Published to clients: November 20, 2025 ID: TBW2107
Published to Readers: November 21, 2025
Whisper Email Release:
Public Release Date:
Analyst(s): Dr. Doreen Galli
Photojournalist(s): Dr. Doreen Galli
Abstract:
“This Whisper Report explores the most desired casino innovations identified at G2E 2025. Industry experts highlighted two key areas: operational improvements for casinos—such as seamless system integration and cross-platform play—and enhanced player experiences through biometric authentication, personalized VIP services, and engagement strategies. These insights reveal opportunities for transformation and differentiation in gaming technology.”
Whisper Report:What’s the biggest cybersecurity myth in 2025?
Published to clients: August 19, 2025 ID: TBW2090
Published to Readers: August 20, 2025
Whisper Email Release: TBD
Public and Video Release: TBD
Analyst(s): Dr. Doreen Galli
Photojournalist(s): Dr. Doreen Galli
Abstract:
This Whisper Report identifies eight persistent cybersecurity myths in 2025, from the belief that threats can be fully stopped to misconceptions about AI’s role in security. Experts from Black Hat USA 2025 clarify that resilience, strategic investment, adaptive training, and human oversight remain essential. AI is powerful but not a plug-and-play solution, nor a replacement for human judgment. Understanding these myths helps organizations build more realistic, effective cybersecurity strategies.
We took the most frequently asked and most urgent technology questions straight to the Cybersecurity professionals gathering at Black Hat USA 2025 held in Las Vegas. This Whisper Report addresses the question regarding what’s the biggest cybersecurity myths in 2025? Figure 1 displays the eight cybersecurity myths we uncovered we will now discuss.
MYTH 1: We can Stop all Threats
The first myth comes from Trustmi’s Corey Sienko and is that “we can stop every single threat from entering the organization” This may come as a surprise to some executives particularly those outside of cybersecurity but the expression used is always when not if you have an incident. No Need to fret, Trustmi’s Corey Sienko continues. “It’s about how do we respond to those threats and make sure that we protect the organization from losing valuable information and cards.” I believe all appreciate that clarification. Cybersecurity involves defense but it is also a game all about preparation for when and resiliency after. This topic is further discussed in Conference Whispers: Black Hat USA 2025.
Cymulate’s Avihai Ben Yossef brings us myth number two, “The more money you spend on cyber security the more protected you are.” Ben goes on further to explain. “I think in order to really be protected in cyber security from cyber attacks is by actually knowing what you need to do in order to make sure you are protected and when once you know that you don’t need to spend too much money you need to spend you know a very focused amount of money in what matters most.” If you are surprised by this, you really need to book an inquiry with TBW Advisors so we can help you review your cybersecurity strategy. Additional research regarding critical observations on cybersecurity spend can be found in the keynote covered within Conference Whispers: Identiverse 2024.
Cybersecurity Myth number three comes to use from Dune Security’s David DellaPelle. “Security awareness training is improving readiness and reducing risk. Security awareness training is dead.” Intrigued? Let’s hear more from David. “Security awareness training as it exists today, meaning legacy security awareness training technologies are not effective at reducing risk and create friction and an adversarial relationship between the security organization and the end users. The problem is if you think about a doctor who is looking to solve a patient’s problem, the first thing they would do is take in a lot of data and run tests to exclude the possibilities. They quantify the risk before they prescribe a medicine or a surgery. And so if there’s a security awareness training solution that doesn’t automatically provide uh user adaptation, it’s uh it’s kind of falling flat on its face. Every piece of security control or adaptation should be relevant to the individual user’s risk profile and that training or that security measure should be applied automatically based on the risk profile.” Training employees only on what that specific employee personally need to get better at? Sounds optimized.
