Identity at the Center

Mark Perry, APAC CTO at Ping Identity and identity expert, shares insights from his extensive career in federated identity and open banking. He emphasizes the need for empathy in design, urging that understanding user perspectives can enhance identity experiences. Mark discusses the balance between low friction and security, innovative consent management, and the future of open banking across different regions. He also critiques traditional authentication methods, advocating for passwordless solutions and highlights user experience as crucial for open banking adoption.

Darran Rolls, a seasoned identity and security expert and former SailPoint CISO, dives into pressing cyber challenges. He shares insights on the recent Twitter breach, emphasizing the critical role of insider access and zero trust. Darran discusses the staggering MGM data leak, potential nation-state motives, and the intricacies of threat modeling. He also explores how ITSM platforms can enhance identity governance and recounts his journey in the identity field. With plans for a new book, Darran inspires listeners to stay engaged with evolving identity standards.

In this discussion, Jackson Shaw, a veteran identity and access management professional, shares his fascinating journey from chemistry to IAM over 36 years. He dives into his experiences launching Active Directory at Microsoft and the skepticism he faced. Jackson highlights the evolving standards in IAM, the future of identity solutions like biometrics, and the importance of integrating IAM with ITSM platforms. He also provides valuable insights on simplifying IAM processes and offers recommendations for conferences and resources to deepen understanding in the field.

Phil Meneses, an identity security professional at Preempt, dives into the pressing issue of insider threats. He sheds light on the surprising statistics, revealing that 10% of users are labeled high-risk, and discusses the dangers of outdated protocols like NTLM and Kerberos. The conversation covers the need for proactive identity risk management, focusing on monitoring behaviors, maintaining password hygiene, and the vital role of identity in detecting and preventing breaches. Tune in for insights on automating alerts and identifying shadow admins!

Celebrate a year of engaging conversations with insights into the challenges of starting a podcast! Discover memorable listener feedback that shaped their journey. The hosts unveil a new website and share social media strategies to connect with their audience. They're targeting both IAM practitioners and newcomers, with plans to invite experts on niche topics. Additionally, hear about exciting future guests and the potential for live streams, all while emphasizing clear communication in the complex world of IAM.

Join Helio Gomez, an IAM architect with expertise in role mining and SailPoint, as he dives into the lessons learned from role mining in identity management. He defines role mining versus role engineering and discusses how it can streamline entitlements while enhancing user-friendliness. The conversation covers applying least privilege principles in role design, the distinctions between IT and business roles, and the importance of clean data for effective mining. Helio also emphasizes the need for ongoing role governance and realistic RBAC goals to ensure success.

In this conversation, Eve Maler, CTO at ForgeRock and founder of the User-Managed Access (UMA) workgroup, delves into the evolution of identity standards. She critiques the hype around blockchain identity and discusses the rise of consent failures, urging a rethinking of consent models. Eve also shares insights from the ForgeRock 2020 Consumer Identity Breach Report, linking breach costs to digital transformation trends. Plus, she previews her upcoming panel at Identiverse on next-gen authorization. Get ready for a fascinating journey through the IAM landscape!

Jim and Jeff dive into the world of Identity and Access Management (IAM), debating if drivers or requirements should come first. They explore insights from a LastPass report, showcasing varying IAM priorities across finance, IT, and media. The hosts outline five core drivers: compliance, efficiency, innovation, security, and user experience. They advocate for governance as both a driver and enabler, emphasizing the importance of RACI definitions. The discussion highlights how IAM helps businesses, improves security through targeted controls, and supports digital transformation initiatives.

Dive into the latest trends in Privileged Access Management (PAM) with insights on market growth driven by cloud and compliance needs. Explore the nuances of vendor messaging that often masks true capabilities. Jim and Jeff break down essential PAM functionalities, from managing privileged account lifecycles to implementing just-in-time access. They also highlight behavior analytics for risk detection and the competitive landscape, showcasing leaders like CyberArk while comparing strengths of others. Discover the key to choosing the right PAM solution tailored to your needs!

Dive into the intriguing findings of the 2020 Verizon Data Breach Investigations Report. Discover why credential theft is at the forefront, affecting a staggering 37% of breaches. The hosts discuss the differences in attack patterns between small businesses and enterprises, plus the risks of malware and phishing leading to credential compromises. Gain insights into the effectiveness of antivirus software and the complexities of removing local admin rights. They also explore how organizations typically detect breaches and the importance of risk conversations with leadership.