Identity at the Center

Join hosts Jeff Steadman and Jim McDonald for a special live episode recorded on location at Identiverse DC! In this interactive session, Jeff and Jim host a game of "Majority Rules," where the audience competes not to answer correctly, but to guess the most popular answer in the room.The game covers a wide range of topics, from the trivial (worst conference swag and the official uniform of an IAM architect) to the technical (securing API keys, the biggest bottlenecks in IGA, and the primary causes of role explosion).Things get intense halfway through with the introduction of the Battle Royale rules, where picking the minority answer sends a player's score back to zero. Watch to see who survives the explosions and takes home the grand prize.Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comChapter Timestamps00:00 Intro to Identity at the Center Live00:36 Explaining the Rules of Majority Rules04:25 Question 1: The Worst Conference Swag06:00 Question 2: Replying to Access Denied07:05 Question 3: AI in Identity Management08:40 Question 4: Favorite MFA Method10:12 Question 5: Least Favorite Auth Factor11:15 Turning up the Heat: Battle Royale Mode12:10 Question 6: Why RBAC is Difficult at Scale13:30 Question 7: The IAM Architect Uniform14:50 Question 8: Best Place to Hide a Secret16:15 Question 9: Protocols You Secretly Miss17:25 Question 10: Most Hated Specialized Key18:40 Question 11: Conference Responsibilities20:00 Question 12: Securing API Keys21:20 Question 13: Secrets to Surviving Keynotes22:55 Question 14: The Biggest Bottleneck in IGA24:45 Question 15: Causes of Role Explosion25:50 Question 16: What Breaks First After a Schema Update26:40 Final Question: Fastest Way to Confuse a User27:40 Crowning the WinnerKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Identiverse, Identiverse DC, IAM, Identity and Access Management, Cybersecurity, InfoSec Game Show, Live Podcast, Majority Rules, MFA, IGA, API Security, RBAC, Role Explosion, Tech Humor, Cyberrisk Alliance

Jeff and Jim come to you live from the expo floor at Identiverse DC 2025. They are joined by John DelMauro, Executive Vice President at Cyber Risk Alliance, to discuss the energy of regional events and how they differ from the massive Las Vegas gatherings.The group discusses the current state of the identity industry, the inevitable presence of AI in both marketing and event planning, and the "Identity at the Center" game show that took place earlier in the conference. John provides an exclusive look ahead at what is being planned for Identiverse in Las Vegas, including a new algorithmic approach to one-on-one networking, expanded pavilions, and potentially even puppies.Finally, the conversation shifts to a fun hypothetical: if money and logistics were no object, what kind of conference would each of them launch? The answers range from health and longevity in Austin to a technology expo in Japan.Connect with John: https://www.linkedin.com/in/john-del-mauro/Learn more about the CyberRisk Alliance: https://www.cyberriskalliance.com/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comChapter Timestamps00:00 Introduction and vibes from Identiverse DC00:52 Recapping the Majority Rules game show02:00 Introducing John DelMauro from Cyber Risk Alliance03:59 What is Cyber Risk Alliance?05:25 The benefits of regional events vs. Las Vegas09:15 Current themes: AI dominating the conversation13:21 How AI helps in planning and researching events15:50 Previewing Identiverse Las Vegas 202517:10 The new one-on-one networking algorithm22:15 Breaking news: Puppies at the conference?24:45 Hypothetical: What dream conference would you host?27:45 Jim's take on a longevity conference29:18 Jeff's dream of a tech nerd-con31:00 Closing thoughts and wrap upKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, John DelMauro, CyberRisk Alliance, Identiverse, Cybersecurity, Event Planning, Networking, InfoSec, AI in Events, Washington DC, Conference Trends

Tobin South, co-chair of the OpenID Foundation's AI Identity Management Community Group, dives into the future of identity management for agentic AI. He discusses the evolution of AI perceptions, particularly after ChatGPT, and explains the vital distinctions between users and AI agents. Tobin provides insights on the Model Context Protocol (MCP), emphasizing its role in safe automation and identity governance. He also tackles the challenges of impersonation versus delegation risks, while sharing practical advice for developers navigating the AI landscape.

David Goldschlag, CEO and co-founder of Aembit, discusses securing non-human access amidst the rise of AI agents. With a rich history that includes contributions to Tor, he highlights the critical flaws in using human credentials for AI, such as increasing theft risks and undermining security. David emphasizes the need for a shift to managing access policies and outlines real-world use cases in finance and retail. He also explores hybrid versus autonomous agents, the importance of audit measures, and offers practical advice for identity practitioners navigating this rapidly evolving landscape.

