Risk & Security

The Best Cybersecurity Conferences in 2022

A constant flow of new threats makes staying on top of trends—like zero trust, supply chain security, and compliance issues—more important than ever.

With threats multiplying faster than you can say Log4j, cybersecurity professionals need smart ways to keep up with the latest information and insights. One of the best strategies is to attend security conferences, whether in person (if possible and safe) or virtually (if you want to avoid the lines).

Following is Endpoint’s latest look ahead at conferences where you can expand your knowledge (around issues like supply chain security, risk and compliance, and AI in the cyber arsenal), mingle with peers, and widen your professional development horizons. Most are in North America, although this year we’ve added a few conferences in Europe that have virtual options.

Stay ahead of exploits with a proactive, data-driven, continuous approach to managing risk and compliance.

FEBRUARY brings the latest on zero trust and CPE credits

➤ FutureCon Virtual Eastern Conference

Feb. 16 (virtual)

Target audience: IT professionals

Price: $100

What’s on tap: Keynote security speakers include John Kindervag, senior vice president of cybersecurity strategy at ON2IT and formerly of Forrester, where he developed the concept of zero trust. Other tech-exec speakers exploring how to mitigate the risk of cyberattacks include Helen Patton, advisory CISO at Cisco and Duo Security; advanced security engineer Nicole Beckwith at Kroger; and Tony Lee, vice president of IT at BlackBerry.

Why attend: Earn up to 12 CPE credits.

➤ iSMG Zero Trust Summit

Feb. 22–23 (virtual)

Target audience: CISOs, CIOs, and other executives responsible for securing enterprise IT environments.

Price: Free

What’s on tap: Speakers include deputy CIO Edacheril “E.P” Mathew of the Defense Intelligence Agency; Warner Music Group’s senior VP of global cloud infrastructure and cybersecurity, John Remo; Brig. Gen. (Ret.) Greg Touhill, director of the CERT division of Carnegie Mellon’s Software Engineering Institute (an R&D center sponsored by the U.S. Department of Defense); and Lisa McKee, senior manager of security and privacy technical solutions at Protiviti.

Expect panels on all things “zero trust,” including hot topics like privacy and “myth busting.”

Why attend: Zero trust is both a top-of-mind security model and a marketing buzzword. Expect to get past the hype and learn how to put the concept into practice.

MARCH leans into closing the cybersecurity gender gap

Cloud & Cyber Security Expo

March 2–3 (London)

Target audience: Security and IT professionals from public- and private-sector organizations

Price: N/A

What’s on tap: Conference sections include human factors, cyber resilience, emerging tech, zero-trust, and multicloud security. Among the speakers are World Wide Web inventor Tim Berners-Lee; Liz Banbury, CISO of Hiscox; Rob Flanders, head of threat and incident response at BAE Systems; Andrea Garcia, U.K. and international head of cyber at RSA; Martyn Booth, CISO of Euromoney; and Magnus Falk, CIO Adviser at Zoom.

Why attend: Learn to better defend your business against evolving threats, get advice, and network with peers.

➤ CSO’s Future of InfoSec Summit

March 8–9 (virtual)

Target audience: InfoSec and IT professionals

Price: Free to qualified professionals

What’s on tap: Top security executives who will explore the theme of threat anticipation include VP and CISO Deneen DiFiore of United Airlines; VP and CISO Tim Byrd of TIAA; VP and CISO Martin Bally of the Campbell Soup Co.; Rick Grinnell, founder and managing partner of Glasswing Ventures; and Caroline Beckmann, senior director at Trident DMG. They will explain how a proper information security plan can keep companies ahead of developing threats, how to build an organization ready to fix its reputation, and the need for speed in incident response. 

Why attend: Learn to anticipate risks and build a flexible InfoSec team that can adapt to rapid change and close the cybersecurity talent gap.

➤ Women in Cybersecurity (WiCyS) 2022

March 17–19 (virtual and in person, Cleveland)

Target audience: Women professionals and students in cybersecurity 

Price: Available after registration opens Feb. 7

What’s on tap: Presentations from the likes of breakthrough privacy researcher Latanya Sweeney, professor of the practice of government and technology at Harvard; Jen Easterly, director of CISA; Optum CISO Allison Miller; and Anna Squicciarini, an associate professor of cybersecurity at Pennsylvania State University. The agenda features solid workshops on topics such as breaking into the field of ethical hacking, using threat modeling to enable security by design, and exploring the threat landscape facing the Internet of Things (IoT).

