Name: A Human’s Guide to Non-Human Identities: What You Need to Know Now
Start: 2025-06-12T17:00:00Z
End: 2025-06-12T17:00:44.000Z
Location: BrightTALK
Rating: 3.4

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (C|HFI) and EC-Council Certified Security Analyst (E|CSA)/License Penetration Tester (L|PT) programs, and various others offered in over 60 countries around the globe.

The number of non-human identities (NHIs) is growing 2.5x every year, and the ratio of NHIs to human identities is now 45:1. This explosion – now accelerating as organizations adopt agentic AI workloads – has created a massive, unprotected attack surface. While we rigorously secure human access with multifactor authentication (MFA), the workloads, services, APIs, and AI agents they build are often left vulnerable, secured only by static, easily stolen credentials. Breaches at companies like Snowflake and Microsoft have shown that attackers are actively targeting this weakness.

Join us for a timely session on why applying MFA principles to your non-human workloads – including agentic AI – is the essential next step in your security strategy. We'll move beyond theory and break down how to implement strong, automated authentication for machines and AI-driven agents, without slowing your developers down.

Expect tactical takeaways on:
- Why "Something You Know" is the weakest link for both human and machine identities and how to fix it.
- How to apply the principles of MFA to workloads in diverse environments, including Cloud, On-Prem, Serverless, SaaS – and AI agents.
 - Real-world examples of how stolen non-human credentials led to significant breaches.
 - Actionable methods for implementing MFA for machines using factors like cryptographically verifiable identity documents, hardware fingerprints, and posture assessments.
 - How to move past risky, long-lived secrets to a modern approach using short-lived, just-in-time tokens without manual intervention.

Whether you're in DevOps, DevSecOps, or Identity and Access Management, this session will give you a practical framework for securing the massive landscape of non-human and AI workloads – without sacrificing velocity.

MFA For Machines: The next evolution in non-human & agentic AI identity security

In today’s relentless threat landscape, staying sharp isn’t optional; it’s mission-critical. Whether you're leading security strategy or working on the front lines, real-world expertise is what sets exceptional cybersecurity professionals apart.

But traditional training platforms often miss the mark, focusing on theory over application, and certifications over capability.

Join us for an exclusive walkthrough of a hands-on training ecosystem built by cybersecurity experts, for cybersecurity experts. From red team to blue team, from forensics to threat hunting, this platform delivers the immersive, job-ready experience your team actually needs.
 
In this session, you’ll learn:

Why most cybersecurity training fails to reflect the complexity of real-world attacks, and how to fix it.
A unified platform for offensive, defensive, and investigative skill-building- no patchwork of tools or courses required.
How thousands of SOC analysts, engineers, and CISOs are using this environment to sharpen their edge and accelerate team readiness
Whether you're preparing for the next cert, building a stronger team, or just refusing to plateau — this is the training platform you haven’t seen… but should.

The Cybersecurity Training Platform Serious Professionals Are Switching To

Organizations are facing mounting pressure to modernize security programs - from escalating threats and compliance mandates to operational costs and analyst burnout.

This session explores how a unified security platforms approach transforms operations by addressing these complex challenges through integrated workflows, shared context, and intelligent automation. Learn how a platform strategy brings value beyond simple tool consolidation by informing business decision-making with risk-aware intelligence, streamlining reporting, driving down total cost of ownership, and improving analyst experience through intuitive interfaces and an integrated AI mesh. Say goodbye to blind spots, and hello to end-to-end visibility.

Securing the Future: Navigating Cyber Risk and Technology Consolidation

In today’s cybersecurity arena, the stakes are higher than ever - and while the old adage says “offense wins games, but defense wins championships,” the truth is, successful cybersecurity teams need both. For CISOs, mastering the balance between a strong defense and an agile offense is key to staying ahead of evolving threats. Your offensive playbook must actively enable secure data sharing, foster collaboration, and drive business growth. 

Join us for a conversation with Virtru SVPs Dana Morris and Matt Howard as they break down how CISOs can strike a better balance between defensive data protection and proactive data sharing that puts points on the board. This engaging discussion will reveal how modern organizations are supplementing defensive tactics with proactive, offensive plays to secure sensitive data while unleashing its full potential.

Key takeaways include:

Why offense is often overlooked: How governing shared data can fuel innovation and business value, all while keeping it protected.

Defense that goes beyond the perimeter: Protecting data no matter where it travels, inside or outside your organization.

