Podcasts about access management iam

  • 86PODCASTS
  • 141EPISODES
  • 36mAVG DURATION
  • 1EPISODE EVERY OTHER WEEK
  • May 21, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about access management iam

Latest podcast episodes about access management iam

Identity At The Center
#350 - Sponsor Spotlight - SlashID

Identity At The Center

Play Episode Listen Later May 21, 2025 46:56


This episode is sponsored by SlashID. Visit https://www.slashid.com/idac to learn more.In this sponsored episode of the Identity at the Center Podcast, hosts Jeff and Jim interview Vincenzo Iozzo, CEO of SlashID, to discuss the current landscape and innovations they are making in Identity and Access Management (IAM). Vincenzo, who has a background in offensive security and experience at CrowdStrike, explains how SlashID uses Large Language Models (LLMs) to enhance visibility and posture beyond traditional Identity Governance and Administration (IGA) and Privileged Access Management (PAM) tools. Slash ID focuses on real-time detection and response to identity-based threats, addressing gaps that compliance-driven IGA systems miss. The episode also covers the advantages of SlashID's platform, including monitoring privileged identities, automating policy generation for least privilege, and integrating with existing security infrastructure. The conversation delves into the challenges of identity-related breaches and the importance of balancing compliance with robust security measures. Vincenzo also shares his experiences from the offensive security world, including hacking competitions and the evolving threat landscape.Timestamps00:00 Introduction to Real-Time Identity Security01:20 Welcome to the Identity at the Center Podcast02:18 Meet Vincenzo Iozzo, CEO of SlashID02:37 Vincenzo's Journey into Digital Identity04:26 The Genesis of SlashID08:16 Challenges in Identity Governance and Administration (IGA)14:41 The Prevalence of Identity-Related Breaches19:06 Detection and Response Strategies24:30 Lifecycle Issues Detection26:11 Remediation Strategies28:57 Integration with Existing Tools30:27 Customer Success Metrics34:10 Setting Up and Deploying SlashID35:48 Live Demo Walkthrough41:48 Challenges in Cybersecurity45:16 Final Thoughts and Contact InformationConnect with Vincenzo: https://www.linkedin.com/in/vincenzoiozzo/Learn more about SlashID: https://www.slashid.com/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.com and watch at https://www.youtube.com/@idacpodcast

Paul's Security Weekly
The Future of Access Management - Jeff Shiner - ESW #404

Paul's Security Weekly

Play Episode Listen Later Apr 28, 2025 120:22


As organizations embrace hybrid work, SaaS sprawl, and employee-owned devices, traditional Identity and Access Management (IAM) tools are failing to keep up. The rise of shadow IT, unmanaged applications, and evolving cyber threats have created an "Access-Trust Gap", a critical security challenge where IT lacks visibility and control over how employees access sensitive business data. In this episode of Security Weekly, Jeff Shiner, CEO of 1Password, joins us to discuss the future of access management and how organizations must move beyond traditional IAM and MDM solutions. He'll explore the need for Extended Access Management, a modern approach that ensures every identity is authentic, every device is healthy, and every application sign-in is secure, including the unmanaged ones. Tune in to learn how security teams can bridge the Access-Trust Gap while empowering employees with frictionless security. In this topic segment, we discuss the most interesting insights from the 2025 edition of Verizon's DBIR. You can grab your own copy of the report at https://verizon.com/dbir In this week's enterprise security news, Lots of funding announcements as we approach RSA New products The M-Trends also rudely dropped their report the same day as Verizon Supply chain threats Windows Recall is making another attempt MCP server challenges Non-human identities A startup post mortem Remember that Zoom outage a week or two ago? The cause is VERY interesting All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-404

Identity At The Center
#345 - IDAC Mailbag - April 2025 Edition

Identity At The Center

Play Episode Listen Later Apr 28, 2025 56:19


In this episode of the Identity at the Center podcast, hosts Jeff and Jim dive into the complexities and challenges of Identity and Access Management (IAM). They discuss the cumbersome user experience of Multi-Factor Authentication (MFA) setups, assess the value of IAM maturity programs, and highlight the changing landscape of authentication standards over time. Listener questions address topics such as the future of passwords, the importance of user experience, AI's impact on IAM, budget-conscious IAM strategies for smaller companies, and the dream guests for the show. The episode concludes with a lighter note on what superpowers an IAM superhero might have, emphasizing the role of clear communication in combating the confusion rampant in IAM.Timestamps00:00 The Hassles of Multi-Factor Authentication01:03 Welcome to the Identity at the Center Podcast01:18 The Value of IAM Maturity Assessments03:23 Evolving Standards in Authentication10:55 Upcoming Conferences and Events15:56 Listener Mailbag: IAM Questions Answered27:26 Replicating Manual Processes with Automation28:36 The Importance of User Experience in Automation29:51 Dynamic Access and Self-Service Models31:39 Strategic IAM Program Management33:03 AI's Impact on Identity Governance43:11 Building Strong IAM Programs on a Budget47:07 Dream Guests and IAM Superpowers54:22 Listener Questions and Wrap-UpConference Discounts!European Identity and Cloud Conference 2025 - Use code idac25mko for 25% off: https://www.kuppingercole.com/events/eic2025?ref=partneridacIdentiverse 2025 - Use code IDV25-IDAC25 for 25% off: https://identiverse.com/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

Enterprise Security Weekly (Audio)
The Future of Access Management - Jeff Shiner - ESW #404

Enterprise Security Weekly (Audio)

Play Episode Listen Later Apr 28, 2025 120:22


As organizations embrace hybrid work, SaaS sprawl, and employee-owned devices, traditional Identity and Access Management (IAM) tools are failing to keep up. The rise of shadow IT, unmanaged applications, and evolving cyber threats have created an "Access-Trust Gap", a critical security challenge where IT lacks visibility and control over how employees access sensitive business data. In this episode of Security Weekly, Jeff Shiner, CEO of 1Password, joins us to discuss the future of access management and how organizations must move beyond traditional IAM and MDM solutions. He'll explore the need for Extended Access Management, a modern approach that ensures every identity is authentic, every device is healthy, and every application sign-in is secure, including the unmanaged ones. Tune in to learn how security teams can bridge the Access-Trust Gap while empowering employees with frictionless security. In this topic segment, we discuss the most interesting insights from the 2025 edition of Verizon's DBIR. You can grab your own copy of the report at https://verizon.com/dbir In this week's enterprise security news, Lots of funding announcements as we approach RSA New products The M-Trends also rudely dropped their report the same day as Verizon Supply chain threats Windows Recall is making another attempt MCP server challenges Non-human identities A startup post mortem Remember that Zoom outage a week or two ago? The cause is VERY interesting All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-404

Enterprise Security Weekly (Video)
The Future of Access Management - Jeff Shiner - ESW #404

Enterprise Security Weekly (Video)

Play Episode Listen Later Apr 28, 2025 39:05


As organizations embrace hybrid work, SaaS sprawl, and employee-owned devices, traditional Identity and Access Management (IAM) tools are failing to keep up. The rise of shadow IT, unmanaged applications, and evolving cyber threats have created an "Access-Trust Gap", a critical security challenge where IT lacks visibility and control over how employees access sensitive business data. In this episode of Security Weekly, Jeff Shiner, CEO of 1Password, joins us to discuss the future of access management and how organizations must move beyond traditional IAM and MDM solutions. He'll explore the need for Extended Access Management, a modern approach that ensures every identity is authentic, every device is healthy, and every application sign-in is secure, including the unmanaged ones. Tune in to learn how security teams can bridge the Access-Trust Gap while empowering employees with frictionless security. Show Notes: https://securityweekly.com/esw-404

KuppingerCole Analysts
Analyst Chat #247: Identity in the Age of AI - Agentic AI, RAG & The Future of IAM

KuppingerCole Analysts

Play Episode Listen Later Mar 31, 2025 21:22


KuppingerCole Analysts Videos
Analyst Chat #247: Identity in the Age of AI - Agentic AI, RAG & The Future of IAM

