AI dominated RSAC 2026 Conference, but it's still the humans in cybersecurity who matter most.
COMMENTARY
While our world today is obsessed with AI adoption, the humans in cybersecurity are more important than ever.
Cybersecurity professionals are in demand, as security is a top challenge and concern for new technology adoption. As a leading cybersecurity event bringing together global experts and vendors, this year's RSAC 2026 Conference focused on the power of community, helping cybersecurity professionals share ideas, network, and learn about the latest solutions to set them up for success in their roles.
This is an exciting time, as security teams have the opportunity to ensure secure adoption of key technologies that will fuel increased productivity and business growth. Although our skills are specialized, part of our value depends on our ability to constantly adapt and arm ourselves with knowledge and tools to ensure we stay ahead of the rapidly evolving threat landscape. As attackers can also leverage new technologies to scale their attacks, we need to ensure we keep the advantage on the defender's side.
We like to plan our cybersecurity strategies in terms of people, processes, and technology, and, of course, many sessions helped in areas of processes and technology. However, while we're turning to machines to solve many of our challenges in automation, let's not lose sight of the people in this equation who are crucial to keeping the advantage on the defenders' side.
So this is an exciting time for cybersecurity professionals, but we will need to evolve our skills and workforce to play a key role in secure adoption of AI. Another session, AI, Regulation, & the Battle for Talent: The Future of the Cyber Workforce with Rob T. Lee, CAIO and chief of research, SANS Institute, and James Lyne, CEO, SANS Institute, addressed this. The session highlighted results of their new research on the evolving cyber workforce, highlighting the impacts of AI on cybersecurity teams, and how cybersecurity teams are adjusting, redefining their structures and roles. For example, the use of AI may impact junior level roles in the SOC, but it is also creating new roles with specialized skill sets.
In our recent Omdia by InformaTechTarget study, Automating Risk Reduction in the AI Era, we saw that security teams are utilizing AI across a variety of areas, including automation of various types of security testing, predictive risk modeling, and proactive threat hunting.
Auto-remediation is an exciting use case for agentic AI, as this would support rapidly scaling developer productivity. However, when asked about the need for a human oversight, respondents reported various levels of needed human intervention: only slightly more than one-quarter of organizations report significant levels of automated remediation with either periodic (19%) or minimal (9%) human oversight. Fifty-seven percent require human approval for critical actions, and 14% require human approval for every action. However, the number of organizations saying AI-driven automated remediation will be executed with minimal human oversight is expected to nearly double to 17% over the next 12 to 18 months.
At RSAC Conference, there were many opportunities to see security tools utilizing AI. As the products rapidly evolve, security teams will increasingly gain confidence in using agents without as much human intervention, though these tools will need human supervision for a while. Security teams will need to adapt their skills to be able to evaluate, deploy, and utilize solutions with agentic AI to be able to use them to their advantage.
Gatherings like RSAC 2026 Conference are crucial to keep cybersecurity professionals up to date on the most effective strategies and tools to be successful in their roles. Security leaders and teams typically face challenges if they cannot support new technology adoption, or if they cause friction as other groups are striving to increase speed and productivity. We saw this pattern with the adoption of modern development processes and the move to the cloud; if security teams caused friction, other groups, including development and operations teams, could take over security.
In fact, my recent study on the state of cloud security found an alarming statistic: 38% of organizations reported that their developers and DevOps team select and deploy cloud security tools without consulting security teams. Instead, we need security leaders and teams trusted and respected for their knowledge and ability to support other teams and business growth.
This means security teams need to talk to other groups, align on goals, and participate in technology decisions. This requires an organizational commitment to security, building a strong cybersecurity culture so that technologies aren't rapidly adopted in ways that put companies at risk. It was exciting to present some highlights from our ISSA study at RSA and see security product innovation, cybersecurity training, networking, and mentorship in action at the conference. There is much more data to come from our study with the ISSA on this, so stay tuned for the full results from the study with recommendations for cybersecurity professionals. On the technology and process sides, stay tuned for my upcoming study on managing risk for secure enterprise AI adoption to look at how security products can arm our cybersecurity teams.
COMMENTARY
While our world today is obsessed with AI adoption, the humans in cybersecurity are more important than ever.
Cybersecurity professionals are in demand, as security is a top challenge and concern for new technology adoption. As a leading cybersecurity event bringing together global experts and vendors, this year's RSAC 2026 Conference focused on the power of community, helping cybersecurity professionals share ideas, network, and learn about the latest solutions to set them up for success in their roles.
This is an exciting time, as security teams have the opportunity to ensure secure adoption of key technologies that will fuel increased productivity and business growth. Although our skills are specialized, part of our value depends on our ability to constantly adapt and arm ourselves with knowledge and tools to ensure we stay ahead of the rapidly evolving threat landscape. As attackers can also leverage new technologies to scale their attacks, we need to ensure we keep the advantage on the defender's side.
