Is the RSA Conference floor a visionary glimpse into the future, or just an "AI blender" where every vendor tastes the same? Join hosts Marco Ciappelli and Sean Martin as they sit down with industry heavyweights Theresa Lanowitz and Joe Carson to dissect the real sentiment of RSAC 2026.
Is the RSA Conference floor a visionary glimpse into the future, or just an "AI blender" where every vendor tastes the same? Join hosts Marco Ciappelli and Sean Martin as they sit down with industry heavyweights Theresa Lanowitz and Joe Carson to dissect the real sentiment of RSAC 2026.
Key Discussion Points:
The AI Agent Explosion: Everyone says they can secure your agents, but is there any actual differentiation?
Keynote Insights: A breakdown of George Kurtz’s CrowdStrike keynote on "Full Throttle" AI vs. total fear.
The "Mushroom" Metaphor: Why AI is like a power-up in Super Mario Kart—it makes you go faster, but it doesn't make you a better driver.
The Marketing Disconnect: Why vendor messaging is failing to map to the actual "to-do lists" of modern CISOs.
Niche Power: Why the most innovative solutions are often found on the perimeter of the expo floor.
Hosts: Marco Ciappelli & Sean Martin
Guests: Theresa Lanowitz (Cybersecurity Evangelist) & Joe Carson (Chief Security Evangelist)
Sean Martin: Rolling.
Marco Ciappelli: Are we there yet? Are we there? Are we there yet?
Sean Martin: Is it Thursday? No, it’s not Thursday.
Marco Ciappelli: No, it’s "that" day. But honestly, I looked at my watch an hour ago and thought it was 6:30 PM, but it was only 2:30 PM because we’ve been going back-to-back.
Sean Martin: I’m still on New York time, so for me, it is 6:30 PM.
Joe Carson: There you go. I’m on Estonian time, so I’m waking up at 3:00 AM thinking, "Okay, I’m ready to go! Is the conference open?"
Marco Ciappelli: Before, we were running around, but now we’re just chilling with friends. We aren't here to promote a company or a new product; we’re just getting a feel for what’s happening on the floor—why we’re in this place where nobody wants to go, yet everyone is happy to be at: the RSA Conference. Let’s do a quick round of introductions. Who are you?
Sean Martin: I’m Jose. That’s my "coffee name" because they never get Sean or John right. But I'm Sean Martin with ITSPmagazine. Theresa?
Theresa Lanowitz: I’m Theresa Lanowitz, a cybersecurity evangelist and thought leader.
Marco Ciappelli: And a good friend of ours. Joseph?
Joe Carson: I’m Joe Carson, Chief Security Evangelist and Advisory CISO. My goal is to make the world a safer place and have fun while doing it.
Sean Martin: And Marco, do you know who you are?
Marco Ciappelli: They know who I am. I’m the guy who talks about technology—the one who messes with Sean’s head all the time.
Sean Martin: The voice over my shoulder asking, "Why are you working on that? Why are you doing it that way?"
Marco Ciappelli: I'm that guy. Anyway, we’re here for a chat. We’ve had these conversations at almost every event over the years, in many different cities and countries. We want to get a feel for the community. Theresa, you’ve been walking around—what’s the buzzword?
Theresa Lanowitz: The buzzword is definitely "Agentic AI" or "AI Agents." There isn't much differentiation, but everyone claims they can help you secure your AI agents. I went to George Kurtz’s CrowdStrike keynote this morning, and I thought it was quite visionary compared to what’s on the show floor. He spoke about the safety of implementing AI, noting two extremes: going "full throttle" on everything AI, or being completely afraid and doing nothing. He argued neither is correct. He emphasized guidelines, having a human in the loop, and needing a "kill switch" to turn it off if it becomes too much. It was a great highlight—forward-looking, yet cautious, especially for regulated organizations. Plus, they had a band play George Michael’s "Freedom" to celebrate RSA's 35th year.
Marco Ciappelli: A nod to the past as we look to the future. Joe, what have you been up to?
Joe Carson: Similar to Theresa, I spent a day hitting as many sessions as possible to learn and meet people. I love the community aspect here. I also enjoy playing "Buzzword Bingo" on the expo floor, and "Agentic AI" has won. I almost feel like I’m at an AI conference rather than a cybersecurity one. We have to treat this technology with responsibility and accountability. Many fear AI will replace humans, but we need it to keep pace with fast-moving threats. Cybersecurity is like a Formula One race; seconds matter, and AI keeps you ahead. However, AI needs us to protect it. Without guardrails, it loses context. We must remain in control.
