Because I maintain the information security events calendar, I often get asked about local information security events. If I were to add all the local events that I know about, it would fill the calendar with a ton of entries, many of them not applicable to the users. I might start another calendar only for San Francisco / Bay Area events, but for now, identifying the resources available is good enough.

So for those information security professionals in (or visiting) the San Francisco Bay Area, here is a list of security groups:

  • OWASP Bay Area – The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks. Everyone is free to participate in OWASP and all of our materials are available under an open source license.
  • iSEC Open Security Forum – The iSEC Open Security Forum is an informal and open venue for the discussion and presentation of security related research and tools, and an opportunity for Bay Area security researchers from all fields to get together and share work and ideas. The Forum will meet quarterly in the San Francisco Bay Area. Forum agendas will be crafted with the specific needs/interests of its members in mind and will consist of brief 20-30 minute talks. Talks will not be product pitches or strongly vendor preferential. Attendance is by invite only and will be limited to engineers and technical managers. Any area of security is welcome including reversing, secure development, new techniques or tools, application security, cryptography, etc.
  • ISSA – ISSA is a not-for-profit, volunteer organization providing a forum for education, publications, and peer interaction opportunities that enhance the knowledge, skills, and professional growth of its members. A goal of the ISSA is to promote the best practices that will ensure availability, integrity, and confidentiality of organizational resources. The purpose of SFBayISSA is to have a local venue for sharing with your colleagues in the security profession.
  • ISACA – The Information Systems Audit and Control Association (ISACA) is a professional association of individuals interested in information systems audit, control and security.

If formal organizations aren’t your thing, there are a few informal groups as well.

  • Baysec – An informal meetup of information security professionals in San Francisco. Unlike other meetups, you will not be expected to pay dues, "join up", or stomach another vendor spiel to attend.
  • SF2600 – sf2600 is a meeting where hackers, crackers, phreaks, and geeks hang out and discuss technology and network with other like-minded folks.
  • SV2600 – Open to Hackers, Crackers, Cypherpunks, Cyberpunks, Phreakers, Geeks and anybody else who likes to discuss technology.

While not exactly a community resource, there are a few major information security conferences that get held in the San Francisco Bay Area as well. Conferences are another great way to network with fellow information security professionals, so here they are.

  • RSA Conference – RSA Conference is the unbiased resource thousands of information security professionals around the world have come to rely upon for unparalleled networking and knowledge sharing opportunities.
  • IEEE Symposium on Security and Privacy – Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains.
  • USENIX Security Symposium – USENIX Security brings together top researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks.

As you can see, the San Francisco Bay Area security community is quite strong. Also, we are trying to identify all the local bloggers, so for those in the area that blog, please contact us.

Update: We created a calendar specifically for the San Francisco Bay Area information security events on google.