Bringing us cybersecurity Myth 4 is StrikeReady’s Alex Lanstein. “AI is going to replace humans.” Alex further clarifi:ed, “AI is always going to augment humans. Anybody who’s ever leveraged any AI system, any generative AI system. You see that it makes mistakes. Sometimes those mistakes are obvious, sometimes they’re subtle. And no one is ever going to turn anything over to an AI when it’s making such obvious or subtle mistakes without a human in the loop.” Or as Elastic Security’s James Spiteri further explained, “we’re thinking about this fully autonomous security operations team. I don’t think that’s going to happen. I don’t think even think it’s the right approach to think about these things. AI and agents are phenomenal, but they are the perfect compliment to humans. They’re not they’re not there to replace humans. They’re there to make humans lives better. eliminate the stuff that humans don’t want to do and let humans do the fun things like make people excited about wanting to work in cyber and that’s what the AI is allowing us to do.”
of my agents, and his name is Ralph. Ralph, can you answer the question as you see it in our world view? What’s the biggest cyber security myth here in 2025? Absolutely, Brian. Happy to jump in here. So, from our perspective, the biggest cyber security myth of 2025 is probably the idea that AI is just a plug-and-play solution, that it’s kind of a one-size fits-all magic bullet.” Ralph and Brian went on to further explain, “In reality, the myth is that AI will handle everything securely on its own. But the truth is it needs a lot of oversight, a lot of transparency, and people often underestimate the complexity inside the machine. So that’s the big myth that AI is just simple and straightforward when really it’s a lot more nuanced. And that’s my take. Uh I would add my answer. I would extend onto yours is I agree, but um I’m used to systems that have access controls, authentication controls, and audit. Uh inside the black box, we don’t have any of them. Once I log in and I authenticate, it’s a wild wild west. That has to change. Immutable logs within the system is probably something that’s going to happen at some point. Uh or some other unique uh solutions to the problem.”
Interestingly, Ariful Huq from Exaforce observed a similar concern. “Trying to build an LLM wrapper is what I call it without really understanding the data related to the problems that you’re trying to solve. LLMS can only get you so far, right? They are large language models and summarization and contextualization but at the end of the day if you want to solve problems related to say detections investigations LLMS can only get you so far right you really need to go back to the data go back to the fundamentals and then layer on a large language model on top of it to solve some of the problems that around like you know summarization um you know building agent workflows.” In other words, solutions are custom crafted – NOT plug and play.
Checkmarx’s Jonathan Rende brings us Myth 6, “AI generates secure code.” That myth should grab the attention all organizations leveraging coding agents to quickly advance their product. Jonathon continues, “It doesn’t. It doesn’t. And it will probably get better over time. And will it do a better job than a junior developer in simple mistakes that can cause vulnerabilities? Heck yeah, of course it will. But for the more complex issues, it’s not there yet. AI is not there yet.”
Let’s hear Myth 7 from Booli’s Joe Schorr, “the biggest cyber security uh myth is that AI is actually going to solve everything.” Joe went on to further explain, “I think if you judiciously apply AI, machine learning and very discreet task and things, it’s fantastic. I think it’s being overblown quite a bit right up at the myth level. I think that if you treat it like we treat it in Booli, we’ve got AI built in, but we don’t publish it all over everything we’ve got, but we treat it kind of like an idiot savant. It’s it does one to ask really well or does a discrete set to ask really well. It may not actually behave well in church, but you can get it to do what you want for something very very specific, which is how we do it. I think the myth is that AI is going to solve everybody’s problems.” Brian Sledge of imPAC also believes that AI will solve everything is a myth. “I think AIis best positioned more like a forcemultiplier, but I don’t think it solvesthe problems, the core problems of cybersecurity today. Um cyber security stillrequires context. It requirespolicy driven control and those thingsstill require human in the loop. And Ithink the best way to leverage AI isn’t so much in solving for cyber security,but it’s more for helping multiply andscale out what humans still need andwe’re required to do. So I don’t think Idon’t think customers should sleep onthe idea that humans still need to be very much engaged as part of cyber security. Because cyber security AIis only as good as the algorithms andthe models and the data it’s getting.” Thus believing in 2025 AI will solve everything is a stretch but will it solve something?
Microsoft’s Thomas Roccia brings us Myth 8. “right now I think most people in in the industry in the security industry doesn’t yet believe in this technology (AI) and that’s maybe one of the one of the myths that AI will not really solve issue in cyber security. We have and I think that’s a mistake it’s probably something which is changing the way we are doing and all the past work that we did for the past 20 or 30 years uh is going to be changing and evolving thanks or because to AI so that’s something to consider.” Thus, while it may not solve everything today, it is changing how the industry works and what it is fighting against.
*When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other examples products in the same category may have also been on display.
