Infosecurity Europe 2026 returns to ExCeL London from 2–4 June, and the free registration window closes 5 May. Miss that date and the same show floor costs £49+VAT per badge, £125+VAT for a SANS workshop seat that would have been £75+VAT a day earlier. For a three-day event covering agentic AI, post-quantum cryptography, ransomware economics, and cloud exposure at machine speed, that’s the simplest arithmetic in cybersecurity this quarter — and the one most people forget until the morning of 5 May.
This guide is for security professionals who want to plan their three days deliberately rather than drift between vendor booths. It covers the sessions worth the diary slot, which pass type actually gets you into the room you care about, the zones and stages hidden behind the main keynote track, and the small procedural details — CPE credits, Infosec Meets, student hours — that pay back the travel.
What’s different about Infosecurity Europe 2026
The headline numbers: three days at ExCeL London, around 380 exhibitors, an expected 13,000-plus professional visitors, and hundreds of free theatre sessions across the keynote stage, AI & Cloud Security Stage, Deep Dive Stage, Technology Showcase, Cyber Startups stage, and Channel Zone. Doors open 09:30 on Tuesday and Wednesday (closing 17:30) and 09:30–16:00 on Thursday.
Two structural shifts matter for how you plan. First, the organisers have introduced technical ratings against every conference session — Foundational, Intermediate, Advanced — so you can filter the programme to your actual level rather than guessing from a vendor-written abstract. Second, the show has split its pass architecture into eight types, with separate invitation-only streams (Leaders Programme, Priority Visitor Programme) running parallel to the main visitor track. The free-pass strategy is no longer “register and show up” — it’s picking the right pass for what you actually want to do.
The agenda itself is anchored on four themes the organisers flag explicitly: agentic AI and its effect on cloud security, the post-quantum cryptography transition, evolving ransomware tactics, and the compressing gap between misconfiguration and exploitation. Each maps to a specific keynote below.
Wed 3 June: 09:30–17:30
Thu 4 June: 09:30–16:00
The keynote sessions actually worth planning around
The first wave of keynotes announced for 2026 leans technical where it counts and leadership where the industry needs it. Four sessions deserve a diary block before anything else, and each answers a question the audience is already asking.
Shlomo Kramer — Tuesday 2 June. Kramer is the founder or early investor behind Check Point, Palo Alto Networks, Imperva, Cato Networks and Sumo Logic. His fireside chat sits on the opening day and covers the technology and investment cycles shaping the next era of the industry. If you’re a CISO trying to read where platform consolidation is heading — or a founder trying to figure out which categories still have room — this is the single highest-signal session on Tuesday. Kramer also judges the Cyber Startup Competition, so expect him to be visible at the Cyber Startups stage later in the day.
Ron Leizrowice — Tuesday 2 June, 13:50–14:20. The Wiz AI researcher’s talk, The Infosec Big Fat Cloud Update of the Year, is the programme’s main technical set-piece on cloud-native threats. Leizrowice’s argument — telegraphed in Wiz’s session abstract — is that AI is compressing the window between misconfiguration and exploitation while widening the attack surface across control planes, identities, and automated workflows. Defenders used to have hours or days between a bad IAM policy landing in production and someone exploiting it; that gap is shrinking toward zero. Expect specifics on agentic attack paths and practical controls for teams shipping fast.
Rik Ferguson — Wednesday 3 June, 11:00–11:35. Ferguson, Forescout VP of Security Intelligence and an Infosecurity Hall of Fame inductee, is delivering Quantum is still far off, we can wait – can’t we? The talk confronts what most security teams are still postponing: a post-quantum cryptography migration whose timeline is already dictated by procurement and depreciation cycles, not by when a cryptographically relevant quantum computer actually arrives. Crypto-fragile components bought today will still be in production when they become liabilities. Ferguson’s track record on this topic makes him one of the more pragmatic voices in the room.
Cynthia Kaiser — Tuesday 2 June. Kaiser is the former Deputy Assistant Director of the FBI’s Cyber Division, now leading ransomware research at Halcyon. Her session on the cybercriminal economy — dark web telemetry, affiliate structures, the operational mechanics of modern extortion — is as close as the programme gets to a true threat-intelligence briefing. She also contributes to the Women in Cybersecurity panel on Wednesday.
