RSA 2025 Recap

 1. AI Is Everywhere, and It Cuts Both Ways

It’s really no surprise that Artificial Intelligence (AI) was the dominant theme. Nearly every vendor touted AI capabilities, whether embedded in security platforms, threat detection tools, or behavioral analytics.

But the tone varied. Some positioned AI as a revolutionary force for cyber resilience, while others sounded the alarm: adversaries are using it too.

AI’s impact on privacy was also a recurring theme: What happens when AI systems share data with third-party vendors? Who owns that behavioral data? Where’s it going?

Takeaway for the DIB: Expect both AI-powered solutions and AI-enabled threats. The push toward AI-native defense tools is coming fast and may soon be considered a baseline for modern security architectures. For contractors handling CUI or FCI: This hits close to home. Shared responsibility in the cloud and downstream vendor access are compliance issues, not just hypotheticals.

2. Quantum Computing

Dr. Thomas Graham has been ahead of the curve on this one. Vendors aren’t waiting for quantum computing to hit. They’re marketing and talking about it now. Quantum-resistant algorithms, future-proof encryption, and next-gen key management were on full display.

Takeaway for the DIB: Contractors handling CUI or working on long-term contracts, quantum risk isn’t science fiction, it’s a compliance and national security concern already showing up on radars

3. A Shift in Federal Trust and Tone

Recent federal leadership shakeups (including scrutiny of former CISA leadership) and cuts to key cybersecurity advisory groups cast a shadow. Some attendees openly questioned how these changes affect long-term trust and continuity in federal cybersecurity strategy.

Takeaway for the DIB: This uncertainty underscores the need to control what you can, starting with your own posture. CMMC is one of the few steady signals amidst the noise.

4. Brand Hype vs. Budget Reality

From full-on building wraps and branded vehicle fleets to headline events (like The Chainsmokers playing a vendor party) at RSA 2025, marketing budgets were… ambitious.

Takeaway for the DIB: Reality check. Even in an uncertain economy marked by tariff talk and funding concerns, big brands are doubling down on visibility. But for DIB contractors, effectiveness, not flash, should guide vendor decisions. Look past the glow and evaluate how tools help you meet the requirements validated by CMMC.

5. Zero Trust, Identity, and Human Risk

Identity & Access Management vendors dominated the floor, with consistent messaging: Zero Trust is no longer optional. Behavioral analytics, continuous authentication, and AI-driven insider threat detection were top pitches.

Takeaway for the DIB: Takeaway for the DIB: Controls like AC.L2-3.1.1, limiting access), IA.L1-3.5.1/2 (Identification/authentication), IA.L2-3.5.3 (multifactor authentication), AU.L2-3.3.1/2 (tracing unique users) are getting serious vendor support. But you still need the process and documentation to back the tools.

6. Innovation, Startups, and What’s Next

Startups brought energy. There was a clear appetite for fresh thinking, especially from forward-thinking IT and security professionals like Enloe Health’s team, who shared an interest in what’s next in secure interoperability.

Takeaway for the DIB: Innovation matters, especially in sectors that intersect with both DoD and civilian agencies. Stay tuned to what’s coming, not just what’s currently deployed.

Final Thoughts: RSA For the DIB

RSA 2025 reminded us that the cybersecurity landscape is moving faster than ever. For the DIB, the challenge is not just keeping up; it’s staying compliant, seeing compliance and cybersecurity as different programs, and staying secure and mission-ready. Innovation is essential, but so is grounding every decision in operational, regulatory, and risk-based thinking.