Identity at the Center

This episode is sponsored by Nexis. Visit nexis-secure.com/idac to learn more.In this sponsored episode of *Identity at the Center*, host Jim McDonald sits down with Dr. Heiko Klarl, CEO of Nexis, to explore how the company is advancing authorization governance for modern enterprises. Dr. Klarl explains how Nexis builds visibility and control across fragmented identity landscapes and why “better together” is the right strategy for enterprises with multiple IAM systems.They discuss the emerging Identity Visibility and Intelligence Platform (IVIP) category, the value of automation and remediation in governance, Nexis’s unique “health check” service, and their ISPM capability that helps clients identify unnecessary access—and even save on software licensing.Learn how Nexis integrates with IGA and PAM tools, streamlines application onboarding, and helps customers measure the real business impact of their identity programs.Connect with Heiko: https://www.linkedin.com/in/heiko-klarl/More about Nexis: https://nexis-secure.com/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comChapters00:00 Introduction and Sponsor Message00:42 Meet Dr. Heiko Klarl, CEO of Nexis01:29 Dr. Klarl's Journey into Identity and Access Management03:09 What Does Nexis Do?05:00 Challenges in Authorization Governance06:43 The Importance of Visibility in Identity Systems08:23 Nexis' Role in Enhancing Existing IAM Investments10:05 The Concept of IVIP and Its Relevance21:48 Nexis Platform Capabilities23:24 The Health Check: A Deep Dive27:22 Understanding Health Check Costs28:27 Exploring ISPM and License Management32:09 How Nexis Integrates with IGA Systems34:11 Application Onboarding and Compliance36:38 Measuring Value and Success with Nexis43:10 Global Reach and Market Focus45:02 Connecting at Conferences46:49 Visiting Germany: Recommendations and Insights50:17 Final Thoughts and ResourcesKeywordsIDAC, Identity at the Center, Jim McDonald, Jeff Steadman, Dr. Heiko Klarl, Nexis, Nexis Secure, NEXIS 4, authorization governance, role mining, role management, IGA, IAM, IVIP, Identity Visibility and Intelligence Platform, access certification, remediation automation, health check, ISPM, Identity Security Posture Management, license management, enterprise identity, compliance, visibility, identity governance, access review, Gartner IAM, EIC, KuppingerCole

Live from Authenticate 2025, Jeff Steadman and Jim McDonald sit down with the Cal Ripken of IDAC, Andrew Shikiar, Executive Director and CEO of the FIDO Alliance. Andrew shares exciting updates on the incredible progress of Passkeys, revealing that over 3 billion are now in use securing accounts. We discuss the key themes of the conference, including the ongoing arms race with AI in security and the critical role of identity verification. Andrew also unveils the new Passkey Index, an initiative to provide industry benchmarks for deployment success. Looking ahead, the conversation shifts to the FIDO Alliance's broadening focus on digital credentials and wallets, aiming to solve the usability and certification challenges that have held the space back. Finally, we hear about the global expansion of the Authenticate conference brand, with a new event launching in Singapore.Connect with Andrew: https://www.linkedin.com/in/andrewshikiar/Learn more about FIDO: https://fidoalliance.org/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comChapter Timestamps:00:00:00 - Introduction to Authenticate 2025 Themes00:02:50 - Welcoming Andrew Shikiar of the FIDO Alliance00:04:00 - Andrew's Keynote: Passkey Progress and Future Goals00:05:17 - Over 3 Billion Passkeys in Use00:06:57 - Improving the Passkey User Experience (UX)00:09:02 - Introducing the Passkey Index for Benchmarking00:10:46 - The Growth of the Authenticate Conference00:14:55 - FIDO Alliance's New Focus: Digital Credentials and Wallets00:17:25 - Overcoming Hurdles in Digital Credential Adoption00:20:03 - The Role of Major Stakeholders in FIDO's Success00:23:05 - The Future of the Authenticate Conference00:24:00 - Announcing Authenticate APAC in Singapore00:25:07 - Global Differences in Passkey Adoption00:28:19 - Closing Thoughts and FIDO Feud RecapKeywords:Andrew Shikiar, FIDO Alliance, Passkeys, Authenticate 2025, identity verification, digital credentials, digital wallets, passwordless, WebAuthn, user experience, Passkey Index, cybersecurity, authentication, mobile driver's license, multi-factor authentication, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