“Recent advancements in decentralized identity include passwordless authentication, time-bound credentials, and dynamic identity chaining. These innovations reduce risk, improve privacy, and enhance user control. Separation of authentication from authorization enables more precise access management. One-way functions protect biometric data in cloud environments. Emerging standards like SPIFFE and CSA’s agentic identity frameworks offer scalable, interoperable solutions. Together, these developments support secure, flexible identity ecosystems without relying on centralized authorities.”
“Organizations can implement zero-trust security without disrupting user experience by prioritizing frictionless authentication, especially biometrics, and enforcing least-privilege access through dynamic policies. Understanding user context and behavior enables informed decisions that preserve continuity. Self-service access tools reduce delays, while streamlined verification processes minimize frustration. With thoughtful planning and clear communication, zero trust can enhance both security and usability, ensuring users access only what they need—when they need it—without unnecessary barriers. This report includes insights from executives and technologists at CyberSolve, Lumos, Imprivata, Simeio, Panani, Keyless, Oasis, Apono, Omada, and Cubeless, quoted throughout the discussion.”
Target Audience Titles:
Chief Information Security Officer, Chief Technology Officer, Chief Digital Officer, Chief Information Officer
Chief Product Officer, Chief Experience Officer
IAM engineers, Security Architects, DevSecOps Engineers, UX Designers, IT Ops Managers, Application Security Architects
Key Takeaways
Use biometric authentication to streamline access and reduce friction for users.
Apply least-privilege policies with dynamic adjustments to maintain secure, appropriate access.
Enable self-service access changes to minimize delays and improve user experience.
Understand user context and behavior to make informed, non-disruptive security decisions.
How can organizations implement zero-trust security without disrupting user experience?
We took the most frequently asked and most urgent technology questions straight to the Technologists gathering at Identiverse 2025 held at Mandalay Bay in Las Vegas. This Whisper Report addresses the question regarding how can organizations implement zero-trust security without disrupting user experience?
What is the desired user experience?
At the end of the day, the goal is, as Imprivata’s Diron Chai put it, “authentication and visibility and control to making sure that you know the right people are accessing the data whether remotely or within the organization in terms of their role and their functionality and then be a being able to understand who’s in the system when and why that all ladders up to a zero-trust architecture that we’re able to bring forth in a full architecture.” Reaching this goal won’t be easy but as Simeio’s Octavio Lopez emphasized, “There’s a lot of communication that needs to happen and that’s something that we help a lot of our customers with.” A lot of communication and planning with the customers’ experience kept in mind. Here are five suggestions attendees at Identiverse offered also depicted in Figure 1.
1. Go Frictionless with Bio
One common suggestions to deploy biometric based identity and access management solution. As Panani’s Jim Harris suggested, “make the authentication of your customer as frictionless as possible a one-time identity verification process establishes that customer in the future they present a simple credential match their biometric information to the information stored in the credential that they own and control making it a very frictionless fast way to authenticate with your customer.” And this is something Alex Jones from Keyless can also agree with! “going to pitch biometrics this is the fastest way to prove who you are effectively implementing zero trust.”
2. Understand User Context
Guy Feinberg at Oasis suggests that understanding the user context is the winning approach. He started by simply asking “Are you familiar with the scream test?” For those of you not familiar, one not uncommon method in IT to understand how a resource, in this case an identity, is used by disconnecting or unplugging the resource and see who screams. Feinberg went on to further explain, “when you want to understand what’s this identity is used for so what you do you decommission it and just see who’s at the open space is screaming that something is broke. We do we help you construct all the context around the consumption of that identity so you can see the full picture before you’re taking actions so you’ll have informed actions deciding do we need this type of identity now uh should we change the permission should we decommissioning it completely all without disrupting the workforce and making sure that business continuity stays on and nothing is disrupted aspects of this.”
3. Understand User behaviour
Beyond the context of what the user is using, Imprivata’s Diron Chai recommends also understanding the how and the when. “ Being able to inject simple multifactor authentication into the environment at the local level also being able to track the behavior of credentials of people accessing like Windows endpoints as an example or mobile devices and be able to have the analytics to show utilization of the endpoint but also who what when was accessed within that session.”
4. Use Self-Service
To maintain the best user experience, Apono’s Ofir Stein recommends getting the human out of the loop. “you keep the user experience by allowing self-serve in your organization to provide access changes combine these two and you actually provide zero trust to all of the resources.”
