With threats multiplying faster than you can say Log4j, cybersecurity professionals need smart ways to keep up with the latest information and insights. One of the best strategies is to attend security conferences, whether in person (if possible and safe) or virtually (if you want to avoid the lines).
Following is Endpoint’s latest look ahead at conferences where you can expand your knowledge (around issues like supply chain security, risk and compliance, and AI in the cyber arsenal), mingle with peers, and widen your professional development horizons. Most are in North America, although this year we’ve added a few conferences in Europe that have virtual options.
FEBRUARY brings the latest on zero trust and CPE credits
Feb. 16 (virtual)
Target audience: IT professionals
What’s on tap: Keynote security speakers include John Kindervag, senior vice president of cybersecurity strategy at ON2IT and formerly of Forrester, where he developed the concept of zero trust. Other tech-exec speakers exploring how to mitigate the risk of cyberattacks include Helen Patton, advisory CISO at Cisco and Duo Security; advanced security engineer Nicole Beckwith at Kroger; and Tony Lee, vice president of IT at BlackBerry.
Why attend: Earn up to 12 CPE credits.
Feb. 22–23 (virtual)
Target audience: CISOs, CIOs, and other executives responsible for securing enterprise IT environments.
What’s on tap: Speakers include deputy CIO Edacheril “E.P” Mathew of the Defense Intelligence Agency; Warner Music Group’s senior VP of global cloud infrastructure and cybersecurity, John Remo; Brig. Gen. (Ret.) Greg Touhill, director of the CERT division of Carnegie Mellon’s Software Engineering Institute (an R&D center sponsored by the U.S. Department of Defense); and Lisa McKee, senior manager of security and privacy technical solutions at Protiviti.
Expect panels on all things “zero trust,” including hot topics like privacy and “myth busting.”
Why attend: Zero trust is both a top-of-mind security model and a marketing buzzword. Expect to get past the hype and learn how to put the concept into practice.
MARCH leans into closing the cybersecurity gender gap
March 2–3 (London)
Target audience: Security and IT professionals from public- and private-sector organizations
What’s on tap: Conference sections include human factors, cyber resilience, emerging tech, zero-trust, and multicloud security. Among the speakers are World Wide Web inventor Tim Berners-Lee; Liz Banbury, CISO of Hiscox; Rob Flanders, head of threat and incident response at BAE Systems; Andrea Garcia, U.K. and international head of cyber at RSA; Martyn Booth, CISO of Euromoney; and Magnus Falk, CIO Adviser at Zoom.
Why attend: Learn to better defend your business against evolving threats, get advice, and network with peers.
March 8–9 (virtual)
Target audience: InfoSec and IT professionals
Price: Free to qualified professionals
What’s on tap: Top security executives who will explore the theme of threat anticipation include VP and CISO Deneen DiFiore of United Airlines; VP and CISO Tim Byrd of TIAA; VP and CISO Martin Bally of the Campbell Soup Co.; Rick Grinnell, founder and managing partner of Glasswing Ventures; and Caroline Beckmann, senior director at Trident DMG. They will explain how a proper information security plan can keep companies ahead of developing threats, how to build an organization ready to fix its reputation, and the need for speed in incident response.
Why attend: Learn to anticipate risks and build a flexible InfoSec team that can adapt to rapid change and close the cybersecurity talent gap.
March 17–19 (virtual and in person, Cleveland)
Target audience: Women professionals and students in cybersecurity
Price: Available after registration opens Feb. 7
What’s on tap: Presentations from the likes of breakthrough privacy researcher Latanya Sweeney, professor of the practice of government and technology at Harvard; Jen Easterly, director of CISA; Optum CISO Allison Miller; and Anna Squicciarini, an associate professor of cybersecurity at Pennsylvania State University. The agenda features solid workshops on topics such as breaking into the field of ethical hacking, using threat modeling to enable security by design, and exploring the threat landscape facing the Internet of Things (IoT).
Why attend: Attendees should have strong opportunities to learn, network, and get mentored, plus they can explore a preconference virtual career fair on March 1. There’s even conference childcare available, a thoughtful and intelligent offering.
APRIL focuses on improving DevSecOps integrations
April 21 (virtual and in-person, San Francisco)
Target audience: Security practitioners, tech leaders, and other InfoSec professionals
What’s on tap: Top industry leaders in the private and public sectors share what they know. Last year’s conference featured security leaders at Apple, the U.S. Air Force, Honeywell, Splunk, and others.
Why attend: Learn how to improve DevSecOps integration and tie security functions to risk management, compliance, and data privacy throughout the entire security life cycle.
MAY hones IT audit, compliance, and risk management processes
May 4–6 (virtual and in person, New Orleans)
Target audience: Professionals in cybersecurity, IT audit, governance, risk management, and privacy.
What’s on tap: Keynote speakers include Tim Brown, CISO of SolarWinds, discussing the attack on the company’s Orion software, as well as technologist Kate O’Neill (the “Tech Humanist”) on the future of trust. Conference presentations focus on security, risk management, privacy, and governance.
