web analytics

RSA Conference Dispatch: Mr. NHI – Leading the Movement to Expose Cybersecurity’s Biggest Blind Spot! – Source: securityboulevard.com

rsa-conference-dispatch:-mr-nhi-–-leading-the-movement-to-expose-cybersecurity’s-biggest-blind-spot!-–-source:-securityboulevard.com
Rate this post

Source: securityboulevard.com – Author: John D. Boyle

When you meet Lalit Choda, known across the cybersecurity industry as “Mr. NHI,” one word immediately comes to mind: Authenticity.
There’s no sales pitch, no ulterior motive. Just a passion for the mission of security and to educate, collaborate and drive real-world solutions around Non-Human Identity (NHI) management and governance. NHIs represent one of the fastest-growing security blind spots present in every IT ecosystem worldwide and, as Lalit contends, one of the most misunderstood challenges in cybersecurity today. 

I had the privilege to sit down with Lalit at RSA Conference 2025 to reflect on his NHI journey, and what a journey it has been. We met early Sunday evening in the quiet of Techstrong’s Broadcast Alley set, long after our crew had finished setting up and ventured out to enjoy dinner in San Francisco. The calm before the RSAC storm felt like sitting in the quiet eye of a hurricane before landfall, which made for a peaceful and focused conversation. This was the first time Lalit and I met in person since Black Hat USA 2024 in Las Vegas.  

Techstrong Gang Youtube

AWS Hub

Lalit’s firsthand experience with Non-Human Identities dates back 25 years, long before “NHI” became a familiar acronym. As a senior leader managing global regulatory NHI programs at numerous investment banks, he wrestled with early Sarbanes-Oxley (SOX) Act compliance mandates, particularly the daunting task of rotating hard-coded service account passwords buried deep within C code. There were no vaulting solutions at the time, so he had to build his own. “I realized even back then that non-human identities were critical, widespread and dangerously unmanaged,” Lalit said. 

Fast forward to today, and the problem has expanded exponentially. With the rise of cloud computing, SaaS, APIs, microservices and now AI agents, non-human identities outnumber human identities by staggering margins, 50 to 1 by many accounts and as many as 90 to 1 by others.

Attackers have noticed as well and are drawn to ungoverned NHIs like trout at a fish farm to kernels of corn. Gone are the days when phishing humans was the primary attack vector; today, stolen or orphaned service accounts, API keys and secrets, often carrying excessive privilege and access, are prime targets early in kill chains. Why? Unmanaged NHIs often carry excessive privilege and access and give attackers the lateral movement they need to execute brutal ransomware and data exfiltration attacks. 

As I recently highlighted in a recent NHI-focused article for Security Boulevard, the growing intersection between generative AI and NHIs poses an even greater threat. AI agents, operating at machine speed and often provisioned without proper governance, expand the NHI attack surface at a rapid-fire pace like Gremlins swimming in the ocean.

The Formation of the NHI Management Group 

Recognizing a serious gap in awareness and resources, Lalit launched the Non-Human Identity Management Group (NHIMG) on LinkedIn in May 2024. Shortly after, he built the independent platform NHIMG.org. 

“The vision wasn’t about commercialization. It was about education and collaboration,” Lalit said. “If people walk away realizing the risks they’re sitting on and how to take action, we’ve done our job.” 

In under a year, NHIMG has exploded to nearly 2,000 active members, including major startups, cybersecurity giants, researchers and practitioners. Unlike many industry forums where marketing battles drown out engagement, NHIMG has created a space where competitors collaborate, ideas are openly shared and respect for attribution and community input is paramount. Lalit’s philosophy is simple but powerful: “You can’t secure what you can’t see. And the truth is, most organizations have no idea how many non-human identities they have, where they are, or who owns them.” 

Notable NHIMG.org Achievements to Date 

Since its founding, NHIMG has quickly become a leading resource for the cybersecurity community. Major initiatives include: 

  • The Ultimate Guide to Non-Human Identities — a comprehensive 70-page research report viewed more than 5,000 times worldwide. 
  • Top 40 NHI Breaches Report — a groundbreaking analysis of real-world breaches linked to unmanaged NHIs, illustrating just how serious the risk is. 
  • The World’s First NHI Community Forum — a vendor-neutral online community where practitioners can ask questions, seek guidance and collaborate on solutions. 
  • Hosting major summits — such as the 2025 NHI Summit in New York City, which brought together startups like Akeyless, Entro Security, Andromeda Security and many more for a day of genuine knowledge sharing without marketing pitches. 

