Blue Team Con 2026 | moscovium-mc's security blog

Instructor: Blue Team Con

Term: Fall

Location: Swissôtel Chicago, Chicago, Illinois

Time: Thursday, September 10 – Sunday, September 13, 2026

Event Overview

Blue Team Con 2026 is the only annual in-person conference created by, and for, cybersecurity defenders. This unique event brings together more than 850+ community-minded defensive cybersecurity experts for information sharing, relationship and career building events, and defense-focused talks held by some of the industry’s leading cybersecurity minds.

Mission Statement

“Cultivate a community-driven experience that focuses on educating and connecting anyone interested in defensive cybersecurity through a safe, inclusive, friendly, and fun ecosystem.”

Blue Team Con is dedicated to the often-overlooked defensive side of cybersecurity, providing a platform where blue teamers can share knowledge, build skills, and connect with peers who understand the unique challenges of protecting organizations.

Key Features

Defense-Focused Content: Every talk, training, and workshop is designed specifically for defensive cybersecurity professionals
32+ CPE Credits Available: Earn Continuing Professional Education credits across all trainings and talks
Community-Driven: Created by defenders, for defenders – content shaped by the blue team community
Inclusive Environment: Safe, welcoming space for cybersecurity professionals at all experience levels
Hands-On Learning: Villages, workshops, and interactive sessions for practical skill development
Career Building: Networking events, mentorship opportunities, and professional development resources

Conference Components

Trainings

In-depth, hands-on training sessions led by industry experts covering defensive cybersecurity topics. These multi-hour sessions provide deep technical knowledge and practical skills.

Training Features:

Small class sizes for personalized instruction
Hands-on labs and practical exercises
CPE credits for completion
Take-home materials and resources
Limited seating – early registration recommended

Talks

Defense-focused presentations from leading cybersecurity minds covering the latest threats, defensive strategies, and best practices for protecting organizations.

Talk Categories:

Technical deep-dives on defensive tools and techniques
Strategic sessions on building and maturing security programs
Case studies and lessons learned from real-world incidents
Emerging threat analysis and defensive countermeasures
Career development and leadership for blue teamers

Villages

Interactive, hands-on areas focused on specific defensive domains where attendees can engage with experts, try tools, and participate in collaborative learning.

Village Topics (Sample):

SOC Village: Security Operations Center best practices and tools
Threat Hunting Village: Proactive threat detection methodologies
DFIR Village: Digital Forensics and Incident Response techniques
Cloud Defense Village: Protecting cloud environments and workloads
Identity & Access Village: IAM defense strategies and tools
Network Defense Village: Network security monitoring and protection
Application Security Village: Defending applications and APIs
GRC Village: Governance, Risk, and Compliance for defenders

Event Schedule

Thursday, September 10, 2026

Day 1: Opening & Trainings

8:00 AM: Registration and Continental Breakfast
9:00 AM: Opening Remarks and Welcome
9:30 AM: Training Sessions Begin (Full-Day Tracks)
12:30 PM: Lunch and Networking
1:30 PM: Afternoon Training Sessions Continue
5:00 PM: Training Sessions Conclude
6:30 PM: Welcome Reception and Opening Networking Event

Friday, September 11, 2026

Day 2: Main Conference

7:30 AM: Registration and Breakfast
8:30 AM: Opening Keynote Address
9:30 AM: First Breakout Sessions Begin (Multiple Tracks)
12:00 PM: Lunch and Village Activities Begin
1:30 PM: Afternoon Sessions Continue
4:30 PM: Specialized Workshops and Village Deep-Dives
6:00 PM: Evening Networking Reception

Saturday, September 12, 2026

Day 3: Main Conference

8:00 AM: Morning Keynote and Executive Sessions
9:30 AM: Advanced Defensive Sessions and Technical Talks
12:30 PM: Lunch and Vendor/Partner Showcase
2:00 PM: Panel Discussions and Case Studies
4:30 PM: Hands-On Workshops and Collaborative Sessions
6:30 PM: Community Celebration and Awards Ceremony