Live from Authenticate 2025, Jeff Steadman and Jim McDonald sit down with Dr. Tina Srivastava, an IDPro board member and co-founder of Badge Inc., for a crucial discussion on the rapidly evolving landscape of identity and authentication.Tina shares her insights on the conference, the evolution from physical hacks to sophisticated AI-driven threats like supercharged phishing, and the current challenges facing the industry. The conversation delves into the complexities of synced Passkeys, the critical vulnerability of account recovery processes, and the slow pace of regulation in keeping up with technology.As a board member for IDPro, Tina highlights the immense value of the practitioner-focused community, the supportive culture within its Slack channels, and makes an exciting announcement about the creation of new member-driven committees to shape the future of the organization. They explore the concept of the "AI arms race" and why identity professionals cannot afford to wait for the next big thing, emphasizing that collaboration and information sharing through communities like IDPro are essential to staying ahead of adversaries.Connect with Tina: https://www.linkedin.com/in/tina-s-8291438a/Find out more about IDPro: https://www.idpro.org/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comChapters00:00 Introduction and Greetings00:16 Highlights from Authenticate 202501:39 FIDO Feud Rematch Discussion03:17 Guest Introduction: Tina Srivastava03:46 Conference Insights and AI Challenges06:16 Regulatory Environment and Passkeys09:11 Phishing and AI Supercharged Attacks12:28 QR Codes and Accessibility Issues13:09 The Importance of Phishing Resistant Authentication22:24 IDPro Community and Practitioner Support25:18 Community Support and Engagement26:26 IDPro's Role in Identity Events27:48 Future Directions for IDPro29:19 Introducing Committees in IDPro30:39 AI and Identity Verification37:07 The Importance of Information Sharing45:35 Public Speaking and Personal Growth50:58 Conclusion and Final ThoughtsKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Tina Srivastava, IDPro, Authenticate 2025, Passkeys, AI, Artificial Intelligence, Cybersecurity, Phishing, Deepfakes, Authentication, Account Recovery, Biometrics, Identity and Access Management, IAM, NIST, Regulation, Identity Verification, Synced Passkeys, FIDO Alliance

This episode is sponsored by HYPR. Visit hypr.com/idac to learn more.In this episode from Authenticate 2025, Jim McDonald and Jeff Steadman are joined by Bojan Simic, Co-Founder and CEO of HYPR, for a sponsored discussion on the evolving landscape of identity and security.Bojan shares his journey from software engineer to cybersecurity leader and dives into the core mission of HYPR: providing fast, consistent, and secure identity controls that complement existing investments. The conversation explores the major themes from the conference, including the push for passkey adoption at scale and the challenge of securely authenticating AI agents.A key focus of the discussion is the concept of "Know Your Employee" (KYE) in a continuous manner, a critical strategy for today's remote and hybrid workforces. Bojan explains how the old paradigm of one-time verification is failing, especially in the face of sophisticated, AI-powered social engineering attacks like those used by Scattered Spider. They discuss the issue of "identity sprawl" across multiple IDPs and why consolidation isn't always the answer. Instead, Bojan advocates for a flexible, best-of-breed approach that provides a consistent authentication experience and leverages existing security tools.Connect with Bojan: https://www.linkedin.com/in/bojansimic/Learn more about HYPR: https://www.hypr.com/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comChapter Timestamps:00:00 - Introduction at Authenticate 202500:23 - Sponsored Episode Welcome: Bojan Simic, CEO of HYPR01:11 - How Bojan Simic Got into Identity and Cybersecurity02:10 - The Elevator Pitch for HYPR04:03 - The Buzz at Authenticate 2025: Passkeys and Securing AI Agents05:29 - The Trend of Continuous "Know Your Employee" (KYE)07:33 - Is Your MFA Program Enough Anymore?09:44 - Hackers Don't Break In, They Log In: The Scattered Spider Threat11:19 - How AI is Scaling Social Engineering Attacks Globally13:08 - When a Breach Happens, Who's on the Hook? IT, Security, or HR?16:23 - What is the Right Solution for Identity Practitioners?17:05 - The Critical Role of Internal Marketing for Technology Adoption22:27 - The Problem with Identity Sprawl and the Fallacy of IDP Consolidation25:47 - When is it Time to Move On From Your Existing Identity Tools?28:16 - The Role of Document-Based Identity Verification in the Enterprise32:31 - What Makes HYPR's Approach Unique?35:33 - How Do You Measure the Success of an Identity Solution?36:39 - HYPR's Philosophy: Never Leave a User Stranded39:00 - Authentication as a Tier Zero, Always-On Capability40:05 - Is Identity Part of Your Disaster Recovery Plan?41:36 - From the Ring to the C-Suite: Bojan's Past as a Competitive Boxer47:03 - How to Learn More About HYPRKeywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Bojan Simic, HYPR, Passkeys, Know Your Employee, KYE, Continuous Identity, Identity Verification, Authenticate 2025, Phishing Resistant, Social Engineering, Scattered Spider, AI Security, Identity Sprawl, Passwordless Authentication, FIDO, MFA, IDP Consolidation, Zero Trust, Cybersecurity, IAM, Identity and Access Management, Enterprise Security

