Key takeaways from the blog:
In this blog, you’ll get a front-line perspective from the RSA Conference, cutting through the hype to focus on what truly matters for security leaders today. It explores how AI is reshaping cybersecurity, why identity security is becoming the control plane for modern environments, and how AI-driven systems are increasing the number of identities requiring privileged access management. It also examines how legacy systems and poor usability continue to slow progress. Most importantly, it provides practical insights to help CISOs prioritize what to fix, where to invest, and how to move faster with confidence.
What Security Leaders Are Prioritizing Now
The RSA Conference remains the definitive gathering point for the cybersecurity industry. Vendors, CISOs, investors, and practitioners come together to answer one single, pressing question:
What actually matters right now?
At RSAC 2026, the answers were strikingly consistent:
- AI is everywhere
- Identity security is foundational
- Legacy systems are holding organizations back
- Usability defines success or failure
- Cybersecurity is no longer individual, it’s a team sport
But beyond the headlines and hype cycles, the most valuable insights came from real conversations like this live Segura® podcast discussion featuring Joseph Carson, Chief Security Evangelist and Advisory CISO at Segura®, Eduardo Pereira, Sales Director for North America at Segura®, and Vizay Kotikalapudi, Principal Investor at Riverwood Capital.
The discussion cut through the noise and focused on what security leaders are actually prioritizing today.
AI Is Accelerating Everything — Including Risk
There was no escaping AI at RSAC.
From agentic AI to autonomous SOC capabilities, the message was clear: AI is now embedded across the entire cybersecurity ecosystem.
More automation creates more non-human identities and increases identity sprawl across environments.
As Vizay noted:
“AI is impacting horizontally across the entire cyber market.”
This is what makes AI different from previous technology waves like cloud or endpoint. AI is not a single category. It’s a force multiplier across every category.
AI Increases Speed, Not Security Maturity
Joseph Carson captured the dynamic with a memorable analogy:
“AI is like the mushroom in Mario Kart, it makes you go faster, but it doesn’t make you a better driver.”
AI accelerates detection, response, and automation. But it does not replace:
- Good architecture
- Strong governance
- Sound security fundamentals
Organizations that lack strong foundations will simply move faster toward the same risks.
Automation Is Driving Identity Sprawl
As automation increases, so does identity complexity:
- More automation → more non-human identities
- More agents → more identity sprawl
- More access → more privilege risk
As history has shown:
Excessive access and weak identity controls remain the root cause of most breaches.
AI doesn’t eliminate that problem; it scales it.
Identity Is Becoming the Control Plane for Security
If AI was the loudest theme at RSAC, identity security was the most important.
Across keynotes and discussions, one message stood out:
Identity is becoming the control plane for modern cybersecurity.
AI-driven environments depend on access:
- AI agents interacting with systems
- APIs exchanging data continuously
- Autonomous processes making decisions
As Joseph Carson emphasized, the challenge is not new:
“We’re seeing the same lessons again, excessive privileges, excessive access, and privilege sprawl.”
Vizay reinforced a critical perspective:
“Identity was critical 20 years ago and it will still be critical 20 years from now.”
What has changed is the scale and complexity.
Organizations must now manage:
- Human identities
- Machine identities
- AI agents
- API-driven interactions
Without strong identity governance, AI becomes an unmanaged risk multiplier rather than a security enabler.
Legacy Systems Are Slowing Security Response
While AI dominated the conversation, one of the most grounded insights from RSAC was refreshingly candid:
Legacy systems are still one of the biggest barriers to progress.
Despite the excitement around AI:
- Some organizations still take 12 months to deploy PAM solutions
- Others still track certificate expiration in spreadsheets
That disconnect is not just ironic, it’s dangerous. The gap between innovation and operational reality remains significant.
Legacy environments introduce:
- Slow deployment cycles
- High operational overhead
- Limited adaptability
- Integration challenges
Joseph Carson summarized the risk clearly:
"If your security cannot adapt quickly, it becomes part of the problem."
And perhaps most critically:
Delayed deployment equals delayed protection.
