TBW ADVISORS LLC

Tag: Identiverse

  • Whisper Report: What’s the biggest cybersecurity myth in 2025?

    Whisper Report: What’s the biggest cybersecurity myth in 2025?

    Whisper Report: What’s the biggest cybersecurity myth in 2025?

    Published to clients: August 19, 2025               ID: TBW2090

    Published to Readers: August 20, 2025

    Whisper Email Release: TBD

    Public and Video Release: TBD

    Analyst(s): Dr. Doreen Galli

    Photojournalist(s): Dr. Doreen Galli

    Abstract:

    This Whisper Report identifies eight persistent cybersecurity myths in 2025, from the belief that threats can be fully stopped to misconceptions about AI’s role in security. Experts from Black Hat USA 2025 clarify that resilience, strategic investment, adaptive training, and human oversight remain essential. AI is powerful but not a plug-and-play solution, nor a replacement for human judgment. Understanding these myths helps organizations build more realistic, effective cybersecurity strategies.  

    What’s the biggest cybersecurity myth in 2025?

    We took the most frequently asked and most urgent technology questions straight to the Cybersecurity professionals gathering at Black Hat USA 2025 held in Las Vegas. This Whisper Report addresses the question regarding what’s the biggest cybersecurity myths in 2025? Figure 1 displays the eight cybersecurity myths we uncovered we will now discuss.

    8 myths of cybersecurity in 2025: We can stop all threatas. The more money you Spend, the more protected you are. Security awareness training is dead. AI is going to replace humans. AI is plug and play. AI generates secure code. AI will solve everything. AI will not solve issues in Cybersecurity

    MYTH 1: We can Stop all Threats

    The first myth comes from Trustmi’s Corey Sienko and is that “we can stop every single threat from entering the organization” This may come as a surprise to some executives particularly those outside of cybersecurity but the expression used is always when not if you have an incident. No Need to fret, Trustmi’s Corey Sienko continues. “It’s about how do we respond to those threats and make sure that we protect the organization from losing valuable information and cards.” I believe all appreciate that clarification. Cybersecurity involves defense but it is also a game all about preparation for when and resiliency after. This topic is further discussed in Conference Whispers: Black Hat USA 2025.

    MYTH 2: The more money you spend the more protected!

    Cymulate’s Avihai Ben Yossef brings us myth number two, “The more money you spend on cyber security the more protected you are.” Ben goes on further to explain. “I think in order to really be protected in cyber security from cyber attacks is by actually knowing what you need to do in order to make sure you are protected and when once you know that you don’t need to spend too much money you need to spend you know a very focused amount of money in what matters most.” If you are surprised by this, you really need to book an inquiry with TBW Advisors so we can help you review your cybersecurity strategy. Additional research regarding critical observations on cybersecurity spend can be found in the keynote covered within Conference Whispers: Identiverse 2024.

    MYTH 3: Security awareness training is dead!

    Cybersecurity Myth number three comes to use from Dune Security’s David DellaPelle. “Security awareness training is improving readiness and reducing risk. Security awareness training is dead.” Intrigued? Let’s hear more from David. “Security awareness training as it exists today, meaning legacy security awareness training technologies are not effective at reducing risk and create friction and an adversarial relationship between the security organization and the end users. The problem is if you think about a doctor who is looking to solve a patient’s problem, the first thing they would do is take in a lot of data and run tests to exclude the possibilities. They quantify the risk before they prescribe a medicine or a surgery. And so if there’s a security awareness training solution that doesn’t automatically provide uh user adaptation, it’s uh it’s kind of falling flat on its face. Every piece of security control or adaptation should be relevant to the individual user’s risk profile and that training or that security measure should be applied automatically based on the risk profile.” Training employees only on what that specific employee personally need to get better at? Sounds optimized.

    MYTH 4: AI Is going to replace Humans

    Bringing us cybersecurity Myth 4 is StrikeReady’s Alex Lanstein. “AI is going to replace humans.”  Alex further clarifi:ed, “AI is always going to augment humans. Anybody who’s ever leveraged any AI system, any generative AI system. You see that it makes mistakes. Sometimes those mistakes are obvious, sometimes they’re subtle. And no one is ever going to turn anything over to an AI when it’s making such obvious or subtle mistakes without a human in the loop.”  Or as Elastic Security’s James Spiteri further explained, “we’re thinking about this fully autonomous security operations team. I don’t think that’s going to happen. I don’t think even think it’s the right approach to think about these things. AI and agents are phenomenal, but they are the perfect compliment to humans. They’re not they’re not there to replace humans. They’re there to make humans lives better. eliminate the stuff that humans don’t want to do and let humans do the fun things like make people excited about wanting to work in cyber and that’s what the AI is allowing us to do.”

