Podcasts about identity security

Modern digital supply chains are increasingly complex and vulnerable. In this episode of Security Matters, host David Puner is joined by Retsef Levi, professor of operations management at the MIT Sloan School of Management, to explore how organizations can “sense the signals” of hidden risks lurking within their software supply chains, from open source dependencies to third-party integrations and AI-driven automation.Professor Levi, a leading expert in cyber resilience and complex systems, explains why traditional prevention isn't enough and how attackers exploit unseen pathways to infiltrate even the most secure enterprises. The conversation covers the critical need for transparency, continuous monitoring, and rapid detection and recovery in an era where software is built from countless unknown components.Key topics include:How to sense early warning signs of supply chain attacksThe role of AI and automation in both risk and defenseBest practices for mapping and securing your digital ecosystemWhy resilience—not just prevention—must be at the core of your security strategyWhether you're a CISO, IT leader or security practitioner, this episode will help you rethink your approach to digital supply chain risk and prepare your organization for what's next.Subscribe to Security Matters for expert insights on identity security, cyber resilience and the evolving threat landscape.

Ghost tapping is shaking up the payment security landscape, turning stolen card data into quick profit through NFC relay fraud. This emerging threat exploits digital vulnerabilities, making unauthorized taps at retail points seamless and undetected. Businesses and regulators must urgently rethink their defenses against this global attack vector that crosses digital and physical boundaries. Read the original blog post here: https://www.kuppingercole.com/blog/ashford/ghost-tapping-a-new-front-in-identity-security-risk

In cybersecurity, identity has become the primary attack vector. We explore identity in CXOTalk 892, with the CEO of RSA Security, Rohit Ghai, who explains how stolen credentials, social engineering, and AI-enabled impersonation break defenses. And what boards, CISOs, and executives must do now.What you'll learn:-- Why credential theft remains the #1 initial access vector and what “phishing resistant” MFA actually requires-- How attackers bypass MFA via help desk social engineering and voice impersonation, and how to stop it-- Managing identity across the joiner–mover–leaver lifecycle to close high-risk gaps-- The “assume breach” mindset: zero trust, least privilege, and blast radius reduction-- The CISO's evolving mandate: business vs. technology, board communication, and risk quantification-- AI in cyber: sword, shield, and attack surface, and the changing economics of attack vs. defense-- Ransomware beyond backups: data theft, response playbooks, and legal/PR readinessWho should watch:Board members, CEOs, CISOs, CIOs, and security leaders who seek clear actions to improve resilience without slowing the business.

CyberArk's technology leader discusses their strategy for securing against AI threats, protecting agentic AI systems, and their vision for the future in an increasingly AI-driven cybersecurity landscape.Topics Include:CyberArk celebrates recent exciting news while discussing their incredible cybersecurity journeyFounded in 1999, CyberArk pioneered privilege access management and expanded into comprehensive identity securityCompany executed textbook SaaS transformation from perpetual licensing to subscription-based cloud modelLeadership set clear customer expectations, framing SaaS shift as faster innovation deliveryAddressed customer concerns about cost predictability, security compliance, and data residency requirementsTechnical team implemented lift-and-shift architecture with AWS RDS and multi-tenant improvementsCorporate initiative tracked weekly metrics and milestones throughout full development lifecycle processCustomer Success evolved from transactional support to strategic partnership embedded in security journeysAWS partnership fundamental to cloud journey with 25+ integrations and Marketplace collaborationAI strategy focuses on three pillars: using AI, securing against AI threatsFuture 12-24 months: continue securing all identities while expanding AI capabilities and solutionsAWS partnership expanding in 2025 leveraging machine identity leadership and GenAI advancesParticipants:Peretz Regev – Chief Product & Technology Officer, CyberArkBoaz Ziniman – Principal Developer Advocate - EMEA, Amazon Web ServicesFurther Links:· CyberArk: Website – LinkedIn – AWS MarketplaceSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

