As our environment grew, we realized that non-human identities: service accounts, service principals, applications, APIs,... were multiplying rapidly and becoming an unmanaged risk. Managing these identities securely was no longer optional; it became a critical priority for our security, compliance, and operational resilience. In this session, we’ll share our journey to building a Non-Human Identity Management (NHIM) program: why we decided to act, the challenges we encountered along the way, and what strategies helped us succeed. We'll cover the steps we took to gain visibility, establish ownership, reduce risk, and build a scalable, sustainable program for the future. Whether you're just starting to think about non-human identities or looking to strengthen your approach, we hope our lessons learned can help guide your path forward.