Why attend: Broaden your knowledge of cybersecurity and related areas in the Big Easy.
May 11–12 (virtual and in person, Santa Clara, Calif.)
Target audience: CISOs, CIOs, compliance and privacy officers
Price: $79–$599 for the conference; free entry to exhibition and trade show
What’s on tap: Speakers include Bruce Kaalund, lead cybersecurity analyst at Visa; Alex Guglielmetti, VP of technology strategy for Disney Media & Entertainment Distribution; Laxman Prakash, CISO of the Standard; Mel Reyes, head of IT and security at Getaround; and Oscar Minks, CTO of FRSecure. The first day focuses on enterprise security; the second day is about accelerating digital transformation.
Why attend: Unusually, the two-part event combines digital transformation and security topics.
JUNE warms up to identity and access management
June 6–9 (virtual and in person, San Francisco)
Target audience: Security professionals
What’s on tap: The RSA conference has become an annual rite for many cybersecurity professionals. Major security and tech-exec speakers include Vasu Jakkal, corporate VP of security, compliance, and identity at Microsoft; Chris Krebs, founding director of the Cybersecurity and Infrastructure Security Agency; Mary O’Brien, general manager of IBM Security; Shailaja Shankar, senior VP and general manager of the Cisco security business group; and Nir Zuk, founder and CTO of Palo Alto Networks. Last year’s agenda included topics such as the risks of artificial intelligence, “security chaos engineering,” and API security in a digital economy.
Why attend: It’s a major gathering of security experts offering lots of learning and networking.
June 7–10 (in person, National Harbor, Md.)
Target audience: CISOs and executives in government-related security and risk management
What’s on tap: Expect top industry leaders as well as Gartner’s own experts in sessions on cloud security, cybersecurity, identity and access management, data security and privacy, and threat and vulnerability management, among others.
Why attend: Gartner analysts provide research on the latest trends and developments.
June 9 (virtual)
Target audience: InfoSec professionals
What’s on tap: Details are forthcoming, but this event typically features deep insights from public-sector security experts. Last year offered sessions on such topics as protecting government organizations from third-party breaches and adapting threat management to address “predator and prey” methods.
Why attend: It’s a dirt-cheap way of gaining access to targeted speakers and training.
June 21–24 (in person, Denver)
Target audience: Security professionals, IS/IT directors, mobility and software architects, developers, and product managers
Price: $995–$1,595; $695–$1,295 (government rates)
What’s on tap: An expected 150 or more speakers will discuss digital identity. Details are not yet available, but past speakers have included experts from AWS, Microsoft, LexisNexis Risk Solutions, Ping Identity, Not Impossible Labs, and more.
Why attend: 70 hours of content, including keynotes, panels, and master classes, plus events like a boot camp, yoga and karaoke.
June 23 (virtual from Europe)
Target audience: Cybersecurity executives and leaders in global manufacturing
What’s on tap: Presentations on topics such as the convergence of operational technology (OT) and IT; protecting OT environments with deception technology; and building faster, more secure, and more compliant industrial control system software. Speakers will include executives from major players in critical global manufacturing.
Why attend: Gather insights into cyber-risk assessments for OT, and improve efforts to combat threats to the smart-manufacturing environment.
JULY deep dives into the world of fighting cyber syndicates
July 18–20 (in person, New York City)
Target audience: Security professionals and practitioners
What’s on tap: Presented by the FBI and Fordham University, this conference has a heavy focus on cybercrime and features presenters who are uniquely qualified to discuss the topic.
Why attend: It’s a chance to hear from people on the cutting edge of criminal justice and cybersecurity.
AUGUST offers lessons on crypto and whiteboard hacking
Aug. 2–3 (virtual)
Target audience: Security professionals dealing with digital payments and assets
What’s on tap: Payment security and fraud have been complicated enough. Now add protections for cryptocurrencies. You’ll learn from leaders like David Cass, VP of cyber and IT risk at the Federal Reserve Bank of New York; Kolin Whitley, head of North America acceptance risk at Visa; Claire Le Gal, senior VP of fraud intelligence, strategy and cyber products at Mastercard; and Samant Nagpal, general manager and global head of risk at Block (formerly Square). Learn about separating the bad from the good in cryptocurrency; the convergence of IoT, blockchain, data analytics and AI; scaling blockchain and fraud prevention; and more.
Why attend: Rapid change requires leaders to anticipate where payments may be heading.
Aug. 6–11 (virtual and in person, Las Vegas)
Target audience: Anyone in cybersecurity
What’s on tap: Expect intense training from specialized experts, briefings on cutting-edge research, and the latest open-source tools. Last year saw advanced courses cover such topics as active directory (AD) attacks, infrastructure and whiteboard hacking, and applied cryptocurrency hardware. Whatever this year brings, it should be worth attending.
