Identity at the Center

In this episode of the Identity at the Center podcast, Jim McDonald speaks with Brandon Pinzon, an Insurance Industry Cybersecurity Executive, about the evolving landscape of identity management. They discuss Brandon's journey into digital identity, the role of identity management within organizations, and the unique challenges faced by the insurance industry. The conversation also delves into the intersection of compliance and security, highlighting the importance of understanding risk in the identity space. In this conversation, Brandon discusses the critical relationship between risk management and compliance in cybersecurity, emphasizing the importance of understanding and quantifying risk. He explores the evolving landscape of cyber insurance, highlighting the need for identity practitioners to be proactive in managing risks and building relationships with financial stakeholders. The discussion also touches on the necessity of cyber insurance for various organizations and concludes with insights into the vibrant cybersecurity community in San Antonio. 00:00 Podcast Introduction and Host Update 01:23 Upcoming Conferences and Discount Codes 02:29 Guest Introduction: Brandon Pinzon 03:02 Brandon's Identity Origin Story 05:25 Debate: Where Does Identity Management Belong? 13:45 Pros and Cons of CISO Responsibility for Identity 21:16 Identity in the Insurance Industry 29:52 Addressing Legacy Systems in Financial Institutions 31:38 Compliance vs. Security in Financial Services 35:33 Understanding and Quantifying Risk 38:33 The Role of Cyber Insurance 54:28 San Antonio: A Hub for Cybersecurity Connect with Brandon: https://www.linkedin.com/in/bpinzon/ Gartner IAM Summit - Save $375 on registration using our exclusive code IDAC375: https://www.gartner.com/en/conferences/na/identity-access-management-us Semperis’ Hybrid Identity Protection Conference (HIP Conf) - Use code IDACpod for 20% off: https://www.hipconf.com/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com and watch at https://www.youtube.com/@idacpodcast Keywords identity management, cybersecurity, insurance industry, compliance, digital identity, CISO, identity governance, user experience, risk management, financial services, risk management, compliance, cyber insurance, identity management, cybersecurity, threat modeling, risk assessment, business continuity, data protection, security strategy

In this episode of the Identity at the Center podcast, Jim McDonald is joined by Eve Maler to explore a provocative topic—"Consent is Dead." Eve shares insights from her recent keynote at the European Identity and Cloud Conference (EIC) in Berlin, where she unpacked the failures of consent-based systems in protecting user privacy. They discuss why the "I agree" button has lost its meaning, even in regions with strong data protection laws like GDPR, and how users' personal information is monetized through identity resolution technologies. Eve reveals how identity professionals often overlook the world of identity resolution, which operates without a direct relationship with users. She emphasizes the importance of IAM professionals understanding the deep monetization of personal data and the critical need to improve systems of privacy, consent, and security. They also touch on the role of AI in authorization decisions and the balance between explainability and automation in future IAM systems. Chapters 00:00 Introduction and Context 03:01 Eve Maler's Journey in Identity 09:53 Exploring Personhood and Verifiable Credentials 12:52 Identity Verification and AI Threats 25:13 The State of Consent in Digital Identity 30:42 GDPR and Its Implications 39:53 The Future of AI in IAM 45:05 AuthZen Working Group Update 55:23 Non-Human Identities and IoT 01:02:52 Closing Thoughts and Future Directions 01:04:03 Fingerprint City Outro.mp4 Connect with Eve: https://www.linkedin.com/in/evemaler/ Venn Factory: https://www.vennfactory.com/ Personhood: The Killer Credential? (blog by Eve): https://workshop.vennfactory.com/p/personhood-the-killer-credential Death and the Digital Estate (blog by Eve): https://workshop.vennfactory.com/p/death-and-the-digital-estate From Chance to Control (blog by Eve): https://workshop.vennfactory.com/p/from-chance-to-control Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com and watch at https://www.youtube.com/@idacpodcast