5. Leverage Dynamic Policies
Omada’s Craig Ramsay highlighted the potential behind dynamic policies. “By using dynamic and continuous policies to make sure that their access is appropriate and it’s always at that level of least privilege and then it’s granted, when they join the organization, and as they move around the organization, and it stays appropriate.” It’s always nice when your privileges keep up with organizational changes – without human intervention or manual configuration.
In Conclusion
As Cubeless’ Treb Ryan concluded, “I find zero trust has greatly enhanced our user experiences and greatly made my job easier in the old days where there’s systems where you had to figure out which networks could connect or who would have access to what particular piece it was a nightmare.”
Finally Lumos’s Janani Nagarajan reminded all, “not just in the networking layer not just in the app layer but a critical layer for us is identities because that’s where the workforce the humans the employees the contractors the vendors your customers are actually interacting with the apps.” Identities is the key to minimizing friction for the users in zero trust. If your organization is implementing a zero trust architecture and want to ensure you are on the right track, remember to book an inquiry.
Publicly Published with video edition: August 18, 2025
Analyst(s): Dr. Doreen Galli
Photojournalist(s): D. Doreen Galli
Abstract:
Identiverse 2025 welcomed 3,300+ attendees to Mandalay Bay – nearly a 20% gain over 2024. Featuring 250+ sessions and 150 exhibits all on one floor, the event was smooth and accessible. Keynotes and sessions emphasized teamwork, resilience, and collaboration, while exploring AI in identity, decentralized credentials, and zero-trust implementation. Exhibitors showcased innovations from selfie-based authentication to intelligent access control and secrets vault cleanup. The shift from Aria to Mandalay Bay marked a new chapter for the expanding event, which returns to Mandalay Bay in 2026.
The Conference
Identiverse 2025 was held at Mandalay Bay Convention Center, a move from Aria in 2024. It hosted 3300 attendees, 250 sessions and 150 exhibitors.
Cautions
Friendly reminder: this research provides examples of what was shared with us at the event, not an evaluation, validation, or recommendation of the given technology.
TAGS
Identiverse 2025, digital identity, identity security, zero trust, AI in cybersecurity, decentralized identity, verifiable credentials, identity governance, privileged access management, IAM, IGA, cybersecurity conference, Mandalay Bay, authentication, biometrics, secrets management, SSO, MFA, ITDR, access control, enterprise security, digital trust, identity trends, identity innovation, conference highlights, tech expo, identity tech, identity solutions, cybersecurity trends, identity keynote, identity management
After over 53 videos, almost 200 minutes of content only 2 escalator rides, 30,000 steps and over 25 fact checks, our coverage of 2025 Identiverse ends. The event spanned 4 days, had over 250 speakers, 150 exhibits and with over 3300 attendees – 700 more registered over last year. Registration went very smooth with rarely any waiting time. Interestingly, we were informed many registered late. Executives realize that reducing risks and therefore related losses is a viable path to protecting profits in uncertain times. This year’s event took place at Mandalay Bay Convention Center, a change from Aria last year. Most enjoyed the conference taking place all on the same floor. It was great to see the conference grow and expand. Like all changes, there were the old timers yearning for the days when they all packed into too small rooms at Aria. Unfortunately, some of the sessions located physically further from Expo Hall reported some in person attendance challenges from those too tired to walk to the room. The event featured a full collection of meals. We were able to capture the Tuesday Seminar’s Lunch and the lunch on Wednesday in Expo Hall.
While at Identiverse, we conducted research for three additional forthcoming Whisper Reports for our clients. The playlists are unlisted but available and will eventually fill in with the video version of the report so you may wish to bookmark these playlists.
Readers and viewers wishing to experience the entire event are encouraged to view the Conference Whispers: Identiverse Playlist in its entirety. Once the video edition is available, the playlist will be sited as a pinned comment on the video edition. It is also easy to locate any previous Conference Whispers playlists through TBW Advisors Website under Subscribers research/Conference Whispers.
Identiverse is absolutely one of those events where regardless of the amazing session you choose, you are aware you are also missing an incredible session – or two. Fear of missing out was rampant. Fortunately, we were able to capture 53 videos for our clients and subscribers. The first Keynote featured John Pritchard, CEO of Radiant Logic. Titled, “Identity isn’t a solo Game” it drove home the message that one cannot succeed in identity without collaboration with the professionals around you throughout the organization and with others in the industry.
