TBW ADVISORS LLC

Category: Research

  • Conference Whispers: HR Tech 2025

    Conference Whispers: HR Tech 2025

    Las Vegas, NV September 16- September 18

    Published to clients: September 22, 2025                  ID: TBW2097

    Published to readers: September 23, 2025            

    Published to Email Whispers: September 24, 2025

    Public with video edition: September 24, 2025

    Analyst(s): Dr. Doreen Galli

    Photojournalist(s): D. Doreen Galli At HRTECH 2025, more than 10,000 attendees gathered in Las Vegas to explore the technologies shaping the full employee lifecycle—from recruiting and benefits to human capital management. With 433 exhibitors, including ninety-four startups, the expo floor was the largest in the event’s history. Our team captured over 120 minutes of footage across forty-nine videos and three livestreams, documenting not just the tech but the tone of the conversations. While generative AI continues to blur lines with legacy automation, the real story lies in how HR leaders are rethinking org design, talent matching, and employee care.

    The Conference

    • A community of 10,000 gathered for HRTECH2025. The event featured 433 exhibitors including ninety-four startups.
    • HR Tech featured technologies a human resource professional and department would need through the entire employee relationship lifecycle.

    Cautions

    • The conflation of AI for artificial intelligence that has been around for decades and the newer generative AI that can hallucinate continues in prevalence.
    • Friendly reminder: this research provides examples of what was shared with us at the event, not an evaluation, validation, or recommendation of the given technology.

    Conference Vibe

    After 49 videos and over 120 minutes of video including three livestreams and over forty-five fact checks, our coverage of HR Tech 2025 closes. HR TECH 2025 gathered 10,000 human resource technology enthusiasts from around the world including USA, Canada, UK, Sweden, Germany, Japan, China, India, Australia, and UAE. Expo Hall was just shy of 100,000 square feet and displayed 433 exhibiters including ninety-four startups surpassing all year’s prior! Registration had no lines whatsoever. We were able to capture the breakfast on Wednesday.

    We once again live streamed from on site. On Tuesday requesting those attending to find me to answer Questions 1-3, Wednesday to let you know about upcoming events we have scheduled and to introduce all to TBW Advisors LLC, as well as Thursday from Expo hall itself requesting assistance. Specifically, I requested assistance on your favorite videos for my segment on the September 20th broadcast edition of Computer Talk Radio.

    While at HRTECH 2025, we conducted research for three additional forthcoming Whisper Reports for our clients. The playlists are unlisted but available and will eventually fill in with the video version of the report so you may wish to bookmark these playlists.

    1. Whisper Report: What’s the biggest AI risk in HR no one talks about?
    2. Whisper Report: How should CTOs rethink org design with GenAI?
    3. Whisper Report: What HR tech trend will disrupt engineering hiring next?

    Readers and viewers wishing to experience the entire event are encouraged to view the Conference Whispers: HRTECH 2025 Playlist in its entirety. Once the video edition is available, the playlist will be sited as a pinned comment on the video edition. It is also easy to locate any previous Conference Whispers playlists through TBW Advisors LLC corporate website.

    Recruiting

    One of the more fascinating aspects of HRTECH 2025 was to see how recruiting may be expanding or dare I say, finally improving past trying to box engineers into keyword searches, Booleans, and over filtering. Endorsed AI is an agentic solution that understands, for example, all the nuances and behaviors software engineers are involved in providing a fuller picture to match talent over traditional systems. Understanding that interviews do not accurately represent how one will perform as an employee, FitFirst allows organizations to identify the talent they want. Gem is an AI first recruiting platform focused on finding you your next gem of an employee. HeyMilo focuses on recruiting at scale even providing adaptive interviewing capabilities.

    If you need is strictly on technology to parse resumes, RChilli specializes in exactly that! However, if you want to find tech beyond ATS (applicant tracking systems) perhaps with a side of Employee of Record tech (EOR) – olamee can handle even mid-size organizations.

    Benefits & Employee Care

    An important aspect of recruiting and maintain employees is that of benefits. As such, it is no surprise to find technologies in the benefits space. If managing benefits on a global scale has got you overwhelmed, Benifex specializes in global benefits for 120 countries. Seeking a modern benefits platform leveraging AI from the ground up vs bolt on legacy solutions? Aptia would be one to add to your evaluation list. If, in caring for your employees, you simply want a direct answer to the question, “How are you doing?” Lollipop was on site sharing their solution. If you are seeking analytics in general over everything about your employees, One Model was on site.

