Identity at the Center

Join Ross Young, a seasoned cybersecurity leader and co-host of the CISO Tradecraft podcast, alongside G Mark Hardy, a veteran cybersecurity expert and instructor. They dive into pressing CISO concerns, including AI security, identity management, and the challenges of deep fakes. The duo discusses identity as the new perimeter in security and offers practical strategies for securing funding for identity initiatives. They also speculate on AI's impact on cybersecurity careers and share insights about non-human identities and the importance of governance.

In a fascinating discussion, Dr. Heiko Klarl reveals how Nexis enhances authorization governance for modern enterprises. He underscores the significance of visibility in identity systems and introduces the innovative Identity Visibility and Intelligence Platform. The conversation delves into Nexis's health check service, which identifies risks and minimizes unnecessary access, potentially saving on licensing costs. Listeners will learn how automation and integration streamline application onboarding and amplify the impact of identity programs.

Andrew Shikiar, Executive Director of the FIDO Alliance, shares insights from Authenticate 2025. With over 3 billion passkeys now securing accounts, he discusses their importance in the fight against phishing and the AI arms race. Andrew introduces the Passkey Index, aiming to streamline deployment benchmarks, and reveals FIDO's strategy to tackle challenges in digital credentials and wallet usability. He highlights global trends in passkey adoption and announces the exciting launch of Authenticate APAC in Singapore.

Dr. Tina Srivastava, PhD, a board member of IDPro and co-founder of Badge Inc., dives into the world of identity and AI. She explores the shift from physical hacks to AI-driven threats like supercharged phishing, emphasizing the urgent need for security evolution. Tina discusses the challenges of synced passkeys and vulnerabilities in account recovery. Additionally, she highlights the supportive IDPro community's role in combating these threats and announces new member-driven committees aimed at enhancing engagement and governance.

Bojan Simic, Co-founder and CEO of HYPR, is a former software engineer turned cybersecurity leader focused on passwordless authentication. He shares insights about the rise of passkey adoption and the complexities of authenticating AI agents. Bojan discusses the importance of continuous employee verification in remote work environments, highlighting the shortcomings of traditional methods amid evolving social engineering tactics. He advocates for a flexible identity strategy that accommodates 'identity sprawl' while ensuring secure, consistent authentication across various platforms.

Steve Rennick, Senior Leader for IAM Architecture at Ciena, dives into the fascinating world of Non-Human Identities (NHIs). He shares why traditional identity approaches often fall short for NHIs and highlights the urgent need for visibility and standardized processes. The conversation touches on the shift in threat actors' focus from human accounts to non-human ones, the complexities of managing service accounts, and the emerging challenges posed by AI. With practical advice for organizations tackling legacy issues, this discussion is a must-listen for identity practitioners.

Sebastian Rohr, Chief Troublemaker at Umbrella Labs, dives into the complexities of identity management. He shares insights from his extensive work on national ID systems and discusses the critical role of birth registration in developing countries. The conversation explores the challenges of biometric verification and biases inherent in AI systems. Sebastian also emphasizes the importance of community in identity work, even introducing the concept of "Identity Beer"! Plus, he reflects on the cultural significance of German Unification Day.

Eve Maler, founder and CEO of Venn Factory, is an identity industry veteran working to shift how CEOs view identity. She discusses the critical role of identity as a strategic asset amid rising AI and cybersecurity threats. Eve warns of increasing executive liability and the chaotic ownership of identity functions within organizations. She shares insights on how to escape organizational paralysis and emphasizes the nuances of valuing identities as corporate assets. The conversation closes with practical public speaking tips, blending serious insights with lighter notes.

