The Rapid7 2026 Global Cybersecurity Summit is just around the corner, and with it, a final opportunity to join the conversations shaping how security teams are adapting to a rapidly changing landscape.

Over the past few weeks, we’ve shared a preview of what to expect, from the sessions and speakers to the themes running across the agenda. What has become increasingly clear is how closely these topics are connected. Security teams are being asked to move beyond reacting to incidents and instead understand how attacks begin, how they evolve, and how decisions can be made earlier with greater confidence.

What you will gain from attending

Across two days, the summit is structured to reflect how security teams actually operate. The first day builds a shared understanding of how the threat landscape has shifted, while the second day offers more focused sessions tailored to both leaders and practitioners.

Sessions such as The Reality of Running a SOC in 2026 and Inside the Modern SOC explore how attacks unfold in practice, following signals from initial access through to response. These discussions highlight how analysts interpret activity across identity, cloud, and endpoint environments, and how decisions are made when multiple signals compete for attention.

Other sessions, including Beyond the Vulnerability List and From Cloud Exposure to Runtime Attack, focus on how exposure is changing the way teams prioritize risk. The emphasis is on understanding context and how exposed assets actually are to attackers, helping teams determine which issues are most likely to lead to impact and where effort should be focused.

Alongside this, sessions like The AI Dilemma: Automating Defense Without Surrendering Judgment examine how AI is being applied within SOC workflows. The discussion moves beyond theory and looks at how teams are balancing automation with human oversight, ensuring that speed does not come at the expense of trust or accountability.

What’s changing for security teams right now

Security operations are evolving in response to changes in both attacker behavior and organizational complexity. Environments are more distributed, signals are more fragmented, and the time available to respond continues to shrink.

As a result, the focus is shifting toward earlier action, better prioritization, and more connected decision-making. This means linking exposure with detection, reducing unnecessary noise, and building workflows that allow teams to act with clarity when it matters most.

Across the summit, these ideas are explored from multiple perspectives, but they consistently point toward the same outcome. Teams that can connect context, visibility, and response are better positioned to reduce risk before it becomes an incident.

Secure your place

With the event approaching, this is the final opportunity to register and take part in these discussions. Whether you are responsible for strategy, operations, or day-to-day detection and response, the summit is designed to provide practical insights that can be applied immediately.

Join us on May 12–13 and see how security teams are putting these approaches into practice across real environments.

Register now

The full agenda for the Rapid7 2026 Global Cybersecurity Summit is now live, and it gives a clearer sense of how the conversation around security operations is evolving.

Across two days, the sessions progress from a shared understanding of how threats are changing into a more detailed look at how teams detect, respond, and make decisions in practice.

Day 1: How threats evolve and how teams respond

The day opens with a keynote, Defense Starts Earlier Than You Think, where Brian Castagna is joined by Craig Robinson, Research Vice President at IDC, to examine why complexity has become the main barrier to effective security and what changes when teams start acting earlier.

That context carries into The Reality of Running a SOC in 2026, featuring Raj Samani alongside Rachel Tobac, CEO of SocialProof Security, and Graham Cluley, cybersecurity speaker and podcast host. The discussion focuses on how attacks actually begin, from identity misuse to cloud misconfigurations, and why defenders often fall behind as those attacks evolve.

In Customer Panel: How Clarity Beats Complexity, leaders including Debby Briggs, CISO at Netscout Systems, Raheem Daya, Chief Technology Officer at Target RWE, and Will Lambert from Culligan International share how they are simplifying their environments and focusing on outcomes rather than activity.

From there, Inside the Modern SOC: Who Carries You Through an Incident walks through a real investigation step by step, showing how alerts are triaged, decisions are made, and outcomes are shaped under pressure.

The conversation then turns to AI in The AI Dilemma: Automating Defense Without Surrendering Judgment, where the role of AI in the SOC is examined through the lens of trust, transparency, and how it supports analyst decision-making in practice.

In Beyond the Vulnerability List, the focus shifts to exposure management, looking at how organizations are moving beyond static vulnerability tracking and using exposure as an early signal to guide detection and response.