Building a winning strategy: Leveraging the latest advancements in zero trust and cloud security to stay ahead of evolving threats.

Real-world victories:  See how Virtru helps organizations balance both sides of the security equation.

Whether you're looking to reinforce your defense or take your offense to the next level, this webinar will equip CISOs and cybersecurity practitioners with the insights needed to build a security strategy that not only protects but also powers your organization’s success in today’s high-stakes digital game.

Offense vs. Defense: Mastering the Playbook for Data-Centric Security

AI (or what marketers call AI) is here to stay (unless it re-writes itself – sorry, AI humor). So, what do we do about it? We will look at AI from various perspectives including a Presidential Executive Order, a report from the UK government regarding cybersecurity of AI to the perspective of individual organizations (and much in between). We will delve into risks to AI and risks from AI and what that might lead to (including the end of humanity?). And finally, we will drift over to frameworks that we can leverage to assist us in managing the risk as we see it. And, yes, there might be some humor thrown in regarding Apple delaying the roll-out of their AI solution in Europe because according to Apple, “the European Digital Markets Act (DMA) could force us to compromise the integrity of our products in ways that risk user privacy and data security." (this comes from The Register – must be true).

AI Risk – Real or FUD and what you can do about it?

Every day, thousands of organizations are unknowingly exposing themselves to more insider threats due to inadequate security awareness models. This is often because the training is not engaging, and tests are designed to trick rather than educate users. On top of that, there are often harsh consequences for those who engage with cyber threats. This type of environment only serves to breed threats instead of mitigate them.

 

In this speech, Joshua Crumbaugh, founder and CEO of PhishFirewall, will discuss why traditional punitive security awareness approaches are counter-productive and how organizations can leverage AI tools to emphasize positive reinforcement techniques. He will explain how data analysis and behavior analytics can be leveraged to detect anomalies and create an engaging and supportive environment that encourages users to understand the importance of security. Crumbaugh will also explore how organizations can use this approach to reduce the risk of insider threats and create a more secure environment.

 

By the end of this speech, attendees will understand the danger of ineffective cyber security that relies on punitive measures and unengaging training models, and how it leads to an uncaring attitude towards the organization's cyber defenses. They will also have the knowledge on how to build effective training programs that engage users and provide holistic behavior analytics built around actually reducing organizational breach risks.

Creating Your Own Insider Threat: You are Your Own Worst Enemy

Come join Joshua Crumbaugh, CEO of PhishFirewall and renowned 15+ year ethical hacker, as he leads a discussion on the future of social engineering in 2023. Along with esteemed guests from the cybersecurity industry, Joshua will discuss the latest trends, tools, and techniques that hackers are using to exploit digital vulnerabilities. You won't want to miss this chance to get an inside look into the world of social engineering and what you can do to protect yourself

Exploring the Future of Social Engineering: A Panel Discussion

Fast-moving cyberattacks can strike at any time, and security teams are often unable to react quickly enough. Join to learn how Autonomous Response takes targeted action to stop in-progress attacks without disrupting your business. The discussion includes real-world threat finds.

Fast and Furious Attacks: Using AI to Surgically-Respond

Group Policy can provide massive security value if used correctly — and if used incorrectly, it can expose your Windows environment to cyberattacks.

To tap into this built-in tool’s security potential, IT pros of all experience levels must learn to tame the Group Policy beast. Know which GPO settings can put your organization at risk, and how to tune your environment to maximize your visibility.

Join Brien Posey, a 20-time Microsoft MVP and IT expert, and Blumira’s Erica Mixon, Content Manager, for tips and tricks to harden your environment with Group Policy. They’ll discuss:

Tangible takeaways and things you’ll be able to do right away in Group Policy to make a difference
Why improperly configured event log sizes can lead to aggregation issues
How to enable SMB signing to reduce your attack surface
Free tools like Logmira to eliminate the manual work of Group Policy
This interactive, conversational-style session encourages questions and engagement with viewers – so sign up today for access to our security experts.

Group Policy Gotchas: GPO Settings That Expose Your Environment

As phishing and social engineering attacks become more advanced, and therefore costly, insurance companies are becoming more and more hesitant to issue Cyber Liability Insurance policies. With insurers under harsh scrutiny from underwriters, enterprises in all industries are experiencing premiums at an all-time high–with even Fortune 1000 companies experiencing difficulties even acquiring a policy. During this panel discussion, you will learn everything you need to know about how leading cyber security professionals are not only combating these advanced social engineering and phishing attacks, but also how they are using behavioral psychology and artificial intelligence to educate different industries on how to properly secure cyber liability insurance policies by implementing the most advanced preventative measures to not only fight back against cyber criminals–but also check every box, gaining much needed confidence from Cyber Liability insurers.

