March 23, 2pm PT: Bill Moore, Founder and CEO at XONA Systems
XONA helps utilities, manufacturers, and other critical-infrastructure operators let employees or vendors connect to sensitive systems remotely without exposing the underlying network directly. In other words, they're secure remote access (one of the five ICS cybersecurity controls).
Right before RSAC, they announced Active Defense, a feature in its secure remote access platform that can automatically stop or limit suspicious OT remote sessions in real time instead of waiting for manual response. The technology is interesting in a few ways, but I see their integrations with OT visibility platforms being at the top of that list. By pulling in signals from those vendors to identify potential anomalous behavior in the remote access session, you can potentially cut the bad actors off at the knees if they get access to a system using historically insecure remote access tools.
Bill also talked about their usage of AI in a couple of key areas that are going to be showing up in the not-too-distant future. I can't give specific updates, but they are going to be using AI-assisted insights to help understand operations with OT systems. Going to be interesting to see how this plays out in the critical infrastructure space!
Next update below!
March 24, 10am PT: Prophet Security
I met with a few members of the Prophet Security team. If you're not familiar, Prophet is an Agentic AI SOC platform, one of quite a few entering into the space these days. To be clear, I am not just lumping them into a crowded space and saying they are "just one more AI SOC". Honestly, I really don't see any of the other AI SOC players that way. The space may look like other "hot" spaces where a ton of vendors enter into the market, but but they all are approaching the space with nuance that some may not recognize.
Prophet is very clear that you don't need a SIEM to use them. They take direct feeds from your security stack, and they don't charge for ingest (because they say they don't actually ingest). Instead, they charge per investigation. And they allow deep dives into the investigations without charging more.
They also include threat intel feeds for enrichment from a bunch of well known players that SOC practitioners would normally pay for. And their AI operationalizes that for you. Definitely brings value out of the gate.
There is more to them, and I think they are worth looking at if you're interested in that space. Thanks to the team for giving me a very good look at their solution!
Next up! Optiv CRO John Hurley. I'll update with our conversation later today.
March 24, 11am PT: John Hurley, CRO at Optiv
Optiv is a reseller and consulting firm that has had a massive effect they've had on the cybersecurity industry for many, many years (see some history below). So i decided to meet with their chief revenue officer, John Hurley.
John is a sharp guy, and I enjoyed our conversation. We went through some of the Optiv offerings around MDR (using Google Chronicle), their Advise/Deploy/Manage (or Operate in some instances) approach to services, their Advanced Fusion Center, and others.
We briefly dug into AI (because ya' just have to talk about AI these days). I specifically brought up all the new AI security vendors popping up and whether existing pre-AI-era vendors would soon start gobbling up the AI vendors. He was very quick to say he saw a large consolidation cycle coming soon. I don't disagree, but we shall see.
Thanks to John for the time!
If you're not familiar with the history, Optiv was formed when Accuvant and FishNet Security merged back in the 2014 (they officially became Optiv about a year after the merger). Full disclosure, I worked at Accuvant for about 7 years prior to that merger. All that being said, there aren't a lot of folks left at Optiv that were there when I was at Accuvant. It's really a different company these days.
What's next? HackerOne, that's what...
March 24, 1pm PT: Kara Sprague, CEO of HackerOne
I've been a fan of the bug bounty/crowdsourced bug hunting model for quite a while. It was really the closest you could get to a continuous pentest before that was invented. But I've wondered a lot since AI (there it is again) starting intruding in that world. So while I am sure Kara is tried of answering questions around this topic, it just didn't make sense to me to not ask about it. So Kara, thank you for your patience!
Kara's response was that 70% (according to their latest data, which is soon to be updated) of bug hunters use AI to augment their process (they call those AI-using hunters "bionic", and I was happy that Kara knows who the Six Million Dollar Man is). And they think the next set of data will show that dramatically increase. But "augment" was the word she used. Not replace. What's more, she said that results from mature bug hunters who use AI was of a much higher caliber than those bug hunters who were new to the game. And given the democratization of all kinds of bug hunting tools due to AI, it is interesting how much the human still has a place in the field.
Now a cynic might say that Kara is saying this because it is in HackerOne's interest to keep humans as the primary bug bounty engine. But Kara is not sitting back hoping AI doesn't remove humans from the loop. They have been broadening their platform to give people reason to stay with them to fill their needs. From agentic pentesting to agentic prompt injection, they are making sure they provide value to their user base.
I had a great time talking to Kara, and I appreciate her time!
And up next, an OT cybersecurity company.
