Blog  RSA 2025: Industry Trends Business Leaders Are Watching Out For

The RSA Conference 2025, set for April 28 to May 1 in San Francisco, is poised to tackle the pressing challenges shaping the future of cybersecurity. This year’s event will focus on pivotal topics, including: 

• • Real-world risk, highlighting the complexities of today’s threat landscape. 
  • AI-driven threats are redefining security strategies. 
  • Compliance limitations demand bold, innovative approaches. 

We spoke with seven leading voices in cybersecurity and business to better understand these trends. Their insights reveal the strategies businesses must prioritize to adapt and thrive in 2025’s fast-evolving environment. 

Building on these discussions, TrustNet is proud to return to the RSA stage. Chief Information Security Officer Trevor Horwitz and Chief Technology Officer Mike Kerem will lead the session “The Dark Side of SOC 2: Third-Party Risks Hiding in Plain Sight.” Attendees can expect actionable strategies, cutting-edge analysis, and fresh perspectives on tackling hidden vulnerabilities. 

Read on to explore these insights and prepare for what lies ahead. 

Cybersecurity Trends to Watch at This Year’s RSA Conference

1. AI Transforming Security Strategies

The RSA Conference 2025 is shaping up to be a fascinating event, with some key trends and sessions worth paying attention to, especially for those of us interested in how cybersecurity is evolving. Artificial intelligence (AI) seems to be taking center stage this year, with over 40% of session proposals focusing on AI-related topics. That alone signals how rapidly AI is transforming both the threats we face and the tools we use to defend against them. 

Saddat says, “AI is becoming the double-edged sword of cybersecurity–it’s both the attacker’s weapon and the defender’s shield.” 

“This resonates with what’s being discussed at RSA. For example, sessions like “The Inevitable Collision Between 5G and Zero Trust” and “Expose and Disrupt: Build Your Attack Paths” dive into how AI is reshaping security strategies. These talks focus on using AI to predict and prevent attacks while also addressing vulnerabilities created by emerging technologies like 5G. 

Another interesting theme this year is identity security. With 80% of cyberattacks involving compromised credentials, it’s clear that securing identities–both human and non-human–is a top priority. Sessions like “2025 and Beyond: The Evolution of Identity-Centric Cybersecurity” highlight how multi-factor authentication and passwordless systems are becoming essential defenses. 

One session I’d personally keep an eye on is “Turning Breach Fails into Best Practices,” which examines how recent breaches could have been mitigated through better compliance and controls. It’s always insightful to learn from real-world examples, especially when they’re tied to practical solutions. 

From my perspective, the RSA Conference isn’t just about catching up on trends–it’s about understanding where the industry is headed. For example, the focus on microsegmentation in healthcare security or the rise of AI-driven phishing attacks shows how diverse the challenges are across sectors. These discussions remind us that cybersecurity isn’t just a technical issue; it’s about protecting people, data, and systems in a rapidly changing world.” 

Saddat Abid, CEO, Property Saviour

2. Zero-Trust Architecture and Internal Traffic Monitoring

“Keeping an eye on the latest developments in zero-trust architecture is key this year. While zero-trust isn’t new, many companies still struggle with its implementation. The focus is shifting towards the practical application of zero-trust in hybrid environments, where cloud and on-premises systems intersect. It’s fascinating to see discussions around how to manage micro-segmentation effectively without creating an administrative nightmare. Too often, businesses overlook the importance of monitoring internal traffic. Employing tools to watch what’s already inside your network can catch anomalies early and prevent breaches before they escalate. 

Another trend catching my attention is autonomous threat detection using AI. The integration of machine learning to predict and respond to threats in real-time is moving from theoretical to practical in many businesses. Not enough organizations prioritize creating comprehensive data lakes for AI analysis, missing out on valuable insights. Building a robust dataset can better support AI models and help you spot threats that would otherwise slip by traditional methods. The takeaway here is to enhance your data collection strategies, ensuring your AI solutions have the rich data they need to be truly effective.” 

Matthew Franzyshen, Business Development Manager, Ascendant Technologies, Inc. 

