STREAMING LIVE | JAN 28 | 9:30AM PST

NHIcon

Make Non-Human Identity Security Iconic

It’s time to move non-human identities from backstage to center stage. Join the innovators, practitioners, and leaders shaping the next era of identity security.

NHICon non-human identities
PRESENTED BY
Aembit logo
Veza logo
IN PARTNERSHIP WITH
idsa logo
CSA logo
PRESENTED BY
Aembit logo
Veza logo
IN PARTNERSHIP WITH
CSA logo
idsa logo
ABOUT NHICON

Overview

Non-human and machine  identities are essential to modern infrastructure – powering automation, connecting workloads, and driving critical processes through APIs and CI/CD pipelines. Yet their management remains outdated, lagging behind protections for human identities and exposing gaps in security, compliance, and operational efficiency.

The inaugural NHIcon on Jan. 28 will redefine how non-human identity security is addressed. Bringing together experts across disciplines, from technical practitioners to C-level leaders, the event will go beyond surface-level discussions to deliver actionable strategies and real-world insights. Free from vendor bias and fear-driven narratives, NHIcon will set the tone for how enterprises approach non-human identity security in 2025 and beyond.

You're IN GOOD COMPANY

Speakers

Keynotes

Talha Tariq

Talha Tariq

CISO, HashiCorp

Kevin Mandia

Kevin Mandia

Co-Founder, Ballistic Ventures
Founder, Mandiant

Heather Flanagan

Executive Director and Principal Editor, IDPro
Principal, Spherical Cow Consulting

Sessions

Coleen Coolidge

CISO Adviser
Former CISO, Twilio

Ed Amoroso avatar

Ed Amoroso

CEO, TAG Cyber LLC

Crystal Morin of Sysdig

Crystal Morin

Cybersecurity Strategist, Sysdig

John Johnson

Founder and CISO, Aligned Security
Former Global Security Architect, John Deere

Christopher Elliot

Christopher Elliot

Director, Corporate Security and Security Operations, SoFi

Stephen Washington Jr of Discovery

Stephen Washington Jr

Head of Identity and Access Management, Discover Financial Services

Rich Dandliker of Veza

Rich Dandliker

Chief Strategy Officer, Veza

Emanuela Zaccone

Emanuela Zaccone

AI for Cybersecurity Staff Product Manager, Sysdig

David Goldschlag of Aembit

David Goldschlag​

CEO & Co-Founder, Aembit

Mario Duarte of Aembit

Mario Duarte​

Former CISO, Snowflake
CISO, Aembit

Victor Ronin of Aembit

Victor Ronin

Head of Software Architecture, Aembit

Andrew McCormick

Andrew McCormick

Former Principal Security Engineer, Starbucks
Principal Solutions Architect, Aembit

Non-Human Identity Conversations That Matter

Confirmed Talks

Panel

A CISO’s Guide to Implementing NHI Projects

Threat Research

Uncovering the Impact of Non-Human Identity Breaches 

Analyst Session

Parallels Between Human and Non-Human Identity Security

Engineering Session

From Harcoded to Hardened: 7 Stages of Secure Workload Access Maturation

Non-Human Identity Conversations That Matter

Agenda

TIME
TOPIC
SPEAKERS
9:30 a.m. PST
Welcome

Welcome Address

Welcome to NHIcon! David will set the stage for a day of exploring the importance of non-human identity security and how it’s essential to protect the workloads that power modern infrastructure and drive enterprise innovation.

David Goldschlag of Aembit
David Goldschlag

Co-Founder & CEO, Aembit

9:35 a.m. PST
Opening Keynote

Zero Trust for Non-Human Identities: A Cloud-First Approach

Cloud-first environments bring speed and scalability – but they also amplify the risks associated with non-human identities like service accounts, API keys, and workloads. In this keynote, Talha Tariq will demonstrate how applying zero-trust principles can address these challenges head-on. Drawing from HashiCorp’s security strategy, he’ll reveal practical approaches to automating secrets management, implementing just-in-time access, and curbing credential sprawl. Attendees will gain a clear roadmap to strengthen their security posture while maintaining the agility needed for modern innovation.

Talha Tariq
Talha Tariq

VP and Chief Security Officer, HashiCorp

10:00 a.m. PST
Feature Keynote

The Emerging Threats of 2025: AI, Non-Human Identity, and Beyond

Drawing on decades of frontline experience and expertise in threat intelligence and incident response, Kevin Mandia will spotlight the trends and challenges destined to shape cybersecurity in 2025. As automation, modern software practices, and complex cloud environments accelerate, he’ll zero in on two emerging threats: safeguarding AI-driven technologies and managing the escalating risks tied to non-human identities – machine identities, service accounts, and workload credentials increasingly implicated in breaches.