Why attend: Attendees should have strong opportunities to learn, network, and get mentored, plus they can explore a preconference virtual career fair on March 1. There’s even conference childcare available, a thoughtful and intelligent offering.

[Read more: Bridging the gender gap in cybersecurity will keep us safer]

APRIL focuses on improving DevSecOps integrations

➤ Equilibrium Conference 2022

April 21 (virtual and in-person, San Francisco)

Target audience: Security practitioners, tech leaders, and other InfoSec professionals 

Price: N/A 

What’s on tap: Top industry leaders in the private and public sectors share what they know. Last year’s conference featured security leaders at Apple, the U.S. Air Force, Honeywell, Splunk, and others.

Why attend: Learn how to improve DevSecOps integration and tie security functions to risk management, compliance, and data privacy throughout the entire security life cycle. 

MAY hones IT audit, compliance, and risk management processes

➤ ISACA Conference North America 2022

May 4–6 (virtual and in person, New Orleans)

Target audience: Professionals in cybersecurity, IT audit, governance, risk management, and privacy.

Price: $795–$1,595

What’s on tap: Keynote speakers include Tim Brown, CISO of SolarWinds, discussing the attack on the company’s Orion software, as well as technologist Kate O’Neill (the “Tech Humanist”) on the future of trust. Conference presentations focus on security, risk management, privacy, and governance.

Why attend: Broaden your knowledge of cybersecurity and related areas in the Big Easy. 

➤ Cyber Security & Cloud Congress North America

May 11–12 (virtual and in person, Santa Clara, Calif.)

Target audience: CISOs, CIOs, compliance and privacy officers

Price: $79–$599 for the conference; free entry to exhibition and trade show 

What’s on tap: Speakers include Bruce Kaalund, lead cybersecurity analyst at Visa; Alex Guglielmetti, VP of technology strategy for Disney Media & Entertainment Distribution; Laxman Prakash, CISO of the Standard; Mel Reyes, head of IT and security at Getaround; and Oscar Minks, CTO of FRSecure. The first day focuses on enterprise security; the second day is about accelerating digital transformation.

Why attend: Unusually, the two-part event combines digital transformation and security topics.

[Read more: Cyber risk scores should be more than just a number]

JUNE warms up to identity and access management

RSAConference 2022

June 6–9 (virtual and in person, San Francisco)

Target audience: Security professionals

Price: $395–$1,995

What’s on tap: The RSA conference has become an annual rite for many cybersecurity professionals. Major security and tech-exec speakers include Vasu Jakkal, corporate VP of security, compliance, and identity at Microsoft; Chris Krebs, founding director of the Cybersecurity and Infrastructure Security Agency; Mary O’Brien, general manager of IBM Security; Shailaja Shankar, senior VP and general manager of the Cisco security business group; and Nir Zuk, founder and CTO of Palo Alto Networks. Last year’s agenda included topics such as the risks of artificial intelligence, “security chaos engineering,” and API security in a digital economy.

Why attend: It’s a major gathering of security experts offering lots of learning and networking.

➤ Gartner Security & Risk Management Summit

June 7–10 (in person, National Harbor, Md.)

Target audience: CISOs and executives in government-related security and risk management

Price: N/A

What’s on tap: Expect top industry leaders as well as Gartner’s own experts in sessions on cloud security, cybersecurity, identity and access management, data security and privacy, and threat and vulnerability management, among others.

Why attend: Gartner analysts provide research on the latest trends and developments.

➤ SecureWorld Government

June 9 (virtual)

Target audience: InfoSec professionals

Price: $25 

What’s on tap: Details are forthcoming, but this event typically features deep insights from public-sector security experts. Last year offered sessions on such topics as protecting government organizations from third-party breaches and adapting threat management to address “predator and prey” methods.

Why attend: It’s a dirt-cheap way of gaining access to targeted speakers and training.

➤ Identiverse 2022

June 21–24 (in person, Denver)

Target audience: Security professionals, IS/IT directors, mobility and software architects, developers, and product managers 

Price: $995–$1,595; $695–$1,295 (government rates)

What’s on tap: An expected 150 or more speakers will discuss digital identity. Details are not yet available, but past speakers have included experts from AWS, Microsoft, LexisNexis Risk Solutions, Ping Identity, Not Impossible Labs, and more. 

