Identity at the Center

This episode is sponsored by Hush Security. Visit hush.security/idac to learn more.In this sponsored episode of Identity at the Center, hosts Jeff Steadman and Jim McDonald spotlight Hush Security, a company emerging from stealth with an innovative approach to machine identity and access management. CEO and co-founder Micha Rave explains why traditional secrets vaults can’t keep up with today’s scale, what it means to truly go “secrets-free,” and how Hush enables visibility, governance, and operability for modern and legacy environments alike.Discover:The real difference between non-human identities and static keysWhy legacy secrets management is breaking in the cloud and automation ageHush Security’s journey from stealth mode to active customersThe business case for removing vaults (and the risks with “hope and prayer” key rotation)How to transition to policy-based access—and measurement metrics for successFun discussions on pancakes vs. waffles in security leadership (really!)Learn more about Hush Security and get a free environment assessment: hush.security/idacConnect with Micha: https://www.linkedin.com/in/micharave/Connect with IDAC on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.com#idac #identitymanagement #machineidentity #secretsmanagement #podcast #cybersecurity #JimMcDonald #JeffSteadman #HushSecurity #IdentityattheCenterChapters / Timestamps:00:00 - Welcome and Introduction (Hosts: Jeff and Jim)01:00 - Introducing Micha Rave and Hush Security03:00 - Micha’s Background and the Hush Team’s Journey06:00 - What Is Hush Security and Why Now?09:00 - Leaving Stealth Mode: Patents and Novel Approaches12:00 - What Makes Hush Special? Remediation vs. Visibility15:00 - Vaults vs. Secrets-Free Approach & Industry Gaps18:00 - Non-Human Identities: Static Keys, Secrets, and Access22:00 - Solving Problems Beyond Cloud: Custom vs. Packaged Software26:00 - The Scale of Machine Identity in the Cloud and Automation Age29:00 - Why Secrets Management Is Breaking and the Case for Policy-Based Access34:00 - From Scanning to Policy Enforcement: How Hush Works39:00 - Metrics, Success, and Executive Buy-in for Modern IAM43:00 - How to Get Started with Hush Security (Free Assessments)46:00 - Micha’s Conference Plans and Final Thoughts49:00 - Pancakes or Waffles?Keywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Hush Security, machine identity, secrets management, secrets vault, IAM, cybersecurity, sponsored episode, non-human identities, policy-based access, vault elimination, cloud security, automation, zero trust, Micha Rave, podcast, identity management

In this episode of the Identity at the Center podcast, hosts Jeff and Jim dive into the concept of device identity within a Zero Trust framework. They are joined by Shea McGrew, CTO of Maricopa County Arizona, who provides insights into the importance of managing not just human but also device identities. The discussion explores the philosophical debate on whether machines can have identities, Zero Trust principles, and their application in a diverse and semi-autonomous organizational structure like that of the county government. Shea also shares her career journey, emphasizing the importance of curiosity, customer service, and continuous learning in IT. The episode wraps up with a light-hearted conversation on the never-ending pursuit of knowledge.Connect with Shea: https://www.linkedin.com/in/shea-m-6b82a36/Timestamps:00:00 Introduction and Podcast Theme00:17 Defining Identity in Cybersecurity01:34 Debate: Can Non-Humans Have Identities?01:57 Guest Introduction: Shea McGrew04:15 Shea's Career Journey and Role as CTO09:28 Challenges and Rewards of Being a CTO11:41 Identity Strategy at Maricopa County14:48 Device Identity and Zero Trust Architecture29:56 Managed vs. Unmanaged Devices40:15 Understanding the NIST Framework42:52 Balancing Technology and People43:58 Training and Partner Collaboration48:03 Organizational Change Management50:40 Future of Device Identity54:40 Debating Machine Identity01:06:36 Curiosity as an Olympic Sport01:13:00 Conclusion and Final ThoughtsConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

Join Jeff Steadman and Jim McDonald for the September 2025 mailbag episode of Identity at the Center! This episode features listener questions from around the world about digital identity, trust, technology challenges, inclusion, biometrics, and even a candid discussion on air travel etiquette. Whether you're new to IAM or a veteran, you'll find practical advice and real stories. Plus, hear shout-outs to our global community and learn what’s coming up for the podcast team, including conferences and game shows. Don’t forget to leave your thoughts or questions in the comments—let’s keep the conversation going!Chapter Timestamps:00:00 - Intro & Community Shout-Outs04:00 - Upcoming Conferences & Discount Codes07:00 - What the Podcast Is All About08:40 - Mailbag Intro: Listener Questions From Around the World09:20 - Engaging IT with IAM Concepts (Matt in Maine)13:20 - Building Trust in Digital Identity (Amara in India)18:30 - Practical Challenges for Large Programs (Sophie in France)25:45 - Digital Identity and the Unconnected (Jonas in Germany)33:15 - Biometric Data & Security Pros/Cons (Rachel in Canada)39:45 - Air Travel Etiquette: From Shoes Off to Elbow Room48:10 - Outro & ThanksConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, mailbag, listener questions, digital identity, IAM, identity and access management, trust, technology inclusion, biometrics, air travel etiquette, conferences, community, YouTube, podcast, global audience, #idac

