Better Together: The Best Cyber Threat Intelligence Events
Our roundup of the best cyber threat intelligence events you won't want to miss.
"What events should I be going to?" This is a question we often get by both emerging and established security professionals interested in 1) advancing their cyber threat intelligence chops 2) finding kindred spirits. In this blog, we introduce some of the most popular and important CTI conferences throughout the year, along with a summary and helpful resources.
The Titans
There are two must-attend, dedicated threat intelligence events that have the industry's most well-regarded speakers and topics that span strategic, operational, and tactical intelligence.
SANS Cyber Threat Intelligence Summit
One of the longest-running events dedicated purely to CTI, the annual SANS Cyber Threat Intelligence Summit provides in-depth technical training (an optional add-on) and discussions on cyber threat intelligence, incident response, and threat hunting. Gathering leading voices in the space, SANS offers practical insights and hands-on experience to enhance CTI capabilities.
The event usually takes place early in the year (January or February), with free virtual attendance and physical event in Virginia, USA. Bonus: the concurrent Slack channels are surprisingly active and engaging, so make sure to follow along virtually too.
SANS CTI Summit 2023 YouTube Playlist | Visual Summary
SANS CTI Summit 2022 YouTube Playlist | Visual Summary
FIRST Cyber Threat Intelligence Conference
The Forum of Incident Response and Security Teams (FIRST) Cyber Threat Intelligence Conference (evolved from previous years as a Symposium) is a 3-day event: 1 day of training and 2 days of plenary sessions. The training has been historically split between analytical and technical paths, and plenary sessions tackle topics around operationalizing, measuring, structuring, and maturing CTI programs.
In the last 2 years, the event was held in the fall around November, in Europe. Both virtual and in-person attendance require payment, and registration priority is given to FIRST members.
FIRST 2024 Cyber Threat Intelligence Conference Site
FIRST 2023 Cyber Threat Intelligence Conference Site
FIRST 2022 Cyber Threat Intelligence Symposium YouTube Playlist
Focus Groups
MITRE ATT&CKcon
MITRE ATT&CKcon is an annual, 2-day conference that brings together cybersecurity professionals, researchers, industry experts, and of course, MITRE ATT&CK team members to discuss and share insights about the MITRE ATT&CK framework. The fast-paced program of shorter 15-30 minute talks examine how to adapt and improve ATT&CK, share real world applications and interesting case studies, and announce key ATT&CK updates. By fostering public-private collaboration and cross-sector knowledge sharing, MITRE ATT&CKcon events contribute to the collective efforts of the security community in staying ahead of evolving cyber threats and strengthening defense strategies. The event takes place in Virginia, USA, with virtual attendance options.
ATT&CKcon Website (2023 not yet published)
ATT&CKcon 3.0 (2022) YouTube Playlist
ENISA CTI-EU Conference
A free event to bring together the European CTI community run by ENISA, the European Union Agency for Cybersecurity. "The main objective of the CTI-EU event is to bring experts, researchers, practitioners and academics together to promote the dialogue and envision the future of Cyber Threat Intelligence for Europe."
CTI-EU 2023 Conference Website
Presentations: 2019, 2018, 2017
Cyberwarcon
CYBERWARCON is a 1-day conference in the Washington D.C. area focused on the specter of destruction, disruption, and malicious influence on our society through cyber capabilities. CYBERWARCON is not a hacker conference, or an ICS conference, or an international policy conference. The central purpose of this conference is to identify and explore threats. Participants and attendees come from a spectrum of backgrounds including the military and government, academia, the media, and the private sector.
Sleuthcon
Sleuthcon is a 1-day event designed to highlight the work done by cybersecurity practitioners, journalists, academics, law enforcement officials, and more to identify and explore cybercrime and financially-motivated cyber threats.
SANS OSINT Summit
The 1-day SANS Open-Source Intelligence (OSINT) Summit brings together OSINT practitioners, investigators, and enthusiasts alike to share OSINT techniques and tools. OSINT community members present current, real-world methods and lessons learned from harvesting information across the Internet, processing and analyzing results, and using key data to reach objectives.
SANS OSINT 2023 YouTube Playlist
SANS OSINT 2022 YouTube Playlist
CTI Summit (CTIS)
The Cyber and Threat Intelligence Summit (CTIS) has historically been a 2-day summit gathering all the experts, analysts, users and contributors to cyber and threat intelligence at large. It includes the original MISP summit along with other practices around threat intelligence with coverage of intelligence methodologies/processes and tooling. The event gives special focus on projects that bridge intelligence communities together as well as open source projects.
Honorable Mentions
SANS Ransomware Summit (2023, 2022 Playlist)
SANS Blue Team Summit (2023, 2022 Playlist)
VirusBulletin Conference
hack.lu, organized by circl.lu, the Luxembourg Computer Incident Response Center
RooCon by Google Mandiant
Predict Intelligence Summit Series by RecordedFuture (2022 Playlist)
LabsCon by SentinelOne (Replay)
Closing Thoughts
In addition to these conferences, many of the big events (RSA, BlackHat, DefCon), ISACs, and local cons (Bsides, Shmoocon) will have dedicated CTI talks/tracks and valuable content. Keep an eye on Pulsedive's Dashboard for upcoming CFPs and events, and make sure to sign up for updates from your favorites above.
Are we missing any? Drop me a note at grace@pulsedive.com.