Hybrid Identity Protection Podcast

The 2017 NotPetya cyberattack remains one of the most devastating and costly breaches in history, inflicting over $1.4 billion in damages on pharmaceutical giant Merck. What made this attack especially alarming was its simplicity: a single overprivileged service account became the key that unlocked chaos across Merck's global network. In episode 74 of the Hybrid Identity Protection Podcast, host Sean Deuby sits down with Lance Peterman, CIDPRO, who was on the front lines during the breach. Lance shares a rare, firsthand account of how the attack unfolded, the critical identity vulnerabilities that were exploited, and the long road to recovery.

In this time of constant cyber-attacks and increased cybersecurity reporting requirements, a CISO's job is no easy task and typically has a short Tenure. In this episode, Sean sits down with Allan Alford, 5 time CISO to talk about his experience as a CISO across several prominent organizations and how identity is always at the center of a CISOs responsibility.

How is IAM—and the role of the identity security professional—adapting to meet the challenges of today's threat landscape? In this episode of the HIP Podcast, Sean talks with Joe Kaplan, Security Delivery Associate Director at Accenture, to discuss the future of IAM and identity security, the path to passwordless authentication, breaking down silos between IT and InfoSec, the emerging role of the Chief Identity Defense Officer (CIDO), and more.

Microsoft describes its Detection and Response Team (DART) as the "cybersecurity team we hope you never meet." In this episode of the HIP Podcast, Sean speaks with Shiva P, a Senior Consultant with Microsoft DART. Together, they delve into the tactics used by threat actors and share best practices for minimizing risk. Drawing from his extensive experience in incident response at Microsoft, Shiva takes us through the cyber kill-chain, from initial access to ransomware extortion, providing essential tips and insights.

Following a cyber incident that compromises Entra ID, an inability to recover critical objects and conditional access policies can bring your business recovery to a standstill. In this episode, Sean talks with Tuna Gezer, Senior Product Manager for Semperis Disaster Recovery for Entra Tenant (DRET), about how Entra ID data recovery differs from on-premises Active Directory. Microsoft is responsible for getting your Entra tenant back online, but not for restoring hard-deleted data—a resource-intensive, time-consuming process. Don't be caught unprepared; listen to this episode for this important discussion.Want more great HIP content? Register for this year's Hybrid Identity Protection Conference! Find HIP Conf 24 in New Orleans, November 13-14. BONUS: HIP Podcast listeners get a special 20% discount off HIP Conf 24 tickets! Use promo code HIPConfPod. Register now at https://register.hipconf.com/event/1b968c66-a916-4330-a5a3-577cc76dcc6b/summary.

This week, the HIP Podcast revisits HIP Global 2023! Listen in as our hybrid identity protection experts present lessons learned in the field, helping some of the world's largest organizations remediate and recover from cyberattacks that targeted Active Directory. Joining Sean in this expert panel: · Benjamin Cauwel, Security-Senior Manager, Accenture· Jeff Wichman, Director of Incident Response, Semperis· Marty Momdjian, Healthcare Strategist-IR, CDW· Guido Grillenmeier, Principal Technologist, EMEA, Semperis

Anyone who has dealt with the technological side of a merger or consolidation can tell you: Years of technical debt in Active Directory can turn the process into a real headache. In this episode, Michael Masciulli (Managing Director for Migration Products and Services, Semperis) talks with Sean about the necessary steps to keep Active Directory secure during a migration, consolidation, or modernization project; why such efforts fall apart; and some tips and tools to help streamline the process.

Cyberattacks against K-12 schools have soared, tripling between 2018 and 2021 and continuing to climb. With many school districts balancing legacy technology, budget restrictions, and limited staff, fighting off cyber threats can be a daunting challenge. This week, Sean speaks with BJ Welsh, Director of Tech Services for the Carrollton-Farmers Branch Independent School District. CFBISD comprises 25,000 students and 4,000 staff across dozens of schools and service centers throughout North Texas. They discuss lessons learned about incident response from an attempted breach of CFBISD's Active Directory.LINKS: CISA Cyber Hygiene Services

What are in-the-trenches pros observing when it comes to Active Directory and identity security in 2023? Ravenswood Technology Group Principal returns to the HIP Podcast to provide updates on current challenges and trends, including Active Directory hardening, PKI, and Tier 0 infrastructure protection.

“[Attackers] don't hack in, they log in.” In this episode of the HIP Podcast, Sean talks with Jason Rebholz, Corvus Insurance CISO and host of the TeachMeCyber YouTube channel. Jason and Sean discuss the cyber threat landscape the ins and outs of cyber insurance, including what to do (and what not to do) when applying for and utilizing cyber insurance and how to build a strong incident response plan. Want more great HIP content? Join us for the HIP Global conference in NYC, August 23-24. The best part? It's free to attend! Register today: accelevents.com/e/hip-global-2023.

Who really has access to your applications and critical infrastructure? You've probably heard that identity is the new security perimeter. But how far does that perimeter extend? The key is knowing which assets are in Tier 0—the critical control plane that must be secured to protect your organization from cyber threats—and which potential attack paths lead to those assets, including Active Directory (AD). Semperis Senior Director of Security Product Management, Ran Harel, discusses the challenges of AD security and attack path management in hybrid AD environments.

Budgets are tight in 2023. Where should CISOs focus their spending to best promote cyber and operational resilience? In this episode of the HIP Podcast, Sean Deuby talks with Semperis CISO Jim Doggett about the importance of focusing on the fundamentals, how to optimize cyber insurance, and how best to determine priorities in tight economic conditions.

The rapid proliferation of cloud services has opened doors to many advancements in the ways we work. Unfortunately, governance of access to those services has not kept pace. As a result, cyberattackers often have a field day once they gain entry to your hybrid identity environment. In this episode, Sean talks with Garret Grajek, CEO of YouAttest and founder and former CTO and COO of SecureAuth about the challenges—and importance—of implementing effective access governance.

The rapid proliferation of cloud services has opened doors to many advancements in the ways we work. Unfortunately, governance of access to those services has not kept pace. As a result, cyberattackers often have a field day once they gain entry to your hybrid identity environment. In this episode, Sean talks with Garret Grajek, CEO of YouAttest and founder and former CTO and COO of SecureAuth about the challenges—and importance—of implementing effective access governance.

Join hybrid identity protection experts as they discuss the importance of disaster recovery planning to maintain operational resilience. Where should you start, what should you prioritize—and how can you help business decision-makers understand the importance of a comprehensive, tested plan? This expert panel—including Guido Grillenmeier (Semperis), Ben Cauwel (Accenture), Sylvain Cortes (Hackuity), and Mattieu Trivier (Semperis)—was recorded at the recent HIP France event in Paris and provides lessons learned in the field.

Join hybrid identity protection experts as they discuss the importance of disaster recovery planning to maintain operational resilience. Where should you start, what should you prioritize—and how can you help business decision-makers understand the importance of a comprehensive, tested plan? This expert panel—including Guido Grillenmeier (Semperis), Ben Cauwel (Accenture), Sylvain Cortes (Hackuity), and Mattieu Trivier (Semperis)—was recorded at the recent HIP France event in Paris and provides lessons learned in the field.

What keeps Alan Sugano, President of ADS Consulting Group, up at night? Business email compromise (“way more lucrative than a ransomware attack”), organizations that aren't implementing strong and global MFA, poor password management… Tune into this episode to learn how what Alan calls the “critical quad” can help protect you from relentless cyberattackers.

What keeps Alan Sugano, President of ADS Consulting Group, up at night? Business email compromise (“way more lucrative than a ransomware attack”), organizations that aren't implementing strong and global MFA, poor password management… Tune into this episode to learn how what Alan calls the “critical quad” can help protect you from relentless cyberattackers.

In this episode, listen in on the expert panel recorded live at HIP London, the first stop on this year's Hybrid Identity Protection Roadshow in June 2022. At this event, Sean speaks with Simon Hodgkinson (Strategic Advisor, Semperis and former bp CISO), Ria Thomas (Managing Director, Polynia Advisory), and John Craddock (IT Infrastructure and Security Architect, XTSeminars LTD) about the relationship between identity security and operation resilience. The panel also discusses how organizations can develop crisis management plans that account for the protection of their Zero Trust foundations. And don't miss your chance to participate LIVE in expert HIP discussions like these. Join the upcoming HIP NYC event on November 9. Learn more at https://www.eventbrite.com/e/hip-nyc-tickets-412996843677.

In this episode, listen in on the expert panel recorded live at HIP London, the first stop on this year's Hybrid Identity Protection Roadshow in June 2022. At this event, Sean speaks with Simon Hodgkinson (Strategic Advisor, Semperis and former bp CISO), Ria Thomas (Managing Director, Polynia Advisory), and John Craddock (IT Infrastructure and Security Architect, XTSeminars LTD) about the relationship between identity security and operation resilience. The panel also discusses how organizations can develop crisis management plans that account for the protection of their Zero Trust foundations. And don't miss your chance to participate live in expert HIP discussions like these. Join the upcoming HIP NYC event, November 9. Learn more at https://www.eventbrite.com/e/hip-nyc-tickets-412996843677.

Do you have a clear picture of your identity security posture—the good and the not-so-great? In this episode of the HIP Podcast, Sean talks with Maarten Goet, Director for Cybersecurity at Wortell, about the importance of starting any ITDR effort with a clear vision of your current strengths and challenges, the benefits and limitations of security “scores,” passwordless authentication, Microsoft Entra, and more.

Do you have a clear picture of your identity security posture—the good and the not-so-great? In this episode of the HIP Podcast, Sean talks with Maarten Goet, Director for Cybersecurity at Wortell, about the importance of starting any ITDR effort with a clear vision of your current strengths and challenges, the benefits and limitations of security “scores,” passwordless authentication, Microsoft Entra, and more.

Everyone's talking about Identity Threat Detection and Response (ITDR) … but what does that mean for people in the IT trenches? In this session, Sean talks with Brian Desmond, Principal at Ravenswood Technology Group, about the various ITDR issues that companies are dealing with today and where the greatest challenges lie for identity pros and organizations alike.

Everyone's talking about Identity Threat Detection and Response (ITDR) … but what does that mean for people in the IT trenches? In this session, Sean talks with Brian Desmond, Principal at Ravenswood Technology Group, about the various ITDR issues that companies are dealing with today and where the greatest challenges lie for identity pros and organizations alike.

Recent reports indicate a decrease in ransomware attacks. Should organizations breathe a sigh of relief—or batten down the hatches? In this episode, Sean talks with Alix Weaver, Solutions Architect at Semperis, about the ways that ransomware gangs are reinventing themselves and changing tactics and why ransomware as a service is gaining traction.

Recent reports indicate a decrease in ransomware attacks. Should organizations breathe a sigh of relief—or batten down the hatches? In this episode, Sean talks with Alix Weaver, Solutions Architect at Semperis, about the ways that ransomware gangs are reinventing themselves and changing tactics and why ransomware as a service is gaining traction.

Is cloud security an oxymoron? In this panel session, originally recorded at the inaugural HIP Europe event, Sean Deuby talks with Semperis Chief Technologist Guido Grillenmeier; Jorge de Almeida Pinto, Lead Identity/Security Consultant, IAM Technologies; Tony Redmond, Owner and Principal at Redmond & Associates; and Jan De Clercq, Senior Security Architect and Distinguished Technologist at Hewlett Packard Enterprise. Listen in as they discuss the evolution of enterprise trust in cloud security and the effect of cloud-service breaches on user trust.

Is cloud security an oxymoron? In this panel session, originally recorded at the inaugural HIP Europe event, Sean Deuby talks with Semperis Chief Technologist Guido Grillenmeier; Jorge de Almeida Pinto, Lead Identity/Security Consultant, IAM Technologies; Tony Redmond, Owner and Principal at Redmond & Associates; and Jan De Clercq, Senior Security Architect and Distinguished Technologist at Hewlett Packard Enterprise. Listen in as they discuss the evolution of enterprise trust in cloud security and the effect of cloud-service breaches on user trust.

How successful are recent efforts to elevate identity security among enterprises across the United States? IDS Alliance surveyed 500+ security and identity professionals to find out. In this session of the HIP Podcast, Julie Smith, Executive Director of the Identity Defined Security Alliance, speaks with Sean Deuby about the trends revealed in the Alliance's new 2022 Trends in Security Digital Identities report.

How successful are recent efforts to elevate identity security among enterprises across the United States? IDS Alliance surveyed 500+ security and identity professionals to find out. In this session of the HIP Podcast, Julie Smith, Executive Director of the Identity Defined Security Alliance, speaks with Sean Deuby about the trends revealed in the Alliance's new 2022 Trends in Security Digital Identities report.

Security architectures depend on identity—the “new security boundary.” Yet despite investment in identity and attempts to drive a sustainable identity culture, significant security breaches and friction still exist, given competing priorities and views on value. In this session of the HIP Podcast, Sean revisits his chat with Denis Ontiveros Merlo, originally recorded during a Hybrid Identity Protection Conference. Join Sean and Denis as they delve into the challenges of creating a sustainable identity culture. Is the identity profession designing products that promote the right user behavior? By using behavioral economics and heuristics—rules of thumb or mental shortcuts to make a quick decision—are we focusing on the wrong problems and reinforcing cognitive bias? Denis presents some examples of anti-patterns to consider when tackling visible operational identity issues.

Security architectures depend on identity—the “new security boundary.” Yet despite investment in identity and attempts to drive a sustainable identity culture, significant security breaches and friction still exist, given competing priorities and views on value. In this session of the HIP Podcast, Sean revisits his chat with Denis Ontiveros Merlo, originally recorded during a Hybrid Identity Protection Conference. Join Sean and Denis as they delve into the challenges of creating a sustainable identity culture. Is the identity profession designing products that promote the right user behavior? By using behavioral economics and heuristics—rules of thumb or mental shortcuts to make a quick decision—are we focusing on the wrong problems and reinforcing cognitive bias? Denis presents some examples of anti-patterns to consider when tackling visible operational identity issues.

The AADInternals toolkit is a powerful resource for administering and hacking Azure AD. In this episode of the HIP Podcast, Sean talks with Dr. Nestori Syynimaa, AADInternals creator and Sr Principal Security Researcher at Secureworks Counter Threat Unit (CTU). Join them as they discuss how red and blue teams can use the toolkit to explore and improve Azure AD and tenant security—plus the implications of Microsoft's recent decision to deploy security defaults to all tenants that don't have conditional access policies in place.

The AADInternals toolkit is a powerful resource for administering and hacking Azure AD. In this episode of the HIP Podcast, Sean talks with Dr. Nestori Syynimaa, AADInternals creator and Sr Principal Security Researcher at Secureworks Counter Threat Unit (CTU). Join them as they discuss how red and blue teams can use the toolkit to explore and improve Azure AD and tenant security—plus the implications of Microsoft's recent decision to deploy security defaults to all tenants that don't have conditional access policies in place.

Hopefully, your organization has a disaster recovery plan. But do you have a plan for operational resilience? In this HIP Podcast session, Simon Hodgkinson, former CISO at bp and a strategic advisor at Semperis, explains why organizations that focus on operational resilience and disaster recovery are better prepared to weather cyberattacks—and where Active Directory fits into the resiliency picture.

Hopefully, your organization has a disaster recovery plan. But do you have a plan for operational resilience? In this HIP Podcast session, Simon Hodgkinson, former CISO at bp and a strategic advisor at Semperis, explains why organizations that focus on operational resilience and disaster recovery are better prepared to weather cyberattacks—and where Active Directory fits into the resiliency picture.

What do flossing your teeth and combatting application security vulnerabilities have in common? We find out in this session of the HIP Podcast, featuring IAM expert Daniel Stefaniak, Senior Product Manager for Identity and Access Management, Domino Data Lab. A former premier field engineer for Azure AD and program manager on the Microsoft Identity product team, Daniel talks with Sean about how a focus on performance over security paves the way for application breaches, combatting multifactor authentication (MFA) fatigue, and how Azure AD handles MFA.

IDPro has become the organization for identity pros looking for career support, development, and all-around comradery. From conducting an annual survey on the “pulse of the industry” to creating an expert Body of Knowledge to developing an IAM-specific certification—the Certified Identity Profession (CIDPRO) program, IDPro offers a wealth of resources for identity pros at every level.  In this session of the HIP Podcast, Sean talks with IDPro founder (and Salesforce Senior VP of Identity Product Management) Ian Glazer about IDPro's origins and ongoing mission, the importance of vendor-neutral training materials, and what's next for the organization. 

The life-or-death demands of the healthcare industry complicate identity security. The COVID-19 pandemic, increasing popularity of remote care and Internet of Medical Things (IoMT) devices, and proliferation of ransomware attacks have heightened the healthcare industry's urgent need for strong hybrid identity security strategies. In this session of the HIP Podcast, Sean talks with Marty Momdjian, Healthcare Solutions Advisor, Sirius Computer Solutions, about the importance of incident preparedness and response plan that meets the unique needs of the business, clinicians, and patients while securing Active Directory in a hybrid environment and providing clinical application resiliency and availability.

In today's world, attacks are inevitable, and breaches are probable. The temptation to return to normal operations as quickly as possible is real, but there are significant risks if your recovery simply restores the malware of the original breach. This episode of the HIP Podcast provides real-world, actionable guidance on the right way to recover from Yishai Gerstle, Semperis Security Product Manager, based on his years of incident response, breach prevention, and security solution development.

What should you tackle first in locking down Active Directory from cyberattacks? In this webinar excerpt, Sean Deuby (Semperis Director of Services) and Brian Desmond (Principal of Ravenswood Technology Group) share tips for five actions you can take now to significantly improve your security posture: 1) implement good identity processes, 2) ensure that trust settings are reviewed to close security gaps, especially in environments with mergers and acquisitions, 3) plan and test your AD backup and recovery strategy, 4) check your Kerberos settings, and 5) deter lateral movement by cyberattackers.

Endpoint detection and response (EDR) is quickly evolving into extended detection and response (XDR). That means that identity is moving to the center of your security approach. In this episode, Paul Lanzi, Co-founder and COO at Remediant, discusses the new capabilities available in XDR solutions and how the ability to gain granular control at the identity level is a game-changer for security teams facing modern threats.

Protection from ransomware often starts with preventing unapproved applications from running on systems. However, the ability to restrict which applications can run is often a difficult process, full of holes and unforeseen vulnerabilities. In this episode of the HIP Podcast, Sean Deuby (Semperis Director of Services) and Alan Sugano, President, ADS Consulting Group, discuss how to develop a successful strategy for designating allowed applications to increase security and dramatically reduce risk.

When cybercriminals take down your organization, you might have your technical response plan locked and loaded. But who's calling the shots on when to bring the network offline for remediation efforts? Especially in multinational organizations, the decision-making process for cyberattack incident response isn't always clearly defined. Any confusion about who makes critical decisions will hinder a fast response. As a follow-on to a previous HIP Podcast session about developing a technical response plan to a cyberattack, Sean Deuby chats with Benjamin Cauwel (Accenture Senior Security Manager) about how organizations can accelerate incident response by developing a decision-making plan that takes into consideration various factors such as different entities, different time zones, different languages, and different national cybersecurity governing bodies.

What has changed about Active Directory disaster recovery since Gil Kirkpatrick and Guido Grillenmeier—aka the "Masters of Disaster"—first wrote the book on how to recover AD from scratch in "The Definitive Guide to Active Directory Disaster Recovery"? In this session, Sean Deuby leads a discussion with Kirkpatrick and Grillenmeier about the monumental changes in the DR landscape with the onslaught of cyberattacks that target Active Directory, which has exponentially raised the risk level for organizations that don't have a tested AD DR plan in place. In this episode, these AD experts introduce a new whitepaper by Kirkpatrick and Grillenmeier, "Does Your Active Directory Disaster Recovery Plan Cover Cyberattacks?," which covers the reasons AD is vulnerable to cyberattacks and how to recover AD from cyberattacks. Download the whitepaper at https://www.semperis.com/resources/does-your-active-directory-disaster-recovery-plan-cover-cyberattacks/.

Are your organizations' systems at risk from third-party security breaches? The threat of cyberattacks that enter systems through compromises in third-party software or components has dominated cybersecurity discussions since the SolarWinds attack was uncovered in December 2020. In this session, Sean Deuby discusses third-party security risks with Heinrich Smit, Semperis Deputy CISO, whose extensive experience includes developing and implementing end-to-end security solutions for large financial organizations. Smit offers a global perspective on supply-chain dynamics and practical tips for protecting your organization from potential risks associated with third-party vendors.

Is your organization ready to defend against a cyberattack that hits over the holidays? Threat actors love to pounce during the holiday season because organizations often aren't adequately prepared to defend against cyberattacks, with IT staff operating on reduced schedules and less experienced team members stepping in. In this session, Sean talks with Elad Shamir (Semperis Director of Breach Preparedness & Response) about how organizations can close common attack entry points this holiday season.

In a cloud environment, securing privileged identities and DevOps pipelines with privileged access requires special attention. In this session, Sean Deuby and Gil Kirkpatrick (Semperis Chief Architect) discuss Microsoft's current guidance for securing privileged access in Microsoft Azure with Thomas Naunheim (Cloud Architect at glueckkanja-gab AG). They cover how to design a secure foundation for privileged identities, including how to prevent privilege escalation by implementing a well-designed and delegated Azure RBAC model.

Shifting to Azure Active Directory means you're done with worrying about backups, right? Not necessarily. As the Azure cloud service provider, Microsoft is responsible for restoring the Azure AD service if an outage occurs. But in the case of a cyber disaster, your resources—users, groups, services, policies—might get wiped out, leaving your organization at a standstill. At the same time, you scramble to restore these vital components under extreme time pressure. In this HIP Podcast session, Sean and AD expert Doug Davis discuss some common misconceptions about Azure AD backup and recovery. Spoiler alert: the Azure AD Recycle Bin won't save you if your Azure AD resources get wiped out.