Podcasts about Identity management

  • 256PODCASTS
  • 477EPISODES
  • 33mAVG DURATION
  • 1WEEKLY EPISODE
  • Jun 10, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about Identity management

Show all podcasts related to identity management

Latest podcast episodes about Identity management

Microsoft Mechanics Podcast
Fix Identity Sprawl + Optimize Microsoft Entra

Microsoft Mechanics Podcast

Play Episode Listen Later Jun 10, 2025 11:04 Transcription Available


Strengthen your security posture in Microsoft Entra by following prioritized Secure Score recommendations. Enforce MFA, block legacy authentication, and apply risk-based Conditional Access policies to reduce exposure from stale accounts and weak authentication methods. Use built-in tools for user, group, and device administration to detect and clean up identity sprawl—like unused credentials, inactive accounts, and expired apps—before they become vulnerabilities. Jeremy Chapman, Microsoft 365 Director, shares steps to clean up your directory, strengthen authentication, and improve overall identity security. ► QUICK LINKS:  00:00 - Microsoft Entra optimization 00:54 - New Recommendations tab 02:11 - Enforce multifactor authentication 03:21 - Block legacy authentication protocols 03:58 - Apply risk-based Conditional Access 04:44 - Identity sprawl 05:46 - Fix account sprawl 08:06 - Microsoft 365 group sprawl 09:36 - Devices 10:33 - Wrap up ► Link References Watch part one of our Microsoft Entra Beginner's Tutorial series at https://aka.ms/EntraBeginnerMechanics Check out https://aka.ms/MicrosoftEntraRecommendations ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics  

Identity At The Center
#354 - Kristina Yasuda & Torsten Lodderstedt on the EUDI Wallet and its Global Impact

Identity At The Center

Play Episode Listen Later Jun 9, 2025 51:50


Join Jim McDonald and Jeff Steadman on Identity at the Center as they sit down with Kristina Yasuda, Product Owner, and Dr. Torsten Lodderstedt, Project Lead for the German EUDI Wallet project. Recorded at EIC 2025, this episode delves into the ambitious European Union initiative to create a digital identity wallet for all its citizens.Kristina and Torsten discuss the vision behind the EUDI Wallet, the political will driving it, and the funding making it a reality. They explore the challenges and complexities of aligning multiple parties, standardizing technical specifications, and the goal of digitizing everything from government-issued IDs to driving licenses and ePrescriptions.Learn about the Federal Agency for Breakthrough Innovation (SPRIN-D), the importance of a transparent and collaborative development process, and how Germany aims to provide a secure, privacy-preserving, and interoperable digital wallet ecosystem. The discussion also touches on digital sovereignty, the role of platform providers like Google and Apple, the aggressive timelines, and the potential global impact of this initiative.Find out how the EUDI Wallet aims to put users in the driver's seat, ensure non-discriminatory access, and foster a flourishing digital economy in Europe.Chapters00:00 Introduction: Vision, Political Will, and Funding00:50 Blockchain vs Federated Identity: Bridging the Gap01:47 Welcome to the Identity of the Center Podcast03:18 Meet the Guests: German EUDI Wallet Project03:42 Christina's Journey into Identity06:05 Torsten's Background in Identity08:31 The EUDI Wallet Project: Scope and Goals12:19 Challenges and Opportunities in Digital Identity15:38 Production and Adoption of Digital Wallets20:53 Digital Sovereignty and Interoperability26:16 Government's Role in Digital Identity26:54 Certification and Recognition of Wallet Providers27:21 Cultural Differences in Government-Provided IDs27:53 Challenges and Timelines for Digital Wallet Implementation28:25 Legal Obligations and Compliance29:10 Public vs. Private Sector in Digital Identity30:13 Barriers to Widespread Adoption31:26 Complexities of Wallet-Based Systems33:23 Global Interoperability and Standards33:59 Technical Specifications and Convergence36:05 Multi-Step Process for Implementation38:26 Transition Period and Global Considerations42:49 Digital Driver's License and Real-World Applications46:17 Final Thoughts and Future Outlook46:23 Fun and Lighthearted EndingConnect with Kristina: https://www.linkedin.com/in/kristinayasudaConnect with Dr. Torsten: https://www.linkedin.com/in/dr-torsten-lodderstedt/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywords:EUDI Wallet, Digital Identity, European Union, Germany, Kristina Yasuda, Torsten Lodderstedt, Identity Management, Self-Sovereign Identity (SSI), Digital Sovereignty, Interoperability, Technical Standards, OpenID, Verified Credentials, Federal Agency for Breakthrough Innovation, Sprint, EIC 2025, Government Issued ID, Digital Transformation, Privacy, Security, User Control, Mobile Driver's License, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald#EUDIWallet #DigitalIdentity #EuropeanUnion #Germany #KristinaYasuda #TorstenLodderstedt #IdentityManagement #SelfSovereignIdentity #SSI #DigitalSovereignty #Interoperability #OpenID #VerifiedCredentials #EIC2025 #GovernmentID #DigitalTransformation #Privacy #Security #UserControl #MobileDriverLicense #IDAC #IdentityAtTheCenter #JeffSteadman #JimMcDonald #DigitalWallet #EU

Trust Issues
EP 8 - Zero Trust, Zero Chill: Securing Machine Identity

Trust Issues

Play Episode Listen Later May 28, 2025 45:08


In this episode of Security Matters, host David Puner welcomes Kevin Bocek, CyberArk SVP of Innovation, for an insightful discussion on the critical role of machine identity in modern cybersecurity. As digital environments become increasingly complex, securing machine identities has never been more crucial.According to the CyberArk 2025 Identity Security Landscape, machine identities now outnumber human identities by more than 80 to 1. As organizations scale cloud workloads and automation, these identities are becoming a critical part of the cybersecurity frontline. From TLS certificate outages to API key exposures, failures in machine identity management can lead to outages, breaches, and cascading system failures. In this episode of Security Matters, Kevin Bocek explains why this moment is pivotal for getting machine identity right—and how Zero Trust principles, automation, and visibility are essential to building cyber resilience.We also explore the future of identity security—from AI kill switches and agentic AI to quantum threats—and how identity can serve as both a safeguard and a kill switch in the age of autonomous systems.Whether you're a cybersecurity professional or simply interested in the latest security trends, this episode offers valuable insights into the importance of machine identity in safeguarding our digital world. Don't forget to subscribe, leave a review, and follow Security Matters for more expert discussions on the latest in cybersecurity.

Agent of Influence
Episode 070 - Advancing Exposure Management - Jorge Orchilles

Agent of Influence

Play Episode Listen Later May 28, 2025 38:19


Advancing Exposure ManagementHear from Jorge Orchilles, Senior Director at Verizon, on the shift from traditional vulnerability management to modern exposure management and the critical role proactive security plays in staying ahead of threats.+ + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.

The Identity Jedi Show
Identity Management Evolved: AI, Empathy, and Innovation

The Identity Jedi Show

Play Episode Listen Later May 27, 2025 65:16


In this episode of the Identity Jedi Show, the host welcomes Ashish Haw to discuss current hot topics in identity management. Ashish shares insights into his company's data-centric approach to solving identity issues, particularly emphasizing the importance of contextual data and AI models. The conversation covers the integration of human and non-human identities, the emergence of agentic AI, and the need for identity platforms to become more user-friendly and intelligent. Other key points include the consolidation of identity tools, the evolution of enterprise security expectations, and the necessity for agile, context-based security solutions. The discussion concludes with predictions for the future of identity management, focusing on the rise of agentic AI and the transformation of identity platforms over the next few years. LinksNewsletter → www.theidentityjedi.comLeovici → https://leovici.goaffpro.com/shop/identityjediCouponCode = IDENTITYJEDIIdentity Royale → https://saviynt.com/events/identiverse2025-identity-jedi-vip

UBC News World
Okta CASB Migration Consulting: Powerful Cloud Security & Identity Management

UBC News World

Play Episode Listen Later May 21, 2025 4:24


Access management expert Azure IAM is ready to help migrate your cybersecurity operations to a network based on Azure and protected by Okta. To learn how to effectively manage your cloud storage operations, visit https://azureiam.com/ Azure IAM, LLC City: Sterling Address: P. O. Box 650685 Website: https://azureiam.com

Trust Issues
EP 7- Resilience in Identity Management: Avoiding Single Points of Failure

Trust Issues

Play Episode Listen Later May 15, 2025 44:49


In this episode of Security Matters, host David Puner sits down with Eric Olden, co-founder and CEO of Strata Identity, and a pioneer in modern identity management. Eric shares his career journey, from founding Simplified to leading Oracle's global identity division, and discusses the critical importance of resilience in identity systems.Discover how organizations can eliminate single points of failure, test their backup plans and ensure their digital operations remain robust even in the face of unexpected outages. Eric also delves into the concept of identity orchestration, explaining how it can unify multiple identity systems and enhance security.Tune in to learn about the latest trends in identity management, including the intersection of AI and identity, and gain insights into how businesses can proactively assess and mitigate risks associated with identity outages.Don't miss this engaging conversation filled with practical advice and forward-thinking strategies to help safeguard your organization's identity infrastructure.

