RSAC 2026 "Everybody feels massive FOMO if they don't get to RSAC," Jen Easterly says.

To be fair, she has a vested interest in saying this. 

After serving as the director of the US Cybersecurity and Infrastructure Security Agency (CISA) agency for nearly four years - during which time she was a regular at the RSA Conference, speaking on panels and giving keynotes - in January, she signed on as the chief executive of RSAC. 

Her first conference at the helm of the organization has brought 43,000 people to San Francisco, and happens during what Easterly describes as the "most exciting time to be in cyber - and I've been in a long time."

"We're at this inflection point where cyber and AI are now inextricably linked," she told The Register during an interview at the conference. 

"I don't think we could have said that last year, I don't think I could have said that when I was at CISA developing our AI action plan, but we're now at a point where you cannot meaningfully have and deploy cyber capabilities without integrating AI," Easterly said. "That convergence is reshaping everything across the digital ecosystem, and at the heart of that convergence is community. It's the community of security practitioners and operators and technologists and leaders and builders and investors and entrepreneurs that are coming together to figure out: How do we make the most of this technology in this community and create a more secure and resilient digital world - which has sort of been the bumper sticker for my life."

It's also why she wanted the RSAC CEO gig, she told us.

A few things about Easterly. She speaks in full paragraphs. She served 20 years in the US Army and was one of four military service members to stand up the first-ever US Cyber Command. She describes herself as a "relentless optimist," but even if she didn't say this, you'd get the idea. 

Easterly stays on message, and uses phrases like "we don't have a cyber security problem, we have a software quality problem," and "make ransomware a shocking anomaly" frequently in interviews and talks (she said both in this interview). And she seems utterly sincere when she says all of this, and makes even jaded journos believe it could become reality, too.

"I spent most of my career in uniform, places like Iraq, staying in Bosnia, Kosovo, and I have actually seen the power of technology save lives," Easterly said. "It's really what got me into this business."

While cyber plus AI equals super FUD (fear, uncertainty, and doubt), Easterly admits there are legitimate reasons to be concerned. "We're already seeing threat actors use AI to do hyper-tailored, hyper-customized, hyper-personalized phishing emails that are harder and harder to detect, and so the threats will be more complex," she said. 

However, she hasn't seen AI engender any "new, novel cyber risks," she said. In other words, don't panic!

"What I am most excited about is the ability to use increasingly powerful AI to both help us write more secure and resilient code," Easterly said. "We're already seeing that to help us find and fix flaws in the code that's being written. We're also seeing ability to use AI to transform and refactor legacy code, insecure code, into much more secure and resilient code. We can see the promise of it happening at scale, and you can see the end to the soulless cycle of patching and patching and clean up on aisle nine, and a path towards a more resilient digital ecosystem."

This doesn't mean the end of the nearly $250 billion cybersecurity industry as we know it, she says. 

"But I do think it can lead to significant reduction in cyber risk, a significant improvement in software quality, and a world where ransomware is not a multi-trillion dollar business, but a shocking anomaly," Easterly said. "A world, frankly, where we can use the incredible talents of the cybersecurity community to solve much more difficult problems, not to be spending our time compensating for poorly designed software."

If people in the cybersecurity community get FOMO when they aren't at RSAC, it's safe to assume that most of the federal government's top cyber spies and defenders are very much feeling the pain right now. Shortly after Easterly was named the CEO, all of the conference's FBI, NSA, and CISA speakers and panelists cancelled.

• 'Four horsemen of cyber' look back on 2008 DoD IT breach that led to US Cyber Command
• Ex-CISA head thinks AI might fix code so fast we won't need security teams
• CISA boss: Makers of insecure software must stop enabling today's cyber villains
• Feds totally skipping infosec industry's biggest conference this year

"I, as a relentless optimist, believe that in the next few years we'll welcome back the US government to be part of this very important ecosystem," Easterly said, adding that RSAC, and cybersecurity as a whole, is nonpartisan and non-political. Easterly, herself, is a registered independent and previously worked in the White House under the Obama, first Trump, and Biden administrations. She resigned when the second Trump administration started, and was quickly fired from a teaching post at the US Military Academy last year after some hardcore Trump supporters questioned her political independence. She isn't dwelling on that.

"This is a serious conference for serious people who want to come together and solve the toughest challenges and collaborate to build a more secure digital ecosystem," she said. "The most important currency in cybersecurity is trust. I'm not going to speak for the federal government, but at the end of the day, it's important to recognize that you have to be in the room. You have to have those conversations to build that trust."

She notes that the private sector owns and operates the vast majority of critical infrastructure, "so in some ways, they're the most important players in the room." Plus, conference attendees this year come from more than 100 countries and include international as well as state and local leaders.

"I welcome the federal government with open arms to come back, because they'll continue to play a very important role," Easterly said. "I hope in the coming years we will see CISA have the capability every American should want America's cyber defense agency to have - the talent, the resources, the budget, the capability, and capacity to help defend global cyberspace and help defend the critical infrastructure Americans rely on every hour, every day. But until that happens, we're standing in." ®

More about

• Cybersecurity and Infrastructure Security Agency
• RSA Conference
• Security

More like these