Executive Security Action Forum

Trusted forum for confidential collaboration since 2003

RSAC Executive Security Action Forum logo   ESAF 20th Anniversary Logo


The RSAC Executive Security Action Forum (ESAF) has been a trusted forum for Fortune 1000 security executives since 2003. Led by a program committee, the community shares information at confidential sessions throughout the year and at the annual meeting at RSA Conference, enabling security leaders at some of the world’s largest enterprises to collaborate and find actionable solutions to common challenges.

“The agenda is not just a pick of buzz words but very well thought out by working with top notch people in the industry.” ~ ESAF Member


RSAC ESAF information sharing sessions are invitation-only and closed-door. Security executives are able to candidly share insights and discuss key issues. The selection of topics and speakers is entirely member driven.

“Excellent real-world information that cannot be found anywhere else. The sessions are extremely informative and valuable!” ~ ESAF Member


ESAF members are a highly-qualified group of the most senior information security and risk executives responsible for protecting information for the world’s largest enterprises. Membership is by referral.

“ESAF is the best! The CISOs are all from large companies with the same level of risk. ~ ESAF Member

RSAC ESAF Reports: Insights from Fortune 1000 CISOs

As a forum for candid discussion among peers, ESAF sessions are confidential, invitation-only, and limited to a select group of senior-most information security and risk executives. To mark the occasion of our 20th anniversary, we are sharing some hard-earned wisdom with the broader cybersecurity community through a series of reports on topics of interest to all information security executives. Through these reports, we aim to help all organizations improve the management of cyber risks.

Download the latest report: How Top CISOs Are Transforming Third-Party Risk Management.

“The traditional way most organizations do third-party risk management is like security theatre. There are thousands of people working ferociously, increasing the cost profile of businesses, but not actually decreasing risk. We have to challenge ourselves to stop wasting money, stop wasting time, stop pretending, and ask, ‘Where could we make investments that could actually meaningfully buy down risk?’” ~ ESAF Member

Download the previous report: What Top CISOs Include in Updates for the Board.

“Updating the board is existential for a CISO’s career. If you don’t do this well, you can’t be a F1000 CISO. Literally it’s the most important part of the job.” ~ ESAF Member

Save the Date


2024 ESAF Annual Meeting


Tuesday, May 7, 2024