By: Kacy Zurkus
Among the many voices heard this year, one line that reverberates even as the dust settles, came from Earvin “Magic” Johnson. In his inspirational keynote, Magic admitted an invaluable lesson he learned on the court—that his competitors made him better, stronger. “Larry Bird made me a better basketball player,” he said, affirming that there is so much we can learn from each other.
To quote Lynn Dohm, Executive Director, Women in CyberSecurity (WiCyS), who sat on a panel that discussed how to amplify the many voices of the cybersecurity community: “Well, what can I say, RSACTM 2025 Conference. You did it again. The energy of the sessions and events sparked invaluable connections, weaving a network of new opportunities and insights that will continue to resonate with us all for a lifetime!” Dohm was not alone in this sentiment, and we continue to hear from many attendees that RSAC 2025 was an incredible week of reconnecting, learning, and networking.
This year’s attendees certainly took full advantage of the opportunity to learn, whether it was through hands-on experiences in the RSAC Sandbox, like the Industrial Control System escape (ICScape) Rooms and the weeklong RSAC PicoCTF or through traditional track sessions.
The Foundations of Strong Security
In his keynote session, AI, Security, and Trust, Bruce Schneier argued, “Morals and reputation are what underpin interpersonal trust, but laws and security technologies are what compel us to act trustworthy.” Using Uber as an example of the security technologies that allow both the driver and passenger to trust each other, Schneier highlighted the differences between interpersonal trust and social trust before pointing out the ways that AI is changing the relational experience between humans and technology. The rapid advancements of AI technologies and the attacker’s ability to use AI to exploit stolen source code make it all the more important for practitioners to understand the fundamentals of GenAI because, as Schneier said, “We need trustworthy AI.” In order to trust AI, we first need to understand the technology, which was the focus of Diana Kelley’s session, Principles of GenAI Security: Foundations for Building Security. Kelley noted that her session provided a broad overview so that attendees could then decide where they wanted to delve a little deeper.
Protecting What Matters Most
In an effort to answer the question, “How do we make security everyone’s responsibility?” sessions on the Protecting Home & Family track offered detailed, actionable steps that everyone can take to protect their personal lives and the identities of their loved ones. From securing home routers to helping kids and older folks avoid falling victim to digital scams, these sessions individually and collectively provide a scam awareness playbook. Quoting the FBI’s IC3 report, Ayelet Biger-Levin said there has been a 33% increase in reported scams, evidencing why these sessions are so important for the RSAC Community.
Strengthening Cyber Defenses Together
The Keynote session, Making America Safe Again Through Cyber Defenses explored how to advance the cyber resilience of our nation together, a theme thread through several other sessions across the agenda. Security leaders and policy creators at the FBI and CISA, and the OT Cybersecurity Coalition were joined by Brad Stephenson, Director, Cybersecurity, Southern Company who talked about the different ways that organizations can work with government agencies both reactively and proactively. “As a large organization, we have a responsibility to do the work for the rest of our sector,” Stephenson said.
Yet, even the most mature organizations can still fumble, said Alex Waintraub, Senior Director of Cybersecurity, VMG Health, because of common flaws in incident response plans. Waintraub advised that it’s not only essential to have a plan, but that communication is a critical part of any incident response plan. Additionally, testing a plan with lawyers will help to ensure legal and regulatory compliance in the event of a cyber incident.
Because cybersecurity regulations continue to evolve, panelists Chris Krebs and General Paul Nakasone joined Ted Schlein to explore The Future of Tech Policy and how to foster collaboration between the public and private sector. Gen. Nakasone said, “Whatever you are going to do, make sure your adversary knows that you are playing in cyberspace every single day.”
Gen. Nakasone asked, “how do we think of a new future in which we are providing services by our government to different elements? We have 16 different elements of critical infrastructure, and some are better financed than others. Why are we not providing scanning, or protective DNS…things that will raise the bar?”
Ultimately, these questions must be answered to ensure the security of US critical infrastructure. Perhaps the most hopeful takeaway from all of these sessions and this year’s event as a whole is that in listening to the many voices and perspectives of the cybersecurity community, we can solve these really complex problems together.
Read more HERE