applied security conferences and training: CanSecWest | PacSec | EUSecWest |

CanSecWest 2020

The 21st annual CanSecWest conference will be held March 18-20, 2020 at the Sheraton Wall Centre hotel in downtown Vancouver, British Columbia, Canada.

For the info about Pwn2Own, please check here.

Registration is available: here.

Interact with the security community

CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices.

The conference is single track, with one hour presentations over the duration beginning at 9:00 a.m. The registration fee includes the catered meals, and there will be a vendor display and lounge/eating area, where wireless internet access will be available (as well as in the speaking theater).

2020-03-12-10:00:00 Hybrid CanSecWest


There will be a remote CanSecWest speaker locker room pre-conference on Tuesday, March 18 at 16:00 PST, instructions will be emailed shortly.

Instructions and confirmation will be emailed to attendees as soon as we can on Monday or Tuesday. Attendees are asked to please send email to with the email addresses and preferrably Signal numbers (optional but desirable for backup contact) for the attendance and invitation list.

PWN2OWN @ CanSecWest is switching to full remote for this year.

The team there is adjusting as best and as quickly as they can. We plan to be posting update videos, and information from the contest on our remote conference stream. The ZDI blog will list new details shortly. We are all collaborating furiously to pull it all together under tight deadlines. The team at Trend Micro is doing an amazing job under ever changing and dynamic conditions, and I am grateful for their continuing support and amazing skills.

We are actually building a pretty interesting virtual show, under the gun, but the content is falling into place, we'll have remote and local participant panels in the breaks between presentations, some fun attendee contests and more. It would have been nicer to get more preparation time, but the folks pulling it together are doing an amazing job, on both remote courses, and our new virtual hybrid conference.

We will be offering a 25% discount on CanSecWest 2021 registrations for folks whose travel and risk reduction restrictions preclude physical participation this year and need to switch their registration to remote tickets. And one notes their allies, friends and supporters the most in the difficult times most of all, so all who are registered this year get a 15% discount on next year. For folks who are locked into travel with non-refundable tickets, and whose personal situations and locations place them in lower risk categories and are among the folks who will persevere and travel either locally or are in lower risk demographics, we will not cancel on our commitments, we will be putting on a smaller, safer show, locally and remotely. Folks from high-risk locations and among threatened demographics switching to remote or cancelling is a blessing and a curse here.

Currently IMHO I feel privileged to live in Canada, as aggressive testing and contact tracing building on our learning experiences with the previous SARS outbreak has led to a successful containment so far here - the odds of coming across virus exposure currently in BC with less than 40 cases among a population of 5 million are currently lower than your odds of being killed by lightning, to temper folk's risk assesments among the sea of hyperbole we are being subjected to, and you have much better odds of winning money in the provincial lottery still. IMHO aggressive testing is the key in this situation, and the difference between safe locales and higher risk lies in visibility, data, and information to guide folk's response and plans - Korea, China, Canada and other places that have ramped up testing, promoted mask use, and let folks have the tools to deal with it tactically seem to have gotten it right with their strategies. I wish us all good luck, and a reminder than panic is never a good option. Clean hands, masks on, and open hearts - stay calm, and safe.

Now we still have a tremendous amount of work to do with this newfangled kind of event in this dynamic situation next week, so off we go. On the upside, we are looking at this as an opportunity to craft a new kind of event, local and remote, removing more of our geophysical boundaries.


Well the real world may be filled with uncertainty, but the virtual world marches on.

We are proceeding to attempt make CanSecWest Remote the coolest on-line infosec educational resource we can, and the best virtual party attempted so far.

We are upping the passes so that anyone who has switched to a virtual attendance gets four remote seats for their co-workers and friends.

Anyone who has ever been a volunteer, dojo instructor, presenter, or otherwise helped out at any of our conferences also is eligible complementary attendance to this virtual shindig, message me here with your email address for the conf invite and preferrably a signal number as some of the co-ordination is happening on that platform, cc with that info and we'll get you on "the list."

We will also be extending liberal remote passes for our sponsors, we'll contact your folks early next week.

This all feels like a time warp back to 15 years ago when we didn't really plan very much and things were very chaotic. Any plans you make today seem to obsolete tomorrow, we just ripped up all our event sheets with the hotel and are redoing our new plans for the remaining who will persevere, and our remote broadcast team. If anyone local wants to come help out with the remote conference management and learn with us on this brave new "technical adventure," ping me. Oddly, due to our earlier experiences with chaotic rapidly deployed arrangements this is a situation we are very practiced at and feels vaguely familiar from a long time ago.

Keith M Myers will be playing some virtual music sets on the evening part of this stream which is on PST times. Going to reach out to a few other of the usual DJ villains to see about queing them up for the evening part of the broadcast, so folks stuck at home not going anywhere can pour a glass of scotch, or a shot of tequila (It's not just for breakfast anymore), and join what will be likely multiple virtual rooms to mingle with peers while you are stuck telecommuting from home.

We will update the website shortly with more instructions and the at least 4-5 new remote presentations we are adding to the new longer and fuller remote stream agenda, and I am taking this opportunity to call out to our Dojo instructors for courses that have cancelled, or even our past instructors to see if they are interested in doing little short mini-trainings (tentatively planning on 15 min) as samples of their longer training material for attendees during the duration of the conferences, potentially in parallel at the same time as the virtual party track in the evening. We are still taking submissions for more remote sessions as the remote format allows us more timeslots for presentations and easily added virtual sub-groups, message me directly with your pitch. Got a cool infosec related idea you want to try with a remote group, tell me about it, the agenda is being built very dynamically. Also still taking applications for folks to join the content co-ordination and wrangling team, even remotely, so if you are interested in participating in the back end of this evolving idea contact me as well if you have some time you can spend helping out Tue-Wed next week.

The conference will feature a single track speaker presentation meeting stream and at least one "hallway track" meeting for attendees to mingle as well as many interactive panels and discussions as we can manage. We may also have break-out topical subgroups in the time the main stream is not active.

The other upside to just having hauled the gear for 500 person conferences to the hotel that is no longer needed, is that our remote streaming control room will have a ridiculously overkill stereo system and av setup. The much smaller viewing and interaction areas for the remote streams for locally present folks will also benefit from our killing a fly with an RPG tech overkill. Never a dull moment.

Way back in 2001 we were the first conference that I know of that attempted conference wide WiFi, we have been pioneers in bug bounties, discussions of many classes of vulns and tried new approaches in so many other ways. We certainly intend to be pioneers in remote interactions... because it seems many folks will be limited to those for the next few months. Onward and upward.