RSAC 2025: Session Highlights for Security Leaders | Elisity's Guide to the RSA Conference 2025 Agenda

The RSA Conference 2025: Where the Cybersecurity World Converges

The RSA Conference, #RSAC2025, widely recognized as the premier gathering in the cybersecurity industry, returns to San Francisco's Moscone Center from April 28 to May 1, 2025. For over 30 years, this landmark event has served as the definitive forum where security professionals from around the globe connect, share insights, and discover cutting-edge solutions to address evolving cyber threats.

What began as a small cryptography conference in 1991 has transformed into an essential event, bringing together more than 45,000 attendees, 700+ exhibitors, and hundreds of expert speakers. While the expo floor showcases the latest security technologies, the true value of RSAC 2025 extends far beyond the vendor booths—it's found in the knowledge exchange, strategic sessions, and meaningful conversations that shape the future of cybersecurity.

RSAC 2025 Featured Session: Healthcare Resilience in the Face of Cyber Disruptions

We're especially excited to highlight an outstanding session presented by Elisity customer Main Line Health. "Dr. Darkness or: How We Learned to Stop Worrying and Love Downtimes" (Thursday, May 1, 8:30 AM - 9:20 AM PDT) features Aaron Weismann, CISO of Main Line Health, along with Program Manager Anthony Fiore, sharing their groundbreaking approach to maintaining clinical operations during cyber disruptions.

Main Line Health, a not-for-profit health system serving Philadelphia and its suburbs with 5 hospitals and 40+ offices, partnered with Elisity to implement agentless microsegmentation across their complex environment. Their innovative program combines cutting-edge infrastructure, Chaos Engineering simulations, and disaster technology to ensure seamless continuity of care while embedding cybersecurity into their clinical safety culture. As Aaron Weismann notes, "Elisity provides technical distancing between devices to stop the spread and progression of a cyberattack. For impacted toxic assets, it also lets us excise them with surgical precision to preserve safe and effective technology-supported care continuity."

This session offers invaluable insights for healthcare security leaders and anyone responsible for protecting critical infrastructure where downtime isn't an option.

Why We've Created This RSA Conference 2025 Agenda Guide

At Elisity, we understand that security leaders from healthcare, manufacturing, state/local government, and education sectors face unique challenges when protecting their critical infrastructure against today's sophisticated attack vectors. Microsegmentation, a cornerstone of effective Zero Trust implementation, has become essential for organizations looking to prevent lateral movement and contain breaches.

We've carefully reviewed this year's comprehensive RSAC 2025 agenda to identify the 57 most valuable sessions for security architects, CISOs, CTOs, and network leaders who are focused on improving their security posture through microsegmentation. Our curated selection emphasizes topics that align with the priorities we consistently hear from our customers: preventing lateral movement, implementing Zero Trust, protecting IoT/OT environments, and meeting compliance requirements—all without adding operational complexity.

Whether you're in the early stages of your microsegmentation journey or looking to optimize your existing security controls, these sessions offer valuable insights to help protect your users, workloads, and devices across your enterprise networks.

Cyber Innovation and Security Early Adopters (SEA) – [INE-T02]

Timeslot: Tuesday, Apr 29, 9:40 AM – 10:30 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727907039659001tOn6

Abstract:
This panel discussion will cover what cyber innovation is as it relates to the startup world, then discuss the role, value, and impact for security leaders who engage with emerging companies to solve urgent and critical issues. Topics include identifying problem areas where innovation should play a role, as well as examining the pros and cons of adopting early-stage solutions.

Speakers:

• Mandy Andress, CISO, Elastic
• Tomasz Chowanski, Chief Information Security Officer, Kemper Insurance
• Shaun Blackburn, Deputy CISO, Gemini
• Justin Somaini, Partner, YL Ventures

Canary in the Cloud Mine: Stealthy Tripwires to Detect Post-Breach Activity – [CLS-T02]

Timeslot: Tuesday, Apr 29, 9:40 AM – 10:30 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727979170372001LyEY

Abstract:
Advanced and evolving cloud attacks (Blizzard) make breaches seem inevitable. This session describes a deception detection approach using canaries—with a bit of honey and razors—to implement stealthy tripwires that provide low-false-positive detections for post-breach lateral movement and privilege escalation. Attendees will learn techniques to apply to their environments and security tools.

Speaker:

• Jenko Hwong, Threat Research, WideField Security

Policy Pyramid to Deployment: A Community Approach to Deploying Security – [GRC-T01]

Timeslot: Tuesday, Apr 29, 8:30 AM – 9:20 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727902726485001E4S6

Abstract:
This session will dive into the Policy Pyramid! Attendees will learn to translate complex frameworks into actionable policies by leveraging modern practices and tools like generative AI. Explore expert-led instructions and real-world examples. Ideal for beginners or those seeking to mature their policy program.