    If you are attempting to make training interesting in your organization, Atensi has a gamification solution ready for you to evaluate. If your challenge is more about the acquire, deploy, cultivate/train and redeploy life cycle of employees, Eightfold AI may be on your radar. However, if your employees are demanding payroll in a stable coin crypto current – Pebl has a solution already worked out for you to deploy quickly.

    HCM Human Capital Management

    If your business employes front line workers, Fountain has a front-line worker operating system design to give you speed across the entire process. If you are in the SMB space, BambooHR is designed to empower your HR teams. Perhaps your HR team is exceptionally lean and you need technology so you can still get the job done? HireRoad was designed with you in mind. An enterprise HCM solution that also provides an Employee Gateway Management Systems, Darwinbox believes their solution will make all the difference. If you are seeking an HCM solution with a side of services, Paychex was in expo hall for you.

    Next Year’s Conference  

    HRTECH 2026 will once again return to Las Vegas and will be held at Mandalay Bay Convention Center on October 20-22, 2026.

    *When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other examples of products in the same category may have also been on display.

    TBW Logo

    Corporate Headquarters

    2884 Grand Helios Way

    Henderson, NV 89052

    ©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.

  • Whisper Report: How can we build and maintain consumer trust in Fintech solutions?

    Whisper Report: How can we build and maintain consumer trust in Fintech solutions?

    Published to clients: September 9, 2025                           ID: TBW2068

    Published to Readers: September 10, 2025

    Published to Email Whispers: TBD

    Published Publicly with Video: TBD

    Analyst(s): Dr. Doreen Galli

    Photojournalist(s): Dr. Doreen Galli

    Abstract:

    “Trust in fintech isn’t just about compliance—it’s a multi-dimensional strategy. This report explores how transparency, privacy, and strong identity verification shape consumer confidence. Insights from Fintech Meetup 2025 reveal how leading firms are navigating open banking, fraud prevention, and data ethics to earn and retain trust. If trust is your brand’s currency, this report is your blueprint. “

    Analysis only available to clients at this time.

    Related playlists

    1. Whisper Report: How can AI be effectively integrated into healthcare systems?
    2. Conference Whispers: HIMSS 2025

    Corporate Headquarters

    2884 Grand Helios Way

    Henderson, NV 89052

    ©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.

  • Whisper Report: Can generative AI prevent supply chain disruptions?

    Whisper Report: Can generative AI prevent supply chain disruptions?

    Published to clients: August 27, 2025                                 ID: TBW2059

    Published to Readers: August 28, 2025

    Published to Email Whispers: TBD

    Published Public with Video Edition: TBD

    Analyst(s): Dr. Doreen Galli

    Photojournalist(s): Dr. Doreen Galli

    Abstract:

    “This report dives into the evolving role of generative AI in logistics, revealing how it’s reshaping visibility, communication, and adaptability across global supply chains. From forecasting weather impacts to managing labor shortages and customer-driven changes, the research explores both the promise and the limitations of AI. It also introduces a provocative challenge: should supply chains adopt disruption modeling, just as IT uses threat modeling?”

    Analysis only available to clients at this time.
    Related playlists

    1. Whisper Report: How can we manage tariff costs in our supply chain?
    2. Conference Whispers: Manifest 2024
    3. Whisper Report: What are the biggest challenges of using generative AI in logistics?

    Corporate Headquarters

    2884 Grand Helios Way

    Henderson, NV 89052

    ©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking , The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.

  • Industry Whispers: AMA with Computer Talk Radio’s Benjamin Rockwell

    Industry Whispers: AMA with Computer Talk Radio’s Benjamin Rockwell

    Join us for an exciting Ask Me Anything session featuring Benjamin Rockwell, the seasoned host of Computer Talk Radio. With decades of experience navigating the ever-evolving world of technology, Benjamin brings a unique blend of expertise and approachable insight to help you tackle your tech challenges. Don’t miss this opportunity to engage directly, learn from the tech nerd who makes complex topics understandable, and get your questions answered live. Register today to submit your questions and be part of this interactive tech conversation!

    Research Code: TBW2088

    Cannot make it live? Register and submit your question. The answer will be in the video on TBW Advisors’ YouTube Channel.

    NO AI note takers allowed. Event copyrighted by TBW Advisors LLC All Rights Reserved.

    Benjamin Rockwell, host of Computer Talk Radio, has worked with computers professionally for decades.

    He began exploring computers as a pre-teen, starting with a Commodore Vic 20, and quickly became proficient with Apple II, TRS-80s, and other early systems. His passion grew when he discovered Bulletin Board Systems, eventually launching his own BBS. In 1990, he began his professional journey as a field technician.