Why attend: 70 hours of content, including keynotes, panels, and master classes, plus events like a boot camp, yoga and karaoke.

➤ ManuSec World: 24-Hour Cyber Security Event

June 23 (virtual from Europe)

Target audience: Cybersecurity executives and leaders in global manufacturing 

Price: $199–$749

What’s on tap: Presentations on topics such as the convergence of operational technology (OT) and IT; protecting OT environments with deception technology; and building faster, more secure, and more compliant industrial control system software. Speakers will include executives from major players in critical global manufacturing. 

Why attend: Gather insights into cyber-risk assessments for OT, and improve efforts to combat threats to the smart-manufacturing environment.

[Read more: Keep your 5G attack space in check]

JULY deep dives into the world of fighting cyber syndicates

➤ International Conference on Cyber Security 2022

July 18–20 (in person, New York City)

Target audience: Security professionals and practitioners

Price: N/A

What’s on tap: Presented by the FBI and Fordham University, this conference has a heavy focus on cybercrime and features presenters who are uniquely qualified to discuss the topic.

Why attend: It’s a chance to hear from people on the cutting edge of criminal justice and cybersecurity.

AUGUST offers lessons on crypto and whiteboard hacking

➤ Cryptocurrency & Payments Security Summit

Aug. 2–3 (virtual)

Target audience: Security professionals dealing with digital payments and assets

Price: Free

What’s on tap: Payment security and fraud have been complicated enough. Now add protections for cryptocurrencies. You’ll learn from leaders like David Cass, VP of cyber and IT risk at the Federal Reserve Bank of New York; Kolin Whitley, head of North America acceptance risk at Visa; Claire Le Gal, senior VP of fraud intelligence, strategy and cyber products at Mastercard; and Samant Nagpal, general manager and global head of risk at Block (formerly Square). Learn about separating the bad from the good in cryptocurrency; the convergence of IoT, blockchain, data analytics and AI; scaling blockchain and fraud prevention; and more. 

Why attend: Rapid change requires leaders to anticipate where payments may be heading.

➤ Black Hat USA 2022

Aug. 6–11 (virtual and in person, Las Vegas)

Target audience: Anyone in cybersecurity

Price: N/A

What’s on tap: Expect intense training from specialized experts, briefings on cutting-edge research, and the latest open-source tools. Last year saw advanced courses cover such topics as active directory (AD) attacks, infrastructure and whiteboard hacking, and applied cryptocurrency hardware. Whatever this year brings, it should be worth attending.

Why attend: Black Hat is a classic, especially for those who seek insights from the top offensive and defensive hackers in the world. The event covers the entire InfoSec spectrum.

➤ DEF CON 30

Aug. 11–14 (virtual and in person, Las Vegas)

Target audience: Security professionals and hackers 

Price: N/A

What’s on tap: A new venue in Las Vegas for the “full DEF CON experience” on the event’s 30th anniversary. As always, techies and hackers are in charge, so the intensive seminars and presentations deliver knowledge you’re unlikely to find elsewhere, except maybe at Black Hat (see above). If you arrange your schedule right, you can catch part of both conferences. In 2021, topics included a look inside security at The New York Times, print driver vulnerabilities, zero-day Windows exploits, and research about attacks designed for code scanners.

Why attend: Go for the workshops, meetings with pros and hackers, and an amazing amount of learning, not to mention the vibe.

➤ TechNet Augusta 2022

Aug. 16–18 (in person, Augusta, Ga.)

Target audience: InfoSec professionals in industry, government, and academia

Price: N/A (check back in the spring)

What’s on tap: With the participation of the U.S. Army Cyber Center of Excellence and industry experts, the conference is meant to “open the lines of communication and facilitate networking, education, and problem solving.” In 2021, topics included the influence of AI on cybersecurity, a session on the presidential executive order on cyber and cybersecurity maturity model certification, and who pays in the aftermath of a cyberbreach.

Why attend: It’s a rare chance to immerse yourself in cyber issues concerning government and national security.

[Read more: Meet the man who could help prevent a cyber disaster]

SEPTEMBER looks to future risks and how to respond

➤ InfoSec World

Sept. 26–28 (in person, Lake Buena Vista, Fla.)

