RSAC 2025: A Global Convergence of Cybersecurity Innovation and Community | Blog

This was my first RSAC™ 2025 Conference. I attended hoping to see forward-looking views on the threat landscape and the efforts to protect citizens, enterprises, and governments from one of the most dynamic areas of change and innovation (Cyber threats).  

Held from April 28 to May 1 at the Moscone Center in San Francisco, the event primarily lived up to its reputation as the world’s premier cybersecurity event. The event had over 40,000 attendees from 130 countries, 700 speakers, 450 sessions, and 650 exhibitors contributing to an interesting variety of ideas, innovations, and connections.  

As I attempted to find my way through the expo halls and incredibly busy session rooms, I was happy to see the diversity of perspectives (especially in the sessions) and the shared commitment to tackling the hyper-fast-moving cyberthreat landscape. This year’s theme, “Many Voices. One Community,” represented the collaborative spirit that defined the event. It was a genuinely global convergence of cybersecurity innovation and community. Below, I share my key takeaways, emerging themes, and reflections on the talks, attendees, and expo booths that made the RSAC™ 2025 Conference a strong event this year. 

Reach out to discuss this topic in depth.  

A diverse range of attendees and perspectives 

It is exhausting to walk through the Moscone Center, given that the event has grown to be an enormous representation of industry, taking over all corners of the Moscone Center. I experienced a broad mix of cybersecurity professionals, from Chief Information Security Officers (CISOs) and security analysts to policymakers, researchers, and start-up founders.  

The attendee list was expectedly diverse, with people from tech giants like Cisco and IBM, and more, mixed in with earlier-stage innovators at the RSAC Early-Stage Expo, which I thoroughly enjoyed. Government agencies, including CISA, the FBI, and the Department of Defense, were prominent, underscoring the public-private collaboration necessary to address today’s increasing threat environment. The diversity extended beyond job titles too; attendees came from over 130 countries, bringing unique cultural and regional perspectives to discussions on ransomware, artificial intelligence (AI), and critical infrastructure security. 

The expo: A rather manic showcase of cutting-edge innovation 

The expo halls are some of the busiest and most active expos I have attended. Whilst CES always wins that award, RSAC comes close with its growing attendee list and exuberant displays of attention-grabbing booths.  

This year featured a Monster Truck, F1 cars and dramatic light displays were on show, to name just a few attractions. Over 650 vendors were also displaying the latest in cybersecurity technology. At its booth, Splunk, a Platinum Plus sponsor, was busy demonstrating its unified threat detection and response platform, emphasizing the future of the Security Operations Center (SOC). I enjoyed their keynote session, featuring Tom Gillis and Mike Horn from Cisco, which explored how AI and data-driven security are transforming SecOps, a theme across the expo floor. Similarly, Netwrix unveiled enhancements to its 1Secure Software-as-a-Service (SaaS) platform, offering risk assessments for Active Directory and Microsoft 365 environments. 

Smaller companies also made a significant impact. At the Early-Stage Expo, I visited Govern 365, which demonstrated secure collaboration tools integrated with Microsoft 365. Their live demos highlighted how Virtual Data Rooms (VDRs) can streamline secure partnerships without additional costs. The RSAC Innovation Sandbox, celebrating its 20th year, was another feature I enjoyed, where ten startups competed for the title of the “Most Innovative start-up.”  

I also visited CalypsoAI, a top-tier finalist, recognized for its Inference Platform, securing AI at runtime with real-time protection and agentic red teaming, reinforcing its leadership in enterprise AI security. The energy in these booths reminded me that innovation often comes from agile, up-and-coming players challenging the status quo. I will leave the winner until the end of this post! 

