Podcasts about Access management

How do all your devices connect and stay safe in the cloud? In this episode, Lois Houston and Nikita Abraham talk with OCI instructors Sergio Castro and Orlando Gentil about the basics of how networks work and the simple steps that help protect them.   You'll learn how information gets from one place to another, why tools like switches, routers, and firewalls are important, and what goes into keeping access secure.   The discussion also covers how organizations decide who can enter their systems and how they keep track of activity.   Cloud Tech Jumpstart: https://mylearn.oracle.com/ou/course/cloud-tech-jumpstart/152992 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu   Special thanks to Arijit Ghosh, David Wright, Kris-Ann Nansen, Radhika Banka, and the OU Studio Team for helping us create this episode. -------------------------------------------- Episode Transcript: 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:25 Lois: Hello and welcome to the Oracle University Podcast! I'm Lois Houston, Director of Innovation Programs with Oracle University, and with me is Nikita Abraham, Team Lead: Editorial Services. Nikita: Hi everyone! In the last episode, we spoke about local area networks and domain name systems. Today, we'll continue our conversation on the fundamentals of networking, covering a variety of important topics.  00:50 Lois: That's right, Niki. And before we close, we'll also touch on the basics of security. Joining us today are two OCI instructors from Oracle University: Sergio Castro and Orlando Gentil. So glad to have you both with us guys. Sergio, with so many users and devices connecting to the internet, how do we make sure everyone can get online? Can you break down what Network Address Translation, or NAT, does to help with this? Sergio: The world population is bigger than 4.3 billion people. That means that if we were to interconnect every single human into the internet, we will not have enough addresses. And not all of us are connected to the internet, but those of us who are, you know that we have more than one device at our disposal. We might have a computer, a laptop, mobile phones, you name it. And all of them need IP addresses. So that's why Network Address Translation exists because it translates your communication from a private IP to a public IP address. That's the main purpose: translate. 02:05 Nikita: Okay, so with NAT handling the IP translation, how do we ensure that the right data reaches the right device within a network? Or to put it differently, what directs external traffic to specific devices inside a network? Sergio: Port forwarding works in a reverse way to Network Address Translation. So, let's assume that this PC here, you want to turn it into a web server. So, people from the outside, customers from the outside of your local area network, will access your PC web server. Let's say that it's an online store. Now all of these devices are using the same public IP address. So how would the traffic be routed specifically to this PC and not to the camera or to the laptop, which is not a web server, or to your IP TV? So, this is where port forwarding comes into play. Basically, whenever it detects a request coming to port, it will route it and forward that request to your PC. It will allow anybody, any external device that wants to access this particular one, this particular web server, for the session to be established. So, it's a permission that you're allowing to this PC and only to this PC. The other devices will still be isolated from that list. That's what port forwarding is. 03:36 Lois: Sergio, let's talk about networking devices. What are some of the key ones, and what role do they play in connecting everything together? Sergio: There's plenty of devices for interconnectivity. These are devices that are different from the actual compute instances, virtual machines, cameras, and IPTV. These are for interconnecting networks. And they have several functionalities. 03:59 Nikita: Yeah, I often hear about a default gateway. Could you explain what that is and why it's essential for a network to function smoothly? Sergio: A gateway is basically where a web browser goes and asks a service from a web server. We have a gateway in the middle that will take us to that web server. So that's basically is the router. A gateway doesn't necessarily have to be a router. It depends on what device you're addressing at a particular configuration. So, a gateway is a connectivity device that connects two different networks. That's basically the functionality.  04:34 Lois: Ok. And when does one use a default gateway? Sergio: When you do not have a specific route that is targeting a specific router. You might have more than one router in your network, connecting to different other local area networks. You might have a route that will take you to local area network B. And then you might have another router that is connecting you to the internet. So, if you don't have a specific route that will take you to local area network B, then it's going to be utilizing the default gateway. It directs data packets to other networks when no specific route is known. In general terms, the default gateway, again, it doesn't have to be a router. It can be any devices. 05:22 Nikita: Could you give us a real-world example, maybe comparing a few of these devices in action, so we can see how they work together in a typical network? Sergio: For example, we have the hub. And the hub operates at the physical layer or layer 1. And then we have the switch. And the switch operates at layer 2. And we also have the router. And the router operates at layer 3. So, what's the big difference between these devices and the layers that they operate in? So, hubs work in the physical layer of the OSI model. And basically, it is for connecting multiple devices and making them act as a single network segment. Now, the switch operates at the data link layer and is basically a repeater, and is used for filtering content by reading the addresses of the source and destination. And these are the MAC addresses that I'm talking about. So, it reads where the packet is coming from and where is it going to at the local area network level. It connects multiple network segments. And each port is connected to a different segment. And the router is used for routing outside of your local area network, performs traffic directing functions on the internet. A data packet is typically forwarded from one router to another through different networks until it reaches its destination node. The switch connects multiple network segments. And each port of the switch is connected to a different segment. And the router performs traffic directing functions on the internet. It takes data from one router to another, and it works at the TCP/IP network layer or internet layer. 07:22 Lois: Sergio, what kind of devices help secure a network from external threats? Sergio: The network firewall is used as a security device that acts as a barrier between a trusted internal network and an untrusted external network, such as the internet. The network firewall is the first line of defense for traffic that passes in and out of your network. The firewall examines traffic to ensure that it meets the security requirements set by your organization, or allowing, or blocking traffic based on set criteria. And the main benefit is that it improves security for access management and network visibility. 08:10 Are you keen to stay ahead in today's fast-paced world? We've got your back! Each quarter, Oracle rolls out game-changing updates to its Fusion Cloud Applications. And to make sure you're always in the know, we offer New Features courses that give you an insider's look at all of the latest advancements. Don't miss out! Head over to mylearn.oracle.com to get started.  08:36 Nikita: Welcome back! Sergio, how do networks manage who can and can't enter based on certain permissions and criteria? Sergio: The access control list is like the gatekeeper into your local area network. Think about the access control list as the visa on your passport, assuming that the country is your local area network. Now, when you have a passport, you might get a visa that allows you to go into a certain country. So the access control list is a list of rules that defines which users, groups, or systems have permissions to access specific resources on your networks.  It is a gatekeeper, that is going to specify who's allowed and who's denied. If you don't have a visa to go into a specific country, then you are denied. Similar here, if you are not part of the rule, if the service that you're trying to access is not part of the rules, then you cannot get in. 09:37 Lois: That's a great analogy, Sergio. Now, let's turn our attention to one of the core elements of network security: authentication and authorization. Orlando, can you explain why authentication and authorization are such crucial aspects of a secure cloud network? Orlando: Security is one of the most critical pillars in modern IT systems. Whether you are running a small web app or managing global infrastructure, every secure system starts by answering two key questions. Who are you, and what are you allowed to do? This is the essence of authentication and authorization. Authentication is the first step in access control. It's how a system verifies that you are who you claim to be. Think of it like showing your driver's license at a security checkpoint. The guard checks your photo and personal details to confirm your identity. In IT systems, the same process happens using one or more of these factors. It will ask you for something you know, like a password. It will ask you for something that you have, like a security token, or it will ask you for something that you are, like a fingerprint. An identity does not refer to just a person. It's any actor, human or not, that interacts with your systems. Users are straightforward, think employees logging into a dashboard. But services and machines are equally important. A backend API may need to read data from a database, or a virtual machine may need to download updates. Treating these non-human identities with the same rigor as human ones helps prevent unauthorized access and improves visibility and security. After confirming your identity, can the system move on to deciding what you're allowed to access? That's where authorization comes in. Once authentication confirms who you are, authorization determines what you are allowed to do. Sticking with the driver's license analogy, you've shown your license and proven your identity, but that doesn't mean that you can drive anything anywhere. Your license class might let you drive a car, not a motorcycle or a truck. It might be valid in your country, but not in others. Similarly, in IT systems, authorization defines what actions you can take and on which resources. This is usually controlled by policies and roles assigned to your identity. It ensures that users or services only get access to the things they are explicitly allowed to interact with. 12:34 Nikita: How can organizations ensure secure access across their systems, especially when managing multiple users and resources?  Orlando: Identity and Access Management governs who can do what in our systems. Individually, authentication verifies identity and authorization grants access. However, managing these processes at scale across countless users and resources becomes a complex challenge. That's where Identity and Access Management, or IAM, comes in. IAM is an overarching framework that centralizes and orchestrates both authentication and authorization, along with other critical functions, to ensure secure and efficient access to resources.  13:23 Lois: And what are the key components and methods that make up a robust IAM system? Orlando: User management, a core component of IAM, provides a centralized Identity Management system for all user accounts and their attributes, ensuring consistency across applications. Key functions include user provisioning and deprovisioning, automating account creation for new users, and timely removal upon departure or role changes. It also covers the full user account lifecycle management, including password policies and account recovery. Lastly, user management often involves directory services integration to unify user information. Access management is about defining access permissions, specifically what actions users can perform and which resources they can access. A common approach is role-based access control, or RBAC, where permissions are assigned to roles and users inherit those permissions by being assigned to roles. For more granular control, policy-based access control allows for rules based on specific attributes. Crucially, access management enforces the principle of least privilege, granting only the minimum necessary access, and supports segregation of duties to prevent conflicts of interest. For authentication, IAM systems support various methods. Single-factor authentication, relying on just one piece of evidence like a password, offers basic security. However, multi-factor authentication significantly boosts security by requiring two or more distinct verification types, such as a password, plus a one-time code. We also have biometric authentication, using unique physical traits and token-based authentication, common for API and web services. 15:33 Lois: Orlando, when it comes to security, it's not just about who can access what, but also about keeping track of it all. How does auditing and reporting maintain compliance? Orlando: Auditing and reporting are essential for security and compliance. This involves tracking user activities, logging all access attempts and permission changes. It's vital for meeting compliance and regulatory requirements, allowing you to generate reports for audits. Auditing also aids in security incident detection by identifying unusual activities and providing data for forensic analysis after an incident. Lastly, it offers performance and usage analytics to help optimize your IAM system.  16:22 Nikita: That was an incredibly informative conversation. Thank you, Sergio and Orlando, for sharing your expertise with us. If you'd like to dive deeper into these concepts, head over to mylearn.oracle.com and search for the Cloud Tech Jumpstart course. Lois: I agree! This was such a great conversation! Don't miss next week's episode, where we'll continue exploring key security concepts to help organizations operate in a scalable, secure, and auditable way. Until next time, this is Lois Houston… Nikita: And Nikita Abraham, signing off! 16:56 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.  

