Another year and yet another RSAC Conference looms.
While there are a few invite-only events on Sunday, this year’s conference starts in earnest on Monday, March 23. Formerly known as RSA Conference—did anyone else catch that it changed names last year?—RSAC 2026 is a month earlier than last year and at first glance, larger, too. This year’s full agenda includes 658 events over the course of five days, 100+ more than last year.
With so much content—if you’re curious, this year there are 197 (!) talks on AI—it can be hard to separate the signal from the noise. To help, we’ve kept up our annual tradition of scouring the agenda to bring you a shortlist of sessions we think are worth making time for.
As not every session is available to every pass holder—some are invite-only, some are first-come, first-served—for this list, we looked at talks that we think full conference passholders should prioritize. Read on for a dozen talks that we’d like to catch, along with a brief summary of what we expect the talk to include.
AI, Regulation, & the Battle for Talent: The Future of the Cyber Workforce
Monday, Mar 23 8:30 AM – 9:20 AM PDT
Much has been made over the past few years of the cybersecurity skills gap but how persistent of a problem is it really? Are organizations investing in skills development and internal training to combat it? Those interested in answers to those questions and the future of cyber workforce strategy in general may want to prioritize this session. Researchers from SANS Institute who publish the SANS | GIAC Workforce Report—one of the industry’s leading cybersecurity workforce reports—will share their latest findings when it comes to hiring, retention, skills, standards, and how AI has impacted this year’s metrics.
Threat Modeling in the Age of Autonomy: Snapshots to Living Defense
Monday, Mar 23 10:50 AM – 11:40 AM PDT
Camille Stewart Gloster has been on our—and probably your radar—since co-founding the #ShareTheMicInCyber movement on Twitter back in 2020 to better amplify Black voices across the cybersecurity industry. Now CEO and Principal of CAS Strategies, an advisory firm that consults on cybersecurity, AI, and global policy, she has a unique view into how to approach emerging technology. She’ll be joined on Monday morning by Charles Nwatu, Head of Security & Compliance at compliance company Delve, to highlight threat modeling for AI supply chain risks and other shifting changes across the industry.
Belonging in Cyber: Building a Trusted Community
Monday, Mar 23 1:10 PM – 2:00 PM PDT
While technical proficiency is demonstrably important in cybersecurity, as we’ve seen over the years, soft skills, like networking and collaboration and empathy can be a force multiplier in this industry. In this session, hear from representatives from a handful of organizations—including Women in CyberSecurity (WiCyS), the Diana Initiative, BlackGirlsHack, and the Women’s Society of Cyberjutsu—that have helped tens of thousands of individuals build their networks and foster a greater community through memberships, training, and conferences. Those looking for a companion to this session should check out Harvard’s Ryan Rosado’s talk later in the week, on why belonging is the real fix for the cyber talent gap.
Could Infostealers Be the Choke Point in the Modern Cyber Kill Chain?
Monday, Mar 23 2:20 PM – 3:10 PM PDT
Infostealers dominated Red Canary’s 2025 Threat Detection Report and while some may seem similar on the surface, adversaries are always changing their tactics, techniques, and procedures (TTPs). This session will ask attendees a two-part question: Whether infostealers are the weakest link in the criminal supply chain and if disrupting them—potentially by getting adversaries to move away from low-cost, automated credential harvesting—could move the needle when it comes to diminishing their ROI.
Securing GenAI Adoption: Usage Insights, Threats, and Defenses
Tuesday, Mar 24 9:40 AM – 10:30 AM PDT
It’s no secret that organizations continue to leverage AI but what’s often unclear is the scope of how businesses are folding the technology into their existing stack. Are security teams embracing it with arms wide open or just beginning to dabble in it by helping free up SOC workers’ bandwidth to do more pressing work? Zscaler’s Deepen Desai and Dhawal Sharma will lead a discussion first thing Tuesday morning around how businesses are adopting generative AI while touching on risks stemming from the technology, including data leakage, prompt injection, and AI-powered phishing and impersonation.