KuppingerCole Analysts Videos

Play Episode Listen Later Mar 31, 2025 21:22


Proactive - Interviews for investors
BIO-key wins major contracts as company looks for global growth with cybersecurity technology

Proactive - Interviews for investors

Play Episode Listen Later Feb 19, 2025 5:02


Bio-Key International CEO Michael Depasquale joined Steve Darling from Proactive to announce a significant new contract with the State of Wyoming Department of Education (WDE) for the deployment of its PortalGuard IDaaS platform. This implementation will provide up to 20,000 staff members with enhanced security and seamless access to digital resources, leveraging Multi-Factor Authentication (MFA) and Single Sign-On (SSO) technology. This, following in the footsteps are contract with, Northeast Iowa Community College, Eastern University, and University of Guam. The WDE sought a comprehensive Identity and Access Management (IAM) solution to address key challenges, including managing multiple credentials per user and reducing IT support costs—particularly those associated with password resets. With the implementation of PortalGuard, the department aims to improve security posture while simplifying user authentication and access to critical applications. DePasquale highlighted that PortalGuard's SSO feature will allow staff to log in once and securely access multiple applications with a single set of credentials, significantly streamlining the user experience. Additionally, advanced MFA options will bolster cybersecurity by mitigating phishing risks and unauthorized access attempts. Beyond security enhancements, PortalGuard's customizable Account Dashboard will give users control over their authentication preferences, while its Application Launchpad will offer one-click access to WDE's digital resources, including cloud storage platforms like Google Drive and Microsoft OneDrive. This will enable seamless file access across devices, from desktops to smartphones. For IT teams, PortalGuard's Administrator Dashboard provides enhanced visibility, control, and reporting on user access patterns, allowing WDE to proactively manage security with greater ease and efficiency. With this strategic contract, BIO-key continues to strengthen its presence in the public sector, providing innovative and scalable IAM solutions to organizations seeking to enhance security, user experience, and operational efficiency. #proactiveinvestors #nasdaq #bkyi #Cybersecurity #Biometrics #IdentityManagement #BioKey #EnterpriseSecurity #MiddleEastTech #Fintech #BankingTech #DataProtection #MultiFactorAuthentication #AI #TechGrowth #DigitalSecurity

Tech Hive: The Tech Leaders Podcast
#110, CEO @ Ping Identity, Andre Durand: “Happiness Equals Reality, Minus Expectations”

Tech Hive: The Tech Leaders Podcast

Play Episode Listen Later Feb 3, 2025 47:11


Join us this week on The Tech Leaders Podcast, where Gareth Davies sits down with Andre Durand, Founder and CEO of Ping Identity, to discuss how early-stage entrepreneurs form a blood pact with their colleagues, what it's like to found a company in an industry that doesn't exist, the million dollar deep-fake risk, and why life is like a hockey stick… Time stamps:Lessons from Andre's First Two Exits (8:18) The True Goal of an Entrepreneur (10:00) Balancing Work and Life in a Startup (11:42) Day One at Ping: The Journey Begins (15:58) The Evolution of Identity & Access Management (IAM) (23:29) The Future Without Passwords? (27:11) The Rise of New Biometrics (28:51) Fundraising Tips for Entrepreneurs (32:25) How AI & Deepfakes Challenge IAM Security (35:19) AI, Fear & Excitement: “Intelligence Defines the Hierarchy” (38:26) Advice to 21-Year-Old Andre (40:49) Book recommendation: “Good & Great by Choice”: Jim Collins https://www.bedigitaluk.com/

Identity At The Center
#328 - Continuous Identity with Sean O'Dentity

Identity At The Center

Play Episode Listen Later Jan 27, 2025 61:14


Jeff and guest co-host Sean O'Dell, an identity expert from Disney, discuss the importance of knowing and cleaning data to optimize identity and access management. They delve into topics like Shared Signals Framework (SSF) and Continuous Access Evaluation Profile (CAEP), and how these standards are paving the way for event-driven IAM. They also touch on the complexities of verifying identities, role management, and session management in a zero-trust environment. The episode includes insights into the future of identity practices, emphasizing the shift from runtime to event-driven models and the critical role of accurate data. Chapters 00:00 Introduction: The Importance of Data Integrity 02:16 Welcome to the Identity at the Center Podcast 03:12 Catching Up with Sean O'Dell 09:23 The Role of Identity in Business 12:36 Understanding Shared Signals Framework (SSF) and CAEP 20:49 The Future of Identity and Access Management (IAM) 32:36 Continuous Management and Identity Verification 33:33 Contextual Signals and Security Regulations 34:44 Data Hygiene and Business Process Challenges 37:52 Centralizing Data for Better Identity Management 44:08 Session Management and Access Control 50:04 Zero Trust and Ephemeral Access 55:51 Defining Continuous Identity 56:50 Fun and Lighter Notes Connect with Sean: https://www.linkedin.com/in/seanodentity/ European Identity and Cloud Conference 2025 - Use code idac25mko for 25% off: https://www.kuppingercole.com/events/eic2025?ref=partneridac Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com

InfosecTrain
Identity and Access Management (IAM) in Cloud Security

InfosecTrain

Play Episode Listen Later Dec 20, 2024 4:44


As more businesses embrace cloud computing, concerns surrounding data security and unauthorized access have escalated. While cloud technology provides manifold benefits, such as accessibility, scalability, cost-efficiency, and environmental sustainability, it also presents new cybersecurity challenges. Among these challenges, safeguarding sensitive information from unauthorized access and maintaining the integrity of user identities has become crucial. This is where IAM, or Identity and Access Management, steps up as a crucial cornerstone of cloud security. Crucial Role of IAM in Cloud Security IAM is a crucial security framework that manages and controls user identities and access to systems, applications, and data in the cloud environment. Its primary objective is to allow authorized individuals to access the necessary resources while preventing unauthorized access or data leaks. IAM solutions encompass various processes, technologies, and policies that address the multifaceted aspects of cloud security. View More: Identity and Access Management (IAM) in Cloud Security

KuppingerCole Analysts
Identity for AI Agents

KuppingerCole Analysts

Play Episode Listen Later Dec 18, 2024 6:13


This blog addresses the integration of Identity and Access Management (IAM) with Artificial Intelligence ('AIdentity'). It calls for a shift to dynamic identity management for AI agents to mitigate security risks, highlighting KuppingerCole's Identity Fabric as a solution. Read the original blog post here: https://www.kuppingercole.com/blog/bailey/identity-for-ai-agents

InfosecTrain
The Future of Cloud Security: Key Challenges to Watch in 2024

InfosecTrain

Play Episode Listen Later Dec 14, 2024 16:18


We will explore the top security challenges in the cloud, including misconfigurations, inadequate change control, and the risks of insecure third-party resources. We'll also discuss crucial topics like Identity and Access Management (IAM), cloud security strategies, software vulnerabilities, and accidental data disclosures. Learn how to protect your cloud environment from these common yet critical security threats.

InfosecTrain
IAM Explained: Simplify User Access & Protect Your Data

InfosecTrain

Play Episode Listen Later Dec 14, 2024 13:34


In this Episode we will explore the essentials of Identity and Access Management (IAM) and its role in securing your systems. Learn how to streamline management with a single identity provider, protect super admin accounts, plan service account usage, and adapt IAM for the cloud.