Live from Authenticate 2025, Jeff Steadman and Jim McDonald sit down with Dr. Tina Srivastava, an IDPro board member and co-founder of Badge Inc., for a crucial discussion on the rapidly evolving landscape of identity and authentication.Tina shares her insights on the conference, the evolution from physical hacks to sophisticated AI-driven threats like supercharged phishing, and the current challenges facing the industry. The conversation delves into the complexities of synced Passkeys, the critical vulnerability of account recovery processes, and the slow pace of regulation in keeping up with technology.As a board member for IDPro, Tina highlights the immense value of the practitioner-focused community, the supportive culture within its Slack channels, and makes an exciting announcement about the creation of new member-driven committees to shape the future of the organization. They explore the concept of the "AI arms race" and why identity professionals cannot afford to wait for the next big thing, emphasizing that collaboration and information sharing through communities like IDPro are essential to staying ahead of adversaries.Connect with Tina: https://www.linkedin.com/in/tina-s-8291438a/Find out more about IDPro: https://www.idpro.org/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comChapters00:00 Introduction and Greetings00:16 Highlights from Authenticate 202501:39 FIDO Feud Rematch Discussion03:17 Guest Introduction: Tina Srivastava03:46 Conference Insights and AI Challenges06:16 Regulatory Environment and Passkeys09:11 Phishing and AI Supercharged Attacks12:28 QR Codes and Accessibility Issues13:09 The Importance of Phishing Resistant Authentication22:24 IDPro Community and Practitioner Support25:18 Community Support and Engagement26:26 IDPro's Role in Identity Events27:48 Future Directions for IDPro29:19 Introducing Committees in IDPro30:39 AI and Identity Verification37:07 The Importance of Information Sharing45:35 Public Speaking and Personal Growth50:58 Conclusion and Final ThoughtsKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Tina Srivastava, IDPro, Authenticate 2025, Passkeys, AI, Artificial Intelligence, Cybersecurity, Phishing, Deepfakes, Authentication, Account Recovery, Biometrics, Identity and Access Management, IAM, NIST, Regulation, Identity Verification, Synced Passkeys, FIDO Alliance

This episode is sponsored by HYPR. Visit hypr.com/idac to learn more.In this episode from Authenticate 2025, Jim McDonald and Jeff Steadman are joined by Bojan Simic, Co-Founder and CEO of HYPR, for a sponsored discussion on the evolving landscape of identity and security.Bojan shares his journey from software engineer to cybersecurity leader and dives into the core mission of HYPR: providing fast, consistent, and secure identity controls that complement existing investments. The conversation explores the major themes from the conference, including the push for passkey adoption at scale and the challenge of securely authenticating AI agents.A key focus of the discussion is the concept of "Know Your Employee" (KYE) in a continuous manner, a critical strategy for today's remote and hybrid workforces. Bojan explains how the old paradigm of one-time verification is failing, especially in the face of sophisticated, AI-powered social engineering attacks like those used by Scattered Spider. They discuss the issue of "identity sprawl" across multiple IDPs and why consolidation isn't always the answer. Instead, Bojan advocates for a flexible, best-of-breed approach that provides a consistent authentication experience and leverages existing security tools.Connect with Bojan: https://www.linkedin.com/in/bojansimic/Learn more about HYPR: https://www.hypr.com/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comChapter Timestamps:00:00 - Introduction at Authenticate 202500:23 - Sponsored Episode Welcome: Bojan Simic, CEO of HYPR01:11 - How Bojan Simic Got into Identity and Cybersecurity02:10 - The Elevator Pitch for HYPR04:03 - The Buzz at Authenticate 2025: Passkeys and Securing AI Agents05:29 - The Trend of Continuous "Know Your Employee" (KYE)07:33 - Is Your MFA Program Enough Anymore?09:44 - Hackers Don't Break In, They Log In: The Scattered Spider Threat11:19 - How AI is Scaling Social Engineering Attacks Globally13:08 - When a Breach Happens, Who's on the Hook? IT, Security, or HR?16:23 - What is the Right Solution for Identity Practitioners?17:05 - The Critical Role of Internal Marketing for Technology Adoption22:27 - The Problem with Identity Sprawl and the Fallacy of IDP Consolidation25:47 - When is it Time to Move On From Your Existing Identity Tools?28:16 - The Role of Document-Based Identity Verification in the Enterprise32:31 - What Makes HYPR's Approach Unique?35:33 - How Do You Measure the Success of an Identity Solution?36:39 - HYPR's Philosophy: Never Leave a User Stranded39:00 - Authentication as a Tier Zero, Always-On Capability40:05 - Is Identity Part of Your Disaster Recovery Plan?41:36 - From the Ring to the C-Suite: Bojan's Past as a Competitive Boxer47:03 - How to Learn More About HYPRKeywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Bojan Simic, HYPR, Passkeys, Know Your Employee, KYE, Continuous Identity, Identity Verification, Authenticate 2025, Phishing Resistant, Social Engineering, Scattered Spider, AI Security, Identity Sprawl, Passwordless Authentication, FIDO, MFA, IDP Consolidation, Zero Trust, Cybersecurity, IAM, Identity and Access Management, Enterprise Security

In this episode, Jim McDonald and Jeff Steadman are joined by Steve Rennick, Senior Leader for IAM Architecture at Ciena, for a wide-ranging discussion on the most pressing topics in identity today.The conversation kicks off with a practical look at vendor demos, sharing best practices for cutting through the slideware and getting to the heart of a product's capabilities. From there, they dive deep into the complex world of Non-Human Identities (NHI). Steve shares his practitioner's perspective on why NHIs are such a hot topic, the challenges of managing them, and the risks they pose when left unchecked.The discussion covers:Why traditional IAM approaches fail for non-human identities.The importance of visibility and creating a standardized process for NHI creation.The debate around terminology: NHI vs. machine identity vs. service accounts.The reasons for NHI's current prominence, including threat actors shifting focus away from MFA-protected human accounts.Practical, actionable advice for getting a handle on legacy service accounts.The emerging challenge of IAM for AI and the complexities of managing agentic AI.The critical role of authorization and the future of policy-based access control.Whether you're struggling with service account sprawl, preparing for an AI-driven future, or just want to run more effective vendor demos, this episode is packed with valuable insights.Connect with Steve: https://www.linkedin.com/in/steven-rennick/ARIA (Agent Relationship-Based Identity & Authorization) LinkedIn Post from Patrick Parker: https://www.linkedin.com/posts/patrickparker_ai-agent-authorization-activity-7335265428774031360-braE/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comCHAPTER TIMESTAMPS:00:00:10 - Introduction & The Art of the Vendor Demo00:08:02 - Steve Rennick's Take on Vendor Demos00:12:39 - Formal Introduction: Steve Rennick00:14:45 - Recapping the Identiverse Squabble Game Show00:17:22 - The Hot Topic of Non-Human Identities (NHI)00:22:22 - Is NHI a Joke or a Serious Framework?00:26:41 - The Controversy Around the Term "NHI"00:30:24 - How to Simplify NHI for Practitioners00:34:06 - First Steps for Getting a Handle on NHI00:37:20 - Can Active Directory Be a System of Record for NHI?00:45:08 - Why is NHI a Hot Topic Right Now?00:51:19 - The Challenge of Cleaning Up Legacy NHIs00:58:00 - IAM for AI: Managing a New Breed of Identity01:03:33 - The Future is Authorization01:06:22 - The Zero Standing Privilege Debate01:10:39 - Favorite Dinosaurs and OutroKEYWORDS:NHI, Non-Human Identity, Machine Identity, Service Accounts, Vendor Demos, IAM for AI, Agentic AI, Authorization, Zero Trust, Zero Standing Privilege, Secrets Management, IAM Strategy, Cybersecurity, Identity and Access Management, Steve Rennick, Ciena, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

In 2025 identity has become the new (security) perimeter, making identity security attacks a primary threat vector for organisations throughout the region. Threat actors are targeting user credentials and privileged access pathways, moving beyond traditional network-based assaults to exploit identities as the weakest link. This is forcing CISOs to re-evaluate their defence-in-depth strategies, with a pronounced focus on securing privileged access management (PAM) as a critical control point. As organisations adopt zero trust architectures, we are seeing just-in-time and just-enough-access privileges becoming standard practice. But what about the use of AI in identity management?In this PodChats for FutureCISO, we are joined by Nigel Tan, Delinea's director of sales engineering in APAC, shares his views on how is AI altering identity and access management strategies?1.       Before we start, give us the 30-second elevator pitch of who Delinea is.2.       How is AI Redefining Identity and Access Management?3.       Please identify emerging AI-driven IAM use cases in Southeast Asia and Hong Kong? 4.       How do you see Agentic AI potentially changing Privileged Access Management (PAM)?5.       We may have covered this in the earlier questions, what are the cybersecurity risks of AI-Enhanced IAM? Please cite 2025 incidents on the same topic.6.       Efforts are underway to come up with regional regulations around AI use. Can we expect something similar around AI in IAM?7.       Can AI improve IAM for hybrid workforces?8.       You mentioned earlier about identity access rights that have become dormant. What role would GenAI/Agentic AI play in identity lifecycle management?9.       Deepfake cases are growing in Asia. How should CISOs prepare for AI-enabled identity fraud?10.   What skills will security teams need for AI-driven IAM? How about endusers?11.   What is the future of AI in IAM for Southeast Asia and Hong Kong?

In this episode of Security Matters, Chris Schueler, CEO of Cyderes, joins host David Puner for a dive into the evolving challenges of enterprise security. The conversation explores the dangers of privilege creep, the explosion of machine identities, and why accountability at every point of interaction is essential for building resilient teams and systems. Chris shares insights on the risks of unmanaged access, the impact of AI and automation on both defense and attack strategies, and practical advice for CISOs and boards on managing identity risk while enabling business transformation. Whether you're a security leader, practitioner, or simply interested in the future of cybersecurity, this episode delivers actionable guidance and fresh perspectives on safeguarding your organization's reputation, continuity, and trust.