　クラウドストライク株式会社は9月2日、攻撃チェーン全体にわたってあらゆるアイデンティティを保護する統合ソリューション「Falcon Next-Gen Identity Security」を発表した。

In this episode of the Identity at the Center Podcast, hosts Jeff and Jim dive into the critical intersection of cloud security and identity and access management (IAM). They are joined by experts from RSM Justin Devine, Cloud Transformation Director, and Vaishnavi Vaidyanathan, Digital Identity Director, to discuss the challenges and strategies involved in explaining complex identity topics in business terms to executives. The conversation covers the integration of IAM with cloud initiatives, the importance of automation and governance, and actionable steps for improving cloud security and identity management. The episode also touches on the evolving role of identity in cybersecurity and offers practical advice for organizations undergoing cloud migrations.Connect with Justin: https://www.linkedin.com/in/justindevine/Connect with Vaishnavi: https://www.linkedin.com/in/vaishnavi-vaidyanathan-6913072b/Learn more about RSM:Digital Identity consulting: https://rsmus.com/services/risk-fraud-cybersecurity/cybersecurity-business-vulnerability/identity-and-access.htmlSecure Cloud: https://rsmus.com/services/risk-fraud-cybersecurity/cybersecurity-business-vulnerability/secure-cloud.htmlCheck out more RSM & IDAC episodes: https://rsmus.com/insights/services/risk-fraud-cybersecurity/IDAC-podcast-featuring-RSMs-digital-identity-team.htmlChapters00:00 Introduction and Banter00:37 Explaining Identity in Business Speak04:03 Conference Season and Upcoming Events06:19 Intersection of Cloud Security and IAM07:05 Guest Introductions: Justin and Vaishnavi07:37 Vaishnav's Journey in Identity12:20 Justin's Background and Cloud Security14:32 Cloud and IAM Strategies29:28 Challenges in Identity Management30:09 Identity Orchestration and Cloud Transformation31:07 Modernizing Identity for Cloud Adoption33:03 Importance of Identity in Advanced Cloud Implementations37:28 Identity Security and Monitoring in the Cloud41:34 Practical Advice for Cloud and Identity Management53:23 Music Preferences and Final ThoughtsConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

The leadership of enterprise identity security firm SailPoint is in Singapore for a business trip, and Money Matters’ finance presenter Chua Tian Tian headed downtown to meet with the team and to find out what’s brewing for the firm. But first, who is SailPoint and what exactly is identity security? Founded in 2005, SailPoint delivers innovative solutions that address what it describes as some of the world’s most dynamic security issues. In particular, the company focuses on identity security by automating and streamlining the complexity of delivering the right access to the right identities at the right time. It might sound like a mouthful, but think of SailPoint as a security guard that ensures only the right personnel enter the right office buildings and gain access only to information that they are authorised to hold. Except that in this case, SailPoint manages and grants access to enterprise applications and data automatically, at speed and at scale. With a presence in over 60 countries and a team of over 2,600 employees, SailPoint serves some of the biggest enterprises in the world ranging from automaker General Motors, to chocolate manufacturer Hershey. And SailPoint is an interesting company to talk about, given how it raised US$1.38 billion in its upsized IPO on the NASDAQ in February 2025 – the first major tech listing of 2025. Now, this is not the first time that the firm has gone public. It first did so back in 2017, three years after being acquired by private equity firm Thoma Bravo. The story gets more exciting here, because Thoma Bravo was the one who took the company private in a second acquisition after SailPoint’s first IPO. So what was the rationale behind the second IPO, and how is SailPoint faring in the months since going public again? Meanwhile, SailPoint said the company is setting its sights on Singapore and Asia Pacific at a time when demand for advanced, AI-driven identity security solutions is surging. But what are the specific opportunities present in the region? What are some major investments by the firm in the region then? In this “On the Go Special” episode of Under the Radar, Tian Tian posed these questions to Mark McClain, CEO, SailPoint.See omnystudio.com/listener for privacy information.

Send us a textToday's explores the impact of agentic AI on security landscapes, particularly concerning identity management. It begins by defining AI agents as digital workers that independently pursue goals, outlining their components like perception, reasoning, and learning, and their multi-layered infrastructure. The discussion then transitions to the new attack surfaces introduced by AI agents, such as identity spoofing, privilege creep, and prompt injection, highlighting how agents' dynamic and ephemeral nature poses unique security challenges. I have critically examined the limitations of current human-centric identity solutions like OAuth and SAML in accommodating machine identities, advocating for a machine-first approach in identity security. Finally, the episode details how the industry is evolving to address these shortfalls through zero trust for agents, policy as code, and enhanced auditability, citing examples from major cloud providers and dedicated identity management companies.LinkedIn Profile: https://www.linkedin.com/in/thecyberman/Substack: https://thecyberman.substack.com/Support the showGoogle Drive link for Podcast content:https://drive.google.com/drive/folders/10vmcQ-oqqFDPojywrfYousPcqhvisnkoMy Profile on LinkedIn: https://www.linkedin.com/in/prashantmishra11/Youtube Channnel : https://www.youtube.com/@TheCybermanShow Twitter handle https://twitter.com/prashant_cyber PS: The views are my own and dont reflect any views from my employer.

At Black Hat 2025, Sean Martin sits down with Ofir Stein, CTO and Co-Founder of Apono, to discuss the pressing challenges of identity and access management in today's hybrid, AI-driven environments. Stein's background in technology infrastructure and DevOps, paired with his co-founder's deep cybersecurity expertise, positions the company to address one of the most common yet critical problems in enterprise security: how to secure permissions without slowing the pace of business.Organizations often face a tug-of-war between security teams seeking to minimize risk and engineering or business units pushing for rapid access to systems. Stein explains that traditional approaches to access control — where permissions are either always on or granted through manual processes — create friction and risk. Over-provisioned accounts become prime targets for attackers, while delayed access slows innovation.Apono addresses this through a Zero Standing Privilege approach, where no user — human or non-human — retains permanent permissions. Instead, access is dynamically granted based on business context and automatically revoked when no longer needed. This ensures engineers and systems get the right access at the right time, without exposing unnecessary attack surfaces.The platform integrates seamlessly with existing identity providers, governance systems, and IT workflows, allowing organizations to centralize visibility and control without replacing existing tools. Dynamic, context-based policies replace static rules, enabling access that adapts to changing conditions, including the unpredictable needs of AI agents and automated workflows.Stein also highlights continuous discovery and anomaly detection capabilities, enabling organizations to see and act on changes in privilege usage in real time. By coupling visibility with automated policy enforcement, organizations can not only identify over-privileged accounts but also remediate them immediately — avoiding the cycle of one-off audits followed by privilege creep.The result is a solution that scales with modern enterprise needs, reduces risk, and empowers both security teams and end users. As Stein notes, giving engineers control over their own access — including the ability to revoke it — fosters a culture of shared responsibility for security, rather than one of gatekeeping.Learn more about Apono: https://itspm.ag/apono-1034Note: This story contains promotional content. Learn more.Guest:Ofir Stein, CTO and Co-Founder of Apono | On LinkedIn: https://www.linkedin.com/in/ofir-stein/ResourcesLearn more and catch more stories from Apono: https://www.itspmagazine.com/directory/aponoLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: sean martin, ofir stein, apono, zero standing privilege, access management, identity security, privilege creep, just in time access, ai security, governance, cloud security, black hat, black hat usa 2025, cybersecurity, permissions

Cybercriminals today operate more like startups than stereotypes—complete with org charts, sprint cycles, and pizza parties to celebrate successful breaches. In this episode of Security Matters, host David Puner talks with former CISO and U.S. Air Force veteran Ian Schneller about the evolving sophistication of threat actors and what it takes to stay ahead.From zero-day vulnerabilities and machine identity risks to AI-powered attacks and insider threats, Ian shares practical strategies drawn from his experience in military intelligence, offensive cyber operations, and corporate security leadership. Learn how to build resilience, translate cyber risk into business outcomes, and lead with mission-driven clarity in a threat landscape that never slows down.

In this episode of the Identity at the Center podcast, hosts Jeff and Jim dive into an enriching discussion with Shawna Hofer, Chief Information Security Officer at St. Luke's Health System in Idaho. Discover the vital link between cybersecurity and patient safety, the evolving role of AI in healthcare, and the challenges of integrating new technologies securely. Shawna shares her unique journey from an identity and access management manager to a CISO, offering valuable insights on risk management, data privacy, machine identities, and resilient security infrastructure. This is a must-watch episode for anyone interested in the intersection of healthcare and cybersecurity!Timestamps:00:00 Introduction and Podcast Overview00:37 ID Pro Membership Benefits03:35 Conferences and Events06:03 Introducing Shawna Hofer07:00 Shawna's Journey to CISO10:55 Identity Security in Healthcare13:49 Balancing Security and User Experience19:08 Challenges with IoT in Healthcare24:27 AI in Healthcare Security30:01 Upskilling for AI in Security33:07 The Ever-Improving AI Landscape33:21 Embracing the AI Mindset33:58 Resiliency in Healthcare and AI35:06 The Future of Jobs in an AI-Driven World37:37 Trusting AI in Security Decisions40:56 Learning the Language of Risk43:44 Making the Business Case for Identity45:50 Balancing Security Investments51:48 The Future of Healthcare and AI54:40 Fun and Food: The Potato Question01:02:13 Closing Remarks and FarewellConnect with Shawna: https://www.linkedin.com/in/shawna-hofer-7259b21a/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

⬥GUEST⬥Sean Metcalf, Identity Security Architect at TrustedSec | On LinkedIn: https://www.linkedin.com/in/seanmmetcalf/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Sean Metcalf, a frequent speaker at conferences like Black Hat, DEF CON, and RSAC, brings a sharp focus to identity security—especially within Microsoft environments like Active Directory and Entra ID. In this episode, he walks through the practical and tactical role of honeypots and deception in detecting intrusions early and with higher fidelity.While traditional detection tools often aim for broad coverage, honeypots flip the script by offering precise signal amidst the noise. Metcalf discusses how defenders can take advantage of the attacker's need to enumerate systems and accounts after gaining access. That need becomes an opportunity to embed traps—accounts or assets that should never be touched unless someone is doing something suspicious.One core recommendation: repurpose old service accounts with long-lived passwords and believable naming conventions. These make excellent bait for Kerberoasting attempts, especially when paired with service principal names (SPNs) that mimic actual applications. Metcalf outlines how even subtle design choices—like naming conventions that fit organizational patterns—can make a honeypot more convincing and effective.He also draws a distinction between honeypots and deception technologies. While honeypots often consist of a few well-placed traps, deception platforms offer full-scale phantom environments. Regardless of approach, the goal remains the same: attackers shouldn't be able to move around your environment without tripping over something that alerts the defender.Importantly, Metcalf emphasizes that alerts triggered by honeypots are high-value. Since no legitimate user should interact with them, they provide early warning with low false positives. He also addresses the internal politics of deploying these traps, from coordinating with IT operations to ensuring SOC teams have the right procedures in place to respond effectively.Whether you're running a high-end deception platform or just deploying free tokens and traps, the message is clear: identity is the new perimeter, and a few strategic tripwires could mean the difference between breach detection and breach denial.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/activity-7353806074694541313-xzQl/Article: The Art of the Honeypot Account: Making the Unusual Look Normal: https://www.hub.trimarcsecurity.com/post/the-art-of-the-honeypot-account-making-the-unusual-look-normalArticle: Trimarc Research: Detecting Kerberoasting Activity: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-kerberoasting-activityArticle: Detecting Password Spraying with Security Event Auditing: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-password-spraying-with-security-event-auditing⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