Speakers:

• Stephanie Gass, Senior Director, Information Security, Center for Internet Security
• Kennidi Ortega, Sr. Information Security Analyst, Center for Internet Security

Modern Architectures: Mapping SASE to the Cyber Kill Chain – [NCS-T01]

Timeslot: Tuesday, Apr 29, 8:30 AM – 9:20 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727202001250001r3Bs

Abstract:
This session offers an overview of SSE/SASE architectures, their relevance, and how they map to the Cyber Kill Chain. Mapping frameworks to a SASE architecture can help with adoption and drive synergy across an IT organization by moving from point products to solutions that provide centralized visibility and policy enforcement.

Speakers:

• Niki Portell, Technical Solutions Architect, World Wide Technology
• Lucas Skipper, Technical Solutions Architect, WWT

Mapping CI Interdependence: Cyber Connectivity and Supply Chain Metrics – [TPV-T01]

Timeslot: Tuesday, Apr 29, 8:30 AM – 9:20 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727991589205001Jxbs

Abstract:
This session explores Critical Infrastructure Interdependency (CII) through case studies from the US, Canada, Singapore, and more. Attendees will learn how cyber connectivity and economic indicators can forecast cascading impacts across industries and CI sectors. Through demonstrations and case studies, the session highlights how to improve risk management and resilience planning.

Speaker:

• Tyson Macaulay, Founder, Inframetrics Analytics

Cloud, Identity & SaaS Forensic Investigation—Not What You Think! – [HTA-T01]

Timeslot: Tuesday, Apr 29, 8:30 AM – 9:20 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1728223156483001NgV6

Abstract:
Forensic investigation often conjures thoughts of disk cloning and memory analysis. But investigating cloud services, IdPs, and SaaS requires entirely new tools, skills, and a different mindset! This talk will teach attendees how to collect artifacts from multi-cloud and SaaS, identify attacks, and provide forensically sound evidence and records to support their conclusions.

Speaker:

• Ofer Maor, CTO, Mitiga

The Machines Are Learning, But Are We? – [SAT-M06]

Timeslot: Monday, Apr 28, 2:20 PM – 3:10 PM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727385607626001Dg4P

Abstract:
Using real case studies (like the British Library and Lapsus$ attacks) and original research, this session reveals critical gaps in cybersecurity readiness. The talk explores how AI and machine learning can help address these gaps, empowering organizations to build more resilient, adaptive security teams and transform into truly proactive defenders.

Speaker:

• Steve Wilson, Chief Product Officer, Exabeam

Reporting Lines Matter: The 2025 CISO’s Place in the Org Chart – [CSO-M06]

Timeslot: Monday, Apr 28, 2:20 PM – 3:10 PM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1726541591518001z3HT

Abstract:
The Chief Information Security Officer (CISO) role has been emerging for nearly three decades. Its scope and reporting structure have changed over time, varying significantly among organizations. This session explores six stages of evolution for the CISO role and provides guidance on where the security leader should report by 2025.

Speaker:

• Todd Fitzgerald, CISO, Cybersecurity Leadership Author, CISO SPOTLIGHT, LLC

Your Security Program Is a Product—Run It Like One – [CSO-M05]

Timeslot: Monday, Apr 28, 1:10 PM – 2:00 PM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1728272219513001G9wM

Abstract:
Balancing risk management with user experience, scale, cost, and technology is key, yet traditional operating models often miss the mark. This talk demonstrates how a product management mindset can drive better balance and outcomes in security. Attendees will learn what product management is, how it differs from other models, and real examples to ground its use in the organization.

Speaker:

• Mike Benjamin, Cybersecurity CTO, Capital One

Factory Under Siege: Red and Blue Team Tactics in Operational Technology – [CTF-M05]

Timeslot: Monday, Apr 28, 1:10 PM – 3:10 PM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727873018576001BtAx

Abstract:
In this workshop, participants engage in a high-stakes cyber battle within a factory’s OT systems. Divided into red and blue teams, they alternate offensive and defensive strategies in an interactive game. This approach emphasizes real-world relevance, dynamic decision-making, and collaborative learning, providing practical cybersecurity insights in an industrial environment.

Speakers:

• Nicholas Dhaeyer, Senior OT Analyst, NVISO
• Nick Foulon, Senior Security Consultant, NVISO
• Sarah Mader, Senior Security Consultant, NVISO

Cybersecurity Myth-Busting: Fact vs. Fiction in Cyber Programs – [MASH-M05]

Timeslot: Monday, Apr 28, 1:10 PM – 2:00 PM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727286600727001Y7oC

Abstract:
Challenge your assumptions about cybersecurity in this high-energy, interactive session. Ten widespread cyber myths will be put to the test. Attendees will walk away with myth-busting insights that align security strategies with business goals, helping to build truly resilient cyber programs.

Speakers:

• Scott Brammer, Cyber Advisor & Cybersecurity Podcaster, The Cyber Security Council
• Daniel Gorecki, Principal & CISO, NGC Risk

Securing Critical Infrastructure: A CISA, ODNI, DoD and Energy Sector POV – [DSA-M03]

Timeslot: Monday, Apr 28, 10:50 AM – 11:40 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1728158580051001yU31

Abstract:
Leaders from CISA, DoD, the Intelligence Community, and the energy sector discuss implementing National Security Memorandum-22 on Critical Infrastructure Security and Resilience. They explore cross-sectoral risk identification, public-private collaboration, and efforts to enhance intelligence sharing, ultimately strengthening critical infrastructure resilience.

Speakers:

• Michael Garcia, Associate Chief of Policy, CISA
• Jennifer Kidd, Team Lead, Defense Industrial Base (DIB) SRMA, Department of Defense
• Michael Purtill, Mission Manager, Office of Director of National Intelligence, Cyber Threat Intelligence Integration Center, ODNI
• Brad Stephenson, Director, Cybersecurity, Southern Company

Oops! EU Did It Again: How the Cyber Resilience Act is Changing Open Source – [TPV-M03]

Timeslot: Monday, Apr 28, 10:50 AM – 11:40 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1728126549367001j6cw

Abstract:
The EU’s Cyber Resilience Act will deeply impact the global open source ecosystem. One of its authors will explain how it adds security-by-design requirements for hardware and software, shifts responsibility for open source security to vendors, and introduces the “open source software steward” concept—an innovative regulatory approach to improving software security.

Speaker:

• Benjamin Bögel, Cabinet of European Commission Vice-President Virkkunen, European Commission

Identity: The Last Bastion Security Control in a SaaS World – [FND-M03]

Timeslot: Monday, Apr 28, 10:50 AM – 11:40 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1739202802736001n19X

Abstract:
Identity is pivotal for risk management and security control strategies. This session examines how enterprises are prioritizing identity and access within their security programs, how identity enables the next wave of AI technologies, and how attackers are targeting the entire identity stack for data theft, ransomware, and system compromises.

Speaker:

• Aaron Turner, Faculty, IANS Research

Guarding Your Words: Legal Risks for Cyber Professionals – [CSO-M03]

Timeslot: Monday, Apr 28, 10:50 AM – 11:40 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727476602185001nwVp

Abstract:
CISOs and cyber professionals face increased scrutiny of their statements—whether in reports, internal messages, sales materials, or public forums. Past statements about security can create legal risks when incidents occur. This panel of cyber lawyers provides cautionary tales and practical guidance on communicating about cybersecurity without incurring legal repercussions.

Speakers:

• Scott Jones, Senior Counsel, Johnson & Johnson
• Matt Jones, Partner, WilmerHale
• Mike Serra, Senior Counsel, Cisco Systems Inc.

ECH: Hello to Enhanced Privacy or Goodbye to Visibility? – [NCS-M03]

Timeslot: Monday, Apr 28, 10:50 AM – 11:40 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727899142773001fwd7

Abstract:
Encrypted Client Hello (ECH), an IETF TLS 1.3 extension, aims to boost security and privacy. This session dives into both the technical and business implications of ECH—from network security to the executive suite—and emphasizes the importance of stakeholder dialogue, compromise, and operational changes. Attendees will gain practical guidance on mitigating ECH’s potential impact.

Speakers:

• Arnaud Taddei, Global Security Strategist, Broadcom
• Roelof du Toit, Distinguished Engineer, Broadcom

10 Common Flaws in Incident Response Plans – [IMT-M03]

Timeslot: Monday, Apr 28, 10:50 AM – 11:40 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1725915980347001VWu5

Abstract:
Even with an incident response plan in place, organizations often stumble due to avoidable pitfalls. This session highlights the top 10 common flaws seen in IR plans and offers actionable recommendations to fix them. Attendees will leave with practical tips to respond more effectively and quickly when the next breach occurs.

Speaker:

• Alex Waintraub, Director of SOC, Simulint

Multi-District Litigation: Navigating the 2020 Ransomware Experience – [LAW-M02]

Timeslot: Monday, Apr 28, 9:40 AM – 10:30 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1728074655613001OPqr

Abstract:
This fireside chat examines the challenges of managing Multi-District Litigation (MDL) following a high-profile cybersecurity incident. Learn about litigation management, regulatory coordination, and public relations strategies, plus tips for preparing for data breaches and incident response. Gain first-hand insight into the benefits of collaboration.

Speakers:

• Jon Olson, Senior Vice President & General Counsel, Blackbaud, Inc.
• Ronald Raether, Partner, Troutman Pepper Locke

Practical Strategies for Security Architecture in a Changing World – [FND-M01]

Timeslot: Monday, Apr 28, 8:30 AM – 9:20 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1739908535083001Sgop

Abstract:
This session explores the core pillars of security architecture and provides pragmatic strategies for maintaining fundamental principles. By addressing system complexity holistically, attendees will gain a practical playbook for navigating security architecture challenges without losing sight of foundational best practices and considerations for a secure digital environment.

Speaker:

• Abhilasha Bhargav-Spantzel, Partner Security Architect, Microsoft

Having Zero Trust to Give: What Should Have Been Next? – [NCS-M01]

Timeslot: Monday, Apr 28, 8:30 AM – 9:20 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727294462755001HBUN

Abstract:
Zero Trust often refers to “Zero Trust Network Access” (over a decade old) or signals a marketing buzzword. This session reviews what Zero Trust should have delivered and how to apply it in the modern enterprise ecosystem to defend against modern breaches.

Speaker:

• Andy Ellis, Partner, YL Ventures

Applying and Adapting the CISA Zero Trust Maturity Model to the Enterprise – [LAB2-M01]

Timeslot: Monday, Apr 28, 8:30 AM – 10:30 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727370521033001Tm7S

Abstract:
The CISA Zero Trust Maturity Model is a de facto standard for measuring Zero Trust capabilities, but it must be adapted for each enterprise’s unique needs. In this hands-on session, attendees will learn why and how to tailor the CISA model to fit their specific environment, ensuring a balanced approach to security.

Speakers:

• Jerry Chapman, Director, Identity Services & Solutions, Verinext
• Jason Garbis, CEO, Numberline Security

Attacking and Defending Kubernetes: Privilege Escalation & Lateral Movement – [LAB1-T09]

Timeslot: Tuesday, Apr 29, 1:15 PM – 3:15 PM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1728059865873001l0UC

Abstract:
As workloads migrate to the cloud, Kubernetes attacks and mitigations can be intimidating. This hands-on Learning Lab shows how to use stolen Kubernetes credentials to compromise a pod, escape a node, and pivot to cloud resources. Then, participants will write policy as code, harden the cluster, and prevent repeat incidents.

Speakers:

• Eric Johnson, Senior Instructor, SANS Institute
• Shaun McCullough, Instructor & Course Author, SANS Institute

Turning Breach Fails into Best Practices – [GRC-T02]

Timeslot: Tuesday, Apr 29, 9:40 AM – 10:30 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1728045920755001tApp

Abstract:
Explore recent breaches in the Defense Industrial Base (DIB) and Department of Defense (DoD) to see which vulnerabilities attackers exploited. Learn how specific CMMC controls could have prevented these breaches, plus practical steps for implementing these safeguards to better protect sensitive data and enhance compliance.

Speakers:

• Stacy Bostjanick, Chief, DIB Cybersecurity, DoD Deputy CIO for Cybersecurity
• Tara Lemieux, Lead CMMC Assessor, Cybersec Investments

The Inevitable Collision Between 5G and Zero Trust: Real Life Solutions – [NCS-T02]

Timeslot: Tuesday, Apr 29, 9:40 AM – 10:30 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727888882151001apqp

Abstract:
5G brings unprecedented speed, low latency, and massive device connectivity—yet also introduces unique security challenges. Zero Trust offers a promising path to address these challenges. Learn how organizations can align 5G’s transformative connectivity with a Zero Trust framework to mitigate risks in next-generation networks.

Speakers:

• Anubhav Arora, VP, Security Engineering, Ericsson
• Chase Cunningham, DrZeroTrust, Lumu Technologies

Lessons Learned From New SEC Cybersecurity Disclosure Requirements – [CSO-T02]

Timeslot: Tuesday, Apr 29, 9:40 AM – 10:30 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1728064116494001q70d

Abstract:
In 2023, the SEC introduced new cybersecurity risk disclosure items (1.05 and 106) to increase transparency for investors. This session analyzes 10-K and 8-K statements to uncover key insights, commonalities, and actionable takeaways for security leaders who must comply with these requirements.

Speaker:

• Jeff Pollard, VP & Principal Analyst, Forrester

Knowing Your Weakness and Taking Action Before Attackers Do – [PART3-T10]

Timeslot: Tuesday, Apr 29, 2:25 PM – 3:15 PM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1737746071437001qvn5

Abstract:
Organizations can no longer operate in silos or rely on incomplete data to keep up with a fast-evolving threat landscape. This session explains how to leverage complete and accurate asset intelligence across devices, identities, applications, and infrastructure—turning asset data into a powerful foundation for proactive threat defense.