Resilient Cyber
Resilient Cyber w/ Filip Stojkovski & Dylan Williams - Agentic AI & SecOps

Resilient Cyber

Play Episode Listen Later Dec 11, 2024 22:45


In this episode, we will be sitting down with Filip Stojkovski and Dylan Williams to dive into AI, Agentic AI, and the intersection with cybersecurity, specifically Security Operations (SecOps).I've been following Filip and Dylan for a bit via LinkedIn and really impressed with their perspective on AI and its intersection with Cyber, especially SecOps. We dove into that in this episode including:What exactly Agentic AI and AI Agents are, and how they workWhat a Blueprint for AI Agents in Cybersecurity may look like, using their example in their blog with the same titleThe role of multi-agentic architectures, potential patterns, and examples such as Triage Agents, Threat Hunting Agents, and Response Agents and how they may work in unisonThe potential threats to AI Agents and Agentic AI architectures, including longstanding challenges such as Identity and Access Management (IAM), Least-Permissive Access Control, Exploitation, and Lateral MovementThe current state of adoption across enterprises and the startup landscape and key considerations for CISO's and security leaders looking to potentially leverage Agentic SecOps products and offerings

KuppingerCole Analysts
Shaping the Future of Digital Identity: The KuppingerCole Identity Fabric 2025

KuppingerCole Analysts

Play Episode Listen Later Dec 9, 2024 7:47


Discover the vital role of Identity and Access Management (IAM) in securing enterprises, especially as we navigate the growing demands of digital transformation and compliance. The blog introduces the KuppingerCole Identity Fabric, a robust framework aimed at bridging the gaps in current IAM strategies across companies. With an update expected in 2025, this Identity Fabric will include advanced conceptual designs and an IAM Reference Architecture. Read the original blog post here: https://www.kuppingercole.com/blog/reinwarth/the-kuppingercole-identity-fabric-2025

KuppingerCole Analysts
Analyst Chat #240: From SolarWinds to Zero Trust - Rethinking Supply Chain Security

KuppingerCole Analysts

Play Episode Listen Later Dec 2, 2024 28:04


Matthias Reinwarth and Dr. Phillip Messerschmidt delve into the complexities of Cyber Supply Chain Risk Management (C-SCRM). They discuss the importance of understanding and mitigating risks that arise from external suppliers and the interconnected nature of modern supply chains. The conversation highlights the critical role of Identity and Access Management (IAM) in managing these risks, particularly in the context of federated identities and the challenges that arise from relying on third-party controls. The speakers emphasize the need for organizations to actively assess and manage risks, implement robust onboarding processes, and continuously improve their cybersecurity practices to protect against potential threats.

KuppingerCole Analysts Videos
Analyst Chat #240: From SolarWinds to Zero Trust - Rethinking Supply Chain Security

KuppingerCole Analysts Videos

Play Episode Listen Later Dec 2, 2024 28:04


Matthias Reinwarth and Dr. Phillip Messerschmidt delve into the complexities of Cyber Supply Chain Risk Management (C-SCRM). They discuss the importance of understanding and mitigating risks that arise from external suppliers and the interconnected nature of modern supply chains. The conversation highlights the critical role of Identity and Access Management (IAM) in managing these risks, particularly in the context of federated identities and the challenges that arise from relying on third-party controls. The speakers emphasize the need for organizations to actively assess and manage risks, implement robust onboarding processes, and continuously improve their cybersecurity practices to protect against potential threats.

Leaders, Innovators and Big Ideas - the podcast
Securing Calls: How Caller Verify is Transforming Identity Verification

Leaders, Innovators and Big Ideas - the podcast

Play Episode Listen Later Nov 5, 2024 16:31


In this episode hosted by Peter Beaudoin, Tracy Nyholt discusses Techjitsu's flagship product, Caller Verify, which aims to address the growing problem of hackers impersonating callers to help desks by exploiting knowledge of customer security questions. Tracy explains how this solution emerged from a customer need, and how Techjitsu is targeting large organizations in industries like finance, healthcare, and insurance that have valuable data to protect. Thank you for listening to the Leaders, Innovators and Big Ideas podcast, supported by Rainforest Alberta. The podcast that highlights those people who are contributing to and/or supporting the innovation ecosystem in Alberta. Host: Peter Beaudoin Peter manages strategy and partnerships for an innovative alliance of energy companies committed to reducing environmental impacts through collaborative R&D efforts. Peter worked for more than 20 years in Asia building and investing in a variety of businesses. His most recent role outside of Canada was with the World Wildlife Fund, where he was the Chief Executive Officer of WWF China, based in Beijing. Prior to that, Peter lived in Hong Kong for 15 years working in the technology industry. Guest: Tracey Nyholt is the Founder & CEO of TechJutsu Inc., a technology startup specializing in Identity & Access Management (IAM) solutions. With 20 years of cyber security expertise, she leads a team that has achieved partner status with Okta & received Okta's Innovation Award for developing patent-pending Caller Verify. Tracey attributes TechJutsu's success to the incorporation of principles like simplicity & continuous improvement, which she refined while training as a Black Belt in martial arts. Tracey champions the advancement of women by sitting on the Board of Women in Communication and Technology, and mentoring individuals looking to further their career in the IAM field. She is a regular speaker at industry forums, webinars, and conferences such as the Directors' Forum Co-operative and Oktane 2023. She has been featured in CBC's Calgary's Eye Opener Innovator Series, The Top 100 Women Owned Cybersecurity Magazine, University of Calgary's Alumni News, and Women in Identity's Three Questions with Tracey Nyholt, TechJutsu Founder and CEO. In 2023, Tracey was nominated and honored as one of Canada's Top Women in Cybersecurity (presented by IT World Canada). Please be sure to share this episode with everyone you know. If you are interested in being either a host, a guest, or a sponsor of the show, please reach out. We are published in Google Podcasts and the iTunes store for Apple Podcasts We would be grateful if you could give us a rating as it helps spread the word about the show. Show Links: TechJutsu Alberta Catalyzer House 831  Show Quotes: "Hackers are increasingly targeting the weakest link - the customer service desk" Credits... This Episode Sponsored By: New Idea Machine Episode Music: Tony Del Degan Creator & Producer: Al Del Degan  

InfosecTrain
How to Build a Successful Career in IAM with SailPoint IdentityIQ

InfosecTrain

Play Episode Listen Later Oct 4, 2024 63:29


Looking to break into the fast-growing field of Identity and Access Management (IAM)? SailPoint IdentityIQ is a game-changer in the industry, offering top-tier solutions for managing identities and access. In this Episode, we'll guide you through the steps to build a rewarding career in IAM, with a focus on mastering SailPoint IdentityIQ.

Identity At The Center
#307 - Creating an IAM Program

Identity At The Center

Play Episode Listen Later Sep 23, 2024 81:19


In this comprehensive episode of the Identity at the Center podcast, hosts Jeff and Jim explore the foundations and sustainability of effective Identity and Access Management (IAM) programs. They delve into the essential elements of setting up an IAM program, including the importance of executive buy-in, phased implementation strategies, the significance of governance, and adapting to evolving business needs. The discussion also emphasizes the need for continuous enhancements and future-proofing IAM systems by budgeting for updates and choosing dependable managed service partners. Practical advice is offered throughout, ensuring listeners have the tools to start and maintain a successful IAM program. The episode wraps up with a recap of ten crucial steps for IAM implementation and lighter conversations about recent personal trips. 00:00 Introduction and Podcast Setup 01:30 Technical Difficulties and Recording Challenges 04:23 Conferences and Upcoming Events 05:55 Starting an IAM Program 10:34 Assessing Current IAM Capabilities 22:37 Building a Cross-Functional IAM Team 30:56 Choosing the Right IAM Technology 43:02 Starting with Phase One 43:44 Planning for Compliance and Cyber Insurance 46:25 User Experience in IAM Implementation 49:18 Workforce vs. Customer Identity Management 57:46 Governance, Policies, and Metrics 01:09:31 Maintaining and Evolving IAM Programs 01:16:03 Final Thoughts and Recap Authenticate Conference - Use code IDAC15 for 15% off: https://authenticatecon.com/event/authenticate-2024-conference/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com and watch at https://www.youtube.com/@idacpodcast

Risk, Governance, and Cyber Compliance
IAM - The Keys to Your Cybersecurity Kingdom