⬥GUEST⬥Sean Metcalf, Identity Security Architect at TrustedSec | On LinkedIn: https://www.linkedin.com/in/seanmmetcalf/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Sean Metcalf, a frequent speaker at conferences like Black Hat, DEF CON, and RSAC, brings a sharp focus to identity security—especially within Microsoft environments like Active Directory and Entra ID. In this episode, he walks through the practical and tactical role of honeypots and deception in detecting intrusions early and with higher fidelity.While traditional detection tools often aim for broad coverage, honeypots flip the script by offering precise signal amidst the noise. Metcalf discusses how defenders can take advantage of the attacker's need to enumerate systems and accounts after gaining access. That need becomes an opportunity to embed traps—accounts or assets that should never be touched unless someone is doing something suspicious.One core recommendation: repurpose old service accounts with long-lived passwords and believable naming conventions. These make excellent bait for Kerberoasting attempts, especially when paired with service principal names (SPNs) that mimic actual applications. Metcalf outlines how even subtle design choices—like naming conventions that fit organizational patterns—can make a honeypot more convincing and effective.He also draws a distinction between honeypots and deception technologies. While honeypots often consist of a few well-placed traps, deception platforms offer full-scale phantom environments. Regardless of approach, the goal remains the same: attackers shouldn't be able to move around your environment without tripping over something that alerts the defender.Importantly, Metcalf emphasizes that alerts triggered by honeypots are high-value. Since no legitimate user should interact with them, they provide early warning with low false positives. He also addresses the internal politics of deploying these traps, from coordinating with IT operations to ensuring SOC teams have the right procedures in place to respond effectively.Whether you're running a high-end deception platform or just deploying free tokens and traps, the message is clear: identity is the new perimeter, and a few strategic tripwires could mean the difference between breach detection and breach denial.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/activity-7353806074694541313-xzQl/Article: The Art of the Honeypot Account: Making the Unusual Look Normal: https://www.hub.trimarcsecurity.com/post/the-art-of-the-honeypot-account-making-the-unusual-look-normalArticle: Trimarc Research: Detecting Kerberoasting Activity: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-kerberoasting-activityArticle: Detecting Password Spraying with Security Event Auditing: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-password-spraying-with-security-event-auditing⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

In a groundbreaking move, Palo Alto targets a $25 billion acquisition of CyberArk, poised to reshape identity security landscapes. As two cybersecurity giants converge, explore this narrative of strategic synergy versus the challenge of seamless integration. With potential market upheaval at stake, the acquisition promises to redefine the rules of identity security. Read the original blog post here: https://www.kuppingercole.com/blog/leal/palo-alto-cyberark-a-strategic-expansion-into-identity-security-but-with-questions

What does "secure by default" really mean—and is it enough? In this episode of CyberArk's Security Matters, host David Puner sits down with Scott Barronton, Chief Information Security Officer (CISO) at Diebold Nixdorf, to explore the often-overlooked risks of cloud default settings and how assumptions can lead to vulnerabilities.Drawing on over 25 years in cybersecurity, Scott shares how he balances product and corporate security, leads a global team, and chairs his company's AI steering committee. He discusses the importance of machine identity management, certificate automation, and building security programs that support both innovation and accountability.Plus, Scott reflects on how his passion for travel—including a group trip to Antarctica—informs his leadership style and security mindset.

GSD Presents: Top Global Startups with Dr. John Pritchard Ready Player Two: Why Multiplayer AI Beats Going Solo in Identity Security June 27th, Friday