Speaker:

• Liz Morton, Field CISO, Axonius

Using the NIST CSF Maturity Toolkit to Evaluate Your Security Program – [GRC-T09]

Timeslot: Tuesday, Apr 29, 1:15 PM – 2:05 PM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1726408925254001FJrQ

Abstract:
The NIST CSF Maturity Toolkit is an open-source resource that helps organizations align the CSF with their technology maturity and enterprise risk management. This session covers challenges with the base CSF and demonstrates how the Toolkit uncovers hidden risks, providing a clearer path to security program improvement.

Speaker:

• John Masserini, Founder, Senticon Security

Proactive Insider Threat Management: A Real-World Case Study – [PART2-T09]

Timeslot: Tuesday, Apr 29, 1:15 PM – 2:05 PM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1737662282979001VokZ

Abstract:
Insider threats blend technical sophistication with human unpredictability. This session showcases how a global travel technology company revamped its insider threat program. Attendees will learn about implementing proactive threat monitoring, integrating fraud detection, and fostering collaboration across teams to mitigate insider risks.

Speakers:

• David Pinckard, VP of Product, Teramind
• Justin Skagen, Executive Director of Revenue Integrity, Fraud & Chargebacks, Arrivia

Classify It: Developing a Classification Engine for Data Loss Prevention – [PDP-M01]

Timeslot: Tuesday, Apr 29, 1:15 PM – 2:05 PM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727406568721001ZiQk

Abstract:
This session covers how Meta built a multi-stage classification engine for data loss prevention, using traditional machine learning and Llama to classify unstructured text. With over 100 million files classified in internal platforms, experts discuss labeled data collection, model development, testing, and deployment—and share lessons learned along the way.

Speaker:

• Robin Franklin Guha, Security Engineer, Meta

Risk Whisperers: Decoding Cyber Insurance – [LAW-W08]

Timeslot: Wednesday, Apr 30, 1:15 PM – 2:05 PM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1728270952621001DMhe

Abstract:
Cyber insurance is continually evolving, with changing underwriting guidelines, new coverages, and exclusions. This panel of experts discusses the latest developments in underwriting, legal issues, and claims trends to reveal how cyber insurance can align with existing security roadmaps and risk management strategies.

Speakers:

• Monique Ferraro, Cyber Counsel, HSB
• Peter Hedberg, Vice President, Underwriting, Corvus Insurance
• Christopher Seusing, Partner & Chair, Privacy & Cybersecurity Practice, Wood Smith Henning & Berman LLP
• Violet Sullivan, AVP, Cyber Services, Crum & Forster

Navigating Cyber Risk Insurance—Pre and Post "Boom" – [GRC-W08]

Timeslot: Wednesday, Apr 30, 1:15 PM – 2:05 PM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727278249819001wJby

Abstract:
Cyber risk insurance isn’t just another traditional policy—coverage details and insurer “preferred vendors” can vary wildly. This presentation empowers insured parties to maximize policy benefits and understand competing motivations among insurers and vendors. Learn strategies for bridging coverage gaps and ensuring a strong cybersecurity posture post-incident.

Speaker:

• Sarah Anderson, Founder & Attorney, SWA Law LLC / LegallyCyber.com

Enterprise Security Evolution: The Blindingly Fast and the Glacially Slow – [NCS-W08]

Timeslot: Wednesday, Apr 30, 1:15 PM – 2:05 PM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1726938055775001WSn7

Abstract:
How quickly do new threats emerge, and how slowly are security improvements deployed in enterprise networks? By drawing on years of data from large-scale operations, this session illustrates the rapid changes in attacker methods and the sometimes glacial pace of defensive adoption—shedding light on what to prioritize for network resilience.

Speaker:

• Vern Paxson, Chief Scientist & Co-Founder, Corelight, Inc

CIO Insights: Addressing The Toxic Cloud Trilogy – [PART2-W08]

Timeslot: Wednesday, Apr 30, 1:15 PM – 2:05 PM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1738847533284001PsDT

Abstract:
A secure cloud is mission-critical. This session reveals the top three cloud security priorities from a CIO’s perspective: uncovering misconfigurations, detecting vulnerabilities, and enforcing robust identity governance. Attendees walk away with a scorecard for assessing cloud security posture and actionable steps to close gaps.

Speaker:

• Patricia Grant, CIO, Tenable

Amplifying Success: How Security and Privacy Teams Break Barriers Together – [PDP-W08]

Timeslot: Wednesday, Apr 30, 1:15 PM – 2:05 PM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1726840798262001jGml

Abstract:
Cybersecurity and data privacy leaders may have different specialties, but their goals often align. By understanding each other’s motivations and limitations, they can collaborate more effectively. This session explores strategies for uniting security and privacy efforts to boost resilience, compliance, and user trust.

Speakers:

• Edy Glozman, VP of Legal, Axonius
• Lenny Zeltser, CISO, Axonius

Case Studies in Vulnerability Prioritization – [LAB3-W08]

Timeslot: Wednesday, Apr 30, 1:10 PM – 3:10 PM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727361244570001CDjO

Abstract:
The sheer volume of known vulnerabilities can be overwhelming. This interactive Learning Lab examines major real-world incidents to highlight how trends in vulnerability exploitation emerge. Attendees will learn how to refine their vulnerability prioritization strategies based on lessons from large-scale attacks.

Speaker:

• Audra Streetman, Senior Threat Intelligence Analyst, Splunk

NSA's State of the Hack 2025: The Latest Insights – [ANI-W02]

Timeslot: Wednesday, Apr 30, 9:40 AM – 10:30 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1728659355886001yPyb

Abstract:
Malicious cyber activity continues to grow in both scale and sophistication. With its unique vantage point, the NSA leverages threat intelligence to identify and disrupt attacks. This session highlights the latest threat landscape trends and offers practical guidance to protect against persistent and emerging threats.

Speaker:

• Dave Luber, Director of Cybersecurity, NSA

Inspiring Inclusivity: Perspectives from Diversity Leaders – [ICWD-W02]

Timeslot: Wednesday, Apr 30, 9:40 AM – 10:30 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727407763648001JfQf

Abstract:
“Many Voices, One Community” is this year’s focus. This panel brings together three industry leaders who advocate for minority voices. They share insights on building inclusive cybersecurity communities, championing advocacy initiatives, and collaborating to create broad, positive industry changes.

Speakers:

• Lynn Dohm, Executive Director, Women in CyberSecurity (WiCyS)
• Mari Galloway, President & CEO, Cyberjutsu
• Kristopher Rides, CEO & Founder, Tiro Security
• Larry Whiteside Jr, Co-founder and President, Confide

Revisiting Layered Security: A Robust Approach to Blocking Network Threats – [PART1-W01]

Timeslot: Wednesday, Apr 30, 8:30 AM – 9:20 AM PDT

Abstract:
This presentation explores how a multi-layered security strategy blocks threats before they can reach critical assets by leveraging machine learning and AI for real-time threat detection. Learn how this approach enhances network efficiency by intercepting threats at the edge, minimizing disruption, and maintaining resilience.

Speakers:

• Will Amores, Director, Product Management & Development, AT&T Business
• Senthil Ramakrishnan, AVP, Product Management & Dev Cybersecurity, AT&T Business

Expose and Disrupt: Build Your Attack Paths & Turn the Tables on Attackers – [IDY-W01]

Timeslot: Wednesday, Apr 30, 8:30 AM – 9:20 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727156833063001D711

Abstract:
Why do identity-based attacks persist despite extensive investments in identity protection? This session reveals how flipping the lens—from purely defensive to an attacker’s perspective—can highlight hidden vulnerabilities in foundational systems. Learn practical steps to identify and remediate exploit paths before attackers do.

Speakers:

• Lindbergh Caldeira, Cyber Security Operations Manager, SA Power Networks
• Ben Cooper, Senior Cybersecurity Analyst, SA Power Networks

2025 and Beyond: The Evolution of Identity-Centric Cybersecurity – [PART2-W01]

Timeslot: Wednesday, Apr 30, 8:30 AM – 9:20 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1737816591063001y5gX

Abstract:
By 2025, identity-centric security is paramount for defending against AI-driven cyberattacks. With remote work and multi-cloud adoption increasing, robust authentication and monitoring processes become vital. This session explores how organizations can prepare for emerging threats and maintain user privacy and trust.

Speaker:

• Vivin Sathyan, Chief Technology Consultant, ManageEngine

The Frugal CISO: Running a Strong Cybersecurity on a Budget – [CSO-R02]

Timeslot: Thursday, May 1, 9:40 AM – 10:30 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1728261708913001vWre

Abstract:
This session explores strategies for CISOs facing budget constraints. Topics include prioritizing spending on critical assets, leveraging free or open-source solutions, automating to cut costs, and outsourcing strategically. Attendees will learn to optimize resources without sacrificing a strong security posture.

Speaker:

• Anand Thangaraju, Field CISO, West Region, ePlus Inc.

Layering Threat Models to Drive Zero Trust Policies and Solutions – [NCS-R02]

Timeslot: Thursday, May 1, 9:40 AM – 10:30 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727387488323001ZRE1

Abstract:
Enterprises need a source of truth for logical and physical application topologies to define Zero Trust boundaries effectively. By layering threat models, organizations can derive data flow diagrams and architectures at scale. This session shows how capturing these visual models can drive downstream Zero Trust workflows and strengthen security.

