Written by Paul Starr, CEO at SEP2.
Connect on LinkedIn.
I attended RSA Conference in San Francisco this year alongside over 44,000 other attendees to explore the latest advancements in the cyber security industry. I wanted to share some highlights and personal thoughts on the sessions and events that stood out to me the most.
Day One: RSA Conference 2025 Innovation Sandbox
Although I anticipated a high volume of AI-related pitches, I was pleased to find that this wasn’t the case. While the session did indeed highlight solutions for protecting organisations from AI threats and misuse, as well as the application of AI in security protections, it was refreshing to observe that some finalists presented solutions unrelated to AI. Michael Malone of smallstep even humorously remarked during his pitch, “We are NOT AI.”
Highlights from the session
Metalware: I found the Metalware pitch to be quite impressive. Although it seems to specifically targets firmware vendors, the vulnerability data source they offer could be highly beneficial for many organisations.
smallstep: smallstep is an identity platform, and I really enjoyed their pitch, specifically the fact that this solution spans multiple security categories and challenges.
ProjectDiscovery: ProjectDiscovery particularly stood out to me; I loved their approach to transforming the vulnerability identification space, especially with their community and open-source orientation.
The top two finalists,Calypso AI and ProjectDiscovery, were well-deserved, and it was difficult to call which way the judges would go. In the end, however, my personal favourite won. A huge congratulations to ProjectDiscovery and their CEO Andy Cao.
Day Two: Inspiration from RSA
I had another fantastic day at RSA and was able to enjoy talks from Sandra Joyce at Google Cloud Security, George Kurtz at CrowdStrike, and many others. David Gold’s session on ‘The Future of the SOC in an AI-Driven Universe’ resonated with a lot of my own views.
I ended the day with a non-security keynote interview between actress Bryce Dallas Howard and her dad, filmmaker Ron Howard. This talk was all about his creative journey as well as his personal thoughts on the advancement in technology, which was a pleasant change to the norm.
As an operational security professional, I often find myself deeply engrossed in the practical aspects and outcomes of implementing solutions. Therefore, it was particularly intriguing for me that my favourite talk of the day had a strong theoretical foundation. While there was considerable discussion regarding operational strategies and planning, it was the theoretical insights that truly captured my attention. One concept that particularly resonated with me was the notion that, unlike traditional development where outcomes can be anticipated and directions are generally known, the process of developing and training AI models often leads to results that are unexpected and cannot be predicted.
Day Three and Four: Memorable Moments
Days three and four have been incredibly productive, filled with insightful and engaging discussions. A notable keynote on day three was ‘Cybersecurity Year-in-Review and The Future Ahead’ presented by Kevin Mandia and Nicole Perlroth. Despite the title referencing the year in review, I found the mentions of earlier hacks and their experiences particularly fascinating. I plan to listen to Nicole’s podcast ‘To Catch a Thief’.
It was amazing to see Magic Johnson and his infectious energy. Surprisingly, I didn’t get a picture, even though he spent the first five minutes posing with everyone. What a personality!
I didn’t spend as much time in the Expo as I have done in previous years, but I did take a few laps and was impressed by the scale. Plus, I saw a goat (and who doesn’t like a goat?)
One particularly compelling subject discussed in several talks, with a dedicated presentation from the threat intelligence teams and the FBI, was the issue of DPRK Remote Workers. These attackers are being hired as remote workers and subsequently stealing data. The complexity of these attacks and the integration of various exploits and technologies is remarkable.
RSA Conference 2025 has been great and I have really enjoyed it. I’ll have more to follow up on later, which you can read about on my LinkedIn, but right now I need to get home, sleep, and spend time with my family.
Follow us on LinkedIn to keep up to date with SEP2 news and updates.
