As cybercrime grows both more prevalent and sophisticated, the field of cybersecurity is increasingly important and indeed prominent. As such, a large number of institutes and associations focus on the area of information security.
What’s more, a surprising number of major events dot the globe, many of which attract hordes of cybersecurity professionals and enthusiasts. From family-friendly hacker conventions to more industry-focussed conventions, the events represent a diverse range of interests and competencies.
In this article, we’ll introduce you to both prominent and lesser known institutions and associations across the globe. We’ll also highlight a selection of cybersecurity events from the hundreds that take place each year. Let’s jump in!
Institutes and associations
Cybersecurity institutes and associations have been formed for various reasons. Aside from gatherings of industry professionals, there are also government advisory agencies and those dedicated to raising public awareness of cybersecurity. Moreover, the main goals and activities of each organization vary, including research, education, and development of best practices.
International Info Security Certification Consortium (ISC)2: (ISC)2 is a nonprofit membership association for security professionals. It offers certifications and development and leadership tools, as well as networking and collaboration opportunities.
Center for Cyber Safety and Education: Also known as the Center, this charitable trust was formerly the (ISC)2 Foundation and continues to be supported by the association. Its vision is “Making the cyber world a safer place for everyone.” Efforts include educational programs, scholarships, and research.
SysAdmin, Audit, Network and Security (SANS) Institute: The SANS Institute provides information security training all over the world. It offers a range of delivery methods, including webcasts with live instruction and private workplace sessions.
Information Security Systems Association (ISSA) International: ISSA International is a not-for-profit membership association for security professionals and practitioners. It aims to improve digital security by providing members with knowledge, skills, and professional growth. It does this through forums, publications, and networking opportunities.
Forum of Incident Response and Security Teams (FIRST): FIRST is an international confederation of computer incident response teams. Member teams share knowledge and are provided access to tools and best practices to improve their response to incidents.
Center for Internet Security (CIS): CIS is a nonprofit that develops best practices and shares them with organizations and the public. It also provides cybersecurity tools and services, risk analyses, and threat alerts.
Information Security Forum (ISF): ISF is a not-for-profit membership organization that provides research, tools, and consultancy services to members.
Open Web Application Security Project (OWASP): OWASP is a not-for-profit charitable organization that aims to provide an unbiased source of software security information. It issues software tools and documentation and specifically avoids endorsing commercial products or services.
International Association of Privacy Professionals (IAPP): IAPP is a global information privacy community. It aims to equip professionals to better help their organizations manage cyber risks and protect data, while developing and enhancing their careers.
ISACA: Previously the Information Systems Audit and Control Association, ISACA is a global not-for-profit association. It provides organizations with guidance, benchmarks, and tools related to information systems.
Association for Executives in Healthcare Information Security (AEHIS): AEHIS is a professional membership organization for IT security leaders in the healthcare industry. It aims to help protect organizations and consumers by providing an education and networking platform that supports secure information.
International Association for Cryptologic Research (IACR): IACR is a nonprofit membership organization that strives to further research in the field of cryptology.
International Security Alliance (ISA): ISA is a membership association providing thought leadership in the area of cybersecurity. It also aims to advocate for public policy that will enhance cybersecurity in general and create awareness programs to encourage adoption of improved practices.
Cooperative Cyber Defence Centre Of Excellence (CCDCOE): The NATO CCDCOE is a multinational organization based in Estonia. It’s known for organizing the annual international cyber defense exercise, Locked Shields, which helps train security experts responsible for protecting national IT systems.
National Council of ISACs (NCI): NCI brings together sector-based Information Sharing and Analysis Centers (ISACs). It serves as a forum for designated ISAC organizations to collaborate and share cybersecurity information and mitigation strategies.
National Cyber Security Alliance (NCSA): NCSA aims to foster a culture of cybersecurity through public/private partnerships. Its flagship initiative is Stay Safe Online, which educates the public and organizations about using the internet safely and securely.
