TBW ADVISORS LLC

Category: Research

Conference Whispers: Black Hat USA 2025
Las Vegas, NV August 2- August 7

Published to clients: August 11, 2025 ID: TBW2089

Published to readers: August 12, 2025

Published to Email Whispers: TBD

Public with video edition: TBD

Analyst(s): Dr. Doreen Galli

Photojournalist(s): D. Doreen Galli

Abstract:

After 61 videos including 4 first ever onsite livestreams, 150 minutes of recording including multiple exclusive shots – our coverage of Black Hat USA 2025 closes. Black Hat USA 2025 featured over 100 briefings and 120 sponsored sessions, with coverage spanning keynote presentations, technical sessions, and exhibit hall innovations. Topics ranged from AI-driven threat detection and agentic SOC platforms to identity verification and proactive risk management. Trends in cybersecurity regarding defence, use of AI agents, and focus on resiliency continue to grow.

Coverage on Computer Talk Radio August 2, and August 9.

The Conference
- Black Hat USA 2025 featured over one hundred briefings and 120 sponsored sessions. Attendance numbers are forthcoming. 2024’s edition featured over 20,000 in person attendees.
Cautions
- Black hat is not a conference to attend without preparation. All of one’s technology should be up to date. One should ensure they are leveraging a VPN and a RDID wallet when intentionally going around black hat. If not using one’s phone, a portable faraday pouch is always beneficial.
- Friendly reminder: this research provides examples of what was shared with us at the event, not an evaluation, validation, or recommendation of the given technology.
Conference Vibe

After 61 videos and related fact checks, over 150 minutes of recording including for the first time ever – four onsite LIVESTREAMS – our coverage of Black Hat USA 2025 closes. Black Hat featured over one hundred briefings and 120 sponsored sessions. Clients may recall the expo hall restrictions during our coverage of HIMSS which treated the entire expo hall like a surgical operating room from a privacy perspective. Guess what? It was even tighter at Black Hat. Nonetheless, we were able to capture the energy as Expo Hall was opening. Not only that, for the first time ever, Informa (who owns Black Hat) gave permission to someone to do a walkabout in Expo Hall prior to its opening for the day. That’s right – enjoy your exclusive look at Black Hat USA 2025 Expo Hall. Not only that, we were able to capture the mouthwatering lunch served on Wednesday. Once again, unlike most events, the What’s To Eat? Video does not include any attendees enabling us to really get a great shot of the food! A first for TBW Advisors LLC – we did four livestreams while on site. One live stream on Tuesday, Wednesday, and Thursday morning. One final livestream went out on Thursday as I requested assistance on your favorite videos for my segment on the August 9^th broadcast edition of Computer Talk Radio.

While at Black Hat USA 2025, we conducted research for three additional forthcoming Whisper Reports for our clients. The playlists are unlisted but available and will eventually fill in with the video version of the report so you may wish to bookmark these playlists.
Readers and viewers wishing to experience the entire event are encouraged to view the Conference Whispers: Black Hat USA 2025 Playlist in its entirety. Once the video edition is available, the playlist will be sited as a pinned comment on the video edition. It is also easy to locate any previous Conference Whispers playlists through TBW Advisors LLC corporate website. Additional cybersecurity conference research is available via Conference Whispers: Identiverse and Conference Whispers: ISC West.

Keynotes and Sessions

Kicking off in dramatic fashion, the conference kicked off with an amazing keynote from non-other than the most famous virus hunters – Mikko Hypponen and father of the Hypponen law of IoT security – one of our favorite coverage spaces. Specifically, Mikko said that if a device is smart, it is vulnerable. It was amazing to hear his story.

On the bleeding edge of things, we received two session summaries from Microsoft’s Thomas Roccia. The first session was his Black Hat session on NOVA – Prompt Pattern Matching regarding a new type of threat gaining traction. The second session is actually at DEFCON – the sister conference where no one would be ignorant enough to bring in modern technology outside of a faraday cage. Fortunately, we caught Thomas while at Black Hat. IN this talk Thomas shared that they are releasing an AI Agent to track crypto currency’s movements including visualization to combat crypto money laundering. The final Microsoft session itself that we captured is the Unmasking of Cyber Villains. I always love when engineers get a very loud boastful ovation from the audience. This stage featured the heroes of MISTIC and Dart who shared how they leverage each other’s strength. MISTIIC stands for Microsoft Threat Intelligence Center while Dart stands for Microsoft’s Diagnostics and Recovery Toolset. In this session, the Microsoft team emphasized that incidents require empathy, speed, and precision. The Darth team is on the ground delivering the empathy and getting the data to MISTIC. MISTIC in turn, provides the cheat codes to the Darth rescue team to quickly combat the incident.

On the topic of using AI Agents on a team of humans in wish SOC, James Spiteri from Elastic Security shared a summary of his session. “AI without Borders: Extending analysts capabilities in a modern Soc” dove into details how Agents and humans can successfully interoperate in a SOC. James also covered critical questions you need to think about in order to truly operationalize this type of situation.

Exhibits

As with many events, some exhibits span outside of the formal expo hall. We were invited to the Dune Security Command Center on site where we heard about their solution. Their adaptive training uses a personal credit risk scoring model. It targets each employee’s risky actions and knowledge gaps with customized, targeted, proactive program. The goal is to elevate them to meet corporate standards. This theme of preparation, training, and doing things up-front was definitely a theme. Cumulated shared how their solution focuses on resiliency. Given that the proper way to discuss it is always when and not if, it is wise to ensure a quick recovery when it occurs. This preparation and looking out for the threat aligned with Qualys’s Risk Operations Center. This center is focused on assisting organization proactively identify, prioritize, and finally remediate identified risks. Covering all five personas in a SOC (alerts, vulnerabilities, threat intel, case management and DFIR (digital forensics/incident response )) StrikeReady’s platform integrates with 800 tools and is focused on removing each role’s pain points. Continuous Threat Exposure Management or CTEM is the area addressed most recently by Safe Security. Booli also moves things earlier in the process, in their case identity stitching. Specifically at the very beginning of the process including score carding the identity and providing the information back to the identity service. Ensuring stolen credentials are changed once they have been phished and the criminals attempted to leverage them, Mokn was on site to tell attendees about their solution.

If your organization would prefer to fix vulnerabilities instead of the common security software composition analysis, Heeler Security was the booth to visit. Feeling overwhelmed, by cloud configurations in your organization? imPac Labs was on site talking about their expertise. Admittedly, given my Microsoft Patent application on Policy Profiles, cloud configurations is a problem space on our radar at TBW Advisors. Speaking of high availability environments, HAProxy Technolog exhibited their platform that brings enterprise security performance and configurability into packaged software.

An area we have discussed in Conference Whispers: Money 20/20, Conference Whispers: HIMSS 2025, and Conference Whispers: Fintech Meetup 2025 – verifying the hardware device is a valuable defence vector for fighting fraud. At Black Hat USA 2025 we met SmallStep that enables device identity with cryptographic identity ensuring corporate devices are used to perform work. Leveraging device identification to eliminate deepfakes within a corporation, Netarx leverages multiple models to ensure your corporate communications are safe from deep fakes. Elastic Search – an open-source project known for search – found itself building native security and analytics due to popular demand.