In cybersecurity, delays increase exposure.
Security Is Shifting from Tools to Identity-Centric Platforms
Another consistent theme at RSAC was the shift away from fragmented tools toward platform-based security.
“It’s no longer about buying a tool, it’s about buying a platform that evolves.”
Modern organizations require solutions that:
- Operate across on-prem, cloud, and SaaS
- Adapt to new use cases over time
- Integrate identity, access, and automation
- Reduce operational complexity
Fragmented tools often create:
- Tool sprawl
- Increased management burden
- Lack of cohesion
- Short-lived relevance
Vizay highlighted a key insight:
“Product-market fit is not static; you have to earn it continuously.”
Platforms that evolve with customer needs remain relevant. Point solutions often do not.
Usability Determines Whether Security Gets Implemented
One of the simplest insights from RSAC may also be one of the most important:
“Usability is key in security solutions.”
The most effective security solution is not the most feature-rich.
It’s the one teams actually use.
Strong usability contributes to:
- Faster deployment
- Lower operational friction
- Higher adoption
- Reduced human error
Joseph Carson reflected on real-world experience:
“When solutions are overly complex, require too many components, or take an army to operate, they hold organizations back.”
Modern security platforms are succeeding because they:
- Simplify complexity
- Reduce friction
- Align with how teams actually work
Poor usability is no longer acceptable; it’s a security risk in itself.
Cybersecurity Now Requires Cross-Team Coordination
One of the most powerful metaphors from the podcast discussion and across RSAC was simple but accurate:
“Security is a team sport.”
Cybersecurity resembles a well-balanced football team:
- Defense → Identity & access controls
- Midfield → Monitoring and response
- Attack → Threat intelligence and proactive security
- Goalkeeper → Privileged controls as a final safeguard
You cannot win with isolated excellence. You need coordination, balance, and adaptability.
RSAC also signaled a broader shift:
- Innovation is global
- Talent is distributed
- Collaboration is essential
Eduardo Pereira summarized the broader shift:
“The game is global now.”
Cybersecurity has evolved into collective defense.
What CISOs Are Prioritizing After RSAC 2026
After RSAC, many CISOs return with the same challenge:
How to translate insight into execution
Several consistent priorities emerged:
1. Strengthen identity and privileged access foundations
“Get the basics right.”
- Identity security
- Privileged access management
- Credential and certificate hygiene
2. Use AI to accelerate security outcomes
- Automate where it adds value
- Maintain governance
- Focus on outcomes
3. Reduce risk created by legacy architecture
- Identify bottlenecks
- Modernize platforms
- Reduce deployment timelines
4. Prioritize usability to drive adoption
- Choose solutions teams adopt
- Minimize friction
- Improve efficiency
5. Consolidate tools into adaptable platforms
- Invest in adaptability
- Avoid fragmentation
- Focus on integration
6. Leverage innovation across the security ecosystem
- Look beyond traditional vendors
- Leverage diverse ecosystems
- Stay open to new approaches
Security Is Becoming Identity-First and Platform-Driven
What stood out most at the RSA Conference was not just technology.
It was a shift in mindset.
Cybersecurity is becoming:
- A business enabler, not just a control function
- A platform-driven ecosystem, not siloed tools
- A collaborative discipline, not isolated teams
- An identity-first security strategy, not network-centric
Organizations that adapt to this shift will move faster with greater confidence.
The Common Thread: Speed, Identity, and Simplicity
If RSAC 2026 delivered one defining message, it’s this:
The organizations that win will move fast, stay simple, and secure identity at the core.
AI will continue to evolve.Threats will continue to adapt.Complexity will continue to grow.
But the fundamentals remain unchanged:
- Identity is everything
- Usability determines success
- Legacy is the enemy of progress
- Community is the force multiplier
And ultimately:
Security isn’t about having more tools. It’s about making the right ones work, together.
Learn More About Segura® PAM
As identity becomes the control plane for modern security, managing privileged access consistently across environments is essential.
Learn how Segura® PAM helps organizations reduce identity risk and simplify privileged access:
