"Community. It’s what makes us strong in cybersecurity." These were the emphatic words of Hugh Thompson, executive chairman of RSAC, as he opened the RSAC Conference 2025. His address, setting the tone for the week, repeatedly underscored that in an era of escalating digital complexity and sophisticated harmful actors, the collective strength of the cybersecurity community – a direct manifestation of collaboration in cybersecurity – is not just beneficial but essential.
In a blog post from the conference, the consensus among the security community and industry leaders was that facing sophisticated, often globally coordinated digital sources of disruption requires a united front. As reported by ITPro, collaboration can be as simple as pairing cybersecurity employees with data scientists, so they can compare notes. The era of siloed defense is rapidly giving way to an understanding that shared knowledge and coordinated action are paramount for collective resilience.
Strengthening public-private partnerships
The call for community resonates strongly with the ongoing efforts to bolster public-private partnerships (PPPs). At RSAC Conference 2025, the dialogue around PPPs stressed the vital link between government agencies tasked with national cyber defense and the private sector entities that manage critical infrastructure and vast data repositories.
These partnerships aim to facilitate a bidirectional flow of information: government agencies can provide declassified intelligence on emerging digital challenges and harmful actor tactics, while private enterprises can share real-time observations of harmful activities encountered on their networks. The goal is to create a more comprehensive understanding of the environment of digital challenges, enabling faster, more coordinated responses to protect critical services and the broader digital ecosystem. Emphasis was placed on overcoming traditional barriers such as speed, trust, and actionable intelligence delivery within these frameworks.
Advancing intelligence sharing ecosystems
Security intelligence sharing is fundamental to collaborative defense, and RSAC Conference 2025 highlighted advancements in enhancing these ecosystems' effectiveness. Moving beyond the simple exchange of indicators of compromise (IoCs), there is an increasing emphasis on sharing richer, contextual intelligence, including comprehensive tactics, techniques, and procedures (TTPs), often aligned with standardized frameworks like MITRE ATT&CK. This approach enables organizations to transition from reactive blocking to more proactive defense strategies informed by harmful actor behavior insights.
Information sharing and analysis centers (ISACs) and information sharing and analysis organizations (ISAOs), tailored to industries such as finance, healthcare, and energy, continue to evolve, offering valuable sector-specific intelligence. Moreover, the automation of intelligence sharing through standardized protocols like STIX/TAXII is essential for disseminating critical information at machine speed, a necessity in countering fast-moving digital disturbances.
Thompson's guidance on learning from everybody encompasses both internal and cross-sector collaboration. Within organizations, it’s imperative to foster a security-aware culture where IT, security, development, and business units collaborate effectively. Externally, exchanging best practices across industries strengthens defenses against common digital issues, thereby enhancing overall resilience, as Thompson recommended.
Fostering internal and cross-sector cooperation
Collaboration isn't solely an external endeavor; it’s equally vital within organizations. RSAC Conference 2025 sessions underscored the need to break down internal silos, fostering closer cooperation between cybersecurity teams, IT operations, legal departments, and business units. Cultivating a culture where cybersecurity is viewed as a shared responsibility, rather than the sole domain of the security team, is essential. This includes integrating security considerations into the entire lifecycle of products and services, often referred to as DevSecOps.
Beyond individual organizations, cross-sector collaboration is also gaining traction. Harmful actors frequently reuse tools and techniques across different industries. By sharing experiences, best practices, and lessons learned, organizations in one sector can better prepare for challenges that have already impacted others. This broader learning loop enhances the defensive posture of the entire business community.
The overarching message from RSAC Conference 2025 regarding collaboration in cybersecurity was one of urgent necessity and practical application. While challenges related to trust, data sensitivity, and operationalizing shared intelligence persist, the fundamental understanding is the benefits of working together far outweigh the difficulties. Building these collaborative bridges is no longer a strategic option but a foundational requirement for navigating the modern cybersecurity landscape.
-
How CISOs can work with business leaders to harness the power of AIFeatures Harnessing AI's transformative potential requires a strategic partnership between CISOs and business leaders to ensure secure and ethical innovation
-
RSAC in focus: Key takeaways for CISOsThe RSAC Conference 2025 spotlighted pivotal advancements in agentic AI, identity security, and collaborative defense strategies, shaping the evolving mandate for CISOs.
-
RSAC in focus: Key takeaways for CISOs
The RSAC Conference 2025 spotlighted pivotal advancements in agentic AI, identity security, and collaborative defense strategies, shaping the evolving mandate for CISOs.
-
RSAC in focus: Quantum computing and securityExperts at RSAC 2025 emphasize the need for urgent action to secure data against future cryptographic risks posed by quantum computing
-
RSAC in focus: How AI is improving cybersecurityAI is revolutionizing cybersecurity by enhancing threat detection, automating defenses, and letting IT professionals tackle evolving digital challenges.
-
RSAC in focus: Considerations and possibilities for the remainder of 2025As 2025 unfolds, RSAC explores the pivotal considerations and emerging possibilities shaping the cybersecurity landscape
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
RSAC Conference 2025: AI and quantum complicate securityOrganizations are grappling with the complications of adopting AI for security
-
RSAC Conference 2025 was a sobering reminder of the challenges facing cybersecurity professionalsAnalysis Despite widespread optimism on how AI can help those in cybersecurity, it’s clear that the threat landscape is more complex than ever
-
RSAC Conference day three: using AI to do more with less and facing new attack techniques