Send us a textArt Poghosyan shares his journey from IT security consultant to CEO of Britive, a cloud-native identity and access management company. His experience during economic downturns shaped his understanding of how cybersecurity services remain resilient through various market cycles.• Started in IT security right after completing a master's in technology risk management• Worked with early IAM solutions including LDAP directories, SSO, and authentication systems• Founded Advanced Technology Solutions focusing on IAM implementation services• Identified growing challenges with traditional IAM solutions in cloud environments• Created Britive to address cloud-native identity management challenges• Witnessed explosion of machine identities in cloud environments creating security risks• Now focused on securing new identity types including AI and agentic identities• Cybersecurity consulting proves relatively recession-proof as security needs persist in both growth and contraction• Capital One AWS breach highlighted risks of excessive privileges in cloud environments• Current focus includes securing agent-to-agent interactions in AI systemsConnect with Art on LinkedIn or email him at art@britive.com to learn more about Britive's solutions for cloud and AI identity challenges. 

Send us a textReady to master the critical domain of Identity and Access Management for your CISSP exam? This comprehensive rapid review demystifies Domain 5, which accounts for 13% of all exam questions—knowledge you absolutely cannot skip.Dive deep into the fundamentals as we explore controlling physical and logical access to assets—from information systems to facilities. Discover how properly implemented controls protect your most sensitive data through classification, encryption, and permissions. As one cybersecurity veteran wisely notes, "It's all about the data," and this episode equips you with the frameworks to protect it.The podcast meticulously unpacks identity management implementation, breaking down authentication types, session management, and credential systems. You'll grasp the differences between single-factor and multi-factor authentication and understand why accountability through proper logging and auditing is non-negotiable in today's security landscape.We explore deployment models that fit various organizational needs—from on-premise solutions offering complete control to cloud-based options providing scalability, along with the increasingly popular hybrid approach. The episode clarifies authorization mechanisms including role-based access control (RBAC), rule-based access control, mandatory access controls (MAC), and discretionary access controls (DAC)—essential knowledge for implementing proper security boundaries.Particularly valuable is our breakdown of authentication systems and protocols—OAuth, OpenID Connect, SAML, Kerberos, RADIUS, and TACACS+—demystifying their purposes and applications in real-world scenarios. Whether you're a seasoned security professional or preparing for your certification, this episode delivers the practical knowledge you need.Ready to accelerate your CISSP journey? Visit CISSPcybertraining.com for free resources including podcasts, study plans, and 360 practice questions—plus premium content with over 50 hours of focused training. This episode isn't just exam prep; it's a masterclass in identity and access management principles you'll apply throughout your cybersecurity career.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In the near future, less than 10% of access will come from humans, the rest will be agents? What happens when your next user isn't human? In this episode of the #ZeroToInfinity podcast, Pranay Desai sits down with Satya Devarakonda and Ravi Madabhushi, founders of ScaleKit, to decode a fundamental shift in software: the rise of agents as first-class users. Humans log in and out with predictable patterns. Agents are transient, transactional, and unpredictable, hitting systems hundreds of times a minute. ScaleKit's modular approach is built for this new reality, where AI agents, not humans, dominate usage. Satya and Ravi bring rare scar tissue and foresight. From PipeMog in 2013, to FreshID at Freshworks, to now ScaleKit, they've spent a decade solving identity and access at scale, and are rethinking it for an agent-first world. The duo also shares what it means to build again as second-time founders: why distribution matters more than product, what they've unlearned from Freshworks, and how agents are evolving from assistants into colleagues who accelerate productivity.

In 2025 identity has become the new (security) perimeter, making identity security attacks a primary threat vector for organisations throughout the region. Threat actors are targeting user credentials and privileged access pathways, moving beyond traditional network-based assaults to exploit identities as the weakest link. This is forcing CISOs to re-evaluate their defence-in-depth strategies, with a pronounced focus on securing privileged access management (PAM) as a critical control point. As organisations adopt zero trust architectures, we are seeing just-in-time and just-enough-access privileges As organisations mature in their understanding and use of AI, FutureCISO becoming standard practice. But what about the use of AI in identity management?In this PodChats for FutureCISO, we are joined by Nigel Tan, Delinea's director of sales engineering in APAC, shares his views on how is AI altering identity and access management strategies?1.       Before we start, give us the 30-second elevator pitch of who Delinea is.2.       How is AI Redefining Identity and Access Management?3.       Please identify emerging AI-driven IAM use cases in Southeast Asia and Hong Kong? 4.       How do you see Agentic AI potentially changing Privileged Access Management (PAM)?5.       We may have covered this in the earlier questions, what are the cybersecurity risks of AI-Enhanced IAM? Please cite 2025 incidents on the same topic.6.       Efforts are underway to come up with regional regulations around AI use. Can we expect something similar around AI in IAM?7.       Can AI improve IAM for hybrid workforces?8.       You mentioned earlier about identity access rights that have become dormant. What role would GenAI/Agentic AI play in identity lifecycle management?9.       Deepfake cases are growing in Asia. How should CISOs prepare for AI-enabled identity fraud?10.   What skills will security teams need for AI-driven IAM? How about endusers?11.   What is the future of AI in IAM for Southeast Asia and Hong Kong?

This episode is sponsored by P0 Security. Visit p0.dev/idac to learn why P0 is the easiest and fastest way to implement just-in-time, short-lived, and auditable access to your entire infrastructure stack, like servers, databases, Kubernetes clusters, cloud consoles, and cloud services, for users as well as non-human identities.In this sponsor spotlight episode, Jim and Jeff are joined by Shashwat Sehgal, CEO and founder of P0 Security, to discuss the evolving challenges of privileged access management in modern, cloud-native environments. Shashwat explains how traditional PAM solutions often create friction for developers, leading to over-provisioning and security risks, and how P0 is tackling this problem with a developer-first, just in time (JIT) access model. The conversation covers the core problems with developer productivity, how P0's use of technologies like eBPF provides deep visibility and control without agents, the "Priority Zero" philosophy, and how a JIT approach simplifies audits and compliance. They also discuss the competitive landscape and what sets P0 Security apart from traditional and open-source solutions.Learn more about P0: https://www.p0.dev/idacConnect with Shashwat: https://www.linkedin.com/in/shashwatsehgal/Chapter Timestamps:00:00 - Podcast Intro00:29 - Sponsor Introduction: P0 Security01:38 - What is the problem P0 Security is trying to solve?03:52 - Defining "Just-in-Time" (JIT) Access06:21 - The challenge with traditional PAM for developers08:23 - How P0 provides access without agents using eBPF12:15 - What does the user experience look like?15:58 - Supporting various infrastructure and access protocols19:15 - How does P0 handle session recording and auditing?22:20 - Is this a replacement for Privileged Access Management (PAM)?26:40 - The story behind the name P0 Security29:20 - Who is the ideal customer for P0?33:15 - Handling break-glass scenarios36:04 - Discussing the competitive landscape42:30 - How is P0 deployed? (Cloud vs. On-prem)46:50 - The future of P0 and the "Priority Zero" philosophy50:32 - Final thoughts: "Access is our priority zero."Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywords:P0 Security, Shashwat Sagal, Privileged Access Management, PAM, Just-in-Time Access, JIT, Developer Security, Cloud-Native Security, Hybrid Cloud, eBPF, Kubernetes, IAM, Identity and Access Management, Cybersecurity, Zero Trust, Ephemeral Access, Developer Experience, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

At Black Hat 2025, Sean Martin sits down with Ofir Stein, CTO and Co-Founder of Apono, to discuss the pressing challenges of identity and access management in today's hybrid, AI-driven environments. Stein's background in technology infrastructure and DevOps, paired with his co-founder's deep cybersecurity expertise, positions the company to address one of the most common yet critical problems in enterprise security: how to secure permissions without slowing the pace of business.Organizations often face a tug-of-war between security teams seeking to minimize risk and engineering or business units pushing for rapid access to systems. Stein explains that traditional approaches to access control — where permissions are either always on or granted through manual processes — create friction and risk. Over-provisioned accounts become prime targets for attackers, while delayed access slows innovation.Apono addresses this through a Zero Standing Privilege approach, where no user — human or non-human — retains permanent permissions. Instead, access is dynamically granted based on business context and automatically revoked when no longer needed. This ensures engineers and systems get the right access at the right time, without exposing unnecessary attack surfaces.The platform integrates seamlessly with existing identity providers, governance systems, and IT workflows, allowing organizations to centralize visibility and control without replacing existing tools. Dynamic, context-based policies replace static rules, enabling access that adapts to changing conditions, including the unpredictable needs of AI agents and automated workflows.Stein also highlights continuous discovery and anomaly detection capabilities, enabling organizations to see and act on changes in privilege usage in real time. By coupling visibility with automated policy enforcement, organizations can not only identify over-privileged accounts but also remediate them immediately — avoiding the cycle of one-off audits followed by privilege creep.The result is a solution that scales with modern enterprise needs, reduces risk, and empowers both security teams and end users. As Stein notes, giving engineers control over their own access — including the ability to revoke it — fosters a culture of shared responsibility for security, rather than one of gatekeeping.Learn more about Apono: https://itspm.ag/apono-1034Note: This story contains promotional content. Learn more.Guest:Ofir Stein, CTO and Co-Founder of Apono | On LinkedIn: https://www.linkedin.com/in/ofir-stein/ResourcesLearn more and catch more stories from Apono: https://www.itspmagazine.com/directory/aponoLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: sean martin, ofir stein, apono, zero standing privilege, access management, identity security, privilege creep, just in time access, ai security, governance, cloud security, black hat, black hat usa 2025, cybersecurity, permissions

Access management is not just a security measure – it's a strategic business function that impacts both innovation and operational efficiency for businesses of all sizes. In this episode, Vasili Kourelos, lead of the Eastern Canada business unit for Salto North America, explores the different types, benefits and drawbacks of access management systems, addressing security considerations, misconceptions and future trends. 

Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple. In this episode of Apple @ Work, Sergio Sousa and Alcyr Araujo join the show to discuss the challenges small businesses face with access control and management for apps and services, and why they launched AccessMule. Show Notes SMB Survey on Access Management Listen and subscribe Apple Podcasts Overcast Spotify Pocket Casts Castro RSS Listen to Past Episodes

This episode is sponsored by Natoma. Visit https://www.natoma.id/ to learn more.Join Jeff from the IDAC Podcast as he dives into a deep conversation with Paresh Bhaya, the co-founder of Natoma. In this sponsored episode, Paresh shares his journey into the identity space, discusses how Natoma helps enterprises accelerate AI adoption without compromising security, and provides insights into the rising importance of MCP and A2A protocols. Learn about the challenges and opportunities at the intersection of AI and security, the importance of dynamic access controls, and the significance of ensuring proper authentication and authorization in the growing world of agentic AI. Paresh also delights us with his memorable hike up Mount Whitney. Don't miss out!00:00 Introduction and Sponsor Announcement00:34 Guest Introduction: Paresh Bhaya from Natoma01:14 Paresh's Journey into Identity04:04 Natoma's Mission and AI Security06:25 The Story Behind Natoma's Name09:29 Natoma's Unique Approach to AI Security18:32 Understanding MCP and A2A Protocols25:20 Community Development and Adoption25:56 Agent Interactions and Security Challenges27:19 Navigating Product Development29:17 Ensuring Secure Connections36:10 Deploying and Managing MCP Servers42:40 Shadow AI and Governance44:17 Personal Anecdotes and ConclusionConnect with Paresh: https://www.linkedin.com/in/paresh-bhaya/Learn more about Natoma: https://www.natoma.id/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comKeywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Natoma, Paresh Bhaya, Artificial Intelligence, AI, AI Security, Identity and Access Management, IAM, Enterprise Security, AI Adoption, Technology, Innovation, Cybersecurity, Machine Learning, AI Risks, Secure AI, #idac

In this episode of Identity at the Center, recorded live from Identiverse 2025 in Las Vegas, Jim McDonald and Jeff Steadman are joined by special guests Diane Vicezar and Arynn Crow. Diane is a recent recipient of the Digital Identity Advancement Foundation's (DIAF) prestigious Kim Cameron Award, and Arynn is the Director of Governance and Transparency for DIAF.Join us for a conversation about breaking into the identity and access management (IAM) industry. Diane shares her journey from a college intern at Microsoft to a full-time employee in the identity space, and what her experience has been like as a first-time attendee at Identiverse. Arynn provides valuable insights into the mission of DIAF, which aims to make professional development in identity more accessible through merit-based awards like the Kim Cameron Award for newcomers and the Victoria O'Connor Award for established professionals.The group discusses the critical question of how the industry can attract new talent. Do people choose a career in identity, or does it choose them? They explore the importance of outreach to universities, the power of social media, and reframing the narrative around identity to focus on its mission-driven impact on society. From career ceilings and the role of AI to favorite conference sessions and hallway conversations, this episode is packed with insights for both seasoned professionals and those just starting their identity journey.Chapter Timestamps00:00:10 - Welcome to Identiverse 202500:02:21 - Introducing Diane Vicezar and Arynn Crow00:03:00 - What is the Digital Identity Advancement Foundation (DIAF)?00:05:33 - Diane's Experience as a Kim Cameron Award Winner00:07:26 - The Legacy of Kim Cameron and Vittorio Bertocci00:10:17 - How Did You Get Into Identity?00:12:08 - How to Attract New Talent to the Identity Industry00:16:51 - Reframing the Conversation Around Identity's Mission00:20:27 - Is There a Career Ceiling in Identity?00:22:34 - Advice for Those Starting Their Career in Identity00:27:10 - The Future of AI in the Identity Industry00:28:32 - Favorite Sessions at Identiverse 202500:34:15 - If You Were a Potato, How Would You Be Prepared?00:36:20 - Closing RemarksConnect with Diana: https://www.linkedin.com/in/dianavicezar/Connect with Arynn: https://www.linkedin.com/in/arynn-crow-821761103/Learn more about the Digital Identity Advancement Foundation: https://digitalidadvancement.org/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Diane Vicezar, Arynn Crow, Digital Identity Advancement Foundation, DIAF, Kim Cameron Award, Identiverse 2025, Identity and Access Management, IAM, Career in Identity, Cybersecurity, Professional Development, Women in Identity, Identity Industry, Microsoft, AI in Identity, FIDO, Passkeys, Verifiable CredentialsHashtags#idac #Identiverse #DigitalIdentity #IAM #Cybersecurity #CareerDevelopment #WomenInTech #DIAF #KimCameronAward

RKON Chief Revenue Officer, Brian Jeffords, sits down with Chief Information Security Officer, Gerard Onorato, and Director of IAM & Zero Trust, Duane Clouse, to unpack how organizations are navigating the growing complexity of Identity and Access Management. Together, they explore the challenges of managing identities across hybrid environments, diverse tools, and expanding user types—while addressing mounting regulatory pressure, evolving cyber threats, and the accelerating pace of technology.

This episode is sponsored by Trusona. Visit trusona.com/idac to learn more.In this episode of the Identity of the Center podcast, Jeff and Jim discuss identity verification challenges with Ori Eisen, the founder and CEO of Trusona. The conversation explores the problems surrounding help desk authentication and how Trusona's new product, ATO Protect, aims to address these issues by confirming caller identities, even in scenarios involving social engineering and advanced AI threats. Ori explains the technology behind document scanning, data triangulation, and geolocation to validate identities. The episode also includes an intriguing hack challenge for listeners to test the robustness of Trusona's solutions. Check out the detailed demo on Trusona's website and join the challenge!Timestamps00:00 Introduction and Episode Excitement01:16 Introducing the Guest: Ori Eisen from Trusona02:11 The Problem with Passwordless Authentication03:53 The Rise of Gen AI and Its Impact on Security04:51 Understanding ATO Protect and Its Importance16:10 How ATO Protect Works: A Step-by-Step Guide27:51 The Puppeteering Scam Unveiled28:24 Fingerprinting the Fraudsters29:11 Real-Time Fraud Detection Demo29:42 Challenges in Penetration Testing30:08 Combating Man-in-the-Middle Attacks30:41 The Ultimate Security Challenge33:44 Verifying Caller Identity41:24 Future Threats in Cybersecurity42:10 AI: The Double-Edged Sword49:08 Issuing the Hack Challenge52:45 Conclusion and Final ThoughtsConnect with Ori: https://www.linkedin.com/in/orieisen/Learn more about Trusona: https://www.trusona.com/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comKeywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Trusona, Ori Eisen, Identity Verification, Help Desk Security, Service Desk, Passwordless, Authentication, KBA, Knowledge-Based Authentication, Cybersecurity, Identity and Access Management, IAM, Multi-Factor Authentication, MFA, Zero Trust, Identity Proofing#IDAC #Trusona #Passwordless #Cybersecurity #IdentityManagement #HelpDesk #ZeroTrust

Andrej Safundzic, Gründer von Lumos, spricht mit Mike Mahlkow über seinen beeindruckenden Weg von Social Enterprises in Uganda über die deutsche Bundesregierung bis hin zum Silicon Valley. Mit 65 Millionen Dollar Funding baut er heute eine der innovativsten Cyber-Security-Lösungen. Andrej teilt tiefe Einblicke in die Zukunft der Cyber-Security, die Bedeutung von AI-Agents und warum Deutschland der beste zweite Standort für Tech-Unternehmen werden sollte. Was du lernst: Von Deutschland in die Welt: Wie Andrej erst Social Enterprises in Uganda gründete Warum er Tech4Germany aufbaute und vom Bundeskanzleramt übernommen wurde Cyber-Security und AI: Warum Identity & Access Management durch AI-Agents wichtiger wird Wie sich Cyber-Angriffe durch Voice-AI und Social Engineering verändern Deutschland vs. Silicon Valley: Warum Deutschland der beste zweite Standort für Tech-Unternehmen werden sollte Die Bedeutung von Qualität und Nachhaltigkeit im deutschen Markt Story-Led Companies: Wie Lumos durch eine klare Vision und Story Mitarbeiter begeistert Warum Cyber-Security der neue "Polizist" der digitalen Welt ist AI-Transformation: Wie Unternehmen sich auf die AI-Revolution vorbereiten sollten Die Bedeutung von frühem Experimentieren mit neuen Technologien ALLES ZU UNICORN BAKERY: https://zez.am/unicornbakery  Mehr zu Andrej: LinkedIn: https://www.linkedin.com/in/andrejsafundzic/  Website: https://www.lumos.com/  Mehr zum Co-Host Mike: LinkedIn: https://www.linkedin.com/in/mikemahlkow/  Website: https://fastgen.com Join our Founder Tactics Newsletter: 2x die Woche bekommst du die Taktiken der besten Gründer der Welt direkt ins Postfach: https://www.tactics.unicornbakery.de/  Kapitel: (00:00:00) Wer ist Andrej Safundzic? (00:01:17) Warum gründet man ein Startup in Uganda? (00:03:36) Vom Bundeskanzleramt gekauft (00:11:27) Von Deutschland in die USA: Warum San Francisco? (00:21:30) Die Gefahr von Voice-Agents & Cyber-Angriffen (00:29:52) Bis zu welcher Gefahr deckt Lumos die Sicherheit ab? (00:36:00) Die nächste Stufe der Sicherheit (00:40:33) Lumos als Story-led Company

Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple. In this episode of Apple @ Work, I talk with David Faugno from 1Password about the company's recent announcements at RSAC. Links 1Password Introduces Agentic AI Security for the Next Era of Enterprise Automation 1Password and Drata's Strategic Partnership Closes the Access-Trust Gap with Unified Security and Compliance 1Password Delivers the Next Generation of Access Security with New Extended Access Management Platform Capabilities Listen and subscribe Apple Podcasts Overcast Spotify Pocket Casts Castro RSS Listen to Past Episodes