We like to plan our cybersecurity strategies in terms of people, processes, and technology, and, of course, many sessions helped in areas of processes and technology. However, while we're turning to machines to solve many of our challenges in automation, let's not lose sight of the people in this equation who are crucial to keeping the advantage on the defenders' side.
Key Sessions Focusing on People and Talent
During this year's conference, I had the honor of presenting along with Dr. Shawn Murray, Information Systems Security Association (ISSA) AIM committee co-chair and past president, in the session Thriving in the New Reality: Inside Today's Cybersecurity Profession. We unveiled some of the results of our latest study with ISSA members: the 8th volume of the study on the life and times of cybersecurity professionals. Some interesting stats we unveiled:- Only 28% are very satisfied in their current roles.
- 68% find cybersecurity more difficult than it was two years ago.
- Top challenges include increasing cybersecurity complexity and workloads, increasing threats from a rapidly growing attack surface, and budget pressures.
- Job stress is also higher than past years, with 62% finding their jobs stressful more than half of the time.
- Cybersecurity skills are in demand, and the new highest skills gap is in AI security strategy.
- Most (81%) believe AI drastically increases challenges for cybersecurity as attackers will leverage it to scale attacks.
- Most (80%) believe cybersecurity teams will need to leverage AI in their solutions to stay ahead of attackers.
- Nearly three-quarters (72%) believe agentic AI will be a game changer helping their teams keep pace with attacks and become more efficient.
So this is an exciting time for cybersecurity professionals, but we will need to evolve our skills and workforce to play a key role in secure adoption of AI. Another session, AI, Regulation, & the Battle for Talent: The Future of the Cyber Workforce with Rob T. Lee, CAIO and chief of research, SANS Institute, and James Lyne, CEO, SANS Institute, addressed this. The session highlighted results of their new research on the evolving cyber workforce, highlighting the impacts of AI on cybersecurity teams, and how cybersecurity teams are adjusting, redefining their structures and roles. For example, the use of AI may impact junior level roles in the SOC, but it is also creating new roles with specialized skill sets.
The Role of Humans in AI Adoption
Security has always been about having full visibility and utilizing contextual information to optimize remediation to mitigate risk or respond quickly to threats or attacks. AI brings many advantages to security, as it can synthesize and analyze data from multiple sources, and even make intelligent decisions and take actions.In our recent Omdia by InformaTechTarget study, Automating Risk Reduction in the AI Era, we saw that security teams are utilizing AI across a variety of areas, including automation of various types of security testing, predictive risk modeling, and proactive threat hunting.
Auto-remediation is an exciting use case for agentic AI, as this would support rapidly scaling developer productivity. However, when asked about the need for a human oversight, respondents reported various levels of needed human intervention: only slightly more than one-quarter of organizations report significant levels of automated remediation with either periodic (19%) or minimal (9%) human oversight. Fifty-seven percent require human approval for critical actions, and 14% require human approval for every action. However, the number of organizations saying AI-driven automated remediation will be executed with minimal human oversight is expected to nearly double to 17% over the next 12 to 18 months.
At RSAC Conference, there were many opportunities to see security tools utilizing AI. As the products rapidly evolve, security teams will increasingly gain confidence in using agents without as much human intervention, though these tools will need human supervision for a while. Security teams will need to adapt their skills to be able to evaluate, deploy, and utilize solutions with agentic AI to be able to use them to their advantage.
Collaborating With Business Leaders and Other Teams for Secure AI Adoption
Across our research studies, we often see the involvement of other teams, such as IT and operations, in selecting and using security solutions. This makes some sense because if there is a cybersecurity attack, it becomes an operational issue with impacts on the business and/or customers. Also, as groups consider adopting AI tools or applications leveraging AI, it is vital to involve security leadership.Gatherings like RSAC 2026 Conference are crucial to keep cybersecurity professionals up to date on the most effective strategies and tools to be successful in their roles. Security leaders and teams typically face challenges if they cannot support new technology adoption, or if they cause friction as other groups are striving to increase speed and productivity. We saw this pattern with the adoption of modern development processes and the move to the cloud; if security teams caused friction, other groups, including development and operations teams, could take over security.
In fact, my recent study on the state of cloud security found an alarming statistic: 38% of organizations reported that their developers and DevOps team select and deploy cloud security tools without consulting security teams. Instead, we need security leaders and teams trusted and respected for their knowledge and ability to support other teams and business growth.
This means security teams need to talk to other groups, align on goals, and participate in technology decisions. This requires an organizational commitment to security, building a strong cybersecurity culture so that technologies aren't rapidly adopted in ways that put companies at risk. It was exciting to present some highlights from our ISSA study at RSA and see security product innovation, cybersecurity training, networking, and mentorship in action at the conference. There is much more data to come from our study with the ISSA on this, so stay tuned for the full results from the study with recommendations for cybersecurity professionals. On the technology and process sides, stay tuned for my upcoming study on managing risk for secure enterprise AI adoption to look at how security products can arm our cybersecurity teams.