    Though he calls himself a computer nerd, Benjamin breaks the stereotype. He’s approachable, eager to help, and deeply experienced—from field support and help desk roles to over 15 years as an Information Services Manager and consultant for hundreds of clients.

    Benjamin thrives on learning and teaching. His calm, friendly demeanor puts users at ease, and he’s known for making technology work—whether it’s building systems, troubleshooting networks, or developing websites. He specializes in solving problems and making computers work for people, not the other way around.

    Corporate Headquarters

    2884 Grand Helios Way

    Henderson, NV 89052

    ©2019-20204 TBW Advisors LLC. All rights reserved. TBW, Conference Whispers, Industry Whispers, Vendor Whispers, Technical Business Whispers, Whisper Reports, Whisper Studies, Whisper Rankings and Fact-based Research and Advisory are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal, or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.

  • Whisper Report: What’s the biggest cybersecurity myth in 2025?

    Whisper Report: What’s the biggest cybersecurity myth in 2025?

    Whisper Report: What’s the biggest cybersecurity myth in 2025?

    Published to clients: August 19, 2025               ID: TBW2090

    Published to Readers: August 20, 2025

    Whisper Email Release: TBD

    Public and Video Release: TBD

    Analyst(s): Dr. Doreen Galli

    Photojournalist(s): Dr. Doreen Galli

    Abstract:

    This Whisper Report identifies eight persistent cybersecurity myths in 2025, from the belief that threats can be fully stopped to misconceptions about AI’s role in security. Experts from Black Hat USA 2025 clarify that resilience, strategic investment, adaptive training, and human oversight remain essential. AI is powerful but not a plug-and-play solution, nor a replacement for human judgment. Understanding these myths helps organizations build more realistic, effective cybersecurity strategies.  

    What’s the biggest cybersecurity myth in 2025?

    We took the most frequently asked and most urgent technology questions straight to the Cybersecurity professionals gathering at Black Hat USA 2025 held in Las Vegas. This Whisper Report addresses the question regarding what’s the biggest cybersecurity myths in 2025? Figure 1 displays the eight cybersecurity myths we uncovered we will now discuss.

    8 myths of cybersecurity in 2025: We can stop all threatas. The more money you Spend, the more protected you are. Security awareness training is dead. AI is going to replace humans. AI is plug and play. AI generates secure code. AI will solve everything. AI will not solve issues in Cybersecurity

    MYTH 1: We can Stop all Threats

    The first myth comes from Trustmi’s Corey Sienko and is that “we can stop every single threat from entering the organization” This may come as a surprise to some executives particularly those outside of cybersecurity but the expression used is always when not if you have an incident. No Need to fret, Trustmi’s Corey Sienko continues. “It’s about how do we respond to those threats and make sure that we protect the organization from losing valuable information and cards.” I believe all appreciate that clarification. Cybersecurity involves defense but it is also a game all about preparation for when and resiliency after. This topic is further discussed in Conference Whispers: Black Hat USA 2025.

    MYTH 2: The more money you spend the more protected!

    Cymulate’s Avihai Ben Yossef brings us myth number two, “The more money you spend on cyber security the more protected you are.” Ben goes on further to explain. “I think in order to really be protected in cyber security from cyber attacks is by actually knowing what you need to do in order to make sure you are protected and when once you know that you don’t need to spend too much money you need to spend you know a very focused amount of money in what matters most.” If you are surprised by this, you really need to book an inquiry with TBW Advisors so we can help you review your cybersecurity strategy. Additional research regarding critical observations on cybersecurity spend can be found in the keynote covered within Conference Whispers: Identiverse 2024.

    MYTH 3: Security awareness training is dead!

    Cybersecurity Myth number three comes to use from Dune Security’s David DellaPelle. “Security awareness training is improving readiness and reducing risk. Security awareness training is dead.” Intrigued? Let’s hear more from David. “Security awareness training as it exists today, meaning legacy security awareness training technologies are not effective at reducing risk and create friction and an adversarial relationship between the security organization and the end users. The problem is if you think about a doctor who is looking to solve a patient’s problem, the first thing they would do is take in a lot of data and run tests to exclude the possibilities. They quantify the risk before they prescribe a medicine or a surgery. And so if there’s a security awareness training solution that doesn’t automatically provide uh user adaptation, it’s uh it’s kind of falling flat on its face. Every piece of security control or adaptation should be relevant to the individual user’s risk profile and that training or that security measure should be applied automatically based on the risk profile.” Training employees only on what that specific employee personally need to get better at? Sounds optimized.