Risk, Governance, and Cyber Compliance

Play Episode Listen Later Sep 23, 2024 4:57


Send us a textThe critical role of Identity and Access Management (IAM) in today's complex digital landscape. IAM is essential for controlling access to valuable assets, both in the cloud and traditional datacenters. The cloud's dynamic nature requires a robust IAM strategy incorporating centralized identity management, dynamic authorization, and strong authentication, including multi-factor authentication (MFA). For datacenters, best practices include privileged access management (PAM), network segmentation, and regular audits.This podcast highlights IAM's integral role within the Cyber Defense Matrix, supporting functions like Identify, Protect, Detect, Respond, and Recover. It also underscores the financial benefits of a strong IAM strategy, mitigating the risk of costly data breaches and streamlining operations through automation. The author concludes by positioning IAM not just as a best practice but as a strategic imperative for CISOs, enabling innovation while safeguarding digital assets.Advisory Services: https://www.execcybered.com/advisory-services>>Schedule Call

CISO Tradecraft
#194 - The IAM Masterclass

CISO Tradecraft

Play Episode Listen Later Aug 19, 2024 38:43 Transcription Available


In this episode of CISO Tradecraft, host G Mark Hardy delves into the intricate world of Identity and Access Management (IAM). Learn the essentials and best practices of IAM, including user registration, identity proofing, directory services, identity federation, credential issuance, and much more. Stay informed about the latest trends like proximity-based MFA and behavioral biometrics. Understand the importance of effective IAM implementation for safeguarding sensitive data, compliance, and operational efficiency. Plus, hear real-world examples and practical advice on improving your IAM strategy for a secure digital landscape. Transcripts: https://docs.google.com/document/d/15zUupqhCQz9llwy21GW5cam8qXgK80JB Chapters 00:00 Introduction to CISO Tradecraft 01:24 Understanding Identity and Access Management (IAM) 01:54 Gartner's Magic Quadrant and IAM Vendors 03:29 The Importance of IAM in Enterprises 04:28 User Registration and Verification 06:48 Password Policies and Best Practices 09:53 Identity Proofing Techniques 14:53 Directory Services and Role Management 18:27 Identity Federation and Credential Issuance 22:22 Profile and Role Management 26:17 Identity Lifecycle Management 29:23 Access Management Essentials 35:05 Review and Conclusion

Identity At The Center
#298 - Avoiding Common Pitfalls in IAM RFPs

Identity At The Center

Play Episode Listen Later Aug 12, 2024 41:27


In this episode of the Identity at the Center podcast, hosts Jeff and Jim delve into the complexities of creating effective RFPs (Request for Proposals) for Identity and Access Management (IAM) systems. They provide critical advice for both the customer and vendor sides, stressing the importance of defining clear objectives, understanding technical and business requirements, and avoiding an overwhelming level of detail that can detract from the RFP's usefulness. The hosts also advocate for combining software and services in a single RFP and highlight the value of open-ended questions to gather meaningful responses. Drawing from their experiences, Jeff and Jim discuss the pros and cons of RFPs, the importance of experience from both vendors and implementation partners, and offer strategies for managing the RFP process effectively. Thanks to listener Alfred in Canada for the great question! 00:00 Introduction and Casual Banter 02:09 Travel Adventures and Motorcycle Rally 05:07 Podcast Challenges and Listener Shoutouts 06:34 Upcoming Conferences and Events 09:57 Listener Question: Tips for a Smooth IAM RFP 22:00 Importance of Subject Knowledge22:15 The Positive Side of RFPs 24:06 Challenges with RFPs 25:39 Combining Software and Services in RFPs 26:58 Evaluating Implementation Partners 28:26 Experience Matters in RFP Responses 31:06 Tips for Effective RFPs 34:10 Personal Anecdote: A Scare and a Surprise Party 38:58 Upcoming Busy Schedule 40:05 Wrapping Up and Final Thoughts Attending Identity Week in Europe, America, or Asia? Use our discount code IDAC30 for 30% off your registration fee! Learn more at: America: https://www.terrapinn.com/exhibition/identity-week-america Asia: https://www.terrapinn.com/exhibition/identity-week-asia/ Authenticate Conference - Use code IDAC15 for 15% off: https://authenticatecon.com/event/authenticate-2024-conference/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com and watch at https://www.youtube.com/@idacpodcast

KuppingerCole Analysts
Analyst Chat #224: Identity Security - the Epicenter of Cybersecurity

KuppingerCole Analysts

Play Episode Listen Later Aug 12, 2024 15:46


In this episode of the KuppingerCole Analyst Chat, host Matthias Reinwarth is joined by Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, to discuss the evolving landscape of identity security. They explore the centrality of Identity and Access Management (IAM) in IT security, the rise of Identity Threat Detection and Response (ITDR), and the latest trends in fraud prevention. The conversation delves into the use of generative AI in cyber-attacks, the importance of gamification in cybersecurity, and the anticipated advancements in ITDR solutions. Join us to gain insights into these critical areas shaping the future of cybersecurity.

Identity At The Center
#297 - Navigating the Future of Digital Identities with Chris Power

Identity At The Center

Play Episode Listen Later Aug 5, 2024 63:22


In this episode, Jeff and Jim discuss various Identity and Access Management (IAM) topics with their guest, Chris Power, Senior Manager of IAM at Sallie Mae. They tackle the evolution and challenges of non-human identities, the potential sunsetting of Role-Based Access Control (RBAC) in favor of policy-based methods, and the organizational design of IAM teams and the importance of governance and cybersecurity measures. The episode rounds off with a light discussion about Marvel movie news, focusing on Robert Downey Jr.'s return to the Marvel universe as Dr. Doom. 00:00 Introduction and Casual Banter 2:07 Exploring Digital Identity Trends 5:01 Conference Highlights and Discount Codes 8:35 Introducing the Guest: Chris Power 12:11 Deep Dive into Non-Human Identities 29:20 The Future of RBAC in IAM 30:42 Challenges in HR Systems and RBAC 32:21 The Complexity of Implementing RBAC 33:23 Exploring Alternatives to RBAC 34:13 The Role of Attributes in Access Control 37:35 Policy-Based Access Control (PBAC) 42:59 Organizational Design in IAM 52:34 Future of IAM with AI and Big Data 55:55 Marvel Universe Discussion 63:42 Conclusion and Final Thoughts Connect with Chris: https://www.linkedin.com/in/jameschristopherpower/ Chris' LinkedIn Post: https://www.linkedin.com/pulse/trying-something-new-chris-power-ysmdc/ Attending Identity Week in America, or Asia? Use our discount code IDAC30 for 30% off your registration fee! Learn more at: America: https://www.terrapinn.com/exhibition/identity-week-america Asia: https://www.terrapinn.com/exhibition/identity-week-asia/ Authenticate Conference - Use code IDAC15 for 15% off: https://authenticatecon.com/event/authenticate-2024-conference/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com and watch at https://www.youtube.com/@idacpodcast

CISO Tradecraft
#188 - Securing Small Businesses

CISO Tradecraft

Play Episode Listen Later Jul 8, 2024 25:26 Transcription Available


Securing Small Businesses: Essential Cybersecurity Tools and Strategies In this episode of CISO Tradecraft, host G Mark Hardy discusses cybersecurity challenges specific to small businesses. He provides insights into key tools and strategies needed for effective cybersecurity management in small enterprises, including endpoint management, patch management, EDR tools, secure web gateways, IAM solutions, email security gateways, MDR services, and password managers. Hardy also evaluates these tools against the CIS Critical Security Controls to highlight their significance in safeguarding small business operations. Transcripts: https://docs.google.com/document/d/1Hon3h950myI7A3jzGmj7YIwRXow5W1V5 Chapters 00:00 Introduction to CISO Tradecraft 00:40 Challenges of Cybersecurity in Small Businesses 01:15 Defining Small Business and Security Baselines 01:53 Top Cybersecurity Tools for Small Businesses 02:05 Hardware and Software Essentials 04:35 Patch Management Solutions 05:19 Endpoint Detection and Response (EDR) Tools 06:06 Secure Web Gateways and Website Security 11:21 Identity and Access Management (IAM) 12:57 Email Security Gateways 14:15 Managed Detection and Response (MDR) Solutions 14:54 Recap of Essential Cybersecurity Tools 15:41 Bonus Tool: Password Managers 18:33 Aligning with CIS Controls 24:48 Conclusion and Call to Action

The CyberWire
A swift fix for a serious router bug.

