“This Whisper Report address the question regarding the best practices for integrating AI and ML into our security Systems. It highlights how leaders emphasize protecting PII, using selective data movement, optimizing hardware, choosing the right models, and knowing when AI should not be applied. Insights come from LVT’s Steve Lindsey, Safr’s John Cassise, 360 Privacy’s Trinity Davis, Intel’s Mike Nielsen, RightCrowd’s Jason Bohrer, Bioconnect’s Edsel Shreve, Vaidio’s Marshall Tyler, and Databuoy’s Kathleen Griggs. “
Cyber-physical security, like healthcare tech, must carefully manage PII. Experts highlight privacy-preserving biometrics, user-controlled consent, and anonymous face matching. Regulatory compliance, such as GDPR, drives standardization and innovation. As laws vary by region, adaptable and consistent global system architectures are essential for scalable, secure, and compliant operations.
Target Audience Titles:
Chief Technology Officer, Chief Security Officer, Chief Information and Security Officer, Chief Trust Officer, Chief Compliance Officer, Chief Risk Officer
Head of Product, VP of Product, Chief Marking Officer, Data Protection Officer,
Enterprise Architect, Director of Data Protection, Director of Data Governance, Chief Privacy Officer
Key Takeaways
Privacy-first design: Cyber-physical systems must protect PII using encrypted biometrics, local storage, and user-controlled consent mechanisms.
Anonymity matters: Face matching enables identity verification without revealing personal data, preserving user anonymity.
Compliance drives innovation: Regulations like GDPR standardize data practices and encourage secure, privacy-focused system development.
Global consistency is key: Scalable, compliant operations require adaptable, non-proprietary architectures across diverse regions and regulatory environments.
We took the most frequently asked and most urgent technology questions straight to the cyber physical security experts gathering at ISC West 2025. This Whisper Report addresses the question regarding how can we ensure compliance with new and evolving cyber physical security regulations? We will know explore the four signs you are on the correct path as depicted in Figure 1.
Data Privacy
One very interesting aspect of the cyber physical security space that reminds of healthcare tech is the handling of PII or personally identifiable information data. As Safr’s John Cassie shared, in the cyber physical space it, “has a lot to do with what we talked about as far as PII and how we manage data.” Or as LVT’s Steve Lindsey observed, “what we call private or data of sovereignty .. from a data security perspective the technology and the architectures of how these systems are built really have to be in place to address that the PII information really comes down to our use of AI.”
Fortunately, the regulations for privacy include related standards for vendors. As Intel’s RealSense’s Mike Nielsen noted, “I have been very excited about the Privacy preservation of biometric data is really possible now so I can get a template of a human being from their face that can be stored and encrypted it can be handed back to me so in my pocket.”
Managing user consent is a must to achieve privacy in the cyber physical space. Bioconnect’s Edsel Shreve argued, “in privacy where more and more controls going in the user’s hand to say yes I am allowing you to use my biometric. If I ever want to revoke that consent I need proof that you deleted my data and that it’s no longer being used.” He further explained, “we build in to both a upfront gather consent with an audit trail that says okay the user provided consent we didn’t just check a box and say yeah.” Furthermore, the solution must realize the full lifecycle of permission. Edsel Shreve further explained, “you can just do regular maintenance and go in and say who hasn’t authenticated in 6 months what are we going to do with that data right do we want to delete the template or just alert the person or alert an administrator.”
Anonymity has to do with the lack of the ability to identify the person. As LVT’s Steve Lindsey commented, “there’s a difference between facial recognition and face matching right.” Facial recognition includes identification while facial matching allows the face to remain anonymous. A great example was revealed by Intel’s RealSense’s Mike Nielsen.
“I’ve actually got a version of my this QR code is my face template. From this is 512 bytes it’s a it’s just a simple Vector map that looks at 80 points on my face but it’s mine. This isn’t siting in a database somewhere. This isn’t living on somebody’s server. This is physically in my pocket as a badge. I can then apply that (badge) by walking up to one of our devices – one of our cameras have the scan. It pulls in that QR code, evaluates what that template looks like. Then I look at the camera it pulls the template from my actual face and compares the two. The cool thing about the techniques that is it’s privacy preserving by definition it never leaves the device it can be dissolved immediately and you never have to send a picture or any personally identifiable info anywhere outside of me scanning my badge. Then the device makes sure I can unlock that door.”
Thus, this example achieves privacy and anonymity.
