Identity at the Center

In this episode of the Identity at the Center podcast, hosts Jeff and Jim engage in an insightful conversation with Darren Rolls, a veteran in the Identity and Access Management (IAM) field. They discuss the complexities of identity fabrics, the evolving landscape of IAM, the impact of AI, and the challenges of integrating new technologies with legacy systems. Darren shares his thoughts on upcoming trends, practical advice for IAM practitioners, and even his personal experience with kite surfing. Tune in to gain expert perspectives on the future of IAM and the significance of continuous learning and adaptation in this dynamic field.Connect with Darran: https://www.linkedin.com/in/darran-rolls/Identity Innovations Blog: https://identityinnovationlabs.com/identity-insights/Chapters00:00 Introduction and Casual Banter00:17 Discussing Identity Fabrics and Leadership Compass03:19 Upcoming Conferences and Events05:32 Interview with Darren Rolls: Identity Management Journey09:09 Evolution and Challenges in Identity Management24:41 Future of Identity Management and AI32:05 The Future of IAM in the Age of AI33:12 The Rise of Agent-Based Applications34:12 Challenges in Identity and Access Management35:31 Exploring Vibe Coding and AI Utilities38:09 Monitoring and Telemetry in IAM40:17 The Evolution of Identity Management42:05 The Role of Laws in IAM Architecture46:16 Balancing Legacy Systems with Future Innovations51:39 Kite Surfing Adventures and Reflections59:01 Closing Thoughts and Future EngagementsConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

Sponsored by Axonius. Visit https://www.axonius.com/idac to learn more.In this sponsored episode of the Identity at the Center Podcast, hosts Jeff and Jim talk with Amir Ofek, the CEO of AxoniusX, about the company's innovative solutions in identity and access management (IAM). The discussion covers Amir's journey into IAM, the unique challenges of managing identities, and how AxoniusX's data-driven approach provides comprehensive visibility and intelligence. The episode breaks down various use cases, the importance of identity hygiene, automation of identity processes, and the newly recognized identity visibility and intelligence platform (IVIP) by Gartner.Timestamps:00:00 Introduction and Episode Overview00:57 Guest Introduction: Amir, CEO of AxoniusX01:12 Amir's Journey into Identity Access Management02:40 Understanding Axonius and AxoniusX08:03 The Importance of Identity Visibility and Intelligence11:48 Challenges in Identity Management22:10 Axonius's Approach to Identity Visibility26:35 Leveraging AI and Machine Learning in Identity Management31:18 Understanding Permission Changes and Their Importance32:10 The Role of Observability in Axonius32:37 Driving Actions with Axonius33:30 Common Use Cases and Workflows35:19 Axonius as a Swiss Army Knife36:16 Ease of Use and AI Integration38:49 Starting with Axonius and Measuring Value43:42 Future Directions for Axonius49:49 The Identity Community and Upcoming Events51:23 Skiing Adventures and Tips57:54 Conclusion and Final ThoughtsConnect with Amir: https://www.linkedin.com/in/amirofek/Learn more about Axonius: https://www.axonius.com/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.com

In this episode of the Identity at the Center Podcast, hosts Jeff and Jim dive into the critical intersection of cloud security and identity and access management (IAM). They are joined by experts from RSM Justin Devine, Cloud Transformation Director, and Vaishnavi Vaidyanathan, Digital Identity Director, to discuss the challenges and strategies involved in explaining complex identity topics in business terms to executives. The conversation covers the integration of IAM with cloud initiatives, the importance of automation and governance, and actionable steps for improving cloud security and identity management. The episode also touches on the evolving role of identity in cybersecurity and offers practical advice for organizations undergoing cloud migrations.Connect with Justin: https://www.linkedin.com/in/justindevine/Connect with Vaishnavi: https://www.linkedin.com/in/vaishnavi-vaidyanathan-6913072b/Learn more about RSM:Digital Identity consulting: https://rsmus.com/services/risk-fraud-cybersecurity/cybersecurity-business-vulnerability/identity-and-access.htmlSecure Cloud: https://rsmus.com/services/risk-fraud-cybersecurity/cybersecurity-business-vulnerability/secure-cloud.htmlCheck out more RSM & IDAC episodes: https://rsmus.com/insights/services/risk-fraud-cybersecurity/IDAC-podcast-featuring-RSMs-digital-identity-team.htmlChapters00:00 Introduction and Banter00:37 Explaining Identity in Business Speak04:03 Conference Season and Upcoming Events06:19 Intersection of Cloud Security and IAM07:05 Guest Introductions: Justin and Vaishnavi07:37 Vaishnav's Journey in Identity12:20 Justin's Background and Cloud Security14:32 Cloud and IAM Strategies29:28 Challenges in Identity Management30:09 Identity Orchestration and Cloud Transformation31:07 Modernizing Identity for Cloud Adoption33:03 Importance of Identity in Advanced Cloud Implementations37:28 Identity Security and Monitoring in the Cloud41:34 Practical Advice for Cloud and Identity Management53:23 Music Preferences and Final ThoughtsConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