That idea of validation continues in Using Red Teaming to Power Preemptive MDR, where continuous adversary testing is used to prove detection coverage and refine response workflows before an incident occurs.

The day also includes a short look at Rapid7: What’s New and What’s Next, connecting recent innovations across exposure management, MDR, and AI to how teams operate in practice.

The closing session, Persistence Under Pressure, introduces a different perspective. Former Special Forces operator Jason Fox draws on real-world experience to explore preparation, understanding the adversary, and how teams make decisions when conditions are less predictable.

Day 2: Strategy for leaders, execution for practitioners

The second day builds on that foundation, with two dedicated tracks designed around how security teams actually work.

For security leaders, The CISO’s Role in Enterprise Transformation brings together perspectives from Craig Robinson and Horst Moll, CISO at Miltenyi Biotec, to explore how the role of the CISO is evolving beyond technical leadership into broader organizational influence.

That is followed by How Exposure Insights Reframe Risk and Security Decisions, which looks at how leaders define priorities and align teams when exposure data is tied more closely to real-world risk.

In A CISO’s Guide to MDR Accountability and Outcomes, the focus moves to how effectiveness is measured, shifting from activity-based metrics toward outcomes that reflect business impact.

The leader track closes with Customer Panel: What CISOs Would Do Differently If Starting Today, featuring CISOs including Jonathan Chow of Genesys and Tony Arnold of TSB Bank, reflecting on what they would change or simplify based on experience.

For practitioners, Hunt or Be Hunted: Frontline Tales of Detection walks through a real incident, showing how analysts decide what to investigate and how signals are correlated across environments.

The New Rules of Detection Engineering builds on that with insights from Steve Edwards, Director of Threat Intelligence Detection Engineering, focusing on detection-as-code and how teams prioritize signals in practice.

In From Cloud Exposure to Runtime Attack, Shauli Rozen, CEO and Co-founder of ARMO, and Ben Hirschberg, CTO and Co-founder, walk through a cloud attack scenario to show how risks escalate and how they can be interrupted earlier.

The practitioner track closes with IR in Practice: Tools, Tradecraft, and Adversary-Informed Investigation, where Shanna Battaglia and Michael Cohen demonstrate how open-source tools and real-world workflows come together during incident response.

Register and join the conversations

Taken together, the agenda reflects a shift that runs through every session. Security operations are moving toward earlier decisions, better prioritization, and a clearer understanding of what matters in the moment.

If you want to see how that shift is playing out across strategy, detection, and response, this is where those conversations come together.

Join us May 12–13 and explore the full agenda in practice.

Register now.

At this year's Gartner Security and Risk Management Summit in Sydney, Rapid7 CISO Brian Castagna joined industry CISO Nigel Hedges for a fireside chat on the decisions security leaders are actually making right now. They discussed the real decisions being made right now about budgets, burnout, AI, and perspective on consolidation.

The conversation reinforced what we see across many organizations: SecOps is very much focused on protecting business resilience, enabling confident decisions by senior security leaders, and building programs that scale across people, platforms, and emerging technology. Let's now take a look at some of the main highlights from this year's Summit.

The business case for SecOps has shifted and boards are listening

The ‘invest in security or get breached’ pitch has run its course. Boards have heard it too many times; plus, it frames security as a cost center that only proves its value when something goes wrong.

We’re seeing it being replaced by a resilience narrative. In most incidents, the biggest business impact is operational disruption. Hours or days of downtime create immediate revenue loss, reputational damage, and perhaps worse still for some, regulatory exposure. CISOs who can connect their programs to that reality – translating incident data into business availability and financial risk – find it significantly easier to justify spend and shape investment decisions.

That shift in dynamic changes what gets measured and prioritized as well as how security leaders communicate upward to the board. Threat intelligence and kill chains still matter inside the SOC, but the ability to translate that to a clear risk narrative is fast becoming a leadership requirement in its own right.

Platform consolidation is growing, but it's not binary

The platform-vs-best-of-breed debate was notably pragmatic. The real question is how to strike the right balance: Consolidate where it improves efficiency and visibility, retain point solutions where they materially reduce a specific risk.