AI is reshaping cybersecurity as we know it. From sophisticated AI-driven phishing attacks to the amplified risk of insider threats using tools like Copilot, the landscape is shifting at an unprecedented pace. How can security leaders and practitioners adapt?Join Ashish Rajan and Matthew Radolec (Varonis) as they explore the critical challenges and opportunities AI presents. Learn why 86% of attacks involve credential misuse and how AI agents are making it easier than ever for non-technical insiders to exfiltrate data.In this episode, you'll learn about:The "Blast Radius": How AI tools can dramatically increase data exposure.From "Breaking In" to "Logging In": The dominance of credential-based attacks.AI-Powered Social Engineering: The rise of "conversational bait".Copilot Use Cases & "Aha!" MomentsData Integrity in AI: The critical, overlooked pillar of AI security.The Enduring Importance of Access Management in an AI World.Transforming Security Operations: AI for incident response, playbooks, and forensics.Guest Socials - ⁠Matt's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(01:57) New Threat Landscape in Cloud & AI(08:08) Use cases for regulated industries(10:03) Impact of Agentic AI in the cybersecurity space(12:22) Blind spots of going into AI(18:06) Shared responsibility for LLM providers(20:56) Lifting up security programs for AI(27:82) How is incident response changing with AI?(29:30) Cybersecurity areas that will be most impacted by AI(34:43) The Fun SectionThank you to our episode sponsor Varonis

Wer darf eigentlich was? Und sollten wir alle wirklich alles dürfen?Jedes Tech-Projekt beginnt mit einer simplen Frage: Wer darf eigentlich was? Doch spätestens wenn das Startup wächst, Kunden Compliance fordern oder der erste Praktikant an die Produktionsdatenbank rührt, wird Role Based Access Control (RBAC) plötzlich zur Überlebensfrage – und wer das Thema unterschätzt, hat schnell die Rechtehölle am Hals.In dieser Folge nehmen wir das altbekannte Konzept der rollenbasierten Zugriffskontrolle auseinander. wir klären, welches Problem RBAC eigentlich ganz konkret löst, warum sich hinter den harmlosen Checkboxen viel technische Tiefe und organisatorisches Drama verbirgt und weshalb RBAC nicht gleich RBAC ist.Dabei liefern wir dir Praxis-Insights: Wie setzen Grafana, Sentry, Elasticsearch, OpenSearch oder Tracing-Tools wie Jäger dieses Rechtekonzept um? Wo liegen die Fallstricke in komplexen, mehrmandantenfähigen Systemen?Ob du endlich verstehen willst, warum RBAC, ABAC (Attribute-Based), ReBAC (Relationship-Based) und Policy Engines mehr als nur Buzzwords sind oder wissen möchtest, wie du Policies, Edge Cases und Constraints in den Griff bekommst, darum geht es in diesem Deep Dives.Auch mit dabei: Open Source-Highlights wie Casbin, SpiceDB, OpenFGA und OPA und echte Projekt- und Startup-Tipps für pragmatischen Start und spätere Skalierung.Bonus: Ein Märchen mit Kevin und Max, wo auch manchmal der Praktikant trotzdem gegen den Admin gewinnt

In this episode of Identity at the Center, Jeff Steadman and Jim McDonald are joined by Alejandro Leal, Senior Analyst at KuppingerCole, live from the EIC 2025 stage in Berlin, Germany.Alejandro delves into the critical distinctions between misinformation and disinformation, exploring their historical context and how they manifest in today's technological landscape, particularly within social media and legacy media. He discusses the intent behind disinformation, often aimed at creating chaos or confusion, versus misinformation, which can be an unintentional spread of false or inaccurate information.Chapters:00:00:00 Defining Misinformation vs. Disinformation & Historical Context00:02:00 Introduction at EIC 2025 & Guest Welcome00:06:14 The Role of Intent, Generative AI, and Countermeasures00:12:15 Impact of Mis/Disinformation on Business, Politics, and Philosophy00:16:02 How Mis/Disinformation Intersects with Identity Management00:18:07 Balancing Anonymity, Privacy, and Truthful Content Online00:23:09 Connecting to Digital Identity, Verification, and Potential Solutions (AI Labeling, VCs)00:26:45 AI Guardrails, Free Speech vs. Hate Speech, and Authenticity00:29:24 Worst-Case Scenarios and the Global Impact of Mis/Disinformation00:31:24 Actionable Advice: Responsibility and Critical Thinking00:35:38 Book Recommendation: "The Question Concerning Technology"00:39:31 Wrapping Up and Final ThoughtsConnect with Alejandro: https://www.linkedin.com/in/alejandro-leal-a127bb153/The Question Concerning Technology (essay): https://bpb-us-e2.wpmucdn.com/sites.uci.edu/dist/a/3282/files/2018/01/Heidegger_TheQuestionConcerningTechnology.pdfConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Alejandro Leal, KuppingerCole, EIC 2025, Misinformation, Disinformation, Identity and Access Management, IAM, Digital Identity, Cybersecurity, Tech Podcast, Technology Ethics, Generative AI, AI Ethics, Truth in Media, Social Media Responsibility, Privacy Rights, Verifiable Credentials, Critical Thinking Skills, Fake News, Online Safety, Political Disinformation, Business Reputation, Philosophical Tech Discussions, Martin Heidegger, The Question Concerning Technology.

In this episode of Identity at the Center, hosts Jeff Steadman and Jim McDonald are joined by Jerome Thorstenson, IAM Architect with Salling Group, live from EIC 2025 in Berlin! Jerome shares his insights on B2B identity, the challenges of managing access for a complex supply chain, and the importance of an identity-first approach.Discover how Salling Group, operating major labels like Target and Starbucks, handles identity for thousands of employees and external partners. Jerome dives into the complexities of balancing security, user experience, and the practicalities of implementing IGA and ABAC.From navigating the challenges of data quality and high employee turnover to the nuances of transitioning between IGA systems, this episode offers valuable insights for identity practitioners.Chapter Timestamps:00:00:00 - B2B Identity Challenges00:02:14 - Welcome to Identity at the Center from EIC 202500:04:14 - Jerome's Journey into Identity00:05:19 - Salling Group Overview00:06:57 - Securing B2B - Jerome's Presentation00:10:54 - Controlling Access in B2B00:11:41 - Identity as a Product00:14:51 - The Role of the IAM Practitioner00:16:31 - ABAC as a Game Changer00:21:00 - Language Considerations in a European Context00:22:33 - Employee Turnover Challenges00:25:07 - IGA Implementation Insights00:29:28 - Identity Fabric Discussion00:31:21 - Jerome's Caribbean Background00:34:06 - Wrap-up and Contact InformationConnect with Jerome: https://www.linkedin.com/in/jetdk/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, EIC 2025, B2B Identity, Identity First Security, IAM, Identity and Access Management, Supply Chain Security, IGA, ABAC, Attribute-Based Access Control, Role-Based Access Control, Identity Fabric, Digital Identity, Cybersecurity, Data Quality, Employee Turnover, Caribbean

Azure AD is one of the most versatile directory services on the market. To help organizations maximize its capabilities, Azure IAM is offering Azure AD system design consulting for both private and public entities. Learn more at https://azureiam.com/ Azure IAM, LLC City: Sterling Address: P. O. Box 650685 Website: https://azureiam.com

Microsoft Identity Manager is ending - will your business be prepared? Azure IAM can help you make the switch to the Azure or Sailpoint platforms today. To learn how to migrate your data onto a new platform from MIM, visit https://azureiam.com/ Azure IAM, LLC City: Sterling Address: P. O. Box 650685 Website: https://azureiam.com

As organizations embrace hybrid work, SaaS sprawl, and employee-owned devices, traditional Identity and Access Management (IAM) tools are failing to keep up. The rise of shadow IT, unmanaged applications, and evolving cyber threats have created an "Access-Trust Gap", a critical security challenge where IT lacks visibility and control over how employees access sensitive business data. In this episode of Security Weekly, Jeff Shiner, CEO of 1Password, joins us to discuss the future of access management and how organizations must move beyond traditional IAM and MDM solutions. He'll explore the need for Extended Access Management, a modern approach that ensures every identity is authentic, every device is healthy, and every application sign-in is secure, including the unmanaged ones. Tune in to learn how security teams can bridge the Access-Trust Gap while empowering employees with frictionless security. In this topic segment, we discuss the most interesting insights from the 2025 edition of Verizon's DBIR. You can grab your own copy of the report at https://verizon.com/dbir In this week's enterprise security news, Lots of funding announcements as we approach RSA New products The M-Trends also rudely dropped their report the same day as Verizon Supply chain threats Windows Recall is making another attempt MCP server challenges Non-human identities A startup post mortem Remember that Zoom outage a week or two ago? The cause is VERY interesting All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-404

As organizations embrace hybrid work, SaaS sprawl, and employee-owned devices, traditional Identity and Access Management (IAM) tools are failing to keep up. The rise of shadow IT, unmanaged applications, and evolving cyber threats have created an "Access-Trust Gap", a critical security challenge where IT lacks visibility and control over how employees access sensitive business data. In this episode of Security Weekly, Jeff Shiner, CEO of 1Password, joins us to discuss the future of access management and how organizations must move beyond traditional IAM and MDM solutions. He'll explore the need for Extended Access Management, a modern approach that ensures every identity is authentic, every device is healthy, and every application sign-in is secure, including the unmanaged ones. Tune in to learn how security teams can bridge the Access-Trust Gap while empowering employees with frictionless security. In this topic segment, we discuss the most interesting insights from the 2025 edition of Verizon's DBIR. You can grab your own copy of the report at https://verizon.com/dbir In this week's enterprise security news, Lots of funding announcements as we approach RSA New products The M-Trends also rudely dropped their report the same day as Verizon Supply chain threats Windows Recall is making another attempt MCP server challenges Non-human identities A startup post mortem Remember that Zoom outage a week or two ago? The cause is VERY interesting All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-404

As organizations embrace hybrid work, SaaS sprawl, and employee-owned devices, traditional Identity and Access Management (IAM) tools are failing to keep up. The rise of shadow IT, unmanaged applications, and evolving cyber threats have created an "Access-Trust Gap", a critical security challenge where IT lacks visibility and control over how employees access sensitive business data. In this episode of Security Weekly, Jeff Shiner, CEO of 1Password, joins us to discuss the future of access management and how organizations must move beyond traditional IAM and MDM solutions. He'll explore the need for Extended Access Management, a modern approach that ensures every identity is authentic, every device is healthy, and every application sign-in is secure, including the unmanaged ones. Tune in to learn how security teams can bridge the Access-Trust Gap while empowering employees with frictionless security. Show Notes: https://securityweekly.com/esw-404