I use a retro gaming metaphor: In Super Mario Kart, the mushroom makes you go faster, but it doesn't make you a better driver. If you don't use it responsibly, you go out of control. We must keep learning without forgetting the basics.
Theresa Lanowitz: Exactly. You’re alluding to domain expertise. Just because you can play Mario Kart doesn't mean you can drive a real car. You need that expertise to act as the guardrail.
Joe Carson: It’s a team effort. We need to break down silos and collaborate. If we don’t, AI will just repeat the mistakes of the past.
Sean Martin: I see a big investment in the "professional"—training, certifications, and research to help people succeed. That’s a positive thing. Regarding orchestration, I wrote a piece on this recently. We’re trying to do more with less, handing over control one task at a time. But are we doing it with an end goal, or will we drive off the track because we took too many bites of the mushroom?
Joe Carson: Right. If we lose sight of the destination, we’ll get out of the car and have no idea where we are.
Theresa Lanowitz: Orchestration and integration are critical. Most enterprises have legacy workflows and data that must be protected. Sometimes we get caught in "irrational exuberance" over AI and forget the lessons we learned when the internet or the cloud first arrived.
Sean Martin: You and I were at a "big yellow company" together long ago. We bought an IBM Watson-based AI engine for malware analysis back in the early 2000s. At that time, I was building a SIEM platform focused on orchestration. Back then, CISOs weren't ready to hand over control. We’re closer now, but we’re still not quite there.
Marco Ciappelli: Let’s talk about the marketing on the floor. It’s an "AI blender" where everything tastes the same. How do you differentiate? People come here for clarity and leave more confused.
Joe Carson: That’s my concern. Many vendors are marketing AI without understanding the actual problem they’re solving. CISOs come with a list of pain points, but the floor messaging doesn't map to those problems. Messaging needs to be simple and connect with the buyer’s true needs. Right now, it’s too bland.
Theresa Lanowitz: I spent the day on the floor and noticed a major disconnect. Marketing 101 is "Needs + Features = Benefits," but nobody is articulating the needs. Everyone claims they can "secure Gen AI," but no one is explaining their "why" or their brand promise.
Marco Ciappelli: It's just a giant advertisement for "Agent AI."
Joe Carson: Exactly—the "silver bullet." But how do we get a return on investment? CISOs have to go back and map this confusion to their business goals themselves.
Theresa Lanowitz: The secret at RSA is looking at the vendors on the perimeter. They've figured out how to "niche down." They do something very specific and do it better than anyone else, rather than just splashing "AI" on their booth.
Marco Ciappelli: It makes me think of Wile E. Coyote buying everything from Acme—nothing works because they try to make everything. You need specific vendors, even if it makes orchestration more complex.
Sean Martin: Have either of you seen an MSP or a VAR on the floor, or is it just vendors?
Joe Carson: I’ve seen a few, but not many.
Theresa Lanowitz: I realized I haven't seen any Global Systems Integrators (GSIs). They are the ones who help make sense of the "tool fatigue" we’ve been talking about for 15 years.
Joe Carson: We need that interoperability. GSIs can take a problem and automate it efficiently. Right now, technology is struggling to keep up with the evolution of threats.
Marco Ciappelli: To wrap up—thinking in binary (AI is either "great" or "bad") isn't helpful. Life is complex. Marketing isn't helping the community by ignoring that gray area.
Joe Carson: We have to educate ourselves. If you don’t understand it, you can’t use it. In Estonia, we have a competition called "Cyber Spike" for kids. Last year, the team that won wasn't the most technical; they were the ones who used AI to move faster. Speed is the objective, but you must know your goals so you don't accelerate in the wrong direction.
Theresa Lanowitz: It goes back to domain expertise and knowing what "good" looks like.
Sean Martin: We could chat for hours, but we're out of time. Joe, Theresa—thank you so much.
Marco Ciappelli: Thanks for watching.
Sean Martin: Stay tuned for more from the RSA Conference at itspmagazine.com/rsac.
Next Step: Would you like me to create a formatted summary of the key takeaways from both scripts for a blog post?