Access Management During the Fog of Incident Response
Tuesday, Mar 24 9:40 AM – 10:30 AM PDT
When industry veteran Wendy Nather is speaking about identity and access management, it’s best to listen. In this informal and interactive Birds of a Feather session, Nather, who’s now director of 1Password’s Senior Research Initiatives program, will discuss how IAM infrastructures can get a real workout in an incident response event. Things can get messy quickly in these scenarios but IAM tools can help stop the bleeding—and provide helpful breadcrumbs when it comes time to pick up the pieces.
Dumb Ways to Die: Cybersecurity Edition
Wednesday, Mar 25 8:30 AM – 9:20 AM PDT
Details for this talk, which has to be a contender for best session title this year, are scant but the title alone piqued our interest. Megan Benoit, Lead Security Engineer at Nebraska Medicine, will walk attendees through her “least favorite dumb ways to die.” Working at a hospital, we’re thinking making mistakes like leaving physical USB ports active on nursing station terminals or putting infusion pumps and heart monitors on the same VLAN as the guest WiFi would be a good example but you’ll have to attend to find out for sure.
AI and the New Offensive Playbook of State Sponsored Cyberthreat Actors
Wednesday, Mar 25 9:40 AM – 10:30 AM PDT
As we’ve seen, adversaries continue to use AI for efficiency—to write code faster, customize phishing messages, and to quickly process data—but how are these tactics upping the game? Join friend of Red Canary, MITRE’s Adam Pennington, along with experts in adversary simulation/emulation from Adversary Village, OpenSourceMalware, and DEF CON, to hear firsthand how adversaries are using the technology to automate exploitation and evade defenses.
The Always-On Purple Team: Going Full Spectrum with AI-Powered Red Ops
Wednesday, Mar 25 1:15 PM – 2:05 PM PDT
Instructors from the SANS Institute, Erik Van Buggenhout and Jeroen Vandeleur, are back for yet another installment of their popular Always-On Purple Team sessions. The concept is based around transforming purple teaming from a periodic, manual exercise into a continuous, automated process, almost like a CI/CD pipeline for detection engineering. This year’s talk, their fourth in a series, introduces AI-powered red team agents that are skilled in doing a lot of the heavy lifting, like OSINT, EASM, and payload delivery.
Rethinking Vulnerability Backlogs: When CVSS Scores Don’t Match Reality
Thursday, Mar 26 10:50 AM – 11:40 AM PDT
Often, conventional logic—compounded by requirements under compliance frameworks—suggests patching the highest severity CVSS vulnerabilities first. This frame of thinking often discounts a vulnerability’s risk. Instead focusing solely on the impact of a vulnerability if it’s exploited, teams should consider outcomes through real application context. Datadog’s Kennedy Toomey plans to discuss all of this and more in this talk on Thursday morning.
What Are You, Really? Authenticating Workloads in a Zero Trust World
Thursday, Mar 26 12:20 PM – 1:10 PM PDT
As we’ve written here before, authentication proves identity but session protection needs to be continuous. Workloads aren’t people but they still need identity and a way to authenticate across clouds and trust domains. In this session, Zscaler CISO Sam Curry and Chief Scientist Yaroslav Rosomakho will explore evolving methods for workload authentication across multi-cloud environments, such as mTLS and remote attestation, to help organizations implement scalable identity solutions and secure a critical blind spot in modern security.
AI in SecOps: Sharing Lessons Learned for Adoption Maturity
Thursday, Mar 26 12:20 PM – 1:10 PM PDT
Red Canary has spent so much time incorporating AI agents into the SOC and streamlining SecOps processes over the past few years, and we’re always interested in hearing more tales from the SOC trenches. That’s exactly what this session promises. In this nearly hourlong discussion on Thursday, Google’s Anton Chuvakin will lead a panel of peers to share how AI has enhanced workflow auditing, malware analysis, remediation automation, and more.