March 25, 9:30a PT: Briana Sullivan, CEO at Iolite Secure
Iolite Secure is an OT cybersecurity platform. Briana has built Iolite from a MITRE project, which focuses on protecting physical infrastructure and legacy systems that need small form factor solutions without disrupting operations.
Honestly, if you have a resource-constrained OT environment that needs security, Iolite is a choice you should consider. Having something that can be more easily operationalized and give you the ability to test defenses, validate response procedures, and improve resilience is a must in light of modern attacks.
Iolite is also big on helping the community and will be a part of our OT/ICS Training Village at OT.SEC.CON next week. We really appreciate that support! Thanks for spending time with me, Briana!
Next, a cloud/AI security tool that is... pretty sweet...
March 25, 12:00p PT: Sweet Security
My buddy Zach went over to Sweet Security not too long ago, so I decided to take a look at them at RSAC. They took over a little spot on 3rd Street to show off their wares, and Sohini went through the platform for Bill and me. Sweet positions itself around Runtime CNAPP and AI Security, aiming to secure both traditional cloud apps and agentic AI applications in one place.
CNAPP is something of a crowded space, and AI is obviously something a lot of vendors are talking about trying to secure. But their runtime context focus gives them some meaningful differentiation. They can do agentless (API/log capture), but their agent is eBPF-based sensor and is used to collect live workload and application context without exposing the kernel.
To be clear, all I saw was a demo. I haven't seen this in a real environment. But there is enough here to take a closer look. Thanks for the time, Sweet! And thanks for the eclair! Yes, they leaned into their name at RSAC.
Next is the creator of one of the most popular technical certifications in cybersecurity.
March 25: 1pm PT: Jay Bavisi, Founder and CEO of EC-Council
You may not be familiar with the name EC-Council. But if you've been in cybersecurity for more than 5 minutes, you've probably heard of their most well-known certification, the Certified Ethical Hacker. Iknow the CEH has some detractors. It is often critiqued as not deep enough technically for those holding the cert to be considered seriously if they're trying to get into well-known red teaming organizations. But I will also say that it has been the entry point for many a person trying to get into the pentest field. And it has proven to be a resilient and sought-after certifications by HR companies and can help get a career started in the right direction.
What you might also not know is that EC-Council has a ton of other certifications. And they are dedicated to non-profit endeavors. I don't have a link for that, but I'll update it when I can.
What is clear is that Jay and team are passionate about training and certification, and I love their energy. Thanks to the team for talking about their org and going over potential partnerships with our non-profit partner, CYBR.SEC.Careers!
I have one more to add, and I'll try to do that on the plane on my way back to Houston. Thanks for reading!
March 25, 2:30p: Javed Hasan, CEO and Co-founder at Lineaje
Ok, here’s the final one. I met with Javed to talk about software supply chain security, which is the main solution from Lineaje (pronouned like lineage, just with a cool cyber spelling). And we did talk about that. But Jared quickly pivoted into their UnifAI solution that has recently been released.
Lineaje describes UnifAI as “the industry’s first autonomous AI policy orchestrator empowering organizations to build secure‑by‑design agentic AI applications.” But that feels a bit light based on how Javed described it to me. What feels closer is their “Discover, Derive, Defend” description also on the UnifAI site, where they talk about its ability to find through continuously discovers all AI assets, automatically generates/enforces security & compliance policies, and applies real-time guardrails to keep AI agents operating safely. Those are powerful abilities.
And while it was interesting to talk through their new release, I really enjoyed the conversation when Javed and I started discussing AI and its potential effects on open-source software usage. Right before my talk with Lineaje, I had been discussing the topic with my good friend Mitch Ashley from the Futurum Group. Essentially, the topic centers around whether developers will need open source software to make their development more efficient when AI can write and fix code for the developer. The efficiency created from using 3rd-party components can potentially be replaced by 1st-party code developed by AI. Or potentially, 3rd party components taken from open source repos will become 1st party code by the fact that AI can fix the code.
Yes, there are tons of if’s and then’s in that conversation, and Javed sees 3rd party code still being needed for innovation since AI is not an innovation engine (at least not yet). But the future of development is unquestionably going to be affected by AI. How that affects supply chain security vendors is something Javed and Lineaje are thinking hard about. No matter which way it goes, it was a great conversation!
And that’s it! I talked to other vendors and professionals while I was there, but it was mostly ad hoc and not as in depth as the ones I mentioned above. So I decided not to write about those. I’m glad to be headed home. But I had many great conversations and enjoyed the week. See you next year at RSAC 2027!