Programmatic Digest's podcast
173. Adtech Economic Forum Discussion with Shannon Rudd and Allie Lichtenberg

Programmatic Digest's podcast

Play Episode Listen Later Apr 10, 2025 35:22


In this episode of the Programmatic Digest Podcast, Shannon Rudd and Allie Lichtenberg joined us to talk about their experience at the AdTech Economic Forum, an event created by Rob Beeler and Tom Triscari. Allie shared how excited she was to win a free ticket, showing how helpful it is to give new professionals chances to grow. Shannon talked about how the forum felt welcoming and praised the organizers for including different voices, especially in talks about money and business deals in ad tech. They also discussed big changes happening in the ad tech world — like how people's online behavior is changing and how AI is starting to play a bigger role in making money from content. They mentioned smart ideas from speakers like Andrew Casale about how DSPs and SSPs are changing.  We also celebrated how important community is, especially groups like the Women in Programmatic Network and A very special Thank You to Advance Women for bringing this together. Shannon and Allie talked about how male allies can help support women in ad tech and why that's so important.    Announcement   We have opened The Reach and Frequency MEMBERSHIP, exclusive to programmatic ninjas, adops, adtech unicorns looking for a community where we can learn freely and judgement free.  https://programmaticdigest14822.ac-page.com/executivemembership    About Us: We teach historically excluded individuals how to break into programmatic media buying and land their dream jobs. Through our Reach and Frequency® program, an engaged community, and expert coaching, we offer: Programmatic L&D Support: A monthly retainer providing hands-on training, strategy, and troubleshooting for programmatic teams. Book a Discovery Call: https://www.heleneparker.com/workshop/ Programmatic Training & Coaching: Executive Membership: for the busy mid-level to senior or director-level programmatic ninja looking for a structured, high-impact way to stay ahead of evolving trends, sharpen your optimization skills, and connect with like-minded experts Join Here: https://programmaticdigest14822.ac-page.com/executivemembership    Accelerator Program: A 6-week structured program with live coaching, hands-on DSP exercises, and real-time feedback. Sign Up: https://reachandfrequencycourse.thinkific.com/courses/program   Self-Paced Course: Learn at your own speed with full content access. Enroll Here: https://reachandfrequencycourse.thinkific.com/bundles/the-reach-frequency-full-course   Timestamp: (00:02) - AdTech Economic Forum Takeaways (06:25) - AdTech Industry Insights and Trends (15:43) - Evolving AdTech Measurement and Diversity (30:40) - Empowering Women in AdTech Networking (34:50) - LinkedIn Networking and Engagement     Meet Our Guest: Allie Lichtenberg https://www.linkedin.com/in/allisonmottolalichtenberg/  Shannon Rudd https://www.linkedin.com/in/srudd/ Meet The Team: Hélène Parker - Chief Programmatic Coach https://www.heleneparker.com/  https://www.linkedin.com/in/helene-parker/ Learn Programmatic As a TEAM: https://www.heleneparker.com/workshop/  As a Programmatic Ninja: https://www.heleneparker.com/course/ Programmatic Coaching Newsletter:https://www.heleneparker.com/newsletter/    Programmatic Digest https://www.linkedin.com/company/programmatic-digest-podcast https://www.youtube.com/@programmaticdigest    Manuela Cortes - Co-Host  Programmatic Digest In Espanol  https://www.linkedin.com/in/manuela-cortes-/   Looking for programmatic training/coaching?  Sign up to our Accelerator Program: A 6-week structured program with live coaching, hands-on within DSP(s) exercises, and real-time feedback—perfect for those who thrive on accountability and community, and looking to grow their technical skillset https://reachandfrequencycourse.thinkific.com/courses/program  Self-Paced Course: Full access to course content anytime, allowing independent learners to study at their own speed with complete flexibility. https://reachandfrequencycourse.thinkific.com/bundles/the-reach-frequency-full-course  Join our next workshop by signing up to our waitlist below: https://www.heleneparker.com/waitlist/

Cyber Security Today
Critical Security Updates and Identity Management Insights

Cyber Security Today

Play Episode Listen Later Apr 9, 2025 11:13 Transcription Available


In this episode of Cybersecurity Today, host Jim Love covers important security updates and warnings including critical flaws in WinRAR, a patch for a high severity zero-day vulnerability in Windows CLFS, and a security vulnerability in WhatsApp's Windows desktop application. He urges users to update their software to protect against exploits. Additionally, Jim discusses Identity Management Day and the concerning findings from an OKTA survey revealing Canadians' growing worries about identity theft. He announces his plan to create a special segment on new identity solutions to address these concerns. The episode also includes a shout-out to the BSides Calgary event for information security professionals. 00:00 Introduction and Event Announcement 00:51 Critical Flaws in Compression Utility 03:33 Microsoft Patches Zero-Day Exploits 05:01 WhatsApp Security Vulnerability 06:46 Identity Management Day Insights 10:13 Conclusion and Contact Information

Identity At The Center
#342 - Identity Management Day 2025 with Jeff Reich

Identity At The Center

Play Episode Listen Later Apr 7, 2025 53:11


Join Jeff and Jim in this episode of the Identity at the Center Podcast as they delve into the upcoming Identity Management Day 2025. Featuring guest Jeff Reich, Executive Director at the Identity Defined Security Alliance (IDSA), this episode unpacks the significance of non-human identities, AI in identity management, and the existential questions surrounding identity. The discussion covers upcoming events, awards, and what to expect from Identity Management Day, while also exploring the potential impact of Quantum Computing. Don't miss out on this in-depth conversation that combines humor with profound insights into the evolving landscape of identity management.Chapters00:00 Introduction and Identity Concerns01:30 AI and Podcasting01:59 AI Limitations and Future05:41 Conference Announcements07:30 Identity Management Day 202509:35 Global Identity Trends18:39 Existential Identity and AI27:29 The Concept of Identity in Technology28:05 Machine Identity and Its Implications29:30 Human vs. Machine Identity31:07 The Future of Identity with AI and Quantum Computing38:13 Identity Management Day Awards45:17 Fun and Lighthearted Discussion51:35 Conclusion and Final ThoughtsConnect with Jeff: https://www.linkedin.com/in/jreich/Learn more about the IDSA: https://www.idsalliance.org/Register for Identity Management Day 2025: https://www.accelevents.com/e/Identity-Management-Day-2025-Virtual-ConferenceConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywords: Identity Management, AI, Non-Human Identities, Identity Defined Security Alliance, IDSA, Quantum Computing, Identity Management Day 2025, Identity at the Center Podcast.

Unlocking Africa
How to Enhance Supply Chain Efficiency in Africa Through Product Digital Identity Management with Dare Odumade

Unlocking Africa

Play Episode Listen Later Apr 7, 2025 58:49


Episode #169 with Dare Odumade, CEO of Chekkit Technologies and contributor to the recently published book Thrive: Mastering E-commerce the African Way published by the Africa Retail Academy at Lagos Business School.Dare Odumade is at the forefront of supply chain innovation in Africa through his work with Chekkit Technologies, a company on a mission to protect consumers, build brand trust, and eliminate counterfeit products across the continent. As a key voice in the chapter Enhancing E-commerce Efficiency in Africa: The Role of Product Digital Identity Management, Dare offers a bold vision for how digital product identity can transform African commerce.In this episode, we explore how Chekkit is reshaping e-commerce in Africa, from solving the "what I ordered versus what I got" dilemma and improving logistics infrastructure to empowering consumers with real-time product verification and driving loyalty through smart technology solutions.What We Discuss With DareThe pivotal moment that highlighted the urgent need for supply chain transparency in Africa.The key message behind the chapter “Enhancing E-commerce Efficiency in Africa” and how product digital identity management plays a crucial role.How Chekkit functions as a real-world tool to trace and share the story of a product's supply chain from origin to consumer.How Chekkit supports manufacturers in reclaiming market share by combating counterfeit products through supply chain transparency.The resistance faced from industries hesitant to digitise their supply chains and how Chekkit addresses those challenges.Did you miss my previous episode where I discuss The Structural Changes Required To Build Resilient Diagnostics and Healthcare Systems in Africa? Make sure to check it out!Like this show? Please leave us a review here -- even one sentence helps!Connect with Terser:LinkedIn - Terser AdamuInstagram - unlockingafricaTwitter (X) - @TerserAdamuConnect with Dare:LinkedIn - Dare OdumadeTwitter (X) - @ChekkitappDo you want to do business in Africa? Explore the vast business opportunities in African markets and increase your success with ETK Group. Connect with us at www.etkgroup.co.uk or reach out via email at info@etkgroup.co.ukSubscribe to our newsletter for exclusive content, behind-the-scenes insights, and bonus material - Unlocking Africa Newsletter

Bitcoin Magazine
FROSTR Explained: A Gamechanger for NOSTR Identity Management | The Juan Galt Show

Bitcoin Magazine

Play Episode Listen Later Mar 27, 2025 45:51


What happens when you lose your private key on Nostr? In this episode of the Juan Galt Show, we sit down with developers Topher Scott and Austin from Pleb Lab to talk about FROSTR—a new protocol that uses Bitcoin-style multi-sig cryptography (FROST) to secure your identity on Nostr.From the philosophy of owning your digital identity to the real-world problems of key loss, key rotation, and safe authentication, this episode goes deep on how Fostr works, what makes it different, and why it's a crucial step forward for decentralized social media and Bitcoiners alike.Connect with Juan Galt on Nostr: https://primal.net/p/nprofile1qqsrwtdqwltr2dps7dpatpfas5c3k07jwqvdt2pm3sdnj7uj2x8v0tqznatusFollow Juan Galt on X: https://x.com/JuanSGaltRead his work in Bitcoin Magazine: https://bitcoinmagazine.com/authors/juan-galt

ITSPmagazine | Technology. Cybersecurity. Society
Zero Trust in Action: Revolutionizing Incident Response | A Zero Trust World Conversation with Art Ocain | On Location Coverage with Sean Martin and Marco Ciappelli