Where the NHI Journey is Heading 

At RSA 2025, you’ll find Mr. NHI walking the halls, connecting with innovators and evangelizing the urgent need for better NHI practices, especially as AI agents begin to multiply and operate autonomously across enterprises. 

“Our mission for 2025 and beyond is clear: Accelerate education, foster collaboration and create a united front against the risks unmanaged NHIs pose to businesses, governments and critical infrastructure,” Lalit said. 

His broader professional background, including decades spent inside regulated industries, gives “Mr. NHI” a unique perspective on what it takes to bring meaningful change to complex environments. Lalit has also spent recent years advising early-stage cybersecurity startups and speaking at leading industry events about this growing and concerning attack surface.

Yet despite his impressive resume, Lalit’s approach remains humble, community-driven and deeply human. “The best feedback I get is when someone tells me, ‘I didn’t even know this problem existed until I read your content. Now I want to engage, learn, act and help solve it,” concluded Lalit.  

Final Thoughts About Mr. NHI 

In cybersecurity, authenticity matters. Lalit’s passion for solving real problems, not just profiting from them, is a refreshing reminder of what leadership and a security-first mindset should look like. The NHI community he’s building isn’t just important, it’s vital to the future of cybersecurity. As threats evolve and expand into every corner of our digital world, the work being done around NHIs today will shape the security and resilience of tomorrow’s global critical infrastructure.  

My RSA Conference 2025 Bonus Challenge: Where’s Mr. NHI? 

If you spot Lalit walking around RSA this week (he’ll be wearing his signature NHI shirt with “Mr. NHI” on the back), introduce yourself, snap a photo, share it with me on LinkedIn and tag #MrNHI, #NHIs, #RSAC2025. 

Stay tuned for more of my RSAC 2025 Dispatches published on Security Boulevard, and always, stay Techstrong, my friends! 

Recent Articles By Author

Original Post URL: https://securityboulevard.com/2025/04/rsa-conference-dispatch-mr-nhi-leading-the-movement-to-expose-cybersecuritys-biggest-blind-spot/?utm_source=rss&utm_medium=rss&utm_campaign=rsa-conference-dispatch-mr-nhi-leading-the-movement-to-expose-cybersecuritys-biggest-blind-spot

Category & Tags: Cybersecurity,Featured,Identity & Access,RSAC,Security Awareness,Security Boulevard (Original),Social – Facebook,Social – LinkedIn,Social – X,Spotlight,identity security,Mr NHI,NHIs,RSA Conference,RSAC2025,zero trust – Cybersecurity,Featured,Identity & Access,RSAC,Security Awareness,Security Boulevard (Original),Social – Facebook,Social – LinkedIn,Social – X,Spotlight,identity security,Mr NHI,NHIs,RSA Conference,RSAC2025,zero trust

Views: 1

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

CISO2CISO Notepad Series
How Can We Structure Cybersecurity Teams To Better Integrate Security In Agile At Scale?
How Can We Structure Cybersecurity...
OCCUPYTHEWEB
Linux Basics for Hackers by Occupytheweb
Linux Basics for Hackers by...
NIST
Digital Forensics and Incident Response (DFIR) Framework for Operational Technology (OT) by NIST – Eran Salfati and Michael Pease
Digital Forensics and Incident Response...
Think Big Blog
Top 10 TED Talks to Learn about Cyber Security
Top 10 TED Talks to...
NCSC
NCSC Cyber Security for Small Business “SMEs” Guide.
NCSC Cyber Security for Small...
Practical DevSecOps
API Security Fundamentals – Your Handy Guide to Building an Unhackable System by practical-devsecops.com
API Security Fundamentals – Your...
Vendict
The 2024 CISO Burnout Report by Vendict
The 2024 CISO Burnout Report...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...

