What’s on My Radar for RSAC 2026: Insights from Tony Sager

We’re getting close to “go time” for RSAC 2026 Conference.

As usual, the calendar is filling up fast — catching up with old friends, setting aside time for business meetings, and yes, making sure there’s time for some great Asian food. This morning, I finally sat down with the agenda itself. Turns out, there’s a conference happening, too.

As my career has evolved, so has how I spend my time at events like this. I’m less drawn to the latest attack or tool demo and more interested in the broader context: public policy, economics, national strategy, and how all of that shapes the security outcomes we care about. There’s some AI on my list (of course there is), but I’m planning an eclectic mix.

RSAC 2026 Sessions of Interest 

Here’s a few of the RSAC 2026 sessions rising to the top of my list.

Securing the Future of Trust in AI, Cloud & Zero Trust

Monday at 8:00 A.M. – 3:00 P.M —Cloud Security Alliance's annual summit at RSAC. This year, the folks at CSA will be focusing on the duality of AI: securing AI and AI for security. Always a great event for those who want to learn what's next in the world of cloud security and network with fellow security nerds.

Measuring Cyberspace-wide Success Against Threat Actors

Monday at 10:50 A.M. —Michael Daniel of Cyber Threat Alliance and Jason Healey of Columbia University. A great 1-2 punch of insight on some big, unanswered questions in cyber and how defenders can determine if they're succeeding against threat actors.

How to Prepare for What's Coming and Apply Tips for Defenders

Wednesday at 8:30 A.M. —  While I’m a big fan of the “Five Most Dangerous Attacks” session that SANS puts on every year, I’m more interested in what to do about them. This session has the same team deep diving into the threats raised during their keynote and discussing strategies to defend against them.

Mental Malware: Why the Human OS Keeps Getting Hacked

Tuesday at 9:40 A.M. — Randy Rose of CIS. Randy explores the weakest point in all our cyber defense strategies: us humans! I'm looking forward to hearing how he combines psychology and cybersecurity to help us better secure our cognitive machinery against cyber threats.

Explore the Enigma Machine and What the Enigma Machine Teaches OT Security Professionals

Monday at 1:00 P.M. and 2:00 P.M —Marcus Sachs of CIS. I am a sucker for historical crypto, Enigma, and WWII. I'm also a fan/friend of Marc. Here's your chance to not only learn lessons from history to strengthen defenses in our connected, modern world but also explore Marc's Enigma Machine up-close. 

Connecting with the Cyber Community

One strategy for an overwhelming agenda is to follow people, not sessions. On my whiteboard at home is a short list of names — industry leaders whose thinking I trust and pay attention to. A good number of them are speaking this year: Rob Joyce, Roger Grimes, Lynn Dohm, Ed Skoudis, Heather Adkins, Bob Lord, Sounil Yu, and Rob Lee (any of the Rob Lees!). All worth listening to!

The Center for Internet Security will also be well represented, with multiple speakers and panelists highlighting our work on secure by design and recognizing the volunteers who make that all of our work possible. That matters to me. Visit me and members of the CIS team at Booth #4624

And that’s really why I’m heading back to RSAC this year — quite possibly for the last time. As I wrote recently, this is about people.

Old friends? I’ll be looking for you!
NSA, USG alumni? I can’t wait to catch up! 
Partners, allies, CIS volunteers? I’ll be thanking you!
Friends I’ve yet to Meet? It’s never too late to make a lifelong friend.

See you there! 

---

About the Author

Tony Sager
Senior Vice President and Chief Evangelist

Tony Sager is a Senior VP & Chief Evangelist for the Center for Internet Security^® (CIS^®). He is involved in a wide variety of strategic, partnership, and outreach activities. He led the work which later became known as the CIS Critical Security Controls^® — an independent, volunteer-developed, cyber defense best practices program which is used throughout the industry. Tony has led numerous other activities to develop, share, scale, and sustain effective defensive cyber practices for worldwide adoption.

In addition to his duties at CIS, Tony is a volunteer in numerous cyber community service activities: an inaugural member of the DHS/CISA Cyber Safety Review Board; Advisor to the Minnesota Cyber Summit; Advisory Boards for several local schools and colleges; formerly a member of the National Academy of Sciences Cyber Resilience Forum and serves on numerous national-level study groups and advisory panels.

Tony retired from the National Security Agency in 2012 after 34 years as a mathematician, computer scientist, and executive manager. As one of the Agency’s first Software Vulnerability Analysts, he helped create and led two premier NSA cyber defense organizations (the System and Network Attack Center, and the Vulnerability Analysis and Operations Group). In 2001, he led the release of NSA security guidance to the public and expanded NSA’s role in the development of open standards for security. Tony’s awards and commendations at NSA include: the Presidential Rank Award at the Meritorious Level (twice) and the NSA Exceptional Civilian Service Award. The groups he led at NSA were recognized inside government and across industry for mission excellence with awards from numerous sources, including: the SANS Institute, SC Magazine, and Government Executive Magazine.