Some key themes defining the RSAC™ 2025 Conference in 2025 

A look at a few of the themes that emerged from the sessions and conversations: 

1. AI as both a threat and defender: Artificial intelligence naturally dominated discussions, with sessions exploring its dual role as a tool for both attack and defense. Speakers from companies such as CrowdStrike and Google emphasized AI’s potential to enhance threat detection, whilst warning of its misuse by nation-state actors for social engineering and malware development. The consensus seemed clear: organizations must adopt AI responsibly, with robust guardrails to mitigate risks  

2. Identity as the new perimeter: Identity management was a recurring focus in cloud  and SaaS adoption. As expected, there was a tremendous turnout for companies in this space such as ENTRUST, IBM, SentinelOne, Okta, and Rubrik highlighted solutions for securing human and non-human identities across hybrid environments. Sessions stressed that identity is the last gate for security control, especially as perimeter-based defenses become obsolete 

3. Critical infrastructure under siege: Geopolitical tensions, particularly with China-backed threat actors like Volt Typhoon, underscored the urgent need for protecting critical infrastructure. Panels with CISA and DoD leaders discussed National Security Memorandum-22, emphasizing public-private collaboration to enhance resilience against cyberattacks targeting energy, water, and telecom sectors. 

4. Secure by design: The push for “secure by design” principles was a clear command, with CISA’s Jen Easterly and former director Chris Krebs advocating for embedding security into product development. This theme resonated in DevSecOps and cloud security sessions, where companies like Armis, AT&T Business, and Black Duck (My winner for best T-shirts!) Cloudflare, Google, and many others shared frameworks for proactive risk management 

5. Community and collaboration: The “Many Voices. One Community” theme was more than one of those aspirational taglines; it appeared to have substance. From Birds of a Feather discussions to the RSAC Sandbox’s interactive villages, the conference fostered collaboration across sectors. The Executive Security Action Forum, sponsored by Proofpoint, allowed Fortune 1000 executives to share strategies, reinforcing that cybersecurity is a team sport in an industry where one might assume it to be closed doors  

Macro-level takeaways 

Reflecting on RSAC 2025, three macro-level insights stand out: 

1. Cybersecurity is geopolitical: The conference highlighted how cyberthreats are increasingly tied to global conflicts. Nation-state actors, particularly from China, are targeting critical infrastructure, making cybersecurity a national security imperative. As seen in CISA’s initiatives, public-private partnerships are essential to counter these threats. 

2. The human element remains critically important: Despite advances in AI and automation, human behavior, whether through phishing, insider threats, or secure coding practices, remains an anchor of cybersecurity. Companies like Proofpoint emphasized human-centric strategies, while sessions on online safety for kids underscored the need to educate vulnerable populations 

3. Innovation must be accessible: The proliferation of startups at the Early-Stage Expo and Innovation Sandbox showed that innovation is thriving, but scalability and accessibility remain challenges. Solutions must be affordable and adaptable for organizations of all sizes, from small businesses to global enterprises 

My key moments and looking ahead: 

One of my favorite experiences was the RSAC Sandbox, where I engaged with companies at the interactive villages on cloud security and the Internet of Things (IoT). The Cybrew Café offered a space to discuss emerging threats over coffee, while the Innovation Sandbox pitches provided insight into the future of cybersecurity. Networking events like the CyBEER Ops Reception, hosted in the Early-Stage Expo, were suitable for connecting with peers and vendors like DataSunrise, which offered free expo passes to showcase its data security solutions. 

The RSAC 2025 Innovation Sandbox contest winner was ProjectDiscovery (@pdiscoveryio). They were named the “Most Innovative start-up” for their open-source vulnerability management platform, powered by Nuclei, which automates attack surface monitoring and vulnerability fixes. Submissions increased by a record 40%, and all Top 10 finalists received a $5M investment. CalypsoAI was a close contender, with the judges mentioning a tie for the top two before selecting ProjectDiscovery.  

Overall, RSAC 2025 was a display of the power of the community in tackling increasingly complex security challenges. The conference’s expanded campus, including the Yerba Buena Center for the Arts, provided more space for collaboration, and the new RSAC Membership Platform promises to keep the conversation going year-round.  

As I left San Francisco and went to NAPA for another event, the show met my expectations for driving activity. Clearly, for cybersecurity professionals, this is a critical event. As someone heavily focused on forward-looking innovations, I understand it would be complex to showcase future innovations in areas such as Quantum Security. However, finding a way to future-proof professionals would add a valued element to an otherwise comprehensive and necessary event.  

If you’d like to discuss RSAC 2025 and my key takeaways in more depth, please drop me an email at [email protected].