Federal Information Systems Security Educators‘ Association (FISSEA): FISSEA is an organization run by and for IT security professionals. It assists federal agencies in meeting their systems security responsibilities, including awareness and certification.
Credit Union Information Security Professionals Association (CUISPA): CUISPA is a resource dedicated to helping credit union security professionals. It acts as a facilitator between parties including institutions and the National Credit Union Administration (NCUA).
Information Security Research Association (ISRA): ISRA is a nonprofit focused on security research and cybersecurity awareness. Its members deliver seminars and campaigns to promote cybersecurity research and education.
International Association of Security Awareness Professionals (IASAP): IASAP (formerly the Security Awareness Peer Group) is a nonprofit association comprised of corporate members. It provides a platform for exchanging best practices for increasing employee awareness of good cybersecurity behaviors.
Executive Women’s Forum (EWF): EWF is a membership organization for women executives in the information security, risk management, and privacy industries. It runs events, programs, and initiatives to provide education, leadership development, and networking.
Cloud Security Alliance (CSA): CSA is focused on cloud computing, including defining and increasing awareness of best practices. With both individual and corporate members, it offers research, certification, events, and products related to cloud security.
Canadian Institute for Cybersecurity (CIC): CIC is based at the University of New Brunswick. It uses the collaboration of researchers and practitioners from a range of fields to offer cybersecurity research, training, and consultancy services.
Canadian Security Association (CANASA): CANASA is a not-for-profit membership organization that aims to advance the security industry. It provides Canadian security professionals with tools and services, including industry education and marketing and advocacy support.
Communications Security Establishment (CSE): CSE is a government agency dedicated to cryptology. Employing code-makers and code-breakers, it provides the government with IT security and intelligence services, and federal law enforcement and security agencies with technical and operational assistance.
Cyber Security Centre: The Cyber Security Centre was launched by The Conference Board of Canada to examine the cybersecurity threat landscape. It aims to offer a forum that covers multiple sectors, both public and private, and remains non-partisan. It provides an environment to discuss key cybersecurity issues at a strategic level.
European Cyber Security Organization (ECSO): ECSO is an industry-led not-for-profit organization based in Belgium. Its main goals are to develop European cybersecurity and to protect the European Digital Single Market from cyberthreats.
European Organization for Security (EOS): EOS is a membership organization for the European security industry. It aims to develop a harmonized European security market by providing a collaborative platform for idea exchange and the development of best practices.
European Union Agency for Network and Information Security (ENISA): ENISA is a cybersecurity centre of expertise based in Greece. It strives to improve the functioning of European markets by raising awareness and developing a culture of network and information security. It makes recommendations, supports policy-making and implementation, and collaborates with operational teams across the EU.
European Network for Cyber Security (ENCS): ENCS is a non-profit membership organization that specializes in cybersecurity research and services for critical infrastructures, such as those in energy distribution. It works with members to conduct research, define security requirements, perform testing, and provide education and training.
National Cyber Security Centre (NCSC): NCSC is a part of the UK Government Communications Headquarters (GCHQ). It helps protect critical services from cyberattacks, manages major cybersecurity incidents, and improves the overall security of Britain’s online environment.
Australian Cyber Security Centre (CSC): CSC is a government initiative to centralize cybersecurity capabilities. It offers a place for both the public and private sectors to collaborate and share information pertaining to cybersecurity and cyber attacks.
Australian Information Security Association (AISA): AISA is a not-for-profit membership organization for professionals from a broad range of industries. It promotes understanding and awareness of cybersecurity issues through presentations, conferences, focus groups, and networking events.
Australian Signals Directorate (ASD): ASD is an agency within the Australian Government Department of Defence. It focuses on foreign signals intelligence as well as information and communications security, providing services to federal and state government agencies.
Australian Centre for Cyber Security (ACCS): ACCS is based at the University of New South Wales (UNSW) Canberra. Researchers from various faculties conduct work around the subject of cybersecurity and provide international thought leadership through education and engagement.
Association of Information Security Professionals (AISP): AISP services IT security professionals in Singapore. It strives to help enhance expertise and promote the spread of cybersecurity knowledge.
Information Security and Forensics Society (ISFS): ISFS serves Hong Kong and the surrounding region. Its focus is on the regulation and standardization of information security and forensics. It also encourages study in and promotes public awareness of the fields.
Even with the vast number of institutions and associations dedicated to cybercrime, you still might be surprised at the staggering number of cybersecurity events taking place. InfoSec Conferences lists a comprehensive list of cybersecurity conferences and currently shows more than 750 listings for 2017. We’ve selected some of the most notable and popular events taking place around the world.
Security Serious Week: Security Serious is a UK initiative that we featured in a recent post. Their Security Serious Week event has just wrapped up and included the Unsung Heroes Awards, recognizing those that go above and beyond to improve cybersecurity.
CYBERSEC Forum: CYBERSEC’s goal is to foster the evolution of a Europe-wide cybersecurity system. The CYBERSEC Forum is dubbed as a public policy conference that brings together governments, international organizations, and private sector organizations to discuss cyberspace and cybersecurity problems.
Black Hat: Black Hat is a global series of information security events with annual conferences in the US, Asia, and the UK. Running for 18 years, it started with a single Las Vegas conference, but now holds several multi-day events each year. These bring together some of the brightest minds in the industry to convey research, developments, and trends. Trainings provided by global experts also teach attendees hands-on attack and defense courses.
ToorCon: ToorCon is another long-running event that began in 1999 and takes place in San Diego. This conference encourages boundary-pushing research and the development of cutting edge technology. It involves seminars and workshops covering a range of information security topics. There is also a ToorCamp which runs for five days in June and sees campers, including kids, participating in talks, workshops, and parties.
ShmooCon: The Shmoo Group is an information security research and development group made up of security professionals from across the globe. It runs an annual ShmooCon event in Washington DC which includes demonstrations of technology exploitation and open discussions of information security issues. This three-day hacker convention also offers up attractions such as Lockpick Village, Hack Fortress, and ShmooCon Labs.
TROOPERS: This conference held in Germany has just celebrated its 10th anniversary. The five-day event starts off with a series of hands-on trainings followed by a two-day conference, and wraps up with a day of round table discussion. Topics covered include the latest methods of attack and defense plus management techniques.
RSA Conference: RSA is a global security solutions provider that has a dedicated conference unit running multiple events around the world. Industry leaders attend conferences in locations including London, Abu Dhabi, and Singapore to deliver insights to enable enhanced cybersecurity. With a total annual attendance surpassing 45,000, this is one of the largest security event series’ in the industry.
SANS Summits: As we mentioned earlier, the SANS Institute offers IT security training to security professionals around the world. The SANS Summits provide a platform for industry experts to share knowledge with attendees. They discuss lessons learned, innovative tools and methods, and challenges facing the cybersecurity industry.
DerbyCon: This conference just wrapped up its seventh event in Louisville, Kentucky. It aims to take a different approach to information security conferences by creating a family feel and making it more of a peer learning environment.
Nullcon: Run by security services firm Payatu Technologies, Nullcon is an annual IT security industry convention taking place in India since 2010. Here, security companies and evangelists showcase their research and new technology. The event also includes expert and niche trainings, an exhibition of products and services, a security job fair, and hacking challenges with cash prizes.
NorthSec: The NorthSec applied security conference is an annual week-long event taking place in Canada. It offers training sessions in areas like application security and forensics, as well as a huge conference that covers everything from IT security application and infrastructure to the ethical implications of security within the digital society.
AppSec USA: The AppSec USA conference is OWASP’s signature event. Having wrapped up its 14th annual event this year, this fundraiser is geared towards developers and security experts. It aims to deliver fresh ideas and innovative thinking through two days of training followed by two days of conference. There is also AppSec Europe, another OWASP event which is held in a different European city each year.