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Feb 25, 2025 14:04


At ThreatLocker Zero Trust World 2025 in Orlando, Art Ocain, VP of Cybersecurity & Incident Response at Airiam, shared valuable insights into applying zero trust principles to incident response. The conversation, hosted by Marco Ciappelli and Sean Martin, highlighted the critical role of zero trust in preparing for and managing security incidents.The Zero Trust Mindset in Incident Response Ocain discussed how zero trust methodology—embracing the principles of "assume breach" and "always verify, never trust"—can significantly enhance incident response strategies. Instead of merely securing the perimeter or endpoints, his approach involves identifying and protecting core systems through micro-segmentation and robust identity management. By securing each component individually, organizations can minimize the impact of potential breaches.For example, Ocain described a scenario where segmenting a SQL server from an application server could prevent data loss during an attack. Even if an application server is compromised, critical data remains secure, allowing quicker recovery and continuity of operations.Dynamic Containment Strategies Ocain emphasized the importance of dynamic containment when responding to incidents. Traditional methods, such as using Endpoint Detection and Response (EDR) tools, are effective for forensic analysis but may not stop active threats quickly. Instead, he advocated for an "allow list only" approach that restricts access to systems and data, effectively containing threats while maintaining critical business functions.In practice, when Ocain is called into a crisis, he often implements a deny-by-default solution to isolate compromised systems. This strategy allows him to perform forensics and bring systems back online selectively, ensuring threat actors cannot access recovered systems.Balancing Security with Business Needs A significant challenge in adopting zero trust is gaining executive buy-in. Ocain noted that executive teams often push back against zero trust measures, either out of a desire for convenience or because of misconceptions about its impact on business culture. His approach involves demonstrating real-world scenarios where zero trust could mitigate damage during breaches. By focusing on critical systems and showing the potential consequences of compromised identities or systems, Ocain effectively bridges the gap between security and business priorities.A Cultural Shift Toward Security The discussion also touched on the cultural shift required to fully integrate zero trust into an organization. Zero trust is not just a technological framework but a mindset that influences how every employee views access and security. Through scenario-driven exercises and engaging executive teams early in the process, Ocain helps organizations transition from a "department of no" mentality to a collaborative, security-first culture.Listen to the full episode to explore more strategies on implementing zero trust in incident response and how to align security initiatives with business goals.Guest: Art Ocain, VP of Cybersecurity & Incident Response at Airiam | On LinkedIn: https://www.linkedin.com/in/artocain/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More

ITSPmagazine | Technology. Cybersecurity. Society
Breaking the Spell: How to Avoid the Grand Delusion in Zero Trust | A Conversation with Dr. Chase Cunningham at Zero Trust World 2025 | On Location with Sean Martin and Marco Ciappelli

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Feb 25, 2025 9:34


At ThreatLocker Zero Trust World 2025 in Orlando, Chase Cunningham, often referred to as “Dr. Zero Trust,” delivered a thought-provoking session titled The Grand Delusion. The event, filled with IT professionals, managed service providers (MSPs), and small to midsize business (SMB) leaders, provided the perfect backdrop for a candid discussion about the state of cybersecurity and the real-world application of Zero Trust strategies.Challenging the Status QuoCunningham emphasized the need for businesses to adopt realistic cybersecurity practices that align with their resources and needs. He pointed out the pitfalls of smaller organizations attempting to emulate enterprise-level security strategies without the necessary infrastructure. “Cyber shouldn't be any different” than outsourcing taxes or other specialized tasks, he explained, advocating for MSPs and external services as practical solutions.Zero Trust as a Strategy, Not Just a TermThe session underscored that Zero Trust is not merely a buzzword but a strategic approach to security. Cunningham stressed the importance of questioning the validity of industry claims and seeking concrete data to support cybersecurity initiatives. He encouraged attendees to avoid being “delusional” by blindly accepting security solutions without a critical evaluation of their impact and effectiveness.Actionable Steps for Small BusinessesCunningham shared practical advice for implementing Zero Trust principles within smaller organizations. He recommended focusing on foundational controls like identity and access management, micro-segmentation, and application allow and block lists. He noted that achieving security is a journey, requiring a structured, strategic approach and an acceptance that immediate results are unlikely.The Future of Zero TrustLooking ahead, Cunningham expressed optimism about the continued evolution of Zero Trust. He highlighted its growing global significance, with his upcoming engagements in Taiwan, Colombia, and Europe serving as evidence of its widespread adoption. Ultimately, he framed Zero Trust as not only a business imperative but a fundamental human right in today's digital world.Tune in to this episode to hear more insights from Chase Cunningham and explore what Zero Trust means for businesses of all sizes.Guest

ITSPmagazine | Technology. Cybersecurity. Society
From Access to Automation: The New Playbook for IT and Security Teams | A JumpCloud Brand Story with Chase Doelling

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Feb 11, 2025 43:12


IT and security teams are under constant pressure to streamline operations while maintaining strong security and compliance. In this Brand Story episode, Chase Doelling, Principal Strategist at JumpCloud, shares insights from the company's latest SME IT Trends Report. The discussion highlights key trends, challenges, and opportunities that IT teams face, particularly in small and medium-sized businesses (SMBs).The Role of IT in Business OperationsDoelling emphasizes the increasing responsibility placed on IT teams. Historically seen as cost centers, IT and security functions are now recognized as critical to business success. More organizations are merging IT and security efforts, ensuring that security considerations are built into every decision rather than being addressed reactively.A major takeaway from the report is the shift toward decentralization in IT decision-making. Departments are increasingly adopting tools independently, leading to an explosion of software-as-a-service (SaaS) applications. While this autonomy can boost efficiency, it also creates risks. Shadow IT—where employees use unauthorized tools—has become a top concern, with 88% of organizations identifying it as a risk.AI, Security, and IT InvestmentThe report also reveals a growing divide in AI adoption. Organizations are either moving aggressively into AI initiatives or staying completely on the sidelines. Those embracing AI often integrate it into security and IT operations, balancing innovation with risk management.Budget trends indicate that IT spending is rising, with security tools accounting for a significant portion. The need for robust cybersecurity measures has pushed organizations to prioritize visibility, access management, and compliance. A notable shift is occurring in remote and hybrid work models. While remote work surged in previous years, only 9% of organizations now report being fully remote. This return to office environments introduces new IT challenges, particularly in managing networks and devices across hybrid workplaces.How JumpCloud Supports IT TeamsJumpCloud's platform simplifies IT and security operations by unifying identity and access management, device management, and security policies. One key challenge IT teams face is visibility—knowing who has access to what systems and ensuring compliance with security policies. JumpCloud's approach allows organizations to manage users and devices from a single platform, reducing complexity and improving security posture.An example of JumpCloud's impact is its ability to detect and manage SaaS usage. If an employee tries to use an unauthorized tool, JumpCloud can guide them toward an approved alternative, preventing security risks without stifling productivity. This balance between security and efficiency is essential, particularly for SMBs that lack dedicated security teams.Looking Ahead: IT and Security ConvergenceDoelling teases upcoming research that will explore the relationship between IT and security teams. With these functions blending more than ever, organizations need insights into how to align strategies, resources, and budgets effectively.For IT and security professionals navigating a landscape of increased threats, shifting work environments, and AI-driven innovation, the insights from JumpCloud's research provide a valuable benchmark. To gain a deeper understanding of these trends and their implications, listen to the full episode and explore the latest SME IT Trends Report.Note: This story contains promotional content. Learn more. Guest: Chase Doelling, Principal Strategist, JumpCloud [@JumpCloud], On LinkedIn | https://www.linkedin.com/in/chasedoelling/ResourcesLearn more about JumpCloud and their offering: https://itspm.ag/jumpcloud-pg7zTo download the SME IT Trends Report: https://itspm.ag/jumpcljqywCatch more stories from JumpCloud at https://www.itspmagazine.com/directory/jumpcloudAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

McKinsey on Building Products
Arnab, Chief Product Officer, Okta Platform on the impact of AI on cybersecurity and identity management

McKinsey on Building Products

Play Episode Listen Later Feb 7, 2025 27:30


In this episode of McKinsey on Building Products, host Rikki Singh and Arnab Bose, Chief Product Officer, Okta Platform, discuss the transformative impact of AI on cybersecurity and identity management. They explore the challenges of adopting AI in security solutions, the importance of a robust strategy for identity management, and how organizations can safely adopt AI agents.See www.mckinsey.com/privacy-policy for privacy information

The Fintech Blueprint
Protecting 2,700 Customers Across 100 Million Transactions, with Socure's CTO Arun Kumar

The Fintech Blueprint

Play Episode Listen Later Jan 28, 2025 41:50


Lex interviews Arun Kumar, the CTO of Socure, an identity management and risk assessment company. In this exciting episode, Arun touches on: (1) his experience building large-scale, high-throughput, and low-latency systems at companies like Amazon and Citadel, and how he applies that expertise to the identity verification and fraud detection challenges at Socure. (2) Socure's rapid growth, serving over 2,700 customers including 9 of the top 10 U.S. banks and over 30 state agencies, processing hundreds of millions of transactions per month. (3) Socure's approach to building a real-time identity graph by aggregating signals from devices, phone numbers, IPs, and other data points to detect and prevent sophisticated fraud tactics like deepfakes and fraud GPTs. (4) The company's recent acquisition of Effectiv to simplify the integration process for customers and improve efficiency, as well as its use of Generative AI to automate various tasks. Lastly, (5) Socure's future plans to expand beyond account opening and login into transaction monitoring, as well as exploring opportunities in the growing embedded finance and digital identity spaces. MENTIONED IN THE CONVERSATION Topics: Socure, Effectiv, Citadel, Amazon, Identity management, digital identity, generative AI, deepfakes, fraud prevention, machine learning, identity verification ABOUT THE FINTECH BLUEPRINT 

HIPcast
Episode 30 - HIPcast - Patient Identity Management with Megan Pruente

HIPcast

Play Episode Listen Later Jan 13, 2025 41:56


In this episode of HIPcast, Megan Pruente, shares her experience in the patient identity management domain of Health Information. We also talk about AI and how HI Professionals can utilize AI tools in everyday life. #HIPcast with Shannan and Seth.

