STREAMING LIVE | JAN 28 | 9:30AM PST
It’s time to move non-human identities from backstage to center stage. Join the innovators, practitioners, and leaders shaping the next era of identity security.
Where identity security today meets tomorrow
Join the world’s top cybersecurity minds at NHIcon 2024. Explore cutting-edge innovations, tackle live cyber challenges, and connect with experts shaping the future of digital defense. Stay ahead—secure tomorrow, today.
Non-human and machine identities are essential to modern infrastructure – powering automation, connecting workloads, and driving critical processes through APIs and CI/CD pipelines. Yet their management remains outdated, lagging behind protections for human identities and exposing gaps in security, compliance, and operational efficiency.
The inaugural NHIcon on Jan. 28 will redefine how non-human identity security is addressed. Bringing together experts across disciplines, from technical practitioners to C-level leaders, the event will go beyond surface-level discussions to deliver actionable strategies and real-world insights. Free from vendor bias and fear-driven narratives, NHIcon will set the tone for how enterprises approach non-human identity security in 2025 and beyond.
Welcome to NHIcon! David will set the stage for a day of exploring the importance of non-human identity security and how it’s essential to protect the workloads that power modern infrastructure and drive enterprise innovation.
Co-Founder & CEO, Aembit
Cloud-first environments bring speed and scalability – but they also amplify the risks associated with non-human identities like service accounts, API keys, and workloads. In this keynote, Talha Tariq will demonstrate how applying zero-trust principles can address these challenges head-on. Drawing from HashiCorp’s security strategy, he’ll reveal practical approaches to automating secrets management, implementing just-in-time access, and curbing credential sprawl. Attendees will gain a clear roadmap to strengthen their security posture while maintaining the agility needed for modern innovation.
VP and Chief Security Officer, HashiCorp
Drawing on decades of frontline experience and expertise in threat intelligence and incident response, Kevin Mandia will spotlight the trends and challenges destined to shape cybersecurity in 2025. As automation, modern software practices, and complex cloud environments accelerate, he’ll zero in on two emerging threats: safeguarding AI-driven technologies and managing the escalating risks tied to non-human identities – machine identities, service accounts, and workload credentials increasingly implicated in breaches.
Co-Founder, Ballistic Ventures and Founder, Mandiant
Learn what enterprise CISOs are prioritizing (and what they aren’t) with their identity access infrastructure.
CEO, TAG Infosphere
While user identity and access are well-established, securing non-human identities – essential for protecting workload connections – is still catching up. This session will break down the seven stages of non-human identity maturity. With real code examples and case studies, this talk is for DevOps and security engineers looking to strengthen their defenses as non-human identities rapidly increase.
Head of Software Architecture, Aembit
Many organizations are finally coming to terms with the tremendous risks that non-human identities pose and are actively looking for solutions. A wave of new “NHI-only” entrants are marketing point solutions. However, strategic organizations have realized that many aspects of NHIs overlap with their human identity security programs and that only a unified approach will truly address the four key NHI issues: discovery, ownership, governance, and lifecycle management. We’ll explore these four issues in depth and learn why the NHI and human identity security problems are so intertwined.
Chief Strategy Officer, Veza
Head of IAM, Discover Financial Services
Non-human identities (NHIs) – from APIs to workloads and batch jobs – are essential to modern enterprises, yet they do not map well to traditional identity models. Directories and joiner-mover-leaver workflows were never designed for ephemeral, dynamic NHIs, leaving a gap in both scalability and security. In this session, we’ll explore why NHIs don’t fit neatly into existing standards and how enhancing frameworks like SPIFFE and WIMSE, as well as new credential standards like SPICE, is crucial for managing their unique demands. We’re going to talk about the risks of token sprawl, the need for dynamic provisioning, and strategies to unify IAM, DevOps, and security teams around NHI challenges.
Executive Director and Principal Editor, IDPro
Top security leaders from across industries will discuss the emerging risks associated with non-human identities, including the exposure of credentials and secrets. The conversation will focus on how CISOs can bring NHIs into risk management and compliance frameworks, prioritize them alongside human identities, assign ownership within the business, and address the strategic gaps that can leave organizations vulnerable.
CISO, Aembit
CISO Adviser, and Former CISO, Twilio
Founder and CISO, Aligned Security
Former Global Security Architect, John Deere
Director, Corporate Security and Security Operations, SoFi
AI misuse ranks high on cybersecurity forecasts for 2025, and for good reason. This session explores LLMjacking, a newly identified threat by the Sysdig Threat Research Team, showcasing how attackers exploit large language models to bolster their malicious activities. After we discuss the details of this real-world threat, attendees will witness a live demonstration of prompt injection, where an LLM is manipulated into executing malicious code.
Cybersecurity Strategist, Sysdig
Hear from NHIcon presenters Aembit, Cloud Security Alliance, and Identity Defined Security Alliance to learn what their organizations are doing to support the security community through innovation, education, and collective action.
Aembit is the non-human identity and access management platform that secures access between workloads across clouds, SaaS, and data centers. With Aembit’s identity control plane, DevSecOps can fully automate secretless, policy-based, and zero trust workload access with MFA-strength capabilities.
Veza is the identity security company. Identity and security teams use Veza to secure identity access across SaaS apps, on-prem apps, data systems, and cloud infrastructure. Veza solves the blind spots of traditional identity tools with its unique ability to ingest and organize permissions metadata in the Veza Access Graph. Global enterprises like Wynn Resorts, and Expedia trust Veza to visualize access permissions, monitor permissions activity, automate access reviews, and remediate privilege violations.
The Identity Defined Security Alliance (IDSA) is a group of identity and security vendors, solution providers and practitioners that acts as an independent source of thought leadership, expertise and practical guidance on identity-centric approaches to security for technology professionals. The IDSA is a nonprofit that facilitates community collaboration to help organizations reduce risk by providing education, best practices and resources.
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products.
Aembit is the non-human identity and access management platform that secures access between workloads across clouds, SaaS, and data centers. With Aembit’s identity control plane, DevSecOps can fully automate secretless, policy-based, and zero trust workload access with MFA-strength capabilities.
Aembit is the non-human identity and access management platform that secures access between workloads across clouds, SaaS, and data centers. With Aembit’s identity control plane, DevSecOps can fully automate secretless, policy-based, and zero trust workload access with MFA-strength capabilities.
Don’t miss security’s next big thing.
Just as passwords have seen better days, secrets are quickly proving to be a major vulnerability.