    MYTH 4: AI Is going to replace Humans

    Bringing us cybersecurity Myth 4 is StrikeReady’s Alex Lanstein. “AI is going to replace humans.”  Alex further clarifi:ed, “AI is always going to augment humans. Anybody who’s ever leveraged any AI system, any generative AI system. You see that it makes mistakes. Sometimes those mistakes are obvious, sometimes they’re subtle. And no one is ever going to turn anything over to an AI when it’s making such obvious or subtle mistakes without a human in the loop.”  Or as Elastic Security’s James Spiteri further explained, “we’re thinking about this fully autonomous security operations team. I don’t think that’s going to happen. I don’t think even think it’s the right approach to think about these things. AI and agents are phenomenal, but they are the perfect compliment to humans. They’re not they’re not there to replace humans. They’re there to make humans lives better. eliminate the stuff that humans don’t want to do and let humans do the fun things like make people excited about wanting to work in cyber and that’s what the AI is allowing us to do.”

    MYTH 5: AI is plug and play

    Brian Mehlman and his AI Agent from Cyber Innovate bring us Myth 5.  “I’m actually here with one

    of my agents,  and his name is Ralph. Ralph, can you answer the question as you see it in our world view? What’s the biggest cyber security myth here in 2025? Absolutely, Brian. Happy to jump in here. So, from our perspective, the biggest cyber security myth of 2025 is probably the idea that AI is just a plug-and-play solution, that it’s kind of a one-size fits-all magic bullet.” Ralph and Brian went on to further explain, “In reality, the myth is that AI will handle everything securely on its own. But the truth is it needs a lot of oversight, a lot of transparency, and people often underestimate the complexity inside the machine. So that’s the big myth that AI is just simple and straightforward when really it’s a lot more nuanced. And that’s my take. Uh I would add my answer. I would extend onto yours is I agree, but um I’m used to systems that have access controls, authentication controls, and audit. Uh inside the black box, we don’t have any of them. Once I log in and I authenticate, it’s a wild wild west. That has to change. Immutable logs within the system is probably something that’s going to happen at some point. Uh or some other unique uh solutions to the problem.”

    Interestingly, Ariful Huq from Exaforce observed a similar concern. “Trying to build an LLM wrapper is what I call it without really understanding the data related to the problems that you’re trying to solve. LLMS can only get you so far, right? They are large language models and summarization and contextualization but at the end of the day if you want to solve problems related to say detections  investigations LLMS can only get you so far right you really need to go back to the data go back to the fundamentals and then layer on a large language model on top of it to solve some of the problems that around like you know summarization um you know building agent workflows.” In other words, solutions are custom crafted – NOT plug and play.

    MYTH 6: AI Generates secure code

    Checkmarx’s Jonathan Rende brings us Myth 6, “AI generates secure code.” That myth should grab the attention all organizations leveraging coding agents to quickly advance their product. Jonathon continues, “It doesn’t. It doesn’t. And it will probably get better over time. And will it do a better job than a junior developer in simple mistakes that can cause vulnerabilities? Heck yeah, of course it will. But for the more complex issues, it’s not there yet. AI is not there yet.”

    MYTH 7: AI will solve Everything

    Let’s hear Myth 7 from Booli’s Joe Schorr, “the biggest cyber security uh myth is that AI is actually going to solve everything.” Joe went on to further explain, “I think if you judiciously apply AI, machine learning and very discreet task and things, it’s fantastic. I think it’s being overblown quite a bit right up at the myth level. I think that if you treat it like we treat it in Booli, we’ve got AI built in, but we don’t publish it all over everything we’ve got, but we treat it kind of like an idiot savant. It’s it does one to ask really well or does a discrete set to ask really well. It may not actually behave well in church, but you can get it to do what you want for something very very specific, which is how we do it. I think the myth is that AI is going to solve everybody’s problems.” Brian Sledge of imPAC also believes that AI will solve everything is a myth. “I think AIis best positioned more like a forcemultiplier, but I don’t think it solvesthe problems, the core problems of cybersecurity today. Um cyber security stillrequires context. It requirespolicy driven control and those thingsstill require human in the loop. And Ithink the best way to leverage AI isn’t so much in solving for cyber security,but it’s more for helping multiply andscale out what humans still need andwe’re required to do. So I don’t think Idon’t think customers should sleep onthe idea that humans still need to be very much engaged as part of cyber security. Because cyber security AIis only as good as the algorithms andthe models and the data it’s getting.” Thus believing in 2025 AI will solve everything is a stretch but will it solve something?