Business of Tech
Cybersecurity Insights: Policy, Identity Management and CMMC with Jon Murchison

Business of Tech

Play Episode Listen Later Dec 23, 2024 20:54


Dave Sobel engages in a thought-provoking conversation with Jon Murchison, CEO of BlackPoint Cyber, about the current state of cybersecurity policies and practices. They discuss the initiatives surrounding "secure by design" and "secure by default," emphasizing the challenges faced by managed IT service providers in implementing these ideals. Jon expresses skepticism about the immediate impact of these policies on the ground level, noting that while they are well-intentioned, they often fall short of practical application in real-world scenarios.The discussion shifts to the dynamics of responsibility and liability within the cybersecurity landscape. Jon highlights the disparity between software vendors and service providers regarding accountability when security breaches occur. He argues that while security providers should be held liable for secure code design and regular penetration testing, the complexities of cybersecurity make it difficult to assign blame definitively. This nuanced perspective underscores the need for a balanced approach to liability that encourages innovation without stifling progress.As the conversation progresses, Jon shares his insights on the Cybersecurity Maturity Model Certification (CMMC) and its potential as a broader standard. He acknowledges the foundational value of existing frameworks like NIST and ISO but critiques their lack of practical guidance for organizations. Jon advocates for a more prescriptive approach that focuses on actionable steps for hardening security measures, rather than vague compliance requirements that can lead to checkbox exercises.Finally, Jon emphasizes the critical importance of identity management in cybersecurity. He explains how threat actors have evolved their tactics, often exploiting legitimate credentials to navigate networks undetected. The episode concludes with Jon discussing the future of posture management and the need for improved security measures around automation, highlighting the ongoing challenges and opportunities in the ever-evolving cybersecurity landscape. Supported by: https://www.coreview.com/msp/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Application Security Weekly (Video)
Applying Usability and Transparency to Security - Hannah Sutor - ASW #311

Application Security Weekly (Video)

Play Episode Listen Later Dec 16, 2024 34:09


Practices around identity and managing credentials have improved greatly since the days of infosec mandating 90-day password rotations. But those improvements didn't arise from a narrow security view. Hannah Sutor talks about the importance of balancing security with usability, the importance of engaging with users when determining defaults, and setting an example for transparency in security disclosures. Segment resources https://youtu.be/ydg95R2QKwM 00:00 Welcome to Application Security Weekly! 01:49 Meet the Experts 03:28 What Are Non-Human Identities? 06:17 Balancing Security & Usability 08:24 MFA Challenges & Admin Security 12:09 Navigating Breaking Changes 16:05 Security by Design in Action 18:42 Identity Management for Startups 20:18 Secure by Design: Real Impact 24:03 Transparency After a Critical Vulnerability 31:39 Looking Ahead to 2025 32:45 Application Security in Three Words Show Notes: https://securityweekly.com/asw-311

ITSPmagazine | Technology. Cybersecurity. Society
The Imperative of Transitioning from Traditional Access Control to Modern Access Control | An Australian Cyber Conference 2024 in Melbourne Conversation with Ahmad Salehi Shahraki | On Location Coverage with Sean Martin and Marco Ciappelli

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Dec 4, 2024 27:07


Guest: Ahmad Salehi Shahraki, Lecturer (Assistant Professor) in Cybersecurity, La Trobe UniversityOn LinkedIn | https://www.linkedin.com/in/ahmad-salehi-shahraki-83494152/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesDuring this "On Location" podcast episode at AISA CyberCon 2024, host Sean Martin welcomed guest Ahmad Salehi Shahraki to discuss cutting-edge developments in access control, identity management, and cybersecurity infrastructure.Ahmad, a lecturer at La Trobe University specializing in authentication, authorization, applied cryptography, and blockchain, shared insights into transitioning from traditional access control models like Role-Based Access Control (RBAC) to more advanced Attribute-Based Access Control (ABAC). Ahmad emphasized that while RBAC has served as the backbone of organizational security for decades, its centralized nature and limitations in cross-domain applications necessitate the shift to ABAC. He also highlighted a critical aspect of his research: leveraging cryptographic primitives like attribute-based group signatures to enhance security and privacy while enabling decentralization without relying on blockchain.Sean and Ahmad explored the technical and operational implications of ABAC. Ahmad described how this model uses user attributes—such as location, role, and organizational details—to determine access permissions dynamically. This contrasts with RBAC's reliance on predefined roles, which can lead to rule exploitation and administrative inefficiencies.Ahmad also discussed practical applications, including secure digital health systems, enterprise environments, and even e-voting platforms. One innovative feature of his approach is "attribute anonymity," which ensures sensitive information remains private, even in peer-to-peer or decentralized setups. For example, he described how his system could validate an individual's age for accessing a service without revealing personal data—a critical step toward minimizing data exposure.The conversation expanded into challenges organizations face in adopting ABAC, particularly the cost and complexity of transitioning from entrenched RBAC systems. Ahmad stressed the importance of education and collaboration with governments and industry players to operationalize ABAC and other decentralized models.The episode closed with Ahmad reflecting on the robust feedback and collaboration opportunities he encountered at the conference, underscoring the growing interest in decentralized and privacy-preserving solutions within the cybersecurity industry. Ahmad's research has attracted attention globally, with plans to further develop and implement these models in Australia and beyond.Listeners are encouraged to follow Ahmad's work and connect via LinkedIn to stay informed about these transformative approaches to cybersecurity.____________________________This Episode's SponsorsThreatlocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australiaBe sure to share and subscribe!____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More

Redefining CyberSecurity
The Imperative of Transitioning from Traditional Access Control to Modern Access Control | An Australian Cyber Conference 2024 in Melbourne Conversation with Ahmad Salehi Shahraki | On Location Coverage with Sean Martin and Marco Ciappelli

Redefining CyberSecurity

Play Episode Listen Later Dec 4, 2024 27:07


Guest: Ahmad Salehi Shahraki, Lecturer (Assistant Professor) in Cybersecurity, La Trobe UniversityOn LinkedIn | https://www.linkedin.com/in/ahmad-salehi-shahraki-83494152/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesDuring this "On Location" podcast episode at AISA CyberCon 2024, host Sean Martin welcomed guest Ahmad Salehi Shahraki to discuss cutting-edge developments in access control, identity management, and cybersecurity infrastructure.Ahmad, a lecturer at La Trobe University specializing in authentication, authorization, applied cryptography, and blockchain, shared insights into transitioning from traditional access control models like Role-Based Access Control (RBAC) to more advanced Attribute-Based Access Control (ABAC). Ahmad emphasized that while RBAC has served as the backbone of organizational security for decades, its centralized nature and limitations in cross-domain applications necessitate the shift to ABAC. He also highlighted a critical aspect of his research: leveraging cryptographic primitives like attribute-based group signatures to enhance security and privacy while enabling decentralization without relying on blockchain.Sean and Ahmad explored the technical and operational implications of ABAC. Ahmad described how this model uses user attributes—such as location, role, and organizational details—to determine access permissions dynamically. This contrasts with RBAC's reliance on predefined roles, which can lead to rule exploitation and administrative inefficiencies.Ahmad also discussed practical applications, including secure digital health systems, enterprise environments, and even e-voting platforms. One innovative feature of his approach is "attribute anonymity," which ensures sensitive information remains private, even in peer-to-peer or decentralized setups. For example, he described how his system could validate an individual's age for accessing a service without revealing personal data—a critical step toward minimizing data exposure.The conversation expanded into challenges organizations face in adopting ABAC, particularly the cost and complexity of transitioning from entrenched RBAC systems. Ahmad stressed the importance of education and collaboration with governments and industry players to operationalize ABAC and other decentralized models.The episode closed with Ahmad reflecting on the robust feedback and collaboration opportunities he encountered at the conference, underscoring the growing interest in decentralized and privacy-preserving solutions within the cybersecurity industry. Ahmad's research has attracted attention globally, with plans to further develop and implement these models in Australia and beyond.Listeners are encouraged to follow Ahmad's work and connect via LinkedIn to stay informed about these transformative approaches to cybersecurity.____________________________This Episode's SponsorsThreatlocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australiaBe sure to share and subscribe!____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More

The Practical 365 Podcast
Identity Management Deep Dive with Microsoft's Merill Fernando - The Practical 365 Podcast S4E31

The Practical 365 Podcast

Play Episode Listen Later Nov 19, 2024 57:32


In this episode of the Practical 365 Podcast, Steve Goodman and Rich Dean are joined by Merill Fernando, Principal Product Manager at Microsoft, for a deep dive into identity management and community-driven innovation. As we approach Microsoft Ignite, Merill shares insights on upcoming announcements in security and identity management, including the new Global Secure Access solution. Plus we discuss various tech Meryl contributes to with the community, in particular Maester.dev, an open-source PowerShell based security framework.Want to stay up to date on all things Practical 365? Follow us on Twitter, Facebook, and Linkedin to stay up to date on all things Microsoft!

