AI is accelerating both attack capabilities and the complexity of threats. At the RSAC Conference 2026, SmartBrief sat down with Expel’s Chief Security Officer, Greg Notch, to discuss how AI-driven identity and data governance are now urgent challenges as agentic AI raises the stakes for both threat actors and defenders.
What has you excited at RSAC 2026? Do you see anything as more hype right now?
Notch: Well, there’s a lot of hype. Every time there’s a change in the market, there is hype, but I think this one’s different. There’s a bunch of new needs that AI is bringing to the security industry, and I think we’re right at the early edge of that, particularly around identity and data governance. They may seem like old business, but we didn’t really solve it right before. So I’m actually, for the first time in a while, excited about some of the stuff that I’m seeing on the [RSAC show] floor.
Suddenly, we have to deal with agentic AI. And that’s exciting, right? This is a moment. This isn’t blockchain. This is something else.
We are hearing more about identity-first security replacing perimeter-based models. How does AI-powered detection cut through the noise to spot real threats faster?
Notch: AI is enabling attacks at a speed and scale that are unbelievable. You can produce a zero-day in 7 minutes for $2 with Claude, at scale. So now everyone’s an NSA level 2 hacker, right? Everybody can do that. And so what does that mean? Our defenses must become much more autonomous; we must be able to defend at the speed and scale of the attackers. And the only way that we’re going to do that is with automation and autonomous systems. This is a sea-change opportunity for detection and response providers.
How can we help security teams know what matters, what’s legitimate?
Notch: We’re in such an early innings of an extremely fast-moving game that I think a lot of it right now is education – making sure people understand what’s coming. I was just at a conference with about 700 AI practitioners, and the closing thought for all of them was, “Grab everyone you know and tell them this is coming, because it’s going to come fast.” We all need to help each other because security is a team sport, really.
Where do you see AI tools not really living up to their promise?
Notch: There are so many in the AI SOC space, in particular. I don’t think the NHI space is on target for where we need it to be. I think there are a lot of shallow use cases. A good example is SOAR (Security Orchestration, Automation and Response). There are a bunch of examples where AI has been added to a product for the sake of AI.
On the flip side, where are you seeing the most ROI for automation and intelligent augmentation?
Notch: Anything where I can take the expertise of a human and put it into a skill and then make it repeatable and scalable – so detection and response engineering is a good example. I think the big ones will be in patching and in vulnerability remediation; that’s already bearing fruit. Anything that removes toil from security, like GRC or where there’s a large amount of human fact finding and information processing. GRC has been like that for a while.
When a CISO inherits an acquisition, they usually have weeks, not months, to report on risk. How do you provide immediate visibility into a ‘black box’ environment without a massive, multi-quarter deployment?
Notch: I think there’s the before and the after the deal. No one’s killing a deal, say a private equity deal, for security, but it might affect the price, and it certainly might affect the deal timeline. If due diligence is done properly, you kind of know where the bodies are going to be buried anyway. And then start with the basics. Make sure we have things like MFA? The fundamentals are always the fundamentals. And then it’s about, how quickly can you gain visibility in into what’s happening in the environment, how quickly can and, probably more importantly, how quickly can you gain a deep understanding of what the business is trying to do and what brings the cash register for whatever that business is? Because that’s where you want to be spending your time. Resilience is the thing you’re really trying to protect at the end of the day, and continuity and staying aligned with that is where you should spend your time.
Before joining Expel, you served as the NHL’s CISO. Now that you’re on the other side, what is the one thing you realize security vendors consistently get wrong?
Notch: I think failing to stay really connected to where our customers are. The market is not static, and the threat landscape is changing. And, how people solve problems is changing and staying really connected to that and really providing that value to customers. It’s easy to say, ”This is what we do at Expel, or this is what we do at, you know, pick a vendor name,” but really, in the end, what we should be doing is keeping our customers from getting breached. It’s our shared goal.
What is the big thing that Expel is showcasing at RSAC 2026?
Notch: We launched a co-managed SIEM product to address what I was just talking about. An MDR will meet you where you are, but there’s a whole segment of the market who wants a little bit more detection engineering in their environment. They need a little help managing their SIEM – it is a complicated piece of infrastructure. So, we launched a service to help customers provide forward-deployed detection engineering and the ability to manage their SIEM environments.
Meet Greg:
Greg serves as chief security officer at Expel, where he brings over 25 years of cybersecurity and technology leadership to deliver secure, seamless outcomes for customers. Greg was Expel’s first customer, which gives him a rare, inside-out perspective on the outcomes businesses need to secure their operations and drive growth. With this perspective, he leads Expel’s security operations, internal security, IT, business systems, and customer success teams, and uses practical solutions to solve highly complex technical challenges.
If you like these insights on cybersecurity, sign up for the ISACA SmartBrief on Cybersecurity, a daily look at the top news and workforce education topics.