3. AI and Machine Learning in Cybersecurity

“At this year’s RSA Conference, I’m paying close attention to how AI and machine learning are being applied to cybersecurity. These technologies are becoming crucial in detecting threats and automating responses. I’m also focusing on the evolving risks of cloud security. As businesses move more data online, the attack surface grows. 

Another area I’m watching is zero-trust security models. The shift from perimeter-based defenses to continuous authentication is gaining momentum. 

Finally, I’ll be looking for sessions on ransomware trends and emerging threat actor tactics. These attacks continue to be a major concern for businesses worldwide. 

My goal is to stay ahead of new techniques that could help organizations better defend against the increasing sophistication of cyber threats.” 

Mike Khorev, Managing Director, Nine Peaks Media

4. Intersection of AI and Cybersecurity

“This year’s RSA Conference is packed with sessions focused on the intersection of AI and cybersecurity–particularly how generative AI is changing the threat landscape and reshaping defense strategies. Cyber resilience is another major theme, with keynotes diving into supply chain security, post-quantum cryptography, and zero trust evolution. 

Personally, I’m keeping a close eye on sessions around automated threat detection and AI-driven red teaming. The field is moving fast, and the conversations are finally shifting from hype to implementation–what’s working, what’s not, and where AI might be introducing more risk than it’s solving. 

Also worth watching: panels on cybersecurity governance for boards and the increasing regulatory pressure around incident disclosure. With SEC and global regulators tightening the rules, the strategy side of security is getting just as much attention as the technical. 

If you’re attending or tuning in virtually, the insights this year seem especially geared toward practical takeaways, not just high-level thought leadership–which is a good sign for how the industry is maturing.” 

Patric Edwards, Founder & Principal Software Architect, Cirrus Bridge

5. ERP Security and Blockchain Discussions

“ERP security has been giving me sleepless nights lately, especially after seeing increasing attacks targeting business systems. I’m specifically tracking RSAC sessions about securing cloud-based ERP implementations, as we’ve had to strengthen our NetSuite deployment protocols after a close call with a sophisticated phishing attempt. The blockchain security discussions are also on my radar since we’re exploring secure payment integrations for our B2B clients.” 

Karl Threadgold, Managing Director, Threadgold Consulting

6. Zero Trust Architecture for ISP Operations

“Zero trust architecture has become crucial for our ISP operations, so I’m keeping a close eye on those sessions at RSAC. Just last quarter, we implemented new endpoint security measures that caught several attempted breaches, making me especially interested in the latest endpoint protection developments. I’m also planning to attend panels on securing remote work infrastructure, since we’re still seeing challenges with our hybrid workforce setup.” 

Andrew Dunn, Vice President of Marketing, Zentro Internet

7. Emerging Cybersecurity Threats and Zero-Trust

“Emerging cybersecurity threats in the coming years will likely focus on increasingly sophisticated AI-driven attacks, ransomware targeting critical infrastructure, and vulnerabilities in the expanding Internet of Things (IoT). Cybercriminals are leveraging AI to automate phishing and spear-phishing attacks, making them more convincing and harder to detect. Additionally, as IoT devices become more integrated into daily life, they present new vulnerabilities, particularly since many of these devices lack robust security features. Professionals should prepare by focusing on advanced AI-driven defense mechanisms, improving threat intelligence capabilities, and staying up to date on securing IoT environments. 

One significant trend in cybersecurity is the shift toward zero-trust architectures. Organizations are moving away from perimeter-based security and adopting a zero-trust model, where users and devices must be continually verified, regardless of their location. Companies like Google have implemented zero-trust strategies, which are proving effective in protecting against sophisticated threats. This shift helps counter the rise in insider threats and minimizes risks from compromised credentials, which are still common attack vectors. 

Cybercriminal tactics have evolved with a stronger focus on social engineering and exploiting human error. Phishing attacks are becoming more personalized and targeted, using data obtained through breaches or social media to trick users into sharing sensitive information. Ransomware attacks are now more tailored and focused on high-value targets, such as healthcare systems, municipalities, and critical infrastructure. Companies must invest in employee training and implement multi-factor authentication (MFA) to reduce their exposure to these tactics. 