Another frequently referred to keynote featured the UK’s Hanna Rutter who is realizing their government digital identity solution. In her talk she spoke about the challenges of such a decentralized digital identity solution and how she is overcoming roadblocks on her path to success. A much in demand topic regarding identity challenges in the realm of AI was presented by Richard Bird. A tech talk held in the expo hall was hosted by Microsoft. Their tech talk covered the hot topic of ITDR, Identity threat detection and response.
Identity is a topic found not only in the expo halls of Identiverse, but was also seen in the halls of HIMSS, Fintech Meetup, Money 20/20 and ISC West just to name a few. What is interesting is the different manners of vendors describe their technology. At ISC West, vendors in the expo hall spoke in terms of a solution. They would always emphasize the PII information is not on the badge, rather a hash of the biometric data which enables verification is provided instead. While this was not clarified on the videos at Identiverse, the vendors later disclosed the same technical approach that was taken on the technology captured at Identiverse. If you are seeking a tap-in to sign-in on a shared device for your organization, Imprivata was in the expo hall with their solution. If you would like to verify the customer requesting the high-risk transaction is the same customer who signed up for the account, Panani shared their technology. Keyless offers a solution to authenticate high risk actions with a selfie. If you are an engineer developing a solution and need the capability to onboard customers, no need to start at square one! PropelAuth provides an out of the box identity capability you can add on to your solution to onboard customers! Seeking to manage your remote teams and seeking a cost effective out of the box solution to provide SSO and MFA? Cubeless shared their free and easy SSO and MFA solution made for you.
Is managing privileges gotten to be too much for you and your organization? Apono Unified Access Management is an intelligent solution that aims to provide just enough just in time privilege for human and non-human-identities (NHI). Oasis goes one step further in managing AI Agents’ Identity, provisioning, deprovisioning and cleaning up stale accounts. Are your coders overwhelmed trying to identity what secrets vault to use so they land up hardcoding the secret? Is your organization suffering from identity vault sprawl? GitGuardian was on hand with their solution that can assist you in identifying and remediating secrets vault sprawl.
Expo hall also featured quite a few IGA (identity governance and administration) and PAM (privileged access management) platforms. Omada captured their 25-years’ IGA experience into a free best practice framework. This framework includes use cases and related configuration recommendations for their platform, Omada Identity Cloud. Lumos shared their agentic AI autonomous IGA solution. This solution can even recommend what privileges a new employee should get based on their role and department. If you have a small but complex environment, Clarity Security has an IGA solution targeted at your organization.
Keeper Security shared their zero-knowledge identity solution for endpoints. Their solution is referred to as zero knowledge as the customer’s data is encrypted on the endpoint with the customers key; meaning, Keeper Security has no access to customer data whatsoever. Bridgesoft shared their complete identity platform that also can adapt and include any components that may already exist in your environment. Specializing at the start of the process, CyberSolve helps organizations commence new identity programs. Looking for IAM services across the portfolio? Simeio was on site there to offer guidance. Clients are reminded to schedule an inquiry to review the current state of your identity program. If you are seeking to expand it or modernize it, we will produce an inquiry plan to guide you along the journey even if you are working with an outsource provider or consultant.
Identiverse will once again be held at Mandalay Bay Convention Center June 15-18, 2026.
*When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other examples products in the same category may have also been on display.
To navigate evolving fintech regulations, experts at Fintech Meetup 2025 emphasized three key strategies: staying engaged with the field and regulatory agencies, structuring well architected stable solutions, and leveraging AI or Copilots. Together these proactive approaches help fintech firms stay ahead of regulatory shifts while maintaining security and efficiency.
Target Audience Titles:
Chief Technology Officer, Chief Security Officer, Chief Information and Security Officer, Chief Trust Officer, Chief Compliance Officer, Chief Risk Officer
Head of Product, VP of Product, Chief Marking Officer, Data Protection Officer, Director of Data Protection
Enterprise Architect, Director of Data Governance, Chief Privacy Officer, Head of IT Audit
Key Takeaways
Today’s security breaches are the source of tomorrow’s regulations.
