Join Francis Odum, founder of Software Analyst Cyber Research, Chris Hughes of Aquia and Resilient Cyber, cloud and AppSec engineer James Berthoty, and secure coding advocate Tanya Janca as they unpack insights from RSA Conference 2025. They discuss the transformative impact of AI on AppSec and security operations, the importance of runtime security, and innovative strategies for vulnerability management. Expect candid takes on industry challenges like ransomware and the diminishing focus on zero trust—along with actionable insights for the future of cybersecurity.
The RSA Conference 2025 highlighted a significant proactive embrace of AI in cybersecurity, reshaping practices for secure code review and vulnerability management.
Experts emphasized the rising importance of runtime security, advocating for real-time monitoring and detection capabilities to protect live applications effectively.
Panelists discussed challenges in application security, stressing the need for robust incident response frameworks and careful vendor evaluations amidst evolving threats.
Deep dives
The Evolution of AI in Cybersecurity
The discussion highlights how the integration of artificial intelligence (AI) in cybersecurity is shifting perceptions and practices within the industry. Unlike previous technological waves where security was adopted late, there is a proactive embrace of AI to enhance practices such as secure code review and vulnerability management. This change is fueled by the recognition that both developers and adversaries are leveraging AI capabilities, prompting security teams to explore innovative ways to harness this technology effectively. As a result, cybersecurity professionals are increasingly looking to understand how AI can optimize their security programs and address systemic issues like vulnerability backlogs.
Insights from the RSA Conference
The RSA Conference served as a pivotal platform where industry experts convened to discuss current challenges and developments in cybersecurity. Attendees noted a remarkable turnout, surpassing pre-pandemic numbers, indicative of a resurgent interest in cybersecurity as a field. Key themes emerging from discussions included the rise of AI technologies, their implications for various security frameworks, and a notable shift towards runtime security considerations. Panelists emphasized the importance of adapting to this evolving landscape, encouraging organizations to reassess their security strategies to incorporate lessons learned and emerging technologies.
Challenges in Application Security and Vendor Dynamics
A significant topic of conversation revolved around the critical challenges facing application security (AppSec) amidst a rapidly evolving threat landscape. Experts pointed out that while the integration of AI presents unique opportunities for enhancing AppSec, many organizations struggle to establish effective incident response frameworks for applications post-deployment. Concerns about vendor selection were also prevalent, with discussions noting how brand perception often influences decision-making rather than the technical merits of tools. This highlights the importance of conducting thorough evaluations to ensure that security solutions effectively meet specific organizational needs without being swayed by marketing dynamics.
The Importance of Runtime Security
Runtime security is increasingly recognized as an essential component of a comprehensive cybersecurity strategy, contrary to traditional approaches that primarily emphasize pre-deployment measures. Experts highlighted a pressing need for real-time monitoring and detection capabilities to safeguard live applications effectively. The conversation underlined that many existing detection methodologies may lack the responsiveness required in a dynamic environment where threats can emerge post-deployment. As organizations continue to embrace DevOps practices, the necessity for integrating runtime security tools and protocols into the development lifecycle has become evident to address vulnerabilities in real time.
Navigating the Future of Cybersecurity
Looking ahead, panelists expressed cautious optimism about how AI will reshape the cybersecurity landscape, particularly within application security. They noted that organizations would need to adapt their security protocols to keep pace with the growing integration of AI and machine learning technologies. The significance of fostering a culture of cybersecurity awareness among employees was also emphasized, especially given the increasing sophistication of cyber threats. Ultimately, the consensus was that while the landscape presents challenges, it also offers opportunities for innovation and improvement in securing systems against evolving threats.
Dive deep into the key takeaways from RSA Conference 2025 with our expert panel! Join Ashish Rajan, James Berthoty, Chris Hughes, Tanya Janca, and Francis Odum as they dissect the biggest trends, surprises, and "hot takes" from one of the world's largest cybersecurity events.
In this episode, we cover:
Initial reactions and the sheer scale of RSA Conference 2025.
Major themes: AI's impact on cybersecurity, especially AppSec, vendor consolidation, the evolution of runtime security, and more.
The rise of AI-native applications and how they're reshaping the landscape.
Deep dives into Application Security (AppSec), secure coding with AI, and the future of vulnerability management.
Understanding runtime security beyond DAST and its critical role.
Unexpected insights and surprising takeaways from the conference floor.