On the ground, budget pressure has accelerated this. Fewer vendors, more integrated telemetry, and clearer operational ownership help make spend more defensible. The discussion framed consolidation through the lens of ‘control planes’ (endpoint, gateway, network), with shared telemetry as the connective layer.

A real-world example grounded the conversation: Build a global security program for a 5,000-person organization across 40 countries on a $3 million budget, using a selective mix of MDR, PAM, EPM, and targeted point solutions only where necessary. Throughout, the operating principle was simple in that every security investment needs to answer one question: What risk does this reduce, and importantly, what business outcome does it protect?

People remain the most difficult element of SecOps

Technology and process can be engineered, but people? They’re much harder. That was one of the most practical observations from the session, and it resonated with every security leader in the room.

The challenge goes beyond hiring technical talent to ensure organizations are building teams with the right mix of communication skills, cognitive diversity, motivation, and endurance. A common gap seen in the SOC is that many teams are strong technically but few can articulate risk effectively to executives. That matters because the value of SecOps increasingly depends on how well teams connect activity to impact.

At the same time, burnout remains a structural issue. When experienced analysts leave, institutional knowledge leaves with them. And no tool can replace that. For leaders, this reinforces the point that people strategy is core to the overall security strategy.

AI in SecOps is getting very real, and very practical

After a long hype cycle, the AI conversation is now far more grounded. The most credible use cases in SecOps are about helping teams manage volume, reduce noise, and move faster with better context.

The examples discussed in the session were telling: alert-assisted triage, natural-language log querying, incident summarisation, first-draft executive communications, and eventually more automated investigation workflows. The framing that landed best was AI as a ‘sidearm partner’; a force multiplier for experienced practitioners, rather than a substitute for judgment.

That distinction matters as human judgment is essential. But AI is becoming increasingly valuable for understaffed teams trying to scale operations and preserve the institutional knowledge that walks out the door when analysts move on.

Governing agentic AI begins with foundations you should already have

As the discussion turned to agentic AI, the focus centred on how more autonomous AI systems do introduce new governance questions, but many of the relevant controls already exist within mature security programs. Segmentation, least privilege, access management, and strong architectural boundaries remain the core defenses.

One analogy stuck: Just as graphite rods slow a nuclear chain reaction, controls like network segmentation and access boundaries can contain and constrain agentic behavior. The organizations best positioned for AI governance are often the ones that have already invested in zero trust principles and sound identity controls.

That reframes the conversation. AI governance isn’t a separate discipline,  it’s the extension of existing security foundations into how AI systems behave, access data, and operate within defined boundaries.

What this means for the road ahead

If there was a unifying message, it was that the modern SecOps mandate is bigger than prevention. The industry has, to some extent, over-rotated on stopping threats and under-invested in resilience. 

Security leaders require programs that communicate risk in business terms, make smart technology trade-offs, support their people, and adopt AI in ways that are practical and governable. The organizations that get this right will be the ones building strong foundations and using the right mix of platform, process, and intelligence to move faster and more confidently. 
Rapid7 is committed to being a partner to organizations looking to gain that confidence. Our exposure-informed MDR service empowers teams to adopt a more preemptive security posture by rapidly identifying high-impact exposures that could be imminent breach targets. Teams can also leverage expanded capabilities in data security posture management (DSPM) and compliance to help fortify assessment, prioritization, and response capabilities so they can further preempt attacks across the modern attack surface.

Security teams prepare for incidents every day. Alerts are tuned, playbooks are built, and processes are tested. But when something actually happens, the challenge shifts. It becomes not just about making decisions under pressure, but how well that preparation has set teams up to make the right decisions when things heat up.

At this year’s Rapid7 Global Cybersecurity Summit, Persistence Under Pressure explores that shift directly. Former Special Forces operator Jason Fox draws on real-world experience where timing, clarity, and execution all have immediate consequences, and shows how that mindset applies to modern security operations.

In our keynote talk Persistence Under Pressure, former Special Forces operator Jason Fox brings experience from environments where timing, clarity, and execution all have immediate consequences. His session looks at how that mindset translates into modern security operations, where teams are expected to act quickly, often without complete information.

