As we kick off 2026, I wanted to share Wigington Security Group’s conference strategy for the year. After building out our OSINT service offerings and refining our approach to digital footprint analysis and threat intelligence, it’s time to get back into the field where the best learning happens—among practitioners, researchers, and the security community.
The Intersection of Three Disciplines
OSINT doesn’t exist in a vacuum. Every investigation we conduct sits at the intersection of three critical domains:
Privacy - Understanding what should be private, what is legally accessible, and how to navigate the ethical boundaries of open-source intelligence gathering. Privacy frameworks inform our methodology and keep our work defensible.
Security - Our clients need OSINT because they face security threats: insider risks, social engineering attacks, competitor intelligence, fraud. We have to think like attackers to defend effectively, which means staying current on offensive techniques, threat intelligence, and vulnerability research.
OSINT - The tradecraft itself—tools, techniques, platforms, automation, and analysis. This is our core competency, but it only matters when informed by privacy constraints and security realities.
These three areas aren’t separate tracks—they’re mutually reinforcing. A privacy researcher’s work on data brokers informs our OSINT collection strategy. A hacker’s social engineering technique reveals what we need to defend against in due diligence investigations. An OSINT practitioner’s tool becomes a security vulnerability when misused.
That’s why our 2026 conference plan deliberately hits all three areas.
The 2026 Plan: Four Conferences, Four Quarters
We’re taking a focused, West Coast-centric approach. All events are within driving distance from Monterey, keeping travel costs manageable while maximizing time with the community.
Q1: RSA Conference (March 23-26, San Francisco)
2-hour drive north
Coverage: Privacy + Security + Enterprise OSINT
RSA is where 44,000 security professionals converge to discuss policy, privacy frameworks, and emerging threats. For OSINT work, this is where we learn how enterprise security teams are thinking about threat intelligence and insider risk.
Privacy angle: Strong tracks on data protection, privacy-preserving technologies, and regulatory compliance. Understanding how enterprises handle PII informs how we conduct ethical investigations.
Security angle: Keynotes from CISOs, threat intelligence sessions, and discussions on defending against social engineering—the exact attacks our OSINT investigations help prevent.
OSINT angle: Threat intelligence platforms, dark web monitoring tools, and vendor demos showing how enterprise teams operationalize OSINT at scale.
Why it matters: Our clients are enterprises dealing with compliance, insider threats, and due diligence. RSA shows us how they think, what they fear, and what they’re willing to pay for.
Q2: IEEE Symposium on Security and Privacy (May 18-21, San Francisco)
2-hour drive north
Coverage: Privacy Research + Hacking (Academic)
The 47th edition of the premier academic security conference. This is where PhD researchers present work that becomes operational 2-3 years later. If RSA is where practitioners talk about today’s problems, IEEE S&P is where we see tomorrow’s solutions.
Privacy angle: Cutting-edge research on privacy-preserving technologies, de-anonymization attacks, differential privacy, and cryptographic protocols. This is the bleeding edge of privacy research—understanding what’s theoretically possible helps us anticipate what becomes practically exploitable.
Security angle: Vulnerability research, formal verification methods, and novel attack vectors. Academic researchers find bugs in protocols before they become CVEs. We learn about attack surfaces before they’re widely exploited.
OSINT angle: Papers on information leakage, metadata analysis, and correlation attacks show us both what’s possible with open-source data and what defenses actually work. One year’s academic paper on browser fingerprinting becomes next year’s OSINT tool.
Why it matters: Academic research drives the OSINT tools we’ll use in 2028. Understanding the theoretical foundations makes us better practitioners today.
Q3: Black Hat USA + DEF CON 34 (August 1-9, Las Vegas)
8-hour drive east
Coverage: Hacking + OSINT + Physical Security
“Hacker Summer Camp” is the Super Bowl of offensive security. Black Hat brings 20,000+ security professionals for technical training and vulnerability research. DEF CON brings the hacker community for hands-on villages, competitions, and pure technical exploration.
Privacy angle: Social engineering talks show how privacy fails in practice. Physical security bypasses reveal why digital privacy alone isn’t enough. We learn what attackers actually do with the information we find during OSINT investigations.
Security angle: This is the offensive security motherlode. Live exploit demos, zero-day research, red team tactics, and adversary simulation. Understanding how systems get compromised informs our threat assessments and security recommendations to clients.
OSINT angle: DEF CON’s OSINT Village is the premier gathering of open-source intelligence practitioners. Hands-on training, tool demonstrations, and talks from investigators doing real-world OSINT work. This is our community’s annual reunion.
Why it matters: You can’t do defensive OSINT without understanding offensive techniques. Black Hat shows us what’s possible. DEF CON shows us what’s practical. The OSINT Village shows us who’s actually doing it well.
Q4: SecureWorld San Francisco (November 4-5, San Francisco)
2-hour drive north
Coverage: Regional Cybersecurity + Physical Security + Networking
SecureWorld is the regional practitioner conference—less flashy than RSA, more practical than IEEE, more accessible than Black Hat. Local CISO advisory councils curate content focused on implementation challenges Bay Area security teams actually face.
Privacy angle: Compliance sessions on California privacy law (CCPA/CPRA), data protection strategies, and practical privacy program implementation. This is the “how do we actually do this” content that enterprise privacy officers need.
Security angle: Physical security convergence, access control, and facility security—the less-glamorous but critical aspects of security that affect how we conduct on-site OSINT investigations and recommend security improvements.
OSINT angle: Regional security teams dealing with insider threats, background investigations, and due diligence. These are potential clients and partners in our own backyard.
Why it matters: Business development happens at regional conferences. The CISO we meet here might need OSINT services next quarter. Plus, 12-18 CPE credits don’t hurt.
Why This Matters for Our Clients
Every conference investment pays dividends in client work:
- Privacy frameworks learned at RSA and IEEE inform how we conduct ethical investigations that hold up under legal scrutiny
- Security techniques from Black Hat help us assess actual threats rather than hypothetical ones when clients ask “what’s my risk?”
- OSINT tradecraft from DEF CON and SecureWorld keeps our methodology sharp and our tools current
- Networking across all four events builds the referral network that generates new business
The ROI Calculation
Four conferences. Roughly 1,500 miles of driving. Mix of expensive (RSA, Black Hat) and economical (IEEE, SecureWorld). Total investment in professional development that pays back in three ways:
- Better client outcomes - We deliver investigations using current techniques, informed by latest privacy research, grounded in real security threats
- Business development - Face time with potential clients and referral partners beats cold outreach 10:1
- Competitive advantage - While other OSINT shops rely on YouTube tutorials, we’re learning from the researchers and practitioners pushing the field forward
We’re not attending conferences to collect swag or pad resumes. We’re going because the intersection of privacy, security, and OSINT is where our business lives—and you can’t stay sharp sitting behind a desk in Monterey.
See you on the road.
Larry Wigington
Wigington Security Group