In this Token Identity sponsored episode of the Identity at the Center podcast, hosts Jeff and Jim welcome Ido Shlomo, co-founder and CTO of Token Security, to discuss the vital and often overlooked topic of non-human identities or machine identities within organizations. The conversation covers how machine identities differ from human identities, the unique challenges they pose, and how Token Security aims to address these issues. Ido shares his personal journey into the cyber-security field, real-life case studies, and details about Token Security's approach to managing and securing machine identities. The episode also delves into the implementation and ROI of their solution and touches on lighter topics like online gaming. 00:00 Welcome to the Identity at the Center Podcast 03:14 Guest Introduction: Ido Shlomo from Token Security 03:35 Ido Shlomo's Journey into Identity Security 06:04 Understanding Token Security's Mission 07:37 Challenges in Machine Identity Management 10:08 Defining Non-Human Identity 11:32 The Story Behind Token Security's Name 13:35 Token Security's Unique Value Proposition 20:20 Real-Life Case Study: The Importance of Non-Human Identity Security 22:05 Narrowing Down the Machines 22:15 Identifying the Compromised Machine 22:26 GitHub Report and API Key 22:34 Event Resolution and Success 22:39 Human vs Non-Human Identity 22:56 Technology Differences and Case Study 23:23 Implementing the Solution 23:46 Philosophy of Software Development 24:28 Integration and Deployment 26:09 Building an Inventory 26:31 Reducing Risk and Lifecycle Process 28:05 Attribution and Data Collection 30:02 Learning More and ROI 34:22 Online Gaming and Personal Insights 34:47 Gaming Personas and Preferences 36:34 Gaming Memories and Character Classes 40:33 Wrapping Up and Final Thoughts Connect with Ido: https://www.linkedin.com/in/ido--shlomo/ Learn more about Token Security: https://www.token.security/?utm_medium=idac&utm_source=website&utm_campaign=Sep_podcast&utm_content=sponsor_page Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and watch at https://www.youtube.com/@idacpodcast

In this episode of the Identity at the Center podcast, Jeff and Jim discuss how to make the business case for IAM and determining the return on investment (ROI). Joined by Andre Koot, they delve into the need for a compelling business case to drive IAM investments. The conversation covers the quantitative and qualitative aspects of ROI, and the importance of stakeholder communication. 00:00 Welcome to the Identity at the Center Podcast 01:39 Training and Professional Development in IAM 03:58 Upcoming Conferences and Events 07:51 The Business Case for IAM 12:51 IAM: Financial and Non-Financial Perspectives 23:08 Calculating Return on Investment in IAM 28:59 Hard Dollars vs. Soft Dollars 30:11 Dollarizing Non-Savings Benefits 31:40 Challenges in ROI Calculations 34:07 Quantifiable vs. Non-Quantifiable Benefits 37:14 ROI in Different Organizational Contexts 39:50 Insourcing vs. Outsourcing 49:02 Communicating ROI Effectively 54:10 Language Nuances and Cultural Context 01:01:35 Conclusion and Final Thoughts Connect with Andre: https://www.linkedin.com/in/meneer/ The Business Case for IAM (IDPro): https://bok.idpro.org/article/id/97/ Strategic Alignment and Access Governance (IDPro): ****https://bok.idpro.org/article/id/90/ Authenticate Conference - Use code IDAC15 for 15% off: https://authenticatecon.com/event/authenticate-2024-conference/ SailPoint Navigate - October 21-24 in Orlando, FL - Use code IDAC for a $400 discount Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com and watch at https://www.youtube.com/@idacpodcast

In this comprehensive episode of the Identity at the Center podcast, hosts Jeff and Jim explore the foundations and sustainability of effective Identity and Access Management (IAM) programs. They delve into the essential elements of setting up an IAM program, including the importance of executive buy-in, phased implementation strategies, the significance of governance, and adapting to evolving business needs. The discussion also emphasizes the need for continuous enhancements and future-proofing IAM systems by budgeting for updates and choosing dependable managed service partners. Practical advice is offered throughout, ensuring listeners have the tools to start and maintain a successful IAM program. The episode wraps up with a recap of ten crucial steps for IAM implementation and lighter conversations about recent personal trips. 00:00 Introduction and Podcast Setup 01:30 Technical Difficulties and Recording Challenges 04:23 Conferences and Upcoming Events 05:55 Starting an IAM Program 10:34 Assessing Current IAM Capabilities 22:37 Building a Cross-Functional IAM Team 30:56 Choosing the Right IAM Technology 43:02 Starting with Phase One 43:44 Planning for Compliance and Cyber Insurance 46:25 User Experience in IAM Implementation 49:18 Workforce vs. Customer Identity Management 57:46 Governance, Policies, and Metrics 01:09:31 Maintaining and Evolving IAM Programs 01:16:03 Final Thoughts and Recap Authenticate Conference - Use code IDAC15 for 15% off: https://authenticatecon.com/event/authenticate-2024-conference/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com and watch at https://www.youtube.com/@idacpodcast

