JPCERT/CC Eyes

Many events in the world have been postponed or cancelled due to COVID-19 pandemic, and cyber security conferences are not the exception. While I hope events will soon be organised as in the past, I would like to introduce three cyber security conferences I recommend you to join when the current situation gets back to normal. Let me tell you first that, since I am a malware analyst, the conferences I raise here are malware focused.

PHDays

PHDays is the biggest cyber security conference in Russia and held annually in Moscow (8,000 participants in 2019). This conference features a variety of parallel tracks: CTF, four-track presentation sessions and two-track hands-on training sessions. The CTF (Capture-The-Flag) competition, aka ‘The Standoff’, is a unique as players earn points by attacking a system in a virtual city.

This conference is worth visiting because conversations during presentations and the Q&A sessions afterwards are very active. I think Q&A in conferences overseas are more active than those in Japan, and it was PHDays that I received the largest number of feedback so far. It is quite common that Q&A sessions at PHDays last over ten minutes.

Kaspersky Security Analyst Summit

Kaspersky Security Analyst Summit is a conference held annually at different resorts in the world. Kaspersky is the organiser as it is on the event name, but the speakers are selected from various organisations through CFP process.

What makes this conference unique is the focus on the APT-related presentations. Even though there are a number of presentations about APT in many cyber security conferences these days, it is very rare for such conferences to spare a single track exclusively dedicated to APT like Kaspersky Security Analyst Summit does. In addition, the conference draws attention with results of analysis for new APT-related operations which are annually presented.
I recommend people engaged in incident investigation to attend this event, especially for those who analyse APT-related incidents.

BsidesLV

Last but not least, I would like to introduce BsidesLV. BlackHat USA and Defcon are the two popular cyber security conferences in Las Vegas during August, but BsidesLV also takes place around the same time as BlackHat USA. This event has enduring popularity, and some people even say that they will not participate in Black Hat USA but in BsidesLV and Defcon.
This conference provides 10 tracks with different topics. Some tracks are particularly interesting such as "Ground Truth," which is focused on machine learning, and "Providing Ground," which is designed for first-time speakers. "Hire Ground", which cannot be seen at any other conferences, is aiming for career development of cyber security engineers. This track even has an event where professionals of cyber security industry review engineers' resumes.
As a speaker, it was easy for me to speak at this conference thanks to the welcoming atmosphere in the session and good reactions from the audience. It was one of the conferences where I received a lot of feedback as well.
Why not join if you are seeking cyber security jobs in other countries?

Conclusion

I picked up only three cyber security conferences in this post, but there are many other conferences around the world. Why not explore other conferences like these, not only the famous ones like Blackhat or Defcon? Please tell me your favourite conferences.

Shusei Tomonaga
(Translated by Masa Toyama)