Sunday, September 13, 2026

Day 4: Final Day & Closing

8:30 AM: Strategic Planning Sessions
10:00 AM: Final Breakout Sessions
12:00 PM: Lunch and Final Village Hours
1:30 PM: Closing Keynote and Future of Defense
3:00 PM: Community Recognition and Closing Remarks
4:00 PM: Conference Adjourns

Conference Tracks & Topics

Security Operations & Monitoring

SOC design and optimization
SIEM deployment and tuning
Security analytics and correlation
Alert triage and prioritization
Metrics and reporting for defenders

Threat Detection & Hunting

Proactive threat hunting methodologies
Detection engineering and rule creation
Threat intelligence integration
Behavioral analytics and UEBA
Hunting in cloud and hybrid environments

Incident Response & Forensics

IR playbook development and testing
Digital forensics techniques and tools
Malware analysis for defenders
Post-incident analysis and lessons learned
Tabletop exercises and simulation

Cloud Security Defense

Cloud security posture management (CSPM)
Container and Kubernetes security
Cloud workload protection
Identity and access in cloud environments
Multi-cloud defense strategies

Identity & Access Defense

Identity threat detection and response (ITDR)
Privileged access management (PAM)
Multi-factor authentication strategies
Identity governance and administration (IGA)
Defending against identity-based attacks

Network Defense

Network traffic analysis and monitoring
IDS/IPS deployment and tuning
Network segmentation strategies
Zero Trust network architecture
Encrypted traffic analysis

Application Security Defense

Web application firewall (WAF) strategies
API security and protection
Runtime application self-protection (RASP)
Software composition analysis
Secure coding practices for defenders

GRC & Security Leadership

Building and maturing security programs
Security metrics and board reporting
Risk assessment and management
Compliance frameworks and audits
Security budget planning and justification

Who Should Attend

Blue Team Con is designed for anyone interested in defensive cybersecurity, including:

Security Operations Center (SOC) Analysts
Incident Responders and DFIR Specialists
Threat Hunters
Security Engineers and Architects
Security Managers and Directors
CISOs and Security Leadership
GRC Professionals
IT Security Administrators
Network Security Engineers
Cloud Security Specialists
Identity and Access Management Professionals
Application Security Defenders
Students and Career-Changers interested in defensive security

Registration Information

Registration Types

Full Conference Pass

Access to all talks, trainings, and village activities (Sep 10-13)
Entry to all networking events and receptions
Conference materials and session recordings
All meals and refreshments during conference hours
CPE credit eligibility for all sessions attended

Training-Only Pass

Access to training sessions only (Sep 10)
Conference materials for training sessions
Lunch and networking during training day
CPE credits for completed trainings

One-Day Pass

Access to all sessions and activities on a single day
Meals and refreshments for that day
Networking event access on selected day
CPE credit eligibility for sessions attended

Student Pass

Discounted pricing for full-time students
Access to all conference sessions and activities
Student networking events and mentorship opportunities
Proof of student status required

Pricing Notes

Early Bird Rates: Available for registrations made several months in advance
Group Discounts: Available for organizations sending multiple attendees
Community Pricing: Special rates for non-profit and government defenders
Scholarship Opportunities: Financial assistance available through the Scholarship Fund

Note: Specific pricing and registration deadlines will be announced on the Blue Team Con website. Registration typically opens in Spring 2026.

CPE Credits

Blue Team Con is committed to supporting professional development for cybersecurity defenders:

32+ CPE Credits Available: Across all trainings and talks over 4 days
(ISC)² Approved: Credits eligible for CISSP, CCSP, and other (ISC)² certifications
ISACA Approved: Credits eligible for CISM, CISA, CRISC certifications
Documentation Provided: CPE certificates issued post-conference
Track Your Credits: Mobile app integration for CPE tracking

Sample CPE Breakdown

Trainings: 6-8 CPEs per full-day session
Talks: 1 CPE per hour of attendance
Workshops: 2-4 CPEs per session
Village Activities: 1-2 CPEs per hour of participation