In Episode S7E13 of the Brilliance Security Magazine Podcast, host Steven Bowcut sits down with cybersecurity veteran Jim Alkove to discuss the evolving landscape of identity security. With over 25 years in the industry and leadership experience at Microsoft, Salesforce, and now as CEO of Oleria, Jim shares unique insights into the identity challenges facing modern enterprises. He explains why traditional identity frameworks fall short in today's complex IT environments and how technologies like graph databases and autonomous access management are poised to transform the way organizations secure digital identities.SummaryThe conversation begins with Jim describing the experiences that led him to found Oleria. Having worked at major tech companies, he saw firsthand how fragmented and outdated identity security practices were becoming in the face of hybrid IT environments, cloud adoption, and the rise of AI. Security practitioners, he explains, are often stuck managing disparate systems that don't integrate well, leaving dangerous gaps in visibility and control.Jim then shares how his background as an inventor, with over 50 U.S. patents, shapes his approach to solving these complex challenges. He highlights how advancements in graph databases now allow identity systems to model and analyze access relationships with much greater granularity, down to the individual file or ticket level.A major focus of the conversation is the concept of adaptive and autonomous access. Jim explains that true least privilege enforcement requires constant adjustment of access rights based on real-time usage and business context. Oleria's platform addresses this by using AI to manage and automate access decisions, reducing the reliance on manual approvals and ticketing systems.Steven and Jim also explore how identity tools like Oleria can dramatically improve incident response. Instead of spending hours gathering logs and writing scripts, security teams can quickly view a compromised account's access and activity during the threat window, reducing response time and impact.Trust and transparency are also essential, Jim notes. Organizations must understand and control what their identity platform is doing. Oleria ensures this by providing detailed visibility into every automated action and allowing users to configure the level of human oversight.Looking to the future, Jim stresses that AI is both a tremendous opportunity and a significant security challenge. As AI agents begin to act on behalf of users and businesses, identity systems will need to keep pace by securing access at a much finer level, and for entities far beyond human users. This includes understanding the authority and trustworthiness of AI agents acting on behalf of external partners.The episode closes with a compelling reminder that the complexity of today's IT environments—and tomorrow's AI-driven workflows—demands a new approach to identity. Enterprises that don't evolve their identity infrastructure risk falling behind both in innovation and in protection.About Our GuestJim Alkove is the co-founder and Chief Executive Officer of Oleria, where he leads company strategy, vision, and growth. A tech industry veteran with over 25 years of experience, Jim has held senior security leadership positions at Microsoft, Salesforce, and other major technology firms. He holds over 50 U.S. patents and is a recognized innovator in identity security and access management. Jim also serves as a strategic advisor to numerous startups working on the future of cybersecurity.

In this episode of Security Matters, host David Puner sits down with Deepak Taneja, co-founder of Zilla Security and General Manager of Identity Governance at CyberArk, to explore why 2025 marks a pivotal moment for identity security. From the explosion of machine identities—now outnumbering human identities 80 to 1—to the convergence of IGA, PAM, and AI-driven automation, Deepak shares insights from his decades-long career at the forefront of identity innovation.Listeners will learn:Why legacy identity governance models are breaking under cloud scaleHow AI agents are reshaping entitlement management and threat detectionWhat organizations must do to secure non-human identities and interlinked dependenciesWhy time-to-value and outcome-driven metrics are essential for modern IGA successWhether you're a CISO, identity architect, or security strategist, this episode delivers actionable guidance for navigating the evolving identity security landscape.

