Non-Human Identity Global Summit
History was created as our NHI Mgmt Group co-hosted the first ever Global NHI Summit at the iconic Nasdaq Marketsite venue in NY on 27th Feb 2025 with Entro Security.
We also used the event to launch our new Logo and Branding, including replacing our iconic t-shirt.
We had 20 industry leading speakers, 11 sponsors and over 200 participants in attendance from all industries, with an amazing agenda, that on the whole, providing thought provoking insights around Non-Human Identities.




Opening Remarks by Itzik Alvas and Lalit Choda (Mr. NHI)
It was a huge honour and privilege to share opening remarks, to kick-off the historic, first of it's kind #NHIGlobalSummit.
After introducing #MrNHI and our NHI Mgmt Group, I welcomed everyone to the event, thanked our sponsors :
Akeyless Security, Twine Security, Andromeda Security, P0 Security, SlashID, Axiom Security, BHI, Aembit, Britive
and our guest speakers :
Olivia Phillips, Nirit Icekson, Daniel Cohen, Rahul Bhardwaj, Omri Green, John Remo, Larry Whiteside Jr., Oded Hareven, Kamal Congevaram Muralidharan, Christopher Cutajar, Nathan Shuchami, Itay Mesika, Harnit Singh, Mario Duarte, Vincenzo Iozzo, Artyom Poghosyan, Francis Odum, James J Azar, Adam Cheriki
and finally thanks our NHI Mgmt Group and Entro Security teams, that worked tirelessly over the last 3 months to plan the event, including all the logistics, marketing etc that resulted in massive interest within the industry, with approx. 300 folks registering for the event.
I shared insights on what to expect during the day and explained why this is the hardest risk you will probably tackle in your career, given the very weak controls around NHIs and that it impacts all your IT processes and teams.
I went on to cover "Why Now", due to Hyper Fragmentation, with Multi-Cloud, On-Prem, SaaS, Microservices, Containerisation, GenAI we have a huge Secrets Sprawl problem, NHIs are easy to discover, Breaches occurring on a regular basis. I also share that this is not just a external Cyber threat, but a huge Internal threat also.
Finally I asked the audience 3 questions
how many are very concerned about NHI risks?
how many know how to fully address NHI risks?
how many are actively pursuing a NHI program currently?
Watch the full video here of my opening remarks.
Panel: 2024 – 2025 NHI Stats that will Blow your Human Mind
Moderated by: Lalit Choda, Founder, Non-Human Identity Management Group
Panellists:
Daniel Cohen, Senior Vice President, Enterprise Security Architecture & Capabilities, Paramount
Itzik Alvas, CEO & Co-founder, Entro Security
Rahul Bhardwaj, Vice President – Cyber and Data Privacy, Head Information Security – Americas, EXL
Itay Mesika, CEO and Co-founder, Axiom
Lalit Choda introduces the session by highlighting the most comprehensive ground-breaking research report that he published in January 20205 "The Ultimate Guide To Non-Human Identities", where in one chapter there was a deep dive on major research and surveys conducted by the Non-Human Identity Mgmt Group and other organisations. Four mind blowing NHI were pulled out of this report and discussed by the panel :
Stat 1 - Secrets Sprawl - A staggering 12.8 million occurrences of secrets were detected on GitHub.com in 2023
Stat 2 - NHI Breaches - 66% of enterprises enduring a successful cyber attack from compromised NHUIs
Stat 3 - Addressing NHI Risks - 68% of respondents said they don't know how to fully address Non-Human Identity risks
Stat 4 - Mismanaged NHIs - 97% of NHIs have excessive privileges increasing unauthorised access and broadening the attack surface
Some great insights from the panel that brought home to the audience the huge exposure and challenges around managing and securing NHIs.
This is due to :- many NHIs being static in nature; huge secrets sprawl problem from hyper fragmentation; weak or non-existent lifestyle processes; easy discovery and compromise- excessive privileges; breaches seen on a regular basis including 3rd party supply chains.
