Send us a text

Episode Summary

On this episode, Sandy Bird, CTO and Co-Founder of Sonrai Security, joins the show to discuss identity security in the Cloud. Prior to Sonrai Security, Sandy co-founded Q1 Labs, which was acquired by IBM. He then became the CTO and helped IBM Security grow to $2B in revenue.

Today, Sandy talks about his journey in cybersecurity and how to manage and eliminate dormant identities. Why should listeners be concerned about zombie identities? Hear about the permissions attack surface and where to start implementing zero trust policies.

Timestamp Segments

·       [01:41 ] Getting into cybersecurity.

·       [03:48 ] Key lessons from IBM.

·       [08:40 ] Zombie identities.

·       [12:53 ] Is it possible to manage and eliminate dormant identities?

·       [16:17 ] Tying the process into a CI/CD pipeline.

·       [21:01 ] The Dirty Dozen of Cloud Identity.

·       [24:13 ] The permissions attack surface.

·       [27:00 ] Zero Trust best practices.

·       [30:08 ] Creating nett new machine identities.

·       [33:17 ] Prioritizing identity misconfigurations.

·       [35:15 ] Sandy’s mentors and inspirations.

·       [37:37 ] How does Sandy stay sharp?

Sound Bites

"Nothing is a straight path in starting companies in your career."
"Zombie identities are identities that were part of previous projects and never get cleaned up."
"Fix the low-hanging fruit first, such as getting rid of zombie identities and locking down sensitive identities."

Relevant Links

Website:          sonraisecurity.com

LinkedIn:         Sandy Bird

Quantifying Cloud Access: Overprivileged Identities and Zombie Identities