RSAC 2025 has come and gone. Which means cybersecurity marketers everywhere are taking a well-deserved deep breath.
And while it’s always been a prime spot for learning and networking, this year’s event actually reminded me of RSACs of old. Which is a great place to start with a few of my key takeaways.
RSAC Bucks the Conference Trend
The conference was busy! The show floor was packed!
While some global events have struggled to rebuild over the past couple of years, RSAC seems to have bucked this trend. The economic uncertainty also didn’t impact attendance as much as I initially expected — great news, and a reminder that this conference remains an important tentpole moment for all cybersecurity communication programs and PR strategy planning.
Brands Think Outside the Convention Center
There has always been a large brand experience play at RSAC. However, this year the trend went into overdrive. Almost every restaurant, bar, or open space within two blocks of Moscone was booked by brands.
Obviously, these areas act partially as a space for the company itself to conduct business. However, it’s also a sign attendees are adapting a more ‘ins and outs’ approach to conferences. And with attendees not spending as much time on the show floor, brands are finding them elsewhere.
Related reading: PRovoke Media on how experiential marketing is changing event PR
In-Person Networking Is Alive Again
This year SourceCode hosted its inaugural RSAC media breakfast, where we welcomed over 30 press and cybersecurity marketers.
The event provided an avenue for marketers to not only network with each other — but with some of the most notable media attending the conference. We had reporters from Cyber Protection Magazine, Security Weekly Podcast, BBC and Datos Insights
Lots of amazing conversations were had, and we can’t wait to make this a fixture of the RSAC calendar.
Reporters Face Greater Time Constraints
The only area where attendance suffered was amongst the media.
Not only were there fewer media outlets in attendance, but many reporters were only attending for a couple of days. This increased frugality should start to play into future media relations strategies for the event.
General background briefings are out. Aligning talk tracks to the issues discussed in sessions or keynotes is increasingly important. Providing value is key — which is why events like SourceCode’s media breakfast are an increasing touch point for reporters.
But it wasn’t just about the media. Beyond the familiar topics like AI and identity, it became clear that the industry is entering a new era of complexity. Quantum threats, cultural shifts, and evolving incident response expectations are all reshaping the way we think about cybersecurity. Here are a few additional trends that stood out to me and should be on every communicator’s radar heading into the second half of 2025.
Identity security takes center stage
Identity was a dominant theme at RSAC 2025, with experts emphasizing the urgent need to secure the identity layer. As credential abuse continues to drive breaches (according to Verizon’s DBIR), brands must adopt stronger passwordless and multi-factor authentication (MFA) protocols. SourceCode is helping cybersecurity companies craft narratives around next-gen identity protection to meet media and investor interest.
AI in cybersecurity is accelerating on both sides
Generative AI technologies in threat detection, automated vulnerability management, and the ethics of AI in security, among other topics. Additionally, the rise of AI-driven cyber threats, complex IT environments, and stricter regulations are making secure modernization essential. Media were covering AI’s role in cybersecurity and staying ahead of the evolving threat landscape. Source: CSO
Human direction for AI deployment: Generative AI is rapidly evolving but requires human direction, emphasizing the need for vigilance in AI deployment, citing risks like bias and hallucination. While AI can accelerate threat detection and response, human expertise remains crucial for validating results and driving resilience.
Government topics were top of mind, especially after Kristi Noem’s session
Cybersecurity and the federal government: Tensions are high between the cybersecurity sector and the U.S. government due to workforce layoffs, contract cuts, and partisan politics. While partnerships were strong under Biden, trust is eroding. The Trump administration’s approach to these relationships remains uncertain and longstanding public-private cybersecurity partnerships are being tested, though collaboration is deemed essential.
Our contacts at the AP and The Register specifically asked if our clients had engagements with the current admin and are open to discussing them
With the new administration making so many changes, media were heavily focused on government-related topics like CISA’s absence from RSA and the National Security Council’s push for offensive operations.
China and North Korea top the list of cyber adversaries
According to a Google Cloud report discussed at RSAC, state-sponsored cyberattacks from China and North Korea are escalating. These actors are exploiting zero-day vulnerabilities and embedding operatives in U.S. companies as remote workers. SourceCode is helping clients frame these global threat narratives in a way that educates audiences while establishing authority.
Want to see how a thoughtful, high-impact media strategy plays out in the cybersecurity space? Check out how we helped elevate Sonatype’s executive profiles through strategic media and social engagement.
And there we have it — another RSAC in the books.
Hope all in attendance had a great show, and hope to see you next year. Ideally at the 2026 edition of our RSAC media breakfast!
If you’re planning your post-RSAC communications strategy or want to make a bigger impact in cybersecurity PR, connect with our team — we’d love to help you lead the conversation.