Venue & Accommodations

Conference Location

Swissôtel Chicago
323 East Wacker Drive
Chicago, IL 60601

The Swissôtel Chicago is a premier downtown hotel featuring:

Modern meeting and event spaces with state-of-the-art AV
661 guest rooms and suites with floor-to-ceiling windows
Multiple restaurants and dining options
Indoor pool and fitness center
Located in the heart of downtown Chicago
Easy access to public transportation and attractions

Hotel Accommodations

Official Conference Hotel

Swissôtel Chicago

On-site convenience for all conference activities
Special conference room rates (typically discounted)
Walking distance to all conference sessions
Full-service amenities including restaurants, fitness center, and business center

Booking Tips:

Reserve early as rooms at the conference hotel sell out quickly
Use the official Blue Team Con housing link for discounted rates
Consider booking refundable rates if travel plans are uncertain
Room blocks typically open with registration announcement

Travel Information

Airports

O’Hare International Airport (ORD): 18 miles, ~45 minutes via CTA Blue Line
Midway International Airport (MDW): 12 miles, ~35 minutes via CTA Orange Line

Transportation

CTA (Chicago Transit Authority): Direct train service from both airports to downtown
Airport Express Buses: Service to downtown hotels
Ride-Sharing: Uber and Lyft widely available
Taxi Services: Available at all airports and hotel
Rental Cars: Multiple rental agencies at both airports
Parking: On-site parking available at Swissôtel (fees apply)

Local Attractions

Millennium Park: 10-minute walk (home of “The Bean”)
Navy Pier: 15-minute walk
Magnificent Mile: Shopping and dining district
Art Institute of Chicago: World-class museum
Willis Tower Skydeck: Iconic Chicago landmark
Chicago Riverwalk: Scenic walking path along the river

Community & Inclusivity

Blue Team Con is committed to creating a safe, inclusive, and welcoming environment for all attendees:

Code of Conduct

All attendees, speakers, sponsors, and volunteers are expected to adhere to the Blue Team Con Code of Conduct, which emphasizes:

Respectful and inclusive behavior
Zero tolerance for harassment or discrimination
Professional conduct at all times
Safe reporting mechanisms for concerns

Diversity & Inclusion

Blue Team Con actively promotes diversity in cybersecurity through:

Scholarship Fund: Financial assistance for underrepresented groups
Mentorship Programs: Pairing experienced defenders with newcomers
Inclusive Content: Sessions addressing diverse perspectives and experiences
Accessibility: Venue and materials designed for accessibility

Community Building

Birds of a Feather Sessions: Informal gatherings around specific interests
Mentorship Meetups: Structured networking for career development
Newcomer Orientation: Special sessions for first-time attendees
Community Recognition: Awards for community contributions

Sponsorship & Partners

Blue Team Con is supported by leading cybersecurity companies committed to the defensive community:

Note: 2026 sponsor list will be announced closer to the event.

Sponsorship Opportunities

Various sponsorship levels are available for companies supporting the defensive cybersecurity community:

Platinum Sponsor: Premier branding and speaking opportunities
Gold Sponsor: Major visibility and networking access
Silver Sponsor: Significant presence and engagement opportunities
Bronze Sponsor: Entry-level sponsorship with branding benefits
Village Sponsor: Dedicated sponsorship of specific village areas
Training Sponsor: Support for training sessions and materials

For sponsorship information: sponsors@blueteamcon.com

Scholarship Fund

Blue Team Con maintains a Scholarship Fund to support attendance for those who might otherwise be unable to participate:

Who Can Apply

Students pursuing cybersecurity education
Career-changers entering defensive security
Underrepresented groups in cybersecurity
Non-profit and public sector defenders with limited budgets

What’s Covered

Full conference registration
Travel stipend (partial)
Hotel accommodation (limited nights)
Meal allowances during conference

How to Apply

Applications typically open in Spring 2026. Visit the website for details: https://blueteamcon.com

Donate to the Scholarship Fund

Support the next generation of defenders by contributing to the Scholarship Fund. All donations are tax-deductible and directly support attendance for deserving individuals.