    MYTH 8: AI Will Not Solve Issues in Cyber Security

    Microsoft’s Thomas Roccia brings us Myth 8. “right now I think most people in in the industry in the security industry doesn’t yet believe in this technology (AI) and that’s maybe one of the one of the myths that AI will not really solve issue in cyber security. We have and I think that’s a mistake it’s probably something which is changing the way we are doing and all the past work that we did for the past 20 or 30 years uh is going to be changing and evolving thanks or because to AI so that’s something to consider.” Thus, while it may not solve everything today, it is changing how the industry works and what it is fighting against.    

    *When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other examples products in the same category may have also been on display.

    Related playlists and Publications

    1. Conference Whispers: Black Hat USA 2025
    2. Conference Whispers: Identiverse 2024.
    3. Conference Whispers: Identiverse 2025
    4. Whisper Report: What’s the biggest cybersecurity myth in 2025.

    Corporate Headquarters

    2884 Grand Helios Way

    Henderson, NV 89052

    ©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.

  • Conference Whispers: Black Hat USA 2025

    Conference Whispers: Black Hat USA 2025

    Las Vegas, NV August 2- August 7

    Published to clients: August 11, 2025                                 ID: TBW2089

    Published to readers: August 12, 2025                  

    Published to Email Whispers: TBD

    Public with video edition: TBD

    Analyst(s): Dr. Doreen Galli

    Photojournalist(s): D. Doreen Galli

    Abstract:

    After 61 videos including 4 first ever onsite livestreams, 150 minutes of recording including multiple exclusive shots – our coverage of Black Hat USA 2025 closes. Black Hat USA 2025 featured over 100 briefings and 120 sponsored sessions, with coverage spanning keynote presentations, technical sessions, and exhibit hall innovations. Topics ranged from AI-driven threat detection and agentic SOC platforms to identity verification and proactive risk management. Trends in cybersecurity regarding defence, use of AI agents, and focus on resiliency continue to grow.

    The Conference

    • Black Hat USA 2025 featured over one hundred briefings and 120 sponsored sessions. Attendance numbers are forthcoming. 2024’s edition featured over 20,000 in person attendees.

    Cautions

    • Black hat is not a conference to attend without preparation. All of one’s technology should be up to date. One should ensure they are leveraging a VPN and a RDID wallet when intentionally going around black hat. If not using one’s phone, a portable faraday pouch is always beneficial.
    • Friendly reminder: this research provides examples of what was shared with us at the event, not an evaluation, validation, or recommendation of the given technology.

    Conference Vibe

    After 61 videos and related fact checks, over 150 minutes of recording including for the first time ever – four onsite LIVESTREAMS – our coverage of Black Hat USA 2025 closes. Black Hat featured over one hundred briefings and 120 sponsored sessions. Clients may recall the expo hall restrictions during our coverage of HIMSS which treated the entire expo hall like a surgical operating room from a privacy perspective. Guess what? It was even tighter at Black Hat. Nonetheless, we were able to capture the energy as Expo Hall was opening. Not only that, for the first time ever, Informa (who owns Black Hat) gave permission to someone to do a walkabout in Expo Hall prior to its opening for the day. That’s right – enjoy your exclusive look at Black Hat USA 2025 Expo Hall. Not only that, we were able to capture the mouthwatering lunch served on Wednesday. Once again, unlike most events, the What’s To Eat? Video does not include any attendees enabling us to really get a great shot of the food! A first for TBW Advisors LLC – we did four livestreams while on site. One live stream on Tuesday, Wednesday, and Thursday morning. One final livestream went out on Thursday as I requested assistance on your favorite videos for my segment on the August 9th broadcast edition of Computer Talk Radio.

    While at Black Hat USA 2025, we conducted research for three additional forthcoming Whisper Reports for our clients. The playlists are unlisted but available and will eventually fill in with the video version of the report so you may wish to bookmark these playlists.

    1. Whisper Report: What’s the biggest cybersecurity myth in 2025?
    2. Whisper Report: Can AI defend against AI-powered attacks?
    3. Whisper Report: What’s the next SolarWinds-level breach waiting to happen?

    Readers and viewers wishing to experience the entire event are encouraged to view the Conference Whispers: Black Hat USA 2025 Playlist in its entirety. Once the video edition is available, the playlist will be sited as a pinned comment on the video edition. It is also easy to locate any previous Conference Whispers playlists through TBW Advisors LLC corporate website. Additional cybersecurity conference research is available via Conference Whispers: Identiverse and Conference Whispers: ISC West.