    MYTH 5: AI is plug and play

    Brian Mehlman and his AI Agent from Cyber Innovate bring us Myth 5.  “I’m actually here with one

    of my agents,  and his name is Ralph. Ralph, can you answer the question as you see it in our world view? What’s the biggest cyber security myth here in 2025? Absolutely, Brian. Happy to jump in here. So, from our perspective, the biggest cyber security myth of 2025 is probably the idea that AI is just a plug-and-play solution, that it’s kind of a one-size fits-all magic bullet.” Ralph and Brian went on to further explain, “In reality, the myth is that AI will handle everything securely on its own. But the truth is it needs a lot of oversight, a lot of transparency, and people often underestimate the complexity inside the machine. So that’s the big myth that AI is just simple and straightforward when really it’s a lot more nuanced. And that’s my take. Uh I would add my answer. I would extend onto yours is I agree, but um I’m used to systems that have access controls, authentication controls, and audit. Uh inside the black box, we don’t have any of them. Once I log in and I authenticate, it’s a wild wild west. That has to change. Immutable logs within the system is probably something that’s going to happen at some point. Uh or some other unique uh solutions to the problem.”

    Interestingly, Ariful Huq from Exaforce observed a similar concern. “Trying to build an LLM wrapper is what I call it without really understanding the data related to the problems that you’re trying to solve. LLMS can only get you so far, right? They are large language models and summarization and contextualization but at the end of the day if you want to solve problems related to say detections  investigations LLMS can only get you so far right you really need to go back to the data go back to the fundamentals and then layer on a large language model on top of it to solve some of the problems that around like you know summarization um you know building agent workflows.” In other words, solutions are custom crafted – NOT plug and play.

    MYTH 6: AI Generates secure code

    Checkmarx’s Jonathan Rende brings us Myth 6, “AI generates secure code.” That myth should grab the attention all organizations leveraging coding agents to quickly advance their product. Jonathon continues, “It doesn’t. It doesn’t. And it will probably get better over time. And will it do a better job than a junior developer in simple mistakes that can cause vulnerabilities? Heck yeah, of course it will. But for the more complex issues, it’s not there yet. AI is not there yet.”

    MYTH 7: AI will solve Everything

    Let’s hear Myth 7 from Booli’s Joe Schorr, “the biggest cyber security uh myth is that AI is actually going to solve everything.” Joe went on to further explain, “I think if you judiciously apply AI, machine learning and very discreet task and things, it’s fantastic. I think it’s being overblown quite a bit right up at the myth level. I think that if you treat it like we treat it in Booli, we’ve got AI built in, but we don’t publish it all over everything we’ve got, but we treat it kind of like an idiot savant. It’s it does one to ask really well or does a discrete set to ask really well. It may not actually behave well in church, but you can get it to do what you want for something very very specific, which is how we do it. I think the myth is that AI is going to solve everybody’s problems.” Brian Sledge of imPAC also believes that AI will solve everything is a myth. “I think AIis best positioned more like a forcemultiplier, but I don’t think it solvesthe problems, the core problems of cybersecurity today. Um cyber security stillrequires context. It requirespolicy driven control and those thingsstill require human in the loop. And Ithink the best way to leverage AI isn’t so much in solving for cyber security,but it’s more for helping multiply andscale out what humans still need andwe’re required to do. So I don’t think Idon’t think customers should sleep onthe idea that humans still need to be very much engaged as part of cyber security. Because cyber security AIis only as good as the algorithms andthe models and the data it’s getting.” Thus believing in 2025 AI will solve everything is a stretch but will it solve something?

    MYTH 8: AI Will Not Solve Issues in Cyber Security

    Microsoft’s Thomas Roccia brings us Myth 8. “right now I think most people in in the industry in the security industry doesn’t yet believe in this technology (AI) and that’s maybe one of the one of the myths that AI will not really solve issue in cyber security. We have and I think that’s a mistake it’s probably something which is changing the way we are doing and all the past work that we did for the past 20 or 30 years uh is going to be changing and evolving thanks or because to AI so that’s something to consider.” Thus, while it may not solve everything today, it is changing how the industry works and what it is fighting against.    

    *When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other examples products in the same category may have also been on display.