This episode is sponsored by SGNL. Visit sgnl.ai/idac to learn more.In this sponsored episode of Identity at the Center podcast, hosts Jeff and Jim discuss hot trends in the identity space, focusing on continuous identity with their guest Erik Gustavson, co-founder and CPO at SGNL. Erik shares his journey into the IAM space, exploratory projects, the thought processes behind SGNL’s continuous identity solutions, and provides insights on how SGNL’s approach integrates with existing identity and security tools. He delves into trends such as the convergence of identity and security, the generational change in identity tech, and the practical use cases SGNL addresses. The episode concludes with a light-hearted conversation about the perfect meal for Jeff, reflecting Eric's passion for cooking.Connect with Erik: https://www.linkedin.com/in/erikgustavson/Learn more about SGNL: https://sgnl.ai/idacTimestamps00:00 Introduction and Episode Overview00:36 Sponsor Spotlight: SGNL01:10 Guest Introduction: Erik Gustavson01:41 Eric's Journey into the IAM Space05:47 Role of a Chief Product Officer07:54 The Concept of Continuous Identity20:26 Data Integration and Policy Enforcement26:40 Target Audience for SGNL29:42 Introduction to SGNL’s Ecosystem30:13 Complementing Existing Systems30:44 Challenges with Current Identity Solutions33:27 New Trends in Authorization Management34:09 Aligning with AMP and PBA37:58 Use Cases and Real-World Applications46:31 What Sets SGNL Apart48:37 Future Trends in Identity and Security52:35 A Lighter Note: Cooking and Personal Interests58:32 Conclusion and Final ThoughtsConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.com

Nishant Kaushik, CTO at the FIDO Alliance and expert in digital identity, shares valuable insights into the future of authentication. He discusses the rise of passkeys and the importance of community in improving identity security. Nishant addresses common concerns regarding passkey adoption and emphasizes the need for comprehensive security frameworks. The conversation also highlights ongoing challenges in identity verification and the evolving landscape of IAM policies, stressing the role of collaboration and innovation in tackling these issues.

In this episode of the Identity at the Center podcast, hosts Jeff and Jim engage in an insightful conversation with Darren Rolls, a veteran in the Identity and Access Management (IAM) field. They discuss the complexities of identity fabrics, the evolving landscape of IAM, the impact of AI, and the challenges of integrating new technologies with legacy systems. Darren shares his thoughts on upcoming trends, practical advice for IAM practitioners, and even his personal experience with kite surfing. Tune in to gain expert perspectives on the future of IAM and the significance of continuous learning and adaptation in this dynamic field.Connect with Darran: https://www.linkedin.com/in/darran-rolls/Identity Innovations Blog: https://identityinnovationlabs.com/identity-insights/Chapters00:00 Introduction and Casual Banter00:17 Discussing Identity Fabrics and Leadership Compass03:19 Upcoming Conferences and Events05:32 Interview with Darren Rolls: Identity Management Journey09:09 Evolution and Challenges in Identity Management24:41 Future of Identity Management and AI32:05 The Future of IAM in the Age of AI33:12 The Rise of Agent-Based Applications34:12 Challenges in Identity and Access Management35:31 Exploring Vibe Coding and AI Utilities38:09 Monitoring and Telemetry in IAM40:17 The Evolution of Identity Management42:05 The Role of Laws in IAM Architecture46:16 Balancing Legacy Systems with Future Innovations51:39 Kite Surfing Adventures and Reflections59:01 Closing Thoughts and Future EngagementsConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

Sponsored by Axonius. Visit https://www.axonius.com/idac to learn more.In this sponsored episode of the Identity at the Center Podcast, hosts Jeff and Jim talk with Amir Ofek, the CEO of AxoniusX, about the company's innovative solutions in identity and access management (IAM). The discussion covers Amir's journey into IAM, the unique challenges of managing identities, and how AxoniusX's data-driven approach provides comprehensive visibility and intelligence. The episode breaks down various use cases, the importance of identity hygiene, automation of identity processes, and the newly recognized identity visibility and intelligence platform (IVIP) by Gartner.Timestamps:00:00 Introduction and Episode Overview00:57 Guest Introduction: Amir, CEO of AxoniusX01:12 Amir's Journey into Identity Access Management02:40 Understanding Axonius and AxoniusX08:03 The Importance of Identity Visibility and Intelligence11:48 Challenges in Identity Management22:10 Axonius's Approach to Identity Visibility26:35 Leveraging AI and Machine Learning in Identity Management31:18 Understanding Permission Changes and Their Importance32:10 The Role of Observability in Axonius32:37 Driving Actions with Axonius33:30 Common Use Cases and Workflows35:19 Axonius as a Swiss Army Knife36:16 Ease of Use and AI Integration38:49 Starting with Axonius and Measuring Value43:42 Future Directions for Axonius49:49 The Identity Community and Upcoming Events51:23 Skiing Adventures and Tips57:54 Conclusion and Final ThoughtsConnect with Amir: https://www.linkedin.com/in/amirofek/Learn more about Axonius: https://www.axonius.com/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.com