In this episode, Jim McDonald and Jeff Steadman are joined by Steve Rennick, Senior Leader for IAM Architecture at Ciena, for a wide-ranging discussion on the most pressing topics in identity today.The conversation kicks off with a practical look at vendor demos, sharing best practices for cutting through the slideware and getting to the heart of a product's capabilities. From there, they dive deep into the complex world of Non-Human Identities (NHI). Steve shares his practitioner's perspective on why NHIs are such a hot topic, the challenges of managing them, and the risks they pose when left unchecked.The discussion covers:Why traditional IAM approaches fail for non-human identities.The importance of visibility and creating a standardized process for NHI creation.The debate around terminology: NHI vs. machine identity vs. service accounts.The reasons for NHI's current prominence, including threat actors shifting focus away from MFA-protected human accounts.Practical, actionable advice for getting a handle on legacy service accounts.The emerging challenge of IAM for AI and the complexities of managing agentic AI.The critical role of authorization and the future of policy-based access control.Whether you're struggling with service account sprawl, preparing for an AI-driven future, or just want to run more effective vendor demos, this episode is packed with valuable insights.Connect with Steve: https://www.linkedin.com/in/steven-rennick/ARIA (Agent Relationship-Based Identity & Authorization) LinkedIn Post from Patrick Parker: https://www.linkedin.com/posts/patrickparker_ai-agent-authorization-activity-7335265428774031360-braE/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comCHAPTER TIMESTAMPS:00:00:10 - Introduction & The Art of the Vendor Demo00:08:02 - Steve Rennick's Take on Vendor Demos00:12:39 - Formal Introduction: Steve Rennick00:14:45 - Recapping the Identiverse Squabble Game Show00:17:22 - The Hot Topic of Non-Human Identities (NHI)00:22:22 - Is NHI a Joke or a Serious Framework?00:26:41 - The Controversy Around the Term "NHI"00:30:24 - How to Simplify NHI for Practitioners00:34:06 - First Steps for Getting a Handle on NHI00:37:20 - Can Active Directory Be a System of Record for NHI?00:45:08 - Why is NHI a Hot Topic Right Now?00:51:19 - The Challenge of Cleaning Up Legacy NHIs00:58:00 - IAM for AI: Managing a New Breed of Identity01:03:33 - The Future is Authorization01:06:22 - The Zero Standing Privilege Debate01:10:39 - Favorite Dinosaurs and OutroKEYWORDS:NHI, Non-Human Identity, Machine Identity, Service Accounts, Vendor Demos, IAM for AI, Agentic AI, Authorization, Zero Trust, Zero Standing Privilege, Secrets Management, IAM Strategy, Cybersecurity, Identity and Access Management, Steve Rennick, Ciena, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

In this episode of the Identity at the Center podcast, Jim McDonald interviews Sebastian Rohr, the Chief Troublemaker at Umbrella Labs. They discuss the evolution of identity management, the challenges of digital identity, and the importance of national ID systems. Sebastian shares his personal journey into the identity field, the impact of digital identities on individuals, and the challenges faced in developing countries regarding identity verification. The conversation also touches on the role of AI in identity management, the importance of community in the identity space, and the cultural significance of German Unification Day.Connect with Sebastian: https://www.linkedin.com/in/sebastianrohr/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comChapters00:00 Introduction and Guest Introduction05:13 Sebastian's Origin Story in Identity11:00 The Evolution of Identity Verification15:24 Challenges in Identity Verification Technology20:13 The Importance of Birth Registration26:58 Real-World Stories from Identity Management32:30 Tips for Identity Practitioners35:22 Finding the Right Balance in Digital Transformation36:21 EUDI: The Future of Digital Identity40:02 Addressing Bias in Identity Systems44:11 The Impact of AI on Identity Management52:20 The Rise of Identity Beer: Community and Connection59:40 Celebrating German Unification DayKeywordsidentity, decentralized identity, digital identity, identity verification, national ID systems, AI in identity, identity management, global identity challenges, identity beer, German unification

In this episode of the Identity at the Center Podcast, Eve Maler, founder and CEO of Venn Factory joins host Jim McDonald. They discuss the significance of identity in the corporate world; detailing Eve's new book aimed at educating CEOs on the importance of treating identity as a strategic asset rather than mere infrastructure. They explore concepts like the evolving role of identity in security, the increasing risks posed by AI and cybersecurity threats, and the potential for organizational paralysis without proper identity management. Eve emphasizes the need for cross-functional focus and strategic ownership of identity functions within companies. The episode concludes with insights into public speaking and preparation, providing listeners with practical advice and industry insights.Connect with Eve: https://www.linkedin.com/in/evemaler/Chapters00:00 Introduction and Guest Welcome00:32 The Story Behind 'Venn Factory'02:09 Eve Maler's Book for CEOs04:42 The Importance of Digital Identity10:53 AI and Its Impact on Executives17:25 Organizational Challenges in Identity Management23:49 The Role of Identity in Organizations24:44 Escaping Organizational Paralysis25:08 Valuing Identities in the Digital Age28:13 B2B Identity Dynamics35:21 The Rise of Identity Security42:32 Public Speaking Tips and Lighter NotesConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

