The annual RSA Conference (RSAC) is taking place next week in San Francisco and will welcome thousands of security practitioners from all over the world. Security conferences like RSAC are valuable sources of learning, networking, and inspiration for security leaders and their teams. But they come with the trade-off of being expensive, time-consuming, and overwhelming.

To help you make an informed choice as conference season approaches, Forrester analyzed the content of eight leading security conferences from 2018 to 2023 by grouping presentations into one of 17 common security categories. We also compared the conference topics with the budgetary and tactical priorities of security professionals based on our surveys and research. Here are some key insights and recommendations from our report, The CISO’s Guide To Cybersecurity Conferences.

Know Your Goals And Preferences

Before deciding which conferences to attend, you need to identify exactly what you are looking for. Are you looking for:

  • Practical advice to solve your current challenges or being able to explore the latest trends and innovations in the field?
  • Large-scale events with a wide range of topics or smaller ones with more focused and in-depth sessions?

Depending on your answers, you may find different types of conference types more suitable for your needs. For example, if you want to learn about cutting-edge technologies and research, you might want to check out academic conferences such as ACM, RAID, or USENIX. These events feature highly technical and forward-looking talks on topics such as machine learning, artificial intelligence, cryptography, and privacy. They lack relevance to your day-to-day tasks in security operations, however.

On the other hand, if you’re seeking practical guidance on how to improve your security posture and align with your business goals, then practitioner-oriented conferences, such as Black Hat, RSAC, or ShmooCon, should be on your list. These events cover more operational and tactical topics like security operations, risk and regulation, software and application security, endpoint security, and network security. They also offer more opportunities to network with your peers and industry experts.

Use Data To Narrow Down Your Options

Our research provides a comprehensive overview of the content and coverage of eight major security conferences from 2018 to 2023, as well as their alignment with the budgetary and tactical priorities of security professionals based on our Forrester Analytics Business Technographics® data.

For the conference that aligns best overall with most program goals, the answer is simple: Attend RSAC. This event has the largest number of talks and the widest range of topics among the eight conferences we analyzed. It also has the highest alignment with the budgetary and tactical concerns of security leaders, according to our surveys. RSAC covers everything from education and career development to detection and response, and from privacy and anonymity to blockchain and crypto.

Other events are better choices for more technical depth and specialized topics. For example, if you are curious about usability, human factors, and social engineering, check out ShmooCon, which leads in these categories. If you want to learn more about emerging technologies, such as generative AI, web3, or quantum computing, you might want to follow ACM, which has the most talks on these topics.

Additionally, if you are looking for a conference that aligns with your budget priorities, you might want to consider the following events:

  • For security operations, which Forrester data shows is the top budget priority for 67% of security leaders, Black Hat and ShmooCon have the highest percentage of talks on this topic, followed by RSAC and USENIX.
  • For software and application security, which Forrester data shows is the third budget priority for 55% of security leaders, RAID and USENIX have the most talks on this topic, followed by RSAC and Black Hat.

A Little (Self-) Promotion

I’d be remiss if I didn’t mention that Forrester has several sessions planned for RSAC next week.

VP and Principal Analyst Jinan Budge will lead a session during the Cyber Leaders Forum, Sunday, May 5 from 11:25 a.m.–12:05 p.m., “Burnout in Cybersecurity: Recognizing, Addressing, and Supporting Our Teams.”

Principal Analyst Heidi Shey will lead a session, Monday, May 6 from 8:30–9:20 a.m., “Use Generative AI to End Your Love/Hate Relationship with DLP.

VP and Research Director Joseph Blankenship and VP and Principal Analyst Jeff Pollard will lead a session, Wednesday, May 8 from 10:50–11:40 a.m., “Avoid Being Accidentally Offensive (Guys Guide to Being An Ally).

Check these sessions out if you’ve already made the decision to send anyone to RSAC!

Forrester clients can schedule an inquiry or guidance session to discuss this research with us.