Every once in a while i am asked which security conference I recommend to attend, so I thought I would try to create a little guide that can help guide your decisions. I am somewhat biased, but feel free to take the principals here and rework the results based on your own data.

Ranking

You can find a lot of information in the online google spread sheet maintained by Inbar Raz

These ranking are based on my own personal experience, and the ranking is hugely biased toward my prefrences.

EventLocationTypeCostSize
t2FinlandTechnical1337 EurosSmall
BSidesTLVIsraelTechnical/CommunityFreeMedium
BlueHatILIsraelTechnicalFree (but need to think ahead to get tickets)Medium
SkyTalksUSACommunity?Small
BSidesLVUSATechnical/CommunityFree (but need to think ahead to get tickets)Large
CCCGermanyTechnical/Community150 EurosHuge
DefConUSATechnical/Community300 USDHuge
HackInParisFranceTechnical?Medium
44conUKTechnicalMediumMedium
SASChaingingTechnical?Medium
OWASPIsraelCommunityFreeMedium
BlackHatUSACommercial2500 USDHuge
RSAUSACommercial2500 USDHuge

Constraints

  1. Is someone paying me to travel? flights, hotels, etc.
  2. How expensive is the event?
  3. do I wnat to focus more on industry trends, technical topics or have great conversations?
  4. How far from home am I willing to travel, and for how long?

Cost

  • Free - as in not paying to attend
  • Low - Under 200$, something reasonable to pay out of my personal pocket
  • Medium - under 1000$, I should probably get someone to cover this
  • High - more than a 1000$ - Should only do this on your own money if you’re hard-core

Type

  • Commercial - for sales pitches, swag and networking (maybe some industry reconicesnce?)
  • Techincal - for a deeper dive into your respective domain
  • Community - networking, learning of other fields and having great conversations

Size

  • Small - under 250 people
  • Medium - under 1500 people
  • Large - under 5000 people
  • Huge - over 5000 people