This episode of the Identity at the Center podcast delves into the complex topic of death and the digital estate (DADE). Jim McDonald hosts Dean Saxe, Heather Flanagan, and Mike Kiser, who discuss the importance of planning for digital assets after death, the cultural implications of digital identity, and the evolving role of technology in managing these assets. They emphasize the need for individuals to take proactive steps in documenting their digital estate and the challenges posed by varying legal frameworks and cultural perspectives. The conversation also touches on the future of digital identity in the age of AI and the ethical considerations surrounding it.Episode Links:Death and the Digital Estate (DADE) Community Group: https://openid.net/cg/death-and-the-digital-estate/Connect with Dean: https://www.linkedin.com/in/deanhsaxe/Connect with Heather: https://www.linkedin.com/in/hlflanagan/Connect with Mike: https://www.linkedin.com/in/mike-kiser/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comChapters00:00 Introduction to Identity at the Center Podcast00:10 Introduction to the Death and Digital Estate (DADE) group03:07 The Role of Identity in Digital Estates06:01 Understanding Digital Estate and Its Components09:09 Community Groups vs. Working Groups in Standards11:59 The Importance of Digital Estate Management15:09 Cultural Perspectives on Digital Death18:12 Legal and Ethical Considerations in Digital Estates20:59 Future of Digital Estate Planning24:03 Conclusion and Call to Action31:33 Cultural Frameworks and Digital Estates35:12 The Importance of Protocols in Digital Estate Management39:30 Navigating Digital Wills and Estate Planning42:19 Challenges in Digital Recovery and Access45:18 Actionable Steps for Digital Estate Planning48:52 Personal Reflections on Digital Legacy50:57 The Future of Digital Remembrance54:25 Final Thoughts and Community EngagementKeywordsdigital estate, death, identity management, OpenID Foundation, digital assets, cultural perspectives, technology, legal considerations, AI, planning guide

This episode is sponsored by Hush Security. Visit hush.security/idac to learn more.In this sponsored episode of Identity at the Center, hosts Jeff Steadman and Jim McDonald spotlight Hush Security, a company emerging from stealth with an innovative approach to machine identity and access management. CEO and co-founder Micha Rave explains why traditional secrets vaults can’t keep up with today’s scale, what it means to truly go “secrets-free,” and how Hush enables visibility, governance, and operability for modern and legacy environments alike.Discover:The real difference between non-human identities and static keysWhy legacy secrets management is breaking in the cloud and automation ageHush Security’s journey from stealth mode to active customersThe business case for removing vaults (and the risks with “hope and prayer” key rotation)How to transition to policy-based access—and measurement metrics for successFun discussions on pancakes vs. waffles in security leadership (really!)Learn more about Hush Security and get a free environment assessment: hush.security/idacConnect with Micha: https://www.linkedin.com/in/micharave/Connect with IDAC on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.com#idac #identitymanagement #machineidentity #secretsmanagement #podcast #cybersecurity #JimMcDonald #JeffSteadman #HushSecurity #IdentityattheCenterChapters / Timestamps:00:00 - Welcome and Introduction (Hosts: Jeff and Jim)01:00 - Introducing Micha Rave and Hush Security03:00 - Micha’s Background and the Hush Team’s Journey06:00 - What Is Hush Security and Why Now?09:00 - Leaving Stealth Mode: Patents and Novel Approaches12:00 - What Makes Hush Special? Remediation vs. Visibility15:00 - Vaults vs. Secrets-Free Approach & Industry Gaps18:00 - Non-Human Identities: Static Keys, Secrets, and Access22:00 - Solving Problems Beyond Cloud: Custom vs. Packaged Software26:00 - The Scale of Machine Identity in the Cloud and Automation Age29:00 - Why Secrets Management Is Breaking and the Case for Policy-Based Access34:00 - From Scanning to Policy Enforcement: How Hush Works39:00 - Metrics, Success, and Executive Buy-in for Modern IAM43:00 - How to Get Started with Hush Security (Free Assessments)46:00 - Micha’s Conference Plans and Final Thoughts49:00 - Pancakes or Waffles?Keywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Hush Security, machine identity, secrets management, secrets vault, IAM, cybersecurity, sponsored episode, non-human identities, policy-based access, vault elimination, cloud security, automation, zero trust, Micha Rave, podcast, identity management

