Security at a Crossroads: Innovation, Risk, and the Relationship Between the CISO and the Vendor ...
0In this closing conversation from Day One at RSAC Conference 2025, ITSPmagazine co-founders Sean Martin and Marco Ciappelli reflect on what they’re hearing in the halls, on the show floor, and in conversations with attendees—and the picture they’re painting may surprise you.
Sean Martin raises a recurring theme that’s come up in multiple off-camera discussions: the increasing hesitancy among CISOs to engage with new vendors or consider new technologies unless they come from familiar sources. The concern isn’t about the technology itself—it’s about time, trust, and the overwhelming volume of noise. In many cases, CISOs prefer to rely on their peer network rather than explore unknown options, potentially limiting their exposure to different ways of thinking about risk and security.
But this isn’t just a “vendor fatigue” issue. It’s a structural one.
Martin points to a conversation with Philip Miller, who emphasized the need for vendors to connect with the security team—not just the CISO. That shift could unlock a healthier, more scalable way to evaluate solutions without overloading leadership. When security teams are empowered to explore, test, and validate, it changes the decision-making dynamic and may lead to more open-minded program development—especially as AI begins reshaping how data and security interact.
Meanwhile, Marco Ciappelli looks at this cultural tension from a societal perspective. He draws parallels between the speed of technological progress and the slower-moving nature of regulation, governance, and even human behavior. If security programs are stuck in reactive modes—bound by risk aversion, budget constraints, or outdated expectations—how can they support the innovation their businesses (and society) demand?
The two hosts conclude that change isn’t just needed—it’s already underway, albeit unevenly. The key may lie in empowering the broader security ecosystem, from frontline analysts to policy makers, to think and act with more agility.
For those wrestling with how security can lead rather than lag, this conversation offers a timely reflection—and a few provocations worth sitting with.
What does a future-ready security program really look like?
Learn more and catch more stories from RSAC Conference 2025 coverage: https://www.itspmagazine.com/rsac25
___________
Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com/
Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com/
___________
Episode Sponsors
ThreatLocker: https://itspm.ag/threatlocker-r974
Akamai: https://itspm.ag/akamailbwc
BlackCloak: https://itspm.ag/itspbcweb
SandboxAQ: https://itspm.ag/sandboxaq-j2en
Archer: https://itspm.ag/rsaarchweb
Dropzone AI: https://itspm.ag/dropzoneai-641
ISACA: https://itspm.ag/isaca-96808
ObjectFirst: https://itspm.ag/object-first-2gjl
Edera: https://itspm.ag/edera-434868
___________
Resources
Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage
Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf
Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us
___________
KEYWORDS
sean martin, marco ciappelli, ciso, ai, cybersecurity, risk, decisionmaking, innovation, rsac 2025, technology, event coverage, on location, conference