Identity, much like tamale-making, the Wave, or Bollywood dancing, is best done in the community.
We learn the most as we interact with the ideas and experiences of others, and while online mediums allow for some level of conversation, gathering in person accelerates the process.
Most of us cannot go to every available identity gathering; since it is the season when the ground is still frozen and plans are being made for the rest of the calendar year, we thought it might be helpful to pull together a menu of conferences for 2023.
We’ve provided a general description of what to expect, what the value is, and how it may or may not relate to identity.
TL;DR: if you have budget, but can go to only one huge conference, make it the European Identity Conference or Identiverse (whichever is closest). If you lack budget, hit up a BSides event near you.
RSAC : General Security Conference
Date: April 24-27
Location: San Francisco
One of the biggest security conferences on the planet. Walk into the Expo floor, and it is instantly apparent that there is a lot of money being tossed around in this industry. Sights I’ve seen in the past: a woman sitting 15 feet up in a silver ring for eight hours straight, live-pets-as-bait for passerby, and an entire booth setup as a sardonic comment on the overspend of marketing departments.
The actual sessions have long struggled with ensuring quality talks, but they’ve raised the bar over the last decade or so. The innovation sandbox and the villages that are starting to proliferate are highlights, as is the networking potential: if you know someone in the industry, you’ll likely run into them here.
BSidesSF – Community Security Conference
Date: April 22-23
Location: San Francisco
If you’re in town for RSAC, one potential bonus attraction is the weekend before: BSidesSF. It’s at the same basic location, is much cheaper, and the quality of speakers has been historically high. Case in point, Allan Friedman, senior strategist at CISA, gave a talk about SBOM at BSidesSF back before SBOM was cool.
European Identity Conference (EIC): Identity (slight European focus)
Date: May 9-12
Location: Berlin
The first real identity conference of the year. Last year, it moved to Berlin from Munich. It’s sponsored by KuppingerCole, but they do a good job of keeping vendors out of the main sessions. (Paid keynotes are a different matter, but they’re usually pretty great as well.)
This event is panel-heavy, and also has deep ties to standards organizations: the Globally Assured Identity Network was announced at EIC in 2021, as an example. Standards organizations often have a small workshop on the morning of the first day before the main event starts; often they provide as much if not more value than the conference itself.
Identiverse: Identity (slight North American focus)
Date: May 30-June 2
Location: Las Vegas
The best North America Identity conference. Highly associated with IDPro (mic drop) and formerly run by Ping, it has always been an unrivaled source of architectural approaches, standards updates, and a good read on where identity is actually in use in enterprises today.
Also, it’s moved to Vegas for 2023. (Insert your own reaction here)
Internet Identity Workshop (IIW) XXXVI and XXXVII: Identity in the Making
Spring Date: April 18-20, 2023
Fall Date: October 10-12, 2023
Location: Mountain View
Ah, the unconference. This is a bi-annual event that has been running for XXXVI divided by II years. That’s 18 years for you non math and latin double majors. It’s an event with a different speed; each morning everyone gathers in a large circle. If you want to talk about a particular topic, you stand up, write it on a post-it note, and tell the group what you want to talk about. You get a room and a time slot, and anyone who’s interested shows up.
Lots of new ideas sprang out of this gathering, most recently FastFed and Shared Signals.
Note to the reader: decentralized identity, verifiable credentials, and that area of identity play a huge role here.
BlackHat: Exploits and Vulnerabilities
DefCon: Let’s break things (fairly responsibly)
Date (BlackHat): August 5-10
Date (DefCon): August 10-13
Location: Las Vegas
The combination of these two are known as “Hacker Summer Camp.” They are two of the most well known security conferences in the world, but they’re slightly different.
BlackHat has seen a lot of vendors get more involved over the last decade or so, to the point where the expo floor at BlackHat looks a lot like the one at RSAC. The sessions are still solid and full of good information, though, and the Arsenal / open-source tools section are particularly worthy of visiting to see what people are building for the future.
DefCon is more community focused; villages make up a large portion of the content, and they are focused on a particular topic area: social engineering, or AI, or cryptography and privacy. The price for DefCon is much cheaper, and there is more of an “alternative” vibe to the whole scene. Just like BlackHat, there’s a tools section that is worth paying attention to as well.
BSides: Hyperlocal, Community-centric Conferences
Dates: Various
Location: Various
Even if you can’t travel far, there’s likely a BSides conference near you that you could attend. Much less expensive than the RSAC / EIC / Identiverse trilogy, they seek to make security (and identity) more accessible and develop the local security community.
Mike Kiser
Director of Strategy and Standards
SailPoint
Mike Kiser is insecure. He has been this way since birth, despite holding a panoply of industry positions over the past 20 years—from the Office of the CTO to Security Strategist to Security Analyst to Security Architect—that might imply otherwise. In spite of this, he has designed, directed, and advised on large-scale security deployments for a global clientele. He is currently in a long-term relationship with fine haberdashery, is a chronic chronoptimist (look it up), and delights in needlessly convoluted verbiage. He speaks regularly at events such as the European Identity Conference and the RSA Conference, is a member of several standards groups, and has presented identity-related research at Black Hat and Def Con. He is currently the Director of Strategy and Standards at SailPoint Technologies.