Your Role-by-Role Guide to RSAC 2026: What to Do and See

The Moscone Center in San Francisco represents the epicenter for the 2026 RSA Conference, running from March 23 to March 26. This gathering serves as the primary clearinghouse for high-level risk management strategies and defensive engineering. For four days, the halls are packed with technical sessions, hands-on learning labs, and the massive Expo floor, providing a concentrated environment for professionals to synchronize their efforts against global threats.

The 2026 event focuses heavily on the “Power of Community,” emphasizing that individual defenses fail without collaborative intelligence. This year, the conversation centers on the practical implementation of agentic AI, the shifting regulatory demands on boardrooms, and the hardening of critical infrastructure against increasingly autonomous threats.

Monday opens with high-impact seminars and the Innovation Sandbox, where the next generation of security startups competes. Tuesday and Wednesday represent the core of the conference, featuring keynotes and the widest array of track sessions. Thursday closes the event with deep-dive technical explorations and a focus on long-term sustainability in security operations.

Here is a curated selection of sessions aligned to the needs and priorities of key security roles:

Chief Information Security Officer (CISO)

The CISO Insights track provides direct value by addressing the intersection of business risk and technical defense.

• Cyber at the Top: Beyond Confidentiality: Focuses on the CISO’s expanding role in ensuring business resilience and integrity beyond simple data protection.
• The After Deployment Dilemma: Runtime Reality of AI Agents: Explores the governance and liability risks associated with autonomous AI agents in the enterprise.
• Surviving Security’s Most Complex Cryptographic Transition: A strategic look at the timeline and budget requirements for post-quantum readiness.
• What Cybersecurity Professionals Need to Know about Legal and Regulatory Developments: Essential for aligning security programs with global compliance mandates.
• ESAF (Executive Security Action Forum): Closed-door sessions for Fortune 1000 leaders to discuss sensitive risk management hurdles.

Security Engineer

The Cloud Security track offers the specific technical blueprints engineers need to build resilient environments.

• Beyond Zero Trust: Continuous Validation for Modern Enterprise Security: Provides the methodology for testing if Zero Trust controls actually work as intended.
• Ransomware, AI, and 5G: Engineering Resilient Networks: Details the technical requirements for securing high-bandwidth, low-latency infrastructure.
• The Cutting Edge: Contesting APT Abuse of Networking Devices: A deep dive into how advanced actors manipulate firmware and edge devices.
• Agentic AI Operation: Securing the Autonomous Workspace: Technical strategies for implementing guardrails around internal AI systems.
• Cloud-Native Protection: Lessons from the Field: Real-world examples of misconfigurations that led to major breaches in containerized environments.

Threat Intelligence Analyst

The Analytics & Intelligence track helps analysts convert raw data into actionable defensive strategies.

• Disrupting Cybercrime Networks at Scale: Analyzes the infrastructure used by modern cartels and how to disrupt their financial incentives.
• Reality vs. Hype: AI Threat Landscape: Separates marketing fluff from the actual ways attackers use machine learning to automate phishing and exploit discovery.
• Operation Endgame: A Retrospective on Global Disruption: A case study on international cooperation in taking down major botnets.
• Deepfakes Are Real: Trust Is Not Automatic Anymore: Examines the tools and techniques for verifying digital identities in an era of synthetic media.
• Intelligence Fusion in ICS/OT Security: How to combine traditional IT threat data with specialized industrial telemetry.

SOC Manager

The Incident Management track focuses on improving the efficiency and morale of the modern operations center.

• AI-Driven Security Operations: From Triage to Response: Discusses how to use AI to reduce alert fatigue without introducing new blind spots.
• SOC Platform: Unified Visibility in a Fragmented World: A look at consolidating toolsets to create a more coherent operational view.
• Designing for Containment, Not Just Prevention: Shifts the focus to limiting the blast radius of inevitable compromises.
• Agentic Defense: Leveraging Autonomous Agents in the SOC: How to deploy AI “interns” to handle low-level investigative tasks.
• CyBEER Ops Networking: A focused social event for SOC leaders to share staffing and retention strategies.