The parallels are clear: Incidents do not unfold in controlled conditions. Signals compete for attention, priorities shift, and decisions need to be made in real time. What matters in those moments is not just having the right tools, but knowing how to stay focused and act with confidence.

This session explores practical ideas that apply directly to security teams, from how preparation shapes response to how understanding the adversary influences decision-making, and why composure and clarity can make the difference when pressure builds.

It also reinforces a broader theme running throughout the summit. Preemptive security operations are not only about detecting threats earlier but about enabling better decisions across the entire lifecycle, from preparation through to response and recovery.

If you are looking to understand how security operations are evolving, this session offers a different but valuable perspective. One that connects strategy and technology back to the people responsible for making it work.

Join us May 12–13 and hear how these principles apply in practice. Register now.

Security teams are dealing with a different kind of pressure now. It is not just the volume of alerts or the pace of attacks, but also the gap between what teams can see and what they can act on with confidence.

That gap shows up in different ways. Threats move across identity and cloud in ways that are difficult to track, exposure data exists but often sits disconnected from response, and AI is being introduced into workflows without a clear role in decision-making.

This year’s Rapid7 Global Cybersecurity Summit brings those threads together as part of the same operational solution.

1. You need a clearer view of how attacks actually unfold

A lot of detection strategies still assume attacks follow a clean path. In practice, they do not. They start in one place, move quickly, and often rely on small gaps rather than obvious failures.

Sessions like The Reality of Running a SOC in 2026 break this down in detail, looking at how attacks begin with things like identity misuse or cloud misconfiguration, then evolve as defenders try to keep up. That matters because it changes how detection should be designed. Coverage alone is not enough if teams do not have the context created by strong exposure management to interpret what they are seeing.

That same idea carries into Inside the Modern SOC, where a real investigation is followed from first alert to outcome. It is a useful reminder that detection is only part of the problem.Deciding how to respond, and doing it quickly, is the critical next step.

2. Exposure only matters if it connects to action

Most teams already have some form of exposure management in place. The challenge is making it useful. A long list of vulnerabilities does not help much if it is not tied to how risk actually shows up in the environment.

Sessions like Beyond the Vulnerability List and From Cloud Exposure to Runtime Attack focus on that connection. They look at how exposures turn into active threats, often before any alert is triggered, and how teams can use that information to prioritize earlier.

Here’s the part people miss. Exposure is not just about knowing what is wrong. It is about understanding what matters now, based on how the environment is being used and how attackers are likely to move through it.

3. AI is only useful if it improves decisions

AI is already part of most security conversations, but the reality is nuanced. In some cases it helps reduce noise and speed up investigations. In others, it creates new questions around trust and transparency.

The AI Dilemma: Automating Defense Without Surrendering Judgment tackles this directly. It looks at where AI is helping in real SOC workflows, where it can get in the way, and why explainability matters if teams are going to rely on it. The discussion is grounded in how analysts actually work, not just what the technology promises.

There is also a broader point here. Attackers are using AI as well, which means the balance between speed and accuracy is becoming more important on both sides.

Join the conversation

Across these sessions, the common doesn’t stem from any single technology. It is how teams connect signals, context, and decisions in a way that holds up under pressure, which shows up in how threats are understood, how exposure is prioritized, and how AI is applied. It is also why the summit is structured the way it is, moving from shared context on day one into more focused, role-based sessions on day two.

More sessions and speakers will be added in the coming weeks, but the direction is already clear. Security operations are shifting toward earlier decisions, better prioritization, and fewer assumptions.

If your work touches AI, threat detection, or exposure management, this is where those conversations start to come together.

Join us May 12–13 and see how teams are approaching it in practice.

Register now.

Cloud environments have changed how security teams detect and respond to threats. Signals come from more places, identities are harder to track, and attacks rarely stay within a single system. For many teams, the challenge is no longer visibility. It is having the risk context to understand what matters and act on it quickly. This shift is reflected in the conversations shaping this year’s Rapid7 Global Cybersecurity Summit.

Taking place May 12-13, the summit explores how detection and response are evolving across cloud, identity, and endpoint environments. The focus is practical: how attacks actually unfold, how teams respond under pressure, and how detection strategies need to adapt.

Detection is no longer just about coverage

One of the clearest themes across the agenda is that traditional detection models are struggling to keep pace with attackers. Environments are more dynamic, and attackers are more targeted. Catching everything is no longer realistic, and in many cases it is not useful.

Sessions like The New Rules of Detection Engineering will examine this shift in detail. The focus moves away from volume and toward precision. It will ask questions like: What makes a detection meaningful? How should teams prioritize signals? And how can detection strategies support real outcomes rather than just generate alerts? This is especially important in cloud environments, where context changes quickly and signals are often incomplete.

Understanding how attacks actually unfold

To improve detection, teams need to understand how attacks behave in practice. Several sessions across the summit focus on this directly.

The Reality of Running a SOC in 2026 will explore how modern attacks begin — from identity misuse to cloud misconfigurations— and how they evolve over time. Rather than following a predictable path, attacks move across systems, taking advantage of gaps in visibility and delayed decisions.

This theme continues in sessions like Inside the Modern SOC, where attendees follow a real investigation from first alert to outcome. These walkthroughs show how signals are correlated across environments and how decisions are made when time and clarity are limited.

From exposure to runtime risk

Cloud security also requires a closer connection between exposure and detection. In many cases, incidents begin long before an alert is triggered.

Sessions such as From Cloud Exposure to Runtime Attack explore how misconfigurations, permissions, and overlooked risks lead to active threats. The focus is on how teams connect exposure insights with runtime behavior to improve prioritization and respond earlier in the attack lifecycle.

This is a practical shift. Detection is no longer a separate function but part of a broader process that starts with understanding exposure and continues through to response.

What this means for security teams

Across these sessions, a consistent message emerges: Detection strategies need to be grounded in how environments actually behave, not how they are expected to behave.

This means focusing on signal quality rather than volume, connecting data across cloud, identity, and endpoint, and building workflows that support faster decisions. It also means accepting that not all alerts have equal weight, and that prioritization is a core part of modern detection.

A preview of what’s to come

Cloud detection is just one part of a broader shift happening across the summit. Sessions on MDR, AI, and exposure management all connect back to the same idea. Security operations must move earlier, reduce noise, and act with greater confidence.

If you are rethinking how your team detects and responds to threats in cloud and hybrid environments, this is where those conversations come together.

Join us May 12–13 and see how security teams are evolving their detection strategies for 2026.

Register now.

The agenda for the Rapid7 2026 Global Cybersecurity Summit is starting to take shape, and with it, a clearer picture of the conversations security teams need to be having right now.

Taking place May 12–13, this year’s summit brings together a mix of security leaders, practitioners, analysts, and industry voices to explore how organizations are moving from reactive defense to preemptive security operations. The focus is practical. What is changing, what is not working, and what teams need to do differently.

Voices from across the industry

This year’s lineup reflects that shift. Alongside Rapid7 experts and customer speakers, the summit will feature well-known voices from across the security community.

Rachel Tobac, CEO of SocialProof Security, joins the keynote panel The Reality of Running a SOC in 2026, bringing a perspective grounded in how modern attacks actually begin and how attackers adapt in real time. She is joined by cybersecurity speaker and “Smashing Security” podcast host Graham Cluley, whose work has long focused on translating complex threats into practical understanding for security teams.

From an analyst perspective, Craig Robinson of IDC and Dave Gruber of Omdia add an external view on how the market is evolving, where organizations are investing, and how security programs are being measured. Their contributions help ground the discussion in broader industry trends, not just individual experiences.

Customer voices also play a central role. Leaders from organizations such as Netscout Systems, Target RWE, and Miltenyi Biotecwill share how they are navigating complexity, validating decisions around MDR and platform consolidation, and focusing on outcomes rather than activity.

What to expect during the show

Across two days, the summit is structured to reflect how security teams actually operate.

Day one focuses on shared context with sessions like Defense Starts Earlier Than You Think and The Reality of Running a SOC in 2026 examining how the threat landscape has shifted and why traditional approaches are struggling to keep pace. From there, sessions such as Inside the Modern SOC and Using Red Teaming to Power Preemptive MDR move into how detection, response, and validation work in practice.

