Soon over 40,000 people will gather in San Francisco for this year’s RSA conference. Many consider RSAC the industry’s most significant event (though Black Hat / DEF CON would disagree…). Legions of vendors, practitioners, investors, and thought leaders come together at the Moscone Center to review industry trends, discuss new technologies, and chart the industry’s path forward.
2025 marks CardinalOps’ 3rd year exhibiting at the conference. We’re more excited than ever to participate and help solve the industry’s critical challenges. And of course, to see what’s getting all the buzz! Read on for our 2025 RSA conference guide to learn what we’re most hyped about at this year’s show.
2025’s “One Community” Theme (or: How to Halt Hackers with Harmony)
Each year, RSA has a theme that sets the tone for the conference. The 2024 theme was “The Art of the Possible,” appropriate for a year marked by a massive wave of AI innovation.
Apparently RSA themes, like fashion trends, are cyclical. 2025’s theme, “Many Voices, One Community,” resembles the “Stronger Together” theme from 2023. This emphasizes the importance of diverse perspectives. That could mean bringing a wide range of backgrounds to the table for high-level strategy discussions, or including a variety of domain experts and technical perspectives when implementing tactical security programs.
We’re excited to see how the theme shows up this year. It’s already emerging in our conversations with customers, prospects, advisors, and analysts. Effective security programs require open communication and collaboration between IT and security, and between different security teams. This is especially true for broader initiatives like Continuous Threat Exposure Management (CTEM), where collaboration between detection and prevention helps improve an organization’s overall security posture. More on that later…
Last Year’s Takeaways, This Year’s Discourse
Key industry trends in focus at RSA 2024 illuminated the pace of change in the industry. They also reiterated some “eternal truths.” Last year’s takeaways will likely frame this year’s trends and hot topics, so let’s take a look.
What’s Next for AI?
True to 2024’s “Art of the Possible” theme, AI was everywhere. Vendors tried to entice customers (and investors) with promises of AI-powered innovation for every corner of the industry. Practitioners tried to distinguish fact from fiction (or, functional software from vaporware). Analysts and thought leaders framed AI as “the ultimate double edged sword,” bringing massive potential yet introducing significant new risks.
This year a continuation of the AI discussion is expected. Governance processes are still trying to catch up to the breakneck pace of AI adoption by productivity-minded employees. “Shadow AI” is the new “Shadow IT.” Meanwhile, agentic AI promises to make autonomous security operations a reality. But how far will this new frontier go? Do we really want a humanless SOC?
Squint hard enough, and this might look like a similar (but more accelerated and dramatic) version of how widespread cloud and SaaS adoption transformed the workforce in the 2010s. Is this history repeating, rhyming, or… hallucinating?
Talent Challenges & Federal Impacts
Workforce transformation relates to a more evergreen trend: cybersecurity talent challenges. Last year’s show gave a platform for both employee AND employer perspectives. Employee concerns around burnout and stress were balanced with employer challenges with skills gaps and hiring difficulties. This year it will be interesting to hear new takes on this perpetual challenge in the context of AI. What impact will AI have on the talent pool?
That pivots to another 2024 trend: government and industry collaboration. Last year, then-Secretary of State Anthony Blinken delivered a keynote emphasizing cybersecurity’s critical societal role, with solidarity as a guiding principle. Fast forward a year, and things feel… different.
Cuts to federal agencies earlier this year have put many practitioners back on the job hunt. Workforce impacts are still taking shape but will likely make an already tough job market even tougher. Then more recently, the drama around funding the CVE program earlier this month raised alarm bells across the industry.
This year’s show could shed more light on how the current administration might shift the center of gravity for public-private partnerships. We’re also anticipating private sector leaders providing their insights on how to navigate the shifting landscape.
The Hype Continues for Continuous Threat Exposure Management (CTEM)
CTEM emerged as a key theme last year, reflecting the industry’s shift toward proactive, holistic, and risk-driven approaches. Sometimes it takes a while for Gartner’s new concepts and acronyms to stick (looking at you, CNAAP). After CTEM’s introduction in 2022, it finally got its moment last year.
When Gartner introduces a new framework like CTEM, vendors scramble to position themselves as the leading solution to implement it, whether they actually solve the challenges in the research or not. Vendors’ current CTEM positioning appears to be ahead of actual exposure management capabilities in many cases (and even further ahead of buyers’ understanding of “exposure management” concepts).
