Another RSA Conference has come and gone. From the streets of San Francisco to the neon-heavy expo floor, one thing stood out. Security marketing is having an identity crisis. And it is time for a reset.
Signals in the Noise
Some companies got it right. Tines created a pastel sanctuary that gave space to recharge both device and mind. Wiz went all in with a slightly Meow Wolf-inspired CISOTOPIA experience that prioritized toy store-based industry jokes over acres of OLEDs or on-booth vehicles.
The Early Stage Expo, as always, delivered. Founders and engineers spoke clearly about what their tech does and why it matters. These were teams solving real problems, however niche, not performing innovation for innovation's sake. If they were using AI, they could better explain how and why, walking through architecture, tradeoffs, and the specific problems their approach was built to solve. But we’ll come back to AI later.
It was thoughtful, practical, and refreshingly free of theatrics. That space continues to punch above its weight, and I hope to see it continue in the years ahead.
The Identity Crisis on the Expo Floor
Booth culture this year felt more like performance art even than usual. Given it’s 2025, maybe we should just admit we’re not attending a security expo anymore. We’re vibe con’ing.
And the strongest vibes? Not signal. Not clarity. Just noise. Puppy pens. Goat corrals. The “bro promotions,” or as I like to call them, “bromos,” reached new heights. Race cars. Milspec posturing. The loudest booths were less about product and more about spectacle. Less “Here’s how we solve your problem.” More “Here’s a monster truck with RGB underglow.”
When your conference attendees are flocking to puppy and goat pens for relief, it might be time to reassess the environment we're creating for our customers, supposedly our most valued assets…..
However, it feels like there’s a bigger story beneath the neon and noise. Many vendors seemed genuinely caught in an identity crisis. In the rush to differentiate, too many defaulted to vague messaging and trend-chasing instead of clear purpose.
Remember when blockchain, web3, and the metaverse were everywhere? This year, they were phrases uttered with lowered voices and nervous side glances, certainly not the focal points of booths or VC dollars they once were.
In their place: AI. Ubiquitous, overpromised, and more often than not underexplained. Paired with retro-futuristic branding and Matrix aesthetics, the result was a sea of booths that looked slightly different but sounded exactly the same. Style tried to do the work of substance, and the message got lost.
But that’s fixable. We’re not short on creativity in this industry. What’s missing is alignment.
The companies that stood out didn’t shout. They had a clear point of view, a product worth showing, and a booth that didn’t feel like a nightclub or a tech-themed escape room. That’s what effective security marketing looks like.
Security is complex. Messaging doesn’t have to be. My favorite exhibitors led with purpose, stayed close to their product, and trusted their tech to speak for itself. That’s what cut through the noise.
The AI Doublethink
AI is still positioned as a feature rather than a fundamental technology shift. Vendors continue to ship slow, expensive, non-deterministic chat tools without ever answering the essential question…
Why?
The narrative has become comically dual: AI is the single greatest threat your company, industry, and humanity has ever faced. But also the solution to every security problem you have. Often, both messages came from booths directly across from each other.
The juxtaposition of the AI red pill booths next to and across from the AI blue pill booths was particularly appreciated. A part of me hopes this was an act of quiet rebellion by an RSAC employee mapping out floor plans. More likely it was just a statistical inevitability. But still, chef’s kiss.
What’s consistently missing is intent. That you’re using AI is not the point because everyone is using AI. What matters is why you are using AI. What problem does it solve better than a deterministic approach? What makes it the right choice for your product, users, or architecture? If you have a reason, even if it’s still a work in progress, that’s what your (potential) users want to hear.
Where Do We Go From Here?
There’s a better way forward, and some teams at RSA are already showing what that looks like. Focused messaging. Real product conversations. Experiences built around actual problems, not distractions.
We don’t need louder booths or bigger gimmicks. We need clearer purpose. We need tools that solve the right problems and brands that respect the people they’re building for. Less noise. More intent.
Security is not a show. It’s a responsibility. The future belongs to companies ready to lead with substance, back it up with real solutions, and trust that product truth will always outperform a circus act.
And yes, keep the goats. But let them be the sideshow, not the headline.