For four days each spring, the cybersecurity industry effectively relocates to San Francisco.
RSAC 2026 ran 23–26 March at the Moscone Center, marking the conference’s 35th edition and drawing close to 44,000 attendees — a scale that remains unmatched anywhere in the sector.
Whatever your view of RSAC, ignoring it isn’t really an option for senior security leaders working at any meaningful scale.
The Conference at a Glance
Operated by RSAC under the 2026 theme “The Power of Community,” the event featured 700-plus speakers, 31 session tracks, more than 570 sessions, and over 600 exhibitors.
The expo floor sprawls across two halls, the keynote stages run in parallel at Moscone West and the YBCA Theater, and the after-hours circuit of vendor parties, analyst dinners, and CISO gatherings has become its own networking economy.
Around 400 members of the press cover the event, which generated more than 370 million social impressions in 2026.
The new Connection Hub added games, networking, and a 35-year retrospective experience.
Who It’s For
RSAC genuinely is for everyone — which is both its strength and its weakness.
CISOs use it to compress a year of vendor evaluations into one week and practitioners come for the technical tracks and the SANS-led “Five Most Dangerous New Attack Techniques” briefing.
Investors and analysts work the corridors whilst and government and policy figures use it as a soft venue for industry conversations.
The signal-to-noise ratio takes effort to manage, but the breadth means almost any security professional can build a worthwhile agenda if they plan ahead.
The Cryptographers’ Panel marked its 25th anniversary with a notably reflective session on how the field has scaled with technology.
Highlights and Themes from the Most Recent Edition
Three threads dominated 2026: agentic AI, the offence–defence asymmetry, and resilience.
Cisco’s Jeetu Patel framed the agentic era starkly — security teams now have to protect agents from the world, the world from agents, and respond at machine speed.
Former New Zealand Prime Minister Jacinda Ardern delivered a keynote on empathetic crisis leadership with RSAC CEO Jen Easterly that landed unexpectedly well with the executive audience. Geordie AI took the Innovation Sandbox crown for its agent visibility and governance platform.
Other notable threads included supply chain security in the face of new regulatory mandates, and the persistent gap between zero-trust enthusiasm and zero-trust implementation.
What to Expect Going Forward
RSAC 2027 is confirmed for 5–8 April at Moscone.
Expect agentic AI to consolidate from theme to dedicated track, post-quantum readiness to move from policy abstraction to procurement reality, and more honest conversations about what hasn’t worked in zero-trust rollouts.
The Innovation Sandbox and Launch Pad continue to be reliable indicators of where venture capital is moving in the security market — worth tracking even if you don’t attend.
The Bottom Line
Standard passes start around $2,500, hotels are punishing, and the week is exhausting — but for CISOs and senior leaders, RSAC remains the one event where you can compress months of meetings into days.
Skip the keynotes you can stream, build your week around corridor conversations and pre-booked vendor briefings, and accept that you will not see everything.
That’s the deal with RSAC, and for most senior security roles it’s still worth the budget line.