IDAC Podcast – Mr. NHI, Lalit Choda, on Securing the Exploding World of NHI

Join Jim McDonald and Jeff Steadman on the Identity at the Center podcast as they welcome Lalit Choda, founder and CEO of the Non-Human Identity Management Group.

Lalit, also known as “Mr. NHI,” shares his journey from investment banking to becoming a leading expert in non-human identities.

This episode delves into the critical and often overlooked world of NHI, exploring why it’s such a hot topic now, the challenges practitioners face in managing these identities, and how to approach the problem from a risk-based perspective.

Lalit discusses the limitations of traditional PAM and IGA tools for NHI, the importance of foundational controls, and the alarming implications of AI on non-human identity management.

Plus, hear a fun segment about vinyl records and some surprising finds!

Chapter Timestamps:

00:00:00 – Introduction to Lalit Choda and the NHI Community

00:02:31 – Welcome to the Identity at the Center Podcast & IdentiVerse Discussion

00:06:18 – Lalit Choda’s Identity Origin Story: From Mr. SOX to Mr. NHI

00:12:03 – Why Non-Human Identities Are a Big Deal Right Now

00:15:37 – Defining NHI and the Practitioner’s Framework

00:19:13 – The Scale and Challenges of NHI Management

00:23:01 – New Types of NHI and Tooling Limitations

00:27:12 – The Lack of a Single Source of Truth for NHI

00:33:57 – Prioritizing NHI Management and the Role of PAM

00:38:58 – A Risk-Based Approach to NHI and Foundational Controls

00:48:15 – What Scares Lalit Most About NHI (and AI)

00:50:54 – Lalit’s Impressive Vinyl Collection

00:56:38 – Jim and Jeff’s First, Best, and Favorite Albums

01:01:15 – The Intersection of Music and Non-Human Identities

01:02:00 – Wrapping Up & Where to Find More Information

Connect with Lalit:   / lalit-choda-5b924120  

Non-Human Identity Management Group: https://www.nhimg.org/

Connect with us on LinkedIn:

Jim McDonald: jimmcdonaldpmp

Jeff Steadman: jeffsteadman

Visit the show on the web at http://idacpodcast.com

Model Context Protocol Article Features in AI Cyber Magazine

Really humbled for our NHI Mgmt Group to be featured in a brand new AI Cyber Magazine launched by Confidence Staveley and her amazing team, where we cover Model Context Protocol (MCP) – The Missing Layer in Securing Non-Human Identities

We explain :

– What exactly is Model Context Protocol (MCP)

– How MCP and NHIs intersect

– MCPs approach to tackling NHI Issues

– Some of the potential challenges with MCP

We hope you enjoy the article.

Forrester Blog – NHIs stole the show at Identiverse

Super proud that Merritt Maxim at Forrester called out that NHIs overshadowed AI at Identiverse and specifically called out the NHI Workshop and NHI Pavilion our NHI Mgmt Group hosted.

Great to see our mission to educate and evangelise about NHIs is getting major recognition from one of the leading global research and advisory firms.

Summary below and link to the full post here :

“Protecting NHIs is as critical as securing AI. My expectation at Identiverse was agentic AI would be everywhere. While there was ample AI and agentic content, it was overshadowed by non-human identities (NHI) content. While my colleague Geoff Cairns and I prefer machine identities over NHI, I am using NHI in this blog for simplicity’s sake. From the opening NHI workshop to the NHI Pavilion on the exhibit floor to other breakout sessions, you couldn’t escape NHI at Identiverse! This hype is driven by two factors: 1) the rapid increase in the number of NHIs (e.g. service accounts, API keys, secrets, and certificates and now ephemeral cloud workloads, and agentic); and 2) the increase in attacks against NHIs because of their elevated, often excessive, privileges. Many vendors are quickly working to address NHIs and organizations need to prioritize this and look to analytics and automation for governing NHIs going forward.” 