Maggie Alphonsi — Wednesday 3 June, 15:00. The England Rugby World Cup winner opens the tenth-anniversary Women in Cybersecurity event, hosted by Infosecurity Magazine editor Beth Maundrill on the Keynote Stage. It’s the programme’s leadership-and-performance headline, and historically one of the better-attended sessions of the week.
Jason Fox — Thursday 4 June, 10:05–10:45. Former Special Boat Service sergeant and SAS: Who Dares Wins presenter Fox closes the keynote programme with a session translating Special Forces principles — decision-making under pressure, team resilience, high-stakes leadership — to security teams facing burnout and incident fatigue. If you’ve got a Thursday morning train to catch, this is the one session worth the later departure.
Beyond the keynote stage: where the real technical content lives
The Keynote Stage gets the headline names, but experienced attendees know the working sessions happen elsewhere. Five zones and stages are worth mapping before you arrive.
The AI & Cloud Security Stage is the technical anchor of the 2026 programme. Expect sessions on deepfake detection, cloud misconfiguration exploitation, LLM application security, and agentic AI risk. This is where practitioner-level content lives rather than vendor pitches. The Deep Dive Stage runs longer sessions on specific use cases and threat walkthroughs — typically the best place to find sessions with an ATT&CK-mapped case study structure.
The Security Workshops are a separate animal. Six 90-minute tactical training sessions run in the South Gallery Rooms, deliberately off the main show floor. Past topics have included ransomware capability assessment, simplifying cyber assessment frameworks, and API security. Format varies — group work, panels, small-group presentations — and the value per hour is higher than almost anything on the main stages if you bring a specific problem. These sessions are included with a standard Visitor Pass.
The SANS Institute Workshops are different again. SANS partners with the event on hands-on masterclasses covering LLM security, post-quantum cryptography, and CISO decision-making. These are paid: £75+VAT per workshop until 5 May, rising to £125+VAT thereafter. A standard Visitor Pass does not include them — you need a SANS Workshop Pass.
The OWASP GenAI Security Project runs a half-day summit on Thursday 4 June, with project leaders, practitioners and regulators presenting research, frameworks and field-tested practices for securing generative AI systems. For anyone shipping LLM features into production, this is the single most focused block of content at the show.
The Cyber Startups stage runs 17 sessions across the three days, restricted to companies operating three years or less. The new Infosecurity Europe Cyber Startup Award 2026 adds a live pitch competition on 2 June, with the shortlist presenting on stage on 3 June. Kramer and other industry judges evaluate. Worth watching if your procurement roadmap looks beyond the incumbent platforms.
The Channel Zone is reserved for resellers, MSPs, MSSPs, MDRs, integrators, distributors and consultancies — its own keynote stage, networking bar, and meeting space. Requires a Channel Pass rather than a standard Visitor Pass.
Pass strategy: pick the right badge, not the first one
Eight pass types sit behind the “register now” button, and they’re not interchangeable. The simplest mistake is picking a Visitor Pass when your actual agenda needs a SANS Workshop Pass or a Channel Pass — and realising at the door.
A few non-obvious rules. Visitor Passes include all conference theatres and the Security Workshops, but not the paid SANS sessions — if you already registered and want a SANS seat, you need to contact the customer service team to upgrade. Channel Passes are not available to end-users; if you’re buying, not selling, go Visitor. Student tickets are limited and only valid 13:00–17:00 on Wednesday 3 June, with content curated by ISC2 and CIISEC. If you’re a university student in cyber, register early — allocation is capped.
Two invitation-only tracks worth flagging. The Leaders Programme and Priority Visitor Programme both unlock peer-led, vendor-free Table Talks and dedicated lounges. They’re pre-approved upgrades — you won’t be offered them unless your Visitor Pass registration triggers the criteria (typically seniority and buying remit). Fill your registration in carefully; the upgrade prompt appears on the final screen.
