RSAC in focus: Key takeaways for CISOs

The RSAC Conference 2025 last month left CISOs to process a whirlwind of discussions, innovations, and evolving strategic imperatives. Building on themes that gained significant traction in previous years, 2025’s event solidified several critical areas demanding CISO attention, from the pervasive influence of AI to the increasing personal and professional pressures of the CISO role itself.

For security leaders navigating this complex terrain, the key takeaways from San Francisco were both challenging and clarifying. With a focus on agentic AI, identity security, collaborative defense, and human-centric strategies, the conference provided valuable insights for security leaders.

Agentic AI: transforming security operations

Agentic AI, defined by autonomous systems capable of independent decision-making, was a major topic at RSAC Conference 2025. Cisco unveiled an open-source 8-billion-parameter Foundation AI Security Model, which is intended to improve detection and response capabilities within security operations centers (SOCs). This model is designed to automate tasks such as identifying intrusion methodologies, assessing severity, and generating compliance reports.

Vasu Jakkal, corporate vice president of security at Microsoft, highlighted the transformative potential of agentic AI in cybersecurity, discussing how AI agents can work collaboratively to detect and prevent intrusions, thereby reducing the cost and complexity of sophisticated security operations.

Identity security: beyond human users

The rise of digital ecosystems has resulted in numerous non-human identities, like machine-to-machine communications and AI agents. Traditional identity management is now inadequate, prompting organizations to secure these digital identities against unauthorized access and system compromises.

Comprehensive identity governance solutions are required, covering both human and non-human entities, with strong authentication and authorization protocols throughout the enterprise.

Collaborative defense between public and private sectors

RSAC Conference 2025 underscored the vital importance of collaboration between private enterprises and government agencies in addressing evolving digital challenges. Sessions emphasized the importance of sharing intelligence and coordinating responses to close gaps in cybersecurity. Collective knowledge and resources can help organizations better manage modern digital issues, creating a stronger defense network.

Speakers and panellists deliberated on strategies for effective public-private partnerships, advocating for open communication channels and trust-building measures. These partnerships aim to streamline intelligence sharing on harmful activities, making it more actionable and timely, while also pooling technological resources to tackle sophisticated malicious campaigns. Despite political shifts and challenges that can sometimes hinder collaboration, the overarching consensus was that such alliances are indispensable for fortifying both national and organizational cybersecurity postures.

CISOs are advised to foster partnerships through intelligence-sharing forums and collaborative plans, enhancing preparedness against emerging risks.

Human element as the persistent core of cybersecurity

While technological advancements dominate the cybersecurity landscape, the human factor remains a critical component. Keynotes and sessions consistently highlighted that human behavior, decision-making, and collaboration are irreplaceable elements in building robust security frameworks. Despite the proliferation of automation and artificial intelligence, the ability of humans to adapt swiftly to unforeseen security challenges and coordinate responses across diverse teams remains unmatched. This human-centric approach reinforces the significance of fostering a culture of vigilance and resilience within organizations, where each member is empowered to contribute to the collective defense.

The emphasis on community and shared responsibility further underscores the importance of continuous education and awareness programs. These initiatives are designed not only to enhance technical knowledge but also to cultivate critical thinking and proactive attitudes needed to counter increasingly sophisticated digital intrusions. By integrating these programs alongside cutting-edge technological defenses, organizations can strike a powerful balance, ensuring that while systems evolve to meet new challenges, the human element remains the persistent and vital core of cybersecurity success.

Innovation and investment driving the future

A key takeaway for CISOs from RSAC Conference 2025 is the recognition of ProjectDiscovery’s open-source platform for managing system weaknesses as a game-changer for under-resourced teams. Its advanced scanning capabilities highlight the growing importance of accessible security tools in democratizing cybersecurity efforts.