Moving into the agentic side of things, Microsoft’s AI Agent Challenge was a big hit. Their booth had plenty of specialists on site to answer any of your questions. Focusing exclusively on AI Agents for the Red Team, Mindgard’s solution keeps probing to find vulnerabilities, filters through them based on your target and context. Finally, remediation advise is dispensed. Cyata built a built a control plane for Agentic Identity and includes policy enforcement. Addressing the full lifecycle above and beyond triage, Exaforce shared their Agentic SOC Platform. A demo of Exaforce was also captured. Finally, if you are unfamiliar with the current state of agents or have never seen an agent in action, enjoy the video with Ralph. Ralph comes from Cyber Innovate; a think tank focused on stopping threats from AI Agents themselves.

Next Year’s Conference

Black Hat USA 2026 will once again return to Las Vegas and will be held at Mandalay Bay Convention Center in August 2026. The exact dates have yet to be announced at time of publication.

^*When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other examples products in the same category may have also been on display.

Corporate Headquarters

2884 Grand Helios Way

Henderson, NV 89052

©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.
August 12, 2025
Whisper Report: What are the most effective strategies for ensuring data security and privacy in customer interactions?
Published to clients: August 4, 2025 ID: TBW2080

Published to Readers: August 5, 2025

Published to Email Whispers: TBD

Public and Video Release: TBD

Analyst(s): Dr. Doreen Galli

Photojournalist(s): Dr. Doreen Galli

Abstract:

“Effective strategies for securing customer data include encryption at rest, in transit, and during compute; cautious AI adoption; and strict access controls. Removing or masking personally identifiable information (PII) and training staff on cybersecurity best practices are essential. Legal compliance, intellectual property protection, and customer trust drive the need for robust privacy measures in customer interactions.”

What are the most effective strategies for ensuring data security and privacy in customer interactions?

We took the most frequently asked and most urgent technology questions straight to the technologists gathering at Customer Connect Expo 2025 held at the Las Vegas Convention Center. This Whisper Report addresses the question regarding What are the most effective strategies for ensuring data security and privacy in customer interactions? There are two reasons security and privacy are critical in this space. As Ford’s Dr. Kalifa Oliver pointed out, “to first really understand the laws..” In fact, all governance program definitions start with legal requirements, then industry regulations and requirements, then internal privacy promises made to customers. The second critical reasons for ensuring data security and privacy as Claritiv’s Sean Gigremoss reminds us, “your knowledge for your business comes from all the conversations that you’re having – that is your IP (intellectual property).”

Figure 1. Four Pillars of Customer Data Protection

Defence in Depth

As Macy’s Siva Kannan Ganesan pointed out, “all those regulation and implementing an regulation it’s a multi-step approach like data and motion data at rest should be encrypted and you have to make sure it’s like the access strict access control and frequent evaluation of the data breach.” With security depth is always valuable. TBW Advisors LLC advises clients to not only use encryption at rest and in transit, but to leverage protections during compute leveraging Confidential Computing. For additional research, enjoy Industry Whispers: Public is Privacy – Confidential Computing in the Cloud available on TBW Advisors YouTube Channel.

Caution with AI technologies

TBW Advisors has frequently warned if you are not being charged for the product, you are the product. If you are the product, you should assume you do not have privacy. Today with many of the advanced AI products, even lower tier paid products do not get privacy; rather they are being used to further train the product. As Ford’s Dr. Kalifa Oliver observed, “you really got to start asking organizations that have AI technologies about their Blackbox about how the data is being trained. You have to ask them about data breaches you have to be conservative about how you implement things because I think the law is going to catch up and the hardest thing to do is trying to go back and fix it.”

Remove or Hide PII

One critical step to ensure privacy is to not send PII or personally identifiable information to tools. Enthu.ai’s Atul Grover denoted, “we also ensure that we deduct the PI information we deduct almost 16 kind of PIs including social security data birth credit card information …. we do that in the recording as well as all the analytics.” While removing the information is a common practice, masking data is also quite common. As Mitrol’s Pedro Lopez Slevin shared, “our banks for example you will probably have on premise data servers. Everything will be with TLS 1.2 two or higher you know and create your data. We’re talking about AI, we usually do rack so you will have to process every information into embeddings and those embeddings are..unreadable if you just put it in a vector database.”

Train your Teams

While the term Human in the Loop has gained popularity with generative AI and agentic solutions, cybersecurity has always known the human in the loop as being a critical risk factor. Thus in order to truly ensure data security and privacy, you must train those humans! Randy Simmons from FaxSipIt shared the common journey towards compliance. “we’ve gone through a HIPPA audit and we’re secure there we just finished the SOC 2 audit and we’re SOC 2 compliant so people have come in they’ve audited our system our policies they’ve come with recommendations or not and we pass the audit for the socks 2 audit so our staff all goes through cyber security training as well we go through a wiser cyber security training and then also we send phishing to our to our employees and see if they’re going to click and if they click on a link then guess what they’re doing they’re doing that training all over Again.” So remember, do not click on that link without checking the link is safe first!

Related playlists and References
Corporate Headquarters

2884 Grand Helios Way

Henderson, NV 89052

©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.
August 4, 2025
Whisper Report: What are the latest advancements in decentralized identity and verifiable credentials?
Published to clients: July 30, 2025 ID: 2085

Published to Readers: July 31, 2025

Whisper Club: December 15, 2025

Public: January 20, 2026

Analyst(s): Dr. Doreen Galli

Photojournalist(s): Dr. Doreen Galli

Abstract:

“Recent advancements in decentralized identity include passwordless authentication, time-bound credentials, and dynamic identity chaining. These innovations reduce risk, improve privacy, and enhance user control. Separation of authentication from authorization enables more precise access management. One-way functions protect biometric data in cloud environments. Emerging standards like SPIFFE and CSA’s agentic identity frameworks offer scalable, interoperable solutions. Together, these developments support secure, flexible identity ecosystems without relying on centralized authorities.”

Computer Talk Radio coverage of document.

Target Audience Titles:
- Chief Information Security Officer, Chief Technology Officer, Chief Digital Officer, Chief Privacy Officer, Chief Product Officer, Chief Data Officer
- Identity and Access Management Engineers, Security Architects, Cloud Infrastructure Engineers
- Privacy Engineers, Standards and Compliance Analysts
Key Takeaways
- Passwordless authentication removes friction and improves security.
- Time-bound credentials limit exposure from compromised access.
- Identity chaining enables dynamic, temporary access provisioning.
- Authentication and authorization are increasingly separated for clarity and control.
What are the latest advancements in decentralized identity and verifiable credentials?

We took the most frequently asked and most urgent technology questions straight to the Technologists gathering at Identiverse 2025 held at Mandalay Bay in Las Vegas. This Whisper Report addresses the question regarding the latest advancements in decentralized identity and verifiable credentials. But what is a decentralized identity. Panini’s Jim Harris explained, “identity – being able to capture that information using nearfield technology and then verifying that issue issuing information with the agency that issue it to certify that customer is legitimately who they say they are so we believe that’s one of the ways we can support authentication in a digital decentralized environment.” Let’s dive into six advancements in decentralized identity for you to add to your environment as depicted in Figure 1.