The goal is to connect the full picture: how attacks begin, how they progress, and how teams respond when it matters.

Day two is more focused on the unique needs of particular security roles. The two dedicated tracks allow attendees to go deeper into the implications of modern security evolution based on their daily realities.

For security leaders, sessions such as The CISO’s Role in Enterprise Transformation and A CISO’s Guide to MDR Accountability and Outcomes explore governance, accountability, and ways to measure effectiveness that reflect real business risk.

For practitioners, sessions like Hunt or Be Hunted and IR in Practice focus on the mechanics of investigation, detection and response. These sessions look closely at how analysts triage signals, how decisions are made under pressure, and how response workflows hold up in real environments.

Across both days, the agenda is designed to move beyond theory with each session connecting back to the same core concept. Security teams need to act earlier, reduce uncertainty, and make decisions with greater confidence.

Secure your spot

If you are looking to understand how security operations are evolving, and how teams are putting that into practice, this is where those conversations come together.

Join us May 12–13 and see how organizations are building more resilient, preemptive security operations.

Register now.

Red teaming has always played a role in testing defenses, but in 2026 its role is changing. Security teams are no longer asking whether an attacker can get in. That question has already been answered. The real challenge is whether teams can detect, validate, and respond before an incident escalates.

That shift sits at the center of this year’s Rapid7 Global Cybersecurity Summit, taking place on May 12-13. As part of the Continuous Threat Defense pillar, the summit will explore red teaming not as a standalone exercise, but as a core input into how modern security operations function day to day.

From validation to continuous feedback

In sessions like Using Red Teaming to Power Preemptive MDR, the focus moves away from point-in-time testing and toward becoming part of a continuous feedback loop. Detection logic is tested against real attacker techniques and gaps are exposed before they become incidents. Response workflows are refined in conditions that reflect how attacks actually unfold, rather than how they are expected to behave.

This represents a clear shift from traditional engagements. Instead of producing a static report, red teaming feeds directly into detection engineering and MDR operations. Many teams still rely on assumptions about coverage, but those assumptions often break down under pressure. Continuous validation helps close that gap.

Aligning red teaming with how attacks really happen

Modern attacks rarely follow a clean path. They move across identity, cloud, and endpoint, taking advantage of timing, visibility gaps, and delayed decisions. Red teaming has to reflect that reality.

At the summit, the conversation connects adversary behavior with how detection and response teams operate in practice. This includes how signals are correlated across environments, how escalation decisions are made, and where teams lose time during an investigation. The goal is not to simulate attacks for the sake of it, but to understand how those attacks would be detected, prioritized, and contained in a real environment.

Why red teaming matters now

The move toward preemptive security operations depends on confidence. Teams need to know that what they have built will hold up when it matters. Red teaming supports that by grounding security programs in evidence. It shows what works, highlights what does not, and gives teams an opportunity to improve before a live incident forces change.

This becomes even more important as organizations adopt MDR models, integrate AI into workflows, and operate across increasingly complex environments. Without continuous validation, complexity creates blind spots that are difficult to see until it is too late.

Rapid7's Cybersecurity Summit: A preview of what’s to come

Red teaming is one part of a broader shift happening across the summit. Sessions across detection, response, AI, and exposure management all point in the same direction: Security operations must move earlier in the attack lifecycle, reduce noise, improve prioritization, and support faster decisions with better context.

More sessions and speakers will be announced in the coming weeks, building out how this shift is being applied in practice. If you are responsible for detection, response, or validation of your security program, this is a conversation worth being part of.

Join us May 12–13 and see how teams are using red teaming to strengthen modern security operations.

Register now.

Detection and response are under pressure. Expanding attack surfaces, identity misuse, cloud sprawl, and AI-accelerated threats have changed what “ready” looks like for a SOC. That’s why this year’s Global Cybersecurity Summit places continuous threat defense at the center of the conversation.

The focus is clear: this is what modern MDR looks like when it’s designed to disrupt attackers earlier, not just react to them faster.