Security cannot be an afterthought; it must be planned from the beginning.
Leverage AI and Copilots that are integrated with your processes to aid employees.
We took the most frequently asked and most urgent technology questions straight to the Fintech experts gathering at Fintech Meetup 2025. This Whisper Report addresses the question regarding how can we ensure compliance with evolving regulations? As Socure’s Matt Thompson shared, “I don’t think it’s enough in this space to be a passive Observer or responsive or reactionary to regulations, there’s a lot of Evolution right now happening.” Figure 1 shares three actions you can take to conquer evolving regulations.
One of the best actions an organization can take to stay on top of regulations is to stay engaged and in touch with the real world. First, real world happenings such as hacks define future regulations. As SecurityMetrics Matt Cowart shared, “QSA (Qualified Security Assessor) is really going to help you understand where you’re sitting at and as they are informed with the evolutions of technology and all the advances that are going on having them connected with real world teams.” Or as Matt Thompson of Socure suggested, “staying engaged with the regulators and the development of the regulations themselves.” If you know what the regulators are working on in draft, you will not be surprised when it becomes law. Keep in mind the reach of the company determines what exact regulators and what specific regulations apply. As OnFido’s Marie Millick shared, “we have a team of subject matter experts that are constantly researching. We also collaborate with the same team that works with interpole around everything around data privacy and identity.”
Many suggest the best way to be prepared for evolving scenarios of all types is to start with a robust and secure foundation. As Onbe’s Tony McGee shared, “our company is fully audited, fully solutioned and architected to protect the data.” This architecture doesn’t act alone but is complimented with strong processes. Tony McGee further explained, “ensuring that we build in the processes to make sure that every step of the way is a compliant one.” Together architecture and processes form a robust foundation. This robust foundation enables Onbe to ensure, “that the consumer understands all the fundamentals of the payout.”
Any clients at this phase should schedule an inquiry to receive guidance. We will set up a plan of inquiries during your journey to give you any guidance we may have or can gather to assist you. The plan should capture milestones including but not limited to strategy reviews, presentation reviews, and even architecture reviews.
Today, we are no longer left with antiquated tools. As Thetaray’s Adam Stuart pointed out, “the traditional rule-based systems you have to know what you’re looking for to build that rule but if you don’t know what you’re looking for and you’re looking for these new patterns and behaviors that people are using you can’t do that with the simple rule base which is why cognitive AI is such an important feature to include.” In other words, in addition to keeping up to date and starting with a solid foundation, the tool itself contributes to identification of potentially troubling patterns. Interface.ai’s Connor Tullilus draws us a picture of what this is like in the real world. “To be able in real time have a co-pilot AI assistant sitting behind the scenes to assist them in the day-to-day operations. One in real time being able to update your policies procedures while (two) being able to (use) the AI assistant hooking up with your current knowledge bases your share.”
*When vendors’ names or quotes are shared as examples in this document, it is to provide a concrete example of what was on display at the conference or what we heard doing our research, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document.
The 2024 Fintech Meetup experienced a 25% increase in size, featuring over 50,000 one-on-one meetings. Key areas of interest included development environments, product connectors, customer engagement solutions, and ACH payment simplification. Risk management and compliance were significant themes, with solutions for identifying threats, ensuring regulatory adherence, and verifying new clients. Identity verification and fraud prevention were also highlighted. Global risk decisioning platforms and extensive marketplaces were showcased, along with solutions for digital payouts, gift cards, and depositor retention.
The Conference
Fintech MeetUp 2025 was held in Las Vegas, Nevada and had just over 5,000 registered attendees including over 1000 CEOs, with diverse collection of exhibiting companies. Over 50,000 one-on-one meetings were also scheduled.
Cautions
It is critical you keep up to date with the deadlines as the MeetUp approaches to get the maximum networking from the MeetUp. If you registered in the last month before the event, you are already too late to participate in the meetups.
The event explicitly did not want any of the sponsored keynotes to be recorded or amplified. Sponsors should keep this in mind if they want any attention outside of those able to make it in-person those exact days.