    Keynotes and Sessions

    Kicking off in dramatic fashion, the conference kicked off with an amazing keynote from non-other than the most famous virus hunters – Mikko Hypponen and father of the Hypponen law of IoT security – one of our favorite coverage spaces. Specifically, Mikko said that if a device is smart, it is vulnerable. It was amazing to hear his story.

    On the bleeding edge of things, we received two session summaries from Microsoft’s Thomas Roccia. The first session was his Black Hat session on NOVA – Prompt Pattern Matching regarding a new type of threat gaining traction. The second session is actually at DEFCON – the sister conference where no one would be ignorant enough to bring in modern technology outside of a faraday cage. Fortunately, we caught Thomas while at Black Hat. IN this talk Thomas shared that they are releasing an AI Agent to track crypto currency’s movements including visualization to combat crypto money laundering. The final Microsoft session itself that we captured is the Unmasking of Cyber Villains. I always love when engineers get a very loud boastful ovation from the audience. This stage featured the heroes of MISTIC and Dart who shared how they leverage each other’s strength. MISTIIC stands for Microsoft Threat Intelligence Center while Dart stands for Microsoft’s Diagnostics and Recovery Toolset. In this session, the Microsoft team emphasized that incidents require empathy, speed, and precision. The Darth team is on the ground delivering the empathy and getting the data to MISTIC. MISTIC in turn, provides the cheat codes to the Darth rescue team to quickly combat the incident.

    On the topic of using AI Agents on a team of humans in wish SOC, James Spiteri from Elastic Security shared a summary of his session. “AI without Borders: Extending analysts capabilities in a modern Soc” dove into details how Agents and humans can successfully interoperate in a SOC. James also covered critical questions you need to think about in order to truly operationalize this type of situation. 

    Exhibits

    As with many events, some exhibits span outside of the formal expo hall. We were invited to the Dune Security Command Center on site where we heard about their solution. Their adaptive training uses a personal credit risk scoring model. It targets each employee’s risky actions and knowledge gaps with customized, targeted, proactive program. The goal is to elevate them to meet corporate standards. This theme of preparation, training, and doing things up-front was definitely a theme. Cumulated shared how their solution focuses on resiliency. Given that the proper way to discuss it is always when and not if, it is wise to ensure a quick recovery when it occurs. This preparation and looking out for the threat aligned with Qualys’s Risk Operations Center. This center is focused on assisting organization proactively identify, prioritize, and finally remediate identified risks. Covering all five personas in a SOC (alerts, vulnerabilities, threat intel, case management and DFIR (digital forensics/incident response )) StrikeReady’s platform integrates with 800 tools and is focused on removing each role’s pain points. Continuous Threat Exposure Management or CTEM is the area addressed most recently by Safe Security. Booli also moves things earlier in the process, in their case identity stitching. Specifically at the very beginning of the process including score carding the identity and providing the information back to the identity service. Ensuring stolen credentials are changed once they have been phished and the criminals attempted to leverage them, Mokn was on site to tell attendees about their solution.

    If your organization would prefer to fix vulnerabilities instead of the common security software composition analysis, Heeler Security was the booth to visit. Feeling overwhelmed, by cloud configurations in your organization? imPac Labs was on site talking about their expertise. Admittedly, given my Microsoft Patent application on Policy Profiles, cloud configurations is a problem space on our radar at TBW Advisors. Speaking of high availability environments, HAProxy Technolog exhibited their platform that brings enterprise security performance and configurability into packaged software.

    An area we have discussed in Conference Whispers: Money 20/20, Conference Whispers: HIMSS 2025, and Conference Whispers: Fintech Meetup 2025 – verifying the hardware device is a valuable defence vector for fighting fraud. At Black Hat USA 2025 we met SmallStep that enables device identity with cryptographic identity ensuring corporate devices are used to perform work. Leveraging device identification to eliminate deepfakes within a corporation, Netarx leverages multiple models to ensure your corporate communications are safe from deep fakes. Elastic Search – an open-source project known for search – found itself building native security and analytics due to popular demand.

    Moving into the agentic side of things, Microsoft’s AI Agent Challenge was a big hit. Their booth had plenty of specialists on site to answer any of your questions. Focusing exclusively on AI Agents for the Red Team, Mindgard’s solution keeps probing to find vulnerabilities, filters through them based on your target and context. Finally, remediation advise is dispensed. Cyata built a built a control plane for Agentic Identity and includes policy enforcement. Addressing the full lifecycle above and beyond triage, Exaforce shared their Agentic SOC Platform. A demo of Exaforce was also captured. Finally, if you are unfamiliar with the current state of agents or have never seen an agent in action, enjoy the video with Ralph. Ralph comes from Cyber Innovate; a think tank focused on stopping threats from AI Agents themselves.