Speaker:

• Brenna Leath, Principal, Software Security, Navy Federal Credit Union

Why Democratizing Cybersecurity is Good for Business – [PNG-R01]

Timeslot: Thursday, May 1, 8:30 AM – 9:20 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727386960290001XMoa

Abstract:
Shared cybersecurity infrastructure can reduce risk, improve equity, and lower costs. This session explores how open collaboration and community efforts can build a more secure digital ecosystem that benefits businesses worldwide—while reinforcing trust and resilience.

Speakers:

• Jochai Ben-Avie, Non-Resident Fellow, Atlantic Council
• Harriet Gardner, Senior Director of Corporate & Strategic Initiatives, Tides Foundation
• Kayle Giroud, Director, Common Good Initiatives, Global Cyber Alliance
• Chris Painter, President, The Global Forum on Cyber Expertise Foundation
• Robert Sheldon, Sr. Director, Public Policy & Strategy, CrowdStrike

Ransomware from ATT&CK to Zcash: An Interactive Simulation – [LAB2-R01]

Timeslot: Thursday, May 1, 8:30 AM – 10:30 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727325339706001Psci

Abstract:
Ransomware remains a significant threat. In this interactive simulation, attendees work together to manage a real-world ransomware attack scenario. Learn how to respond strategically, navigate crisis communications, and incorporate best practices into your organization's incident response plan.

Speakers:

• Harry Halikias, Sr. Director, Global Information Security, Sony Music Publishing
• Nadean Tanner, Director, Google

Investing in Cybersecurity: How to Fund the Business for Success – [INE-R01]

Timeslot: Thursday, May 1, 8:30 AM – 9:20 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1728268567063001MDST

Abstract:
For those contemplating starting or scaling a cybersecurity venture, this panel of venture capitalists provides insight into what they look for when evaluating companies. Learn tips for choosing the right partner, securing funding, and structuring a venture for rapid growth in the cybersecurity space.

Speakers:

• Collin Gallagher, Vice President, Thoma Bravo
• Katie Gray, Senior Partner, In-Q-Tel
• Andrew McClure, Managing Director, Forgepoint Capital
• Richard Seewald, Founder & Managing Partner, Evolution Equity Partners

The Five Most Dangerous New Attack Techniques…and What to Do for Each – [KEY-W13W]

Timeslot: Wednesday, Apr 30, 4:20 PM – 5:00 PM PDT
Session Link: (Included in doc text as SANS Institute panel, no direct link provided)

Abstract:
Experts from the SANS Institute review the most dangerous attack techniques shaping the cybersecurity landscape, what’s coming next, and the best strategies for defenders. Attendees will learn how to prioritize resources to tackle these emerging threats with actionable insights from trusted industry professionals.

Speakers:

• Ed Skoudis, President, SANS Technology Institute College
• Heather Barnhart, DFIR Curriculum Lead & Sr. Director, SANS Institute and Cellebrite
• Tim Conway, ICS Curriculum Lead, SANS Institute
• Rob T. Lee, Chief of Research & Head of Faculty, SANS Institute
• Joshua Wright, Faculty Fellow and Senior Technical Director, SANS Institute and Counter Hack Innovations

Catch Attackers Before They Strike with AI-powered Threat Intelligence – [KEY-W12W]

Timeslot: Wednesday, Apr 30, 3:55 PM – 4:15 PM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1736867818178001qkW7 

Abstract:
Critical infrastructure is being heavily targeted by AI-enabled cybercriminals and nation-state actors. Proactive cybersecurity programs must anticipate and intercept threats in their formation stage. Learn how AI-driven threat intelligence can pivot security teams from reactive posture to a forward-looking strategy that thwarts attacks before they happen.

Speaker:

• Nadir Izrael, CTO & Co-Founder, Armis

CISO Boot Camp Exclusive Fireside Chat with Tim Brown, CISO, SolarWinds – [CBC-W09]

Timeslot: Wednesday, Apr 30, 2:25 PM – 3:15 PM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1739403254724001isXh

Abstract:
Join this fireside chat with SolarWinds CISO Tim Brown to learn how to lead effectively before and after major cyber incidents. Gain insights into building an effective security culture, handling crises, and inspiring long-term resilience throughout your organization.