Having covered Fintech Meetup in 2024, we knew what to expect from the meetups. As you can feel in the energy of the event, it was about 25% larger than last year. This year featured over 50,000 of their infamous one-on-ones – just be sure you register and get your information in early if you want to participate. Our coverage this time focused on the expo hall. In addition, we were able to conduct research for three forthcoming Whisper Reports for our clients. The playlists are unlisted but available and will eventually fill in with the video version of the report so you may wish to bookmark these playlists.
Regardless of your role or fintech need, there was likely a vendor in that specific fintech space. Developers had Gitlab providing an environment to develop solutions from ideas, through the entire software development lifecycle to production. Creating a solution that requires that is required to connect to various products in the fintech space? Merge shared their vast collection of product connectors regardless of development or integration technique. Perhaps you are specifically focused on improving your customer engagement. Interface.ai provides an agentic AI solution designed exclusively for credit unions and community banks to engage with their customers. If the interface you are most concerned with is ACH payments, Trustly can simplify ACH payments and comes with a side of risk management.
Money makes the world go around so risk management will always be a significant area of focus within Fintech. A cognitive AI solution to identify missing threats, Thetaray seeks to find troubling patterns before an organization is compromised. More concerned with compliance? Security Metrics shared their capabilities for ensuring compliance not only with FinTech but also Healthcare and other regulated industries. Focused on compliance, and fraud and perhaps but also must increase your customer conversion rate? OnFido shared their combination solution that enables organizations to quickly and correctly verify potential new clients. The risk profile is configurable depending on the specific needs of a given organization at a given time.
If identity is an area of interest in your organization, TBW Advisor’s research, Conference Whispers: Identiverse is a must read. The identity space also featured quite a few vendors in the identity space. During an exclusive interview, Intellicheck told us about their exclusive access to the data required to strongly identify drivers’ licenses from USA or Canada. If you prefer to leverage phone intelligence, Prove previously covered at Money 20/20, shared an update to their solution that now goes beyond leveraging the chip in the phones. For Fraud, prevention is always better than detection, Aries Fraud Solutions is all about prevention achieved by leveraging different numbers on the card versus the strip. In the area of risk decision and fraud detection, it is also worth to evaluate the extensive offering by Socure with an active customer base across 20 different verticals.
For various solutions, it is frequently not only about what it can do, but how extensive globally is their coverage? Provenir informed TBW Advisors that their global risk decisioning platform is available in 60 countries serving anything from Tier 1 providers all the way to SMBs. It is a multi-component platform offering a marketplace in 120 categories. On the topic of marketplaces, MoneyLion shared their extensive offering with over 800 3rd party products serving 20+ million consumers and as well as the engine behind the largest enterprise fintech customers.
The B2C dimension is always a challenging dimension for payouts. Whether it is payouts for the workforce, or refunds, Onbe’s solution is bringing clients into the digital age. If you are focused more on gift cards, Incentive.AI can create customer solutions to fit your needs. Finally, an interesting solution to help retain depositors was shared by Wysh. Wysh enables financial institutions to offer free life insurance to customers based on deposit values.
While this year’s event was held at the Sands Convention Center of the Venetian, next year’s event will be at Mandalay Bay. The event will be held March 30-April 1, 2026.
After over 1500 minutes of recording and 14 escalator rides, and some 35 factchecks, our coverage of 2024 Identiverse comes to a close. Identiverse was at Aria Hostel in Las Vegas from May 28-31. It is the premier event for identity professionals. It spans 4 days, 250 speakers on over 100 topics, 150 exhibitors and 3000 onsite attendees. Attendees witnessed endless examples of identity and privacy solutions including many jokes about SAML (it is NOT dead), examples of passwordless as well as talks about the value of identity.
After over 1500 minutes of recording and 14 escalator rides, and some 35 factchecks, our coverage of 2024 Identiverse comes to a close. Registration for the four-day event kicked off after the long holiday weekend. The event featured 250 speakers on over 100 topics, 150 exhibitors and 3000 onsite attendees. There was so much packed in it was impossible to catch all of the exhibits. They had sessions in the Joshua rooms as well as Marisopa rooms. Opening day was then capped by a mighty keynote featuring John Whelan, President of the Cyber Risk Alliance and Andre Durand, CEO of Ping Identity and Founder of the Identiverse Conference. The event provided food for the attendees. We were able to capture breakfast Wednesday. The attendees did explicitly find me to let me know they were disappointed with the breakfast due to the lack of protein. I do understand the Microsoft Breakfast did feature sufficient protein. Many attendees complimented the lunch which was served Wednesday as well as on Thursday. The exhibits* were open on Wednesday after the opening keynote. They were spread between two large rooms across from each other.