The most prevalent types of cyberattacks today include ransomware, phishing, and supply chain attacks. High-profile examples include the Colonial Pipeline ransomware attack in 2021, which disrupted fuel supply across the U.S., and the SolarWinds supply chain attack, which infiltrated government agencies and major corporations. These incidents highlight the need for organizations to enhance their cybersecurity posture by regularly patching vulnerabilities, conducting comprehensive risk assessments, and improving incident response capabilities.” 

Sergiy Fitsak, Managing Director, Fintech Expert, Softjourn 

Key Themes at RSA 2025 

The RSA Conference 2025 will examine critical cybersecurity challenges, pressing businesses to take proactive measures. 

• • AI’s dual influence: Cybercriminals increasingly use AI to design phishing attacks that mirror internal communications. Meanwhile, defenders rely on AI-powered tools to process large data volumes, detect anomalies, and neutralize threats swiftly. 
  • Zero Trust’s evolution: Organizations are implementing Zero Trust frameworks to verify every user and device continuously. This method minimizes risks associated with unauthorized access and insider threats. 
  • Internal visibility challenges: Misconfigured cloud environments repeatedly expose sensitive data to attackers. Real-time monitoring paired with robust access controls helps seal these vulnerabilities before breaches occur. 
  • Vendor and supply chain risks: Breaches tied to third-party weaknesses highlight the need for rigorous vendor evaluations. Continuous oversight strengthens defenses against external vulnerabilities. 
  • Strategic compliance: Treating compliance as a component of broader risk management helps businesses address security gaps and build stronger systems, not just meet regulations. 

These measures emphasize the need to defend against increasingly sophisticated and persistent cyber threats. 

TrustNet at RSA 2025 

At TrustNet, we don’t just adapt to the complexities of cybersecurity; we lead the charge. With our innovative Accelerator+ methodology, we empower organizations to face today’s cybersecurity challenges head-on. Accelerator+ enables businesses to: 

• • Rapidly scale compliance programs like SOC 2, PCI, ISO 27001, and HIPAA with precision and efficiency.
  • Integrate people, processes, and tools into a streamlined, unified system for enhanced security and operations. 
  • Combine advisory, automation, and audits/assessments to simplify compliance while boosting real-world defenses. 
  • Shift from reactive to proactive strategies, creating resilient security frameworks built for longevity. 

Our approach ensures compliance isn’t just about passing audits but about fostering robust, scalable systems capable of withstanding sophisticated threats. 

This pursuit of actionable security insights leads us to RSAC 2025, where we’re hosting the critical session, “The Dark Side of SOC 2: Third-Party Risks Hiding in Plain Sight.” This session bridges the gap between compliance and true security, focusing on the overlooked vulnerabilities in SOC 2 third-party and vendor risk management.

Through the session, you are guaranteed to:  

• • ELEVATE your skill in identifying hidden risks in SOC 2 reports   
  • IMPROVE in recognizing common gaps in vendor compliance   
  • MASTER how to critically evaluate SOC 2 beyond surface-level assurances 

Accelerator+ and our expertise give you a decisive edge. Join us at RSAC 2025 to illuminate the risks others overlook and strengthen your security posture for the future. 

This technical, advanced-level session will take place on May 1, 2025, at 9:40 AM Pacific Time. It’s a don’t-miss opportunity for security professionals who want expert guidance on navigating SOC 2 reports with precision and confidence. 

Join Us at RSA 2025 

TrustNet’s session at RSA 2025 allows you to challenge assumptions about SOC 2 compliance, expose hidden vulnerabilities, and be equipped with powerful, actionable strategies to fortify your organization’s defenses. 

Here’s how you can prepare to engage with us at the event:

• • Register for RSA Conference 2025 to secure your access. 
  • Attend the Session on May 1 to gain advanced insights into SOC 2 compliance risks. 
  • Connect with TrustNet Experts during the conference to discuss your organization’s unique challenges. 
  • Follow TrustNet on LinkedIn for updates leading up to the event. 

The RSA Conference brings together the best minds in cybersecurity, and TrustNet is proud to be at the forefront of driving collaboration and shaping the future of security worldwide.