Kevin Mandia
Kevin Mandia

Co-Founder, Ballistic Ventures and Founder, Mandiant

10:25 a.m. PST
Spotlight Keynote

Enhancing Identity Standards for Non-Human Identities in Modern Systems

Non-human identities (NHIs) – from APIs to workloads and batch jobs – are essential to modern enterprises, yet they do not map well to traditional identity models. Directories and joiner-mover-leaver workflows were never designed for ephemeral, dynamic NHIs, leaving a gap in both scalability and security. In this session, we’ll explore why NHIs don’t fit neatly into existing standards and how enhancing frameworks like SPIFFE and WIMSE, as well as new credential standards like SPICE, is crucial for managing their unique demands. We’re going to talk about the risks of token sprawl, the need for dynamic provisioning, and strategies to unify IAM, DevOps, and security teams around NHI challenges.

Heather Flanagan IDPro
Heather Flanagan

Executive Director and Principal Editor, IDPro

10:50 a.m. PST
Technical Session

From Hardcoded to Hardened: The 7 Stages of Non-Human Identity Maturity

While user identity and access are well-established, securing non-human identities – essential for protecting workload connections – is still catching up. This session will break down the seven stages of non-human identity maturity. With real code examples and case studies, this talk is for DevOps and security engineers looking to strengthen their defenses as non-human identities rapidly increase.

Victor Ronin avatar
Victor Ronin

Head of Software Architecture, Aembit

11:15 a.m. PST
Practitioner Session

Why Enterprises are Avoiding Siloed Solutions in Non-Human Identity Security

Many organizations are finally coming to terms with the tremendous risks that non-human identities pose and are actively looking for solutions. A wave of new “NHI-only” entrants are marketing point solutions. However, strategic organizations have realized that many aspects of NHIs overlap with their human identity security programs and that only a unified approach will truly address the four key NHI issues: discovery, ownership, governance, and lifecycle management. We’ll explore these four issues in depth and learn why the NHI and human identity security problems are so intertwined.

Rich Dandliker of Veza
Rich Dandliker

Chief Strategy Officer, Veza

Stephen Washington Jr of Discovery
Stephen Washington Jr.

Head of IAM, Discover Financial Services

11:40 a.m. PST
Analyst Session

Securing Non-Human Identity: A Personal Journey

Learn what enterprise CISOs are prioritizing (and what they aren’t) with their identity access infrastructure.

Ed Amoroso avatar
Edward Amoroso

CEO, TAG Infosphere

12:05 p.m. PST
Panel

CISOs' Perspectives on the Business Risk of NHIs

Top security leaders from across industries will discuss the emerging risks associated with non-human identities, including the exposure of credentials and secrets. The conversation will focus on how CISOs can bring NHIs into risk management and compliance frameworks, prioritize them alongside human identities, assign ownership within the business, and address the strategic gaps that can leave organizations vulnerable.

Mario Duarte of Aembit
Mario Duarte

CISO, Aembit

Coleen CISO Twilio
Coleen Coolidge

CISO Adviser
Former CISO, Twilio

John Johnson

Founder and CISO, Aligned Security
Former Global Security Architect, John Deere

Christopher Elliot
Christopher Elliot

Director, Corporate Security and Security Operations, SoFi

12:35 p.m. PST
Research Session

LLMjacking Exposed: How Attackers Hijack AI Models

AI misuse ranks high on cybersecurity forecasts for 2025, and for good reason. This session explores LLMjacking, a newly identified threat by the Sysdig Threat Research Team, showcasing how attackers exploit large language models to bolster their malicious activities. After we discuss the details of this real-world threat, attendees will witness a live demonstration of prompt injection, where an LLM is manipulated into executing malicious code.

Crystal Morin of Sysdig
Crystal Morin

Cybersecurity Strategist, Sysdig

Emanuela Zaccone
Emanuela Zaccone

AI for Cybersecurity Staff Product Manager, Sysdig

1:00 p.m. PST
Hackers & Threats Session

Decoding the OWASP Non-Human Identities Top 10 List

The first-ever OWASP NHI Top 10 delivers a helpful roadmap for understanding non-human identity risks – but what does it mean in practice? Join Andrew McCormick, principal solutions architect at Aembit and former Starbucks principal engineer, for a guided tour through the list. In this session, Andrew will translate the risks into actionable advice for developers, DevOps engineers and security architects. Expect a clear breakdown of noted threats like secrets leakage and overprivileged NHIs, along with practical examples from the frontlines. Whether you’re building CI/CD pipelines, integrating cloud services, or managing API keys, this talk will equip you with the strategies to turn potential NHI security gaps into a strength.

Andrew McCormick
Andrew McCormick
Former Principal Security Engineer, Starbucks
Principal Solutions Architect, Aembit
1:25 p.m. PST
Closing Remarks

Advancing Non-Human Identity Security Together

Hear from NHIcon presenters Aembit, Cloud Security Alliance, and Identity Defined Security Alliance to learn what their organizations are doing to support the security community through innovation, education, and collective action.

Aembit logo
idsa logo
CSA logo
JOIN THE CONVERSATION

Register

Don’t miss security’s next big thing.

@2025, All Rights Reserved

NHICon by Aembit