Cyber Liability Insurance - How social engineering ruins everything

The internet of things, along with the evolving workplace allow people and systems to communicate with each other in a seamless way to increase productivity and streamline many business functions. The benefits come at the price of an increasing rate of cyber-attacks across the globe. Cyber criminals are increasingly finding ways to penetrate modern work environments through devices and common modern work practices – a problem exacerbated by increasing work-from-home employment. Every one of us have become the first line of defense for our organizations and have the power to make a difference. Daniel and Kevin bring with them over 15 years of experience in law enforcement and IoT security. They will be discussing common security pitfalls and ways that you can better protect yourself and your organization from cyberattacks.

The lurking dangers of IoT devices on the new modern-day workplace

Unfortunately, ransomware is here to stay. Ransomware attacks are becoming more profitable, and ransomware-as-a-service operations continue to lower the barriers of entry for more cybercriminals to launch attacks.    Major attacks in 2021 like Colonial Pipeline and JBS Foods have put ransomware in the spotlight, but it’s not enough to simply be aware of ransomware. Security and IT professionals need to take action and be ahead of the curve to prevent ransomware.   Matt Warner, CTO and co-founder of Blumira, a threat detection and response provider, will discuss what security teams should arm themselves with to win the battle against ransomware. He’ll cover:   An overview of the current ransomware threat landscape  Security tools and methods to have in your arsenal to detect signs of ransomware  Suspicious activity to look for in each step of the ransomware kill chain   How leaning into IT security fundamentals can prevent ransomware outbreaks

How To Stay Ahead Of The Curve In The Ransomware Crisis

As you continue down the path of VM maturity, you will undoubtedly find that manual VM workflows are bottlenecks preventing your program from scaling and moving quickly enough to meet your objectives. You might even consider building your own VM platform internally to automate some of these bottlenecks. Let us stop you right there.

We’ve seen it a million times. Proprietary in-house software, or homegrown vulnerability management solutions, tend to be clunky and immature, consisting of little more than a database and primitive user interface. They’re often difficult, time-consuming, and expensive to maintain, while seldom meeting the needs of the organization or scaling sufficiently to meet increasing demand. What starts as an attempt to ease bottlenecks and control expense, almost always spirals into a bigger headache and larger spending-vehicle than imagined.

How do we know? Because we’ve built them. In this talk, Nucleus co-founders Scott Kuffer and Steve Carter will explore the pitfalls on the path to VM maturity, with insights into why DIY is seldom the best course of action, and how we’ve seen the tactic go horribly wrong

Build vs Buy: Pitfalls on the Path to Vulnerability Management Maturity

Working remotely has become the new normal. This, and many other changes organizations adopted last year in response to the pandemic are likely to stay for the long term. According to Gallup, about two-thirds of U.S. remote workers want to continue to work remotely. So, how can organizations continue to support their growing distributed workforce at a time where reports of security threats have increased by 400% compared to pre-pandemic levels? 

Here is where the zero-trust approach to security comes into play. 

Join this month's episode of The (Security) Balancing Act with Diana Kelley and guests as they discuss the emergence of zero trust (“Trust Nothing, Verify Everything”) and what it helps achieve for enterprises in the age of cloud and remote work.

Viewers will learn about:
- The evolution of the security perimeter and the shift to zero trust
- Why zero trust is an approach and not a product
- Zero Trust Network Access (ZTA) vs. corporate VPN
- Real-world stories and practical hands-on guidance from people who have deployed a ZTA

Speakers:
- Mari Galloway, CEO, Women's Society of Cyberjutsu
- Jonathan Nguyen Duy, Vice President, Global Field CISO Team, Fortinet
- Bob Rudis, Chief Data Scientist, Rapid7

This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.

Zero Trust for the New Normal

In this rare EC-Council event, you’ll learn how to properly select, prepare & plate an amazing rack of lamb and sides, while engaging your intellectual security side with Eclypsium.