This episode of the Identity at the Center podcast delves into the complex topic of death and the digital estate (DADE). Jim McDonald hosts Dean Saxe, Heather Flanagan, and Mike Kiser, who discuss the importance of planning for digital assets after death, the cultural implications of digital identity, and the evolving role of technology in managing these assets. They emphasize the need for individuals to take proactive steps in documenting their digital estate and the challenges posed by varying legal frameworks and cultural perspectives. The conversation also touches on the future of digital identity in the age of AI and the ethical considerations surrounding it.Episode Links:Death and the Digital Estate (DADE) Community Group: https://openid.net/cg/death-and-the-digital-estate/Connect with Dean: https://www.linkedin.com/in/deanhsaxe/Connect with Heather: https://www.linkedin.com/in/hlflanagan/Connect with Mike: https://www.linkedin.com/in/mike-kiser/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comChapters00:00 Introduction to Identity at the Center Podcast00:10 Introduction to the Death and Digital Estate (DADE) group03:07 The Role of Identity in Digital Estates06:01 Understanding Digital Estate and Its Components09:09 Community Groups vs. Working Groups in Standards11:59 The Importance of Digital Estate Management15:09 Cultural Perspectives on Digital Death18:12 Legal and Ethical Considerations in Digital Estates20:59 Future of Digital Estate Planning24:03 Conclusion and Call to Action31:33 Cultural Frameworks and Digital Estates35:12 The Importance of Protocols in Digital Estate Management39:30 Navigating Digital Wills and Estate Planning42:19 Challenges in Digital Recovery and Access45:18 Actionable Steps for Digital Estate Planning48:52 Personal Reflections on Digital Legacy50:57 The Future of Digital Remembrance54:25 Final Thoughts and Community EngagementKeywordsdigital estate, death, identity management, OpenID Foundation, digital assets, cultural perspectives, technology, legal considerations, AI, planning guide

This episode is sponsored by Hush Security. Visit hush.security/idac to learn more.In this sponsored episode of Identity at the Center, hosts Jeff Steadman and Jim McDonald spotlight Hush Security, a company emerging from stealth with an innovative approach to machine identity and access management. CEO and co-founder Micha Rave explains why traditional secrets vaults can’t keep up with today’s scale, what it means to truly go “secrets-free,” and how Hush enables visibility, governance, and operability for modern and legacy environments alike.Discover:The real difference between non-human identities and static keysWhy legacy secrets management is breaking in the cloud and automation ageHush Security’s journey from stealth mode to active customersThe business case for removing vaults (and the risks with “hope and prayer” key rotation)How to transition to policy-based access—and measurement metrics for successFun discussions on pancakes vs. waffles in security leadership (really!)Learn more about Hush Security and get a free environment assessment: hush.security/idacConnect with Micha: https://www.linkedin.com/in/micharave/Connect with IDAC on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.com#idac #identitymanagement #machineidentity #secretsmanagement #podcast #cybersecurity #JimMcDonald #JeffSteadman #HushSecurity #IdentityattheCenterChapters / Timestamps:00:00 - Welcome and Introduction (Hosts: Jeff and Jim)01:00 - Introducing Micha Rave and Hush Security03:00 - Micha’s Background and the Hush Team’s Journey06:00 - What Is Hush Security and Why Now?09:00 - Leaving Stealth Mode: Patents and Novel Approaches12:00 - What Makes Hush Special? Remediation vs. Visibility15:00 - Vaults vs. Secrets-Free Approach & Industry Gaps18:00 - Non-Human Identities: Static Keys, Secrets, and Access22:00 - Solving Problems Beyond Cloud: Custom vs. Packaged Software26:00 - The Scale of Machine Identity in the Cloud and Automation Age29:00 - Why Secrets Management Is Breaking and the Case for Policy-Based Access34:00 - From Scanning to Policy Enforcement: How Hush Works39:00 - Metrics, Success, and Executive Buy-in for Modern IAM43:00 - How to Get Started with Hush Security (Free Assessments)46:00 - Micha’s Conference Plans and Final Thoughts49:00 - Pancakes or Waffles?Keywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Hush Security, machine identity, secrets management, secrets vault, IAM, cybersecurity, sponsored episode, non-human identities, policy-based access, vault elimination, cloud security, automation, zero trust, Micha Rave, podcast, identity management