When it comes to cybersecurity and data governance – there are the things you want to do as an organization based on your public commitments such as your privacy statements. Then, there are requirements which are legal requirements sometimes coming from a location and sometimes defined based on your industry referred to as regulatory compliance. As LVT’s Steve Lindsey put it, “we think about the problem in the context of the of the compliance and Regulatory things that we have to have as we’re designing and building this stuff from the beginning.” Furthermore, since we are dealing with cyber physical security,
The best part about regulatory compliance according to Intel RealSense’s Mike Nielsen is, “they’re really well defined at least in the case of like GDPR so GDPR has very strange requirements on how to use PII but specifically how to use sensitive PII like biometric information one of the things that we’ve seen help move the industry forward ironically is having the regulation in place allows people to have a Level Playing Field.” That means that vendors will not be penalized for taking the more difficult road by protecting the customer as all must take equal precautions. Gary Chen of EverFocus noted, “to ensure that we have keep our regulations up to date, we need to keep advancing our technology and mostly from our end installers that will be the key .. also keep good connection with your customer.”
Requirements evolve by location as every product vendor will realize. “One of the things that’s occurring is that whether it’s in Europe or in each state coming up with new requirements for both security of data and compliance.” Edsel Shreve, Bioconnect. When faced with this challenge, it is always best to step back and see how to adjust the architecture to accommodate this capability as a configurable option vs to create a product branch. Today’s regulations in location A become tomorrow’s regulation in location Z. One can then configure at the system level as regulations evolve in different locations.
Finally, it is important to keep in mind the architecture must accommodate the cyber physical security space. who has “from an access control standpoint is not only managing who has access in and out of the mine but also incorporating some functionality around safety who’s completed what safety classes and if they haven’t completed the proper classes then we have the ability to manage access control based on what needs to happen.” Cyber physical security includes the physical safety of the employees themselves and all that goes into ensuring safety compliance regulations are met – in each location.
The complexity of cyber physical security is magnified in organizations the wider the physical disparity across country and continental boundaries. As one might expect, different vendors have different footprints across the globe. For smooth global operations one generally recommends standardized solutions as opposed to propriety solutions. As Safr’s John Cassie explained, “would be nice if I could just capture that from the existing access control system and not have to do some extra procedure so that’s another element that allows us to have sort of this compliance across my entire security platform. As long as I am not using solutions that are pigeonholing me into proprietary solutions.” There may be slightly better solutions in this aspect or that aspect locally available but those frequently ruin the ability to have global clarity. It is critical to maintain a consistent architecture globally unless you want custom roadmap items for each and every change. If you are anywhere in the lifecycle of trying to realize such as solution, be sure to set up an inquiry plan so that an expert who has been there can provide actionable guidance.
Publicly Published with video edition: July 28. 2025 2pm.
Analyst(s): Dr. Doreen Galli
Photojournalist(s): Dr. Doreen Galli
Abstract:
After capturing almost 50 videos, over 150 minutes of content and countless shorts forthcoming, our coverage of ISC West 2025 closes. Attendees gathered for ISC West 2025 held in Las Vegas March 31-April 4. The event featured innovations in video surveillance, driver-assisted systems, palm vein identity solutions, edge AI, and gunshot detection. Exhibits included AI vision, camera intelligence, and layered security solutions. TBW Advisors was able to capture exclusive content from the live sessions as well as full details on top products at exclusive Press Briefings.
Cautions
ISC West offers the option to print your badge at home. It is important to note that you not only need your badge holder and lanyard on site, but you still must wait in the registration line. Specifically, you must present and verify your ID to get a sticker on your badge for it to be useful. IF you only snag the badge holder, you will land up back at the long registration lines.
Our coverage of ISC West 2025 includes over 38 videos and over 150 minutes of video content spanning session summaries, product overviews, and answers to three urgent questions. There will be countless shorts forthcoming so save the entire Conference Whispers: ISC West 2025 playlists by clicking on the book mark symbol. Registration was quite interesting for the x attendees as one could print the badge at home but still required face to face registration to get the validation sticker. Held at Venetian, the customary Venetian Café Presse was open as well as the Venetian Food Marketplaces within expo hall if you got hungry. The event seemed to exceptionally crowded as you can feel as all waited for expo* hall to open and was loud enough to trigger a 100db warning on my watch. Upon clearing security, endless exhibits featuring massive amounts of vision AI, AI video analysis, IoT sensor data, and complex security identity solutions bridging the physical and cyber worlds.
While at ISC West, we conducted research for three forthcoming Whisper Reports for our clients. The playlists are unlisted but available and will eventually fill in with the video version of the report so you may wish to bookmark these playlists.
We are excited to share that we have two exclusive pieces of content where the presenters gave a special overview just for TBW Advisors LLC, our clients, and subscribers. First, we have the session by Intel RealSense. This session focused on the combination the long history in vision and the long history of AI together to successfully create the current generation of facial recognition for the purpose of useful Identity and Access Management via the biometric field of one’s face. Keep in mind, data representing one’s face is PII or personally identifiable information. While not healthcare, the protection of PII requires the same care as all PII data as discussed during our coverage of Conference Whispers: HIMSS 25.