Anthony Viggiano, an IAM leader and member of the Identity Underground and IDPro, shares his deep expertise on Identity and Access Management. He delves into the challenges of making access reviews effective and how to future-proof IAM programs. Anthony discusses the importance of role-based and attribute-based access control, emphasizing the need for clearer communication in identity governance. He also makes a quirky analogy between managing identities and mountain biking, offering tips for beginners along the way. A blend of insights and personal anecdotes awaits!

This episode is sponsored by P0 Security. Visit p0.dev/idac to learn why P0 is the easiest and fastest way to implement just-in-time, short-lived, and auditable access to your entire infrastructure stack, like servers, databases, Kubernetes clusters, cloud consoles, and cloud services, for users as well as non-human identities.In this sponsor spotlight episode, Jim and Jeff are joined by Shashwat Sehgal, CEO and founder of P0 Security, to discuss the evolving challenges of privileged access management in modern, cloud-native environments. Shashwat explains how traditional PAM solutions often create friction for developers, leading to over-provisioning and security risks, and how P0 is tackling this problem with a developer-first, just in time (JIT) access model. The conversation covers the core problems with developer productivity, how P0's use of technologies like eBPF provides deep visibility and control without agents, the "Priority Zero" philosophy, and how a JIT approach simplifies audits and compliance. They also discuss the competitive landscape and what sets P0 Security apart from traditional and open-source solutions.Learn more about P0: https://www.p0.dev/idacConnect with Shashwat: https://www.linkedin.com/in/shashwatsehgal/Chapter Timestamps:00:00 - Podcast Intro00:29 - Sponsor Introduction: P0 Security01:38 - What is the problem P0 Security is trying to solve?03:52 - Defining "Just-in-Time" (JIT) Access06:21 - The challenge with traditional PAM for developers08:23 - How P0 provides access without agents using eBPF12:15 - What does the user experience look like?15:58 - Supporting various infrastructure and access protocols19:15 - How does P0 handle session recording and auditing?22:20 - Is this a replacement for Privileged Access Management (PAM)?26:40 - The story behind the name P0 Security29:20 - Who is the ideal customer for P0?33:15 - Handling break-glass scenarios36:04 - Discussing the competitive landscape42:30 - How is P0 deployed? (Cloud vs. On-prem)46:50 - The future of P0 and the "Priority Zero" philosophy50:32 - Final thoughts: "Access is our priority zero."Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywords:P0 Security, Shashwat Sagal, Privileged Access Management, PAM, Just-in-Time Access, JIT, Developer Security, Cloud-Native Security, Hybrid Cloud, eBPF, Kubernetes, IAM, Identity and Access Management, Cybersecurity, Zero Trust, Ephemeral Access, Developer Experience, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