Why attend: Black Hat is a classic, especially for those who seek insights from the top offensive and defensive hackers in the world. The event covers the entire InfoSec spectrum.
Aug. 11–14 (virtual and in person, Las Vegas)
Target audience: Security professionals and hackers
What’s on tap: A new venue in Las Vegas for the “full DEF CON experience” on the event’s 30th anniversary. As always, techies and hackers are in charge, so the intensive seminars and presentations deliver knowledge you’re unlikely to find elsewhere, except maybe at Black Hat (see above). If you arrange your schedule right, you can catch part of both conferences. In 2021, topics included a look inside security at The New York Times, print driver vulnerabilities, zero-day Windows exploits, and research about attacks designed for code scanners.
Why attend: Go for the workshops, meetings with pros and hackers, and an amazing amount of learning, not to mention the vibe.
Aug. 16–18 (in person, Augusta, Ga.)
Target audience: InfoSec professionals in industry, government, and academia
Price: N/A (check back in the spring)
What’s on tap: With the participation of the U.S. Army Cyber Center of Excellence and industry experts, the conference is meant to “open the lines of communication and facilitate networking, education, and problem solving.” In 2021, topics included the influence of AI on cybersecurity, a session on the presidential executive order on cyber and cybersecurity maturity model certification, and who pays in the aftermath of a cyberbreach.
Why attend: It’s a rare chance to immerse yourself in cyber issues concerning government and national security.
SEPTEMBER looks to future risks and how to respond
Sept. 26–28 (in person, Lake Buena Vista, Fla.)
Target audience: InfoSec professionals
What’s on tap: This year’s theme is “new risk.” Last year’s speakers give a sense of the quality of the conference and included Cathy Lanier, CSO at the NFL; TikTok global CSO Roland Cloutier; and Patrick J. Lechleitner, acting executive associate director of Homeland Security Investigations (HIS), the principal investigative component of the U.S. Department of Homeland Security.
Why attend: Targeted sessions, as well as networking opportunities with 1,500 attendees. And there are always the discounted tickets to Disney World.
OCTOBER puts authentication technologies in your hand
Oct. 4–5 (in person, Washington, D.C.)
Target audience: InfoSec, IT, and other professionals concerned with identity and trust
What’s on tap: Hundreds of speakers from areas including banking, healthcare, think tanks, and government, with a focus on “secure physical credentials, digital identity, and advanced authentication technologies, such as biometrics.”
Why attend: The interdisciplinary focus can offer insights and potential solutions beyond a strictly cybersecurity framework.
Oct. 10–12 (virtual and in person, Las Vegas)
Target audience: Cybersecurity professionals
What’s on tap: More than 100 educational programs on such issues as IoT, security automation, industrial control systems, cloud security, governance, risk and compliance, and zero trust.
Why attend: In addition to the learning and networking, opportunities abound for CPE credits and career guidance.
Oct. 11–12 (in person, Austin, Texas)
Target audience: Privacy and security professionals and academics
What’s on tap: The International Association of Privacy Professionals focuses on data privacy, a critical topic that intersects with cybersecurity. The conference promises “innovative ideas, new views on industry trends, and insight into the operational issues facing the privacy industry.” Last year, sessions covered AdTech, AI, big data, U.S. federal privacy laws, bias in machine learning, and government responses to digital threats.
Why attend: It’s a chance to look beyond issues of security technology and consider the broader areas of privacy and data use that affect InfoSec jobs.
Oct. 25–27 (in person, Scottsdale, Ariz.)
Target audience: Women professionals in information security, risk management, and privacy
What’s on tap: This year’s event celebrates “20 years of building women leaders!” The conference promises to be a “fun, educational, and life-changing experience.”
Why attend: Interact with a “sisterhood” of more than 1,000 women thought leaders in the field.
NOVEMBER offers strategies for risk management
Nov. 8–9 (in person, Washington, D.C.)
Target audience: Top executives in security, InfoSec, and risk management
What’s on tap: Top analysts, thought leaders, and technology providers focus on real-world solutions. The conference combines fresh Forrester research and analyst insights with in-depth case studies. Forrester promises “unbiased perspective, inspiration, and real-world solutions you need to be successful.”
Why attend: Information, insights, and networking that can help you move your security initiatives forward.
DECEMBER focuses on 5G, big data, and digital transformation
Dec. 1–2 (London)
Target audience: CISOs, CIOs, and other executives in security, compliance, privacy, and data protection
What’s on tap: Multiple co-located events cover IoT, blockchain, 5G, AI, big data, and digital transformation. Examples of speakers from 2021 include David Everett, executive director of cyber assessments at JP Morgan Chase; Aston Martin CISO Robin Smith; Liz Green, cyber-resilience and security lead for Dell Technologies; and Erika Lewis, a cyber director at the U.K. Department for Digital, Culture, Media, and Sport.
Why attend: Multiple events offer an expected 5,000 professionals the chance to explore specific interests and network with peers from around the world.