6 Must-See Sessions at RSAC 2025

Having survived more RSA conferences than I care to admit, I’ve developed a sixth sense for sessions that deliver genuine value versus those that leave you checking your phone. This year’s agenda is particularly dense, with hundreds of sessions competing for your time. To save you hours of scrolling, I’ve distilled the program down to six standouts that promise both practical insights and forward-looking perspectives.

1. Dude, Where’s My Password? The Challenges of Getting to Passwordless – Monday, Apr 28, 8:30 AM – 9:20 AM

Andy Ozment, Chief Technology Risk Officer at Capital One, delivers what promises to be one of the most valuable case studies of the conference. Passwordless authentication is no longer theoretical, and this session provides a rare window into how a major financial institution actually made it happen. What makes this session exceptional is its focus on the real-world implementation challenges – from identity-proofing in the age of generative AI to hardware compatibility issues and user adoption strategies.

2. Harnessing AI-Driven Cyber Intelligence Data for Quantified Cyber GRC – Monday, Apr 28, 8:30 AM – 9:20 AM

This powerhouse panel featuring experts from IBM, Cyentia Institute, Cybersecurity Canon Project and Qualys addresses one of the most challenging aspects of security leadership – quantifying and communicating risk. This session connects AI capabilities to governance requirements, offering a framework for more data-driven risk management. For security professionals struggling to translate technical vulnerabilities into business impact, this session offers practical approaches that can transform how you present security metrics to leadership. The diverse expertise on this panel ensures multiple perspectives on a complex challenge.

3. Cyber Innovation and Security Early Adopters (SEA) – Tuesday, Apr 29, 9:40 AM – 10:30 AM

This panel, featuring security leaders from Elastic, Kemper Insurance, Gemini and YL Ventures‘ Justin Somaini, is essential viewing for anyone navigating the innovation ecosystem. What makes this session invaluable is the rare opportunity to hear directly from CISOs about their decision-making process when adopting early-stage solutions. For entrepreneurs, understanding these adoption triggers is pure gold, while security professionals will benefit from their peers’ insights on evaluating emerging technologies against established solutions. The diverse perspectives across different industry verticals will provide a comprehensive view of innovation priorities in 2025.

4. A Unicorn Designed By A Committee: The Idealized CISO – Tuesday, Apr 29, 2:25 PM – 3:15 PM

Andy Ellis, Partner at YL Ventures, veteran CISO and CSO Hall-of-Famer, and Helen Patton, veteran CISO and Cybersecurity Advisor at Cisco, will deliver what promises to be a thought-provoking and practical career development session. What makes this session essential is its honest examination of the often contradictory expectations placed on security leaders. For aspiring CISOs, this session offers invaluable guidance on skill development priorities, while current security executives will find validation and strategies for managing disparate stakeholder expectations. In an industry where burnout is common, understanding these dynamics is crucial for long-term career success and organizational security effectiveness.

5. Securing Generative AI: Managing Non-Human Identities in RAG Architectures –

Wednesday, Apr 30, 9:40 AM – 10:30 AM

Joel McKown from Aim Security tackles one of the most pressing challenges in AI implementation today – securing the explosion of non-human identities in Retrieval Augmented Generation architectures. This session stands out because it addresses a security gap that most organizations are only beginning to recognize – and understand how critical it is. If you’re implementing or planning to implement RAG systems, a lack of awareness could leave your organization vulnerable to an entirely new class of threats. McKown’s presentation promises to bridge the knowledge gap between AI implementation teams and security professionals with practical guidance that can be implemented immediately.

6. Beauty and the ALBeast: Be Our (Shared Responsibility Model) Guest – Thursday, May 1, 8:30 AM – 9:20 AM

Liad Eliyahu and Itai Goldman from Miggo Security will deliver a session that should be mandatory for anyone operating in cloud environments. Their investigation into AWS ALB authentication vulnerabilities affecting 15,000+ instances reveals a critical blind spot in the shared responsibility model that could be compromising your applications right now. What makes this session particularly valuable is its practical approach – you’ll walk away with actionable strategies to identify similar misconfigurations in your own environment and clear guidance on where responsibility truly lies. This represents security research at its finest: uncovering widespread vulnerabilities and providing concrete remediation steps.

Whatever your role in the security ecosystem – investor, founder, practitioner, or leader – these six sessions offer a well-rounded view of where our industry is headed. I hope to see you there, and I’d love to hear which sessions you’re most excited about.