The second session summary we were also treated to includes a look at when cyber and physical security combine. Operations and IT coordinating to achieve a business function is quite common. As anyone who has been a corporate CIO in an organization with physical buildings knows, security is security. Physical security must interface with IT systems to understand who is permitted to do what. Historically, if physical security fails, IT systems are always at a higher risk due to information being left around or the increased attack surfaces made available via the ability to physically access a network terminal or a server itself depending on the organization. In 2025, the rush to get data from everything connected to survive the pandemic or to rush ahead with AI solutions has increased possible attack surfaces. The confluence of these scenarios together has made the Cyber Physical Security practice space blossom so expect to hear and see a lot more in this space for the foreseeable future.
Whenever given the chance, we try to bring unique content and details about the companies at the conferences to you. At ISC West we were able to attend a special, press only event held by Taiwan Excellence better known as Taitra. Taitra’s mission is to help spread the word around the world about innovations coming out of Taiwan by featuring some of their companies. The editor in Chief for Security Today Magazine, Ralph Jensen also spoke at this event to kick it off. We were able to capture the full 10-minute presentations for each of the 6 technologies featured!
The first technology featured is Cyberlink. Cyberlink provides extensive video surveillance capabilities including the ability to successfully track people. In the event of a violent attack or a lost child, finding the desired human being from all the surveillance video available can be quite timely without the right technology. Cyberlink’s people tracking works even if the face is not visible on the video through posture, clothing, or body movement signature.
Advanced driver-assisted systems (ADAS) are popular in automobiles but for larger vehicles it is still newer due to the complexity and size of semi-trucks. EverFocus gave the press an in-depth overview of their current solution including the company’s success in obtaining many Taiwan and global certifications enabling deployment.
The third technology presented at the event was Himax with their palm vein identity solution. As this contactless solution works even if a surgeon has scrubbed for surgery and put on their two pairs of surgical gloves, this technology could have easily been featured at HIMSS25 or Identiverse. Himax is not only known for their palm vein identity solution but also for their ultralow power AI processor that runs their solution and is available on the market as WiseEye.
The fourth and fifth companies presenting both featured edge solutions. Kneron featured a general-purpose secure full stack edge AI solution that support AI services at the edge for a large variety of use cases. One example is combing standard RGB video with thermal camera information for a cohesive image to properly identity living beings or animals in the camera’s view. Likewise, Vivotek specializes in IP Surveillance solutions including network cameras, network video recorders (NVRs) and related software solutions and accessories.
The product mix set at ISC West is interesting as it spans AI vision, Camera Intelligence, surveillance, and identity. Let’s start with the best in show new product two-time award winner, Vaidio. Vaidio provides an AI vision platform leveraging their deep AI expertise. Their belief is you should be able to point a camera at anything and make it safer. Safr is a vision AI solution focuses on facial recognition and liveness verification for live video including watchlist alarms. We also had an extensive booth tour by Intel RealSense. As you can see, their solution is quite easy to integrate for developers. Enrolment is quite simple. Their chip/software solution is integrated into many of the products on the floor. They also provided a live demonstration of their solution in action. If you are famous or a high NetWorth individual and you are not comfortable with your personal identity or other information floating around the web, 360 Privacy was there with their solution.
Advancis is 30-year-old company that provides a one-stop identity solution that focuses on integrating as many hardware devises as possible. It currently can integrate with over 550 hardware devices on which it can capture and verify credentials. They add support for approximately 30 devices each year. Also playing in the Physical Identity and Access Management (PIAM) space is RightCrowd. RightCrowd specializes in complex scenarios for organizations with many employees, many visitors across many locations. For those seeking a PIAM solution leveraging facial recognition or fingerprints, Bioconnect might be on your radar. Bioconnect integrates with the top 8 IAM platforms in the market. For a layered security approach, dormakaba provided TBW Advisors LLC with an exclusive booth tour walking through their offering and various layers. If any of the biometric or other identity information needs to be put on a secure card with any of the contact and contactless embedded technology, Dascom was on site. Their printer can securely hold up to 200 finished product cards until a batch is completed and retrieved.
Diving more into the physical security aspects, LVT provides a mobile security unit that is rapidly deployable. LVT’s low power solution leverages cellular connectivity and high scalability for future proofing its deployment. Underneath the surface, LVT leverage the latest in agentic AI capabilities within its solution to provide these advanced capabilities. Another agentic AI solution that
stops threats without human intervention based on video surveillance, Spot.ai might be on your radar. As an Agentic AI solution, Spot.ai not only detects an issue but can automatically handle the threat in 90% of the cases. Specifically, the solution will automatically be able to execute things like intimidating announcements, spotlights on, and following the potential threat as well as turn on sirens. The solution notifies a humans if the automation determents fail.
Finally, if safety and security means identification of a gun shot and its source, Databuoy was on hand. With technology funded by DARPA, their solution is just as effective in your closest metropolitan area as it is in a urban combat.
ISC West 2026 conference will once again be held at the Venetian in Las Vegas, Nevada. The dates are yet to be announced for 2026.
*When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other examples products in the same category may have also been on display.
