At RSAC Conference 2026, Sean Martin and Marco Ciappelli step away from the sessions and the show floor for a candid ten-minute exchange about what two breakfast conversations with CISOs revealed -- security is still treated as a compliance obligation, not a business driver, and the culture gap between the security industry and the rest of society is wider than ever.
⬥EPISODE NOTES⬥
Sean Martin had barely finished his coffee when two separate conversations with CISOs at RSAC 2026 landed the same way: security is not how the business grows, it is how the business stays out of trouble. Compliance drives the tooling. The security team does its job. The business does its job. And the two rarely meet in the middle.
That observation kicked off a quick but pointed exchange with Marco Ciappelli on the floor at RSAC, one that quickly moved from the conference center to the broader question of culture. Not just inside organizations -- but out in the world, where most people installing iPhone updates are skipping the security patch and tapping the music app feature instead.
Sean has been making this argument for years -- his original show was called The Business of Security for a reason -- and Marco brings the branding and societal lens to the same problem. What happens when businesses treat security as a cost center rather than a brand asset? Apple made privacy a selling point. Most of the industry has not. And if the companies building and deploying security do not close that gap, the consumers and executives who should care never will.
The conversation ends with Sean hinting at a second idea brewing -- something sparked by a photograph of a bow and arrow on the streets of San Francisco. That one comes later.
⬥HOSTS⬥
Sean Martin, CISSP -- Co-Founder, ITSPmagazine & Studio C60 | Host, Redefining CyberSecurity Podcast & Music Evolves Podcast | https://www.seanmartin.com/
Marco Ciappelli -- Co-Founder, ITSPmagazine & Studio C60 | Host, An Analog Brain In A Digital Age Podcast | https://www.marcociappelli.com/
⬥RESOURCES⬥
RSAC 2026 | April 28 - May 1, 2026 | Moscone Center, San Francisco -- Follow our coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage
The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/
An Analog Brain In A Digital Age Newsletter | https://www.linkedin.com/newsletters/7079849705156870144/
On Location | https://www.itspmagazine.com/on-location
⬥KEYWORDS⬥
sean martin, marco ciappelli, rsac 2026, rsa conference, cybersecurity business value, security culture, ciso priorities, compliance-driven security, security roi, brand and security, consumer security behavior, ai and security, security as business enabler, itspmagazine, on location