    Related playlists and Publications

    1. Conference Whispers: Black Hat USA 2025
    2. Conference Whispers: Identiverse 2024.
    3. Conference Whispers: Identiverse 2025
    4. Whisper Report: What’s the biggest cybersecurity myth in 2025.

    Corporate Headquarters

    2884 Grand Helios Way

    Henderson, NV 89052

    ©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.

  • Whisper Report: What are the latest advancements in decentralized identity and verifiable credentials?

    Whisper Report: What are the latest advancements in decentralized identity and verifiable credentials?

    Published to clients: July 30, 2025                                        ID: 2085

    Published to Readers:July 31, 2025

    Whisper Email Release: TBD

    Video Edition Release: TBD

    Analyst(s): Dr. Doreen Galli

    Photojournalist(s): Dr. Doreen Galli

    Abstract:

    “Recent advancements in decentralized identity include passwordless authentication, time-bound credentials, and dynamic identity chaining. These innovations reduce risk, improve privacy, and enhance user control. Separation of authentication from authorization enables more precise access management. One-way functions protect biometric data in cloud environments. Emerging standards like SPIFFE and CSA’s agentic identity frameworks offer scalable, interoperable solutions. Together, these developments support secure, flexible identity ecosystems without relying on centralized authorities.”

    Analysis available only to clients at this time.

    Related playlists & References

    1. Whisper Report: How can organizations implement zero-trust security without disrupting user experience?
    2. Conference Whispers: Identiverse 2025
    3. Conference Whispers: Identiverse
    4. UK Identity Case Study Keynote
    5. CSA’s Publication, “Agentic AI Identity and Access Management: A New Approach”
    6. Conference Whispers: ISC West 2025
    7. SPIFFE

    Corporate Headquarters

    2884 Grand Helios Way

    Henderson, NV 89052

    ©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.

  • Whisper Report: How can organizations implement zero-trust security without disrupting user experience?

    Whisper Report: How can organizations implement zero-trust security without disrupting user experience?

    Published to clients: July 23, 2025                               ID: 2084

    Published to Readers: July 24, 2025

    Published to Email Whispers: TBD

    Video and public: TBD

    Whisper Email Release:  

    Analyst(s): Dr. Doreen Galli

    Photojournalist(s): Dr. Doreen Galli

    ABSTRACT:

    “Organizations can implement zero-trust security without disrupting user experience by prioritizing frictionless authentication, especially biometrics, and enforcing least-privilege access through dynamic policies. Understanding user context and behavior enables informed decisions that preserve continuity. Self-service access tools reduce delays, while streamlined verification processes minimize frustration. With thoughtful planning and clear communication, zero trust can enhance both security and usability, ensuring users access only what they need—when they need it—without unnecessary barriers.”

    Analysis available only to clients at this time.

    Related playlists & References

    1. Whisper Report: How can organizations implement zero-trust security without disrupting user experience?
    2. Conference Whispers: Identiverse 2025
    3. Conference Whispers: Identiverse
    4. Conference Whispers: Identiverse 2024

    Corporate Headquarters

    2884 Grand Helios Way

    Henderson, NV 89052

    ©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.

  • Conference Whisper: Identiverse 2025

    Conference Whisper: Identiverse 2025

    Published to clients: June 10, 2025                                       ID: TBW2083

    Published to readers: June 11, 2025                      

    Published to Email Whispers: August 18, 2025

    Publicly Published with video edition: August 18, 2025

    Analyst(s): Dr. Doreen Galli

    Photojournalist(s): D. Doreen Galli

    Abstract:

    Identiverse 2025 welcomed 3,300+ attendees to Mandalay Bay – nearly a 20% gain over 2024. Featuring 250+ sessions and 150 exhibits all on one floor, the event was smooth and accessible. Keynotes and sessions emphasized teamwork, resilience, and collaboration, while exploring AI in identity, decentralized credentials, and zero-trust implementation. Exhibitors showcased innovations from selfie-based authentication to intelligent access control and secrets vault cleanup. The shift from Aria to Mandalay Bay marked a new chapter for the expanding event, which returns to Mandalay Bay in 2026.

    The Conference

    • Identiverse 2025 was held at Mandalay Bay Convention Center, a move from Aria in 2024. It hosted 3300 attendees, 250 sessions and 150 exhibitors.

    Cautions

    • Friendly reminder: this research provides examples of what was shared with us at the event, not an evaluation, validation, or recommendation of the given technology.

