Identity at the Center

Jim and Jeff talk with Mary Writz, Vice President of Product Management at ForgeRock, about the challenges and thought process that goes into designing an identity product. Show Links: Connect with Mary on LinkedIn here: https://www.linkedin.com/in/marywritz/ Visit ForgeRock to learn more about what they offer: https://www.forgerock.com/ Ping Identity Identify 2020 Virtual Conference: https://www.pingidentity.com/en/events/identify.html Connect with Jim and Jeff on LinkedIn here: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show at www.IdentityAtTheCenter.comand follow @IDACPodcast on Twitter.

Jim and Jeff talk with David Doret, IT Risk & Cybersecurity: IAM & PAM Manager at BNP Paribas, and founder of the Open-Measure project about the initiative and his upcoming research about measuring IAM performance. Be sure to connect and follow David on LinkedIn to be notified when his research will be made publicly available. Show Links: Connect with David Doret: https://www.linkedin.com/in/daviddoret/ Open-Measure website: https://open-measure.atlassian.net/ Ping Identity Identify 2020 Virtual Conference: https://www.pingidentity.com/en/events/identify.html Connect with Jim and Jeff on LinkedIn here: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show at www.IdentityAtTheCenter.com and follow @IDACPodcast on Twitter.

David Pignolet, founder and CEO of SecZetta, dives into the intricacies of managing third-party identities. With extensive experience in identity governance, he discusses how non-employees differ from employees in terms of data and regulatory concerns. David highlights the need for a dedicated tool for non-employee records, the risks of manual processes, and the importance of continuous validation methods. He also shares insights into automating identity lifecycles and staying informed on identity topics, making for an engaging conversation on a complex issue.

Rebecca Nielsen, Director of Technology Integrations at PKH Enterprises, brings her expertise in PKI and federal frameworks to discuss Zero Trust and strong authentication. She clarifies the difference between Zero Trust hype and its strategic importance, outlining key components like identity management and behavior analytics. Rebecca also shares best practices for launching a Zero Trust program and delves into the nuances of 'strong' authentication, including MFA tradeoffs. Her insights offer a practical look at advancing security in today’s digital landscape.

Jim and Jeff talk with Jerod Brennen, Music Teacher and IAM Renaissance Man, about his IAM journey, Identity Centric Security, and some of the IAM education sessions that he has developed. Show Links: Connect with Jerod on LinkedIn here: https://www.linkedin.com/in/slandail/ LinkedIn Learning: https://www.linkedin.com/learning/instructors/jerod-brennen Webinar - Hacking Identity: The Good, Bad and Ugly of Identity-Centric Security Controls: https://www.brighttalk.com/webcast/18458/430843 Jerod's YouTube playlist: https://www.youtube.com/playlist?list=PLI0hoXtO7SA5Lq0rHrsT02SXWulm2Dal-       Adrian Crenshaw (IronGeek): https://twitter.com/irongeek_adc       Identity Defined Security Alliance: https://www.idsalliance.org/ IDPro Body of Knowledge: https://bok.idpro.org/ World Economic Forum paper: https://www.weforum.org/whitepapers/reimagining-digital-identity-a-strategic-imperative       McKinsey Digital report: https://www.mckinsey.com/business-functions/mckinsey-digital/our-insights/digital-identification-a-key-to-inclusive-growth       Connect with Jim and Jeff on LinkedIn here: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show at www.IdentityAtTheCenter.com and follow @IDACPodcaston Twitter.

Jim and Jeff talk with Frank Villavicencio, Head of Product for Shared Services at ADP, about the IAM user experience and how to optimize security and convenience. Connect with Frank on LinkedIn here: https://www.linkedin.com/in/fvillavicencio/ IDSA Webinar - Hacking Identity: The Good, Bad and Ugly of Identity-Centric Security Controls with Jerod Brennen of SailPoint: https://www.idsalliance.org/webinar-hacking-identity-the-good-bad-and-ugly-of-identity-centric-security-controls/ Connect with Jim and Jeff on LinkedIn here: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show at www.IdentityAtTheCenter.comand follow @IDACPodcast on Twitter.

In this discussion, Vittorio Bertocci, Principal Architect at Auth0 and an authority on identity experiences, shares his journey from computational geometry to identity innovation. He dives into the complexities of browser tracking, including how restrictions disrupt single sign-on flows. Vittorio outlines various tracking methods beyond cookies and addresses the tension between user privacy and advertising needs. He also reflects on the ethical implications of behavioral manipulation and the responsibilities developers face in creating secure identity solutions.

Julie Smith, the Executive Director of the Identity Defined Security Alliance, brings a wealth of experience in identity and IAM. She discusses the origins and mission of IDSA, emphasizing their focus on education and collaboration within security communities. Julie highlights the Identity-Defined Security Framework, sharing best practices and practical insights from customer stories like Adobe. They explore the importance of networking and the upcoming webinars, including a fascinating look at hacking identity to enhance security strategies.

Andrew Shikiar, Executive Director of the FIDO Alliance, dives into the mission to eliminate password-related breaches through innovative authentication. He discusses how FIDO uses public-key cryptography to enhance security and the challenges posed by sophisticated phishing attacks. Shikiar emphasizes the usability of FIDO solutions, such as biometrics and single-gesture authentication, and outlines major tech giants supporting its adoption. He also explores enterprise use cases and the benefits of cost savings from enhanced security measures.

Jim and Jeff tackle the complexities surrounding multifactor authentication (MFA) and the importance of robust security measures. They critique Instacart's PR response to credential issues, emphasizing the need for strong MFA adoption. A deep dive into various authentication methods reveals the pros and cons of each. They discuss innovative solutions like voice biometrics for users without smartphones and debate the challenges of user enrollment. They also highlight how security investments often surge after breaches, stressing the need for proactive education in the industry.