Community and People Take Center Stage at RSAC 2026
Even as artificial intelligence commanded most of the attention at this year's RSAC 2026 Conference, the event served as a timely reminder that it is still the humans working in cybersecurity who ultimately determine whether organizations succeed or fail in defending themselves. Bringing together global experts, practitioners, and vendors under the theme of community, RSAC 2026 provided a space for cybersecurity professionals to share ideas, network, and explore the latest solutions designed to help them perform their roles more effectively.
Security teams today sit at a unique crossroads. On one hand, they have an unprecedented opportunity to enable the secure adoption of technologies that can drive productivity and business growth. On the other, attackers are leveraging those same technologies to scale their campaigns more rapidly than ever before. The challenge — and the opportunity — lies in ensuring that the advantage remains on the defenders' side.
Key Research: The State of the Cybersecurity Profession
One of the conference's notable sessions was Thriving in the New Reality: Inside Today's Cybersecurity Profession, presented by Melinda Marks, Practice Director for Cybersecurity at ESG, alongside Dr. Shawn Murray, co-chair of the Information Systems Security Association (ISSA) AIM committee and past president of the organization. The session unveiled results from the 8th volume of the study on the life and times of cybersecurity professionals, conducted with ISSA members.
The findings painted a sobering picture of the current state of the workforce:
- Only 28% of cybersecurity professionals report being very satisfied in their current roles.
- 68% find cybersecurity more difficult than it was two years ago.
- Top challenges include increasing cybersecurity complexity and workloads, a rapidly expanding attack surface, and budget pressures.
- Job stress has climbed compared to prior years, with 62% reporting that their jobs are stressful more than half of the time.
- The newest and most significant skills gap identified is in AI security strategy.
AI: A Double-Edged Sword for Security Teams
The study also surfaced striking perspectives on artificial intelligence and its implications for the profession:
- 81% of respondents believe AI drastically increases challenges for cybersecurity, as attackers will use it to scale their operations.
- 80% believe cybersecurity teams will need to leverage AI within their own solutions to stay ahead of adversaries.
- Nearly three-quarters — 72% — believe agentic AI will be a game changer, helping teams keep pace with attacks and operate more efficiently.
These statistics underscore a fundamental tension: AI is simultaneously a threat multiplier and a potentially transformative defensive tool. The profession must evolve rapidly to navigate both dimensions.
The Evolving Cyber Workforce
A separate session at RSAC 2026 addressed this workforce evolution more directly. AI, Regulation, & the Battle for Talent: The Future of the Cyber Workforce featured Rob T. Lee, Chief AI Officer and chief of research at the SANS Institute, and James Lyne, CEO of the SANS Institute. Drawing on new SANS research, the session examined how AI is reshaping cybersecurity team structures and roles.
Among the key observations: AI adoption may reduce the number of entry-level roles in security operations centers (SOCs), but it is simultaneously creating new positions that demand specialized skill sets. Security organizations are being forced to redefine what their teams look like and what competencies they need to cultivate.
Human Oversight in AI-Driven Security Operations
Security has always depended on full visibility and contextual understanding to drive effective remediation and threat response. AI enhances these capabilities by synthesizing data from multiple sources, supporting intelligent decision-making, and taking automated actions. But how much human oversight is still required — and for how long?
Data from the Omdia by InformaTechTarget study titled Automating Risk Reduction in the AI Era offers some clarity. Security teams are deploying AI across a range of functions, including automated security testing, predictive risk modeling, and proactive threat hunting. Auto-remediation — particularly through agentic AI — is seen as a promising avenue for dramatically accelerating developer productivity.
However, the research reveals that organizations are still far from embracing fully autonomous AI-driven remediation:
- Only slightly more than one-quarter of organizations report significant levels of automated remediation — 19% with periodic human oversight and 9% with minimal human oversight.
- 57% require human approval for critical actions.
- 14% require human approval for every action taken.
- The share of organizations operating AI-driven remediation with minimal human oversight is expected to nearly double to 17% over the next 12 to 18 months.
RSAC 2026 offered numerous opportunities to see these AI-powered tools in action across vendor booths and demonstrations. While confidence in autonomous agents is growing, security teams will need to develop the skills to evaluate, deploy, and manage agentic AI solutions effectively — human supervision remains essential for the foreseeable future.
Breaking Down Silos: Security's Role in Organizational AI Adoption
One of the more persistent themes across RSAC sessions and research discussions was the relationship between security teams and other parts of the business. Cyberattacks don't just affect the security function — they become operational crises with direct impacts on business continuity and customers. As a result, whenever organizations consider adopting AI tools or AI-powered applications, involving security leadership from the outset is not optional; it is vital.
Historically, security teams have sometimes struggled when they are perceived as blockers to innovation and speed. A similar dynamic played out during the adoption of modern development practices and the migration to cloud environments — when security teams created friction, development and operations teams sometimes moved forward without them, effectively sidelining security from critical decisions.
The consequences of that pattern are visible in current data: a recent cloud security study found an alarming statistic — 38% of organizations reported that their developers and DevOps teams select and deploy cloud security tools without consulting the security team. This represents a significant governance and risk management failure.
The alternative model — one that RSAC 2026 championed — involves security leaders and teams being trusted partners who are respected for their knowledge and actively included in technology decisions. This requires organizations to make a genuine commitment to building a strong cybersecurity culture, ensuring that new technologies are not adopted in ways that expose the business to undue risk.
What Comes Next for Cybersecurity Professionals
The full results of the ISSA and ESG study on the life and times of cybersecurity professionals are forthcoming, along with specific recommendations for practitioners navigating this evolving landscape. Additionally, a forthcoming study focused on managing risk for secure enterprise AI adoption will examine how security products can better equip cybersecurity teams for the challenges ahead.
RSAC 2026 made clear that while AI will continue to reshape both the threat landscape and the tools available to defenders, it is the cybersecurity professionals — their skills, their judgment, their collaboration with broader organizational teams — who remain the most important variable in determining outcomes. Events like RSAC are indispensable for keeping those professionals informed, connected, and prepared.
Source: Dark Reading