The RSACTM 2026 Conference Call for Submissions is one of my favorite times of year. We continue to receive a record number of submissions—last year we had over 2,800—and I get to read each one of them. Yes, it’s a lot, but I absolutely love the opportunity to peek behind the curtain and learn about what different members of the Community deal with on their quest to build a more secure world.
While my colleagues and I do read each submission, we are not the gatekeepers of which ones are actually selected. That onerous responsibility falls to a volunteer Program Committee of over 80 industry influencers across more than two dozen tracks. That’s right, RSAC Conference is adjudicated by the Community for the Community, and that truth is not only what sets RSAC apart but also what delivered us to this year’s theme: Power of Community—the next step in celebrating the Many Voices. One Community that brought us together in 2025. As we look to RSAC 2026, we are thinking about all that we can, and should, do in cybersecurity, together.
What’s the Submission Review Process?
Before the RSAC team even begins reading the submissions, we engage with our Program Committee members to understand what trends and evergreen topics they hope to see come through in their individual tracks so that we match the submission with the right track reviewers. Members of the RSAC team read each entry and assign it to then be reviewed by different track committees.
The committee members individually do their initial read throughs. I’ll note here that the tracks are stacked 2-3 reviewers deep to be sure the submission has its best chance at being selected. Once the individuals have made their independent selections, they come together as a group to find alignment—an arduous process that can take hours. Finally, each track meets with the RSAC team to share the top selections. Then it’s time to prepare for the stage.
How to Make a Submission Stand Out
Not surprisingly, we are often asked “why didn’t my submission get selected?” There’s rarely a single reason, and it’s important to note that we make every effort to find a home for as many of those submissions as possible through the RSAC Year-Round programming and our RSAC Membership Platform.
Those that are selected are markedly unique and provide great detail—not of the problem, but strong description of the ‘so what.’ They dive into why someone needs to care about the problem and what they can do to address it (or even avoid it), which are the elements that attendees hunger for.
In a recent RSAC podcast, Program Committee Member John Elliott offered some sage advice that I’ll echo here: start with what you want the attendees to take away from your session and work backwards from there. He also warned not to use unnecessary characters explaining the problem. Instead, spend time sharing actionable guidance—what steps were taken, what worked, what didn’t? And use cases always lend strength and help a speaker to really create a story.
A Story Worth Telling
This year’s theme opens the door for rich exploration about the Power of Community, and it couldn’t be more timely. Think about the Community as a whole—from entry level workers to those retiring from the workforce—and decide who among them is your best audience. What policies need to be created, implemented, or updated to help improve workflows?
AI is ubiquitous at this point, so think more deeply about its impact on security teams. How are malicious actors using AI to advance social engineering? How is AI impacting enterprise architecture?
As technology evolves, many are asking “what does the future of the security operations center (SOC) look like?” We’ve seen the SOC transform, which begs some question: Do organizations need a SOC, a network operations center (NOC), or risk operations center (ROC)? Are Cyber Fusion Centers creating more confusion and making it difficult for analysts to have a trusted source of truth? And what does incident management look like outside of the SOC?
Whether it’s a tale of insider risk, advice on how to do Zero Trust in complex networks, or a deep dive into the reasons why your team is or isn’t applying the new NIST Incident Response frameworks, your story could change how other practitioners approach security—and that could be a change for good.
So, get your creative juices flowing by exploring some of the Top-Rated Sessions from RSAC 2025, and I will look forward to reading a submission from you. Be sure to submit by August 18.