Better Together: The Best Cyber Threat Intelligence Events

Our roundup of the best cyber threat intelligence events you won't want to miss.

Better Together: The Best Cyber Threat Intelligence Events

"What events should I be going to?" This is a question we often get by both emerging and established security professionals interested in 1) advancing their cyber threat intelligence chops 2) finding kindred spirits. In this blog, we introduce some of the most popular and important CTI conferences throughout the year, along with a summary and helpful resources.

The Titans

There are a few must-attend, dedicated threat intelligence events that have the industry's most well-regarded speakers and topics that span strategic, operational, and tactical intelligence.

SANS Cyber Threat Intelligence Summit

One of the longest-running events dedicated purely to CTI, the annual SANS Cyber Threat Intelligence Summit provides in-depth technical training (an optional add-on) and discussions on cyber threat intelligence, incident response, and threat hunting. Gathering leading voices in the space, SANS offers practical insights and hands-on experience to enhance CTI capabilities.

The event usually takes place early in the year (January or February), with free virtual attendance and physical event in Virginia, USA. Bonus: the concurrent Slack channels are surprisingly active and engaging, so make sure to follow along virtually too.

2024 YouTube Playlist | Visual Summary

2023 YouTube Playlist | Visual Summary

2022 YouTube Playlist | Visual Summary

FIRST Cyber Threat Intelligence Conference

The Forum of Incident Response and Security Teams (FIRST) Cyber Threat Intelligence Conference (evolved from previous years as a Symposium) is a 3-day event: 1 day of training and 2 days of plenary sessions. The training has been historically split between analytical and technical paths, and plenary sessions tackle topics around operationalizing, measuring, structuring, and maturing CTI programs.

Both virtual and in-person attendance require payment, and registration priority is given to FIRST members.

2024 Conference Site

2023 Conference Site | YouTube Playlist

2022 YouTube Playlist

Virus Bulletin Conference

Active for more than three decades, the annual Virus Bulletin Conference is one of the longest running security conferences with a focus on threat research and analysis to prevent real-world attacks. The conference is a three-day event with multiple tracks, typically taking place in the fall in Europe or North America.

2024 Conference Site

2023 Conference Site | YouTube Playlist

2022 Conference Site | YouTube Playlist

Focus Groups


MITRE ATT&CKcon is an annual, 2-day conference that brings together cybersecurity professionals, researchers, industry experts, and of course, MITRE ATT&CK team members to discuss and share insights about the MITRE ATT&CK framework. The fast-paced program of shorter 15-30 minute talks examine how to adapt and improve ATT&CK, share real world applications and interesting case studies, and announce key ATT&CK updates. By fostering public-private collaboration and cross-sector knowledge sharing, MITRE ATT&CKcon events contribute to the collective efforts of the security community in staying ahead of evolving cyber threats and strengthening defense strategies. The event takes place in Virginia, USA, with virtual attendance options.

ATT&CKcon 4.0 (2023) YouTube Playlist

ATT&CKcon 3.0 (2022) YouTube Playlist

ENISA CTI-EU Conference

A free event to bring together the European CTI community run by ENISA, the European Union Agency for Cybersecurity. "The main objective of the CTI-EU event is to bring experts, researchers, practitioners and academics together to promote the dialogue and envision the future of Cyber Threat Intelligence for Europe."

CTI-EU 2023 Conference Website

Presentations: 2019, 2018, 2017


CYBERWARCON is a 1-day conference in the Washington D.C. area focused on the specter of destruction, disruption, and malicious influence on our society through cyber capabilities. CYBERWARCON is not a hacker conference, or an ICS conference, or an international policy conference. The central purpose of this conference is to identify and explore threats. Participants and attendees come from a spectrum of backgrounds including the military and government, academia, the media, and the private sector.




Sleuthcon is a 1-day event designed to highlight the work done by cybersecurity practitioners, journalists, academics, law enforcement officials, and more to identify and explore cybercrime and financially-motivated cyber threats.


SLEUTHCON YouTube Channel


The 1-day SANS Open-Source Intelligence (OSINT) Summit brings together OSINT practitioners, investigators, and enthusiasts alike to share OSINT techniques and tools. OSINT community members present current, real-world methods and lessons learned from harvesting information across the Internet, processing and analyzing results, and using key data to reach objectives.

SANS OSINT Summit Website

2023 YouTube Playlist

2022 YouTube Playlist

The Hague Threat Intelligence Exchange TIX

Hague TIX is an annual conference bringing together Europe’s leading threat intelligence researchers for a day of talks on disruptive and destructive cyber operations, organised by the Hague Program on International Cyber Security.

Hague TIX Website

2023 Archive

2022 Archive

Honorable Mentions

SANS Ransomware Summit (2023, 2022 Playlist)

SANS Blue Team Summit (2023, 2022 Playlist)


Blue Team Con


BotConf (2023 Playlist), organized by, the Luxembourg Computer Incident Response Center

CTI Summit (CTIS) (Website)


RooCon by Google Mandiant

Predict Intelligence Summit Series by RecordedFuture (2022 Playlist)

LabsCon by SentinelOne (Replay)

Closing Thoughts

In addition to these conferences, many of the big events (RSA, BlackHat, DefCon), ISACs, and local cons (Bsides, Shmoocon) will have dedicated CTI talks/tracks and valuable content.

Keep an eye on Pulsedive's Dashboard for upcoming CFPs and events, and make sure to sign up for updates from your favorites above.

Are we missing any? Drop me a note at