EMA Research Blog: Navigating IT and Security Horizons

Black Hat Asia 2025 returned to Singapore with a dynamic mix of technical depth, real-world impact, and plenty of sobering insights about the evolving cybersecurity landscape. Across two packed days, experts from around the globe tackled threats old and new, offering live demonstrations, original research, and thought-provoking commentary on the increasingly blurred lines between digital, physical, and even quantum attack surfaces.

In an era when government operations increasingly rely on digital infrastructure to remain effective, accountable, and secure, messaging platforms emerged as both an enabler and a risk vector. The question of how government agencies communicate—internally, externally, and across jurisdictional lines—is no longer merely a matter of workflow optimization. It is a fundamental aspect of mission assurance, public trust, and operational integrity. Yet even as messaging tools proliferate and mature, the gulf between platforms built for accountability and those designed for privacy remains pronounced. Nowhere is that divide more evident than in the ongoing tension between Microsoft Teams and Signal—two platforms that, while often deployed in parallel, represent fundamentally different answers to the same set of urgent questions about security, control, and digital sovereignty.

In an era when cybersecurity threats continue to evolve at an unprecedented pace, organizations are seeking robust, goal-oriented solutions to identify and remediate security vulnerabilities effectively. Traditionally, penetration testing as a service (PTaaS) played a critical role in structured, systematic security assessments. However, as the industry shifts toward more dynamic and continuous testing models, it is becoming increasingly clear that PTaaS needs a redefinition—one that includes the advantages of bug bounty programs under its umbrella.

In today’s interconnected digital landscape, identity has become the cornerstone of both organizational security and user experience. Whether onboarding a new employee or granting a customer access to services, the journey of identity—commonly referred to as the identity supply chain—encompasses a series of critical stages, from initial verification to continuous authentication and authorization.

OpenText World 2024 highlighted the growing role of AI in enterprise transformation, with Aviator, OpenText’s AI platform, as a focal point. Now one year into its deployment, Aviator has demonstrated significant potential in addressing challenges across industries by integrating AI into business processes. The platform reflects OpenText’s broader strategy of “Elevating Human Potential,” focusing on AI, cloud, and security as key drivers of innovation. Aviator’s emphasis on secure, data-driven AI models has positioned it as a useful tool for tackling the complexity of modern information management.

I recently had the opportunity to attend Identity Week in Washington, D.C. While this is a smaller conference compared to RSA Conference or Black Hat, some of the conversations were just as powerful and much more focused on the identity market. I was at first encouraged by the large focus of biometrics at the conference, but quickly discouraged upon seeing the limited use cases many of the vendors were promoting.

According to the RSA Conference website, there was a total of 641 vendors exhibiting or sponsoring the conference in the over 738,000 square feet of exhibit space dedicated within the two-million-square-foot Moscone Center. I had meetings scheduled with approximately 20 of these vendors and met with a small handful of additional vendors on the expo floor as time permitted. I didn’t keep track of how far I walked this year, but the entire Moscone Center complex is approximately 87 acres in size. For comparison, the United States Capitol building is only 4 acres. I made several laps around the expo floor each day, as well as walking around the entire complex throughout various parts of the day. Needless to say, my feet are quite tired, but with the conversations I had with vendors, it was worth it.

The RSA Conference 2024 is upon us, and this year promises to be a treasure trove of insights for security professionals. We're particularly excited to explore the latest advancements in areas like AI-powered security and cloud protection. To enhance our analysis, we're putting Google Gemini, a large language model, to the test. Can it navigate the vast amount of information available about the conference and identify the themes that matter most? In this blog, we’ll explore the conference through the lens of Google Gemini, offering previews of sponsor briefings, session topics, and emerging trends that will shape the future of cybersecurity, and we’ll also examine Gemini’s ability to analyze text data.

In an era rampant with cyber threats, the security of passwords and identity remains a critical concern. According to HaveIBeenPwned.com, over 12 billion credentials were compromised online as of March 6, 2024. This staggering figure underscores the vulnerability of password-based authentication systems. Most (if not all) of these involve compromised passwords, and often expose not only a compromise to the originally affected domain or web application, but also multiple accounts utilizing the same email address and password.

The Dynatrace Perform 2024 conference delivered a plethora of insights and forward-looking perspectives this month. Throughout the conference, the event encompassed keynotes, breakout sessions, customer panels, and hands-on training, offering a holistic view of the latest trends and innovations in the tech industry. The overarching theme, "Make Waves," encapsulates the imperative for transformation and disruption in the tech industry. It underscores the need to drive substantial change and progress amidst evolving trends.