    TAGS

    Identiverse 2025, digital identity, identity security, zero trust, AI in cybersecurity, decentralized identity, verifiable credentials, identity governance, privileged access management, IAM, IGA, cybersecurity conference, Mandalay Bay, authentication, biometrics, secrets management, SSO, MFA, ITDR, access control, enterprise security, digital trust, identity trends, identity innovation, conference highlights, tech expo, identity tech, identity solutions, cybersecurity trends, identity keynote, identity management

    Conference Vibe

    After over 53 videos, almost 200 minutes of content only 2 escalator rides, 30,000 steps and over 25 fact checks, our coverage of 2025 Identiverse ends. The event spanned 4 days, had over 250 speakers, 150 exhibits and with over 3300 attendees – 700 more registered over last year. Registration went very smooth with rarely any waiting time. Interestingly, we were informed many registered late. Executives realize that reducing risks and therefore related losses is a viable path to protecting profits in uncertain times. This year’s event took place at Mandalay Bay Convention Center, a change from Aria last year. Most enjoyed the conference taking place all on the same floor. It was great to see the conference grow and expand. Like all changes, there were the old timers yearning for the days when they all packed into too small rooms at Aria. Unfortunately, some of the sessions located physically further from Expo Hall reported some in person attendance challenges from those too tired to walk to the room. The event featured a full collection of meals. We were able to capture the Tuesday Seminar’s Lunch and the lunch on Wednesday in Expo Hall.

    While at Identiverse, we conducted research for three additional forthcoming Whisper Reports for our clients. The playlists are unlisted but available and will eventually fill in with the video version of the report so you may wish to bookmark these playlists.

    1. Whisper Report: How can organizations implement zero-trust security without disrupting user experience?
    2. Whisper Report: What are the latest advancements in decentralized identity and verifiable credentials?
    3. Whisper Report: How can AI and behavioral analytics enhance identity security?

    Readers and viewers wishing to experience the entire event are encouraged to view the Conference Whispers: Identiverse Playlist in its entirety. Once the video edition is available, the playlist will be sited as a pinned comment on the video edition. It is also easy to locate any previous Conference Whispers playlists through TBW Advisors Website under Subscribers research/Conference Whispers.

    Keynotes and Sessions

    Identiverse is absolutely one of those events where regardless of the amazing session you choose, you are aware you are also missing an incredible session – or two. Fear of missing out was rampant. Fortunately, we were able to capture 53 videos for our clients and subscribers. The first Keynote featured John Pritchard, CEO of Radiant Logic. Titled, “Identity isn’t a solo Game” it drove home the message that one cannot succeed in identity without collaboration with the professionals around you throughout the organization and with others in the industry.

    Another frequently referred to keynote featured the UK’s Hanna Rutter who is realizing their government digital identity solution. In her talk she spoke about the challenges of such a decentralized digital identity solution and how she is overcoming roadblocks on her path to success. A much in demand topic regarding identity challenges in the realm of AI was presented by Richard Bird. A tech talk held in the expo hall was hosted by Microsoft. Their tech talk covered the hot topic of ITDR, Identity threat detection and response.

    Exhibits

    Identity is a topic found not only in the expo halls of Identiverse, but was also seen in the halls of HIMSS, Fintech Meetup, Money 20/20 and ISC West just to name a few. What is interesting is the different manners of vendors describe their technology. At ISC West, vendors in the expo hall spoke in terms of a solution. They would always emphasize the PII information is not on the badge, rather a hash of the biometric data which enables verification is provided instead. While this was not clarified on the videos at Identiverse, the vendors later disclosed the same technical approach that was taken on the technology captured at Identiverse. If you are seeking a tap-in to sign-in on a shared device for your organization, Imprivata was in the expo hall with their solution. If you would like to verify the customer requesting the high-risk transaction is the same customer who signed up for the account, Panani shared their technology. Keyless offers a solution to authenticate high risk actions with a selfie. If you are an engineer developing a solution and need the capability to onboard customers, no need to start at square one! PropelAuth provides an out of the box identity capability you can add on to your solution to onboard customers! Seeking to manage your remote teams and seeking a cost effective out of the box solution to provide SSO and MFA? Cubeless shared their free and easy SSO and MFA solution made for you. 

    Is managing privileges gotten to be too much for you and your organization? Apono Unified Access Management is an intelligent solution that aims to provide just enough just in time privilege for human and non-human-identities (NHI). Oasis goes one step further in managing AI Agents’ Identity, provisioning, deprovisioning and cleaning up stale accounts. Are your coders overwhelmed trying to identity what secrets vault to use so they land up hardcoding the secret? Is your organization suffering from identity vault sprawl? GitGuardian was on hand with their solution that can assist you in identifying and remediating secrets vault sprawl.