LASTEST PUBLISHED POSTS

Cyberint
Retail Threat Landscape Report Q1-Q3 – November 2024 Summary by Cyberint a Check Point Company
Retail Threat Landscape Report Q1-Q3...
NCSC
Protecting Critical Supply Chains – A Guide to Securing your Supply Chain Ecosystem
Protecting Critical Supply Chains –...
Culture AI
Time to Adapt – The State of Human Risk Management in 2024 by Culture AI.
Time to Adapt – The...
National Cyber Security Centre
Engaging with Boards to improve the management of cyber security risk.
Engaging with Boards to improve...
Microsoft Security
2024 State of Multicloud Security Report by Microsoft Security
2024 State of Multicloud Security...
bugcrowd
Inside the Mind of a CISO 2024 The Evolving Roles of Security Leaders 2024 by bugcrowd
Inside the Mind of a...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Lacework
CISO’s Playbookto Cloud Security by Lacework
CISO’s Playbookto Cloud Security by...
MITRE - Carson Zimmerman
Ten Strategies of a World-Class Cybersecurity Operations Center by MITRE
Ten Strategies of a World-Class...
SILVERFRONT - AIG
Identity Has Become the Prime Target of Threat Actors by Silverfort AIG.
Identity Has Become the Prime...
CYZEA.IO
Enterprise Information Security
Enterprise Information Security
IGNITE Technologies
ENCRYPTED REVERSE
ENCRYPTED REVERSE

More Latest Published Posts

WORLD BANK GROUP
Global Cybersecurity Capacity Program
Global Cybersecurity Capacity Program
Gary Hinson
Getting started withsecurity metrics
Getting started withsecurity metrics
EDPS
Generative AI and the EUDPR.
Generative AI and the EUDPR.
Bright
2024 Guide to Application Security Testing Tools
2024 Guide to Application Security Testing Tools
HADESS
Hacker Culture
Hacker Culture
Quuensland Govermment
RISK ASSESSMENT PROCESS HANDBOOK
RISK ASSESSMENT PROCESS HANDBOOK
Ministry of MOS Security
HIPAA SIMPLIFIED
HIPAA SIMPLIFIED
Hacker Combat
How Are Passwords Cracked?
How Are Passwords Cracked?
CIS - Center for Internet Security
How to Plan a Cybersecurity Roadmap in Four Steps
How to Plan a Cybersecurity Roadmap in Four Steps
ACSC Australia
Information Security Manual
Information Security Manual
Kaspersky
Incident Response Playbook: Dark Web Breaches
Incident Response Playbook: Dark Web Breaches
ninjaOne
Endpoint Hardening Checklist
Endpoint Hardening Checklist
HADESS
Important Active Directory Attribute
Important Active Directory Attribute
ISA GLOBAL CYBERSECURITY ALLIANCE
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
Rajneesh Gupta
IAM Security CHECKLIST
IAM Security CHECKLIST
sqrrl
Hunt Evil
Hunt Evil
Searchinform
How to protect personal data and comply with regulations
How to protect personal data and comply with regulations
Giuseppe Manco
Threat Intelligence Platforms
Threat Intelligence Platforms
CSA Cloud Security Alliance
Hardware Security Module(HSM) as a Service
Hardware Security Module(HSM) as a Service
IGNITE Technologies
CREDENTIAL DUMPING FAKE SERVICES
CREDENTIAL DUMPING FAKE SERVICES
IGNITE Technologies
A Detailed Guide on Covenant
A Detailed Guide on Covenant
NIST
Computer Security Incident Handling Guide
Computer Security Incident Handling Guide
IGNITE Technologies
DIGITAL FORENSIC FTK IMAGER
DIGITAL FORENSIC FTK IMAGER
Accedere
Cloud Security Assessment
Cloud Security Assessment
YL VENTURES
CISO Reporting Landscape 2024
CISO Reporting Landscape 2024
CISO Edition
Reporting Cyber Risk to Boards
Reporting Cyber Risk to Boards
CIOB
CIOB Artificial Intelligence (AI) Playbook 2024
CIOB Artificial Intelligence (AI) Playbook 2024
INCIBE & SPAIN GOVERNMENT
Nuevas normativas de 2024 de ciberseguridad para vehículos
Nuevas normativas de 2024 de ciberseguridad para vehículos