In this sponsored episode of the Identity at the Center podcast, brought to you by Panini, hosts Jeff and Jim interview Marta Nappo, the Strategic Marketing and Business Development Director at Panini. Marta discusses Panini's evolution from a leading check scanner company to entering the identity verification market with their new solution called BioCred. Panini, a company with 79 years of history, is launching a patented method for biometric credential verification aimed at financial services and healthcare sectors, among others. Marta shares insights into Panini's approach to privacy by not storing personal data on servers and highlights the potential of their cloud-based infrastructure to integrate into customer workflows. The conversation touches on the benefits of reliable biometric authentication in reducing fraud, improving customer experience, and enhancing operational efficiency. They also explore use cases in financial services, healthcare, and more. 00:00 Welcome to the Identity at the Center Podcast 02:44 Meet Marta Nappo 03:02 Marta's Career Journey 05:20 Panini's New Identity Solution: BioCred 06:11 Global Expansion and Market Presence 08:18 Identity Verification Challenges and Solutions 11:58 Privacy and Data Security 15:28 Future of Identity Verification 21:58 Customer Feedback and Future Plans 25:01 Initial Impressions and Expectations 25:26 Lowering Barriers and Building Trust 26:07 Market Growth and Challenges 27:05 Real-World Use Cases 28:05 Identity Verification in Various Sectors 35:24 Measuring Success and Benefits 38:53 Volleyball and Life Lessons 45:24 Fun with Volleyball and Dogs 46:47 Conclusion and Farewell Learn more about Panini: https://www.panini.com/ Connect with Marta: https://www.linkedin.com/in/martanappo/ Dog playing volleyball: https://youtube.com/shorts/QSCMJQo6kps?si=CN-2lGTEx0T4nBAC Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and watch at https://www.youtube.com/@idacpodcast

In this episode of the Identity at the Center podcast, Jeff and Jim are live at the Identity Week America conference in Washington, DC. Welcoming Ryan Galluzzo, Identity Management Program Lead at NIST, they dive into recent NIST updates, including a mobile driver's license project, changes in public comment and revision processes, and the significance of user-controlled wallets. They also touch on self-sovereign identity, risk management, evolution in identity assurance levels, and the vital role of continuous evaluation and improvement. The episode concludes with a light-hearted discussion on the inquisitive nature of children and the spontaneous, enriching conversations that happen at industry conferences. 00:00 Welcome to Identity at the Center Podcast 01:26 Conference Highlights and Networking 02:47 Panel Discussions and Key Takeaways 05:07 Mobile Driver's License Project 07:09 Public Comment Draft and Feedback 11:40 Self-Sovereign Identity and Trust Issues 16:41 NIST Guidance and Risk Management 28:47 Introduction to RMF and Assurance Levels 29:05 Contextualizing Assurance Levels for Different Users 30:25 Continuous Evaluation and Improvement 34:28 User-Controlled Wallets and Federation 35:59 Account Recovery and Assurance Levels 37:18 Overview of NIST 800-63 Documents 51:25 Existential Questions and Personal Anecdotes 55:25 Conclusion and Final Thoughts Connect with Ryan: ⁠https://www.linkedin.com/in/ryan-galluzzo-a100563b/⁠ Authenticate Conference - Use code IDAC15 for 15% off: ⁠https://authenticatecon.com/event/authenticate-2024-conference/⁠ Connect with us on LinkedIn: Jim McDonald: ⁠https://www.linkedin.com/in/jimmcdonaldpmp/⁠ Jeff Steadman: ⁠https://www.linkedin.com/in/jeffsteadman/⁠ Visit the show on the web at ⁠http://idacpodcast.com⁠ and watch at ⁠https://www.youtube.com/@idacpodcast