    Expo hall also featured quite a few IGA (identity governance and administration) and PAM (privileged access management) platforms. Omada captured their 25-years’ IGA experience into a free best practice framework. This framework includes use cases and related configuration recommendations for their platform, Omada Identity Cloud. Lumos shared their agentic AI autonomous IGA solution. This solution can even recommend what privileges a new employee should get based on their role and department. If you have a small but complex environment, Clarity Security has an IGA solution targeted at your organization.

    Keeper Security shared their zero-knowledge identity solution for endpoints. Their solution is referred to as zero knowledge as the customer’s data is encrypted on the endpoint with the customers key; meaning, Keeper Security has no access to customer data whatsoever. Bridgesoft shared their complete identity platform that also can adapt and include any components that may already exist in your environment. Specializing at the start of the process, CyberSolve helps organizations commence new identity programs. Looking for IAM services across the portfolio? Simeio was on site there to offer guidance. Clients are reminded to schedule an inquiry to review the current state of your identity program. If you are seeking to expand it or modernize it, we will produce an inquiry plan to guide you along the journey even if you are working with an outsource provider or consultant.

    Next Year’s Conference  

    Identiverse will once again be held at Mandalay Bay Convention Center June 15-18, 2026.

    *When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other examples products in the same category may have also been on display.

    TBW Advisors LLC Logo

    Corporate Headquarters

    2884 Grand Helios Way

    Henderson, NV 89052

    ©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.

  • Whisper Report: How can we ensure compliance with evolving regulations?

    Whisper Report: How can we ensure compliance with evolving regulations?

    Published to clients: May 6, 2025                                                                            ID: 2066

    Published to Readers: May 7, 2025  

    Published to Email Whispers: May 19, 2025

    Public with video edition: May 20, 2025

    Analyst(s): Dr. Doreen Galli

    Photojournalist(s): Dr. Doreen Galli

    Abstract:

    To navigate evolving fintech regulations, experts at Fintech Meetup 2025 emphasized three key strategies: staying engaged with the field and regulatory agencies, structuring well architected stable solutions, and leveraging AI or Copilots. Together these proactive approaches help fintech firms stay ahead of regulatory shifts while maintaining security and efficiency.

    Target Audience Titles:

    • Chief Technology Officer, Chief Security Officer, Chief Information and Security Officer, Chief Trust Officer, Chief Compliance Officer, Chief Risk Officer
    • Head of Product, VP of Product, Chief Marking Officer, Data Protection Officer, Director of Data Protection
    • Enterprise Architect, Director of Data Governance, Chief Privacy Officer, Head of IT Audit

    Key Takeaways

    • Today’s security breaches are the source of tomorrow’s regulations.
    • Security cannot be an afterthought; it must be planned from the beginning.
    • Leverage AI and Copilots that are integrated with your processes to aid employees.

    How can we ensure compliance with evolving regulations?

    We took the most frequently asked and most urgent technology questions straight to the Fintech experts gathering at Fintech Meetup 2025. This Whisper Report addresses the question regarding how can we ensure compliance with evolving regulations? As Socure’s Matt Thompson shared, “I don’t think it’s enough in this space to be a passive Observer or responsive or reactionary to regulations, there’s a lot of Evolution right now happening.” Figure 1 shares three actions you can take to conquer evolving regulations.

    Stay Engaged

    One of the best actions an organization can take to stay on top of regulations is to stay engaged and in touch with the real world. First, real world happenings such as hacks define future regulations. As SecurityMetrics Matt Cowart shared, “QSA (Qualified Security Assessor) is really going to help you understand where you’re sitting at and as they are informed with the evolutions of technology and all the advances that are going on having them connected with  real world teams.” Or as Matt Thompson of Socure suggested, “staying engaged with the regulators and the development of the regulations themselves.” If you know what the regulators are working on in draft, you will not be surprised when it becomes law. Keep in mind the reach of the company determines what exact regulators and what specific regulations apply. As OnFido’s Marie Millick shared, “we have a team of subject matter experts that are constantly researching. We also collaborate with the same team that works with interpole around everything around data privacy and identity.”

    Structure Solutions for Stability

    Many suggest the best way to be prepared for evolving scenarios of all types is to start with a robust and secure foundation. As Onbe’s Tony McGee shared, “our company is fully audited, fully solutioned and architected to protect the data.” This architecture doesn’t act alone but is complimented with strong processes. Tony McGee further explained, “ensuring that we build in the processes to make sure that every step of the way is a compliant one.” Together architecture and processes form a robust foundation. This robust foundation enables Onbe to ensure, “that the consumer understands all the fundamentals of the payout.”