1. Passwordless

Frequently involved in moving authentication from something you know to something you are, Passwordless takes those pesty passwords out of the equation. As Simeio’s Octavio Lopez observed, “I’ve been seeing a lot of a lot of organizations are pushing towards passwordless.” For vendor examples that provide biometric identity options see Conference Whispers: Identiverse 2025 and Conference Whispers: ISC West 2025.

2. Time Bound Credentials

A favorite tactic to limit any damage from stolen credentials is to time bound them. As GitGuardian’s Dwayne McDaniel explained, “How do we not store a long-term credential but instead expose only the bit of the credential you need to verify that entity should be doing that thing and then issue a very short live jot or 509 Cert (X.509 certificate) that will expire immediately.” Any compromised short-lived credential is useless thereby limiting the blast radius in the system.

3. Identity Chaining

Related to time bound credentials is the dynamic identity chaining. As Apono’s Ofir Stein revealed the key to decentralization of identities is, “it’s the ability to create dynamic changes in the identity that exist in the environment. Meaning by that we keep what we call identity chaining while if I need access to some resources let’s say in cloud we create all the identities that needed for me to work and then we revoke them so dynamic approach to decentralized identity in a panel the dynamic approach is the decentralized identity when we create identity when needed and we work them when they when they don’t need them.”

4. Separation Authentication and Authorization

“Although commonly associated together, as the namespace identity and access management imply, the decentralized identity world is seeing a separation. Authentication — the verification you are who you say you are — is being distinguished from authorization — the granting of some authority to some resource. As GitGuardian’s Dwayne McDaniel highlighted, “we’re going to see some major advancements with this idea of I can prove on me but that doesn’t automatically authorize me for things the authorization is starting to be separated from authentication in a way that should have probably done in the first place.”

5.One-way Functions for Storage

As one might suspect, many identity solutions involve the cloud. The concern becomes, how to store the data in such a way that even if the data stored is compromised – the identity information is not? Keyless’ Alex Jones elaborated on the use case. “when you’re talking about privacy in the biometric space it’s all about where your biometric data goes does it stay on the device does it stay on the cloud so within cloud-based biometrics which is what Keyless does, there’s different ways of making sure that the biometric data on the cloud is kept really safe and this is where a decentralized biometric system come in it’s basically transforming the biometric data when it goes on the cloud so that when it’s there it is completely unrecognizable so even if the cloud server is compromised the biometric data or the data that’s stored there is kept safe.” This is the same approach we saw leveraged during our coverage of ISC West. A hash of the data is stored not the data itself. This hash function can be used against new data presented to see if the two results match properly. There is no reverse of this hash function thus the original data cannot be disclosed even if the resulting hash is compromised.

6. Leverage Standards

Finally, when you are creating your roadmap or architecture you do not have to reinvent the wheel. As GitGuardian’s Dwayne McDaniel denoted, “we’re seeing the standards emerge right now about 7 years ago we saw SPIFFE the secure production identity framework for everyone emerge and that came out of what Google was doing internally. Number of working group that sprung up at Netflix and they wrote a beautiful book on it called solving the bottom turtle. The CSA has just put out a new paper May 25th on how dissolve this multi- agent system problem and introducing concepts like agentic name spacing and a distributed ID like as name spaces and it’s just a fascinating time now.”

Final note

For those wishing to see a case study about how to bring a massive, decentralized identity solution to life, Identiverse had a keynote for you. Specifically, a case study of the UK mobile identity deployment featuring Hannah Rutter, Deputy Director, Digital Identity of the United Kingdom. If your organization is on the decentralized identity path, there is no reason to go alone. Reduce the risk and increase your chances of success by working with TBW Advisors LLC. Schedule an inquiry at the beginning of the process and each critical step to stop missteps.

Analysis available only to clients at this time. Join the YouTube Whisper Club at the Whisper Club Level to get access to the video edition today.

Related playlists & References
Corporate Headquarters

2884 Grand Helios Way

Henderson, NV 89052

©2019-2026 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, Whisper Club, Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.
July 30, 2025
Whisper Report: What are the best practices for integrating cloud technologies in media workflows?
Published to clients: July 16, 2025 ID: TBW2077

Published to Readers: July 17, 2025

Whisper Club Release: December 15, 2025

Public and Video Edition: December 17, 2025

Analyst(s): Dr. Doreen Galli

Photojournalist(s): Dr. Doreen Galli

Abstract:

“Media companies now favor hybrid cloud workflows for flexibility, speed, and cost-efficiency. Open standards ensure interoperability, while strong security protects valuable IP. Experts stress aligning cloud use with business goals, maintaining control and visibility, and using cloud strategically—not universally—to optimize collaboration, performance, and infrastructure investment.”

Target Audience Titles:
- Chief Technology Officer, Chief Digital Officer,
- Chief Data Officer, Chief Marketing Officer, Chief Content Officer
- VP Engineering, VP Media Technology, Dir Cloud Strategy, Dir Media Ops, Head of post production, Direct of IT Infrastructure
- Cloud Solution Architects, Media System engineers, DevOps Engineer, Video Platform Engineer, Broadcast Engineer, Post Production Engineer, Media Workflow Specialist, Software Engineer, Storage and Archiving Engineer, SRE
Key Takeaways
- Hybrid workflows balance cloud flexibility with on-prem performance and cost control.
- Open standards ensure seamless integration across media tools and platforms.
- Strong security protects media IP with access control and audit trails.
- Cloud strategy should align with business goals, not just follow trends.
What are the best practices for integrating cloud technologies in media workflows?

We took the most frequently asked and most urgent technology questions straight to the Technology experts gathering at NAB Show 2025 held in Las Vegas at the Las Vegas Convention Center. This Whisper Report addresses the question regarding what are the best practices for integrating cloud technologies in media workflows?

Media and the Cloud

Its been fascinating to watch the Media’s use of the cloud the last handful of years. As Axle.ai’s Sam Bogoch observed, “during covid people would just put things in the cloud willy-nilly because there was no reason to put it anywhere else. They didn’t go to their offices. There was no on premise. There was no concentration of work.” Furthermore, as Dell Technologies’ Tom Burns pointed out, “The promise of cloud was that you didn’t have to own or maintain infrastructure and that’s been awesome.”

Or as Ross’s David Green observed, “they don’t have to have a large upfront capital investment.” Thus when there was no concentration of workers or work, the lack of capital investment and no need for infrastructure maintenance was quite attractive. But its important to keep in mind as Ross’s David Green further explained, “cloud is just a technology – not a solution.” Thus, in the post-COVID world, Media has been rebalancing how as an industry it works with cloud.