Modern organizations are in the midst of a transformation at the device level, and these changes are having profound impacts to security. No longer defined simply by corporate laptops and servers, enterprises must navigate the risk of a constantly evolving landscape targeting networking equipment, connected devices, personal-use employee devices, medical devices, as well as devices in remote work environments. Many of these devices simply can’t be managed using traditional security tools, with recent studies estimating that up to 90% of enterprise devices can’t support a traditional security agent.

In this EC-Council webinar, Scott Scheferman, Principal Cyber Strategist at Eclypsium, will discuss modern attack dynamics and unique insights associated with these devices, along with the challenge of protecting the converged and connected enterprise. He’ll outline a strategy for extending visibility and security to network appliances and unmanaged devices. Scott’s presentation will be followed by conversation and a cooking demonstration by Chef Michael Leto. Register in advance to receive a list of ingredients you will need to cook along with the chef.

Cook Your Dinner, Don’t Cook Your Devices

Phishing and ransomware attacks continue to rise, according to Proofpoint’s State of the Phish report for 2020. Organizations in the U.S. are at risk, the increase in remote work due to the pandemic has fueled a spike in attacks, and phishing attempts are up by 14 percent compared to the previous year. 

Email continues to be the number 1 delivery vehicle, but other social engineering schemes that rely on social media, voicemail (“vishing"), SMS phishing (“smishing”), and malicious USB drops are also of concern for organizations. Ransom demands are also on the rise, but according to the report, paying the ransom is not guaranteed to work as many companies that paid the ransom failed to receive a decryption key. 

Join this month's episode of The (Security) Balancing Act as Diana Kelley and guests discuss why ransomware is surging again, which sectors are most at risk, the threat to enterprises and how it is being used for more than just ransom (ex: distractionware, destructionware, etc).
- The rise in ransomware under the cloak of the pandemic 
- Why email continues to be the channel of choice 
- The difference between fully automated and human-operated campaigns
- How to decide whether or not to pay or not to pay the ransom
- Why your backups may not be immune to ransomware
- Addressing the threat with best practices

Speakers
-  Nicole Hoffman, Intelligence Analyst, GroupSense 
-  Courtney Radke, CISO for National Retail, Fortinet 
-  Patrick Lee, Senior Incident Response Consultant, Rapid7

This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.

Ransomware in the Remote Work Era

According to a recent Microsoft report, 83% of all businesses have experienced a firmware attack in the past two years. Firmware and hardware issues have become one of the most active areas of enterprise security, as organizations struggle to cope with attacks such as the recent Accellion FTA device extortion campaign. Unfortunately, most organizations lack visibility into this critical attack surface. In fact, today the TrickBot malware group has more insight into which devices are vulnerable to UEFI attacks than most security teams.

In this webinar you'll learn:

How the cyber threat landscape is evolving as threat actors converge

Why APTs and criminal attackers are increasingly targeting firmware

How attackers are gaining visibility into the firmware in your devices

What you can do to get ahead of the next round of attacks

Abstract: As non-human identities (NHIs) surge past human identities in modern enterprises, the stakes for securing these connections have never been higher. From API to agentic AI, software workloads power critical systems – but they also create new exposure surfaces for malicious hackers and accidental insiders. In this webinar, we’ll unpack the forces behind this boom and share practical strategies for overcoming legacy practices and securing NHIs, while removing friction across your dev and DevOps teams. Join Apurva Davé, CMO at Aembit, to learn how modern enterprises are reducing secrets sprawl, eliminating the weak links that attackers love, and making builders happier.


Expect to cover:

How non-human identities are reshaping identity management.

Real-world examples of credential loss and lessons learned

Practical steps to secure workloads while enabling builders.

How to modernize your IAM strategy for long-term resilience and innovation.

A Human’s Guide to Non-Human Identities: What You Need to Know Now

CICD

Cloud Security

Secrets Management

Workload Access Management

Non Human Identity Management

Cyber Security

DevOps

DevSecOps

Welcome to the mobile computing community on BrightTALK! With the consumerization of IT and the widespread adoption of mobile devices across the globe, mobile computing has become an important part of many people's lives in a culture of bring your own device (BYOD). With mobile devices doubling as work phones and more employees working from home, businesses need to provide secure access to data and work applications from anywhere at any time. Join this growing community and hear from industry thought leaders in webinars and videos as they share their insight on mobile computing research and trends.

Mobile Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

A Human’s Guide to Non-Human Identities: What You Need to Know Now

Presented by

About this talk

EC-Council | Security Channel