Better Together: The Best Cyber Threat Intelligence Events
"What events should I be going to?" This is a question we often get by both emerging and established security professionals interested in 1) advancing their cyber threat intelligence chops 2) finding kindred spirits. In this blog, we introduce some of the most popular and important CTI conferences throughout the year, along with a summary and helpful resources.
The Titans
There are a few must-attend, dedicated threat intelligence events that have the industry's most well-regarded speakers and topics that span strategic, operational, and tactical intelligence.
SANS Cyber Threat Intelligence Summit
One of the longest-running events dedicated purely to CTI, the annual SANS Cyber Threat Intelligence Summit provides in-depth technical training (an optional add-on) and discussions on cyber threat intelligence, incident response, and threat hunting. Gathering leading voices in the space, SANS offers practical insights and hands-on experience to enhance CTI capabilities.
The event usually takes place early in the year (January or February), with free virtual attendance and physical event in Virginia, USA. Bonus: the concurrent Slack channels are surprisingly active and engaging, so make sure to follow along virtually too.
2024 YouTube Playlist | Visual Summary
2023 YouTube Playlist | Visual Summary
2022 YouTube Playlist | Visual Summary
FIRST Cyber Threat Intelligence Conference
The Forum of Incident Response and Security Teams (FIRST) Cyber Threat Intelligence Conference (evolved from previous years as a Symposium) is a 3-day event: 1 day of training and 2 days of plenary sessions. The training has been historically split between analytical and technical paths, and plenary sessions tackle topics around operationalizing, measuring, structuring, and maturing CTI programs.
Both virtual and in-person attendance require payment, and registration priority is given to FIRST members.
2023 Conference Site | YouTube Playlist
Virus Bulletin Conference
Active for more than three decades, the annual Virus Bulletin Conference is one of the longest running security conferences with a focus on threat research and analysis to prevent real-world attacks. The conference is a three-day event with multiple tracks, typically taking place in the fall in Europe or North America.
2023 Conference Site | YouTube Playlist
2022 Conference Site | YouTube Playlist
Focus Groups
MITRE ATT&CKcon
MITRE ATT&CKcon is an annual, 2-day conference that brings together cybersecurity professionals, researchers, industry experts, and of course, MITRE ATT&CK team members to discuss and share insights about the MITRE ATT&CK framework. The fast-paced program of shorter 15-30 minute talks examine how to adapt and improve ATT&CK, share real world applications and interesting case studies, and announce key ATT&CK updates. By fostering public-private collaboration and cross-sector knowledge sharing, MITRE ATT&CKcon events contribute to the collective efforts of the security community in staying ahead of evolving cyber threats and strengthening defense strategies. The event takes place in Virginia, USA, with virtual attendance options.
ATT&CKcon 4.0 (2023) YouTube Playlist
ATT&CKcon 3.0 (2022) YouTube Playlist
ENISA CTI-EU Conference
A free event to bring together the European CTI community run by ENISA, the European Union Agency for Cybersecurity. "The main objective of the CTI-EU event is to bring experts, researchers, practitioners and academics together to promote the dialogue and envision the future of Cyber Threat Intelligence for Europe."
CTI-EU 2023 Conference Website
Presentations: 2019, 2018, 2017
Cyberwarcon
CYBERWARCON is a 1-day conference in the Washington D.C. area focused on the specter of destruction, disruption, and malicious influence on our society through cyber capabilities. CYBERWARCON is not a hacker conference, or an ICS conference, or an international policy conference. The central purpose of this conference is to identify and explore threats. Participants and attendees come from a spectrum of backgrounds including the military and government, academia, the media, and the private sector.
Sleuthcon
Sleuthcon is a 1-day event designed to highlight the work done by cybersecurity practitioners, journalists, academics, law enforcement officials, and more to identify and explore cybercrime and financially-motivated cyber threats.
SANS OSINT Summit
The 1-day SANS Open-Source Intelligence (OSINT) Summit brings together OSINT practitioners, investigators, and enthusiasts alike to share OSINT techniques and tools. OSINT community members present current, real-world methods and lessons learned from harvesting information across the Internet, processing and analyzing results, and using key data to reach objectives.
The Hague Threat Intelligence Exchange TIX
Hague TIX is an annual conference bringing together Europe’s leading threat intelligence researchers for a day of talks on disruptive and destructive cyber operations, organised by the Hague Program on International Cyber Security.
Honorable Mentions
SANS Ransomware Summit (2023, 2022 Playlist)
SANS Blue Team Summit (2023, 2022 Playlist)
hack.lu, organized by circl.lu, the Luxembourg Computer Incident Response Center
CTI Summit (CTIS) (Website)
RooCon by Google Mandiant
Predict Intelligence Summit Series by RecordedFuture (2022 Playlist)
LabsCon by SentinelOne (Replay)
Closing Thoughts
In addition to these conferences, many of the big events (RSA, BlackHat, DefCon), ISACs, and local cons (Bsides, Shmoocon) will have dedicated CTI talks/tracks and valuable content.
Are we missing any? Drop me a note at grace@pulsedive.com.