    Any clients at this phase should schedule an inquiry to receive guidance. We will set up a plan of inquiries during your journey to give you any guidance we may have or can gather to assist you. The plan should capture milestones including but not limited to strategy reviews, presentation reviews, and even architecture reviews.

    Leverage AI and Copilots

    Today, we are no longer left with antiquated tools. As Thetaray’s Adam Stuart pointed out, “the traditional rule-based systems you have to know what you’re looking for to build that rule but if you don’t know what you’re looking for and you’re looking for these new patterns and behaviors that people are using you can’t do that with the simple rule base which is why cognitive AI is such an important feature to include.” In other words, in addition to keeping up to date and starting with a solid foundation, the tool itself contributes to identification of potentially troubling patterns. Interface.ai’s Connor Tullilus draws us a picture of what this is like in the real world. “To be able in real time have a co-pilot AI assistant sitting behind the scenes to assist them in the day-to-day operations. One in real time being able to update your policies procedures while (two) being able to (use) the AI assistant hooking up with your current knowledge bases your share.”

    *When vendors’ names or quotes are shared as examples in this document, it is to provide a concrete example of what was on display at the conference or what we heard doing our research, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document.

    Related playlists

    1. Conference Whispers: Fintech Meetup 2025
    2. Conference Whispers: Money 20/20 2024
    3. Conference Whispers: Identiverse 2024
    4. Q1: Fintech Meetup Playlist – How can we ensure Compliance with evolving regulations?

    Corporate Headquarters

    2884 Grand Helios Way

    Henderson, NV 89052

    ©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.

  • Conference Whispers: Fintech MeetUp 2025

    Conference Whispers: Fintech MeetUp 2025

    Las Vegas, NV March 10-13

    Published: March 17, 2025              ID: 2065

    Published to Readers: March 18, 2025

    Published to Email Whispers: June 25, 2025

    Analyst(s): Doreen Galli

    Photojournalist(s): Doreen Galli

    ABSTRACT:

    The 2024 Fintech Meetup experienced a 25% increase in size, featuring over 50,000 one-on-one meetings. Key areas of interest included development environments, product connectors, customer engagement solutions, and ACH payment simplification. Risk management and compliance were significant themes, with solutions for identifying threats, ensuring regulatory adherence, and verifying new clients. Identity verification and fraud prevention were also highlighted. Global risk decisioning platforms and extensive marketplaces were showcased, along with solutions for digital payouts, gift cards, and depositor retention.

    The Conference

    • Fintech MeetUp 2025 was held in Las Vegas, Nevada and had just over 5,000 registered attendees including over 1000 CEOs, with diverse collection of exhibiting companies. Over 50,000 one-on-one meetings were also scheduled.

    Cautions

    • It is critical you keep up to date with the deadlines as the MeetUp approaches to get the maximum networking from the MeetUp. If you registered in the last month before the event, you are already too late to participate in the meetups.  
    • The event explicitly did not want any of the sponsored keynotes to be recorded or amplified. Sponsors should keep this in mind if they want any attention outside of those able to make it in-person those exact days.

    Conference Vibe

    Having covered Fintech Meetup in 2024, we knew what to expect from the meetups. As you can feel in the energy of the event, it was about 25% larger than last year. This year featured over 50,000 of their infamous one-on-ones – just be sure you register and get your information in early if you want to participate. Our coverage this time focused on the expo hall. In addition, we were able to conduct research for three forthcoming Whisper Reports for our clients. The playlists are unlisted but available and will eventually fill in with the video version of the report so you may wish to bookmark these playlists.

    1. Whisper Report: How can we ensure compliance with evolving regulations?
    2. Whisper Report: What are the best practices for enhancing cybersecurity?
    3. Whisper Report: How can we build and maintain consumer trust in fintech solutions?

    Enjoy the entire playlist for Conference Whispers: Fintech Meetup 20205 to more fully experience the event.

    Plethora of FinTech!

    Regardless of your role or fintech need, there was likely a vendor in that specific fintech space. Developers had Gitlab providing  an environment to develop solutions from ideas, through the entire software development lifecycle to production. Creating a solution that requires that is required to connect to various products in the fintech space? Merge shared their vast collection of product connectors regardless of development or integration technique. Perhaps you are specifically focused on improving your customer engagement. Interface.ai provides an agentic AI solution designed exclusively for credit unions and community banks to engage with their customers. If the interface you are most concerned with is ACH payments, Trustly can simplify ACH payments and comes with a side of risk management.