DevSecOps Engineer

The AppSec track is the best fit for those embedding security into the software lifecycle.

• The Runtime Reality of AI Agents: Examines the security challenges of deploying AI models into production environments.
• Real-World Mobile Assessment Challenges: Practical solutions for securing mobile applications against sophisticated endpoint attacks.
• Securing the Data-Centric Workspace: Focuses on protecting the data itself as it moves through various development pipelines.
• Continuous Validation in the CI/CD Pipeline: How to automate security testing without slowing down the release cycle.
• Secure AI Data Center: Architecting the underlying infrastructure that supports heavy machine learning workloads.

Security Architect

The Security Strategy and Architecture track provides the framework for long-term technical planning.

• Identity-Based Segmentation Across IT and OT: A blueprint for extending modern identity controls into legacy industrial environments.
• Microsegmentation: Avoiding the “Illusion of Done”: Addresses the common pitfalls in large-scale segmentation projects.
• Modern Threat Architecture: Responding to Agentic AI: How to design systems that can defend against autonomous attack scripts.
• Unified SASE: Bridging the Gap Between Network and Security: A strategic look at merging connectivity and protection at the edge.
• Designing for Resiliency in Critical Infrastructure: Focuses on the unique uptime requirements of power, water, and healthcare systems.

Incident Response Lead

The Incident Management track gives response leads a front-row seat to the latest attacker methodologies.

• Reducing Breach Impact through Containment: Specific tactics for isolating compromised segments during an active event.
• The Cutting Edge: Contesting APT Abuse: Understanding how sophisticated actors persist in the network after the initial breach.
• Lessons Learned in Using Data to Identify Fraud: How to use behavioral telemetry to spot account takeovers early.
• Ransomware Defense in 2026: A look at the latest extortion tactics and how to neutralize them.
• Industrial Control Systems: Vulnerability of Proprietary Protocols: Preparing for incidents involving non-standard networking hardware.

Security Product Manager

The Security Strategy & Architecture track allows product leaders to see where the market is moving and what gaps remain.

• RSAC Innovation Sandbox: The premier event for spotting emerging technologies and market-disrupting ideas.
• RSAC Launch Pad: A look at even earlier-stage companies trying to find product-market fit.
• Reality vs. Hype in the AI Marketplace: Understanding what customers actually need versus what is being overpromised.
• The Future of Identity: From Passwords to Biometrics and Beyond: Gauging the demand for next-generation authentication tools.
• Exploring the Early-Stage Expo: A chance to interact directly with founders and see the newest tools before they hit the mainstream.

Red Team Hacker/Ethical Hacker

The Hackers and Threats track is the natural home for offensive specialists looking to sharpen their skills.

• Contesting APT Abuse of Networking Devices: Advanced techniques for exploiting—and therefore defending—the hardware layer.
• AI-Driven Attacks: The New Frontier: How attackers use large language models to generate custom exploits at scale.
• Bypassing Zero Trust Controls: A critical look at the weaknesses in modern “secure” architectures.
• Exploiting Proprietary ICS Protocols: Deep-dive technical session on the vulnerabilities found in industrial hardware.
• Red Teaming the AI Agent: How to trick autonomous agents into leaking data or performing unauthorized actions.

Government/Public Sector Security Advisor

The Policy and Government track is essential for those navigating the intersection of national security and private industry.

• International Cybersecurity Forum: Discussions on cross-border cooperation and the norms of digital conflict.
• Rising Regulation and Digital Sovereignty: How different nations are approaching data localization and security mandates.
• Public-Private Partnership in Disrupting Cybercrime: Case studies on how government agencies and private firms collaborate.
• Securing the 5G and 6G Future: The policy implications of high-speed, pervasive connectivity.
• The Global Cryptographic Transition: Policy-level discussions on the risks of quantum computing to national security.

Precision Networking and Tactical Insight

Security leaders who approach the event with a specific role-based agenda will return with a clearer understanding of the competitive landscape and a more defined path for securing their organizations in an increasingly automated world. Focus on the sessions that challenge your current roadmap rather than those that merely confirm it.