Healthcare IT Today Interviews
Leveraging Call Verification for Identity Management in Healthcare

Healthcare IT Today Interviews

Play Episode Listen Later Nov 13, 2024 7:13


One of the scariest things in healthcare right now is having your organization breached. While systems are sometimes breached through more traditional approaches to hacking, the most common breaches today generally occur when hackers steal someone's credentials. In fact, many hackers are using social engineering attacks on IT help desks to breach healthcare systems. This is why identity management in healthcare is so important. All those expensive IT security systems don't help you much when the hackers take control of your users legitimate credentials. This was the topic I explored recently with Tracey Nyholt, Founder & CEO at TechJutsu, at the Oktane conference by Okta in Las Vegas. In our discussion, Nyholt shares about her company TechJutsu and some of the challenges of identity management in healthcare and the solutions available for healthcare organizations. Learn more about Caller Verify: https://www.callerverify.com/ Health IT Community: https://www.healthcareittoday.com/

Unsupervised Learning
A Conversation with Jason Haddix from Flare

Unsupervised Learning

Play Episode Listen Later Nov 11, 2024 30:11 Transcription Available


Streamline Your Cybersecurity with Flare Here: https://try.flare.io/unsupervised-learning/ In this conversation, I speak with Jason Haddix, founder of Arcanum Security and CISO at Flare. We talk about: Flare's Unique Approach to Threat Intelligence:How Flare's capability to uncover compromised credentials and cookies from the dark web and private forums has been crucial in red team engagements. Challenges of Credential Theft and Advanced Malware Techniques:How adversaries utilize tools like the RedLine Stealer malware to gather credentials, cookies, and other sensitive information, and this stolen data enables attackers to bypass authentication protocols, emphasizing the need for comprehensive exposure management. Jason's Journey To Founding Arcanum & Arcanum's Security Training Programs:How Jason now advises on product development and threat intelligence as Flare's CISO and his journey to fund Arcanum, a company focused on red teaming and cybersecurity, and Arcanum's specialized training programs focusing on offensive security and using AI in security roles.  And more Introduction to the Podcast (00:00:00)Guest Excitement on Podcast (00:00:20)Jason's New Business and Flare Role (00:00:24)Career Shift from Ubisoft to Red Teaming (00:01:02)Evolution of Adversary Tactics (00:02:04)Flare's Credential Exposure Management (00:02:58)Synergy Between Arcanum and Flare(00:03:55)Dark Web Credential Compromise (00:04:45)Challenges with Two-Factor Authentication (00:06:25)Cookie Theft and Unauthorized Access (00:07:39)Redline Malware and Its Impact (00:08:12)Flare's Research Capabilities (00:09:50)Potential for Advanced Malware Detection (00:11:40)Expansion of Threat Intelligence Services (00:12:15)Vision for a Unified Security Dashboard (00:13:25)Integrating Threat Intelligence with Identity Management (00:14:00)Credential Update Notifications via API (00:15:54)Automated Credential Management Potential (00:17:28)AI Features in Security Platforms (00:17:32)Exploration of Automated Security Responses (00:18:38)Introduction to Arcanum Security (00:19:25)Overview of Arcanum Training Courses (00:20:25)Necessity for Up-to-Date Training (00:22:15)Guest Experts in Training Sessions (00:23:08)Upcoming Features for Flare (00:25:11)Integrating Vulnerability Management (00:28:08)Accessing Flare's Free Trial (00:28:25)Learning More About Arcanum (00:29:09)Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

Trust Issues
EP 65 - Machine Identities, AI and the Future of Security with the Identity Jedi

Trust Issues

Play Episode Listen Later Nov 8, 2024 41:55


In this episode of the Trust Issues podcast, host David Puner and David Lee, aka “The Identity Jedi,” delve into the evolving landscape of identity security. They discuss the critical challenges and advancements in securing both human and machine identities. Lee shares insights on the fear and misconceptions surrounding AI, drawing parallels to pop culture references like Marvel's Jarvis. They explore the potential of autonomous AI in monitoring and managing security tasks, emphasizing the need for real time data analysis and context understanding. The conversation highlights the importance of providing context on both human and machine sides to enhance security measures. They also touch on the role of investors in the identity security space and the need for better storytelling in the industry.

KuppingerCole Analysts
Rise of the Machines - Why Machine Identity Management Has Become Essential

KuppingerCole Analysts

Play Episode Listen Later Nov 7, 2024 7:20


The number of machine identities in IT is growing swiftly and has already surpassed human identities by as much as 100 times. This rise necessitates robust security protocols, such as secure authentication and controlled access, to address possible threats effectively. Read the original blog post here: https://www.kuppingercole.com/blog/reinwarth/rise-of-the-machines

ITSPmagazine | Technology. Cybersecurity. Society
Mastering Multi-Cloud Management | 7 Minutes on ITSPmagazine from Black Hat SecTor 2024 | An OpenText Short Brand Innovation Story with Michael Mychalczuk

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Oct 22, 2024 7:08


In this 7 Minutes on ITSPmagazine Short Brand Story recorded during Black Hat SecTor 2024, host Sean Martin sits down with Michael Mychalczuk, Director of Product Management for ArcSight at OpenText, to dissect the complexities of multi-cloud environments. Hosted during Black Hat SecTor 2024 in Toronto, they share invaluable insights into why businesses are increasingly finding themselves managing multiple cloud services.Mychalczuk explains that while many organizations initially hoped to stick with a single cloud provider, factors such as mergers, acquisitions, and specific technological pushes from giants like Microsoft and Google have made multi-cloud unavoidable. This proliferation presents unique challenges, particularly in maintaining security across varied platforms. He highlights the critical need for collaboration between security operations and IT operations teams. “No one person can know all of this,” Mychalczuk notes, emphasizing the importance of teamwork and specialization. He advises focusing on essential areas like identity management and automation to minimize human error and ensure consistent and secure deployments.Sean Martin and Michael Mychalczuk also discuss the importance of leveraging technologies such as Kubernetes and container security to manage and secure multi-cloud environments effectively. Mychalczuk stresses the value of robust monitoring tools like ArcSight to detect and respond to threats across these diverse systems, ultimately enabling businesses to succeed securely in today's fast-paced world. In closing, the emphasis on understanding one's maturity as a security operations team and aligning efforts accordingly stands out as a key takeaway.Note: This story contains promotional content. Learn more.Guest: Michael Mychalczuk, Director of Product Management at OpenText [@opentext]On LinkedIn | https://www.linkedin.com/in/michaelmychalczuk/ResourcesLearn more and catch more stories from OpenText: https://www.itspmagazine.com/directory/opentextLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Redefining CyberSecurity
Mastering Multi-Cloud Management | 7 Minutes on ITSPmagazine from Black Hat SecTor 2024 | An OpenText Short Brand Innovation Story with Michael Mychalczuk

Redefining CyberSecurity

Play Episode Listen Later Oct 22, 2024 7:08


In this 7 Minutes on ITSPmagazine Short Brand Story recorded during Black Hat SecTor 2024, host Sean Martin sits down with Michael Mychalczuk, Director of Product Management for ArcSight at OpenText, to dissect the complexities of multi-cloud environments. Hosted during Black Hat SecTor 2024 in Toronto, they share invaluable insights into why businesses are increasingly finding themselves managing multiple cloud services.Mychalczuk explains that while many organizations initially hoped to stick with a single cloud provider, factors such as mergers, acquisitions, and specific technological pushes from giants like Microsoft and Google have made multi-cloud unavoidable. This proliferation presents unique challenges, particularly in maintaining security across varied platforms. He highlights the critical need for collaboration between security operations and IT operations teams. “No one person can know all of this,” Mychalczuk notes, emphasizing the importance of teamwork and specialization. He advises focusing on essential areas like identity management and automation to minimize human error and ensure consistent and secure deployments.Sean Martin and Michael Mychalczuk also discuss the importance of leveraging technologies such as Kubernetes and container security to manage and secure multi-cloud environments effectively. Mychalczuk stresses the value of robust monitoring tools like ArcSight to detect and respond to threats across these diverse systems, ultimately enabling businesses to succeed securely in today's fast-paced world. In closing, the emphasis on understanding one's maturity as a security operations team and aligning efforts accordingly stands out as a key takeaway.Note: This story contains promotional content. Learn more.Guest: Michael Mychalczuk, Director of Product Management at OpenText [@opentext]On LinkedIn | https://www.linkedin.com/in/michaelmychalczuk/ResourcesLearn more and catch more stories from OpenText: https://www.itspmagazine.com/directory/opentextLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

KuppingerCole Analysts
Analyst Chat #234: Identity Management in a World of Automated Systems - Machine Identities

KuppingerCole Analysts

Play Episode Listen Later Oct 21, 2024 21:12


In this conversation, Matthias and Martin explore the concept of machine identities, discussing their significance in modern IT infrastructures. They discuss the challenges of managing these identities, the importance of lifecycle management, and the impact of regulations on cybersecurity. The conversation emphasizes the need for organizations to understand and properly manage machine identities to ensure security and compliance in an increasingly complex digital landscape.

