Full Report
Ex-CISA boss also says no reason to panic about AI and security RSAC 2026 "Everybody feels massive FOMO if they don't get to RSAC," Jen Easterly says.…
Analysis Summary
# Industry News: Former CISA Chief Jen Easterly Debuts as RSAC CEO Amid Federal Absence
## Summary
Former CISA Director Jen Easterly has officially transitioned into her role as CEO of the RSA Conference (RSAC), overseeing a 2026 event themed around the "inextricable link" between AI and cybersecurity. Despite a record 43,000 attendees, the conference is navigating a notable absence of top federal agencies (FBI, NSA, CISA) following post-election political shifts and Easterly’s own appointment.
## Key Details
- **Date:** March 25, 2026
- **Companies Involved:** RSA Conference (RSAC), Cybersecurity and Infrastructure Security Agency (CISA)
- **Category:** Industry Event | Leadership Transition | Market Analysis
## The Story
The 2026 RSA Conference marks a significant shift in the cyber landscape as Jen Easterly, the former Director of CISA, takes the helm of the industry's most influential gathering. Easterly’s narrative centers on "relentless optimism," shifting the focus from AI-driven "Fear, Uncertainty, and Doubt" (FUD) to the technology's potential for systemic improvement.
She argues that while AI enables hyper-personalized phishing, it has not yet created "novel" cyber risks. Instead, the strategic focus should be on using AI to refactor legacy code and automate security within the software development lifecycle (SDLC). However, the event is shadowed by a geopolitical and domestic policy rift: federal agencies, which historically used RSAC as a primary platform for public-private partnership, have withdrawn their presence following the transition to the second Trump administration and Easterly’s subsequent resignation from government.
## Business Impact
### For the Companies Involved (RSAC)
- **Leadership Rebranding:** By appointing a high-profile former regulator, RSAC is positioning itself as more than a trade show; it is attempting to be a "diplomatic hub" for the digital ecosystem.
- **Attendance Resilience:** Despite the federal vacuum, the attendance of 43,000 signals that RSAC remains the "must-attend" commercial event for vendors and investors.
### For Competitors
- **Alternative Venues:** Events like Black Hat or regional government-focused summits may attempt to capture the federal attention and speaker slots that RSAC has temporarily lost.
### For Customers
- **Focus on Code Quality:** End users (CISOs) are being signaled to move away from the "patching cycle" and demand AI-driven "secure-by-design" products.
- **Lost Networking:** The absence of FBI and CISA officials means private-sector attendees lose direct access to federal threat intelligence sharing and policy guidance on the conference floor.
### For the Market
- **AI Integration Maturity:** The market is moves from viewing AI as a "feature" to an essential "infrastructure" component. Easterly's stance suggests a forthcoming shift in investment from "detection tools" to "automated code remediation."
## Technical Implications
- **Legacy Refactoring:** A major technical trend identified is the use of Large Language Models (LLMs) to rewrite insecure legacy code, which could significantly reduce the technical debt that currently drives global cyber risk.
- **AI-Driven Phishing Defense:** As phishing becomes more sophisticated via AI, technical defenses must pivot toward identity-based security and behavioral analytics rather than simple pattern matching.
## Strategic Analysis
- **Market Positioning:** RSAC is positioning itself as an independent, non-partisan platform to fill the void left by shifting government priorities.
- **Competitive Advantage:** Easterly’s deep ties to both the military and the private sector provide RSAC with unique "convening power" that few other industry bodies possess.
- **Challenges:** The primary risk is the continued "politicization" of cybersecurity. If the federal government remains absent, the conference may lose its status as the definitive site for public-private collaboration.
## Industry Reactions
- **Analyst Opinions:** Analysts generally view Easterly’s move to RSAC as a positive for the industry’s "soft power," though many remain concerned about the optics of a federal boycott.
- **Market Response:** The sheer volume of international attendees (100+ countries) suggests that the global market views cybersecurity as an operational necessity that transcends US domestic politics.
## Future Outlook
- **Federal Return:** Easterly predicts a return of federal agencies within the next few years, citing the necessity of "being in the room" where critical infrastructure owners congregate.
- **The Death of Patching:** Look for a surge in startups focusing on "AI Refactoring" and "Automated Governance" as the industry tries to move toward the "shocking anomaly" of ransomware.
## For Security Professionals
Practitioners should note the shift in rhetoric from purely defensive postures to proactive AI-enabled building. The takeaway is clear: proficiency in AI for code auditing and risk reduction is no longer optional—it is the prerequisite for the next era of cyber defense. Professionals should also monitor how the lack of federal presence at major hubs affects the speed and quality of threat intelligence dissemination.