In this episode of the Identity at the Center podcast, hosts Jeff and Jim dive into the concept of device identity within a Zero Trust framework. They are joined by Shea McGrew, CTO of Maricopa County Arizona, who provides insights into the importance of managing not just human but also device identities. The discussion explores the philosophical debate on whether machines can have identities, Zero Trust principles, and their application in a diverse and semi-autonomous organizational structure like that of the county government. Shea also shares her career journey, emphasizing the importance of curiosity, customer service, and continuous learning in IT. The episode wraps up with a light-hearted conversation on the never-ending pursuit of knowledge.Connect with Shea: https://www.linkedin.com/in/shea-m-6b82a36/Timestamps:00:00 Introduction and Podcast Theme00:17 Defining Identity in Cybersecurity01:34 Debate: Can Non-Humans Have Identities?01:57 Guest Introduction: Shea McGrew04:15 Shea's Career Journey and Role as CTO09:28 Challenges and Rewards of Being a CTO11:41 Identity Strategy at Maricopa County14:48 Device Identity and Zero Trust Architecture29:56 Managed vs. Unmanaged Devices40:15 Understanding the NIST Framework42:52 Balancing Technology and People43:58 Training and Partner Collaboration48:03 Organizational Change Management50:40 Future of Device Identity54:40 Debating Machine Identity01:06:36 Curiosity as an Olympic Sport01:13:00 Conclusion and Final ThoughtsConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

Join Jeff Steadman and Jim McDonald for the September 2025 mailbag episode of Identity at the Center! This episode features listener questions from around the world about digital identity, trust, technology challenges, inclusion, biometrics, and even a candid discussion on air travel etiquette. Whether you're new to IAM or a veteran, you'll find practical advice and real stories. Plus, hear shout-outs to our global community and learn what’s coming up for the podcast team, including conferences and game shows. Don’t forget to leave your thoughts or questions in the comments—let’s keep the conversation going!Chapter Timestamps:00:00 - Intro & Community Shout-Outs04:00 - Upcoming Conferences & Discount Codes07:00 - What the Podcast Is All About08:40 - Mailbag Intro: Listener Questions From Around the World09:20 - Engaging IT with IAM Concepts (Matt in Maine)13:20 - Building Trust in Digital Identity (Amara in India)18:30 - Practical Challenges for Large Programs (Sophie in France)25:45 - Digital Identity and the Unconnected (Jonas in Germany)33:15 - Biometric Data & Security Pros/Cons (Rachel in Canada)39:45 - Air Travel Etiquette: From Shoes Off to Elbow Room48:10 - Outro & ThanksConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, mailbag, listener questions, digital identity, IAM, identity and access management, trust, technology inclusion, biometrics, air travel etiquette, conferences, community, YouTube, podcast, global audience, #idac

This episode is sponsored by SGNL. Visit sgnl.ai/idac to learn more.In this sponsored episode of Identity at the Center podcast, hosts Jeff and Jim discuss hot trends in the identity space, focusing on continuous identity with their guest Erik Gustavson, co-founder and CPO at SGNL. Erik shares his journey into the IAM space, exploratory projects, the thought processes behind SGNL’s continuous identity solutions, and provides insights on how SGNL’s approach integrates with existing identity and security tools. He delves into trends such as the convergence of identity and security, the generational change in identity tech, and the practical use cases SGNL addresses. The episode concludes with a light-hearted conversation about the perfect meal for Jeff, reflecting Eric's passion for cooking.Connect with Erik: https://www.linkedin.com/in/erikgustavson/Learn more about SGNL: https://sgnl.ai/idacTimestamps00:00 Introduction and Episode Overview00:36 Sponsor Spotlight: SGNL01:10 Guest Introduction: Erik Gustavson01:41 Eric's Journey into the IAM Space05:47 Role of a Chief Product Officer07:54 The Concept of Continuous Identity20:26 Data Integration and Policy Enforcement26:40 Target Audience for SGNL29:42 Introduction to SGNL’s Ecosystem30:13 Complementing Existing Systems30:44 Challenges with Current Identity Solutions33:27 New Trends in Authorization Management34:09 Aligning with AMP and PBA37:58 Use Cases and Real-World Applications46:31 What Sets SGNL Apart48:37 Future Trends in Identity and Security52:35 A Lighter Note: Cooking and Personal Interests58:32 Conclusion and Final ThoughtsConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.com