    Money makes the world go around so risk management will always be a significant area of focus within Fintech. A cognitive AI solution to identify missing threats, Thetaray seeks to find troubling patterns before an organization is compromised. More concerned with compliance? Security Metrics shared their capabilities for ensuring compliance not only with FinTech but also Healthcare and other regulated industries. Focused on compliance, and fraud and perhaps but also must increase your customer conversion rate? OnFido shared their combination solution that enables organizations to quickly and correctly verify potential new clients. The risk profile is configurable depending on the specific needs of a given organization at a given time.

    If identity is an area of interest in your organization, TBW Advisor’s research, Conference Whispers: Identiverse is a must read. The identity space also featured quite a few vendors in the identity space. During an exclusive interview, Intellicheck told us about their exclusive access to the data required to strongly identify drivers’ licenses from USA or Canada. If you prefer to leverage phone intelligence, Prove previously covered at Money 20/20, shared an update to their solution that now goes beyond leveraging the chip in the phones. For Fraud, prevention is always better than detection, Aries Fraud Solutions is all about prevention achieved by leveraging different numbers on the card versus the strip. In the area of risk decision and fraud detection, it is also worth to evaluate the extensive offering by Socure with an active customer base across 20 different verticals.

    For various solutions, it is frequently not only about what it can do, but how extensive globally is their coverage? Provenir informed TBW Advisors that their global risk decisioning platform is available in 60 countries serving anything from Tier 1 providers all the way to SMBs. It is a multi-component platform offering a marketplace in 120 categories. On the topic of marketplaces, MoneyLion shared their extensive offering with over 800 3rd party products serving 20+ million consumers and as well as the engine behind the largest enterprise fintech customers.

    The B2C dimension is always a challenging dimension for payouts. Whether it is payouts for the workforce, or refunds, Onbe’s solution is bringing clients into the digital age. If you are focused more on gift cards, Incentive.AI can create customer solutions to fit your needs. Finally, an interesting solution to help retain depositors was shared by Wysh. Wysh enables financial institutions to offer free life insurance to customers based on deposit values.

    Next Year’s Conference 

    While this year’s event was held at the Sands Convention Center of the Venetian, next year’s event will be at Mandalay Bay. The event will be held March 30-April 1, 2026.

    ©2019-2025 TBW Advisors LLC. All rights reserved. TBW, Technical Business Whispers, Fact-based research and Advisory, Conference Whispers, Industry Whispers, Email Whispers, The Answer is always in the Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and One Change a Month, are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness or adequacy of such information. TBW does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.

  • Conference Whispers: Identiverse 2024

    Conference Whispers: Identiverse 2024

    Analyst: Dr. Doreen Galli

    Photographer: Dr. Doreen Galli

    ABSTRACT

    After over 1500 minutes of recording and 14 escalator rides, and some 35 factchecks, our coverage of 2024 Identiverse comes to a close. Identiverse was at Aria Hostel in Las Vegas from May 28-31. It is the premier event for identity professionals. It spans 4 days, 250 speakers on over 100 topics, 150 exhibitors and 3000 onsite attendees. Attendees witnessed endless examples of identity and privacy solutions including many jokes about SAML (it is NOT dead), examples of passwordless as well as talks about the value of identity.

    Conference Vibe

    After over 1500 minutes of recording and 14 escalator rides, and some 35 factchecks, our coverage of 2024 Identiverse comes to a close. Registration for the four-day event kicked off after the long holiday weekend. The event featured 250 speakers on over 100 topics, 150 exhibitors and 3000 onsite attendees. There was so much packed in it was impossible to catch all of the exhibits. They had sessions in the Joshua rooms as well as Marisopa rooms. Opening day was then capped by  a mighty keynote featuring John Whelan, President of the Cyber Risk Alliance and Andre Durand, CEO of Ping Identity and Founder of the Identiverse Conference. The event provided food for the attendees. We were able to capture breakfast Wednesday. The attendees did explicitly find me to let me know they were disappointed with the breakfast due to the lack of protein. I do understand the Microsoft Breakfast did feature sufficient protein.  Many attendees complimented the lunch which was served Wednesday as well as on Thursday. The exhibits* were open on Wednesday after the opening keynote. They were spread between two large rooms across from each other.