A Practitioners Guide To Managing Non-Human Identity (NHI) Risks

Lalit Choda (Mr. NHI) founder of the NHI Mgmt Group, gives a talk on “A Practitioners Guide to Managing Non-Human Identity Risks” at Identiverse, Mandalay Bay, Las Vegas June 5th.

Lalit shares details of an event where an NHI was inappropriately used causing operational impact, it then took 3 weeks to cycle one password – this event was the trigger for starting a huge NHI program.

Lalit then shares his experience running one of the largest regulatory NHI programs in the financial industry, dealing with over 100,000 NHIs and developing from the ground up, end-to-end NHI lifecycle processes including Inventory, Claiming, Scanning, Classification, Hygiene, Securing NHIs, Monitoring Controls and Prevent Controls.

NHI Workshop at Identiverse

Our NHI Mgmt Group hosted the biggest ever Non-Human Identity Workshop at Identiverse, Mandalay Bay, Las Vegas on Tuesday 3rd June 2025. The half day workshop had close to 250 participants and an amazing 24 guest speakers covering 7 great topics.

---

---

---

---

---

---

---

---

---

---

Webinar – The Expanding Identity Attack Surface: Beyond Human Users

GitGuardian SecDays brings together leading experts and practitioners to share the knowledge and strategies needed to tackle the growing “Identity Problem.” We’ll delve into the challenges of secrets sprawl, the explosion of NHIs, and the evolving threat landscape amplified by AI, providing actionable insights and practical solutions to build a robust identity program.

Join us to explore how forward-thinking companies are addressing the identity attack surface with real-world solutions and best practices for 2025.

NHIs are everywhere, outnumbering humans 100 to 1, yet are often overlooked. Legacy IGA/SIEMs fail to provide continuous authentication in decentralized environments. We’ll dissect the modern identity stack, expose where tech fails, and deliver actionable strategies to secure your hyperconnected NHI landscape.

Webinar: Top Use Cases & Trends in Machine & Workload Identity

As infrastructure becomes increasingly automated, the systems that deploy, manage, and scale it—CI/CD pipelines, service agents, orchestration tools—rely on a growing class of non-human identities (NHIs). These machine actors often operate with persistent credentials, excessive privileges, and limited visibility—leaving critical trust gaps in modern environments.

This session explores three high-impact use cases where addressing NHI is both urgent and achievable:

• CI/CD Pipeline Security: CI/CD platforms frequently use static secrets and over-permissioned service accounts to deploy infrastructure. We’ll walk through how to apply strong identity controls—short-lived credentials, just-in-time access, and session-level auditing—to harden these systems without slowing down delivery.
• Infrastructure-as-Code Workflows: Provisioning and orchestration tools often authenticate with long-lived credentials and execute plans with sweeping access. Learn how to introduce scoped, ephemeral identities into your automation flows—without disrupting developer velocity.
• Federated Workload Identity: Multi-cloud and hybrid services need to authenticate and authorize without relying on shared secrets or brittle one-off integrations. This talk will outline patterns for issuing verifiable, short-lived credentials across environments, enabling secure service-to-service trust without sacrificing velocity.

These use cases establish a clear model for managing non-human identity risk—one rooted in Zero Trust, built for automation, and grounded in real-world implementation.

Our Founder Named 2025 Top-50 Cybersecurity Influencer

We are super proud and humbled for our founder Lalit Choda (Mr. NHI) to be recognised as one of the Top 50+ Cybersecurity Influencers to Follow in 2025 by GrackerAI – https://gracker.ai/cybersecurity-marketing-library/cybersecurity-influencers-experts-2025/

Lalit Choda – Founder and CEO, NHI Mgmt Group, known as “Mr. NHI” the leading voice/evangelist in Non-Human Identity Management

A real honour to be recognised amongst some of the most influential cybersecurity leaders in the industry including :

Katie Nickels – Director of Intel @ Red Canary, MITRE ATT&CK Evangelist

Dr Magda Chelly – Founder of Responsible Cyber, AI Risk Management

Lesley Carhart – ICS/OT Security Expert @ Dragos, Diversity Advocate

Dean Sysman – Cybersecurity entrepreneur, Forbes Under 30, CEO of Axonius ($2.6B).

