RSA Conference 2026 runs April 28 through May 1 at the Moscone Center in San Francisco. I'll be there the full four days working the Feitian booth on the expo floor. If you're attending and want to talk enterprise authentication, passwordless, or Zero Trust — stop by or scan my QR code to set up a meeting in advance.
What I'll Be Showing at the Booth
Feitian makes some of the most widely deployed FIDO2 hardware security keys and PIV smart cards in the market. At the booth I will have live demos of the full product line: BioPass FIDO2 keys (fingerprint-authenticated, no PIN needed), multi-protocol keys that support FIDO2, PIV/PKCS#11, and TOTP simultaneously, and our new NFC keys optimized for mobile-first enterprise environments.
For federal and CMMC-scoped environments, I will also be walking through our PIV smart card solutions that align with NIST SP 800-73 and support CAC/PIV issuance workflows. If your agency or contractor base is running a HSPD-12 or PIV-I program, those are conversations I want to have at the show.
Beyond hardware, I will be contextualizing how our solutions fit into broader Zero Trust architectures — specifically how phishing-resistant MFA satisfies the authentication pillar of a CISA Zero Trust Maturity Model implementation.
Who Should Stop By
If any of the following describes you, I want to talk: CISOs and security directors evaluating phishing-resistant MFA to satisfy cyber insurance requirements or CMMC Level 2/3 compliance. IT Directors at healthcare systems facing HIPAA audit findings on authentication. IAM architects designing a passwordless roadmap for a large enterprise. Compliance and risk officers in government, defense, or education dealing with executive order requirements around phishing-resistant authentication. Channel partners and resellers who want to add a best-in-class FIDO2 hardware line to their portfolio.
What I'm Hoping to Learn
RSAC is where I recalibrate my sense of where the market is heading. This year I'm specifically focused on three questions: How fast are large enterprises actually moving from legacy MFA (SMS OTP, push notifications) to phishing-resistant? Where does passkey adoption stand in regulated industries — healthcare, federal, finance — versus the consumer market narrative? And what are security architects prioritizing when it comes to post-quantum readiness for authentication?
If you have opinions on any of those, I genuinely want to hear them. The best conversations I've had at past RSACs were not at the booth — they were in the hallways. Find me.
Let's Meet at the Show
The easiest way to find me: scan the QR code on my badge or visit kevintlam.com/meet?event=rsac to leave your email and I will follow up with my schedule and a link to case studies relevant to your industry.