2026 MDR sessions: A sneak peek

Throughout the summit, several sessions will explore how detection and response are evolving in practice. In this year’s “Inside the Modern SOC”, we’ll look at how response actually unfolds when pressure is high and decisions matter. It’s a close examination of ownership, escalation, and how teams coordinate across endpoint, identity, and cloud telemetry.

In “Using Red Teaming to Power Preemptive MDR”, the conversation shifts upstream. Rather than treating red teaming as a compliance exercise, this session examines how continuous testing strengthens detection coverage and validates response workflows before a real attacker forces the issue.

For the executive leaders “A CISO’s Guide to MDR Accountability and Outcomes” will examine MDR through a leadership lens, describing how leaders can best evaluate performance, define success, and ensure response strategies hold up under scrutiny. As detection models grow more complex, clarity around accountability can become just as important as technical capability.

For hands-on practitioners, “Hunt or Be Hunted: Frontline Tales of Detection” offers a scenario-driven walkthrough of how SOC analysts triage signals, manage handoffs, and make decisions under real operational pressure. Meanwhile, "IR in Practice: Tools, Tradecraft, and Adversary-Informed Investigation” provides a deeper look at investigative workflows – including practical use cases and adversary-informed response approaches.

What preemptive MDR really means

Together, these sessions represent part of a broader theme: Preemptive security operations is not about adding more tools or generating more alerts. It is about reducing uncertainty, aligning exposure with detection, and building workflows that allow teams to act with confidence.

And this is only a preview. Additional sessions, speakers, and perspectives will continue to be announced as the summit approaches.

If you’re responsible for detection strategy, response readiness, or MDR governance, this track is designed to meet you where you operate. Join us May 12–13 and be part of the shift toward more confident, preemptive security operations.

Register now

Mark your calendars. The Rapid7 2026 Global Cybersecurity Summit returns May 12–13, bringing together security leaders, practitioners, and industry experts for two days of strategic leadership insight and hands-on operational guidance, designed to equip both decision-makers and defenders to build stronger, more resilient security programs.

This year’s theme is Preemptive Security Operations - a shift from reacting to threats to anticipating and neutralizing them before impact.

Security teams are navigating expanding attack surfaces, AI-accelerated threats, relentless alert fatigue, and increasing pressure to do more with less. The 2026 summit is designed to cut through that complexity and focus on what matters most, helping organizations move from reactive defense to confident, proactive operations.

What to expect from Rapid7's 2026 summit

Whether you’re shaping security strategy at the executive level or defending systems inside the SOC, the summit will deliver actionable insights you can apply immediately.

Day 1 will focus on the big picture. Designed to bring together security leaders, decision-makers, and practitioners around a shared narrative, the first day will explore the paradigm shift shaping modern security operations. Sessions will examine how MDR is evolving beyond monitoring into proactive defense, how exposure management and threat intelligence are converging with it into unified risk strategies, and how AI is changing both attacker capabilities and defender workflows. The emphasis will be on clarity, alignment, and strategic direction, helping organizations rethink how their SOCs operate in an increasingly complex environment.

Day 2 will go deeper. Structured with dedicated tracks for security leaders and frontline practitioners, the second day will provide focused, role-specific content. Leaders will engage with sessions centered on governance, resilience, and executive accountability, while practitioners will dive into real-world detection scenarios, threat hunting methodologies, red teaming insights, and operational playbooks. This two-track approach reflects the reality facing modern security teams: strategy and execution must move forward together.

Why attend Rapid7's global cybersecurity summit?

The Rapid7 Virtual Cybersecurity Summit is built for today’s reality where speed, clarity, and confidence matter more than ever. This year’s focus on Preemptive Security Operations reflects a shift from reacting to incidents toward anticipating and reducing risk before impact. Preemptive security means unifying visibility across the attack surface, aligning exposure with detection and response, and using AI and intelligence to prioritize what truly matters. It’s about giving security teams the insight and authority to act earlier, reduce uncertainty, and strengthen resilience across the organization.

If 2025 was about reacting faster, 2026 is about acting sooner, so save the date now and be part of the conversation shaping the future of preemptive security operations.

May 12–13, 2026
Rapid7 Virtual Cybersecurity Summit

Register here