You can view the full presentation here.
Best Practices for NHI Security: What do I Prioritize
Kamal Congevaram Muralidharan (Co-founder and Chief Technologist, Andromeda Security) delivered a talk on Best Practices for NHI Security, highlighting the importance of entitlements for non-human security.
He recommended the following NHI Security best practices:-
Use short-lived credentials whenever possible to reduce risk
Dynamically evaluate and right size entitlements to least privilege to minimize the attack surface
Use behavioural analysis to detect anomalies and identity compromises
The VC Perspective: Why We Decided to Invest in an NHI Company
Nathan Shuchami (Managing Partner, Hyperwise) shared fascinating insights on how a VC firm operates, how it evaluates companies to invest in and why they chose to invest in a NHI company.
In terms of 5 leading investment criteria :
The CEO
Organic sales skills from day zero
Solving real material and immediate problem
MVP in 8 months from seed funding
High barrier to entry, yet feasible solution
What they look for in Cybersecurity Founders
Deep Domain Expertise
Hands On Practitioner Experience
Vision and Adaptability
Ability to Execute
Market Validation and Seamless Adoption
Relentless Passion and Persistence
Defending Against Identity Breaches: A Comprehensive Taxonomy of Attacker TTPs and How to Stop Them
Vincenzo Iozzo (Founder & CEO, SlashID) shared amazing insights on attackers tactics, techniques and procedures (TTPs) and how you can stop them
79% of attacks today are malware free
31% of all breaches involve stolen credentials
+583% increase in kerberoasting attacks YoY
66% of AWS breaches are caused by leaked/stolen credentials
Vincenzo explained the anatomy of a breach
Phishing or Credential Lead -> Initial Compromise -> Credential Harvesting -> Data Exfiltration
and the root causes
Stateless tokens
Complex protocols
Broken permission models
Finally he spoke about how to defence against these attacks
Identity attacks don't target only NHIS -> need to cover human identities also
Posture, lifecycle management and PAM are not enough -> ITDR capabilities are key to reduce dwell time
IdP audit logs have partial visibility -> need a comprehensive view of your environment
MFA and FIDO are not enough - attackers get around both -> ITDR + device bound tokens
Over-permissioned and long-lived identities make lateral movement trivial -> migrate to JIT access
Fireside chat: Managing the full-lifecycle of Secrets & Non-Human Identities
Oded Hareven (CEO and Co-founder, Akeyless) and James J Azar (CISO at AP4 Group & Host of the CyberHub Podcast) highlighted how reducing secrets and leveraging #SPIFFE, #SPIRE, and #OIDC tokens helps shrink the attack surface.
Less secrets, more security!
One great discussion was around the different generations or maturity of NHI Management - Oded shared that with most clients at the moment the focus is protecting the credentials (secrets)
1st Gen - Static secrets are the core issue at most orgs and the initial focus is the need to get them secured e.g. in a secrets vault, to reduce discovery etc.
2nd Gen - Rotation tends to be the next generation or focus, however it isnot bring implemented as much as it should have been, even though regulators and auditors expect this to happen - why because it's very hard to rotate without potentially causing operational impact.
3rd Gen - moving on from rotation, and using Just-In-Time (JIT) credentials and temporary identities
The Human Journey to Managing NHIs: Lessons from a CISO on the Frontline
Mario Duarte (Chief Information Security Officer, Aembit & Former CISO of Snowflake) gave fascinating insights, having previously been CISO at Snowflake.