As one might expect, Identiverse is all about identity. Much to my delight, an entire panel was presented on confidential computing. Confidential computing strength lies in multiparty computations among untrusted parties – something that occurs in the identity space quite often. The session immediately following was on digital identity where they pondered how one could achieve such an exchange – unfortunately those panelists did not attend the Confidential session. On the digital ID panel, it was exciting to see that California is live with a digital driver’s license. Many are still trying to get their real id into their wallet! Australian Bank was on stage for a keynote making the case for the Bank ID. Admittedly this talk created a bit of déjà vu to the days in the bid to become primary certificate authorities. There is no shortage of information to make the business case to adopt passwordless for your organization.
Thursday morning’s keynote concluded with the Power of Passwordless sign-on. This session includes a number of guest speakers from the FIDO Alliance, Clarkson University, Bank of America and Amazon. The net result is that companies love it, their customers are more engaged, and the security posture is improved. Numerous examples of passwordless solutions were shown in the exhibits. AllAUthenticate shared their passwordless solution. Bringing blue collar workers who need to punch in and out into this century, Bio-Key displayed their product leveraging MFA Mellon RFID. If you would prefer your identity solution to eliminate any and all standing privileges, SGNL can get you there and help you stay in that security posture. Zluri is available to handle access control for all SaaS solutions. Aserto is an identity service that considers policy and relationship-based access control. If your service accounts are your pain point or you don’t even know how many you have of what – a start-up just out of stealth mode called Anetac may be someone you want to evaluate. If your organization’s problem is more about non-human identity issue, Natoma can assist in provisioning, deprovisioning and maintenance of non-human IDs. The word of the conference was service and non-human IDs is an area exploding with a reported over a dozen just announced at RSA.
Google hosted an entire detailed workshop on Google Sign-On, Passkey and the use of FedFCM to deal with 3rd party cookies. It was exciting to see they are working to push privacy forward with browser.
An attention-grabbing keynote Thursday morning alerted to the Darkside of identity. Reminding all that identity is the most common entrance point for the uninvited. Another keynote reminded all attempting to forge a path in identity, that the most important thing is to just get going! Furthermore, pay attention to the point of no return. Identity and security are all about depth of defense, spend the effort when there is a big payout. Do not insist on 100% for each program as the last percentages take resources without improving security posture. It is far better to find a new program that will affect the remaining identities with the remaining resources.
One often too difficult aspect of identity is customer onboarding. To that end, Strivacity specializes in the end user aspect of identity. If you challenge is too many identity services and you are having difficulty getting a complete picture, TenableOne provides a unified dashboard to see the entire threat attack surface. If your difficulty is all about connecting identity platforms to other sources and targets, Aquera Platform provides identity connector along with automation and governance in their solution. Saviynt provided a demonstration of their identity cloud with a visual display. RSA Shared their Unified Identity platform that is available on prem or in cloud for SAS saps as well as supporting SAML. Radiant Logic also provides an identity middleware heavily focusing on the data and metadata of identity. This point was also shared during John Pritchard of Radiant Logic’s keynote.
There were options if one is seeking assistance with their identity solutions. AOH offers identity consulting spanning assessment, architecture, execution and maintenance. ProofID offers global managed identity services and are key partners with many of the top identity technology providers such as PING Identity.
Cisco provided an in-depth workshop on defining and building an identity graph. It was very insightful, and the audience was glued to the screen. What caught our eye was the end when they said, “look at that picture – you know what that means. You know what that means you are supposed to do” Even in 2019 when I was at Gartner, augmented intelligence was present so hearing, “look at the picture” was surprising. More commonly is generative AI incorporated so it suggested actions based upon what is seen. Fortunately, Microsoft was there to bring it all back to 2024. There was an Microsoft Entra deep-dive by Nichole Peterson as well as a Microsoft Entra with Co-pilot demo that allowed attendees to zoom back to 2024.
Next year’s Identiverse is held June 3-6, 205. Furthermore, next year’s conference will be at Mandalay Bay.
*When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other examples products in the same category may have also been on display.