The CyberWire

Play Episode Listen Later Jul 1, 2024 27:46


Juniper issues an emergency patch for its routers. A compromised helpdesk portal sends out phishing emails. Prudential updates the victim count in their February data breach. Rapid7 finds trojanized software installers in apps from a popular developer in India. Australian authorities arrest a man for running a fake mile-high WiFi network. Florida Man's Violent Bid for Bitcoin Ends Behind Bars. N2K's CSO Rick Howard for a preview of his latest CSO Perspectives podcast episode on The Current State of Identity and Access Management (IAM). A scholarship scammer gets a one-way ticket home. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CSO Perspectives preview N2K's CSO Rick Howard for a preview of his latest CSO Perspectives podcast episode on The Current State of Identity and Access Management (IAM): A Rick-the-Toolman episode. N2K CyberWire Pro members can find the full episode here. Rick's accompanying essay can be found here. If you are not yet an N2K CyberWire Pro member, you can get a preview of the episode here.  Selected Reading Juniper Networks Warns of Critical Authentication Bypass Vulnerability (SecurityWeek) Router maker's support portal hacked, replies with MetaMask phishing (Bleeping Computer) Prudential Financial Data Breach Impacts 2.5 Million (SecurityWeek) Supply Chain Compromise Leads to Trojanized Installers for Notezilla, RecentX, Copywhiz (Rapid7 Blog) Police allege ‘evil twin' in-flight Wi-Fi used to steal info (The Register) Inside a violent gang's ruthless crypto-stealing home invasion spree (ARS Technica) Cyber insurance costs finally stabilising, says Howden (Tech Monitor) AI Transcript, Fake School Website: Student's US Scholarship Scam Exposed on Reddit (Hackread) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The CyberWire
The current state of IAM: A Rick-the-toolman episode.

The CyberWire

Play Episode Listen Later Jul 1, 2024 16:26


Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K CyberWire, discusses the current state of Identity and Access Management (IAM) with CyberWire Hash Table guests Ted Wagner, SAP National Security Services, and Cassio Sampaio Chief Product Officer for Customer Identity, at Okta. References: John Kindervag, 2010. No More Chewy Centers: Introducing The Zero Trust Model Of Information Security [White Paper]. Palo Alto Networks. Kim Key, 2024. Passkeys: What They Are and Why You Need Them ASAP [Explainer]. PCMag. Lance Whitney, 2023. No More Passwords: How to Set Up Apple's Passkeys for Easy Sign-ins [Explainer]. PCMag. Rick Howard, 2022. Two-factor authentication: A Rick the Toolman episode [Podcast]. CSO Perspectives Podcast - The CyberWire. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. Rick Howard, 2023. Cybersecurity First Principles Appendix [Book Page]. N2K CyberWire. Rick Howard, 2023. passkey (noun) [Podcast]. Word Notes Podcast - The CyberWire. Staff, 2023. 2023 Gartner® Magic QuadrantTM for Access Management [Report]. Okta. Learn more about your ad choices. Visit megaphone.fm/adchoices

Technology for Business
Pioneering IAM Solutions

Technology for Business

Play Episode Listen Later Jun 26, 2024 30:30


Dive into the intricate world of Identity and Access Management (IAM) with leading cybersecurity figures, Nate & Mariah, and uncover the transformative power of IAM solutions in shaping modern IT landscapes. In this thought-provoking podcast, discover the pillars of authentication services, best practices for implementation, and the integration of AI and automation, all while gaining invaluable insights into the crucial role of IAM in remote work environments. Join our experts as they break down the complexities, dispel misconceptions, and pave the way for a secure and interconnected digital future.Learn more: IAM Unlocked: Elevating Business SecurityUnderstanding Identity and Access Management (IAM)

Tyler Tech Podcast
Secure Tech Strategies and the Effectiveness of Identity Providers

Tyler Tech Podcast

Play Episode Listen Later May 28, 2024 20:37


On this episode of The Tyler Tech Podcast, Gina Erickson, Senior Software Development Manager, ERP Pro, at Tyler Technologies, explores the crucial role of modern solutions such as identity providers in safeguarding technology infrastructure, especially in smaller municipalities like Des Moines County, Iowa, where she spent time as an IT Director. Gina shares insights into the challenges and best practices of tech modernization from her extensive experience.We also detail our latest white paper about the five main risks of legacy systems. You can download that here: Is Your Legacy Digital Infrastructure Putting You at Risk?Learn more about the topics discussed in this episode with these resources:Identity Workforce Streamlines Sign-in ManagementWhy Do You Need Identity and Access Management (IAM)?Issue Paper: The Case for Centralized Digital IdentitiesBlog: 6 Key Dimensions to Enhance the Digital Resident ExperienceBlog: Future-Proofing Government Through Technology ModernizationAnd you can listen to other episodes of the podcast at this link: www.tylertech.com/resources/podcastLet us know what you think about the Tyler Tech Podcast in this survey!

The CyberWire
Privacy nightmare or useful tool?

The CyberWire

Play Episode Listen Later May 22, 2024 31:48


Some say Microsoft's Recall should be. A breach of a Texas healthcare provided affects over four hundred thousand. Police in the Philippines shut down services following a breach. Ivanti patches multiple products. GitHub fixes a critical authentication bypass vulnerability. Researchers discover critical vulnerabilities in Honeywell's ControlEdge Unit Operations Controller. The DoD releases their Cybersecurity Reciprocity Playbook. Hackers leak a database with millions of Americans' criminal records. Mastercard speeds fraud detection with AI. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey, diving into Domain 5: Identity and Access Management. Remembering a computing visionary.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Learning Layer On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K's comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Joe and Sam dive into Domain 5: Identity and Access Management (IAM) and tackle a question together about biometric configuration. Try the question yourself before listening to the discussion! You are configuring a biometric hand scanner to secure your data center. Which of the following practices is BEST to follow? Decrease the reader sensitivity Increase the FAR Decrease the FRR Increase the reader sensitivity Selected Reading UK watchdog looking into Microsoft AI taking screenshots (BBC) How the new Microsoft Recall feature fundamentally undermines Windows security (DoublePulsar) CentroMed Confirms Data Breach Affecting an Estimated 400k | Console and Associates, P.C. (JDSupra) PNP suspends online services amid data breach probe (Philippine News Agency) Ivanti Patches Critical Code Execution Vulnerabilities in Endpoint Manager (SecurityWeek) Critical SAML Auth Bypass Vulnerability Found in GitHub Enterprise Server (Heimdal Security) Critical Vulnerability in Honeywell Virtual Controller Allows Remote Code Execution (SecurityWeek) DoD CIO debuts cybersecurity reciprocity playbook to streamline system authorizations, boost cybersecurity efficiency (Industrial Cyber) Criminal record database of millions of Americans dumped online (Malwarebytes) Mastercard Doubles Speed of Fraud Detection with Generative AI (Infosecurity Magazine) Gordon Bell, Legendary Designer of Computers, Dies at 89 (Gizmodo)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

KuppingerCole Analysts
Analyst Chat #215: From Access Management to ITDR: Market Trends Explored

KuppingerCole Analysts

Play Episode Listen Later May 21, 2024 25:25


In this episode of KuppingerCole Analyst Chat, host Matthias Reinwarth speaks with Marina Iantorno, a Research Analyst at KuppingerCole Analysts, about the latest market trends in Identity and Access Management (IAM) and cybersecurity for 2024. They discuss the significant growth rates in Access Management and ITDR, driven by the increasing complexity and sophistication of cyber threats. Marina highlights the evolution of Access Management solutions to support remote workforces and the rising importance of ITDR in proactive threat detection and response. The conversation also covers the steady growth of the email security market in response to phishing and ransomware threats, as well as key strategies businesses are adopting to stay competitive in the IAM space. Finally, they explore the impact of regulatory compliance on IAM solutions and predict future trends in identity-centric security.

