RSA Conference 2025: Through the Eyes of a CISO

As a first-time attendee of RSA Conference in San Francisco, I found the scale and intensity remarkable and others confirmed this year felt notably different. With over 44,000 attendees and well 600+ exhibitors converging at the Moscone Center, the energy was palpable and the message was clear: cybersecurity is at an inflection point, and we need to adapt—fast.

As a CISO, I view RSA not just as an expo of tools, but as a barometer for where the industry is heading. This year, four themes stood out to me:

1. AI Is Everywhere—and It’s No Longer Optional

Artificial Intelligence wasn’t just a buzzword; it was the fabric woven through nearly every keynote, session, and vendor pitch. From Arctic Wolf’s AI-driven threat detection to Microsoft’s Security Copilot and Gurucul’s User and Entity Behavior Analytics (UEBA) solutions, it’s clear: security platforms are becoming intelligent, adaptive, and autonomous.

The real takeaway for security leaders: AI isn’t just about threat detection anymore; it demands rigorous data governance to maintain trust and compliance. Tools like Sentra.io stood out, showcasing their ability to help organizations manage data discovery, classification, and governance effectively. It’s powering decision-making, automating SOC triage, assisting identity validation, and, yes, it’s also being weaponized. The arms race between AI-enabled defenders and AI-powered attackers is officially on.

2. The Browser Is the New Endpoint

There was a noticeable shift in how vendors and practitioners are thinking about threat surfaces. Increasingly, the browser is becoming the new attack vector.

Remote work, SaaS adoption, and BYOD have pushed sensitive data into the browser session itself. Malware-less phishing, browser-based data exfiltration, rogue addons and extensions, session hijacking—these are real, and they’re rising. Vendors like Island, Talon, and Chrome Enterprise were on full display promoting secure enterprise browsing as a first-class control. Browser isolation technology from Zscaler was also showcased.

As IT professionals, are we truly securing how our users work? If the browser is the new endpoint, our defenses need to adjust accordingly.

3. Shift Left Is Gaining Real Security Traction

This wasn’t just DevSecOps lip service. Secure coding, software supply chain integrity, and runtime application protection, and API security were hot topics, with companies like Snyk, GitHub, and Wiz leading packed sessions. Even traditional Application Performance Monitoring (APM) stalwarts like Dynatrace were actively showcasing their shift-left capabilities, reinforcing the critical need to embed security early in the development process.

Executives are starting to recognize that investing in secure development practices upfront—threat modeling, dependency scanning, secret management—is far cheaper and more effective than retrofitting controls later. If you’re not already embedding security into your software lifecycle, you’re behind.

4. Platform Giants and Managed Outcomes

The security platform giants were out in full force—Cisco, Palo Alto Networks, CrowdStrike, Microsoft. They are not just selling point tools anymore; they’re promising end-to-end security ecosystems. Gurucul also emerged as an impressive up-and-coming security observability platform focused on identities and UEBA, offering advanced analytics to enhance visibility and proactively manage threats across complex environments. These vendors are integrating data lakes, shared threat intelligence, and operational efficiency—but managing these ecosystems requires specialized skills, continuous training, and dedicated resources.

But at the same time, I couldn’t ignore the overwhelming number of Managed Detection and Response (MDR) vendors on the floor. Everyone claims 24/7 detection, AI-enhanced response, and elite threat hunters. It’s clear security professionals need to scrutinize MDR partners not just for capabilities, but for measurable outcomes, transparency, predictable costs, and seamless alignment with internal security processes. As a CISO at Blue Mantis, it became clear to me why outcome-based MDR and added comprehensive cybersecurity offerings, like those offered through Blue Mantis’s Managed Cybersecurity Operations, are critical—especially given the skills required to effectively manage the sprawling ecosystems.

Final Thoughts

RSA 2025 reinforced that we’re not lacking for tools—we’re drowning in them. The challenge is how we integrate, prioritize, and scale cybersecurity practices that align with our business risk. Honorable mention goes to governance, risk, and compliance tools such as OneTrust, Drata and CyberSaint, which continue to play critical roles in managing regulatory and compliance complexities effectively.

If you’re leading security, the path forward is becoming clearer: leverage AI responsibly, secure the user workspace (especially the browser), build security into dev from the start, and demand more from your platforms and managed security services partners.

The threats aren’t slowing down. Neither should we.