In this episode of the Identity at the Center podcast, Jeff and Jim discuss various aspects of identity access management (IAM) policies and the importance of having a solid foundation. They emphasize the need for automation, controls, and how IAM policies should be created without technology limitations in mind. The discussion also covers the implementation challenges and the evolving concept of identity verification. Jeff, Jim, and their guest, Nishant Kaushik, the new CTO at the FIDO Alliance, also delve into the issues surrounding the adoption of passkeys, highlighted by Rusty Deaton’s IDPro article, and address some common concerns about their security. Nishant offers insights into ongoing work at FIDO Alliance, the potential of digital identity, and the importance of community in the identity sector. The episode concludes with mentions of upcoming conferences and an homage to the late identity expert, Andrew Nash.Timestamps00:00 Introduction and Greetings00:18 Importance of IAM Policies01:36 Challenges in Policy Implementation05:09 Conferences and Discount Codes07:59 Introducing the Guest: Nishant Kaushik08:42 The Role of the FIDO Alliance and Digital Identity10:35 Concerns and Solutions for Passkeys22:21 Final Thoughts on Passkeys and Authentication29:48 Credential Security Concerns30:03 FIDO Members and Their Contributions30:38 Getting Involved in Working Groups31:58 Conversations at Authenticate Conference32:29 Evolution of the Authenticate Conference34:32 Automotive Authentication Challenges36:04 Community and Collaboration38:33 Remembering Andrew Nash41:41 Lightning Round: Current State of AI and Identity44:21 Decentralized Identity: Current Trends49:47 Non-Human Identity: Future Perspectives52:19 New York Sports Fandom54:33 Conclusion and Upcoming EventsConnect with Nishant: https://www.linkedin.com/in/nishantkaushik/Learn more about the FIDO Alliance: https://fidoalliance.org/IDPro Article by Rusty Deaton: https://idpro.org/blackhat-and-def-con-2025-thoughts/Kill the Wallet? Rethinking the Metaphors Behind Digital Identity by Heather Flanagan: https://sphericalcowconsulting.com/2025/07/22/digital-wallet-metaphor/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

In this episode of the Identity at the Center podcast, hosts Jeff and Jim engage in an insightful conversation with Darren Rolls, a veteran in the Identity and Access Management (IAM) field. They discuss the complexities of identity fabrics, the evolving landscape of IAM, the impact of AI, and the challenges of integrating new technologies with legacy systems. Darren shares his thoughts on upcoming trends, practical advice for IAM practitioners, and even his personal experience with kite surfing. Tune in to gain expert perspectives on the future of IAM and the significance of continuous learning and adaptation in this dynamic field.Connect with Darran: https://www.linkedin.com/in/darran-rolls/Identity Innovations Blog: https://identityinnovationlabs.com/identity-insights/Chapters00:00 Introduction and Casual Banter00:17 Discussing Identity Fabrics and Leadership Compass03:19 Upcoming Conferences and Events05:32 Interview with Darren Rolls: Identity Management Journey09:09 Evolution and Challenges in Identity Management24:41 Future of Identity Management and AI32:05 The Future of IAM in the Age of AI33:12 The Rise of Agent-Based Applications34:12 Challenges in Identity and Access Management35:31 Exploring Vibe Coding and AI Utilities38:09 Monitoring and Telemetry in IAM40:17 The Evolution of Identity Management42:05 The Role of Laws in IAM Architecture46:16 Balancing Legacy Systems with Future Innovations51:39 Kite Surfing Adventures and Reflections59:01 Closing Thoughts and Future EngagementsConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

Sponsored by Axonius. Visit https://www.axonius.com/idac to learn more.In this sponsored episode of the Identity at the Center Podcast, hosts Jeff and Jim talk with Amir Ofek, the CEO of AxoniusX, about the company's innovative solutions in identity and access management (IAM). The discussion covers Amir's journey into IAM, the unique challenges of managing identities, and how AxoniusX's data-driven approach provides comprehensive visibility and intelligence. The episode breaks down various use cases, the importance of identity hygiene, automation of identity processes, and the newly recognized identity visibility and intelligence platform (IVIP) by Gartner.Timestamps:00:00 Introduction and Episode Overview00:57 Guest Introduction: Amir, CEO of AxoniusX01:12 Amir's Journey into Identity Access Management02:40 Understanding Axonius and AxoniusX08:03 The Importance of Identity Visibility and Intelligence11:48 Challenges in Identity Management22:10 Axonius's Approach to Identity Visibility26:35 Leveraging AI and Machine Learning in Identity Management31:18 Understanding Permission Changes and Their Importance32:10 The Role of Observability in Axonius32:37 Driving Actions with Axonius33:30 Common Use Cases and Workflows35:19 Axonius as a Swiss Army Knife36:16 Ease of Use and AI Integration38:49 Starting with Axonius and Measuring Value43:42 Future Directions for Axonius49:49 The Identity Community and Upcoming Events51:23 Skiing Adventures and Tips57:54 Conclusion and Final ThoughtsConnect with Amir: https://www.linkedin.com/in/amirofek/Learn more about Axonius: https://www.axonius.com/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.com