Join hosts Jeff Steadman and Jim McDonald as they explore the critical intersection of attack surface management (ASM) and digital identity with Dan Lauritzen, Director with RSM Defense - RSM’s Managed Security Team. This episode dives deep into how identity has become a key component of your organization's attack surface and why breaking down silos between identity teams and Security Operations Centers is more crucial than ever.Dan brings a unique perspective from his military background as a human intelligence collector to his current role in detection and response. Learn about the cyber kill chain, understand when you might have too much data, and discover practical strategies for treating identities as assets that need continuous protection.Whether you're an identity practitioner looking to expand your security knowledge or a cybersecurity professional wanting to better understand identity's role in attack surface management, this conversation offers valuable insights and actionable takeaways.Key topics include XDR platforms, ITDR tools, the evolution from legacy SIEM to modern detection systems, and why the future of security requires collaboration between traditionally separate teams.Chapter Timestamps00:00 - Introduction and Industry Trends01:00 - AI and Technology Disruption Discussion02:00 - Upcoming Conference Schedule and Discount Codes04:00 - Podcast Milestone - Approaching One Million Downloads06:30 - Introducing Dan Lauritzen and RSM Defense Team09:00 - Dan's Background - From Military to Cybersecurity12:00 - What is Attack Surface Management?14:00 - Treating Identities as Assets16:00 - The Cyber Kill Chain Explained18:00 - Why Identity and SOC Teams Operate in Silos21:00 - The Role of Data in Modern Security Operations23:00 - Continuous Identity Management and Shared Signals Framework26:00 - Can You Have Too Much Data?29:00 - Breaking Down Silos Between Identity and SOC Teams32:00 - Practical Collaboration Strategies34:00 - SIEM vs XDR vs ITDR - Understanding the Tool Landscape41:00 - Pragmatic Security Strategies and Metrics44:00 - Biggest Misconceptions About Attack Surface Management45:00 - Military Background - Human Intelligence Collection48:00 - Communication Tips for Better Information Gathering51:00 - Closing and Contact InformationConnect with Dan: https://www.linkedin.com/in/daniel-lauritzen-67545045/Cyber Kill Chain: https://en.wikipedia.org/wiki/Cyber_kill_chainLearn more about RSM:RSM Defense Managed Security: https://rsmus.com/services/risk-fraud-cybersecurity/managed-security-services.htmlRSM Digital Identity: https://rsmus.com/services/risk-fraud-cybersecurity/cybersecurity-business-vulnerability/identity-and-access.htmlConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Dan Lauritzen, RSM, attack surface management, cybersecurity, digital identity, SOC, Security Operations Center, XDR, ITDR, SIEM, cyber kill chain, detection and response, identity security, human intelligence, military cybersecurity, continuous identity management, shared signals framework, UEBA, threat detection, zero trust, privileged access management, identity governance, security metrics, vendor management, cloud security, endpoint security, data correlation, security silos, collaboration strategies, identity assets, orphaned accounts, entitlement creep, attack surface reduction, security automation, AI in security, machine learning security, identity sprawl, security tools, cybersecurity consulting, managed security services, security monitoring, incident response, threat hunting, vulnerability management, risk assessment, compliance, security architecture, defense strategy

In this episode of the Identity at the Center podcast, hosts Jeff and Jim dive into an enriching discussion with Shawna Hofer, Chief Information Security Officer at St. Luke's Health System in Idaho. Discover the vital link between cybersecurity and patient safety, the evolving role of AI in healthcare, and the challenges of integrating new technologies securely. Shawna shares her unique journey from an identity and access management manager to a CISO, offering valuable insights on risk management, data privacy, machine identities, and resilient security infrastructure. This is a must-watch episode for anyone interested in the intersection of healthcare and cybersecurity!Timestamps:00:00 Introduction and Podcast Overview00:37 ID Pro Membership Benefits03:35 Conferences and Events06:03 Introducing Shawna Hofer07:00 Shawna’s Journey to CISO10:55 Identity Security in Healthcare13:49 Balancing Security and User Experience19:08 Challenges with IoT in Healthcare24:27 AI in Healthcare Security30:01 Upskilling for AI in Security33:07 The Ever-Improving AI Landscape33:21 Embracing the AI Mindset33:58 Resiliency in Healthcare and AI35:06 The Future of Jobs in an AI-Driven World37:37 Trusting AI in Security Decisions40:56 Learning the Language of Risk43:44 Making the Business Case for Identity45:50 Balancing Security Investments51:48 The Future of Healthcare and AI54:40 Fun and Food: The Potato Question01:02:13 Closing Remarks and FarewellConnect with Shawna: https://www.linkedin.com/in/shawna-hofer-7259b21a/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

Felix Gaehtgens, a former Gartner analyst focused on machine identity, joins the discussion to unravel the complexities of managing non-human identities. He emphasizes the crucial differences between human and machine identities and critiques outdated identity practices. Felix advocates for modern, dynamic identity solutions to tackle the challenges of increasing machine interactions. The conversation also highlights the need for collaboration between IAM teams and developers to enhance security strategies and explores the future of machine identity in a rapidly evolving cyber landscape.