Deneen DeFiore, Chief Information Security Officer at United Airlines, shares her journey from General Electric to managing customer identity in aviation. She discusses the evolution of identity management and its impact on user experience. Deneen emphasizes building high-performing teams and the balance between technical expertise and business leadership. The conversation also covers the future of identity, focusing on biometrics and AI. They lighten up with charming insights about Cincinnati's local traditions and culture.

In this sponsored episode of the Identity at the Center Podcast, hosts Jeff and Jim speak with Nitin Sonawane, Chief Product Officer and Co-Founder of Zilla Security. Nitin shares insights about disrupting the identity security and governance space with innovative solutions such as Zilla Universal Sync (ZUS) and how AI and ML can streamline and enhance access reviews and compliance. The discussion covers the evolution of identity governance, the integration challenges, and the novel approaches Zilla Security is adopting to make organizations more secure and efficient. They also touch upon the personal side, diving into Nitin's passion for astronomy and his impressive experiences with telescopic observations. Tune in for a deep dive into the future of identity governance and the potential of leveraging data for better security outcomes. 00:00 Introduction 01:21 Welcome to the Identity at the Center Podcast 01:55 Spotlight on Zilla Security 02:23 Meet Nitin Sonawane 03:36 The Role of a Chief Product Officer 04:44 Overview of Zilla Security 07:16 Challenges in Identity Governance 10:32 Innovations with Zilla Universal Sync (ZUS) 22:45 Future of AI in Identity Governance 33:16 Balancing Security and Compliance 34:43 The Role of Automation in Compliance 36:41 AI's Impact on Security and Compliance 39:14 Risk Management and Identity 40:59 Streamlining Access and Approvals 44:47 Leveraging Data for Risk Reduction 50:29 Future of Identity and AI 53:32 Astronomy and Identity 01:01:04 Conclusion and Contact Information Connect with Nitin: https://www.linkedin.com/in/nitin-sonawane-0743b/ Learn more about Zilla Security: https://zillasecurity.com/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and subscribe to our YouTube channel at idacpodcast.tv

In this episode of the Identity at the Center podcast, Jeff and Jim discuss the intricacies of authentication with Andrew Shikiar, Executive Director and CEO of the FIDO Alliance. The conversation covers various aspects of authentication including different use cases, the importance of passkeys, and regional adoption trends. They also highlight the upcoming Authenticate 2024 conference in Carlsbad, California, emphasizing its unique value for identity experts and practitioners. Listeners are encouraged to take advantage of early bird pricing and discount codes for the event linked below. 00:00 Welcome to the Identity at the Center Podcast 01:36 Podcast Milestones and Schedule 02:42 Engaging with the Audience 04:35 Introducing the Guest: Andrew Shikiar 07:34 FIDO Alliance and Passkeys Overview 10:12 The Importance of Passwordless Authentication 18:23 Authenticate Conference Highlights 22:07 Conference Details and Registration 26:19 Networking and Conference Challenges 26:35 Session Tracks and Remote Participation 28:02 FIDO APAC Summit in Kuala Lumpur 29:38 Highlights of the Authenticate Conference 32:21 Identity Verification and Adjacent Technologies 34:28 Live Podcasts and Interactive Sessions 35:59 Fun Activities and Networking at Authenticate 39:52 Travel Experiences and Final Thoughts Connect with Andrew: https://www.linkedin.com/in/andrewshikiar/ Learn more about the FIDO Alliance: https://fidoalliance.org/ Authenticate Conference - Use code IDAC15 for 15% off: https://authenticatecon.com/event/authenticate-2024-conference/ FIDO Alliance Shop - https://shop.fidoalliance.org/ - Use code IDAC10 for a discount on your purchase! Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and follow @IDACPodcast on Twitter.