2025-08-05 – 22:00-22:45 (Africa/Abidjan), Tuscany
Non-Human Identities (NHIs) like service accounts, bots, and automation now outnumber humans by at least 45 to 1, and are a top target for attackers. Their rapid growth has outpaced traditional security controls, and simply securing secrets is not enough; attackers exploit blind trust in tokens and credentials every day. With the release of the OWASP Top 10 Non-Human Identity Risks in 2025, we finally have clear guidance on where the biggest threats lie and how to prioritize remediation.
But OWASP isn't alone, industry experts agree: NHI security is an urgent, organization-wide challenge that goes far beyond IT. Shadow IT and AI-powered automation are accelerating the problem, making strong identity governance and access management (IAM) essential. Developers need to understand the risks, leverage the latest best practices, and advocate for a holistic approach to NHI security. By raising awareness and driving governance across teams, we can start to control the chaos and protect our organizations as NHIs continue to proliferate.
Non-Human Identities (NHIs) outnumbered humans 45 to 1 in 2022. Given that their access abuse is one of the most easily exploited attack paths, we really need to get a handle on NHI security right now. But how do we start? What do we even tell the developer? We can't tell them to just not keep building applications and secrets security alone has not addressed all the concerns NHI security requires.
Once again, OWASP is here to shed some light on the situation right as this issue becomes a major, main steam concern. In January of 2025, they released the Top 10 Non-Human Identity Risks, which highlights exactly how NHIs keep getting exploited and gives us a guide to raising awareness and prioritizing and remediating the situation inside our organizations.
But they are not the only ones who released a guide or even a top 10 list. This talk will guide us through the commonalities of all the published wisdom around NHI security, and we will end with a discussion that governance is a path forward but will need to go through IAM and, eventually, the whole organization.
Dwayne has been working as a Developer Advocate since 2014 and has been involved in tech communities since 2005. His entire mission is to “help people figure stuff out.” He loves sharing his knowledge, and he has done so by giving talks at hundreds of events worldwide. He has been fortunate enough to speak at institutions like MIT and Stanford and internationally in Paris and Iceland. Dwayne currently lives in Chicago. Outside of tech, he loves karaoke, live music, and crochet.