Secure Ventures with Kyle McNulty
Evo Security: Mike Roth on why Target MSP Customers

Secure Ventures with Kyle McNulty

Play Episode Listen Later Apr 9, 2024 38:23


Mike is the CEO and founder of Evo Security, which is building an Identity and Access Management (IAM) solution specifically designed for Managed Service Providers (MSPs). He started the company back in 2018 after leaving behind a private equity fund focused on oil and gas. In the episode, we discuss his transition into cyber from the energy world and what makes Evo uniquely positioned to serve the needs of MSPs given the variety of IAM solutions available on the market today. Evo Security Website: https://www.evosecurity.com/ Sponsor: https://vulncheck.com/

The Shifting Privacy Left Podcast
S3E5: 'Nonconformist Innovation in Modern Digital Identity' with Steve Tout (Integrated Solutions Group)

The Shifting Privacy Left Podcast

Play Episode Listen Later Feb 27, 2024 54:55 Transcription Available


In this week's episode, I am joined by Steve Tout, Practice Lead at Integrated Solutions Group (ISG) and Host of The Nonconformist Innovation Podcast to discuss the intersection of privacy and identity. Steve has 18+ years of experience in global Identity & Access Management (IAM) and is currently completing his MBA from Santa Clara University. Throughout our conversation, Steve shares his journey as a reformed technologist and advocate for 'Nonconformist Innovation' & 'Tipping Point Leadership.'Steve's approach to identity involves breaking it down into 4 components: 1) philosophy, 2) politics, 3) economics & 4)technology, highlighting their interconnectedness. We also discuss his work with Washington State and its efforts to modernize Consumer Identity Access Management (IAM). We address concerns around AI, biometrics & mobile driver's licenses. Plus, Steve offers his perspective on tipping point leadership and the challenges organizations face in achieving privacy change at scale.Topics Covered: Steve's origin story; his accidental entry into identity & access management (IAM)Steve's perspective as a 'Nonconformist Innovator' and why he launched 'The Nonconformist Innovation Podcast'The intersection of privacy & identityHow to address organizational resistance to change, especially with lean resourcesBenefits gained from 'Tipping Point Leadership'4 common hurdles to tipping point leadership How to be a successful tipping point leader within a very bottom-up focused organization'Consumer IAM' & the driving need for modernizing identity in Washington StateHow Steve has approached the challenges related to privacy, ethics & equity Differences between the mobile driver's license (mDL) & verified credentials (VC) standards & technologyHow States are approaching the implementation of  mDL in different ways and the privacy benefits of 'selective disclosure'Steve's advice for privacy technologists to best position them and their orgs at the forefront of privacy and security innovationSteve recommended books for learning more about tipping point leadershipGuest Info: Connect with Steve on LinkedInListen to The Nonconformist Innovation Podcast Resources Mentioned: Steve's Interview with Tom KempTipping Point Leadership books:On Change Management Organizational BehaviorEthics in the Age of Disruptive Technologies: An Operational Roadmap Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.TRU Staffing Partners Top privacy talent - when you need it, where you need it.Shifting Privacy Left Media Where privacy engineers gather, share, & learnDisclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Better Tech
Zero Trust Security Model in IAM

Better Tech

Play Episode Listen Later Feb 21, 2024 38:50


In a recent BetterTech podcast episode, host Colin McCarthy explores the Zero Trust Security Model in Identity and Access Management (IAM) with guest Craig Riddell, CISO at Netwrix Corporation. Craig shares insights on the evolution of IAM, emphasizing the significance of the zero trust model, multi-factor authentication, and the role of machine learning in enhancing security measures. The discussion offers a deep dive into the challenges and advancements in IAM, providing valuable perspectives for those looking to strengthen their organization's security posture in the ever-evolving technological landscape. --- Send in a voice message: https://podcasters.spotify.com/pod/show/bettertech/message

Access 2 Perspectives – Conversations. All about Open Science Communication
DataCite – Contributing to the PID infrastructure in Africa

Access 2 Perspectives – Conversations. All about Open Science Communication

Play Episode Listen Later Dec 4, 2023 83:36


Bosun Obileye ORCID: 0000-0002-1200-0994 Bosun Obileye is the Regional Engagement Specialist -  Africa for DataCite. His career spans the institutionalization of open science from policy development, infrastructural development and implementation, advocacy, engagements and adoption. He has a background in Computer and Information Research Science, Cybersecurity, Research for Development (R4D), and Community Engagements. His interest in Identity and Access Management (IAM) is reflected in Persistent Identifiers (PIDs) as seen in his work with DataCite across sub-Saharan Africa where he engages, collaborates and promotes PIDs best practices and adoption in the region. About the webinar series This webinar was co-organized by ⁠UbuntuNet Alliance⁠ and ⁠Access 2 Perspectives⁠ as part of the ⁠ORCID Global Participation Program⁠. ⁠ORCID⁠ is the persistent identifier for researchers to share their accomplishments (research articles, data, etc with funding agencies, publishers, data repositories, and other research workflows. ⁠AfricArXiv⁠ is a community-led digital archive for African research communication. By enhancing the visibility of African research, we enable discoverability and collaboration opportunities for African scientists on the continent as well as globally. Find more podcast episodes here: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://access2perspectives.pubpub.org/podcast⁠⁠⁠⁠⁠⁠⁠ Host:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Dr Jo Havemann⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, ORCID iD ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠0000-0002-6157-1494 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Editing: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Ebuka Ezeike⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Music:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Alex Lustig⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, produced by⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Kitty Kat ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ License:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Attribution 4.0 International (CC BY 4.0)   ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ At Access 2 Perspectives, we guide you in your complete research workflow toward state-of-the-art research practices and in full compliance with funding and publishing requirements. Leverage your research projects to higher efficiency and increased collaboration opportunities while fostering your explorative spirit and joy. Website: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://access2perspectives.pubpub.org⁠⁠⁠⁠⁠⁠⁠ --- Send in a voice message: https://podcasters.spotify.com/pod/show/access2perspectives/message

Identity At The Center
#246 - IDAC Mailbag - Halloween 2023 Edition

Identity At The Center

Play Episode Listen Later Nov 13, 2023 55:15


In this episode of the Identity at the Center Podcast, hosts Jim McDonald and Jeff Steadman dive into the world of Identity and Access Management (IAM) with their mailbag segment. They answer thought-provoking questions from listeners around the globe, discussing topics such as integrating IAM with legacy systems, emerging trends in IAM, the role of artificial intelligence in IAM, user-friendly IAM solutions, inclusive and accessible IAM, and managing machine identities at scale in microservices and containerized environments. Jim and Jeff also share interesting experiences from their week, including showcasing the differences in IAM consulting between them and conducting an IAM workshop for those seeking to learn more about IAM. They also touch on the new AI Beatles song and wrap up the episode with a lighthearted discussion on favorite backyard BBQ party games. Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and follow @IDACPodcast on Twitter.

CYBER LIFE
Cyber Life Podcast Ep.11 - Identity & Identity Security & Zero Trust with Jeff Reich

CYBER LIFE

Play Episode Listen Later Oct 25, 2023 31:25


In this episode, you will learn about Identity and Identity Security from Jeff Reich.Jeff has has over 40 years of experience in what we now call cybersecurity.