    Next Year’s Conference  

    Black Hat USA 2026 will once again return to Las Vegas and will be held at Mandalay Bay Convention Center in August 2026. The exact dates have yet to be announced at time of publication.

    *When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other examples products in the same category may have also been on display.

    TBW Advisors Logo

    Corporate Headquarters

    2884 Grand Helios Way

    Henderson, NV 89052

    ©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.

  • Whisper Report: What are the most effective strategies for ensuring data security and privacy in customer interactions?

    Whisper Report: What are the most effective strategies for ensuring data security and privacy in customer interactions?

    Published to clients: August 4, 2025                        ID: TBW2080

    Published to Readers: August 5, 2025

    Published to Email Whispers: TBD

    Public and Video Release: TBD

    Analyst(s): Dr. Doreen Galli

    Photojournalist(s): Dr. Doreen Galli

    Abstract:

    “Effective strategies for securing customer data include encryption at rest, in transit, and during compute; cautious AI adoption; and strict access controls. Removing or masking personally identifiable information (PII) and training staff on cybersecurity best practices are essential. Legal compliance, intellectual property protection, and customer trust drive the need for robust privacy measures in customer interactions.”

    What are the most effective strategies for ensuring data security and privacy in customer interactions?

    We took the most frequently asked and most urgent technology questions straight to the technologists gathering at Customer Connect Expo 2025 held at the Las Vegas Convention Center. This Whisper Report addresses the question regarding What are the most effective strategies for ensuring data security and privacy in customer interactions? There are two reasons security and privacy are critical in this space. As Ford’s Dr. Kalifa Oliver pointed out, “to first really understand the laws..” In fact, all governance program definitions start with legal requirements, then industry regulations and requirements, then internal privacy promises made to customers.  The second critical reasons for ensuring data security and privacy as Claritiv’s Sean Gigremoss reminds us, “your knowledge for your business comes from all the conversations that you’re having – that is your IP (intellectual property).”

    Figure 1. Four Pillars of Customer Data Protection

    Four Pillars of Customer Data Privacy Defense in Depth Caution with AI Remove or Hid PII Train your Teams

    Defence in Depth

    As Macy’s Siva Kannan Ganesan pointed out, “all those regulation and implementing an regulation it’s a multi-step approach like data and motion data at rest should be encrypted and you have to make sure it’s like the access strict access control and frequent evaluation of the data breach.” With security depth is always valuable. TBW Advisors LLC advises clients to not only use encryption at rest and in transit, but to leverage protections during compute leveraging Confidential Computing. For additional research, enjoy Industry Whispers: Public is Privacy – Confidential Computing in the Cloud available on TBW Advisors YouTube Channel.

    Caution with AI technologies

    TBW Advisors has frequently warned if you are not being charged for the product, you are the product. If you are the product, you should assume you do not have privacy. Today with many of the advanced AI products, even lower tier paid products do not get privacy; rather they are being used to further train the product. As Ford’s Dr. Kalifa Oliver observed, “you really got to start asking organizations that have AI technologies about their Blackbox about how the data is being trained. You have to ask them about data breaches you have to be conservative about how you implement things because I think the law is going to catch up and the hardest thing to do is trying to go back and fix it.”

    Remove or Hide PII

    One critical step to ensure privacy is to not send PII or personally identifiable information to tools. Enthu.ai’s Atul Grover denoted, “we also ensure that we deduct the PI information we deduct almost 16 kind of PIs including social security data birth credit card information …. we do that in the recording as well as all the analytics.” While removing the information is a common practice, masking data is also quite common. As Mitrol’s Pedro Lopez Slevin shared, “our banks for example you will probably have on premise data servers. Everything will be with TLS 1.2 two or higher you know and create your data. We’re talking about AI, we usually do rack so you will have to process every information into embeddings and those embeddings are..unreadable if you just put it in a vector database.”

    Train your Teams

    While the term Human in the Loop has gained popularity with generative AI and agentic solutions, cybersecurity has always known the human in the loop as being a critical risk factor. Thus in order to truly ensure data security and privacy, you must train those humans! Randy Simmons from FaxSipIt shared the common journey towards compliance. “we’ve gone through a HIPPA audit and we’re secure there we just finished the SOC 2 audit and we’re SOC 2 compliant so people have come in they’ve audited our system our policies they’ve come with recommendations or not and we pass the audit for the socks 2 audit so our staff all goes through cyber security training as well we go through a wiser cyber security training and then also we send phishing to our to our employees and see if they’re going to click and if they click on a link then guess what they’re doing they’re doing that training all over Again.” So remember, do not click on that link without checking the link is safe first!

