running information security conference in Australia. Each year it attracts around 800 participants to learn about network security, incident response and handling, cybercrime, intrusion detection, governance, risk management, compliance, threat hunting, and many more infosec topics.

Who should attend: Network administrators; incident responders; governance, compliance, and risk managers; law enforcement; security team members and managers; security testers; security researchers; and consultants

NorthSec 2022

Twitter: @NorthSec_io
Web: nsec.io
Date: May 15–22
Location: Montreal, Quebec, Canada
Cost: TBD

NorthSec, an applied security event, aims to raise the knowledge level and technical expertise of professionals and students.

The event offers a single-track conference, training workshops, and a capture-the-flag competition. Speakers will address topics ranging from application and infrastructure security to cryptography and ethics. Workshops and training cover subjects including penetration testing, network security, software and hardware exploitation, web hacking, reverse engineering, malware, and encryption.

Who should attend: CSOs, CISOs, CTOs, software developers, software engineers, programmers, industry analysts and consultants, security researchers, security engineers, cryptographers, privacy advocates, computer scientists, penetration testers, and reverse engineers

IEEE Symposium on Security and Privacy

Twitter: @IEEESSP
Web: ieee-security.org/TC/SP2022/
Date: May 22–26
Location: Oakland, California, USA
Cost: TBD

Since 1980, this IEEE symposium has been a venue for airing developments in computer security and electronic privacy. The conference attracts both researchers and practitioners ready to share their knowledge on a broad range of security topics. In addition to the symposium, the IEEE offers a number of workshops that allow forum-goers to take a deeper dive into specific aspects of security and privacy.

Who should attend: Researchers, security practitioners, and students

June

RSA Conference

Twitter: @rsaconference#RSAC2022
Web: rsaconference.com/usa
Date: June 6-9
Location: San Francisco, California, USA
Cost: Varies

This is one of the world's largest security conferences. At the event, attendees will gain insights, join conversations, and view technology "that could make huge impacts on their organizations and careers," according to organizers.

Who should attend: IT security pros, CxOs, network and system administrators, security managers, and security testers

Infosecurity Europe

Twitter: @Infosecurity
Web: infosecurityeurope.com
Date: June 21–22
Location: London, UK
Cost: TBD

This conference is organized by education and networking company Infosecurity Group. In addition to covering IT security, the conference also discusses data management and cloud computing.

Who should attend: Security pros, executives, and managers

ICS Cyber Security Conference Singapore/APAC

Twitter: @SecurityWeek
Web: icscybersecurityconference.com/singapore/
Date (2021): June 22–24
Location (2021): Virtual
Cost: Free

Organized by SecurityWeek, this is the longest-running cybersecurity-focused conference for the industrial control systems sector. Its target audience consists of energy, utility, chemical, transportation, manufacturing, and other industrial and critical-infrastructure organizations.

Most attendees are control systems users or those working as control engineers, in operations management, or in IT. Topics addressed in the forum include protection for supervisory control and data acquisition (SCADA) systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers, and other field control system devices.

Who should attend: Operations, control systems, and IT security professionals

OWASP 2022 - Global AppSec Dublin

Twitter: @owasp#globalsppsec
Web: dublin.globalappsec.org
Date: Training, June 6–8; conference, June 9–10
Location: Dublin, Ireland
Cost: TBD

Focused on application security, this conference goes deep into topics such as DevOps, privacy, mobile security, secure development, app assessments, and cloud security.

Highly technical, it is organized by the Open Web Application Security Project (OWASP), a nonprofit organization with 200 chapters in 100 countries devoted to improving app security from a vendor-neutral perspective. In addition to speaker sessions, the event offers training conducted by leaders in their fields and opportunities for women and military vets to network and develop their careers.

Who should attend: Developers, application security engineers, auditors, risk managers, technologists, students, military veterans, and entrepreneurs

August

Black Hat USA 2022

Twitter: @BlackHatEvents#BHUSA
Web: blackhat.com
Date: August 6–11
Location: Las Vegas, Nevada, USA, and virtual
Cost: TBD

First held in 1997, Black Hat has become one of the world's biggest tech conferences. It's something that most security professionals are compelled to attend or at least follow closely online. It's the preferred venue for researchers, security experts, vendors, and ethical hackers to disclose their latest vulnerability findings, the most dramatic of which often become mainstream news globally. Black Hat features training sessions, a big expo floor, and A-list presenters and keynote speakers.

Who should attend: Security analysts, risk managers, security architects/engineers, penetration testers, security software developers, and cryptographers

Def Con 30

Twitter: @defcon
Web: defcon.org
Date: August 11–14
Location: Las Vegas, Nevada, USA
Cost​​​​: TBD

Def Con starts as soon as Black Hat ends—in the same locale, though a different venue—so they share many topics and audiences. But Black Hat's atmosphere is more polished, corporate, and professional, while Def Con is a wilder, more festive affair.

Attendees should take precautions to avoid getting hacked, since they'll be surrounded by thousands of hackers. They should also be prepared to be approached by government headhunters recruiting for intelligence and law enforcement agencies.

Who should attend: Software developers, security administrators, hackers, researchers, and government and law enforcement officials

31st Usenix Security Symposium

Twitter: @USENIXSecurity
Web: usenix.org/conference/usenixsecurity22
Date: August 10–12
Location: Boston, Massachusetts, USA
Cost: TBD

The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security and privacy of computer systems and networks.