As organizations embrace hybrid work, SaaS sprawl, and employee-owned devices, traditional Identity and Access Management (IAM) tools are failing to keep up. The rise of shadow IT, unmanaged applications, and evolving cyber threats have created an "Access-Trust Gap", a critical security challenge where IT lacks visibility and control over how employees access sensitive business data. In this episode of Security Weekly, Jeff Shiner, CEO of 1Password, joins us to discuss the future of access management and how organizations must move beyond traditional IAM and MDM solutions. He'll explore the need for Extended Access Management, a modern approach that ensures every identity is authentic, every device is healthy, and every application sign-in is secure, including the unmanaged ones. Tune in to learn how security teams can bridge the Access-Trust Gap while empowering employees with frictionless security. Show Notes: https://securityweekly.com/esw-404

Join AI Jeff and AI Jim on 'Identity at the Center' as they explore the most outrageous and entertaining innovations in identity and access management (IAM) for this special April Fools' episode. From 'Identity at the Center - After Dark' on Diz-Prime-flix to the rise of 'Carrier Pigeon Authentication,' this episode promises a wild ride through the absurdities of digital identity. Don't miss highlights like toaster authentication challenges, karaoke biometric logins, and the surreal 'Session_Expired' club experience. Stay secure and get ready to laugh out loud with the most bizarre IAM content you've ever seen!Chapters00:00:00 Welcome & Introduction00:01:00 Special Announcement: 'Identity at the Center - After Dark' on Diz-Prime-flix00:02:00 News: Biometric Authentication Requires Singing Karaoke00:03:00 Sponsor: SonataSecure - Musical Authentication00:04:00 Sponsor: WhisperGuard - Secure Messaging with AuraScan00:05:00 News: Identity Management Replaced by Carrier Pigeons & Caffeine Level Access Control00:06:00 Sponsor: Fortress of Fabulousness Firewall00:07:00 Sponsor: Zeus's Zero Trust Zenith00:08:00 News: Digital Certificates Require Imaginary Friend Permission & Interpretive Dance Passphrases00:09:00 Sponsor: EgoSphere - Decentralized Identity Platform00:10:00 Sponsor: RoleRescue - Rehabilitate RBAC Systems00:11:00 News: Sentient Corporate Directory 'Dirk' Playing Matchmaker00:12:00 Sponsor: Omni-Identity Nexus - Transdimensional Identity00:13:00 Sponsor: Packet Politeness Protocol00:14:00 News: Principle of Extreme Least Privilege (PELP) & Spirit Animal Check Authentication00:15:00 Sponsor: The Sentient Security Snail00:16:00 News: Quantum Entanglement Authentication & PAM Crowns00:17:00 News: Mandatory Offboarding Serenades00:18:00 Sponsor: AccessStream & Permission Patrol00:19:00 Sponsor: The Great Identity Governance Swamp Romp Webinar00:20:00 News: Fortune Cookie Authentication & Jim's Consciousness Theory00:21:00 City Correspondent Tyler: Session_Expired Club Entry Requirements00:22:00 City Correspondent Tyler: Explaining Human SAML Assertions00:23:00 City Correspondent Tyler: Human SAML Assertions & Club Details00:24:00 City Correspondent Tyler: Session_Expired Club Summary00:25:00 Closing Remarks & OutroConnect with us on LinkedIn:Real Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Real Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywords: Identity and Access Management, digital identity, cybersecurity, AI Jeff, AI Jim, alternative realities, IAM news, April Fool's.

In this interview, we feature some research from Geoff Cairns, an analyst at Forrester Research. This is a preview to the talk he'll be giving at Identiverse 2025 in a few months. We won't have time to cover all the trends, but there are several here that I'm excited to discuss! Deepfake Detection Difficult Zero Trust Agentic AI Phishing resistant MFA adoption Identity Verification Machine Identity Decentralized Identity Post Quantum Shared Signals Segment Resources: The Top Trends Shaping Identity And Access Management In 2025 - (Forrester subscription required) Show Notes: https://securityweekly.com/esw-400

In this interview, we feature some research from Geoff Cairns, an analyst at Forrester Research. This is a preview to the talk he'll be giving at Identiverse 2025 in a few months. We won't have time to cover all the trends, but there are several here that I'm excited to discuss! Deepfake Detection Difficult Zero Trust Agentic AI Phishing resistant MFA adoption Identity Verification Machine Identity Decentralized Identity Post Quantum Shared Signals Segment Resources: The Top Trends Shaping Identity And Access Management In 2025 - (Forrester subscription required) Show Notes: https://securityweekly.com/esw-400

This week, we discuss Apple's AI struggles, the never-ending access management puzzle, and the latest Kubernetes vulnerability. Plus, let's not kill the fun of Vibe Coding. Watch the YouTube Live Recording of Episode (https://www.youtube.com/watch?v=dWt6XwV18v4) 512 (https://www.youtube.com/watch?v=dWt6XwV18v4) Runner-up Titles It's either this or Chips Break glass I'm just making the worst soup Everybody loves a quokka They shipped the product, nobody used it We're at 95% of setting timers Enterprise software fixes everything Vibecoding for Dummies is already in print (not really) Keep Vibe Coding Pure By making it better, you are making it worse I sold high, bought low and it's still low Rundown Apple Media “clutching their pearls” Apple puts the Vision Pro guy in charge of Siri (https://www.theverge.com/news/633358/apple-replace-siri-leader-john-giannandrea) Something Is Rotten in the State of Cupertino (https://daringfireball.net/2025/03/something_is_rotten_in_the_state_of_cupertino?ref=sidebar) Access Management has taken over The Trump Administration Accidentally Texted Me Its War Plans (https://www.theatlantic.com/politics/archive/2025/03/trump-administration-accidentally-texted-me-its-war-plans/682151/) Hegseth Disclosed Secret War Plans in a Group Chat (https://www.nytimes.com/2025/03/24/us/politics/hegseth-classified-war-plans-group-chat.html) Remote Code Execution Vulnerabilities in Ingress NGINX (https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities) Nvidia Nvidia CEO stops by Denny's food truck to eat and serve Nvidia Breakfast Bytes (https://www.tomshardware.com/tech-industry/nvidia-ceo-stops-by-dennys-food-truck-to-eat-and-serve-nvidia-breakfast-bytes-before-gtc-2025) GTC AI Conference 2025 (https://www.nvidia.com/gtc/) Vibe Coding Not all AI-assisted programming is vibe coding (but vibe coding rocks) (https://simonwillison.net/2025/Mar/19/vibe-coding/) The Vibe Coding Handbook (https://itrevolution.com/product/vibe-coding-handbook/) Relevant to your Interests Tech worker found guilty of sabotaging company's systems (https://ia.acs.org.au/article/2025/tech-worker-found-guilty-of-sabotaging-company-s-systems.html?ref=newsletter&deliveryName=DM25608) SoftBank Group to Acquire Ampere Computing (https://group.softbank/en/news/press/20250320) Backstage is dominating the developer portal market (https://newsletter.getdx.com/p/backstage-and-the-developer-portal-market) Clouded Judgement 3.21.25 - M&A Roars Back (https://cloudedjudgement.substack.com/p/clouded-judgement-32125-m-and-a-roars?utm_source=post-email-title&publication_id=56878&post_id=159514016&utm_campaign=email-post-title&isFreemail=true&r=2l9&triedRedirect=true&utm_medium=email) ‘Forced Joy' Is a Miserable Corporate Trend (https://www.bloomberg.com/opinion/articles/2025-03-12/starbucks-tiffany-and-alphabet-make-forced-fun-part-of-the-job) Nonsense Office Space - Joanna - Your Flair (https://www.youtube.com/watch?v=_ChQK8j6so8) 'I made the world's worst keyboard': This YouTuber's homemade board has over 1,000 keys and types in words, not letters (https://www.pcgamer.com/hardware/gaming-keyboards/i-made-the-worlds-worst-keyboard-this-youtubers-homemade-board-has-over-1-000-keys-and-types-in-words-not-letters/) Mac - Lumon Terminal Pro (https://www.apple.com/mac/lumon-terminal-pro/) Conferences KubeCon EU (https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/), April 1-4, London. DevOps Days Atlanta (https://devopsdays.org/events/2025-atlanta/welcome/), April 29-30 Cloud Foundry Day US (https://events.linuxfoundation.org/cloud-foundry-day-north-america/), May 14th, Palo Alto, CA NDC Oslo (https://ndcoslo.com/), May 21-23, Coté speaking. SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: Perform quick actions on iPhone (https://support.apple.com/guide/iphone/perform-quick-actions-iphcc8f419db/ios) Matt: Audio Hijack Transcribe (https://rogueamoeba.com/support/manuals/audiohijack/?page=transcribe) Photo Credits Header (https://unsplash.com/photos/a-couple-of-skunks-that-are-standing-in-the-dirt-C22fvvBcCBY) Artwork (https://unsplash.com/photos/green-and-black-digital-device-yqLrqIsl294)

In this episode of Behind the Deal, Imprivata CEO Fran Rosch shares how the company is revolutionizing access to critical healthcare systems with its cutting-edge security solutions. As a leader in cybersecurity for hospitals and health systems, Imprivata specializes in Access Management for shared device ecosystems, as well as streamlining and securing access for professionals in critical environments (like Healthcare). Thoma Bravo Managing Partner Scott Crabill and Imprivata CEO Fran Rosch delve into the challenges in the cybersecurity space, future milestones Imprivata has its eyes on, and its mission to enhance protection for its customers worldwide — making access to critical information simple, secure, and seamless. For more information on Thoma Bravo's Behind the Deal, visit https://www.thomabravo.com/behindthedeal Learn more about Thoma Bravo: https://www.thomabravo.com/ Visit Imprivata's website: https://www.imprivata.com/  To learn more about listener data and our privacy practices visit: https://www.audacyinc.com/privacy-policy Learn more about your ad choices. Visit https://podcastchoices.com/adchoices

Arthur Bigeard shares his journey from a passion project to a thriving business, turning a side hustle into a full-time venture. He discusses the long-term mindset behind building scalable software, the lessons learned from working at Morgan Stanley, and the strategic decisions that helped shape g.v, a graph database client. Tune in for insights on entrepreneurship, tech evolution, and making the leap into the unknown!About our speaker: Arthur Bigeard is the founder at gdotv, a universal, plug-and-play graph database client to simplify & accelerate the day-to-day tasks of graph database users. He started this project following a 10 years long cyber security career, specialising in Identity & Access Management and cryptographic solutions.