The Thoughtful Entrepreneur
1695 – Identity Management In Action with Strata Identity's Eric Olden

The Thoughtful Entrepreneur

Play Episode Listen Later Oct 12, 2023 19:26 Transcription Available


In this episode of the Thoughtful Entrepreneur, your host Josh Elledge speaks to the Co-Founder & CEO of Strata Identity, Eric Olden.Eric broke down the concept of identity orchestration. He explained that it falls within a new software category designed to enable organizations to maintain identity management across multiple cloud platforms consistently and automatically. This software ensures secure access to websites, applications, and data, effectively eliminating the need for manual and repetitive processes.From a user's perspective, identity orchestration often operates seamlessly in the background. For instance, when someone logs into a website using their Google ID, it exemplifies identity management. While this process may appear straightforward for individual users, complexity arises when managing identities for numerous users or a substantial workforce numbering in the thousands. This is precisely where identity orchestration steps in, simplifying the entire process and promoting interoperability.Strata Identity primarily collaborates with large enterprises like Kroger, 3M, and the State of Minnesota, managing identity for their customers, employees, and partners. Eric's experience running Oracle's security and identity division gave him insights into big enterprises' challenges in managing identity across multiple clouds. This led him to establish Strata Identity and develop software to address this issue.Strata Identity's pricing model is unique. Instead of charging based on the number of users, they focus on securing applications and the number of identity providers used. This allows organizations to pay for their needs, making the service more accessible and cost-effective.Key Points from the Episode:Introduction of Eric Olden, co-founder and CEO of Strata IdentityExplanation of identity orchestration as a new category of softwareImportance of identity orchestration in managing identity across multiple cloud platformsStrata Identity's focus on large enterprises and their experience in managing identity for customers, employees, and partnersUnique pricing model based on securing applications and number of identity providers usedBenefits of deploying Strata Identity's software, including cost savings and system upgrades without changing applicationsSpecialization in solving complex use cases, such as mergers and acquisitionsImportance of using standards like SAML or OpenID ConnectAbout Eric Olden:Eric Olden is a visionary technical leader known for his profound contributions to internet security and identity management. With a career spanning innovation in web security and cloud technology, he co-founded and served as CEO of Symplified, a pioneer in cloud identity and access management. At Symplified, Eric played a pivotal role in developing one of the earliest cloud identity management solutions and forged integrations with major cloud platforms like AWS, establishing a global cloud service for Identity and Access Management (IAM).His journey in identity management began as the CTO and co-founder of Securant/ClearTrust, where he co-authored AuthXML and contributed to its incorporation into the SAML standard, a cornerstone in modern identity management. RSA acquired Securant, cementing Eric's legacy in the field. He's founded three software companies, generating over $235 million in equity value and holds multiple patents.Eric is known for his hands-on approach to product strategy and team building, emphasizing customer development and fostering a strong team culture, significantly impacting the tech startup ecosystem....

Trust Issues
EP 37 - Cloud Transformation and the Art of Simplicity

Trust Issues

Play Episode Listen Later Oct 5, 2023 38:14


Arati Chavan, Staff Vice President, Global Head of Identity and Access Management (IAM) at Elevance Health joins host David Puner for a conversation that sheds light on how federated identity solutions are pivotal in achieving efficient and secure access control across diverse entities. Chavan also explores the challenges and opportunities in cloud transformation, the evolving role of AI in healthcare and the delicate balance between customer simplicity and robust security measures. Listen in for a deep dive into the heart of identity security and its impact on the healthcare industry.

Resilient Cyber
S5E2: Scott Piper - Modern Cloud Security and Resilience

Resilient Cyber

Play Episode Listen Later Sep 8, 2023 41:51


Chris: First off, you've been knee deep in CloudSec for several years now, watching trends, incidents and the industry evolve. Where do you think we've made the most headway, and where do you think we still have the largest gaps to close?Nikki: I'm really interested in multi-cloud environments and security - because of the connectivity potential between separate cloud providers. What do you think organizations should be most concerned with when looking at using multiple cloud providers? Chris: You recently contributed to a report with the Atlantic Council about the systemic risks of Cloud and Critical Infrastructure. Can you speak on that a bit? What are your thoughts about systemic risks are more and more of our critical infrastructure and national security systems now become reliant on cloud?Chris: While we know most cloud security incidents are due to customer misconfigurations, we've recently seen some major hyperscaler CSP's experience some very damaging incidents that impacted many. Do you think these incidents are causing some organizations and industries to second guess their plans for cloud adoption or lead to trust issues in Cloud?Nikki:  One of my biggest concerns in cloud environments is Identity and Access Management (IAM) - especially in complex development environments. What are some of the major configuration challenges around IAM in cloud?  Nikki: What is your favorite cloud security statistic?Nikki:  I have to bring in the people angle - do you think that current tech teams have the skills and tools they need to manage cloud environments? Do you have any references or skills you recommend as teams build bigger cloud environments?Chris: On the people front, we know misconfigurations reign supreme for cloud security incidents. Do you think organizations are waking up the reality that they have to invest in their workforce when it comes to adopting technologies such as Cloud?Chris: We know you have your fwd:cloudsec event which has become an industry staple for learning and information sharing on cloud security. How did the event come about and what does the future look like for it?

CYBER LIFE
Cyber Life Podcast Ep.1 - Cloud Identity and Access Management (IAM) with Dr. KVN Rajesh

CYBER LIFE

Play Episode Listen Later Aug 30, 2023 27:48


In this episode, we're diving into the realm of identity and access management in the cloud. Our guest is Dr. KVN Rajesh, a multi award-winning trainer focused on Microsoft Azure security.With a PhD in deep learning and over 10,000 individuals trained, Dr. Rajesh is a cloud security expert you won't want to miss.Dr. Rajesh explains the concept of identity and access management (IAM) and how it helps protect our digital resources.Imagine your username as your digital ID and access as your role within the organization – all controlled through IAM. IAM helps protect critical data, data privacy, and ensures compliance.Dr. Rajesh talks about creating and managing IAM users, from provisioning to authentication, authorization, lifecycle management, and continuous monitoring.He then explores the power of IAM policies. These digital blueprints govern user permissions and actions, safeguarding the principle of least privilege. Dr. Rajesh sheds light on architecture best practices of these policies and their role in maintaining the balance between security and user experience.As our episode focus pivots to cloud environments, Dr. Rajesh showcases the pivotal role of IAM in Microsoft Azure. You will learn how Azure IAM centralizes access control, leveraging Azure Active Directory and Role-Based Access Control (RBAC) for seamless user identity management.Dr. Rajesh also addresses emerging trends shaping the future of IAM.He discusses zero trust, AI integration, and blockchain-backed identity verification.But every coin has two sides.Dr. Rajesh shares some common pitfalls to avoid – from generic passwords to excessive privileges – and offers a roadmap for troubleshooting IAM issues.Dr. Rajesh recommends a comprehensive IAM strategy to enforce granular permissions, track user activities, and ensure regulatory compliance.In this ever-connected world, cloud-based IAM solutions come with scalability, centralized management, and seamless integration. Dr. Rajesh digs into common benefits and challenges with cloud IAM solutions, to help your organization identity "right fit" solutions.Dr. Rajesh also emphasizes the urgency of implementing IAM best practices because of emerging threats and the reduced barrier to entry for cyber criminals.Be sure to like and subscribe for more episodes of the

Cloud Security Podcast by Google
EP127 Is IAM Really Fun and How to Stay Ahead of the Curve in Cloud IAM?

