Federal Agencies Withdraw from RSAC After Easterly Hiring Controversy

The cybersecurity community is watching a rare and consequential standoff unfold: multiple U.S. federal agencies have pulled out of participation at RSAC (the RSA Conference) following a hiring controversy involving former CISA Director Jen Easterly. The move has sparked debate about ethics in public-private transitions, how government leaders engage with industry events, and what transparency should look like when high-profile officials are linked to private sector roles.

While RSAC has long been considered a premier gathering for security leaders across government, enterprise, and academia, the current moment highlights how quickly an industry conference can become entangled in broader concerns about influence, trust, and perceived conflicts of interest.

What Happened: The Easterly Hiring Controversy

At the center of the dispute is Jen Easterly, widely known for her tenure leading the Cybersecurity and Infrastructure Security Agency (CISA). Reports and public chatter indicated that Easterly’s name became associated with a private sector hiring arrangement that some observers saw as raising questions about revolving-door dynamics—the pattern where senior government officials transition into industry roles closely aligned with their prior public responsibilities.

Even without evidence of improper conduct, these transitions regularly trigger scrutiny due to their potential to create:

• Perceived conflicts of interest, especially if private sector roles relate to policies, vendors, or programs overseen while in office
• Access and influence concerns, where an executive role may capitalize on government relationships
• Reputational fallout for events and institutions appearing to endorse or benefit from such moves

The controversy escalated quickly because the RSAC stage is influential. Keynotes, panels, and high-profile appearances can shape market perceptions, elevate brands, and set policy narratives—making any suggestion of preferential access or blurred roles especially sensitive.

Why Federal Agencies Withdrew from RSAC

The reported withdrawal of federal agencies from RSAC wasn’t simply about one individual. It reflects a broader institutional concern: public trust. Government security leaders must maintain credibility not only with the public but also with critical infrastructure operators, international partners, and Congress. When a major event becomes tied to a controversy, agencies often choose risk reduction over attendance.

1) Guarding Institutional Credibility

Conference participation is not neutral. When agencies send speakers, host sessions, or participate in events, it can be perceived as an endorsement—of the conference, its organizers, and its governance decisions. If a controversy casts doubt on ethical rigor, withdrawal becomes a way to signal that standards matter.

2) Avoiding Optics That Undermine Cyber Policy Work

Cybersecurity policy depends heavily on cooperation: voluntary reporting, shared threat intelligence, and public-private alignment. If stakeholders believe government leaders are too intertwined with private opportunities, it may discourage collaboration. Agencies may withdraw to avoid optics that:

• Reduce willingness of industry to trust government initiatives
• Fuel political narratives about “insider networks”
• Create distractions from mission-critical work

3) Reassessing Conference Governance and Controls

Large conferences often rely on advisory boards, sponsorship relationships, and speaker selection processes. A high-profile controversy can expose gaps in oversight—prompting agencies to pause participation until they feel confident there are clearer guardrails around:

• Speaker vetting and conflicts-of-interest disclosures
• Sponsorship influences on editorial programming
• Transparency regarding partnerships and decision-making

What This Means for RSAC and the Wider Cybersecurity Industry

RSAC is more than a conference—it’s a marketplace of ideas, a vendor showcase, and a convening ground for policy-and-technical collaboration. When federal agencies withdraw, the impact is significant.

Reduced Government Visibility and Influence

Federal participation traditionally provides:

• Authoritative guidance on threats, compliance, and national priorities
• Direct access for practitioners to ask operational questions
• Shared messaging that improves consistency across sectors

Without that presence, attendees may miss timely updates on federal initiatives, and agencies lose a major platform for amplifying best practices at scale.

Vendor and Sponsor Repercussions

Federal audience participation is meaningful for vendors—especially those operating in regulated sectors or selling into government. If agency attendance or speaking opportunities shrink, vendors may recalibrate marketing spend, booth strategy, and messaging plans. In the long run, it could push conferences to reinforce ethics safeguards simply to maintain credibility with public sector stakeholders.

More Scrutiny on Public-Private “Revolving Door” Transitions

The controversy underscores a broader trend: stakeholders expect clearer boundaries and more disclosure around transitions from government service to private employment. This is not unique to cybersecurity, but cyber is especially sensitive because:

• Government decisions can affect entire markets (e.g., incident reporting rules, procurement priorities)
• Security leaders often have privileged insight into threats and national response plans
• Trust is essential for coordination during crises

Policy and Ethics: What Are the Real Stakes?

Some observers argue that hiring experienced government leaders is beneficial to industry because it strengthens resilience and raises professional standards. Others counter that without strict guardrails, the incentive structure can subtly distort decision-making—even if no laws are broken.

The real stakes include:

• Conflict-of-interest risk: Whether actions taken in public service could be perceived as influenced by future private sector opportunities
• Public confidence: Whether citizens believe cybersecurity leadership prioritizes national interest over personal advancement
• Operational trust: Whether companies feel safe sharing sensitive incident data with agencies

To be clear, the issue is often less about a single decision and more about the perception of systemic vulnerabilities. In cybersecurity—where trust is frequently the most valuable currency—perception has real consequences.

How Conferences Can Reduce Risk in the Future

Regardless of where one stands, conferences can adopt practices that protect their reputation and preserve public sector participation. Common steps include:

• Clear disclosure requirements for speakers regarding affiliations, prospective employment, or compensation
• Independent review committees for keynote and high-visibility speaking slots
• Stronger ethics policies tied to conference governance and advisory roles
• Separation of sponsorship and programming to prevent perceived “pay-to-play” dynamics
• Public transparency statements when controversies arise, including timelines and corrective actions

These measures don’t eliminate controversy, but they help demonstrate that the event takes integrity seriously—an essential condition for attracting and keeping government participants.

What Federal Agencies May Do Next

When agencies withdraw from a major event, they often continue their outreach through alternate channels, such as:

• Smaller targeted forums with vetted participation
• Webinars and virtual briefings that provide controlled messaging
• Sector-specific events (energy, healthcare, finance) where stakeholders are more narrowly defined
• Direct engagement with state and local partners

Over time, agencies may return to RSAC—especially if conference leadership implements changes that address concerns. But the episode suggests that federal participation is not automatic; it is conditional on governance choices that protect the credibility of both the event and the institutions involved.

Conclusion: A Defining Moment for Trust in Cybersecurity

The withdrawal of federal agencies from RSAC following the Easterly hiring controversy represents more than a scheduling decision. It is a signal about trust, transparency, and accountability in a field where cooperation is vital and reputations are fragile.

For RSAC, the situation is a stress test of conference governance and ethical safeguards. For the cybersecurity industry, it’s a reminder that talent mobility between government and the private sector must be managed carefully to preserve public confidence. And for practitioners, it is another example of how cybersecurity is now inseparable from policy, ethics, and institutional legitimacy.

In the end, restoring momentum will likely depend on one thing: whether stakeholders believe that the systems shaping cybersecurity leadership—on stage and behind the scenes—are as resilient and trustworthy as the defenses they advocate.