Standard Open Systems

Regardless of where you put your workload for what part of the media workflow, the technologies involved must work together. Latakoo’s Jade Kurian gave us a great example, “if I have one company that does transcription let’s say really really well but it’s no connected to my media workflow. Then if I start using that as an enterprise media company, then the problem is I’ve created something that slows down my team even though I’m trying to make it faster for them.” To prevent the slowdown from incompatible tools, Cinnafilm’s Dom Jackson suggested, “to make sure that all of these technologies are using somewhat standardized APIs and ontologies and so on to allow somewhat atomic solutions to be combined easily into larger workflows.” In other words as Magnify’s Ken Ruck summarized, “the best ways to be open and not be a closed system.” The goal, as summarized by Jade Kurian, “it is all about speed -speed from camera to that pane of glass that exists that somebody’s watching on the other end”

Secure Media

Regardless of where your solution executes or where the media resides, protecting that media is absolutely critical. As Eon Media’s Greg Morrow simply stated, “media companies are built on their intellectual property so protection of their IP is incredibly important.” As warned during our coverage of Conference Whispers: NAB Show 2025, just because a technology can share media, doesn’t mean it does so securely with an audit trail. Lucidlink’s Gergana Berman further cautioned, “a lot of providers out there might claim that they have a very secure solution, but you have to check for yourself.” If this is an area your team is concerned with, clients should book an inquiry before purchasing the technology. In 2025, it is also critical to check the terms and conditions of any AI technologies leveraged. As Gergana Berman further explained, “ make sure their terms and conditions are not saying they can use your media copyrighted media.” Or as the saying goes, don’t use free products for when something is free – you are the product. In this case the valuable IP is the product of the media company for which you are working.

Some solutions have built in capabilities to assist in protecting your intellectual property. Greg Morrow pointed out that Eon Media’s solution has, “three levels of watermarking that we produce So we have produce a visible watermark on the asset and an invisible watermark.” Leostream’s Karen Gondoly perhaps best summarized the totality of the need, “I need to have control of my data. I need to have control of who has access to it. I want to secure that data so I want to make sure that I’m authorizing users correctly. I want to make sure that I’m using zero trust principles when I’m providing access to people. I need visibility. I want to make sure I always know who has access to my data what they’re doing with it where they’re accessing it from.” In other words, I don’t just need to be able to control it, I need a full audit trail of the five w’s for my data. Who accessed, What was accessed, When accessed, Where accessed and Why accessed as depicted in Figure 1.

Hybrid Solutions

Today, most media companies have settled into hybrid architectures involving a combination of on premise and cloud technologies. Strada’s Michael Cioni best summarized, “no one can actually put everything in one cloud. There’s too many collaborators. There’s too many different clouds. There’s too many pros and cons to clouds and nobody has enough money to store everything there So I think the best practices for integrating cloud into your workflow is to actually look for alternative solutions that may not use the cloud in the traditional ways and figure out how to collaborate across clouds versus putting everything in one place.” So what should go where? One can observe, those with on-premise based solutions have different answers vs those with predominantly cloud based solutions. Ross’s David Green recommends, “to not start with I want to do cloud the key is to start with why do I want to use cloud and then figure out who can help you solve those.”

SNS’s Alex Hlvarty cautions, “we can’t control internet outages or data breaches or things like that are mitigated by making sure that you keep your own assets on site in your possession but then utilizing cloud for its very clear benefits as far as making things available to people all over the world through one single portal.” Axle.ai’s Sam Bogoch also likes to keep things he is actively working on close. “on premise the things that you’re immediately working on because it does not make sense to keep asking for them politely from the cloud when you’re getting work done much faster on premise and meanwhile things like archive and backup clearly belong in the cloud.” From a capitalization perspective, Dell Technologies Tom Burn’s recommends an extension of a common metaphor. “let’s think of the old rocks pebbles sand metaphor where rocks are the fully capitalized on prem infrastructure that you need to keep 99.9% utilized and the pebbles are the project-based uses of compute and storage that aren’t part of your base commit and don’t hit your ybudget and the sand is the pure burstable joy that is the public hyperscalers. We’re looking at hybrid workflows that combine all three screening up.”

Once again, clients should schedule an inquiry to review your hybrid media architecture against your organizational priorities.

Related playlists
Corporate Headquarters

2884 Grand Helios Way

Henderson, NV 89052

©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.

Research available only to clients at this time.
July 16, 2025
Whisper Report: How can we ensure compliance with new and evolving Cyber Physical security regulations?
Published to clients: July 10, 2025 ID: 2075

Published to Readers: July 11, 2025

Email Whispers Release: TBD

Public and Video Release: TBD

Analyst(s): Dr. Doreen Galli

Abstract:

Cyber-physical security, like healthcare tech, must carefully manage PII. Experts highlight privacy-preserving biometrics, user-controlled consent, and anonymous face matching. Regulatory compliance, such as GDPR, drives standardization and innovation. As laws vary by region, adaptable and consistent global system architectures are essential for scalable, secure, and compliant operations.

Analysis available only to clients at this time. Join the YouTube Whisper Club at the Whisper Club Level to get access to the video edition today.

Related playlists
Corporate Headquarters

2884 Grand Helios Way

Henderson, NV 89052

©2019-2026 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, Whisper Club, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.
July 10, 2025
Whisper Report: How can we integrate AI-driven customer service solutions with our existing IT infrastructure?
Published to clients: July 3, 2025 ID: 2079

Published to Readers: July 4, 2025

Email Whispers Released: August 11, 2025 8am

Public and Video Edition Released: August 11, 2025 11am

Analyst(s): Dr. Doreen Galli

Photojournalist(s): Dr. Doreen Galli

Abstract:

“Integrating AI customer service with existing IT systems starts by setting clear business goals. AI should enhance, not disrupt, current workflows and streamline real-time support. Every organization has unique systems, so tailored integration is essential. A major challenge is fragmented data—making robust pipelines and clean, synchronized data critical. Accurate timestamps and system compatibility across platforms are key to ensuring effective AI performance and a smooth digital transformation journey.”

Target Audience Titles:
- Chief Information Officer, Chief Technology Officer, VP/Director of IT Operations, Enterprise Architects
- Chief Customer Officer, VP/Director of Customer Services/Success, Contact Center Operation Managers
- Solution Architects, DevOps & IT Administrators, Customer Support Agents, Data Scientists and ML Engineers
Key Takeaways
- Start with clear business goals so AI enhances workflows without causing disruptions.
- Tailor integration to your unique tech environment to avoid inefficiencies.
- Reliable, clean, and synchronized data pipelines are essential for effective AI-driven customer service.
How can we integrate AI-driven customer service solutions with our existing IT infrastructure?

We took the most frequently asked and most urgent technology questions straight to the technologists gathering at Customer Connect Expo 2025 held at the Las Vegas Convention Center. This Whisper Report addresses the question regarding how can we integrate AI-driven customer service solutions with our existing IT infrastructure? As Ford’s Dr. Kalifa Oliver shared, “first we need to break down our needs and our goals and figure out which pieces of AI actually build efficiencies in our IT systems because right now there are too many systems that are fragmented.” With ALL AI projects, it is best to start with the business goal not the technology. We do not want to spend resources to integrate technology that goes unused. Furthermore, the context of the business goal helps guide engineers when they have design choices to make.

Customer Service Workflows

AI in Customer Service is all about optimizing and improving the customer service workflow to lead to maximum customer satisfaction. As Zaon’s Jason Kaufman shared, “using artificial intelligence tools within the organization to actually help drive and make more efficient the processes that go into place in order to support good customer service. For example, leveraging artificial intelligence to actually analyze chats real time community forums real time. Actually monitoring that (the communities) helping to gain insights about what your customers have questions about so that you can leverage the AI to actually generate the knowledge on the fly to actually provide that (information removing confusion) back to them real time as if it’s another person on that community thread.” The nonobvious challenge in achieving this solution is best described by Claritiv’s CEO Sean Gigremoss. “Everybody has workflows. Every company is unique. What tools do they use? What products do they use now? Do we need to build it?” In other words, every organization has a unique, highly mixed environment with varying degrees of maturity both in the technology itself and the organization’s ability to deploy technology.