Welcome back to Identity at the Center! Jeff flies solo this week as Jim handles a cross-country move, bringing you an insightful conversation with Joni Brennan, the new Chair of the IDPro Board of Directors.In this episode, Joni shares her vision for IDPro's future, discussing what the organization does well and where improvements are needed. As both IDPro Chair and President of DIACC (Digital ID and Authentication Council of Canada), Joni brings unique insights into the business side of identity management, international perspectives on digital wallets, and the importance of building bridges across different identity ecosystems.Joni also opens up about her work bridging local, national, and international identity initiatives in Canada, and why she believes identity professionals need to think beyond just technical specifications.Plus, stick around for a special bonus segment where we meet Champ, Joni's adorable new German Shepherd-Rottweiler puppy!#idac #identity #cybersecurity #digitalidentity #identitymanagement #iam #idpro #digitalwallets #canada #authenticationConnect with Joni: https://www.linkedin.com/in/jonibrennanLearn more about IDPro: https://idpro.org/Learn more about DIACC: https://diacc.ca/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comTimestamps00:00 - Introduction and Solo Host Setup00:40 - Welcome Joni Brennan, New IDPro Chair01:00 - Official IDPro Podcast Partnership Announcement02:00 - Life Updates: Still in the Trailer on Starlink03:00 - What IDPro Members Should Know05:00 - Open Invitation for Community Feedback07:00 - What IDPro Does Well vs Areas for Improvement10:00 - The Need for More Structure in IDPro12:00 - Defining Identity Professionals Beyond Technical Roles14:00 - The Value of IDPro Slack Community16:00 - Business of IAM: Beyond Technical Implementation18:00 - Case Studies and Success Stories for IDPro20:00 - Learning from Failures and Sharing Knowledge22:00 - Organizational Politics in Identity Management25:00 - Building Bridges Between Identity Ecosystems27:00 - Introduction to DIACC and Canadian Perspective30:00 - Local vs National vs International Identity Initiatives32:00 - Digital Wallets and the Trust Problem35:00 - Centralization vs Decentralization in Identity38:00 - Trust Anchors and Multiple Wallet Ecosystem40:00 - Making Identity Products People Want to Use42:00 - Privacy, Audit Trails, and Government Regulation44:00 - Citizen-Directed Government Data45:00 - International Perspectives on Identity Solutions47:00 - AI, Fraud, and Regulatory Responses in Canada49:00 - Serving Current Needs While Building Future Solutions50:00 - The Challenge of Being an Identity Expert51:00 - Wrapping Up IDPro Discussion52:00 - Bonus: Meet Champ the Puppy54:00 - Dog Stories and Puppy Training56:00 - Closing Remarks and Contact InformationKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Joni Brennan, IDPro, identity management, digital identity, IAM, cybersecurity, authentication, digital wallets, trust frameworks, DIACC, Canada, identity professionals, business of identity, case studies, community feedback, Slack community, certification, CIDPRO, international identity, EU wallets, mobile driver's license, Apple Wallet, Google Wallet, trust anchors, interoperability, fraud prevention, AI in identity, government regulation, citizen directed data, open banking, privacy, audit trails, identity politics, organizational change, professional development, technical skills, non-technical professionals, policy advocacy, governance, standards, specifications, bridge building, ecosystem connectivity, puppy, German Shepherd, Rottweiler

This episode is sponsored by Natoma. Visit https://www.natoma.id/ to learn more.Join Jeff from the IDAC Podcast as he dives into a deep conversation with Paresh Bhaya, the co-founder of Natoma. In this sponsored episode, Paresh shares his journey into the identity space, discusses how Natoma helps enterprises accelerate AI adoption without compromising security, and provides insights into the rising importance of MCP and A2A protocols. Learn about the challenges and opportunities at the intersection of AI and security, the importance of dynamic access controls, and the significance of ensuring proper authentication and authorization in the growing world of agentic AI. Paresh also delights us with his memorable hike up Mount Whitney. Don't miss out!00:00 Introduction and Sponsor Announcement00:34 Guest Introduction: Paresh Bhaya from Natoma01:14 Paresh’s Journey into Identity04:04 Natoma's Mission and AI Security06:25 The Story Behind Natoma's Name09:29 Natoma's Unique Approach to AI Security18:32 Understanding MCP and A2A Protocols25:20 Community Development and Adoption25:56 Agent Interactions and Security Challenges27:19 Navigating Product Development29:17 Ensuring Secure Connections36:10 Deploying and Managing MCP Servers42:40 Shadow AI and Governance44:17 Personal Anecdotes and ConclusionConnect with Paresh: https://www.linkedin.com/in/paresh-bhaya/Learn more about Natoma: https://www.natoma.id/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comKeywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Natoma, Paresh Bhaya, Artificial Intelligence, AI, AI Security, Identity and Access Management, IAM, Enterprise Security, AI Adoption, Technology, Innovation, Cybersecurity, Machine Learning, AI Risks, Secure AI, #idac