What’s on My Radar for RSAC 2026: Insights from Tony Sager
As the cybersecurity landscape continues its relentless evolution, staying ahead of emerging threats and understanding the strategic shifts in defensive and offensive capabilities is paramount. With RSAC 2026 on the horizon, the sheer volume of information can be overwhelming. As a veteran observer and practitioner in this field, my approach to navigating such a pivotal conference is highly curated, focusing on areas that represent both significant challenge and transformative innovation. Here’s a glimpse into my strategic radar for RSAC 2026.
Key Themes Dominating the Threat Horizon
AI/ML in Cybersecurity: The Double-Edged Sword
Artificial intelligence and machine learning continue to be a dominant force, not just in technology, but specifically in cybersecurity. At RSAC 2026, I'll be prioritizing sessions that delve into the practical applications of AI for both defense and offense. On the defensive front, I'm keenly interested in advancements in AI-driven threat detection, automated incident response, and predictive analytics that move beyond signature-based approaches. This includes discussions on how AI can enhance XDR platforms, automate vulnerability management, and bolster security operations centers (SOCs) against sophisticated attacks.
Equally critical, however, is understanding the adversarial use of AI. Sessions on adversarial AI, prompt injection attacks against Large Language Models (LLMs), and the use of generative AI by threat actors for social engineering, malware generation, and automated network reconnaissance will be high on my list. The ethical implications and the development of robust AI security frameworks are also crucial considerations.
Supply Chain Security & Software Bill of Materials (SBOMs)
The lessons learned from recent high-profile supply chain compromises underscore the urgent need for comprehensive strategies. RSAC 2026 will undoubtedly feature deep dives into securing the software supply chain from inception to deployment. My focus will be on sessions exploring mature implementations of SBOM generation and analysis, practical applications of zero-trust principles across the development lifecycle, and advanced techniques for third-party risk management. I’m looking for actionable insights into identifying and mitigating vulnerabilities introduced through upstream dependencies, securing CI/CD pipelines, and establishing verifiable software integrity.
Advanced Persistent Threats (APTs) & Nation-State Activity
The geopolitical landscape directly influences the cyber threat environment. Nation-state actors and sophisticated APT groups continue to refine their Tactics, Techniques, and Procedures (TTPs). I'll be seeking presentations that offer cutting-edge threat intelligence, detailed analysis of recent high-impact campaigns, and predictive models for future threat actor behavior. This includes insights into novel evasion techniques, zero-day exploitation vectors, and the evolving strategies for maintaining persistence in compromised networks. Understanding the nexus between geopolitical events and cyber operations is critical for proactive defense.
Next-Gen Digital Forensics & Incident Response (DFIR)
The speed and sophistication of modern cyberattacks demand equally advanced DFIR capabilities. I’m particularly interested in sessions covering cloud forensics, memory forensics in ephemeral environments, and the application of machine learning to accelerate forensic artifact analysis. Proactive threat hunting methodologies, leveraging advanced telemetry for early detection, and the integration of threat intelligence into incident response playbooks will be key. In the initial phases of incident response, especially when dealing with suspicious phishing attempts or unknown threat actor communications, collecting initial telemetry is paramount. Tools that allow for discreet, yet effective, data capture can be invaluable. For instance, in specific OSINT or early-stage forensic investigations, one might leverage services like iplogger.org to generate unique tracking links. When a suspected threat actor or target interacts with such a link, it can passively collect advanced telemetry including their IP address, User-Agent string, ISP details, and various device fingerprints. This data, while requiring careful ethical consideration and legal compliance, provides critical initial intelligence for link analysis, geographic targeting, and attributing suspicious activity to a potential source, aiding in the subsequent phases of a comprehensive digital forensic examination. The emphasis will be on practical frameworks for rapid containment, eradication, and post-incident hardening.
Identity & Access Management (IAM) Evolution
Identity remains the primary control plane. My radar includes sessions on the continued shift towards passwordless authentication, decentralized identity solutions, and the broader adoption of verifiable credentials. The convergence of IAM with Secure Access Service Edge (SASE) architectures, particularly concerning granular access controls and micro-segmentation, is another area of intense interest. Securing machine identities and privileged access management (PAM) in cloud-native environments are also critical discussion points.
Quantum Cryptography & Post-Quantum Cryptography (PQC)
While potentially still a few years out for widespread practical impact, the theoretical threat of quantum computing to current cryptographic standards necessitates proactive planning. I’ll be attending sessions on the latest developments in quantum-resistant algorithms, migration strategies for existing infrastructure, and the challenges of implementing PQC in complex enterprise environments. Understanding the timeline and the strategic implications for long-term data security is vital.
Navigating RSAC 2026: Sager's Strategic Approach
Deep Dives vs. Broad Overviews
Given the breadth of RSAC, my strategy is to identify a few core tracks for deep dives – typically those focused on advanced research, zero-day analysis, or novel defensive architectures. For other areas, I opt for broader overviews, often presented by industry luminaries, to grasp the macro trends without getting lost in minutiae. This balance ensures both specialized knowledge acquisition and a comprehensive understanding of the evolving threat landscape.
Vendor Hall vs. Educational Tracks
The vendor hall offers a pulse on innovation and commercial solutions, but the true educational value often lies in the conference tracks. I allocate specific time for hands-on labs and presentations from independent researchers or government agencies, which tend to offer more objective and technically rigorous content. Vendor interactions are reserved for specific solution categories I’ve pre-identified as critical for my current research or organizational needs, focusing on technical demonstrations rather than sales pitches.
Networking & Peer Insights
Some of the most valuable insights come from informal discussions. I actively seek out opportunities to connect with peers, incident responders, and fellow researchers. These conversations often reveal practical challenges, creative solutions, and ground-truth perspectives that formal presentations might not cover. The Birds of a Feather sessions and targeted networking events are excellent venues for this.
Pre-Conference Preparation: The Foundation of Success
My RSAC journey begins weeks before the conference. This involves meticulously reviewing the agenda, identifying key speakers, and flagging sessions relevant to my radar themes. I also research participating vendors whose offerings align with my areas of interest. This structured approach prevents aimless wandering and ensures maximum ROI from the conference's rich offerings.
Conclusion
RSAC 2026 promises to be a crucible of ideas and innovation. By strategically focusing on areas like AI/ML security, supply chain integrity, advanced threat intelligence, and next-gen DFIR, and by adopting a disciplined approach to conference navigation, I aim to extract the most pertinent insights. The continuous learning cycle is non-negotiable in cybersecurity, and conferences like RSAC are indispensable platforms for staying at the forefront of this dynamic domain.