Brian Krebs – Cybersecurity journalist, founder of KrebsOnSecurity, ex-Washington Post. 20+ years covering cybercrime & security issues.

Rinki Sethi – Award-winning security leader, ex-IBM, eBay & Walmart. Expert in product security, M&A & global security strategy.

Helen Yu – Founder & CEO of Tigon Advisory, AI & cybersecurity leader, WSJ bestselling author, speaker & mentor. Host of CXO Spice.

Jessica Barker MBE PhD – Cybersecurity expert, author & speaker. Co-founder of Cygenta, specializing in human security, awareness & culture.

Daniel Miessler – AI/security researcher, creator of Fabric, ex-Apple & Robinhood. 25+ years in InfoSec, speaker, mentor & AI framework developer.

Joe Head – Cutting through cybersecurity marketing noise. Molto delivers clear, trust-building content that attracts clients—no fluff.

David Spark – Producer, Managing Editor, Co-Host at the CISO Series. Focuses on cybersecurity leadership and executive insights.

and many others …

An honour to also be listed under the LinkedIn Cybersecurity Influencer category, amongst an amazing set of industry leaders :

Lalit Choda – Leading voice/evangelist on Non-Human Identity (NHI) risks

Chuck Brooks – Cybersecurity thought leader and influencer

Lisa Forte – Expert in crisis simulation and cybersecurity

Kavya Pearlman – Founder of XRSI, metaverse security expert

Jane Frankland MBE – Advocate for diversity in cybersecurity

Caroline Wong – Cybersecurity leader and educator

Helen Yu – Business and cybersecurity strategist

Many congrats to everyone nominated in the below categories :

– Top 50+ Cybersecurity Influencers to Follow in 2025
– Technical Experts
– Cybersecurity Strategy & Leadership
– Cybersecurity Marketing & Awareness
– Cybercrime & Investigative Journalism
– Government, Policy & Cybersecurity Law
– Cyber Risk, Compliance, and Fraud Prevention
– Cybersecurity Awareness & Human Factors
– Rising Stars
– Women Leaders in Cybersecurity
– Niche Category IT Security Experts
– Crisis Heroes: Influencers Who Stopped Real Attacks
– Influencer for Cybersecurity Marketers
– Social Platform Influencers on LinkedIn, Twitter, Instagram, YouTube, Facebook, Reddit, TikTok, GitHub

Webinar – Emerging Trends In Non-Human Identity Management

Emerging Trends in Non-Human Identity Management

From Agentic AI Security to Secretless Machine Authentication

June 18th – 1pm EST

Join us for a power-packed discussion with three thought leaders in the industry :

• Lalit Choda, Founder of the Non-Human Identity Management Group
• Oded Hareven, CEO & Co-Founder of Akeyless Security
• Suresh Sathyamurthy, CMO of Akeyless Security

In addition to understanding the fundamentals and risks associated with Secrets and Non-Human Identities, you will also learn about future trends including identity security needs for AI Agents, Workload Identity Federation and Secretless Machine Authentication.

Webinar – How AI Agents Impact NHIs and the Attack Surface

Join experts on May 22nd:

Non-Human Identities are a hot topic in 2025, and Agentic AI is exploding across tech, quickly impacting cybersecurity.

It’s critical for security teams to understand how NHIs and AI agents impact each other, because more agents from increasing adoption rates means larger attack surfaces…ultimately making cybersecurity responsibilities more challenging.

Tune in on Thursday, May 22nd at 11am ET.

This webinar will give you:

• A walkthrough of AI agents and their impact on NHIs
• A practical look at how AI adoption is driving NHI growth and complexity
• A personal testimony from a security leader impacted by attack surface growth
• A plan of action to control the chaos that can follow AI Agents and NHIs and more!