    Related playlists and References

    1. Whisper Report: How can we integrate AI-driven customer service solutions with our existing IT infrastructure
    2. Conference Whispers: Customer Connect Expo 2025
    3. Whisper Report: What are the most effective strategies for ensuring data security and privacy in customer interactions?
    4. Playlist – Whisper Report: What are the most effective strategies for ensuring data security and privacy in customer interactions?

    Corporate Headquarters

    2884 Grand Helios Way

    Henderson, NV 89052

    ©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.

  • Whisper Report: What are the latest advancements in decentralized identity and verifiable credentials?

    Whisper Report: What are the latest advancements in decentralized identity and verifiable credentials?

    Published to clients: July 30, 2025                                        ID: 2085

    Published to Readers:July 31, 2025

    Whisper Email Release: TBD

    Video Edition Release: TBD

    Analyst(s): Dr. Doreen Galli

    Photojournalist(s): Dr. Doreen Galli

    Abstract:

    “Recent advancements in decentralized identity include passwordless authentication, time-bound credentials, and dynamic identity chaining. These innovations reduce risk, improve privacy, and enhance user control. Separation of authentication from authorization enables more precise access management. One-way functions protect biometric data in cloud environments. Emerging standards like SPIFFE and CSA’s agentic identity frameworks offer scalable, interoperable solutions. Together, these developments support secure, flexible identity ecosystems without relying on centralized authorities.”

    Analysis available only to clients at this time.

    Related playlists & References

    1. Whisper Report: How can organizations implement zero-trust security without disrupting user experience?
    2. Conference Whispers: Identiverse 2025
    3. Conference Whispers: Identiverse
    4. UK Identity Case Study Keynote
    5. CSA’s Publication, “Agentic AI Identity and Access Management: A New Approach”
    6. Conference Whispers: ISC West 2025
    7. SPIFFE

    Corporate Headquarters

    2884 Grand Helios Way

    Henderson, NV 89052

    ©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.

  • Whisper Report: What are the best practices for integrating cloud technologies in media workflows?

    Whisper Report: What are the best practices for integrating cloud technologies in media workflows?

    Published to clients: July 16, 2025                                                              ID: 2077

    Published to Readers: July 17, 2025

    Published to Email Whispers: TBD

    Public and Video Edition: TBD

    Analyst(s): Dr. Doreen Galli

    Photojournalist(s): Dr. Doreen Galli

    Abstract:

    “Media companies now favor hybrid cloud workflows for flexibility, speed, and cost-efficiency. Open standards ensure interoperability, while strong security protects valuable IP. Experts stress aligning cloud use with business goals, maintaining control and visibility, and using cloud strategically—not universally—to optimize collaboration, performance, and infrastructure investment.”

    Related playlists

    1. Whisper Report: How can AI and machine learning transform media and entertainment?
    2. Whisper Report: What are the best practices for integrating cloud technologies in media workflows?:
    3. Conference Whispers: NAB Show 2025

    Corporate Headquarters

    2884 Grand Helios Way

    Henderson, NV 89052

    ©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.

    Research available only to clients at this time.

  • Whisper Report: How can we ensure compliance with new and evolving Cyber Physical security regulations?

    Whisper Report: How can we ensure compliance with new and evolving Cyber Physical security regulations?

    Published to clients: July 10, 2025                      ID: 2075

    Published to Readers: July 11, 2025

    Email Whispers Release:  TBD

    Public and Video Release: TBD

    Analyst(s): Dr. Doreen Galli

    Abstract:

    Cyber-physical security, like healthcare tech, must carefully manage PII. Experts highlight privacy-preserving biometrics, user-controlled consent, and anonymous face matching. Regulatory compliance, such as GDPR, drives standardization and innovation. As laws vary by region, adaptable and consistent global system architectures are essential for scalable, secure, and compliant operations.

    Analysis only available to clients at this time.

    Related playlists

    1. Industry Whispers: Public is Private – Confidential Computing in the Cloud | TBW ADVISORS
    2. Conference Whispers: Black Hat USA 2019
    3. Whisper Report: How can we enhance our cybersecurity measures to protect against emerging Cyber Physical threats? 
    4. How can we ensure compliance with new and emerging cyber physical security regulations?
    5. Conference Whispers: ISC West 2025

    Corporate Headquarters

    2884 Grand Helios Way

    Henderson, NV 89052

    ©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.