60% of CISOs in publicly traded companies state that IAM is a function owned by their team
65% of CISOs in privately held companies state that IAM is a function owned by their team
Human errors are the cause of the majority of major security breaches in the past 20 years - from weak passwords and poor credential management, phishing attacks, misconfigured system and security settings, unpatched software, unauthorised software and shadow IT
Human IAM solutions like MFA FIDO2, Zero Trust etc have created more secure access and made users lives better and more productive
Same goals required for Non-Human Identities - find solutions that improve the overall security posture; help everyone become more productive
What were the root causes from a huge breach : found issues/anomalies with software accessing the most sensitive systems (and there were a lot of them); monitoring and alerting wasn't good enough; Devs were left with a terrible experience managing secrets
By deploying Non-Human IAM you will achieve : proactive practices with automation; better developer experience, multiplier effect when integrating NHI IAM with existing security tools
Fireside chat: When AI Agents Manage NHI’s
Omri Green (Co-founder and GTM, Twine Security) hosted a fireside chat on the main stage with Yuval Malisov (Chief Information Security Officer, BHI), where we discussed the opportunities in #AgenticAI for the #cybersecurity industry for the financial sector and beyond.
With Deloitte's forecasts that 25% of enterprises will deploy AI agents by 2025, growing to 50% by 2027, the message is clear: adapt or fall behind.
For financial institutions, this means:
Building clear operational boundaries with AI
Balancing productivity gains against regulatory requirements
Implementing governance before deployment, not after
The next step in evolution is AI employees that mimic human problem-solving abilities.
For CISOs and cyber teams, this means:
Shifting entire workloads to AI systems
Finally taking the strategic view they've been too overburdened to achieve
Focusing on high-value decision making instead of routine operations
When thinking about Identity, AI employees are set to augment the teams with:
Handling day to day tasks, like Access Requests
Finding missing owners of Non Human Identities
Making sense of the complex entitlements, so humans can make informed decisions.
Are you developing your strategy around AI, and embrace the wave, or will you be playing catch-up when your competitors gain the advantage?
Panel: The Challenges and Opportunities of Securing NHIs in the Modern Enterprise
Moderated by: Larry Whiteside Jr., Co-founder and President Confide
Panellists:
Olivia Phillips, Business Information Security Officer, Amtrak
Harnit Singh, Founding Product Manager, P0 Security
Art Poghosyan, CEO & Co-Founder, Britive
Larry Whiteside Jr. hosted an entertaining discussion with Olivia Phillips , Artyom Poghosyan and Harnit Singh on the challenges and opportunities of securing NHIs in the modern enterprise.
Case Study: I Was Breached and Lived to Tell – How to Handle an NHI Attack
John Remo (CEO and Co-founder, Arbitium) spoke shared fascinating insights about a major breach, that left an organisation with unauthorised data access, extended breach duration and regulatory and legal consequences.
What Went wrong :
Inadequate Monitoring of NHIs
Lack of Secure credential management
Absence of Least Privilege
Insufficient Lifecyle Management
Why Non-Human Identity Management matters so much?
Expanding Attack Surface
Complexity of Access Controls
Automation and Scale
Regulatory Compliance
Reputation and Trust
Breach Implications
Cost of reimbursement for any damages / class action lawsuits
Crisis communication and public relations
Legal & Regulatory Compliance - inside and outside USA (more strict)
3rd Party Supply Chain Risks
Internal & External Customer / Stakeholder Trust
Why I Implemented a Solution: Lessons from a Security Engineer on the Frontlines
Christopher Cutajar (Principal Information Security Engineer, Elastic) shared lessons learned :
Get Leadership Onboard - need executive buy in
Finding Owners is Hard and very time consuming
Take a Data Driven Approach to get visibility
Automation Helps at Scaling
Create User Empathy e.g. through pilot groups
Work as a Team to help with this huge challenge that spans all IT groups/processes
NHI Analyst Review: Market Trends, Risks & Opportunities
Francis Odum (Founder Software Analyst Cybersecurity Research) shared key market trends :
Vendor Proliferation
Cloud NHIs & Microservices
Machine PKI & Certificates Mgmt
API Explosion
Compliance & Regulatory Drivers
Drinks & Networking
The most important part of the day