Verse.ai’s Zac Brooksher recommends focusing on complimenting the current workflows and processing. “We can integrate AI driven customer service solutions using full funnel metrics understanding all of the conversations the timestamps the channels the appropriate team members what next steps are all integrating into existing systems and processes just to complement what the current workflows and data processing is today like.” Any technology not realizing it is complimenting an existing process will instead create process interrupts. The distinction really is a big difference.

The Challenge: Data is everywhere!

As Claritiv’s Sean Gigremoss shared, data is everywhere! “They make it so easy for us to integrate because in the end that’s important because all the data are in this different .. disparate systems. You need information from Salesforce you need information from zoom you need information from slack you need information from your database you need information from your customer’s database so to be able to do that you need to make sure that you’re using the tools or you’re partnering with companies that help you so that you can focus on what you do best.”

But the data isn’t just everywhere, it comes from everywhere. The first obvious location was shared by Enthu.ai’s Atul Grover, “we integrate with the telephony at the dialer.” And the rest such as the web and email communications, “we ingest that using an API driven environment.” Diabolocom specializes in capturing all that occurs between the customer and the organization on mobile devices. As Diabolocom’s Benjamin Shakespeare shared, “with our mobile solution that we are about to release

the market .. So all field reps anybody who is using a cell phone today with every interaction they have on their phone our AI will then score that call transcribe it and push it directly into the CRM So any lack of compliance that you are seeing today in your organization from people that are not sitting behind a computer that will be no longer.”

Where the magic happens!

Now that we understand we are complimenting the existing customer experience workflows for the benefit of the customer experience and that data is everywhere, what can we do? As Macy’s Siva Kannan Ganensan shared, “you need to make sure your data pipeline is very robust when we talk about all this AI integration data is the core so make sure the data is cleansed and always readily available ready to serve with that we’ll be able to integrate an into your existing architecture or in your organization.”

Figure 1. Compliment Workflows & Leverage Robus Data Fabric

It’s all about the data infrastructure! You need robust data pipelines as part of your data fabric to seamlessly integrate any new AI offering as depicted in Figure 1. AND you must ensure data quality. For example, data quality is paramount when dealing with timestamps of customer communications. What time zone is your organizational standard? Do your IT systems work in that time zone, and do you know what systems provide timestamps in other formats or time zones? Is that true for any and all corporate acquisitions feeding data into the system? Is the system designed to handle the variety of daylight savings time scenarios? Are all the clocks adjusted for daylight savings automatically or manually? Finally, are the timestamp clocks aligned? To the second or to the minute? It’s valuable to know if you can look at time as fact or approximation in your organization. If your organization is going through any type of digital transformation, it is critical to get the best advice available to ensure your success. Ensure your success by scheduling your inquiry with a TBW Advisors advisor before starting any critical phase of your digital transformation journey. Get the smartest advice available and leverage our firsthand experience to your advantage.

Related playlists
1. Whisper Report: How can we integrate AI-driven customer service solutions with our existing IT infrastructure
2. Conference Whispers: Customer Connect Expo 2025
Corporate Headquarters

2884 Grand Helios Way

Henderson, NV 89052

©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.
July 3, 2025
Whisper Report: What are the best practices for enhancing cybersecurity in FinTech?
Published to clients: June 26, 2025 ID: TBW2067

Published to Readers: June 27, 2025

Email Whispers: December 9, 2025

Public with Video Edition: December 10, 2025

Analyst(s): Dr. Doreen Galli

Photojournalist(s): Dr. Doreen Galli

Abstract:

To strengthen cybersecurity in FinTech, experts emphasize a layered approach that combines technology and human awareness. Rising threats like phishing, smishing, and fraud demand not just better tools but also vigilant, well-trained employees. Embedding security scans into software development, analyzing diverse data signals, and adopting a “defense in depth” strategy are all critical. Ultimately, staying curious, asking the right questions, and embracing evolving technologies—especially AI—can help organizations stay ahead of cyber risks.

Target Audience Titles:
- Chief Technology Officer, Chief Security Officer, Chief Information and Security Officer, Chief Trust Officer, Chief Compliance Officer, Chief Risk Officer
- Head of Product, VP of Product, Chief Marking Officer, Data Protection Officer, Director of Data Protection
- Security Architect, Security Engineers, Penetration Testers, Incident Response & Threat Intelligence Teams
Key Takeaways
- Adopt a Layered Defense: Use a “defense in depth” strategy—combine multiple security measures and analyze broad data signals to stay resilient against evolving threats.
- Train Your Team: Human error is a top vulnerability. Regular employee training helps prevent phishing, smishing, and social engineering attacks.
- Build Security into Development: Embed security checks directly into software pipelines to catch issues early and reduce risk at every stage of development.
What are the best practices for enhancing cybersecurity in FinTech?

We took the most frequently asked and most urgent technology questions straight to the finance technology experts gathering at Fintech Meetup 2025. This Whisper Report addresses the question regarding what the best practices are for enhancing cybersecurity in FinTech. As SecurityMetrics’s Matt Cowart shared, there is a, “big rise that we’ve seen is fishing and smishing.” Your employees are getting targeted via email and SMS messages. But that is not the only threat. The user or customer angle also brings in cybersecurity issues. Incentiva’s Heather Alvarez shares, “fraud is something that is very big right now and (is something) that we’re trying to combat.”

A Layered Approach

Cybersecurity frequently feels like a game of whack-a-mole. Vulnerabilities seem to pop up in every dimension you explore but there is still hope. As Socure’s Matt Thompson shared, “creating layers and looking at lots and lots of data signal is important for protecting your Enterprise.” This is also known as defense in depth.

What might these layers include? Gitlab’s Field CTO, Joshua Carroll recommends, “making sure your code is secure and doesn’t have vulnerabilities by building the security scanners into your pipelines and do those as you build the software you can save yourself an awful lot of time.” Likewise, SecurityMetric’s Matt Cowart points out that it all, “comes down to training. The weakest link is where hackers get in. Being able to strengthen your entire area – all of your employees making sure they know what to do what not to do is going to be on of the biggest things that keeps your network safe.” Effective training can minimize phishing and smishing as well as positively impact fraud detection during customer interactions.

Thus to enhance your cybersecurity, ensure a depth in defense security strategy and that the strategy includes both technical aspects of your enterprise as well as your humans in the loop. But most important stay curious and keep building. As Incentiva’s Heather Alvarez shared, “ask the right questions .. continuing to push and look for new features look for to AI to help us because there are a lot of Technologies out there.”

If you are evaluating your cybersecurity environment, be sure to book an inquiry for timely advice.

Related playlists
^*When vendors’ names or quotes are shared as examples in this document, it is to provide a concrete example of what was on display at the conference or what we heard doing our research, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document.