In this episode of The Identity at the Center Podcast, hosts Jim McDonald and Jeff Steadman catch up with John Tolbert, Director of Cybersecurity Research at KuppingerCole Analysts, to talk about the rapidly evolving world of Fraud Reduction Intelligence Platforms (FRIP).They explore:The six capabilities of modern fraud reduction systemsHow AI and machine learning are both helping and hurting fraud preventionWhy shared signals and orchestration are critical for financial and e-commerce use casesHow identity verification, device intelligence, and behavioral biometrics work togetherThe role of usability and integration in FRI adoptionPlus, stick around for a fun discussion about concerts, classic rock, and which legendary bands they wish they’d seen live.Listen now to learn how identity, fraud, and AI are colliding — and what’s next for fraud intelligence.Connect with John: https://www.linkedin.com/in/john-tolbert/Fraud Reduction Intelligence Platforms - Finance (KuppingerCole Report): https://www.kuppingercole.com/research/lc80841/fraud-reduction-intelligence-platforms-financeFraud Reduction Intelligence Platforms - eCommerce (KuppingerCole Report): https://www.kuppingercole.com/research/bc81030/fraud-reduction-intelligence-platforms-ecommerceConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comChapter Timestamps:00:00 – Jim’s passwordless rant and setup woes05:00 – Introducing guest John Tolbert06:30 – Catching up: four years since John’s last appearance07:30 – What is CIAM and how has it evolved?09:30 – Understanding Fraud Reduction Intelligence Platforms (FRIP)10:00 – The six core capabilities of FRI solutions13:00 – Are most vendors point solutions or full platforms?14:00 – How identity verification is improving16:00 – SaaS and API-driven fraud detection models18:00 – What kinds of fraud can (and can’t) FRI prevent?21:00 – The growing problem of bots and automation22:00 – Fraud trends in finance: scams, account takeovers, and synthetic identities25:00 – Information sharing and the role of shared signals28:00 – Collaboration vs. competition in fraud prevention31:00 – Fraud in e-commerce: bots, loyalty points, and returns abuse34:00 – Streaming and citizen fraud use cases36:00 – Where do FRI capabilities fit within IAM platforms?43:00 – The importance of orchestration and integration44:30 – The role of AI and ML in fraud prevention47:30 – Smart questions for evaluating FRI vendors50:30 – Concert talk: Pink Floyd, Metallica, and the ones that got away58:00 – Wrap-up and where to find John Tolbert’s reportsKeywords:Fraud Reduction Intelligence, FRI Platforms, John Tolbert, KuppingerCole, Identity at the Center, IDAC, IAM, CIAM, Cybersecurity Research, Fraud Prevention, Machine Learning, Artificial Intelligence, Behavioral Biometrics, Device Intelligence, Identity Verification, Risk Orchestration, API Security, Financial Fraud, E-Commerce Fraud, Shared Signals, Jim McDonald, Jeff Steadman, IDAC Podcast

In this engaging discussion, Mike Reiring, a Principal at RSM with a focus on managed services, dives into how MSPs are evolving in the tech landscape. He highlights the critical differences between MSPs and MSSPs, stressing the importance of choosing a partner that values transparency and cultural fit. The conversation also explores the impact of AI on help desks and problem management, as well as the challenges of vendor gaps and identity risk. Mike shares his passion for photography, linking creativity to tech and continuous learning.

Join Ross Young, a seasoned cybersecurity leader and co-host of the CISO Tradecraft podcast, alongside G Mark Hardy, a veteran cybersecurity expert and instructor. They dive into pressing CISO concerns, including AI security, identity management, and the challenges of deep fakes. The duo discusses identity as the new perimeter in security and offers practical strategies for securing funding for identity initiatives. They also speculate on AI's impact on cybersecurity careers and share insights about non-human identities and the importance of governance.

In a fascinating discussion, Dr. Heiko Klarl reveals how Nexis enhances authorization governance for modern enterprises. He underscores the significance of visibility in identity systems and introduces the innovative Identity Visibility and Intelligence Platform. The conversation delves into Nexis's health check service, which identifies risks and minimizes unnecessary access, potentially saving on licensing costs. Listeners will learn how automation and integration streamline application onboarding and amplify the impact of identity programs.

Andrew Shikiar, Executive Director of the FIDO Alliance, shares insights from Authenticate 2025. With over 3 billion passkeys now securing accounts, he discusses their importance in the fight against phishing and the AI arms race. Andrew introduces the Passkey Index, aiming to streamline deployment benchmarks, and reveals FIDO's strategy to tackle challenges in digital credentials and wallet usability. He highlights global trends in passkey adoption and announces the exciting launch of Authenticate APAC in Singapore.

Dr. Tina Srivastava, PhD, a board member of IDPro and co-founder of Badge Inc., dives into the world of identity and AI. She explores the shift from physical hacks to AI-driven threats like supercharged phishing, emphasizing the urgent need for security evolution. Tina discusses the challenges of synced passkeys and vulnerabilities in account recovery. Additionally, she highlights the supportive IDPro community's role in combating these threats and announces new member-driven committees aimed at enhancing engagement and governance.