August · Las Vegas (Caesars Forum + Flamingo)
The hacker conference
The defining cyber conference since 1993. ~30,000 attendees. Talks + villages (Lockpick Village, Car Hacking Village, Aerospace Village, AI Village, ICS Village, etc.) + CTF + workshops. Aggressively practitioner-oriented. Cash-only at the door (~$460 in 2025), no badges in advance — operational-security tradition. Many free-to-watch recordings on YouTube weeks after.
Student / junior pro: Student discount if you're enrolled (limited badges). Many groups offer scholarships — Hak4Kidz, Ladies of London Hacking, DC101 fund underrepresented attendees.
August · Las Vegas (Mandalay Bay) · the week before DEF CON
The corporate/enterprise conference
Founded by Jeff Moss (also DEF CON founder). $2,500+ for Briefings access. Higher production value, more enterprise audience, more government attendees. Briefings selection committee is extremely rigorous — a Black Hat USA talk is a major credential. Trainings ($3,000-$7,000) sell out months early.
Student / junior pro: Press + academic discounts exist. Most students attend DEF CON instead.
April/May · San Francisco (Moscone Center)
The vendor + executive conference
Largest cybersecurity conference by attendance (~40,000+). $2,500+ for full conference pass. Heavily vendor-oriented — the expo floor is the largest cyber-business surface anywhere. Less hacker-culture, more CISO + government. Innovation Sandbox Top-10 startups list is consequential industry signal.
Student / junior pro: Student rate exists but you'll feel out of place — DEF CON is the better entry-point.
Year-round · 100+ cities globally
The free + local conference
Community-run, mostly-free or low-cost cybersecurity events in 100+ cities. Las Vegas BSides runs concurrent with Black Hat/DEF CON. BSides DC, BSides NYC, BSides SF, BSides Charm (Baltimore), BSides Chicago, BSides Atlanta — every major US city has one. International equivalents in Europe, Australia, Asia. The single best free entry point to the field. Find your nearest at securitybsides.com.
Student / junior pro: Most BSides have student rates of $0-$20. Often the easiest first conference.
January · Washington DC
The mid-Atlantic federal-adjacent
1,500-person conference run by The Shmoo Group. Highly competitive ticket sale — sells out in seconds. Federal-employee-heavy attendee mix. Talks frequently feature original research. Free recordings published after.
Student / junior pro: Student rate exists. Tickets are the harder problem than money.
06
Chaos Communication Congress (CCC)
December · Hamburg, Germany
The European hacker conference
Annual gathering of Chaos Computer Club, the German hacker community. Runs over Christmas week. ~17,000 attendees. Strong civil-liberties + cryptography + privacy emphasis. Streams free worldwide. Many of the best public talks on government surveillance + activist technology come from CCC.
Student / junior pro: Ticket pricing typically €120-€140 — the conference itself is one of the most accessible. Apply early.
07
Kaspersky Security Analyst Summit (SAS)
Variable · usually spring · varying global locations
The threat-intelligence conference
Invite-only or sponsor-purchase for ~500-700 attendees. The premier threat-intelligence + advanced-persistent-threat research conference. Major nation-state actor attribution research often debuts here. Significantly affected by 2022+ Western researcher boycotts after Kaspersky's Russia-government ties became politically untenable.
Student / junior pro: Not student-accessible. Mentioned for completeness.
March · Lausanne, Switzerland
The European hacker + CTF
Swiss conference combining briefings with one of the most respected CTFs in Europe. ~1,000-1,500 attendees. Strong European red-team + reverse-engineering presence. CTF qualifications open globally.
Student / junior pro: Workshops accessible to skilled students. CTF is free to register.
Variable · Amsterdam, Phuket, Dubai (separate events)
The Asian + European technical conference
Founded in Malaysia, now multi-region. Strong reverse-engineering + exploit-development content. Technical depth-over-breadth. Multiple events per year across regions.
Student / junior pro: Student rates exist. Recordings often free post-conference.
March/September · Goa, India + Berlin
The South Asian hacker conference
Founded in Goa in 2010, now also runs Berlin. Strong original-research presence — especially mobile security, ICS, automotive. India's largest cyber conference.
Student / junior pro: Affordable for the region. International attendees pay more but still well below US conference rates.
June · varies (Washington DC, Toronto, etc.)
The incident-response conference
Forum of Incident Response and Security Teams. ~600 attendees, by member-organization affiliation. The premier global IR + CSIRT operations conference. Members include national CERTs, major Fortune 500 SOCs, military cyber units.
Student / junior pro: Membership-gated. Apply via your employer's CSIRT if any.
April + October · varying global cities
The web AppSec conference
OWASP Foundation's twice-yearly flagship conference. Lisbon, San Francisco, Dublin, Tel Aviv have hosted. ~600-1,000 attendees. The web-AppSec community gathering — strong DAST/SAST/threat-modeling/SDLC content. Pairs with regional OWASP chapter events that run year-round and are usually free.
Student / junior pro: Student rates exist. Local OWASP chapter events are universally free.