Preparation Resources

Review recent defensive cybersecurity trends and threat intelligence
Identify specific defensive challenges you want to address at the conference
Prepare questions for speakers and village experts
Connect with peers on LinkedIn who are also attending
Review the agenda and build your personalized schedule (available closer to event)
Download the Blue Team Con mobile app (available closer to event date)

Official Channels

Website: https://blueteamcon.com/
Email Sign-up: https://blueteamcon.com/subscribe
Sponsor Information: sponsors@blueteamcon.com
Contact: https://blueteamcon.com/contact-blue-team-con/
Mission Statement: https://blueteamcon.com/our-mission/
BTC History: https://blueteamcon.com/

Stay connected with Blue Team Con updates:

Twitter: https://twitter.com/BlueTeamCon
LinkedIn: https://www.linkedin.com/company/blueteamcon/
Email Newsletter: https://blueteamcon.com/subscribe

Follow the hashtag #BlueTeamCon2026 for real-time updates during the conference.

Call for Presentations

Blue Team Con accepts speaker submissions through their Call for Presentations process:

Submission Period: Opens early 2026
Focus: Defense-focused content only
Topics: All defensive cybersecurity domains
Format: Talks, trainings, workshops, village activities
Review Process: Community-driven selection committee
Benefits: Speaking slot, conference pass, recognition in program

Note: Call for Presentations details will be announced on the website.

Past Conference Highlights

Blue Team Con 2025

Attendees: 850+ defensive cybersecurity professionals
CPE Credits: 32+ available across all sessions
Community Focus: Safe, inclusive, defender-first environment
Feedback: High satisfaction rates from attendees and speakers

Blue Team Con History

Community-Driven: Created by defenders, for defenders
Unique Focus: Only conference dedicated exclusively to defensive cybersecurity
Growth: Expanding attendance and programming each year
Impact: Building a stronger, more connected defensive community

BTC Online

For those unable to attend in person, Blue Team Con offers BTC Online – virtual access to select conference content:

Recorded Sessions: Access to talk recordings post-conference
Virtual Networking: Online community forums and discussions
Resource Library: Training materials and session resources
Community Access: Connect with defenders virtually

Learn more at: https://blueteamcon.com/btc-online/

Volunteer Opportunities

Blue Team Con relies on volunteers to help make the conference successful:

Volunteer Roles

Registration Support: Assist with attendee check-in
Session Monitors: Help speakers and manage Q&A
Village Assistants: Support village activities and experts
Event Setup/Tear-down: Help with logistics and venue preparation
Community Ambassadors: Welcome newcomers and facilitate networking

Volunteer Benefits

Free Conference Access: Full access to all sessions and activities
Behind-the-Scenes Experience: Work closely with organizers and speakers
Networking Opportunities: Connect with community leaders
Volunteer Recognition: Acknowledgment in conference materials

Volunteer applications typically open in Summer 2026. Watch the website for details.

Health & Safety

Blue Team Con follows local health guidelines and venue protocols. Attendees should monitor the official website for any updates regarding health and safety requirements closer to the event date.

Note: Blue Team Con 2026 details are based on the official website and historical patterns. All dates, schedules, and registration details are subject to change. Please verify information through official Blue Team Con channels before making travel arrangements.

Blue Team Con*

Schedule

Week	Date	Topic	Materials
1	Sep 10	Opening Day & Trainings Opening sessions, first day of defense-focused trainings, and evening networking events for cybersecurity defenders.	Official Website Email Sign-up
2	Sep 11	Main Conference Day 1 Keynote presentations, defense-focused talks across multiple tracks, village activities, and community networking events.	Our Mission BTC History
3	Sep 12	Main Conference Day 2 Advanced defensive sessions, hands-on workshops, village deep-dives, and specialized tracks for blue team professionals.	BTC Online Sponsor Information
4	Sep 13	Final Day & Closing Final talks, closing sessions, last village activities, awards ceremony, and community celebration events.	Contact Us Scholarship Fund