At RSAC Conference 2025, BeyondTrust’s Chief Security Advisor Morey Haber offered a forward-looking take on the state of identity security and the real-world gaps that still exist in enterprise environments. With over two decades in the field and a perspective shaped by both hands-on roles and high-level advisory work, Haber emphasized what too many organizations overlook: the path to privilege is often shorter—and more invisible—than they realize.

One key takeaway is the growing importance of understanding “true privilege.” It’s not just about who has admin access on paper, but the latent, often unseen ways attackers can pivot between accounts to escalate privileges. That kind of lateral movement is still flying under the radar in many environments.

Haber also underscored a theme that’s come up again and again this year: AI is both an asset and a liability. On one hand, it’s helping organizations detect suspicious identity behaviors—like machine accounts suddenly acting human or vice versa. On the other, it’s being weaponized to accelerate identity-based attacks.

And then there’s the larger industry reckoning coming into view. Haber believes we’re entering a period of correction—less marketing, more fundamentals. Foundational security will be where focus returns: antivirus, SIEM, PAM. The flashy bolt-ons and overpromised vaporware? Expect a shakeout.

If there’s a throughline in his view, it’s this: Security teams need to move from checkbox compliance toward actual operational resilience. Identity, and the pathways attackers can exploit within it, is the new frontline. Knowing who has access to what—and how—isn’t just good hygiene anymore. It’s make or break.