In this episode of the Identity at the Center Podcast, hosts Jeff and Jim dive into the critical intersection of cloud security and identity and access management (IAM). They are joined by experts from RSM Justin Devine, Cloud Transformation Director, and Vaishnavi Vaidyanathan, Digital Identity Director, to discuss the challenges and strategies involved in explaining complex identity topics in business terms to executives. The conversation covers the integration of IAM with cloud initiatives, the importance of automation and governance, and actionable steps for improving cloud security and identity management. The episode also touches on the evolving role of identity in cybersecurity and offers practical advice for organizations undergoing cloud migrations.Connect with Justin: https://www.linkedin.com/in/justindevine/Connect with Vaishnavi: https://www.linkedin.com/in/vaishnavi-vaidyanathan-6913072b/Learn more about RSM:Digital Identity consulting: https://rsmus.com/services/risk-fraud-cybersecurity/cybersecurity-business-vulnerability/identity-and-access.htmlSecure Cloud: https://rsmus.com/services/risk-fraud-cybersecurity/cybersecurity-business-vulnerability/secure-cloud.htmlCheck out more RSM & IDAC episodes: https://rsmus.com/insights/services/risk-fraud-cybersecurity/IDAC-podcast-featuring-RSMs-digital-identity-team.htmlChapters00:00 Introduction and Banter00:37 Explaining Identity in Business Speak04:03 Conference Season and Upcoming Events06:19 Intersection of Cloud Security and IAM07:05 Guest Introductions: Justin and Vaishnavi07:37 Vaishnav's Journey in Identity12:20 Justin's Background and Cloud Security14:32 Cloud and IAM Strategies29:28 Challenges in Identity Management30:09 Identity Orchestration and Cloud Transformation31:07 Modernizing Identity for Cloud Adoption33:03 Importance of Identity in Advanced Cloud Implementations37:28 Identity Security and Monitoring in the Cloud41:34 Practical Advice for Cloud and Identity Management53:23 Music Preferences and Final ThoughtsConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

Join Jeff and Jim in this special episode of the Identity at the Center podcast as they celebrate crossing 1 million downloads. The hosts share a major announcement, thank their supporters, and discuss the journey and future of the podcast. They also delve into the world of Identity and Access Management (IAM) with guest Anthony Viggiano, covering key topics such as access reviews, roles, data integration, and non-human identities. Anthony shares his insights on making access reviews effective, future-proofing IAM programs, and the pragmatic approaches to identity governance. Plus, learn about Anthony's passion for mountain biking and some tips for beginners. Don't miss this episode packed with valuable IAM insights and a momentous celebration!Timestamps:00:00 Introduction and Banter00:33 Major Milestone Announcement02:58 Upcoming Events and Conferences06:54 Guest Introduction: Anthony Viggiano09:48 Anthony's Journey into Identity11:08 Challenges in Identity Management12:24 Non-Human Identities and AI16:34 Access Reviews: Security Theater?24:08 Making Access Reviews Effective26:29 Effective Access Reviews: Overcoming Challenges29:29 Role-Based Access Control (RBAC) Insights32:29 Exploring Attribute-Based Access Control (ABAC)37:56 Centralizing Identity Governance45:47 Future-Proofing Identity Programs47:35 Mountain Biking: A Metaphor for Life54:54 Closing Thoughts and Community SupportConnect with Anthony: https://www.linkedin.com/in/anthonyviggiano/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

This episode is sponsored by P0 Security. Visit p0.dev/idac to learn why P0 is the easiest and fastest way to implement just-in-time, short-lived, and auditable access to your entire infrastructure stack, like servers, databases, Kubernetes clusters, cloud consoles, and cloud services, for users as well as non-human identities.In this sponsor spotlight episode, Jim and Jeff are joined by Shashwat Sehgal, CEO and founder of P0 Security, to discuss the evolving challenges of privileged access management in modern, cloud-native environments. Shashwat explains how traditional PAM solutions often create friction for developers, leading to over-provisioning and security risks, and how P0 is tackling this problem with a developer-first, just in time (JIT) access model. The conversation covers the core problems with developer productivity, how P0's use of technologies like eBPF provides deep visibility and control without agents, the "Priority Zero" philosophy, and how a JIT approach simplifies audits and compliance. They also discuss the competitive landscape and what sets P0 Security apart from traditional and open-source solutions.Learn more about P0: https://www.p0.dev/idacConnect with Shashwat: https://www.linkedin.com/in/shashwatsehgal/Chapter Timestamps:00:00 - Podcast Intro00:29 - Sponsor Introduction: P0 Security01:38 - What is the problem P0 Security is trying to solve?03:52 - Defining "Just-in-Time" (JIT) Access06:21 - The challenge with traditional PAM for developers08:23 - How P0 provides access without agents using eBPF12:15 - What does the user experience look like?15:58 - Supporting various infrastructure and access protocols19:15 - How does P0 handle session recording and auditing?22:20 - Is this a replacement for Privileged Access Management (PAM)?26:40 - The story behind the name P0 Security29:20 - Who is the ideal customer for P0?33:15 - Handling break-glass scenarios36:04 - Discussing the competitive landscape42:30 - How is P0 deployed? (Cloud vs. On-prem)46:50 - The future of P0 and the "Priority Zero" philosophy50:32 - Final thoughts: "Access is our priority zero."Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywords:P0 Security, Shashwat Sagal, Privileged Access Management, PAM, Just-in-Time Access, JIT, Developer Security, Cloud-Native Security, Hybrid Cloud, eBPF, Kubernetes, IAM, Identity and Access Management, Cybersecurity, Zero Trust, Ephemeral Access, Developer Experience, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

