Every spring and late summer, the Boston Meridian Partners team attends two of the world’s largest cybersecurity conferences: RSA Conference in San Francisco and Blackhat in Las Vegas. These events are a whirlwind of activity—client receptions, dinners, and nearly 250 meetings with innovative tech companies and industry leaders. This year, I spent much of my time in Blackhat’s “Startup City,” a hub of emerging companies that’s far easier to navigate than the sprawling Moscone Center.

The Startup Scene: Shiny Pennies and Hidden Gems

Startups at these conferences are eager to showcase their innovations, often presenting themselves as the “next big thing.” However, many struggle to stand out in a crowded market. While their enthusiasm is infectious, differentiation is key—what I call the “shiny penny problem.” A penny, no matter how polished, is still a penny if it doesn’t offer unique value.

Meeting C-level executives at startup booths was a highlight, as this is rare for larger companies where leaders like George Kurtz or Satya Nadella are often mobbed by media. These interactions offered valuable insights into emerging technologies, particularly in artificial intelligence (AI). AI and Data: The Heart of Modern Security

AI dominated conversations this year, with startups focusing on data-driven security solutions. At Blackhat’s AI Summit, I heard repeated emphasis on the importance of data and identity in building secure environments. As I’ve said for decades, “It’s all about the data.” The rise of Large Language Models (LLMs) has amplified this, with data being consumed at unprecedented rates. However, the lack of controls—such as a Cloud Access Security Broker (CASB) for LLMs—raises concerns about rogue models masquerading as legitimate tools.

CISO Challenges: Balancing Priorities in a High-Pressure Role

Discussions with Chief Information Security Officers (CISOs) at Blackhat and RSA Conference revealed the immense pressure they face in balancing day-to-day operations with the need to adopt cutting-edge technologies. Many CISOs described their roles as a constant exercise in “blocking and tackling”—managing fundamental security tasks like patching vulnerabilities, responding to incidents, and ensuring compliance. These operational demands often leave little time to explore emerging technologies like AI-driven security tools or advanced identity management platforms.

One CISO from a manufacturing company shared a striking perspective: they prioritized keeping the production floor operational over implementing a robust data protection strategy. “If the factory stops, the business stops,” they explained, noting that downtime could cost millions. While understandable, this approach undervalues the long-term risks of data breaches, where sensitive intellectual property or customer data could be compromised. For example, a single unprotected dataset could be exfiltrated by attackers, leading to regulatory fines or reputational damage far exceeding the cost of a temporary production halt.

Identity management emerged as another significant challenge. Several CISOs reported using two to four different identity solutions, creating complexity and potential security gaps. One CISO from a financial services firm described their struggle with integrating legacy systems with modern cloud-based identity platforms, resulting in fragmented visibility into user access. They expressed frustration with “platform” solutions that promise seamlessness but often fall short, leading them to favor “best-of-breed” tools. However, this approach can increase costs and administrative overhead. A better strategy, as I’ve advocated previously, is adopting one or two well-integrated identity solutions that work seamlessly across on-premises and cloud environments, reducing complexity while maintaining robust security.

The growing prevalence of Internet of Things (IoT) and Operational Technology (OT) devices is also keeping CISOs up at night. With networks hosting tens of thousands of devices—ranging from smart sensors in offices to industrial control systems in factories—securing these endpoints is a daunting task. A CISO from a utility company highlighted the challenge of monitoring “dumb” devices with outdated firmware alongside “smart” IoT devices that are often poorly configured. They noted a recent incident where an unpatched IoT camera served as an entry point for a ransomware attack, underscoring the need for solutions that can monitor and secure both on-premises and cloud-connected devices.

Finally, many CISOs admitted to feeling overwhelmed by the rapid pace of technological change, particularly in AI. One CISO from a healthcare organization confessed they lacked the bandwidth to evaluate AI-driven security tools, relying instead on their team’s recommendations. This highlights a broader issue: CISOs are expected to be strategic visionaries while managing tactical firefights, often without sufficient resources or time to stay ahead of the curve.

Emerging Trends in Cybersecurity: Why Staying Current Matters

The cybersecurity landscape is evolving rapidly, driven by advancements in AI, the proliferation of connected devices, and increasingly sophisticated threats. Staying current with these trends is critical for CISOs and their teams to protect their organizations effectively. Falling behind can lead to blind spots, such as unaddressed vulnerabilities or missed opportunities to leverage new tools for efficiency and resilience. Based on my observations at Blackhat and RSA Conference, here are seven key technological trends shaping the industry, along with why staying informed is essential:

  1. AI Agent Governance: As organizations deploy AI agents for tasks like threat detection and customer support, the lack of oversight frameworks creates new risks. Rogue or misconfigured AI agents could expose sensitive data or disrupt operations. For example, a poorly governed AI chatbot might inadvertently leak proprietary information. CISOs must adopt “AI Agent Rewind” capabilities to audit and recover from misuse. Staying current ensures organizations implement governance early, avoiding costly mistakes as AI adoption scales.
  2. Detection-as-Code Revolution: Traditional manual security rule creation is giving way to AI-powered platforms that auto-generate detection rules from threat intelligence. Companies like SOC Prime now serve over 1 billion rules globally, enabling faster responses to emerging threats. CISOs who fail to adopt these tools risk falling behind adversaries who exploit automation. Keeping up with this trend allows organizations to scale their security operations efficiently, especially in resource-constrained environments.
  3. External Attack Surface Expansion: Threats increasingly bypass traditional perimeter defenses, requiring active validation of vulnerabilities “outside the firewall.” Tools that simulate real-world attacks are replacing passive scanning, providing more accurate risk assessments. For instance, a retailer recently discovered an exposed API through active testing, preventing a potential breach. Staying informed about this trend helps CISOs prioritize external risks, which are often overlooked in favor of internal network security.
  4. Behavioral Security Over Signatures: Signature-based detection is losing ground to behavioral fingerprinting and drift analysis, which establish custom baselines for each application to achieve near-zero false positives. A bank using behavioral security detected an insider threat by identifying unusual data access patterns, avoiding a significant breach. CISOs who embrace this trend can reduce alert fatigue and focus on real threats, but staying current is critical to selecting the right tools for their unique environments.
  5. LLM Firewall Emergence: As enterprises integrate Large Language Models (LLMs) into workflows, new tools are emerging to protect against prompt injection, data leakage, and model manipulation. For example, a healthcare provider recently faced a prompt injection attack that tricked an LLM into revealing patient data. LLM firewalls can mitigate these risks, but CISOs must stay educated on this nascent category to implement effective controls before widespread adoption.
  6. Browser-Based Threat Protection: Zero-day phishing attacks that bypass email security are a growing concern. Browser-based tools using computer vision and real-time analysis are protecting over 800,000 users by detecting malicious sites instantly. Staying current on this trend allows CISOs to bolster endpoint security, especially for remote workforces increasingly targeted by sophisticated phishing campaigns.
  7. Unified Security Platforms: Talent shortages and budget constraints are driving demand for platforms that consolidate IT, InfoSec, and cybersecurity functions. A unified platform enabled a mid-sized firm to reduce its security tools from 15 to 3, cutting costs and improving visibility. CISOs who stay informed about consolidation trends can streamline operations and address the “do more with less” mandate, but failing to keep up risks reliance on outdated, fragmented solutions.

Staying current with these trends is not just about adopting new tools but about understanding how they align with organizational priorities and constraints. For CISOs juggling operational demands, dedicating time to research, attending conferences, or collaborating with peers is essential to avoid being blindsided by new threats or missing opportunities to enhance security posture. Organizations that invest in continuous learning—through training, industry reports, or vendor partnerships—will be better equipped to navigate the complexities of modern cybersecurity.

Looking Ahead

As AI, data, and IoT/OT reshape the threat landscape, CISOs must balance innovation with foundational security practices. Staying ahead requires not only technical expertise but also strategic foresight to prioritize what matters most. I’d love to hear your thoughts—what trends are you seeing at conferences, and how are you keeping up? Share your insights below or connect with us at

www.bostonmeridian.com

Boston Meridan LinkedIn Page <- Follow this company!

About the author

Shawn Anderson has an extensive background in cybersecurity, beginning his career while serving in the US Marine Corps. He played a significant role as one of the original agents in the cybercrime unit of the Naval Criminal Investigative Service.

Throughout his career, Mr. Anderson has held various positions, including Security Analyst, Systems Engineer, Director of Security, Security Advisor, and twice as a Chief Information Security Officer (CISO). His CISO roles involved leading security initiatives for a large defense contractor’s intelligence business and an energy company specializing in transporting environmentally friendly materials.

Beyond his professional achievements, he is also recognized for his expertise in the field of cybersecurity. He is a sought-after speaker, writer, and industry expert, providing valuable insights to both C-Suite executives and boards of directors.

Currently, Mr. Anderson serves as the Chief Technology Officer (CTO) for Boston Meridian Partners. In this role, he evaluates emerging technologies, collaborates with major security providers to devise cybersecurity strategies, and delivers technological insights to the private equity and venture capital community.

Overall, Shawn Anderson’s career journey showcases a wealth of experience in cybersecurity and leadership roles, making him a respected and influential figure in the industry.