Gartner describes CTEM as a complex, 5 step process including Scoping, Discovery, Prioritization, Validation, and Mobilization. It requires a wide range of tools to implement effectively. Asset management, configuration management databases, vulnerability scanning and management, attack surface management, breach attack simulation, and automated pen testing all play a role.
CTEM Hype vs. VM Status Quo
The hype around CTEM has coincided with vulnerability management (VM) vendors slapping an “exposure management” label on their existing capabilities. But the concept of exposures is more complex than vulnerabilities. Vulnerabilities are a demonstrated flaw or weakness in a specific system or application. Exposures may include one or more vulnerabilities but account for a broader set of considerations. This includes specific attack surfaces, related paths to exploit assets, business priorities and context, and the presence and effectiveness of a range of controls.
In the context of exposure management, controls go well beyond patches that VM tools typically prescribe. Controlling exposures extends to security hygiene, awareness training, system hardening, security policies, governance, and other proactive prevention measures. These controls also include detection rules that can identify threats and facilitate response workflows when proactive measures aren’t practical. Managing these exposures and prioritizing remediations requires ongoing risk assessments, mapping coverage to attacker tactics and techniques using frameworks like MITRE ATT&CK.
So are these VM vendors actually updating their feature sets to help teams continuously assess their exposures? Or are they simply blurring the lines to hitch their wagon to the CTEM hype train? At CardinalOps, our approach to CTEM started with this broader concept of exposures and focuses on monitoring coverage gaps with MITRE ATT&CK mappings. This unique perspective allows us to help teams continuously assess and reduce exposure by showing what security controls they have, whether those controls will protect against relevant threats, and how to close the gaps.
Gartner’s latest Hype Cycle for Security Operations plotted CTEM at the top of the peak of inflated expectations, so the market clearly has high hopes for CTEM’s transformative potential. We’re incredibly excited to propel this conversation forward by learning more from leaders, practitioners, and advisors while showing off our new exposure management capabilities.
Exhibit Hall Buzz Radar
Let’s wrap up with the fun stuff: what’s going to generate the most buzz in the exhibit hall?! Last year we stalked the show floor like an overly caffeinated SOC analyst to see the most over the top booth designs and the swaggiest of swag giveaways.
The Booths
Wiz, as always, impressed with their award-winning “Wiz Mart.” Their supermarket-style exhibit featured fictional household products, with wordplay on cloud security topics and interactive games to reveal hidden content. They even transported a few lucky booth visitors to Flavortown. A pretty convincing Guy Fieri impersonator hosting a round of Grocery Games.
We’re looking forward to seeing how Wiz’s recent acquisition by Google will change their presence this year, if at all. Can another vendor out-Wiz Wiz in 2025? Other compelling designs last year included Torq’s hyper-automation comic book theme, Panther’s “Detectapalooza” music festival theme, and Varonis’s sleek racing themed booth, so we’ve got our eyes peeled for more unique concepts this year.
The Swag
For the swag hounds, last year’s exhibitors gave away everything from custom hats to branded high-end bourbons and scotches to Pokemon-style trading cards. Crowdstrike’s adversary figurines stood out, depicting real world hacking groups in the style of Marvel villains. It’s anyone’s guess what will impress this year, but if you’re really into sneaker culture, we highly recommend you stop by our booth…
The Parties
Copious quantities of coffee carried us well past the expo to countless happy hours, networking sessions, and after parties. SentinelOne always puts on a big show Tuesday night, and this year MarshMello headlines as a follow up to Deadmau5’s 2024 appearance. Top VC firm Insight Partners is hosting a 90’s themed party to crank up the nostalgia with a special appearance by the band O.A.R. Meanwhile, our partners at ThreatConnect will host a lively “Rockin Mocktails” event with the Sober in Cyber team for those who want some buzz without the booze. Whatever you get into, remember: it’s a marathon, not a sprint.
Charging into RSAC 2025 and Beyond
RSAC 2025 will be a glorious chaos of AI hype, analyst acronym soup, swag FOMO, and maybe a little existential dread realizing how much you still need to learn. Our guidance: wear comfy shoes, pace yourself, and stay hydrated. And may the swag odds be ever in your favor!
Spring in San Francisco is a perfect time and place to discuss cross-pollinating your detection and prevention for exposure management. So if you’re getting a CTEM program up and running, drop by Booth 4505 or set a meeting to chat with us!