Cloud Security Podcast by Google

Play Episode Listen Later Jun 26, 2023 30:05


Guest: Ian Glazer, founder at Weave Identity, ex-Gartner, ex-SVP of Products at Salesforce, co-founder of IDPro Topics: OK, tell us why Identity and Access Management (IAM) is exciting (is it exciting?) Could you also explain why IAM is even more exciting in the cloud?  Are you really “one IAM mistake away from a breach” in the cloud?  What advice would you give to someone new to IAM? How to not just “learn IAM in the cloud” but to keep learning IAM? Is what I know about IAM in AWS the same as knowing IAM for GCP? What advice do you have for teams operating in a multi-cloud world? What are the top cloud IAM mistakes? How to avoid them? Resources: Video (LinkedIn, YouTube) IDPro association and BoK SCIM v2 standard EP60 Impersonating Service Accounts in GCP and Beyond: Cloud Security Is About IAM? EP76 Powering Secure SaaS … But Not with CASB? Cloud Detection and Response? EP94 Meet Cloud Security Acronyms with Anna Belak  

Privacy Files
Decentralized Identity and Data Privacy

Privacy Files

Play Episode Listen Later Apr 20, 2023 60:30


Imagine a future where YOU own your data and not Big Tech. Imagine a future where you control what personal information you share, with whom and for how long. Decentralized identity offers this future and the technology and standards are being developed today. When available, decentralized identity will put an end to the practice of giant corporations storing your sensitive personal data--only for a hacker to come along and breach that database, exposing you to identity theft and financial fraud. In this episode of Privacy Files, Rich and Sarah welcome Dr. Paul Ashley to the studio to break down the topic of decentralized identity--how it works, the technology underpinning it and the virtually infinite number of applications waiting to put this technology into practice. Dr. Ashley is the Chief Technology Officer (CTO) at Anonyome Labs and one of the key industry players on the global stage who is developing the standards for decentralized identity. The global decentralized identity market is expected to grow at a compound annual growth rate (CAGR) of 90.3% from 2023 to 2030. Most experts attribute the predicted rise in decentralized identity to the explosion in identity fraud cases. In February 2022, the Federal Trade Commission (FTC) published a report revealing that identity fraud incidents increased by about 45% globally in 2020. Sarah kicks off the episode by defining decentralized identity and explaining how this approach to managing personal data is part of the larger discipline of Identity and Access Management (IAM). Dr. Ashley provides a history lesson on the evolution of IAM and the path that led us to decentralized identity today. He explains how data was first managed via a centralized approach. Then federated systems began to materialize. One common example of a federated approach to data management is Facebook. Facebook often asks users of the platform if they want to use their existing login credentials to access other platforms in order to collect that rich behavioral data. While convenient, the federate approach is a privacy nightmare. Sarah and Dr. Ashley then look at the anatomy of the decentralized identity process. From digital wallets and verifiable credentials to issuers and verifiers, it's a highly secure approach to giving the individual back control of their data--all based on blockchain technology. Rich and Dr. Ashley follow with a discussion on potential use cases and detailed examples of how the process actually works. Dr. Ashley closes out the episode by addressing some concerns about who controls decentralized identity and how the overall ecosystem should be structured to maximize privacy and security for digital wallet holders. Links Referenced: https://www.grandviewresearch.com/industry-analysis/decentralized-identity-market-report OUR SPONSORS: Anonyome Labs - Makers of MySudo and Sudo Platform. Take back control of your personal data. www.anonyome.com MySudo - The world's only all-in-one privacy app. Communicate and transact securely and privately. Talk, text, email, browse, shop and pay, all from one app. Stay private. www.mysudo.com Sudo Platform - The cloud-based platform companies turn to for seamlessly integrating privacy solutions into their software. Easy-to-use SDKs and APIs for building out your own branded customer apps like password managers, virtual cards, private browsing, identity wallets (decentralized identity), and secure, encrypted communications (e.g., encrypted voice, video, email and messaging). www.sudoplatform.com

Identity At The Center
#208 - Identiverse 2023 Preview with Andi Hindle

Identity At The Center

Play Episode Listen Later Apr 17, 2023 72:44


Jeff talks with Andrew Hindle, Identiverse Conference Chair, about the 2023 Identiverse conference and how he defines Digital Identity and Identity and Access Management (IAM). Connect with Andi: https://www.linkedin.com/in/ahindle/ Learn more about Identiverse: https://events.identiverse.com/identiverse2023/begin?code=IDV23-ICEN20 Use our discount code for 20% off your Identiverse registration: IDV23-ICEN20 Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and follow @IDACPodcast on Twitter.

The 443 - Security Simplified
The NSA’s Guidance on Securing Authentication

The 443 - Security Simplified

Play Episode Listen Later Mar 27, 2023 40:24


This week we have all the acronyms as we cover a joint publication by CISA and the NSA with Identity and Access Management (IAM) best practices. We then cover some new proposed cybersecurity rules out of the Securities and Exchange Commission (SEC) before ending with an FBI takedown of a popular hacking forum.

Cybersecurity Hot Takes
30. Identity in Organizations is Too Entrenched to Warrant a Rethink

Cybersecurity Hot Takes

Play Episode Listen Later Mar 23, 2023 29:12


On today's episode of Cybersecurity Hot Takes, we are joined by Eric Olden the CEO, of Strata. He and the podcast crew discuss the next steps for the industry involving Identity and Access Management (IAM). Is Identity too mature and entrenched in organizations for them to want to rethink and find a better way? Follow Beyond Identity: twitter.com/beyondidentity linkedin.com/company/beyond-identity-inc Website: beyondidentity.com Send any voice submissions to Podcast@beyondidentity.com Informal security chat with Beyond Identity's CTO Jasson Casey, Founding Engineer Nelson Melo, and VP of Global Sales Engineering Husnain Bajwa and our host Marketing Empress Reece Guida. Join us for the good, the ugly, and the unexplored in the cybersecurity space. Chat topics include MFA, authentication, passwordless solutions, and how Beyond Identity is utilizing asymmetric cryptography to create the first unphishable multi-factor authentication on the planet. --- Send in a voice message: https://podcasters.spotify.com/pod/show/beyondidentity/message

Streaming Audio: a Confluent podcast about Apache Kafka
Rethinking Apache Kafka Security and Account Management

Streaming Audio: a Confluent podcast about Apache Kafka

Play Episode Listen Later Dec 8, 2022 41:23 Transcription Available


Is there a better way to manage access to resources without compromising security? New employees need access to a variety of resources within a company's tech stack. But manually granting access can be error-prone. And when employees leave, their access must be revoked, thus potentially introducing security risks if an admin misses one. In this podcast, Kris Jenkins talks to Anuj Sawani (Security Product Manager, Confluent) about the centralized identity management system he helped build to integrate with Apache Kafka® to prevent common identity management headaches and security risks.With 12+ years of experience building cybersecurity products for enterprise companies, Anuj Sawani explains how he helped build out KIP-768 (Secured OAuth support in Kafka) that supports a unified identity mechanism that spans across cloud and on-premises (hybrid scenarios).Confluent Cloud customers wanted a single identity to access all their services. The manual process required managing different sets of identity stores across the ecosystem. Anuj goes on to explain how Identity and Access Management (IAM) using cloud-native authentication protocols, such as OAuth or OpenID Connect, solves this problem by centralizing identity and minimizing security risks.Anuj emphasizes that sticking with industry standards is key because it makes integrating with other systems easy. With OAuth now supported in Kafka, this means performing client upgrades, configuring identity providers, etc. to ensure the applications can leverage new capabilities. Some examples of how to do this are to use centralized identities for client/broker connections.As Anuj continues to build and enhance features, he hopes to recommend this unified solution to other technology vendors because it makes integration much easier. The goal is to create a web of connectors that support the same standards. The future is bright, as other organizations are researching supporting OAuth and similar industry standards. Anuj is looking forward to the evolution and applying it to other use cases and scenarios.EPISODE LINKSIntroduction to Confluent Cloud SecurityKIP-768: Secured OAuth support in Apache KafkaConfluent Cloud Documentation: OAuth 2.0 SupportApache Kafka Security Best PracticesSecurity for Real-Time Data Stream Processing with Confluent CloudWatch the video version of this podcastKris Jenkins' TwitterStreaming Audio Playlist Join the Confluent CommunityLearn more with Kafka tutorials, resources, and guides at Confluent DeveloperLive demo: Intro to Event-Driven Microservices with ConfluentUse PODCAST100 to get an additional $100 of free Confluent Cloud usage (details)

Hacking Humans
Identity access management (IAM) (noun) [Word Notes]

Hacking Humans

Play Episode Listen Later Jul 12, 2022 11:25


A set of solutions for ensuring that the right users can only access the appropriate resources. CyberWire Glossary link: https://thecyberwire.com/glossary/identity-and-access-management Audio reference link: “The Wrath of Khan (1982) ‘Kirk's Response,'” by Russell, YouTube, 16 May 2017.