Join hosts Jeff Steadman and Jim McDonald as they explore the critical intersection of attack surface management (ASM) and digital identity with Dan Lauritzen, Director with RSM Defense - RSM’s Managed Security Team. This episode dives deep into how identity has become a key component of your organization's attack surface and why breaking down silos between identity teams and Security Operations Centers is more crucial than ever.Dan brings a unique perspective from his military background as a human intelligence collector to his current role in detection and response. Learn about the cyber kill chain, understand when you might have too much data, and discover practical strategies for treating identities as assets that need continuous protection.Whether you're an identity practitioner looking to expand your security knowledge or a cybersecurity professional wanting to better understand identity's role in attack surface management, this conversation offers valuable insights and actionable takeaways.Key topics include XDR platforms, ITDR tools, the evolution from legacy SIEM to modern detection systems, and why the future of security requires collaboration between traditionally separate teams.Chapter Timestamps00:00 - Introduction and Industry Trends01:00 - AI and Technology Disruption Discussion02:00 - Upcoming Conference Schedule and Discount Codes04:00 - Podcast Milestone - Approaching One Million Downloads06:30 - Introducing Dan Lauritzen and RSM Defense Team09:00 - Dan's Background - From Military to Cybersecurity12:00 - What is Attack Surface Management?14:00 - Treating Identities as Assets16:00 - The Cyber Kill Chain Explained18:00 - Why Identity and SOC Teams Operate in Silos21:00 - The Role of Data in Modern Security Operations23:00 - Continuous Identity Management and Shared Signals Framework26:00 - Can You Have Too Much Data?29:00 - Breaking Down Silos Between Identity and SOC Teams32:00 - Practical Collaboration Strategies34:00 - SIEM vs XDR vs ITDR - Understanding the Tool Landscape41:00 - Pragmatic Security Strategies and Metrics44:00 - Biggest Misconceptions About Attack Surface Management45:00 - Military Background - Human Intelligence Collection48:00 - Communication Tips for Better Information Gathering51:00 - Closing and Contact InformationConnect with Dan: https://www.linkedin.com/in/daniel-lauritzen-67545045/Cyber Kill Chain: https://en.wikipedia.org/wiki/Cyber_kill_chainLearn more about RSM:RSM Defense Managed Security: https://rsmus.com/services/risk-fraud-cybersecurity/managed-security-services.htmlRSM Digital Identity: https://rsmus.com/services/risk-fraud-cybersecurity/cybersecurity-business-vulnerability/identity-and-access.htmlConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Dan Lauritzen, RSM, attack surface management, cybersecurity, digital identity, SOC, Security Operations Center, XDR, ITDR, SIEM, cyber kill chain, detection and response, identity security, human intelligence, military cybersecurity, continuous identity management, shared signals framework, UEBA, threat detection, zero trust, privileged access management, identity governance, security metrics, vendor management, cloud security, endpoint security, data correlation, security silos, collaboration strategies, identity assets, orphaned accounts, entitlement creep, attack surface reduction, security automation, AI in security, machine learning security, identity sprawl, security tools, cybersecurity consulting, managed security services, security monitoring, incident response, threat hunting, vulnerability management, risk assessment, compliance, security architecture, defense strategy

In this episode of the Identity at the Center podcast, hosts Jeff and Jim dive into an enriching discussion with Shawna Hofer, Chief Information Security Officer at St. Luke's Health System in Idaho. Discover the vital link between cybersecurity and patient safety, the evolving role of AI in healthcare, and the challenges of integrating new technologies securely. Shawna shares her unique journey from an identity and access management manager to a CISO, offering valuable insights on risk management, data privacy, machine identities, and resilient security infrastructure. This is a must-watch episode for anyone interested in the intersection of healthcare and cybersecurity!Timestamps:00:00 Introduction and Podcast Overview00:37 ID Pro Membership Benefits03:35 Conferences and Events06:03 Introducing Shawna Hofer07:00 Shawna’s Journey to CISO10:55 Identity Security in Healthcare13:49 Balancing Security and User Experience19:08 Challenges with IoT in Healthcare24:27 AI in Healthcare Security30:01 Upskilling for AI in Security33:07 The Ever-Improving AI Landscape33:21 Embracing the AI Mindset33:58 Resiliency in Healthcare and AI35:06 The Future of Jobs in an AI-Driven World37:37 Trusting AI in Security Decisions40:56 Learning the Language of Risk43:44 Making the Business Case for Identity45:50 Balancing Security Investments51:48 The Future of Healthcare and AI54:40 Fun and Food: The Potato Question01:02:13 Closing Remarks and FarewellConnect with Shawna: https://www.linkedin.com/in/shawna-hofer-7259b21a/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com