In this episode of the Identity as a Center podcast, Jeff and Jim interview Andrew Cameron, Technical Fellow in Identity and Access Management at General Motors. The discussion covers the importance of speed and security in mission-critical automotive applications, the evolution and impact of identity standards, and the integration of modern identity solutions in vehicles. Andrew also shares insights on the challenges of customer identity management, the complexity of B2B environments, and the role of AI in the future of identity. The conversation touches on GM's move towards passkeys, the centralized management of customer profiles, and the rise of car accounts.Chapters00:00 Introduction to Mission-Critical Identity02:03 Welcome to the Identity as a Center Podcast02:20 The Value of IDPro Membership06:18 Upcoming Conferences and Discount Codes11:39 Introducing Andrew Cameron from General Motors12:26 Andrew Cameron's Journey in Identity17:22 The Evolution of Identity Standards19:09 Adopting Passwordless Authentication at GM23:10 Challenges and Benefits of Passwordless Adoption24:55 Role and Responsibilities of a Technical Fellow28:32 Customer Identity Management at GM30:00 Establishing a Scalable Authentication Platform31:09 Centralizing Profile Information32:05 Challenges and Benefits of Centralized Profiles33:18 Mentorship and Collaboration in Tech34:50 Complexities of B2B Identity Management38:56 Global Privacy and Language Challenges41:32 Enhancing Vehicle User Experience with Identity46:50 Speed and Security in Vehicle Identity Systems53:52 Future of AI in Automotive Industry57:28 Detroit Pride and Personal Insights01:02:20 Conclusion and Final ThoughtsConnect with Andrew: https://www.linkedin.com/in/kandrewcameron/Conference Discounts!Gartner IAM Summit - Code IDAC425 saves 425€: https://www.gartner.com/en/conferences/emea/identity-access-management-ukEuropean Identity and Cloud Conference 2025 - Use code idac25mko for 25% off: https://www.kuppingercole.com/events/eic2025?ref=partneridacIdentiverse 2025 - Use code IDV25-IDAC25 for 25% off: https://identiverse.com/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

Protect your organization from account takeover and hiring fraud as deepfake impersonation threats grow. With Microsoft Entra Verified ID, you can use Face Check to verify identities in real time against government-issued IDs like driver's licenses and passports. Use Face Check with integrated solutions for • new employee, guest or admin onboarding • step-up authentication to access sensitive information • securing common helpdesk-driven tasks, like user account recovery Setup is simple and has been designed so that both the enterprise and the person verifying their identity maintain control—without storing or passing biometric information like other face matching solutions. Join Ankur Patel, from the Microsoft Entra team, as he demonstrates how Face Check with Verified ID works and how to set it up. ► QUICK LINKS: 00:00 - Face Check with Microsoft Entra Verified ID 00:54 - AI-powered identity verification 01:44 - First time user experience 03:21 - How it works 04:55 - Use cases 05:34 - Set it up 06:16 - Update an app for Face Check 06:43 - Access packages 08:18 - Wrap up   ► Link References For more information, check out https://aka.ms/FaceCheckSetup Watch the complete playlist for Microsoft Entra Suite at https://aka.ms/EntraSuiteMechanics Access a list of identity verification providers at https://aka.ms/IDVpartners   ► Unfamiliar with Microsoft Mechanics?  As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast   ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics  • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Bridging your organizational silos can help drive digital modernization 

The Institute of Internal Auditors Presents: All Things Internal Audit Tech In this episode, Bill Truett talks with Nick Lasenko about the critical role of identity and access management in today's organizations. They discuss common risks, best practices, and the impact of AI on identity and access management. The conversation also covers frameworks, regulatory requirements, and real-world use cases. Host:  Bill Truett, CIA, CISA, senior manager, Standards & Professional Guidance, IT,  The IIA Guest: Nick Lasenko, CISA, CISSP, cybersecurity, privacy, and risk management practitioner Key Points Introduction [00:00-00:00:07] Overview of identity and access management [00:00:08-00:00:31] The financial impact of data breaches [00:00:32-00:01:26] Challenges in detecting and responding to security incidents [00:01:27-00:02:26] Common identity and access management risks for auditors [00:02:27-00:03:26] Weak governance and its implications [00:03:27-00:04:26] Siloed organizations and identity and access management complexities [00:04:27-00:05:26] Regulatory frameworks and standards [00:05:27-00:07:26] Identity and access management controls and data governance [00:07:27-00:09:26] Real-world use cases and security incidents [00:09:27-00:11:26] Horror stories and lessons learned in identity and access management [00:11:27-00:13:26] Best practices for managing user access reviews [00:13:27-00:16:26] Continuous authentication and its challenges [00:16:27-00:18:26] Privileged access management and audit considerations [00:18:27-00:21:26] The impact of AI and machine learning on identity and access management [00:21:27-00:23:26] Final thoughts on strengthening identity and access management controls [00:23:27-00:25:26] Closing remarks [00:25:27-00:31:43] The IIA Related Content Interested in this topic? Visit the links below for more resources: Intermediate IT Auditing Auditing IT Change Management GTAG: Auditing Identity and Access Management, 2nd Edition Fraud and Emerging Tech: Identity and Authentication with the Paycheck Protection Program Implementing The IIA's New Cybersecurity Topical Requirement Cybersecurity Topical Requirement Visit The IIA's website or YouTube channel for related topics and more. Resources Mentioned The IIA's 2025 Analytics, Automation and AI Virtual Conference The IIA's Updated AI Auditing Framework NIST Cybersecurity Framework (CSF) NIST AI Risk Management Framework IBM Cost of a Data Breach Report 2024 CISA and NSA Guidance on Identity and Access Management Follow All Things Internal Audit: Apple PodcastsSpotify LibsynDeezer

IT and security teams are under constant pressure to streamline operations while maintaining strong security and compliance. In this Brand Story episode, Chase Doelling, Principal Strategist at JumpCloud, shares insights from the company's latest SME IT Trends Report. The discussion highlights key trends, challenges, and opportunities that IT teams face, particularly in small and medium-sized businesses (SMBs).The Role of IT in Business OperationsDoelling emphasizes the increasing responsibility placed on IT teams. Historically seen as cost centers, IT and security functions are now recognized as critical to business success. More organizations are merging IT and security efforts, ensuring that security considerations are built into every decision rather than being addressed reactively.A major takeaway from the report is the shift toward decentralization in IT decision-making. Departments are increasingly adopting tools independently, leading to an explosion of software-as-a-service (SaaS) applications. While this autonomy can boost efficiency, it also creates risks. Shadow IT—where employees use unauthorized tools—has become a top concern, with 88% of organizations identifying it as a risk.AI, Security, and IT InvestmentThe report also reveals a growing divide in AI adoption. Organizations are either moving aggressively into AI initiatives or staying completely on the sidelines. Those embracing AI often integrate it into security and IT operations, balancing innovation with risk management.Budget trends indicate that IT spending is rising, with security tools accounting for a significant portion. The need for robust cybersecurity measures has pushed organizations to prioritize visibility, access management, and compliance. A notable shift is occurring in remote and hybrid work models. While remote work surged in previous years, only 9% of organizations now report being fully remote. This return to office environments introduces new IT challenges, particularly in managing networks and devices across hybrid workplaces.How JumpCloud Supports IT TeamsJumpCloud's platform simplifies IT and security operations by unifying identity and access management, device management, and security policies. One key challenge IT teams face is visibility—knowing who has access to what systems and ensuring compliance with security policies. JumpCloud's approach allows organizations to manage users and devices from a single platform, reducing complexity and improving security posture.An example of JumpCloud's impact is its ability to detect and manage SaaS usage. If an employee tries to use an unauthorized tool, JumpCloud can guide them toward an approved alternative, preventing security risks without stifling productivity. This balance between security and efficiency is essential, particularly for SMBs that lack dedicated security teams.Looking Ahead: IT and Security ConvergenceDoelling teases upcoming research that will explore the relationship between IT and security teams. With these functions blending more than ever, organizations need insights into how to align strategies, resources, and budgets effectively.For IT and security professionals navigating a landscape of increased threats, shifting work environments, and AI-driven innovation, the insights from JumpCloud's research provide a valuable benchmark. To gain a deeper understanding of these trends and their implications, listen to the full episode and explore the latest SME IT Trends Report.Note: This story contains promotional content. Learn more. Guest: Chase Doelling, Principal Strategist, JumpCloud [@JumpCloud], On LinkedIn | https://www.linkedin.com/in/chasedoelling/ResourcesLearn more about JumpCloud and their offering: https://itspm.ag/jumpcloud-pg7zTo download the SME IT Trends Report: https://itspm.ag/jumpcljqywCatch more stories from JumpCloud at https://www.itspmagazine.com/directory/jumpcloudAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

The Data Product Management In Action podcast, brought to you by  executive producer Scott Hirleman, is a platform for data product management practitioners to share insights and experiences. In Season 01, Episode 28, we are excited to introduce to you a new host, Alexa Westgate! Join us as we learn all about her data journey. She'll discuss how she got into DPM, some of her greatest moments and challenges. You'll be excited for her future episodes! About our host Alexa Westlake: Alexa is a Data Analytics Leader in the Identity and Access Management space with a proven track record scaling high-growth SaaS companies. As a Staff Data Analyst at Okta, she brings a wealth of expertise in enterprise data, business intelligence, and strategic decision-making from the various industries she's worked in including telecommunications, strategy execution, and cloud computing. With a passion for harnessing the power of data for actionable insights, Alexa plays a crucial role in driving Okta's security, growth, and scale, helping the organization leverage data to execute on their market opportunity. Connect with Alexa on LinkedIn. All views and opinions expressed are those of the individuals and do not necessarily reflect their employers or anyone else.  Join the conversation on LinkedIn.  Apply to be a guest or nominate someone that you know.  Do you love what you're listening to? Please rate and review the podcast, and share it with fellow practitioners you know. Your support helps us reach more listeners and continue providing valuable insights! 