Who should attend: Researchers, practitioners, systems administrators, and systems programmers

September

GSX 2022

Twitter: @ASIS_Intl
Web: gsx.org
Date: September 12–14
Location: Atlanta, Georgia, USA, and virtual
Cost: TBD

Organized by ASIS International, an organization of security management industry professionals founded in 1955, the Global Security Exchange conference covers the full spectrum of security topics. Event organizers say GSX is where the global security community connects annually to share challenges, collaborate on solutions, and hear directly from experts addressing the biggest challenges in security.

Who should attend: Cyber and operational security professionals from across the private and public sectors, business leaders, brand protection experts, continuity experts, IoT security professionals, loss prevention professionals, researchers, and risk management professionals

October

THOTCON

Twitter: @THOTCON#THOTCON
Web: thotcon.org
Date (2021): October 8–9
Location (2021): Chicago, Illinois, USA
Cost: TBD

Organizers describe this event as a low-cost hacking conference with a nonprofit and noncommercial goal and a limited budget. It's been held annually in Chicago since 2010, born from its organizers' desire to host an affordable security conference for hackers who live in and around the Windy City. Proceeds are used for the following year's conference.

There's a bit of a cloak-and-dagger aura about the forum. Not only does its homepage have messages in Russian, but its exact location in Chicago is never revealed to attendees and speakers until a week before the conference.

Who should attend: Hackers, especially those from the Chicago area

GrrCON

Twitter: @GrrCON
Web: grrcon.com
Date: October 13–14
Location: Grand Rapids, Michigan, USA
Cost: TBD

This is one of the largest infosec conferences in the Midwest, attracting more than 1,700 attendees annually. Conference organizers say the event's mission is to provide the community with a venue to share ideas, information, and solutions; forge relationships; and engage with like-minded people in a fun atmosphere without all the elitist "diva" nonsense. The forum has workshops, a solutions arena, and three presentation tracks.

Who should attend: CISOs, hackers, security practitioners, researchers, and students

Authenticate

Twitter: @AuthenticateCon
Web: authenticatecon.com
Date (2021): October 18–20
Location (2021): Seattle, Washington, USA
Cost (2021): Varies

With perimeter defenses crumbling, authentication has become a critical component of any scheme to protect the digital assets of an organization. This conference, organized by the FIDO Alliance, is dedicated to the who, what, why, and how of user authentication—with a focus on the FIDO standards-based approach. It's a place to get the education, tools, and best practices to roll out modern authentication across web, enterprise, and government applications.

Who should attend: CISOs, security strategists, enterprise architects, and product and business leaders

November

ACM CCS

Twitter: @acm_ccs
Web: sigsac.org/ccs/CCS2021/
Date (2021): November 15–19
Location (2021): Virtual
Cost (2021): Varies

This primarily research-focused event is the flagship annual conference of the Special Interest Group on Security, Audit and Control (SIGSAC) within the Association of Computing Machinery. The conference brings together information security researchers, practitioners, developers, and users from all over the world to explore the latest security ideas and results.

Who should attend: Information security researchers, practitioners, developers, and users

Gartner Security & Risk Management Summit (Americas)

Twitter: #GartnerSEC
Web: gartner.com/en/conferences/na/security-risk-management-us
Date (2021): November 16–18
Location (2021): Virtual
Cost (2021): Standard price, $1,450; public-sector price, $975

As with all Gartner conferences, Gartner analysts will feature prominently in keynotes, panels, roundtables, how-to workshops, and one-on-one meetings. But there will also be companies presenting case studies, and many opportunities to network.

Who should attend: CISOs, CSOs, enterprise IT security pros and executives, CxOs, business continuity and disaster recovery managers, and network security managers

ISC East

Twitter: @ISCEvents
Web: isceast.com
Date: November 16–17
Location: New York, New York, USA
Cost: TBD

This conference encompasses both physical and connected security. It attracts some 30,000 security and public safety professionals each year. More than 1,000 security brands and exhibitors are represented at the event.

A wide array of technologies is covered at the forum—everything from video surveillance and access control to smart home technologies, IoT, and unmanned security.

Who should attend: Security and public safety professionals

December

Annual Computer Security Applications Conference (ACSAC)

Twitter: @ACSAC_Conf 
Web: acsac.org
Date (2021): December 6–10
Location (2021): Virtual
Cost (2021): Technical program, student $70, professional, $175

The Annual Computer Security Applications Conference brings together cutting-edge researchers with a broad cross-section of security professionals drawn from academia, industry, and government, gathered to present and discuss the latest security results and topics. With peer reviewed technical papers, invited talks, panels, national interest discussions, and workshops, ACSAC continues its core mission of investigating practical solutions for computer and network security technology.

Who should attend: Researchers and security practitioners

***

Mark your calendars and make your choices soon. Prices may vary based on how early you register. Also, remember that hotel and travel costs are generally separate from the conference pricing.

Note: Not all dates, locations, and pricing were available at publication time, especially for events taking place later in the year. In those cases, we provided historical information to give you an idea of what to expect and what you'll get out of attending.

Keep learning

Read more articles about: SecurityInformation Security