Target audience: InfoSec professionals

Price: $1,295–$3,995

What’s on tap: This year’s theme is “new risk.” Last year’s speakers give a sense of the quality of the conference and included Cathy Lanier, CSO at the NFL; TikTok global CSO Roland Cloutier; and Patrick J. Lechleitner, acting executive associate director of Homeland Security Investigations (HIS), the principal investigative component of the U.S. Department of Homeland Security.

Why attend: Targeted sessions, as well as networking opportunities with 1,500 attendees. And there are always the discounted tickets to Disney World.

OCTOBER puts authentication technologies in your hand

➤ IdentityWeek

Oct. 4–5 (in person, Washington, D.C.)

Target audience: InfoSec, IT, and other professionals concerned with identity and trust

Price: $395–$995

What’s on tap: Hundreds of speakers from areas including banking, healthcare, think tanks, and government, with a focus on “secure physical credentials, digital identity, and advanced authentication technologies, such as biometrics.”

Why attend: The interdisciplinary focus can offer insights and potential solutions beyond a strictly cybersecurity framework.

➤ (ISC)2 Security Congress 2022

Oct. 10–12 (virtual and in person, Las Vegas)

Target audience: Cybersecurity professionals

Price: $465–$1,595

What’s on tap: More than 100 educational programs on such issues as IoT, security automation, industrial control systems, cloud security, governance, risk and compliance, and zero trust.

Why attend: In addition to the learning and networking, opportunities abound for CPE credits and career guidance.

➤ IAPP Privacy. Security. Risk. 2022

Oct. 11–12 (in person, Austin, Texas)

Target audience: Privacy and security professionals and academics

Price: N/A

What’s on tap: The International Association of Privacy Professionals focuses on data privacy, a critical topic that intersects with cybersecurity. The conference promises “innovative ideas, new views on industry trends, and insight into the operational issues facing the privacy industry.” Last year, sessions covered AdTech, AI, big data, U.S. federal privacy laws, bias in machine learning, and government responses to digital threats.

Why attend: It’s a chance to look beyond issues of security technology and consider the broader areas of privacy and data use that affect InfoSec jobs.

➤ Executive Women’s Forum (EWF) 2022

Oct. 25–27 (in person, Scottsdale, Ariz.)

Target audience: Women professionals in information security, risk management, and privacy

Price: $1,875–$2,595

What’s on tap: This year’s event celebrates “20 years of building women leaders!” The conference promises to be a “fun, educational, and life-changing experience.” 

Why attend: Interact with a “sisterhood” of more than 1,000 women thought leaders in the field.

[Read more: How NPower creates pathways to prosperity]

NOVEMBER offers strategies for risk management

➤ Forrester’s Security & Risk Forum 2022

Nov. 8–9 (in person, Washington, D.C.)

Target audience: Top executives in security, InfoSec, and risk management

Price: $2,450–$2,850

What’s on tap: Top analysts, thought leaders, and technology providers focus on real-world solutions. The conference combines fresh Forrester research and analyst insights with in-depth case studies. Forrester promises “unbiased perspective, inspiration, and real-world solutions you need to be successful.”

Why attend: Information, insights, and networking that can help you move your security initiatives forward.

DECEMBER focuses on 5G, big data, and digital transformation

➤ Cyber Security & Cloud Expo 

Dec. 1–2 (London)

Target audience: CISOs, CIOs, and other executives in security, compliance, privacy, and data protection

Price: N/A

What’s on tap: Multiple co-located events cover IoT, blockchain, 5G, AI, big data, and digital transformation. Examples of speakers from 2021 include David Everett, executive director of cyber assessments at JP Morgan Chase; Aston Martin CISO Robin Smith; Liz Green, cyber-resilience and security lead for Dell Technologies; and Erika Lewis, a cyber director at the U.K. Department for Digital, Culture, Media, and Sport.

Why attend: Multiple events offer an expected 5,000 professionals the chance to explore specific interests and network with peers from around the world. 

 

Erik Sherman
Erik Sherman is a journalist who focuses on business, public policy, and technology. His work has appeared in The Wall Street Journal, The New York Times Magazine, Inc, and Newsweek. He is a regular contributor to Fortune, NBCNews, and Forbes.com.