Executive Security Action Forum

Trusted forum for confidential collaboration since 2003

RSAC Executive Security Action Forum logo   


The RSAC Executive Security Action Forum (ESAF) has been a trusted forum for Fortune 1000 security executives since 2003. Led by a program committee, the community shares information at confidential sessions throughout the year and at the annual meeting at RSA Conference, enabling security leaders at some of the world’s largest enterprises to collaborate and find actionable solutions to common challenges.

“The agenda is not just a pick of buzz words but very well thought out by working with top notch people in the industry.” ~ ESAF Member


RSAC ESAF information sharing sessions are invitation-only and closed-door. Security executives are able to candidly share insights and discuss key issues. The selection of topics and speakers is entirely member driven.

“Excellent real-world information that cannot be found anywhere else. The sessions are extremely informative and valuable!” ~ ESAF Member


ESAF members are a highly-qualified group of the most senior information security and risk executives responsible for protecting information for the world’s largest enterprises. Membership is by referral.

“ESAF is the best! The CISOs are all from large companies with the same level of risk. ~ ESAF Member

RSAC ESAF Reports: Insights from Fortune 1000 CISOs

As a forum for candid discussion among peers, ESAF sessions are confidential, invitation-only, and limited to a select group of senior-most information security and risk executives. To mark the occasion of our 20th anniversary, we are sharing some hard-earned wisdom with the broader cybersecurity community through a series of reports on topics of interest to all information security executives. Through these reports, we aim to help all organizations improve the management of cyber risks.

Download the latest report: How Top CISOs Are Transforming Third-Party Risk Management.

“The traditional way most organizations do third-party risk management is like security theatre. There are thousands of people working ferociously, increasing the cost profile of businesses, but not actually decreasing risk. We have to challenge ourselves to stop wasting money, stop wasting time, stop pretending, and ask, ‘Where could we make investments that could actually meaningfully buy down risk?’” ~ ESAF Member

Download the previous report: What Top CISOs Include in Updates for the Board.

“Updating the board is existential for a CISO’s career. If you don’t do this well, you can’t be a F1000 CISO. Literally it’s the most important part of the job.” ~ ESAF Member

RSAC ESAF 2024 USA Sponsors

Accenture is a global professional services company that helps the world’s leading businesses, governments and other organizations build their digital core, optimize operations, accelerate revenue growth and enhance citizen services—creating tangible value at speed and scale. We are an innovation-led company with approximately 743,000 people serving clients in more than 120 countries. Technology is at the core of change today, and we are one of the world’s leaders in helping drive that change, with strong ecosystem relationships. Visit us at www.accenture.com/security.


Cohesity is a leader in AI-powered data security and management. We make it easy to secure, protect, manage, and get value from data — across the data center, edge, and cloud. Cohesity helps organizations defend against cybersecurity threats with comprehensive data security and management capabilities, including immutable backup snapshots, AI-based threat detection, monitoring malicious behavior, and rapid recovery at scale. Cohesity solutions can be delivered as a service, self-managed, or provided by a Cohesity-powered partner.


ExtraHop is the cybersecurity partner enterprises trust to reveal cyber risk and build business resilience. The ExtraHop Reveal(x) platform is the only network detection and response solution that instantly delivers the unparalleled visibility and decryption capabilities needed to expose the hidden cyber risks and network performance issues that other tools can’t see. When organizations have full network transparency with ExtraHop, they can investigate smarter, stop threats faster, and move at the speed of risk.


Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Visit us at www.proofpoint.com.

Red Canary is a leader in managed detection and response (MDR). We serve companies of every size and industry, focusing on finding and stopping threats before they can have a negative impact. As the security ally for 1000+ organizations, we provide MDR across our customers’ cloud workloads, identities, SaaS applications, networks, and endpoints. For more information about Red Canary, visit: https://www.redcanary.com.