Speaker:

• Tim Brown, Chief Information Security Officer, SolarWinds

Application of Cyber-Informed Engineering to Municipal Utility Security – [DSA-W09]

Timeslot: Wednesday, Apr 30, 2:25 PM – 3:15 PM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727988964893001mtuX

Abstract:
Cyber-Informed Engineering (CIE) principles can bolster municipal utilities by engineering out risks in digital systems from the outset. Attendees will learn how CIE reduces complexity, ensures operational continuity, and improves resilience for critical services in an evolving threat environment.

Speakers:

• Marcus Sachs, SVP & Chief Engineer, Center for Internet Security
• Virginia Wright, Department Manager, Research Acceleration, Idaho National Laboratory

Actionable Insights from 2025 Verizon Data Breach Investigations Report – [PART2-W09]

Timeslot: Wednesday, Apr 30, 2:25 PM – 3:15 PM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1737671544518001wtOV

Abstract:
The DBIR analyzes real-world cybercrime instances across varied organizations. In 2025, new trends include AI-driven threats and increased third-party risk. This session reveals how these factors shape the modern threat landscape and how to incorporate findings into your security strategy.

Speakers:

• Chris Novak, VP, Global Cybersecurity Solutions, Verizon Business
• Alex Pinto, Associate Director of Threat Intelligence, Verizon

Expanding Extortion: Ransomware Worming-Cloud Attack Extort Victims – [HTA-R06]

Timeslot: Thursday, May 1, 1:30 PM – 2:20 PM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727887770082001B7HA

Abstract:
Learn how threat actors leverage exposed environment variable files for cloud-focused extortion attacks, affecting over 1,100 cloud accounts and leaking 90,000+ credentials. Investigators will share takedown efforts and key defensive approaches, including posture and runtime security, to prevent cloud-based ransomware campaigns.

Speaker:

• Nathaniel Quist, Principal Researcher, Palo Alto Networks, Unit 42

Standardizing a Privileged Access Model for a Multi-Cloud Environment – [CLS-R03]

Timeslot: Thursday, May 1, 10:50 AM – 11:40 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727064409437001Rxiz

Abstract:
Multi-cloud infrastructures can open pathways for credential theft and privilege escalation. Attackers exploit lateral movement paths and identity bridges to gain control. This session proposes an architecture to defend and secure multi-cloud environments by establishing robust privilege and identity controls.

Speakers:

• Rupanjana Mukherjee, Principal Security Architect, Google (Mandiant)
• Jon Sabberton, Senior Manager, Mandiant

Data-Centric Security: Why Granular Is Great – [PDP-R03]

Timeslot: Thursday, May 1, 10:50 AM – 11:40 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1728052668046001dcgw

Abstract:
Just as microservices replaced monolithic apps, data-centric security is replacing perimeter-based models. This session explores how the Trusted Data Format (TDF) applies protection directly to data, reducing reliance on ephemeral network perimeters and enabling more flexible, robust security strategies.

Speakers:

• Will Ackerly, Co-founder & CTO, Virtru
• Dana Morris, Senior Vice President, Product & Engineering, Virtru

Cybersecurity Isn't Ready for Agent Based Systems – [HUM-R03]

Timeslot: Thursday, May 1, 10:50 AM – 11:40 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1725637315784001D1Mx

Abstract:
Conversational AI is poised to become the primary interface, transforming computers into “Agent Based Systems.” This shift grants these systems agency akin to human users—meaning attackers may target them as they do people. This session examines future security challenges and the steps needed to secure emerging AI-driven interactions.

Speaker:

• Leigh Mcmullen, Distinguished VP, Analyst & Gartner Fellow, Gartner

Auth Complete, Access Denied: State of Accessibility in Cybersecurity – [DSA-R03]

Timeslot: Thursday, May 1, 10:50 AM – 11:40 AM PDT
Session Link: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1736963207358001h4nl

Abstract:
Accessibility in cybersecurity is not where it needs to be. In this session, a blind cybersecurity practitioner shares insights and best practices for designing security tools and workflows with universal accessibility in mind—highlighting solutions that benefit all users while making cybersecurity inclusive.

Speaker:

• Florian Beijers, Accessibility Expert, Dexxit

Connect with Elisity at the RSA Conference 2025

We hope this guide helps you maximize your time at RSA Conference 2025. If you're attending the event and want to learn more about how Elisity enables enterprises to rapidly improve their security posture, reduce risks, and accelerate Zero Trust maturity through identity-based microsegmentation, we invite you to connect with our team.

Elisity is a leap forward in network segmentation architecture, designed to be implemented in days without downtime. Our platform rapidly discovers every user, workload, and device on your enterprise network and correlates comprehensive usage insights into the Elisity IdentityGraph™, empowering your teams with the context needed to automate classification and apply dynamic security policies to any device wherever it appears on your network.

You can also schedule a personal meeting with our security experts by visiting https://www.elisity.com/demo-request. 

We look forward to seeing you in San Francisco!