Identity At The Center
#311 - Navigating Identity Management and Cyber Insurance with Brandon Pinzon

Identity At The Center

Play Episode Listen Later Oct 14, 2024 58:43


In this episode of the Identity at the Center podcast, Jim McDonald speaks with Brandon Pinzon, an Insurance Industry Cybersecurity Executive, about the evolving landscape of identity management. They discuss Brandon's journey into digital identity, the role of identity management within organizations, and the unique challenges faced by the insurance industry. The conversation also delves into the intersection of compliance and security, highlighting the importance of understanding risk in the identity space. In this conversation, Brandon discusses the critical relationship between risk management and compliance in cybersecurity, emphasizing the importance of understanding and quantifying risk. He explores the evolving landscape of cyber insurance, highlighting the need for identity practitioners to be proactive in managing risks and building relationships with financial stakeholders. The discussion also touches on the necessity of cyber insurance for various organizations and concludes with insights into the vibrant cybersecurity community in San Antonio. 00:00 Podcast Introduction and Host Update 01:23 Upcoming Conferences and Discount Codes 02:29 Guest Introduction: Brandon Pinzon 03:02 Brandon's Identity Origin Story 05:25 Debate: Where Does Identity Management Belong? 13:45 Pros and Cons of CISO Responsibility for Identity 21:16 Identity in the Insurance Industry 29:52 Addressing Legacy Systems in Financial Institutions 31:38 Compliance vs. Security in Financial Services 35:33 Understanding and Quantifying Risk 38:33 The Role of Cyber Insurance 54:28 San Antonio: A Hub for Cybersecurity Connect with Brandon: https://www.linkedin.com/in/bpinzon/ Gartner IAM Summit - Save $375 on registration using our exclusive code IDAC375: https://www.gartner.com/en/conferences/na/identity-access-management-us Semperis' Hybrid Identity Protection Conference (HIP Conf) - Use code IDACpod for 20% off: https://www.hipconf.com/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com and watch at https://www.youtube.com/@idacpodcast Keywords identity management, cybersecurity, insurance industry, compliance, digital identity, CISO, identity governance, user experience, risk management, financial services, risk management, compliance, cyber insurance, identity management, cybersecurity, threat modeling, risk assessment, business continuity, data protection, security strategy

Autonomous IT
CISO IT – Great Security Begins with Great IT, E11

Autonomous IT

Play Episode Listen Later Oct 10, 2024 13:44


In this episode, Jason Kikta discusses the critical relationship between IT and security, emphasizing that great security begins with a solid IT foundation. He explores the importance of establishing a baseline for normalcy, the role of user safety in preventing security breaches, and the need to understand insider threats. Jason concludes with discussing the 'big three' of cybersecurity, which are: Network Inventory: Knowing what's on your network is crucial. This involves having a comprehensive inventory of all devices and systems connected to the network.Configuration and Patching: Keeping systems configured correctly and up-to-date with patches is essential to prevent vulnerabilities that could be exploited by malicious actors.Identity and Authentication Protection: Ensuring robust identity and authentication measures are in place to protect against unauthorized access and maintain the integrity of user accounts.

The Tech Blog Writer Podcast
3049: Strengthening Cyber Defenses: Delinea's New Chapter in Identity Management

The Tech Blog Writer Podcast

Play Episode Listen Later Oct 8, 2024 32:11


How do businesses protect themselves in an increasingly digital world where cyber threats evolve as quickly as the technologies designed to combat them? In this episode of Tech Talks Daily, we welcome Art Gilliland, CEO of Delinea, a leader in Privileged Access Management (PAM). Art joins us to discuss Delinea's strategic moves in the fast-paced cybersecurity landscape, including their recent acquisitions of Fastpath and Authomize, and the broader trend of market consolidation amid economic pressures. Under Art's leadership, Delinea has enhanced its capabilities in cloud and SaaS identity management, reflecting a commitment to addressing sophisticated cyber threats and improving organizational cyber defenses. Art will share insights on the necessity of identity security as the cornerstone of cyber defense strategies, especially critical as businesses increasingly adopt cloud technologies and face AI-powered threats. This conversation will also delve into the human aspect of M&A in the tech sector—how Delinea manages to integrate new acquisitions successfully within a matter of months and the role of executive leadership in these processes. Art's perspective on the ongoing consolidation in the cybersecurity industry highlights the push towards creating more comprehensive, efficient security platforms that reduce both complexity and costs for organizations. Art outlines the future of identity security, focusing on enhancing authorization capabilities and leveraging AI to automate threat response and decision-making. This discussion is not only about the technology but also about the strategic and human considerations that ensure these tools effectively secure and support the enterprises they are designed to protect. What challenges and opportunities do you see in the integration of new technologies and companies in the cybersecurity sector? Join the conversation and share your thoughts on how businesses can navigate these complex but essential advancements.

Cloud Security Podcast
Cloud Identity Lifecycle Management Explained!

Cloud Security Podcast

Play Episode Listen Later Oct 8, 2024 33:03


In this episode Ashish Rajan sits down with Shashwat Sehgal, co-founder and CEO of P0 Security, to talk about the complexities of cloud identity lifecycle management. Shashwat spoke to us about why traditional identity solutions like SAML are no longer sufficient in today's cloud environments. He discusses the need for organisations to adopt a more holistic approach to secure access across cloud infrastructures, addressing everything from managing IAM roles to gaining complete visibility and inventory of all cloud identities. This episode goes into the growing challenges around managing human and non-human identities, and the importance of shifting from legacy solutions to cloud-native governance. Guest Socials:⁠⁠ ⁠⁠⁠⁠⁠⁠⁠Shashwat's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp Questions asked: (00:00) Introduction (01:47) A bit about Shashwat (02:20) What is Identity Lifecycle Management? (04:55) What is IGA and PAM? (10:10) Complexity of Identity Management (13:12) What are non human identities? (15:56) Maturity Levels for Cloud Identity Lifecycle Management (19:03) The role of SAML in Identity Management (20:07) Identity Management of Third parties and SaaS Providers (21:28) Who's responsible for identity management in Cloud? (23:28) Changing landscape of identity management (27:46) Native Solutions for identity management (30:03) Fun Questions

Category Visionaries
Itzik Alvas, CEO & Co-Founder of Entro Security: $24 Million Raised to Build the Future of Non-Human Identity Management

Category Visionaries

Play Episode Listen Later Sep 17, 2024 13:37


Welcome to another episode of Category Visionaries — the show that explores GTM stories from tech's most innovative B2B founders. In today's episode, we're speaking with Itzik Alvas, CEO & Co-Founder of Entro Security, a non-human identity management platform that has raised $24 Million in funding. Here are the most interesting points from our conversation: Military Experience Taught Perseverance: Itzik credits his time in the Israeli Defense Force, specifically in the cyber intelligence unit, for shaping his approach to perseverance. This has been crucial in overcoming challenges as an entrepreneur. Non-Human Identity Management Innovation: After multiple cybersecurity breaches in his previous roles, Itzik identified a massive gap in managing non-human identities and secrets. This personal experience directly led to the creation of Entro Security. Early Days Post-Seed Raise: The first few months after securing seed funding were highly operational—setting up offices, building the team, and finding early design partners to provide feedback on their solution. Creating a New Market Category: Entro Security is pioneering the non-human identity management space, addressing the growing issue of programmatic credentials that are often mishandled by DevOps teams, posing significant security risks. Unique, Memorable Branding: Unlike traditional cybersecurity companies, Entro's branding is youthful, fun, and memorable, a conscious choice to stand out in an industry that often feels sterile and overly serious. Go-To-Market Approach: Entro's sales efforts are focused on direct sales and channel partnerships, with a primary focus on the US market. Itzik emphasizes the importance of aligning go-to-market strategies with event participation based on specific goals like lead generation or brand awareness.   //   Sponsors: Front Lines — We help B2B tech companies launch, manage, and grow podcasts that drive demand, awareness, and thought leadership. www.FrontLines.io The Global Talent Co. — We help tech startups find, vet, hire, pay, and retain amazing marketing talent that costs 50-70% less than the US & Europe.  www.GlobalTalent.co

Federal Tech Podcast: Listen and learn how successful companies get federal contracts

Growth always brings challenges. In today's episode, we talk about how the DoD can manage the challenge of development in several aspects of identity management. Like most federal agencies, the DoD has made a move to the hybrid cloud; this alone adds to the complexity of the identification process. However, in addition to the 1.3 million active-duty service members, they must contend with reserves, DoD civilians, veterans, and many more. Oh, did we mention mobile? The official designation of the process of validating identity is called Identity Credentialing and Access Management, or ICAM. During this interview, experts from Akamai suggest: >> Consider applying AI/ML to help analyze identity data. >>> Fast Identity Online (FIDO) FIDO standards exist, and one can consider applying FIDO to simplify identity. Akamai has worked with both Defense and Civilian agencies to enable technologies like CAC/PIV and YUBIkey. Further, their well-known enterprise access management gives them the ability to protect web applications as well as mobile devices. Many organizations are tasked with managing millions of individuals. Very few are associated with capabilities that can have as serious consequences as the DoD.

Apple @ Work
The present state (pun intended) of identity management at work

Apple @ Work

Play Episode Listen Later Aug 27, 2024 17:17


Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple. In this episode of Apple @ Work, we continue our 3-part series on identity management with Apple in the enterprise, featuring Tom Bridge, JumpCloud's Director of Product Management. Connect with Bradley Twitter LinkedIn Listen and subscribe Apple Podcasts Overcast Spotify Pocket Casts Castro RSS Listen to Past Episodes

Feds At The Edge by FedInsider
Ep. 162 Zero Trust: Protecting both Data and Identity

Feds At The Edge by FedInsider

Play Episode Listen Later Aug 15, 2024 59:41


draft When the federal government makes a strategic decision to implement Zero Trust principles, they must consider both user identity and the data users are trying to access.  Today, we have leaders in the federal and commercial sectors look at both data and identity and emphasize the need for centralized coordination, automated labeling, and real-time access control through Identity Management. Brian Rosensteel from Ping Identity argues that some kind of “federated” identity management system is the most effective for federal identification. Each agency really cannot be responsible for responding in a timely manner given the details that Zero Trust demands. Access controls have been around since the start of networks. During the discussion, participants gave opinions on the value of both access based and role-based access controls. They also suggested that “context” based access controls may provide additional abilities for systems administrators to improve real-time access controls.

