First RSA as a Founder: Key Takeaways from RSAC 2025

We didn’t rent a booth.

We didn’t hand out swag or branded socks.

But we showed up to RSA Conference 2025 with open ears, comfortable shoes, and a product we’ve worked hard to build. What we got in return was better than clicks or badge scans.

We had conversations that shaped how we think about security, data, and what it actually means to help a SOC team.

Here’s what stood out.

‍

Agentic AI Was Everywhere, But Trust Wasn’t

“Agentic AI” was this year’s buzzword. You couldn’t walk 20 feet without seeing it on a booth or a slide.

But once you started talking to people, the shine wore off. The hype was replaced with real questions. What can you trust an agent to do in production? What happens when it gets it wrong? And how do you log and audit that?

The more grounded conversations weren’t about capabilities, but about confidence.

‍

SOC Automation is Driving an Identity Reckoning

One topic came up again and again in my conversations: machine identity.

As AI tools and autonomous agents start to triage alerts and take action in the SOC, they’re holding keys, tokens, and access to sensitive infrastructure. That raises real questions about how we assign, monitor, and revoke those privileges.

This isn't just a technical challenge. It’s a governance challenge. And most teams I spoke with aren’t ready for it.

‍

The Most Useful Session Wasn't a Keynote

If you only watch one RSA 2025 talk on replay, make it Dave Gold’s “The Future of the SOC in an AI-Driven Universe.”

It wasn’t flashy. It was clear, practical, and rooted in real SOC workflows. Dave laid out what L1 through L3 should look like when AI agents are in the mix. He showed how co-pilots can add value without replacing critical thinking.

It felt less like a keynote and more like a roadmap.

‍

Dave Gold speaking about the Future of AI in the SOC.

‍

Booths Were Massive, But Few Stood Out

It was impossible to ignore the size of this year’s booths. Some were closer to stage builds than trade show setups. But despite the spend, only a few were truly memorable.

Wiz delivered a clean, confident message. Torq brought in a monster truck. But most others blurred together into a sea of lighting grids and overlapping taglines.

Interestingly, the smaller startup booths upstairs had some of the best energy. It’s clear that presence matters more than polish.

‍

The imposing Grave Digger monster truck at RSAC 2025.

‍

The Food Was Bad

If you read David Spark’s recap, you already know: the food at RSA 2025 didn’t hit the mark.

But in a strange way, that worked in everyone’s favor. Instead of huddling over boxed lunches, people got out. I had some of my best conversations at sidewalk cafés and street corners between events.

Sometimes it’s easier to talk about real problems when you’re not standing under a neon banner.

‍

Would I Do It the Same Way Again?

Absolutely.

I met security engineers and leaders who care deeply about how their data flows. People who want fewer false positives, faster investigations, and better decisions made upstream—before data hits a SIEM or an alert hits an analyst.

If you’re thinking about how to:

Control costs for your SIEM / Data lake
Route data where it belongs
Speed up MTTR

My DMs are always open.