The RSA Conference is one of the most anticipated events in cybersecurity, bringing together thousands of experts from around the world to share ideas, spark innovation, and tackle the industry’s biggest challenges.
This year, TrustNet returned to this prestigious stage, with Chief Information Security Officer, Trevor Horwitz and Chief Technology Officer, Mike Kerem as session speakers.
The conference ran from April 28 to May 1, 2025, at San Francisco’s Moscone Center, embraces the theme “Many Voices. One Community.” For TrustNet, it’s more than just a chance to join the conversation; it’s a moment to help shape it.
A Legacy of Expertise and Leadership
Trevor and Mike are no strangers to the RSA stage. The duo gave a thought-provoking presentation on indoor proximity systems, or beacons, on behalf of iTrust back in 2017.
They discussed important privacy and security issues as well as revolutionary developments in IoT. The team’s technical rigor and thought leadership were demonstrated throughout the discussion, which covered everything from how beacons may be compromised to providing methods for their safe deployment.
Both Trevor and Mike looked to build on this legacy of cybersecurity and compliance expertise. This year’s presentation, titled “The Dark Side of SOC 2: Third-Party Risks Hiding in Plain Sight”, promised an even higher level of depth, expertise, and actionable insights.
The Dark Side of SOC 2: Third-Party Risks Hiding in Plain Sight
SOC 2 compliance, while critical in today’s vendor ecosystems, is widely misunderstood. Many organizations assume “compliance equals security”, but the reality is far more complex.
TrustNet utilized our RSAC 2025 session to highlight how SOC 2 reports often create a false sense of security.
We started by breaking down the core structure of SOC 2, including the Trust Services Criteria, the differences between Type I and Type II reports, and the key elements that shape a vendor’s control posture. This gave attendees a clear baseline before we moved into real risks that appear when vendors narrow scope or leave out critical information.
The session outlined the issues that teams face during vendor reviews. These issues include misaligned scope, missing domains, overlooked subservice providers, inconsistent audit depth, clean reports that hide weak testing, and CUECs that customers forget to implement.
We showed how each risk affects decision-making and how to verify details that vendors often gloss over.
Attendees walked away with practical steps to read SOC 2 reports with more accuracy, confirm third-party dependencies, test assumptions, and map shared controls to their own environment.
The goal wasn’t to challenge the value of SOC 2. We aimed to help organizations use it as a stronger decision tool and reduce blind spots across their vendor ecosystem.
Strengthen Your SOC 2 Strategy with Expert Guidance
TrustNet’s insightful session revealed where teams overlook control gaps and how those gaps create real exposure. Our seasoned experts study these patterns, break them down, and give leaders clear steps that tighten security and sharpen audit readiness.
Teams often reach out to us when they want to:
- Reduce uncertainty in their vendor risk program.
- Align internal controls with current SOC 2 expectations.
- Prepare for audits with fewer surprises and stronger evidence.
- Improve visibility across third-party relationships.
TrustNet guides organizations that want stronger compliance and predictable outcomes. We move fast and focus on results that support long-term security.
Contact Us Today to review your SOC 2 goals and get support from an expert team that knows how to help you move forward with confidence.
For continuous updates on TrustNet and #RSAC, follow TrustNet on LinkedIn.