In this episode of the Identity at the Center Podcast, hosts Jeff and Jim dive into the critical intersection of cloud security and identity and access management (IAM). They are joined by experts from RSM Justin Devine, Cloud Transformation Director, and Vaishnavi Vaidyanathan, Digital Identity Director, to discuss the challenges and strategies involved in explaining complex identity topics in business terms to executives. The conversation covers the integration of IAM with cloud initiatives, the importance of automation and governance, and actionable steps for improving cloud security and identity management. The episode also touches on the evolving role of identity in cybersecurity and offers practical advice for organizations undergoing cloud migrations.Connect with Justin: https://www.linkedin.com/in/justindevine/Connect with Vaishnavi: https://www.linkedin.com/in/vaishnavi-vaidyanathan-6913072b/Learn more about RSM:Digital Identity consulting: https://rsmus.com/services/risk-fraud-cybersecurity/cybersecurity-business-vulnerability/identity-and-access.htmlSecure Cloud: https://rsmus.com/services/risk-fraud-cybersecurity/cybersecurity-business-vulnerability/secure-cloud.htmlCheck out more RSM & IDAC episodes: https://rsmus.com/insights/services/risk-fraud-cybersecurity/IDAC-podcast-featuring-RSMs-digital-identity-team.htmlChapters00:00 Introduction and Banter00:37 Explaining Identity in Business Speak04:03 Conference Season and Upcoming Events06:19 Intersection of Cloud Security and IAM07:05 Guest Introductions: Justin and Vaishnavi07:37 Vaishnav's Journey in Identity12:20 Justin's Background and Cloud Security14:32 Cloud and IAM Strategies29:28 Challenges in Identity Management30:09 Identity Orchestration and Cloud Transformation31:07 Modernizing Identity for Cloud Adoption33:03 Importance of Identity in Advanced Cloud Implementations37:28 Identity Security and Monitoring in the Cloud41:34 Practical Advice for Cloud and Identity Management53:23 Music Preferences and Final ThoughtsConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

Anthony Viggiano, an IAM leader and member of the Identity Underground and IDPro, shares his deep expertise on Identity and Access Management. He delves into the challenges of making access reviews effective and how to future-proof IAM programs. Anthony discusses the importance of role-based and attribute-based access control, emphasizing the need for clearer communication in identity governance. He also makes a quirky analogy between managing identities and mountain biking, offering tips for beginners along the way. A blend of insights and personal anecdotes awaits!

This episode is sponsored by P0 Security. Visit p0.dev/idac to learn why P0 is the easiest and fastest way to implement just-in-time, short-lived, and auditable access to your entire infrastructure stack, like servers, databases, Kubernetes clusters, cloud consoles, and cloud services, for users as well as non-human identities.In this sponsor spotlight episode, Jim and Jeff are joined by Shashwat Sehgal, CEO and founder of P0 Security, to discuss the evolving challenges of privileged access management in modern, cloud-native environments. Shashwat explains how traditional PAM solutions often create friction for developers, leading to over-provisioning and security risks, and how P0 is tackling this problem with a developer-first, just in time (JIT) access model. The conversation covers the core problems with developer productivity, how P0's use of technologies like eBPF provides deep visibility and control without agents, the "Priority Zero" philosophy, and how a JIT approach simplifies audits and compliance. They also discuss the competitive landscape and what sets P0 Security apart from traditional and open-source solutions.Learn more about P0: https://www.p0.dev/idacConnect with Shashwat: https://www.linkedin.com/in/shashwatsehgal/Chapter Timestamps:00:00 - Podcast Intro00:29 - Sponsor Introduction: P0 Security01:38 - What is the problem P0 Security is trying to solve?03:52 - Defining "Just-in-Time" (JIT) Access06:21 - The challenge with traditional PAM for developers08:23 - How P0 provides access without agents using eBPF12:15 - What does the user experience look like?15:58 - Supporting various infrastructure and access protocols19:15 - How does P0 handle session recording and auditing?22:20 - Is this a replacement for Privileged Access Management (PAM)?26:40 - The story behind the name P0 Security29:20 - Who is the ideal customer for P0?33:15 - Handling break-glass scenarios36:04 - Discussing the competitive landscape42:30 - How is P0 deployed? (Cloud vs. On-prem)46:50 - The future of P0 and the "Priority Zero" philosophy50:32 - Final thoughts: "Access is our priority zero."Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywords:P0 Security, Shashwat Sagal, Privileged Access Management, PAM, Just-in-Time Access, JIT, Developer Security, Cloud-Native Security, Hybrid Cloud, eBPF, Kubernetes, IAM, Identity and Access Management, Cybersecurity, Zero Trust, Ephemeral Access, Developer Experience, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald