The US Government Just Ghosted the Security Industry
Quick Take: Three federal agencies — CISA, FBI, and NSA — quietly deleted themselves from RSA Conference 2026. Sessions on Chinese hackers, cyber warfare, and incident response: gone. The reason? Their former boss now runs the conference.
The Basics
RSA Conference: The Super Bowl of cybersecurity. 45,000+ security professionals, hackers, researchers, and government agents meet annually in San Francisco. It’s where the feds and private sector coordinate on threats.
CISA: The agency that protects US infrastructure from hackers. They’re the ones who call you when China’s inside your power grid.
The Typhoons: Codenames for Chinese hacking groups (Volt Typhoon, Salt Typhoon) that have infiltrated US infrastructure — water plants, telecom, power grids.
What Actually Happened
- All three agencies pulled out — CISA, FBI, and NSA won’t attend in March. First time since CISA was created in 2018.
- Sessions deleted from the agenda — A panel on hunting Chinese Typhoon hackers? Gone. FBI cyber warfare talk? Gone. Seven-agent incident response panel? Gone.
- The timing is suspicious — This happened 8 days after former CISA director Jen Easterly was named CEO of RSA Conference.
Who Wins / Who Gets Burned
Winners:
- Chinese hackers now have less coordinated opposition
- Private security firms who can now sell without federal competition
- Anyone who wanted the feds out of their conferences
Losers:
- Small businesses who relied on free FBI incident response guidance
- Security researchers who built relationships with federal contacts
- Critical infrastructure operators who needed threat briefings
The Angle Nobody’s Discussing
Follow the politics, not the security.
Jen Easterly was fired in July 2025. She was offered a job at West Point — that got rescinded after right-wing backlash. Now she runs the conference the feds just boycotted.
The official line is “reviewing stakeholder engagements for taxpayer value.” The real story: the current administration is systematically cutting ties with anyone connected to the previous one. Security cooperation is collateral damage.
Meanwhile, Salt Typhoon is still inside US telecoms. Volt Typhoon has pre-positioned in critical infrastructure. The people who were supposed to brief the industry on these threats just got told to stay home.
Your Move
-
The Consultant Pivot
- With feds gone, RSA attendees will pay for private threat briefings
- If you have ANY security knowledge, you can package it as consulting
- Companies are desperate for the intel the government was providing for free
Real Example: A security researcher in Poland started charging €500/hour for “government-grade” threat briefings after the EU cut similar programs. He made €40K in three months from mid-sized manufacturers.
-
The Content Play
- Federal absence creates an information vacuum
- Start a newsletter/podcast covering what the feds WOULD have shared
- Compile public threat intelligence into digestible formats
Real Example: A guy in Singapore built a 15K-subscriber security newsletter by just summarizing CISA advisories in plain English. Now monetized at $8K/month through sponsorships.
-
The Long Game
- Learn threat intelligence fundamentals now
- When the political cycle shifts, the feds will need to rebuild private sector relationships
- Be the person they call to reconnect
Real Example: Former CISA contractors who maintained industry relationships during previous political gaps are now charging $2K/day as “liaison consultants.”
Summary
If you skipped everything: US government agencies just abandoned the biggest security conference because they don’t like who’s running it. Chinese hackers are still inside US infrastructure. The feds who were supposed to coordinate defense against them are now staying home. Information vacuum = opportunity for anyone willing to fill it.
One More Thing
When governments prioritize politics over security, the people who profit are the ones selling protection. Be on the selling side.
Source: The Register
!