    Our entire playlist of video research at Identiverse is available at our YouTube Channel. Save the list to capture related shorts when they are released.

    Digital Identities

    As one might expect, Identiverse is all about identity. Much to my delight, an entire panel was presented on confidential computing. Confidential computing strength lies in multiparty computations among untrusted parties – something that occurs in the identity space quite often. The session immediately following was on digital identity where they pondered how one could achieve such an exchange – unfortunately those panelists did not attend the Confidential session. On the digital ID panel, it was exciting to see that California is live with a digital driver’s license. Many are still trying to get their real id into their wallet! Australian Bank was on stage for a keynote making the case for the Bank ID. Admittedly this talk created a bit of déjà vu to the days in the bid to become primary certificate authorities. There is no shortage of information to make the business case to adopt passwordless for your organization.

    More than Passwords

    Thursday morning’s keynote concluded with the Power of Passwordless sign-on. This session includes a number of guest speakers from the FIDO Alliance, Clarkson University, Bank of America and Amazon. The net result is that companies love it, their customers are more engaged, and the security posture is improved. Numerous examples of passwordless solutions were shown in the exhibits. AllAUthenticate shared their passwordless solution. Bringing blue collar workers who need to punch in and out into this century, Bio-Key displayed their product leveraging MFA Mellon RFID. If you would prefer your identity solution to eliminate any and all standing privileges, SGNL can get you there and help you stay in that security posture. Zluri is available to handle access control for all SaaS solutions. Aserto is an identity service that considers policy and relationship-based access control. If your service accounts are your pain point or you don’t even know how many you have of what – a start-up just out of stealth mode called Anetac may be someone you want to evaluate. If your organization’s problem is more about non-human identity issue, Natoma can assist in provisioning, deprovisioning and maintenance of non-human IDs. The word of the conference was service and non-human IDs is an area exploding with a reported over a dozen just announced at RSA.

    Google hosted an entire detailed workshop on Google Sign-On, Passkey and the use of FedFCM to deal with 3rd party cookies. It was exciting to see they are working to push privacy forward with browser.

    Identity in Practice

    An attention-grabbing keynote Thursday morning alerted to the Darkside of identity. Reminding all that identity is the most common entrance point for the uninvited. Another keynote reminded all attempting to forge a path in identity, that the most important thing is to just get going! Furthermore, pay attention to the point of no return. Identity and security are all about depth of defense, spend the effort when there is a big payout. Do not insist on 100% for each program as the last percentages take resources without improving security posture. It is far better to find a new program that will affect the remaining identities with the remaining resources.

    One often too difficult aspect of identity is customer onboarding. To that end, Strivacity specializes in the end user aspect of identity. If you challenge is too many identity services and you are having difficulty getting a complete picture, TenableOne provides a unified dashboard to see the entire threat attack surface. If your difficulty is all about connecting identity platforms to other sources and targets, Aquera Platform provides identity connector along with automation and governance in their solution. Saviynt provided a demonstration of their identity cloud with a visual display. RSA Shared their Unified Identity platform that is available on prem or in cloud for SAS saps as well as supporting SAML. Radiant Logic also provides an identity middleware heavily focusing on the data and metadata of identity. This point was also shared during John Pritchard of Radiant Logic’s keynote.

    There were options if one is seeking assistance with their identity solutions. AOH offers identity consulting spanning assessment, architecture, execution and maintenance. ProofID offers global managed identity services and are key partners with many of the top identity technology providers such as PING Identity.

    Cisco provided an in-depth workshop on defining and building an identity graph. It was very insightful, and the audience was glued to the screen. What caught our eye was the end when they said, “look at that picture – you know what that means. You know what that means you are supposed to do” Even in 2019 when I was at Gartner, augmented intelligence was present so hearing, “look at the picture” was surprising. More commonly is generative AI incorporated so it suggested actions based upon what is seen. Fortunately, Microsoft was there to bring it all back to 2024. There was an Microsoft Entra deep-dive by Nichole Peterson as well as a Microsoft Entra with Co-pilot demo that allowed attendees to zoom back to 2024.

    Next Year’s Conference

    Next year’s Identiverse is held June 3-6, 205. Furthermore, next year’s conference will be at Mandalay Bay.

     *When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other examples products in the same category may have also been on display.                                

    ©2019-2024 TBW Advisors LLC. All rights reserved. TBW, Conference Whispers, Industry Whispers, Vendor Whispers, Technical Business Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and Fact-based Research and Advisory are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness, or adequacy of such information. TBW does not provide legal, or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.