The Cybersecurity Defenders Podcast
#147 - Cybersecurity product development with Vijay Pitchuman, Director of Product for Identity Management at Okta

The Cybersecurity Defenders Podcast

Play Episode Listen Later Aug 7, 2024 28:27


On this episode of The Cybersecurity Defenders Podcast we talk about cybersecurity product development with Vijay Pitchuman, Director of Product for Identity Management at Okta.

The Jeff Bullas Show
The Unexpected Ways AI is Dominating Retail Media

The Jeff Bullas Show

Play Episode Listen Later Aug 1, 2024 54:34


David Pollet is the CEO of Incremental and a repeat entrepreneur with over 20 years of startup experience. He has extensive history across startup environments and the lessons he has learned come from what he calls "a mix of big wins and big fails." David is a “Go to Market Growth Leader” with experience scaling Saas startups and public company divisions ranging from $5M-$100M+ in ARR. 25-years of experience in Sales, Marketing and Strategy leadership roles. He is a team-builder with experience translating long-term strategic growth initiatives into operating plans that can be executed, measured, and improved continuously. He has a proven track record of accelerating growth during times of transition. Deep knowledge and experience transitioning transactional businesses such as media arbitrage and data sales into Saas businesses with complex, multi-year committed engagements. He is well-versed in Identity Management, Measurement & Attribution, Machine Learning, Data Sales, and all Media types (incl. Linear TV, CTV, Digital and Social Video). Known for partnering closely with product, engineering and finance, he easily identifies opportunities for innovation and profitable growth. What you will learn Learn how to leverage data for maximizing e-commerce revenue. Understand the role of AI in automating the collection and interpretation of e-commerce sales data. Discover the process of using machine learning to predict daily sales and align disparate data sources. Understand the impact of retail media networks on advertising performance. Discover the journey from traditional online advertising to advanced machine learning techniques.

ITSPmagazine | Technology. Cybersecurity. Society
Breaking the Password Barrier: An Expert Guide to Multi-Factor Authentication and the Rise of Passwordless Security | A Conversation with Theodore Heiman | Redefining CyberSecurity with Sean Martin

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Jul 27, 2024 37:33


Guest: Theodore Heiman, CEO, CISO GuruOn LinkedIn | https://www.linkedin.com/in/tedheimanOn Twitter | https://x.com/tedrheiman____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin engages with Ted Heiman, CEO of the cybersecurity practice CISO Guru, in an insightful conversation about the complexities and evolving landscape of password management and multi-factor authentication (MFA). Sean Martin introduces the session by highlighting the challenges practitioners and leaders face in building security programs that enable organizations to achieve their objectives securely.The discussion quickly steers towards the main topic - the evolution of passwords, the role of password managers, and the critical implementation of MFA. Ted Heiman shares his extensive experience from over 25 years in the cybersecurity industry, observing that passwords are a relic from a time when networks were isolated and less complex. As organizations have grown and interconnected, the weaknesses of static passwords have become more apparent. Heiman notes a striking statistic: 75 to 80 percent of breaches occur due to compromised static passwords.The conversation examines the history of passwords, starting as simple, memorable phrases and evolving into complex strings with mandatory special characters, numbers, and capitalization. This complexity, while intended to increase security, often leads users to write down passwords or repeat them across multiple platforms, introducing significant security risks. Solutions like password managers arose to mitigate these issues, but as Heiman highlights, they tend to centralize risk, making a single point of failure an attractive target for attackers.The discussion shifts to MFA, which Heiman regards as a substantial improvement over static passwords. He illustrates the concept by comparing it to ATM use, which combines something you have (a bank card) and something you know (a PIN). Applying this to cybersecurity, MFA typically involves an additional step, such as an SMS code or biometric verification, significantly reducing the possibility of unauthorized access.Looking forward, both Heiman and Martin consider the promise of passwordless systems and continuous authentication. These technologies utilize a combination of biometrics and behavioral analysis to constantly verify user identity without the need for repetitive password entries. This approach aligns with the principles of zero-trust architecture, which assumes that no entity, inside or outside the organization, can be inherently trusted. Heiman stresses that transitioning to these advanced authentication methods should be a priority for organizations seeking to enhance their security posture. However, he acknowledges the challenges, especially concerning legacy systems and human behaviors, emphasizing the importance of a phased and managed risk approach.For listeners involved in cybersecurity, Heiman's insights provide valuable guidance on navigating the intricate dynamics of password management and embracing more secure, advanced authentication mechanisms.___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Identity At The Center
#294 - Navigating Privileged Access Management with Michiel Stoop

Identity At The Center

Play Episode Listen Later Jul 15, 2024 44:35


In this episode of the 'Identity at the Center' podcast, Jeff and Jim discuss the complexities of managing Privileged Access Management (PAM) and the challenges of balancing various responsibilities like real jobs, podcasting, and attending conferences. They highlight upcoming conferences like Identity Week America and the Authenticate conference, offering discount codes for listeners. The main guest, Michiel Stoop, Director of Identity Management at Philips, shares insights on the importance of PAM, the process of selling PAM initiatives to management, and the integration of technology in identity and access management. The episode also covers methodologies for selecting the right PAM products and strategies for minimizing attack surfaces. To end on a lighter note, the hosts discuss must-try activities and foods in the Netherlands. 00:00 Introduction and Hosts' Banter 01:26 Balancing Work and Podcasting 03:04 Upcoming Conferences and Discount Codes 05:30 Introducing the Guest: Mihiel Stoep 08:04 Philips' Focus on Health Technology 10:12 Understanding Privileged Access Management 23:18 Discussing Privileged Access Management 24:10 Stakeholder Management in IAM 25:00 Operational Models for PAM 28:08 Adapting PAM Strategies for Cloud 32:25 Selecting the Right PAM Technology 36:15 Future of Privileged Access Management 39:38 Exploring the Netherlands 42:57 Wrapping Up and Contact Information Connect with Michiel: https://www.linkedin.com/in/macstoop/ Attending Identity Week in Europe, America, or Asia? Use our discount code IDAC30 for 30% off your registration fee! Learn more at: America: https://www.terrapinn.com/exhibition/identity-week-america Asia: https://www.terrapinn.com/exhibition/identity-week-asia/ Authenticate Conference - Use code IDAC15 for 15% off: https://authenticatecon.com/event/authenticate-2024-conference/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and follow @IDACPodcast on Twitter.

Paul's Security Weekly
Joiners, Movers, Leavers, and Failures: Why is Identity Management Still Struggling? - Henrique Teixeira - ESW #367

Paul's Security Weekly

Play Episode Listen Later Jul 12, 2024 91:28


I'm always thrilled to chat with ex-analysts, and Henrique Teixeira can cover a lot of ground with us on the topic of identity management and governance. The more I talk to folks about IAM/IGA, the more I'm shocked at how little has changed. If anything, it seems like we've gone backwards a bit, with the addition of cloud SaaS, mobile devices, and shadow IT. Identity is one of the most common entry points for attacks, so we've got to do better as an industry here. We'll cover a variety of topics in this interview, including: Why Henrique chose to go to Saviynt from Gartner Vendor risk concentration in identity Resilience in identity, especially when depending on a SaaS IdP Identity attack evolution (and the creation of the ITDR category) What's working in identity to move things forward, and what is holding us back This segment is sponsored by Saviynt. Visit https://securityweekly.com/saviynt to learn more about them! In this week's enterprise security news, Seed rounds are getting huge Lots of funding for niche security vendors Rapid7 acquires Noetic Cyber but Rapid7 is also rumored to sell itself! Slack battles infostealers The loss of Chevron deference impacts cyber Should cybersecurity put up a no vacancy sign? Figma and Google both make some embarrassing mistakes The RockYou2024 file does NOT contain 10 billion passwords I introduce a new news category: AI indegestion All that and more, on this episode of Enterprise Security Weekly! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-367

Enterprise Security Weekly (Audio)
Joiners, Movers, Leavers, and Failures: Why is Identity Management Still Struggling? - Henrique Teixeira - ESW #367

Enterprise Security Weekly (Audio)

Play Episode Listen Later Jul 12, 2024 91:28


I'm always thrilled to chat with ex-analysts, and Henrique Teixeira can cover a lot of ground with us on the topic of identity management and governance. The more I talk to folks about IAM/IGA, the more I'm shocked at how little has changed. If anything, it seems like we've gone backwards a bit, with the addition of cloud SaaS, mobile devices, and shadow IT. Identity is one of the most common entry points for attacks, so we've got to do better as an industry here. We'll cover a variety of topics in this interview, including: Why Henrique chose to go to Saviynt from Gartner Vendor risk concentration in identity Resilience in identity, especially when depending on a SaaS IdP Identity attack evolution (and the creation of the ITDR category) What's working in identity to move things forward, and what is holding us back This segment is sponsored by Saviynt. Visit https://securityweekly.com/saviynt to learn more about them! In this week's enterprise security news, Seed rounds are getting huge Lots of funding for niche security vendors Rapid7 acquires Noetic Cyber but Rapid7 is also rumored to sell itself! Slack battles infostealers The loss of Chevron deference impacts cyber Should cybersecurity put up a no vacancy sign? Figma and Google both make some embarrassing mistakes The RockYou2024 file does NOT contain 10 billion passwords I introduce a new news category: AI indegestion All that and more, on this episode of Enterprise Security Weekly! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-367

Paul's Security Weekly TV
Joiners, Movers, Leavers, and Failures: Why is Identity Management Still Struggling? - Henrique Teixeira - ESW #367

