The Moscone Center in San Francisco prepares to host the 2026 RSA Conference from March 23 to March 26, a gathering that serves as the primary clearinghouse for defensive strategy. Monday opens with the Innovation Sandbox and high-impact seminars. Tuesday and Wednesday represent the operational core with keynote addresses and the broadest selection of track sessions. Thursday closes the week with deep-dive technical explorations and forward-looking policy debates.
Security leaders attend this event to validate their risk management assumptions against the collective intelligence of 45,000 peers. The 2026 agenda focuses heavily on the “Power of Community,” highlighting that isolated defenses fail against automated, decentralized threats. This year, the primary narratives center on the practical governance of agentic AI, the defense of critical infrastructure, and the necessity of identity-centric security in a world of synthetic media.
The following selections represent the most anticipated RSAC 2026 sessions for decision makers looking to optimize their time in San Francisco:
1. The Innovation Sandbox Contest
Date: Monday, March 23
Time: 12:00 PM – 3:00 PM
Type: Special Presentation
Speaker: Various Startup Finalists
This session provides a snapshot of where venture capital is flowing. Seeing the top ten finalists pitch their technologies reveals the specific problems that the market believes are currently unsolved. It is the best place to spot emerging technologies before they become mainstream acquisitions.
2. Opening Keynotes: The State of Cybersecurity
Date: Tuesday, March 24
Time: 8:00 AM – 10:00 AM
Type: Keynote
Speakers: Rohit Ghai (CEO, RSA) and Guests
This presentation sets the strategic tone for the fiscal year. Ghai typically provides a high-level view of how macroeconomic shifts influence attacker behavior. For an executive, this session clarifies the “Power of Community” theme and provides the language needed to discuss risk with the board of directors.
3. Cyber at the Top: Beyond Confidentiality
Date: Tuesday, March 24
Time: 1:15 PM – 2:05 PM
Type: Track Session
Speaker: Elena Kvochko (CISO, Miller Knott)
Kvochko addresses the shift from simple data protection to total business resilience. This session is relevant because it moves the conversation away from technical metrics and toward operational integrity. It provides a blueprint for CISOs to align their programs with revenue-generating activities.
4. Reality vs. Hype: The AI Threat Landscape
Date: Wednesday, March 25
Time: 8:30 AM – 9:20 AM
Type: Track Session
Speaker: Dr. Herbert Lin (Stanford University)
Dr. Lin is a leading voice on the intersection of policy and technology. He strips away the marketing fluff surrounding machine learning to show exactly how attackers use these tools. Decision makers gain a realistic understanding of what their teams are actually up against, preventing over-investment in unnecessary tools.
5. Surviving Security’s Most Complex Cryptographic Transition
Date: Wednesday, March 25
Time: 9:40 AM – 10:30 AM
Type: Track Session
Speaker: Post-Quantum Standards Panel
The transition to post-quantum cryptography is a multi-year project with significant budget implications. This panel provides a timeline for when legacy systems become liabilities. Leaders need this information to bake cryptographic agility into their long-term infrastructure refreshes.
6. The After Deployment Dilemma: Runtime Reality of AI Agents
Date: Wednesday, March 25
Time: 1:15 PM – 2:05 PM
Type: Track Session
Speaker: Security Research Lead (Various)
As companies move from simple chatbots to autonomous agents that take actions on behalf of users, the risk surface changes. This session explores the liability and safety concerns of agentic AI. It is a must-attend for anyone overseeing a software development lifecycle or internal productivity tools.
7. What Professionals Need to Know about Legal and Regulatory Developments
Date: Thursday, March 26
Time: 8:30 AM – 9:20 AM
Type: Track Session
Speaker: Global Privacy and Legal Experts
Regulatory compliance is no longer a check-the-box exercise. This session covers the latest enforcement trends from the SEC, FTC, and international bodies. It offers practical advice on how to structure incident response disclosures to minimize legal exposure.
8. Deepfakes Are Real: Trust Is Not Automatic Anymore
Date: Thursday, March 26
Time: 10:50 AM – 11:40 AM
Type: Track Session
Speaker: Identity Specialists
Identity is the new perimeter. This session demonstrates how synthetic media can bypass traditional multi-factor authentication and social engineering defenses. Leaders will learn why hardware-backed identity and continuous verification are becoming the new baseline.
9. Disrupting Cybercrime Networks at Scale
Date: Thursday, March 26
Time: 1:00 PM – 1:50 PM
Type: Track Session
Speaker: Representatives from FBI and Interpol
Understanding the business model of cybercrime is the first step to breaking it. This session details recent global takedowns and the infrastructure attackers rely on. It provides a unique perspective on the geopolitical realities of modern digital conflict.
10. The Hugh Thompson Show: The Power of Community
Date: Thursday, March 26
Time: 3:00 PM – 4:00 PM
Type: Keynote / Special Event
Speaker: Dr. Hugh Thompson (RSAC Program Chair) and Guests
This final session often features high-profile guests from outside the tech industry to provide a broader context on security. It serves as an intellectual palette cleanser that connects the week’s technical findings back to the human element of security and leadership.
Strategic Alignment for the Year Ahead
The value of these four days lies in the ability to pressure-test your current strategy against the findings of the world’s most aggressive researchers and most experienced defenders.
Success demands the translation of insights into a specific, actionable defense plan. Use the knowledge gained in San Francisco to anticipate the moves of your adversaries.
