Are RSAC's glory days behind it?

I thought I would have FOMO all week—not attending RSA Conference in my second favorite city and missing out on the 45,000 cybersecurity industry folks expected to attend. I was wrong. As much as I may have missed the Golden Gate views, the premium coffee, and the delicious food San Francisco has to offer, it appears RSA Conference’s glory days may be behind it.

RSAC now feels like Groundhog Day: same big vendors, same playbook—dare I say it—it’s become boring. Yes, the recaps that came out a week later may tell a different story, but how different are the well-crafted LinkedIn posts filled with team photos, animal-themed booth gimmicks, and recycled swag? All of it was fine, but now, a few weeks out—does any of it really resonate? Doesn’t it all still feel a bit tired?

We’re in the age of AI, viral content creation, and startups spinning up faster than ever. So why are we still investing massive budgets into booths that don’t actually drive revenue? The days of “needing to be there to be seen” are over. Visibility doesn't mean physical presence anymore—it means relevance, innovation, and resonance with your audience, wherever they are.

As we consider cybersecurity marketing budgets for next year, it may be time to leave RSAC off the table. With 650+ exhibitors packed onto the expo floor, unless you’re a giant, what are the real benefits of being at a massive vendor show full of other massive vendors? Is your audience even there—or are they back home, heads down in SOCs, actively managing threats with their teams?

This disconnect is in stark contrast to the pace and urgency of today’s cybersecurity climate - a complete contrast to how the industry is acting. Cybersecurity is moving faster than ever before. The convergence of advanced AI and evolving threats is creating a new arms race—one where our tools, systems, and teams must be more adaptive and intelligent than the threats themselves. A recent Axios article featured Mandiant’s Kevin Mandia predicting we are only a year away from an AI-agent-enabled cyberattack. While AI doomsday scenarios have long haunted cyber pros, the rise of generative AI has supercharged those fears.

So why are so many cybersecurity brands still marketing like it’s 2015?

As the cybersecurity landscape evolves, companies need to rethink their marketing. We must shift from simply being “seen” at legacy events to showing up in ways that actually matter to customers. That means understanding where your audience consumes information, how they make buying decisions, and what truly influences their trust. Spoiler: It’s not a flashy booth or a plush hoodie.

Even media coverage of RSAC reinforced this pattern—highlighting product announcements and updates from the same set of large cybersecurity vendors. If you're a challenger brand or mid-market player, you were likely lost in the noise. Meanwhile, emerging platforms, nimble vendors, and forward-thinking marketers are finding success elsewhere—through targeted thought leadership, integrated digital campaigns, and high-impact virtual experiences that deliver real value, not just visibility.

The industry needs to change with the times

Cybersecurity has outgrown the old marketing playbook. It’s time our approach to connecting with customers evolved as rapidly as the threats they face. The vendors who recognize this shift—and adapt—will be the ones who thrive in the next chapter.

The future of cybersecurity marketing won’t be found in a booth. It will be built through meaningful connections, bold storytelling, and a focus on outcomes – not optics.

‍