From ISC West 2025 to RSAC25: Cybersecurity Takeaways From Two of the Top Security Events

As spring comes to an end, the Security Industry Association (SIA) Cybersecurity Advisory Board is looking back at two of the most significant security events in the world: ISC West (North America’s largest converged security event) and RSA Conference (RSAC) (the world’s largest cybersecurity event). In this article, Cybersecurity Advisory Board member John Gallagher, vice president at Viakoo, shares cybersecurity takeaways from both shows and examines key themes discussed at the events.
Looking Back at ISC West

Two things stood out (in a positive way) about ISC West 2025. The conference continues to draw attendees, speakers and exhibitors who traditionally have not been at ISC West. The session put on by the Federal Bureau of Investigation’s Las Vegas, Nevada, field office, for example, provided practical information for physical security teams on how to work with them on suspected cyber incidents. Likewise, companies like M.C. Dean (who exhibited for the first time in 2025) have helped to bring focus to the idea that the solutions needed for cyber hygiene of physical security systems are the same as for cyber-physical systems (CPS) in general.
I saw a few mentions of CPS, adding to the alphabet soup of IoT, OT, ISC and AI that converged security brings with it. I was also very encouraged by the good attendance at an education session I did on managed services and the “jump ball” that is happening between security integrators and IT service providers when it comes to offering managed services around cybersecurity.
Takeaways From RSA Conference
A few weeks after ISC West, several Cybersecurity Advisory Board members attended RSAC25 in San Francisco, California. RSAC 2025, a major cybersecurity event focused on artificial intelligence, identity security and collaborative defense, brought together over 44,000 attendees. Here are some of the key themes explored:
AI in Security
AI garnered significant attention, with over 40% of session proposals focusing on it. Discussions covered securing artificial intelligence systems and using AI to counter automated attacks. The rise of agentic and generative AI highlighted both opportunities and risks.
Identity Security and Authentication
Identity is a major attack target with credential theft and misuse being common breaches. There was strong emphasis on passwordless authentication, deepfake protection and securing the identity life cycle. Sessions covered digital identity evolution and new AI-era authentication methods.
Mobile and Endpoint Threats
Reports have indicated a shift in attacker focus on mobile devices, with a notable increase in smishing (SMS phishing) and PDF-based phishing activities. Additionally, many enterprise devices remain unpatched.
Quantum Computing and Cryptography
Chief information security officer discussions focused on quantum computing’s potential impact on encryption standards which led to calls for migration to post-quantum cryptography and crypto agility. NIST IR 8547 provides a detailed framework for navigating this transition, offering a clear strategy for assessing risks, prioritizing critical assets and adopting quantum-resistant cryptographic solutions.
“In today’s rapidly evolving digital landscape, organizations must recognize that cryptographic assets are the bedrock of data security and operational trust. Yet, without clear visibility and a unified inventory of these critical assets, organizations risk falling behind in both agility and resilience – especially as we prepare for the challenges of post-quantum security. Proactive cryptography management isn’t just a technical necessity; it’s a strategic imperative for the future.”
– Kasia Hanson, advisor for InfoSec Global, a KeyFactor Company
Policy, Governance and the Human Element
The need for agile, business-aligned governance frameworks for AI was emphasized, along with support for cross-industry standards like the National Institute of Standards and Technology’s AI Risk Management Framework. The issue of the “Security Poverty Line” – the disparity between resource-rich and resource-poor organizations – was highlighted, stressing collaboration and inclusion to improve baseline security.
Key outcomes and recommendations from the conference included:
- Prioritize AI Security – Both Offensive and Defensive Secure AI systems from manipulation while also using AI to automate and scale defenses. Develop and adopt AI models specifically designed for security.
- Strengthen Identity Security Accelerate adoption of passwordless and multifactor authentication. Invest in technologies to detect and counter deepfakes and AI-powered impersonation.
- Prepare for Quantum Threats Take inventory of cryptographic assets and begin migrating to post-quantum cryptography in anticipation of deadlines for critical infrastructure.
- Improve Mobile Security Posture Enhance mobile threat defense and vet workplace apps due to growing risks from mobile-targeted attacks.
- Adopt Agile Governance for AI: Implement flexible, business-aligned governance models for AI risk management based on frameworks like those from NIST, without waiting for regulations to be updated.
Both events provided clear actions and recommendations on how the security -both physical and cybersecurity can shore up systems, software and processes in the AI-era – your SIA Cybersecurity Advisory Board is here to support the industry on this journey that is secure by design.