Corporate Headquarters

2884 Grand Helios Way

Henderson, NV 89052

©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.
June 26, 2025
Whisper Report: What are the best practices for enhancing cybersecurity in healthcare?
Whisper Report: What are the best practices for enhancing cybersecurity in healthcare?

Published to clients: June 18, 2025 ID: TBW2063

Published to Readers: June 19, 2025

Email Whispers: July 22, 2025

Public & Video Edition: July 23, 2025

Analyst(s): Dr. Doreen Galli

Photojournalist(s): Dr. Doreen Galli

Abstract:

Cybersecurity in healthcare is responsible for protecting the data that represents the life’s story of patients and infrastructure to enable proper care. Managing and securing the plethora of edge devices and the interoperability of all the technologies is an increasing challenge. There are four steps to take to enhance your healthcare cybersecurity: select a framework, leverage depth in defense, automate where possible, and test your environment.

Target Audience Titles:
- Chief Information Security Officer, Chief Information Officer, Chief Security Officer, Chief Technology Officer, Chief Compliance Officer, Chief Data Officer, Chief Privacy Officer
- VP of Cybersecurity, Director of Information Security
- Security Architect, Information Security Architect, Network Security Engineer, Systems Security Engineer, SOC Analysts, IAM Specialists, Director of Privacy
Key Takeaways
- Device maintenance and interoperability continue to challenge healthcare environments cybersecurity.
- Four steps to enhance cybersecurity in healthcare environments. Select a framework, leverage depth in defense, automate where possible, and test your solution.
Tags

cybersecurity, privacy, healthcare, healthcare technology, health tech, HIMSS, HIPPA, medical devices, edge devices, IoT, depth in defense, automate, integration, cybersecurity frameworks, Evidently, Hal Wolf, Kai Romero, Brennen Reynolds, Absolute Security, Alexander Group, Trey Chamberlin, Aisera, Daniel Carvajal Marin

What are the best practices for enhancing cybersecurity in healthcare?

We took the most frequently asked and most urgent technology questions straight to the health systems technology experts gathering at the Healthcare Information and Management Systems Society (HIMSS) 2025 Global Health Conference and Exhibition or HIMSS 25 for short. This Whisper Report addresses the question regarding the best practices for enhancing cybersecurity in healthcare. Given that data breaches in 2024 affected 1 in 2 American’s health records, cybersecurity is top of mind in healthcare¹. But healthcare data is not your shopping data, it represents much more. As Evidently’s Kai Romero shared, “the narrative Arc of who they are how they’ve suffered, how they’ve overcome the illnesses that they’ve experienced, you can’t treat that lightly … this is their life.” But there is a reason for concern in healthcare. For those unfamiliar, Russia has been found the source of ransomware attacks on the healthcare industry². As HIMSS Hal Wolf shared, “security is a major issue our own the federal government the United States just announced that they were bringing down cyber security blockage or fundamentals against another foreign country recently that was yesterday.” There is no indication that the cyberattacks on healthcare will stop, just an announcement that the government is no longer stopping such attacks.

Where are the vulnerabilities?

Understanding that healthcare data represents the whole person and their life, where are the vulnerabilities coming from in the healthcare environment? Examining the source of the security vulnerabilities can offer insights to the efforts to defend and protect this valuable healthcare data. Turns out there are two large sources of vulnerabilities.

Device Maintenance

First, devices in the healthcare environment itself are an issue. As we discussed in Whisper Report: How can AI be effectively integrated into healthcare systems?, many devices on site are old. They may not have over the air (OTA) updates, may require human in the loop to update. As Absolute Security’s Brennen Reynolds stated, “any given organization that man that has our technology about 15% of the devices that are being manually managed have some missing critical security control which increases their risk to either an operational outage or a cyber event like Ransomware.” It may sound like simple advice you have heard a million times, but keeping your equipment up to date with the latest software and security patches is simply critical.

Interoperability

Healthcare creates complicated environments full of an array of diverse vendors. Somehow these vendors and their technology – or more specifically – the diverse array of data about the patient derived must interoperate. Not just interoperate, the data must come together to provide a picture of the patient for the practitioner. Unfortunately, as Alexander Group’s Tray Chamberlin pointed out, “a lot of interoperability issues and leaks.” Getting the technology to work together is so difficult in and of itself, the process created that ‘works’ may not be a secure solution. It is critical that during any interoperability project that protection of the data in the processes is the first a priority. Furthermore, the integration architecture and solution must be examined at a detailed level to understand and identify any potential leakages created in the process.

Solutions

Organizations concern about security in healthcare technology is not going to go away. Per HIMSS’s Hal Wolf, “this is going to be the coinage of which we really improve Healthcare is information (and) information comes from data the data will be unprotected so .. it is why it (cybersecurity) is one of our (HIMSS) four focus points.. at HIMSS (25) digital Health transformation, AI, cyber security, and Workforce Development.” Information is how we improve care, thus information is the goldmine of healthcare. Figure 4 depicts Four Steps to Enhance your Healthcare Cybersecurity.

Select Framework

Through the various conversations while conducting this research, it became very clear that each organization has their own framework to guide their cybersecurity program. When selecting amongst the frameworks, ensure these common characteristics are present.
- It should be 100% restricting while enabling productivity.
- Needs guardrails and controls
- It should be deliberate and intentional with how it handles your assets.
Leverage Defense in Depth

Regardless of where the technology is used within healthcare, certain security practices should be consistent. As Evidently’s Kai Romera shared, “some of the same things that we use in the clinical setting to protect patient data whether that’s logging out of a screen pretty quickly after it’s not active or you know taking away the protected patient information so that anyone who’s looking at the screen would not know who that patient was you want to know that they’re employing those things because this (is) patient data.” Understanding no single method covers all scenarios, it is good to use every method available when possible. For example, clinical data masking technology and standards can easily be applied to the terminals used at the front desk and billing as well.

But data masking is not just useful at the terminal level. As Aisera’s pointed out, regarding you agentic AI solutions, we can do everything from masking PII for mask any personal data “architecture that’s going to keep your data private data privacy is probably the most important thing especially when it comes to healthcare right .. but also how it is stored right even in our cloud approach” our customers get the unique architecture so when you’re training the LLM you’re not trained in our models.”

Deploy Automation

Many shy away from automation, but as we pointed out in Conference Whispers: Black Hat USA 2019, a ransom ware attack can take down an organization in 30 minutes. What human on call can get notified, get online and stop an attack that fast? Furthermore, as Absolute Security’s Brennan Reynolds shared, “topic of automation there’s just too many things to be done in a day to allow and require humans to be doing all of the maintenance and management task so if the it devices across their organizations whether you have a th000 devices 10,000 or a million devices you’re never going to have enough staff to manually execute tasks to keep those devices safe and secure.” Thus it is physically impossible to stop many attacks or even simply update all the devices on site without automation.

Test!

Regardless of the care taken, it important to review the architecture and test the system. As Alexander Group’s Tray Chamberlin explained, “make sure that it’s not just we want this system we want to stand it up and we want the functionality but also going through the paces and testing and making sure that is playing nice but also doesn’t open up a new vulnerability within your system going forward.” A system that simply works is not the goal. Rather, a system must work and be secure, resilient, and hardened against attacks including its integration points is the minimum standard.