Paul's Security Weekly TV

Play Episode Listen Later Jul 12, 2024 33:10


I'm always thrilled to chat with ex-analysts, and Henrique Teixeira can cover a lot of ground with us on the topic of identity management and governance. The more I talk to folks about IAM/IGA, the more I'm shocked at how little has changed. If anything, it seems like we've gone backwards a bit, with the addition of cloud SaaS, mobile devices, and shadow IT. Identity is one of the most common entry points for attacks, so we've got to do better as an industry here. We'll cover a variety of topics in this interview, including: Why Henrique chose to go to Saviynt from Gartner Vendor risk concentration in identity Resilience in identity, especially when depending on a SaaS IdP Identity attack evolution (and the creation of the ITDR category) What's working in identity to move things forward, and what is holding us back This segment is sponsored by Saviynt. Visit https://securityweekly.com/saviynt to learn more about them! Show Notes: https://securityweekly.com/esw-367

Identity At The Center
#291 - Identity Bubbles with Justin Richer

Identity At The Center

Play Episode Listen Later Jun 24, 2024 56:38


In this lively episode of the Identity at the Center podcast, hosts Jim McDonald and Jeff Steadman kick things off with a humorous mishap involving Jim's tech setup before diving into the latest happenings. They discuss the sweltering summer heat, Jim's recent "Greatest Dad of All Time" award, and their upcoming plans for Identity Week in Washington, DC. The highlight of the episode is a deep dive into the concept of "Federation Bubbles" with special guest Justin Richer, Security and Standards Architect and Founder of Bespoke Engineering. Justin explains the idea behind federation bubbles, a dynamic system designed to handle identity management in disconnected or disadvantaged environments. They explore real-world applications, such as military operations and disaster recovery scenarios, where traditional identity systems fall short. Justin also shares updates on his recent work, including the GNAP protocol and HTTP Message Signatures, and his involvement with the IETF's new working group, WIMSE (Workload Identity in Multi-System Environments). The conversation touches on the challenges and potential of these emerging identity standards, as well as the importance of context and trust in identity management. The episode wraps up on a lighter note with a discussion about Justin's board game project, "Natturuval" and the latest edition of "Cards Against Identity." Connect with Justin: https://www.linkedin.com/in/justinricher/ Learn more about Bespoke Engineering: https://bspk.io/ Workload Identity in Multi System Environments (WIMSE): https://datatracker.ietf.org/wg/wimse/about/ SPIFFE: https://spiffe.io Natturuval: https://gamefound.com/en/projects/bespoke-games/natturuval Cards Against Identity: https://bspk.io/games/cards/ Attending Identity Week in Europe, America, or Asia? Use our discount code IDAC30 for 30% off your registration fee! Learn more at: Europe: https://www.terrapinn.com/exhibition/identity-week/ America: https://www.terrapinn.com/exhibition/identity-week-america Asia: https://www.terrapinn.com/exhibition/identity-week-asia/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and follow @IDACPodcast on Twitter.

Identity At The Center
#290 - Digital Trust with Joni Brennan of DIACC

Identity At The Center

Play Episode Listen Later Jun 17, 2024 60:32


In this engaging episode of the Identity at the Center podcast, hosts Jim McDonald and Jeff Steadman sit down with special guest Joni Brennan, President at the Digital ID and Authentication Council of Canada (DIACC). They dive deep into the intricacies of digital wallets, the evolving landscape of digital identity, and the importance of choice and trust in identity solutions. Joni shares her insights from the European Identity & Cloud Conference (EIC) and discusses the significance of the Pan-Canadian Trust Framework in de-risking digital identity adoption. The conversation covers a wide range of topics, including the challenges of standardizing digital wallets, the role of certification in building trust, and the importance of user choice in identity solutions. Joni also provides a fascinating look into her career journey and the evolution of identity standards from the days of the Liberty Alliance to the present. The episode wraps up with a fun discussion on underrated music acts, highlighting the hosts' and guest's diverse musical tastes. Connect with Joni: https://www.linkedin.com/in/jonibrennan Learn more about the Digital Identification and Authentication Council of Canada (DIACC): https://diacc.ca/ Pan-Canadian Trust Framework: https://diacc.ca/trust-framework/ Digital Identity Perspectives Research: https://diacc.ca/2023/04/20/canadians-continue-to-demand-transparency-and-control-over-personal-data/ Our Public Trust Forum Report: https://diacc.ca/2023/10/31/securing-canadas-digital-prosperity-building-trust-in-verification-and-credentials-is-a-shared-imperative/ DIACC's Trust Talks & Digital Dives podcast: https://diacc.ca/podcasts/ Attending Identity Week in America, or Asia? Use our discount code IDAC30 for 30% off your registration fee! Learn more at: America: https://www.terrapinn.com/exhibition/identity-week-america Asia: https://www.terrapinn.com/exhibition/identity-week-asia/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and follow @IDACPodcast on Twitter.

The Twenty Minute VC: Venture Capital | Startup Funding | The Pitch
20Product: Loom CPO Janie Lee on Three Core Skills that Make the Best PMs, How to Find, Pick and Train the Best PM Talent and Lessons from OpenDoor and Rippling on Product Breadth, Pricing and Talent Density

The Twenty Minute VC: Venture Capital | Startup Funding | The Pitch

Play Episode Listen Later Jun 14, 2024 62:38


Janie Lee is the Head of Product and the owner of the Self-Serve business at Loom. Janie previously worked at Rippling, leading the Identity Management and Hardware teams. Prior to that, she worked at Opendoor launching markets and developing pricing algorithms. During this time, Opendoor scaled from 2 to 20+ markets, $5B+ revenue, and 1500+ employees. In Today's Episode with Janie Lee We Discuss: 1. Inside the Product Building Machine of Rippling and Opendoor: What are Janie's single biggest product lessons from Rippling? How do they build so much product so fast? Can you have breadth and high quality? What are Janie's biggest lessons from Opendoor on talent and pricing? What does Janie know now that she wishes she had known when she started her product career? 2. What Makes a Truly Great PM: What core skills do the best PMs have? What is the difference between good vs great? Writing: What are Janie's biggest pieces of advice to PMs who want to write better? Communicate: How do the best PMs and product leaders communicate with their teams? Question Asking: How do the best PMs ask questions of their team and other orgs? 3. How to Find and Pick the Best PMs: How does Janie structure the interview process when hiring new PMs? What questions should one ask in every interview with a PM? Does Janie do a case study? What is she looking to achieve from it? How do the best do? What are Janie's biggest mistakes in hiring PMs? How did she change from it? 4. Onboarding PMs and Crushing Product Reviews: What do the first 30 days look like for new PMs? What are the biggest signs that a new PM is not going to work out? How does the product review process work at Loom? How does Janie prioritise when there is so much volume and data? How has AI changed the way Loom builds products today?  

Identity At The Center
#289 - DevOps Insights at Texas A&M University with Adam Mikeal

Identity At The Center

Play Episode Listen Later Jun 10, 2024 64:48


In this episode of the Identity at the Center podcast, hosts Jeff and Jim return from Identiverse 2024 and share their experiences from the conference held in Las Vegas. They discuss notable moments, including unique conference swag and memorable interactions. Special guest Adam Michael, CISO and adjunct professor at Texas A&M University, joins the conversation to discuss the evolution of identity management to identity security at the university. Adam delves into the complexities of managing identity in a higher education environment and shares insights on implementing DevOps practices. The episode covers topics like AI's impact on teaching, infrastructure as code, ROI of identity security projects, and the challenges and benefits of centralizing IT services. Connect with Adam: https://www.linkedin.com/in/amikeal/ The Phoenix Project (book): https://www.amazon.com/Phoenix-Project-DevOps-Helping-Business/dp/0988262592 Attending Identity Week in Europe, America, or Asia? Use our discount code IDAC30 for 30% off your registration fee! Learn more at: Europe: https://www.terrapinn.com/exhibition/identity-week/ America: https://www.terrapinn.com/exhibition/identity-week-america Asia: https://www.terrapinn.com/exhibition/identity-week-asia/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and follow @IDACPodcast on Twitter.

Identity At The Center
#288 - Identiverse 2024: Ian Glazer & Alex Bovee & Lance Peterman

Identity At The Center

Play Episode Listen Later Jun 7, 2024 49:31


In this engaging episode, hosts Jim McDonald and Jeff Steadman wrap up their Identiverse 2024 experience with a thought-provoking panel discussion. Joined by Alex Bovee, CEO and Co-Founder of ConductorOne; Ian Glazer, Founder and President of Weave Identity; and Lance Peterman, Identity Lead at Dick's Sporting Goods and Professor at UNC Charlotte, the conversation dives deep into the future of identity management. The panel explores the concept of Zero Standing Privileges (ZSP) as the evolution of least privilege, discussing its feasibility, operational challenges, and the maturity curve required for organizations to adopt such a model. Ian shares his perspective on the future of identity governance, while Alex and Lance provide insights into practical implementations and the role of automation in achieving ZSP. The discussion also touches on the importance of context, policy, and the need for better data orchestration to make identity management more effective. Tune in for an insightful conversation on the next frontier of identity management and the steps needed to get there. Connect with Alex Bovee - https://www.linkedin.com/in/alexbovee/ Learn about ConductorOne - https://www.conductorone.com/?utm_source=identityatthecenter&utm_medium=podcast&utm_campaign=c1-brand⁠ Connect with Ian: https://www.linkedin.com/in/iglazer/ Learn about Weave Identity - https://weaveidentity.com/ Connect with Lance - https://www.linkedin.com/in/lancepeterman/ Attending Identity Week in Europe, America, or Asia? Use our discount code IDAC30 for 30% off your registration fee! Learn more at: Europe: https://www.terrapinn.com/exhibition/identity-week/ America: https://www.terrapinn.com/exhibition/identity-week-america Asia: https://www.terrapinn.com/exhibition/identity-week-asia/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com and watch at https://www.youtube.com/@idacpodcast