CPE credits: the free professional development no one tracks
Infosecurity Europe is accredited for CPE credits with ISC2 and ISACA, and the rules are simple enough that most attendees still forget them. You earn 1 credit per 50–60-minute session, half a credit for a 25–50-minute session, and 2 credits for a two-hour workshop. Participation is recorded by badge scan on entry.
For ISC2 members, enter your membership number during registration and credits post automatically four to five weeks after the event. ISACA members have to self-report. For anyone maintaining CISSP, CISM, CISA or similar certifications, a well-planned three-day visit clears a meaningful chunk of the annual requirement without an additional training spend. Certificates of attendance aren’t issued for bodies outside ISC2 and ISACA, so if your professional body sits elsewhere you’ll need to cross-check their rules in advance.
Networking: Infosec Meets, exhibitor happy hours, and the Cyber House Party
The event’s formal networking platform, Infosec Meets, lets you favourite sessions, request 1:1 meetings with exhibitors and other attendees, and plan a schedule before arriving. Last year’s average meeting rating was 4.6/5 — worth using even if you’re sceptical of meeting apps, because booths get crowded fast and a pre-booked slot is the only reliable way to talk to senior vendor staff for more than two minutes.
Wednesday 3 June from 15:30 is exhibitor happy hour — relaxed networking on select stands with drinks. The Cyber House Party runs alongside the show and adds a Community@Infosec space, set away from the busiest parts of the floor, for decompression and peer conversation. For visitors who find traditional trade-show networking draining, this is where the best side conversations actually happen.
Planning your three days
A defensible default itinerary for a technical attendee looks something like this. Tuesday: opening keynote and Shlomo Kramer fireside, Leizrowice’s cloud session at 13:50, Kaiser on ransomware, one AI & Cloud Security Stage session, exhibit floor and Infosec Meets bookings. Wednesday: Ferguson on post-quantum at 11:00, one Security Workshop slot in the South Gallery Rooms, Alphonsi and the Women in Cybersecurity panel at 15:00, exhibitor happy hour. Thursday: Jason Fox at 10:05, the OWASP GenAI Security Project summit for the rest of the morning, final booth meetings before the 16:00 close.
For senior CISOs and buyers, swap Thursday morning for Leaders Programme Table Talks if you have access. For channel professionals, the Channel Zone agenda replaces the main keynote track as the centre of the week. For startup founders, the 17 Cyber Startups stage sessions plus the 2 June pitch competition is a full agenda in itself.
FAQ
Is the pass actually free, or is there a catch? Standard Visitor, Channel, and Cyber Startup passes are free until 5 May 2026. From 5 May, all passes cost £49+VAT. SANS Workshop Passes are paid throughout — £75+VAT pre-5 May, £125+VAT after. There is no free tier for SANS sessions.
Can I register for a Visitor Pass now and add a SANS Workshop later? Yes, but you cannot self-upgrade — you need to contact the Infosecurity Europe customer service team to add a SANS Workshop Pass to an existing registration.
What’s the dress code? Business casual to conventional business attire. The organisers advise against anything overtly casual or branded in ways inconsistent with the professional setting.
How do I get there? ExCeL London’s nearest station is Custom House, served by the Elizabeth line and DLR. The West entrance is closest to the Infosecurity Europe halls. Driving access has changed — Sandstone Lane and Seagull Lane are closed, and car park access is via Royal Victoria Dock Road or the A112.
The honest bottom line
Infosecurity Europe 2026 is one of three European cybersecurity events where the programme is strong enough to justify the travel on content alone — the others being specific editions of it-sa Nuremberg and Gartner Security & Risk Management EMEA. What sets it apart in 2026 is the technical density on agentic AI and post-quantum, genuine threat-intelligence content from practitioners with FBI and frontline research credentials, and a registration window that’s still free if you act before 5 May. The sessions worth attending are specific, the zones worth visiting are named, and the pass that gets you into the right room depends on what you actually do for a living.
The only genuinely bad outcome is drifting in on 5 May, paying £49 at the door, missing the SANS workshop you wanted because it’s now £125 and sold out, and spending three days on a noisy show floor without a plan. Everything else — even the wrong talk choice — is recoverable.