We will close with remarks by HIMSS’s Hal Wolf, “ I think cyber security is going to continue to be at the Forefront of our thoughts whenever you’re dealing with data and information they are going to be bad actors… HIMSS is focused on cyber security we have cyber security forums (and) there are cyber security events taking place.”

^*When vendors’ names or quotes are shared as examples in this document, it is to provide a concrete example of what was on display at the conference or what we heard doing our research, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document.

Related playlists
1. Whisper Report: HIMSS: Question 1: How can AI be effectively integrated into healthcare systems??
2. Conference Whispers: HIMSS 25
Corporate Headquarters

2884 Grand Helios Way

Henderson, NV 89052

©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.
June 18, 2025
Conference Whisper: Identiverse 2025
Published to clients: June 10, 2025 ID: TBW2083

Published to readers: June 11, 2025

Published to Email Whispers: August 18, 2025

Publicly Published with video edition: August 18, 2025

Analyst(s): Dr. Doreen Galli

Photojournalist(s): D. Doreen Galli

Abstract:

Identiverse 2025 welcomed 3,300+ attendees to Mandalay Bay – nearly a 20% gain over 2024. Featuring 250+ sessions and 150 exhibits all on one floor, the event was smooth and accessible. Keynotes and sessions emphasized teamwork, resilience, and collaboration, while exploring AI in identity, decentralized credentials, and zero-trust implementation. Exhibitors showcased innovations from selfie-based authentication to intelligent access control and secrets vault cleanup. The shift from Aria to Mandalay Bay marked a new chapter for the expanding event, which returns to Mandalay Bay in 2026.

The Conference
- Identiverse 2025 was held at Mandalay Bay Convention Center, a move from Aria in 2024. It hosted 3300 attendees, 250 sessions and 150 exhibitors.
Cautions
- Friendly reminder: this research provides examples of what was shared with us at the event, not an evaluation, validation, or recommendation of the given technology.
TAGS

Identiverse 2025, digital identity, identity security, zero trust, AI in cybersecurity, decentralized identity, verifiable credentials, identity governance, privileged access management, IAM, IGA, cybersecurity conference, Mandalay Bay, authentication, biometrics, secrets management, SSO, MFA, ITDR, access control, enterprise security, digital trust, identity trends, identity innovation, conference highlights, tech expo, identity tech, identity solutions, cybersecurity trends, identity keynote, identity management

Conference Vibe

After over 53 videos, almost 200 minutes of content only 2 escalator rides, 30,000 steps and over 25 fact checks, our coverage of 2025 Identiverse ends. The event spanned 4 days, had over 250 speakers, 150 exhibits and with over 3300 attendees – 700 more registered over last year. Registration went very smooth with rarely any waiting time. Interestingly, we were informed many registered late. Executives realize that reducing risks and therefore related losses is a viable path to protecting profits in uncertain times. This year’s event took place at Mandalay Bay Convention Center, a change from Aria last year. Most enjoyed the conference taking place all on the same floor. It was great to see the conference grow and expand. Like all changes, there were the old timers yearning for the days when they all packed into too small rooms at Aria. Unfortunately, some of the sessions located physically further from Expo Hall reported some in person attendance challenges from those too tired to walk to the room. The event featured a full collection of meals. We were able to capture the Tuesday Seminar’s Lunch and the lunch on Wednesday in Expo Hall.

While at Identiverse, we conducted research for three additional forthcoming Whisper Reports for our clients. The playlists are unlisted but available and will eventually fill in with the video version of the report so you may wish to bookmark these playlists.
Readers and viewers wishing to experience the entire event are encouraged to view the Conference Whispers: Identiverse Playlist in its entirety. Once the video edition is available, the playlist will be sited as a pinned comment on the video edition. It is also easy to locate any previous Conference Whispers playlists through TBW Advisors Website under Subscribers research/Conference Whispers.

Keynotes and Sessions

Identiverse is absolutely one of those events where regardless of the amazing session you choose, you are aware you are also missing an incredible session – or two. Fear of missing out was rampant. Fortunately, we were able to capture 53 videos for our clients and subscribers. The first Keynote featured John Pritchard, CEO of Radiant Logic. Titled, “Identity isn’t a solo Game” it drove home the message that one cannot succeed in identity without collaboration with the professionals around you throughout the organization and with others in the industry.

Another frequently referred to keynote featured the UK’s Hanna Rutter who is realizing their government digital identity solution. In her talk she spoke about the challenges of such a decentralized digital identity solution and how she is overcoming roadblocks on her path to success. A much in demand topic regarding identity challenges in the realm of AI was presented by Richard Bird. A tech talk held in the expo hall was hosted by Microsoft. Their tech talk covered the hot topic of ITDR, Identity threat detection and response.

Exhibits

Identity is a topic found not only in the expo halls of Identiverse, but was also seen in the halls of HIMSS, Fintech Meetup, Money 20/20 and ISC West just to name a few. What is interesting is the different manners of vendors describe their technology. At ISC West, vendors in the expo hall spoke in terms of a solution. They would always emphasize the PII information is not on the badge, rather a hash of the biometric data which enables verification is provided instead. While this was not clarified on the videos at Identiverse, the vendors later disclosed the same technical approach that was taken on the technology captured at Identiverse. If you are seeking a tap-in to sign-in on a shared device for your organization, Imprivata was in the expo hall with their solution. If you would like to verify the customer requesting the high-risk transaction is the same customer who signed up for the account, Panani shared their technology. Keyless offers a solution to authenticate high risk actions with a selfie. If you are an engineer developing a solution and need the capability to onboard customers, no need to start at square one! PropelAuth provides an out of the box identity capability you can add on to your solution to onboard customers! Seeking to manage your remote teams and seeking a cost effective out of the box solution to provide SSO and MFA? Cubeless shared their free and easy SSO and MFA solution made for you.

Is managing privileges gotten to be too much for you and your organization? Apono Unified Access Management is an intelligent solution that aims to provide just enough just in time privilege for human and non-human-identities (NHI). Oasis goes one step further in managing AI Agents’ Identity, provisioning, deprovisioning and cleaning up stale accounts. Are your coders overwhelmed trying to identity what secrets vault to use so they land up hardcoding the secret? Is your organization suffering from identity vault sprawl? GitGuardian was on hand with their solution that can assist you in identifying and remediating secrets vault sprawl.

Expo hall also featured quite a few IGA (identity governance and administration) and PAM (privileged access management) platforms. Omada captured their 25-years’ IGA experience into a free best practice framework. This framework includes use cases and related configuration recommendations for their platform, Omada Identity Cloud. Lumos shared their agentic AI autonomous IGA solution. This solution can even recommend what privileges a new employee should get based on their role and department. If you have a small but complex environment, Clarity Security has an IGA solution targeted at your organization.

Keeper Security shared their zero-knowledge identity solution for endpoints. Their solution is referred to as zero knowledge as the customer’s data is encrypted on the endpoint with the customers key; meaning, Keeper Security has no access to customer data whatsoever. Bridgesoft shared their complete identity platform that also can adapt and include any components that may already exist in your environment. Specializing at the start of the process, CyberSolve helps organizations commence new identity programs. Looking for IAM services across the portfolio? Simeio was on site there to offer guidance. Clients are reminded to schedule an inquiry to review the current state of your identity program. If you are seeking to expand it or modernize it, we will produce an inquiry plan to guide you along the journey even if you are working with an outsource provider or consultant.

Next Year’s Conference

Identiverse will once again be held at Mandalay Bay Convention Center June 15-18, 2026.

^*When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other examples products in the same category may have also been on display.

Corporate Headquarters

2884 Grand Helios Way

Henderson, NV 89052

©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.
June 10, 2025
Whisper Report: How can AI and machine learning transform media and entertainment?
Published to clients: May 29, 2025 ID: 2076

Published to Readers: May 30, 2025

Published to Email Whispers: July 7, 2025

Video edition: July 7, 2025

Analyst(s): Dr. Doreen Galli

Abstract

AI is transforming media and entertainment, reshaping workflows and automating the tedious. This shift isn’t new—it’s an evolution already well underway. While concerns about disruption persist, AI is proving to be a powerful tool that enhances efficiency, making content more accessible and refining quality. From metadata enrichment to streamlined production, AI empowers professionals by eliminating the mundane and allowing more focus on creativity. Rather than replacing jobs, it shifts how work gets done, seamlessly integrating with existing processes to unlock new possibilities in storytelling, production, and distribution. The industry is adapting, and AI is at the heart of that transformation.

Target Audience Titles:

Chief Technology Officer, Chief Supply Chain Officer, Chief Digital Officer

Chief Data Officer, Chief Marketing Officer, Chief Content Officer

Head of AI and Machine Learning, Data Scientists

Product Managers, Content Managers, Sound Engineers, Distribution Engineers

Production Technologists, Streaming Platform Developers

Chief Technology Officer, Chief Supply Chain Officer, Chief Digital Officer

Key Takeaways
- AI is transforming workflows, automating the tedious, and reshaping media and entertainment.
- Efficiency gains let creators focus on storytelling while AI enhances accessibility and searchability.
- AI isn’t replacing jobs—it’s evolving how work gets done, integrating seamlessly into production processes.
How can AI and machine learning transform media and entertainment?

We took the most frequently asked and most urgent technology questions straight to the Technology experts gathering at NAB Show 2025. This Whisper Report addresses the question regarding how can AI and machine learning transform media and entertainment?

Setting the Stage

As DeepDub’s Oz Krakowski stated, “We see is a lot of the work that was done before is now done in different.” These changes have already hit the headlines for as Dell Technologies’ Tom Burns pointed out, “Everybody’s all concerned with Gen AI but of course the writers and actors strikes were all about that.” Thus this AI transformation is not new but rather is currently underway. Latakoo’s Jade Kurian offered this perspective. “The question now is how do we do this thoughtfully? How do we do it in a way that we don’t compromise ethics – where we don’t compromise people’s jobs? How do we make it flow back and forth where we take advantage of AI and machine learning to make our lives easier, make our lives better, and make entertainment and media better.” Cinnafilm’s Dom Jackson suggests we take another step back to gain a larger perspective, “There’s a lot of fear around AI and those technologies and in that sense, I see those as part of a continuum of ongoing automation processes that have been going on since the industrial revolution. Everyone’s always scared when something new comes along and then very quickly it becomes normal and it empowers us to work in new and different and usually more efficient ways.” See Figure 1 for the Cornucopia of AI use cases suggested. Let’s explore some of those new, and different, more efficient ways.

AI Use Cases in Media

One thing is for certain, there is no shortage of opportunity for AI to positively impact the media and entertainment sector. The favorite use case among all users, as Strada’s Michael Cioni put it, “AI is best for our industry as a utility form to do the mundane tasks .. we need AI that automates mundane tasks like color correcting sound noise reduction, video audio noise reduction, face tagging, locations, objects, emotions – those are all the things that no one wants to sit and log footage. AI can log it for us.” Or per Ross’s David Green, “AI is going to make us more efficient and more effective and let us focus on what we love doing which is creating amazing content.” No matter which perspective you prefer – the elimination of the mundane or the freeing up to do the fun parts – AI is here to stay in media workflows. As Dell’s Tom Burns observed, “Machine learning has already transformed media and entertainment in so many invisible ways from security to fixing single pixel defects to all kinds of low-level network functions and automated provisioning.”

When it comes to all that stored media, there are plenty of suggestions of how AI can assist as well. Per SNS’s Alex Hlavaty, “It actually can be an incredibly helpful buddy to sort through the stuff we don’t want to do parse through petabytes worth of information. Help us find assets more quickly and just interact with our data in a much more meaningful way while reducing man hours doing things that are laborious.” . Eon Media’s Greg Morrow observed, “our customers have large libraries of video files that only have a file name or have just a a small title. We really enriched those assets with information to make those assets more usable by identifying people places things emotional sentiment um ethnicity as part of those assets.” Dell Technologies’ Tom Burns denoted, “One of the GEN AI things that is proving to be useful is for companies that have large archives or studios that have that have the rights holders to a lot of content, using AI to extend the metadata and inform them of what they actually have in their archive allows them to make that more searchable and therefore more monetizable on.” Increasing metadata for the purpose of search and the related business cases that come from having truly searchable content is a common theme. As Axle.ai’s Sam Bogoch simply stated, if, “they can’t find it they can’t reuse it.”

In some of the use cases such as sound editing, it has completely transformed the task at hand. As DeepDub’s Oz Krakowski observed, “just like you cannot imagine a graphics designer not using Photoshop it’s unheard of right however 20 years ago this was extremely questionable nowadays thinking of doing voice design and editing dialogues without using AI.” Ross’s David Green offers additional suggestions, “things like camera tracking so instead of having to every single second manually figure out where things are and do manual keying you know markers and those sort of things we can use AI to automatically be able to do those things .. instead of having to flip through a manual.” Dell’s Tom Burns observed, “when you render your VFX AI upsampling has gotten so good now that you can render at 2K and up to 4K and it looks better than if you rendered at 4K in the first place.” Wow! Upsampling rendering better than if it was 4k in the first place – now that is an improvement – by definition. Localization is another area that has been drastically impacted by AI. Today, with AI tools such as Yella Umbrella are, “making content accessible to users that wouldn’t have access to it normally either because there’s no one to localize that content or just because the content that they want to access is not available in the accessibility form that they prefer.” If the form you prefer isn’t about language but more about duration, Magnify’s Ken Ruck shares today one can, “edit automatically (and) create clips automatically.” Clients may recall our coverage of Conference Whispers: NAB Show 2023 when automated shorts were first highlighted.

One of the most treasured advancements is that of workflow automation. As Eon Media’s Greg Morrow stated, “workflow automation to improve the efficiency of a media organization in order for the people in the organization to create higher value content and less of the drudgery work.” In other words, AI can transform Media and Entertainment by enabling all to do more with less. But if you are worried about your job, Cinnafilm’s Dom Jackson assured, “strangely ultimately people always end up having jobs they’re different jobs but people always end up with plenty of work.”

Related playlists
1. Whisper Report: How can AI and machine learning transform media and entertainment?
2. Conference Whispers: NAB Show 2025
Corporate Headquarters

2884 Grand Helios Way

Henderson, NV 89052

©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.
May 29, 2025