Season 1 Episode 29: Navigating Trade-Offs and Balancing Priorities The Data Product Management In Action podcast, brought to you by executive producer Scott Hirleman, is a platform for data product management practitioners to share insights and experiences. In this episode of Data Product Management in Action, host Alexa Westlake talks with Anita Chen, diving into the complexities of managing data products. Anita, a product manager at PagerDuty, shares her approach to defining data products, prioritizing work, and balancing project work with interrupt-driven tasks. They discuss the critical roles of governance, security, and user enablement while emphasizing the importance of transparency and communication. The conversation also explores the transformative potential of generative AI in data product interactions and the build-vs-buy decision-making process. Gain insights into how data product management uniquely differs from traditional software product management and learn actionable strategies for success. Meet our Host Alexa Westlake: Alexa is a Data Analytics Leader in the Identity and Access Management space with a proven track record scaling high-growth SaaS companies. As a Staff Data Analyst at Okta, she brings a wealth of expertise in enterprise data, business intelligence, and strategic decision-making from the various industries she's worked in including telecommunications, strategy execution, and cloud computing. With a passion for harnessing the power of data for actionable insights, Alexa plays a crucial role in driving Okta's security, growth, and scale, helping the organization leverage data to execute on their market opportunity. Connect with Alexa on LinkedIn. Meet our guest Anita Chen:  Anita is a Data Product Manager at PagerDuty, a digital operations company helping teams resolve issues faster, eliminate alert fatigue, and build more reliable services! Her background is mainly in the People Analytics space which has now expanded to data at scale with our Enterprise Data Team. She currently helps build data products that enable our teams to deliver the best possible customer experience. Anita is most passionate about how data can impact someone's lived experience and endeavor to democratize data in everything she builds. Connect with Anita on LinkedIn. All views and opinions expressed are those of the individuals and do not necessarily reflect their employers or anyone else.  Join the conversation on LinkedIn.  Apply to be a guest or nominate someone that you know.  Do you love what you're listening to? Please rate and review the podcast, and share it with fellow practitioners you know. Your support helps us reach more listeners and continue providing valuable insights! 

In this episode, David Dominy and Cameron Boone (two appraisers with JLL) discuss property access issues, and how changes in either the quality or quantity of access can impact valuation in eminent domain proceedings.  Throughout, they distinguish control of access from circuity of travel issues, discuss a few of the key Texas legal principles and cases that define the scope of permitted access damages in condemnation cases, discuss the challenges of valuing a loss of access in the market, and provide examples from their experience.    Links: David Dominy at JLL: https://www.us.jll.com/en/people/david-dominy Cameron Boone at JLL: https://www.us.jll.com/en/people/cameron-boone  Episode 108: Mayor Steve Adler on the ED Podcast: https://podcasts.apple.com/us/podcast/special-joint-episode-with-the-infrastructure/id1437306753?i=1000599502892  State v. Schmidt (SCOTX, 1994): https://casetext.com/case/state-v-schmidt  Interstate Northborough v. State (SCOTX, 2001): https://casetext.com/case/interstate-northborough-v-state TXDOT Manual on Access Management: https://onlinemanuals.txdot.gov/TxDOTOnlineManuals/TxDOTManuals/acm/manual_notice.htm 

Welcome to the Identity at the Center podcast! In this episode, hosts Jeff and Jim dive deep into modern identity architecture with guest Ian Glazer. They discuss topics such as the importance of policy, data orchestration, and the evolving landscape of identity and access management (IAM). Ian shares his thoughts on the future of IAM, the integration of various data sources, the role of events in IAM, and the potential for real-time identity solutions. They also touch on upcoming conferences, the European Identity and Cloud Conference 2025, and the significance of engaging with the identity community. Tune in for a thought-provoking discussion on the advancements and future directions of digital identity! Chapters 00:00 Introduction and Podcast Overview 00:11 Upcoming Plans and Challenges 01:03 Guest Invitation and Podcast Dynamics 03:31 Conference Announcements and Discounts 06:05 Welcoming the Guest: Ian Glazer 06:46 Fido Feud and Conference Experiences 16:29 Identity Market Trends and Innovations 19:19 Modern Identity Architectures 33:51 Identity First Security: A New Approach 34:50 Unified Data Tiers: Breaking Down Silos 36:14 Modern IAM: Opportunities and Challenges 37:02 Ephemeral Access and Zero Standing Privilege 39:18 Understanding Identity Data 41:30 Workforce Identity Data Platforms 47:14 Orchestration and Execution in IAM 51:09 Real-Time Event-Based Identity Systems 54:45 Future Directions and Community Engagement 59:03 Teaching and Sharing Knowledge 01:05:33 Closing Thoughts and Recommendations Connect with Ian: https://www.linkedin.com/in/iglazer/ Notional architecture for modern IAM: Part 3 of 4 (blog): https://weaveidentity.com/blog/notional-architecture-for-modern-iam/ 2025: The year we free our IAM data: https://weaveidentity.com/blog/2025-the-year-we-free-our-iam-data/ Learn more about Weave Identity: https://weaveidentity.com/ Digital Identity Advancement Foundation: https://digitalidadvancement.org/ Avoid the Noid! - https://en.wikipedia.org/wiki/The_Noid Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com Keywords: IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Ian Glazer, Weave Identity, Identity and Access Management, IAM, Modern Identity Architectures, Modern IAM, Data Tier, Events, Orchestration, Zero Trust, ZTNA, Shared Signals Framework, EIC, Gartner, Black Hat, RSA, Identibeer, Data Lake, OIDs, IANS

Join Sean Rabbitt, Senior Consulting Engineer for Identity and Access Management, as he explores Apple's Platform Single Sign-On (PSSO) and how Microsoft Entra ID enhances identity security with Jamf Pro. Learn about PSSO's architecture, Conditional Access best practices, scalable configurations, and new features like authentication strengths. This session will also debunk common PSSO misconceptions and show how easy it is to deploy secure credentials with Jamf Pro.   ---------------------------------------------------   Sign up to get notified for future LaunchPad Meetups here: https://www.rocketman.tech/launchpad   ---------------------------------------------------   For more information about Rocketman Tech, or to schedule a meeting with one of our Jamf Experts, visit our website: https://www.rocketman.tech

In this episode of the Innovation and the Digital Enterprise, Shelli and Patrick chat about industry advancements and leadership with Deepak Kaimal, Chief Technology Officer at COMPLY. He was previously CTO at Exostar, and held that role when this episode was recorded.Exostar, founded in 2000 by industry leaders like Boeing, Raytheon, and Lockheed Martin, provides secure collaboration and risk management solutions to the defense and life sciences sectors. Deepak shares his journey from an engineering student in Mumbai to becoming the CTO of this pivotal player in secure technology.We discuss Exostar's mission, the balance between secure collaboration and innovation, and trends in identity and access management. Deepak emphasizes the importance of curiosity, dealing with change, and leading teams in ways that foster a culture that balances trust, security, and innovation.(00:25) Meet Deepak Kaimal(02:49) Deepak's Early Education and Career Journey(07:05) The Founding and Mission of Exostar(10:40) Balancing Security and Innovation at Exostar(16:11) Trends in Identity and Access Management(18:17) Leadership and Technological (22:35) The Excitement of New Tech Advancements(29:13 Final Thoughts and Advice for LeadersDeepak Kaimal is currently the Chief Technology Officer at COMPLY, a compliance solution provider for global financial services firms. Previously, at Exostar, he oversaw the design, development, operations and evolution of The Exostar Platform. Prior to Exostar, Deepak served as CTO at ArrowStream and VP of Engineering at Flexera. Earlier in his career, Deepak held roles at Cars.com, JPMorgan Chase, Rolls-Royce, Capgemini, and Intiqua International. He earned a degree in Engineering from the University of Mumbai.If you'd like to receive new episodes as they're published, please subscribe to Innovation and the Digital Enterprise in Apple Podcasts, Spotify, or wherever you get your podcasts. If you enjoyed this episode, please consider leaving a review in Apple Podcasts. It really helps others find the show.Podcast episode production by Dante32.

In this special episode of Identity at the Center, hosts Jim McDonald and Jeff Steadman kick off the inaugural FIDO Feud—a game show packed with fun and informative challenges about digital identity. Team Glitterati, led by Megan Shamas, and Team Identifriends, led by Jim, face off in a series of rounds centered around common passwords, identity trends, and future threats to IAM. Enjoy witty banter, audience interaction, and a spirited competition, all while diving deep into the world of Identity and Access Management. Special thanks to the FIDO Alliance and RSM US LLP for making this special event possible! 00:00 Introduction to Identity at the Center 00:20 Welcome to FIDO Feud 01:18 Meet the Team Captains 01:47 Team Names and Random Members 02:46 Game Rules and Setup 04:22 Round 1: Easy-to-Guess Passwords 07:37 Round 2: Tired Trends in IAM 11:44 IAM Metrics Showdown 12:22 Successful Logins and Password Resets 13:04 User Satisfaction and Breaches 13:44 Enrollment and Abandon Rate 14:33 Final IAM Metrics 15:45 Biggest Future Threats to IAM 17:29 Unexpected Answers and Final Round 21:16 Winners and Closing Remarks Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com

What motivated you to focus on Workforce Identity and Access Management with AKAIdentity, and what specific challenges are you aiming to address in this space? Can you share some key insights or lessons learned from your journey of starting,incubating, and investing in successful cybersecurity organizations? How did your experience at Forgepoint Capital shape your approach to identifying and growing the next generation of cybersecurity leaders? What inspired you to co-create the Security Tinkerers, and how do you see this organization evolving to further support current and future cybersecurity practitioners? As someone who has authored a book, invested in startups, and now leads AKA Identity, how do you manage to balance these diverse roles, and what drives your passion for problem-solving across different domains?

Authentication is a key requirement for any B2B software application, especially if software vendors are selling to enterprise clients who are likely to have strict authentication requirements for the vendors they use. However, building authentication for a B2B application is typically complex and resource-intensive due to the data models required, the provisioning and managing accounts, The post Identity and Access Management with Julianna Lamb appeared first on Software Engineering Daily.