Join Jim McDonald and Jeff Steadman on the Identity at the Center podcast as they welcome Lalit Choda, founder and CEO of the Non-Human Identity Management Group. Lalit, also known as "Mr. NHI," shares his journey from investment banking to becoming a leading expert in non-human identities. This episode delves into the critical and often overlooked world of NHI, exploring why it's such a hot topic now, the challenges practitioners face in managing these identities, and how to approach the problem from a risk-based perspective. Lalit discusses the limitations of traditional PAM and IGA tools for NHI, the importance of foundational controls, and the alarming implications of AI on non-human identity management. Plus, hear a fun segment about vinyl records and some surprising finds!Chapter Timestamps:00:00:00 - Introduction to Lalit Choda and the NHI Community00:02:31 - Welcome to the Identity at the Center Podcast & IdentiVerse Discussion00:06:18 - Lalit Choda's Identity Origin Story: From Mr. SOX to Mr. NHI00:12:03 - Why Non-Human Identities Are a Big Deal Right Now00:15:37 - Defining NHI and the Practitioner's Framework00:19:13 - The Scale and Challenges of NHI Management00:23:01 - New Types of NHI and Tooling Limitations00:27:12 - The Lack of a Single Source of Truth for NHI00:33:57 - Prioritizing NHI Management and the Role of PAM00:38:58 - A Risk-Based Approach to NHI and Foundational Controls00:48:15 - What Scares Lalit Most About NHI (and AI)00:50:54 - Lalit's Impressive Vinyl Collection00:56:38 - Jim and Jeff's First, Best, and Favorite Albums01:01:15 - The Intersection of Music and Non-Human Identities01:02:00 - Wrapping Up & Where to Find More InformationConnect with Lalit: https://www.linkedin.com/in/lalit-choda-5b924120/Non-Human Identity Management Group: https://www.nhimg.org/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywords:Lalit Choda, Non-Human Identity, NHI, Machine Identity, Workload Identity, Identity Management, Cybersecurity, PAM, IGA, Privilege Access Management, Identity Governance and Administration, Secrets Management, Cloud Security, AI, Artificial Intelligence, DevSecOps, Risk-Based Approach, Identity Security, Service Accounts, Identity at the Center, IDAC, Jeff Steadman, Jim McDonald, IdentiVerse, Vinyl Collection, Podcast, Mr. NHI#idac #nonhumanidentity #machineidentity #cybersecurity #identityaccessmanagement #IAM #infosec #digitalidentity #workloadsecurity #devsecops #cloudsecurity #privilegedaccessmanagement #identitygovernance #zerotrust #nhi #mrnhi

Identity-Security-Trajectory: IN CHRIST   Michael Lodge, Speaking Pastor   Paul calls us to not stop short. Don't just exalt Jesus and know that He is all powerful and all sufficient. Live in His all sufficient power every day. Today, as we unpack verses 9-15, we see this amazing life we get to live when we keep Jesus exalted. He is our new identity, His works give us eternal security, and His empowerment sets us on a new trajectory.   Click on the links below for additional Cascade Church resources. Connect Card: https://cascadechurch.org/connect Give Online: https://cascadechurch.org/give

Saviynt Co-Founder Amit Saha discusses how their AWS partnership has enabled the identity security company to deliver comprehensive identity protection while minimizing organizational friction.Topics Include:Saviynt is leading identity security provider in marketSecures human, non-human, workforce, and privileged access identitiesEliminates friction while automating organizational access management processesBiggest challenge: reducing friction in new access processesSecond challenge: visibility into accumulated technical debt problemsLost business context makes access permissions difficult to unwindSaviynt provides quick visibility to prioritize identity risksShadow IT creates ungoverned workloads and cloud applicationsNeed integration with asset management and cloud providersMust derive intelligence from multiple disconnected information sourcesAWS partnership provides access to prolific customer baseAWS security owners are same buyers for SaviyntEleven-year AWS relationship with early security competencyISV Accelerate program connects with sellers and architectsRising Star program helps stand out in crowded marketplaceFind mutual customers for successful AWS partnership storiesGenAI in bad actors' hands compromises customer securityProduct engineering uses GenAI tools for better qualityAgentic AI creates new paradigm between human/non-human identitiesAgentic AI requires dynamic, fluid access management approachesAI agents can generate their own bots needing accessZero trust principles needed at broader scale for AINext twelve months: getting ahead of GenAI curveNew AWS services launch daily in GenAI spaceContributing to new standards like MCP and A2A protocolsAWS Marketplace simplifies procurement and buyer discovery processesEDP program and migration incentives benefit ISV transactionsAWS developer-friendly startup programs accelerate time to marketCloud-native approach enables predictable scaling and AWS integrationAWS-Saviynt partnership aims for once-in-generation security impactParticipants:Amit Saha – Co-Founder and Chief Growth Officer, SaviyntSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

In this episode of Security Matters, host David Puner sits down with Marene Allison, former Chief Information Security Officer (CISO) of Johnson & Johnson, for a candid and wide-ranging conversation on trust, identity, and leadership in cybersecurity. From securing global vaccine supply chains during the COVID-19 pandemic to navigating the rise of AI and machine identities, Marene shares hard-earned insights from her decades-long career in national security and the private sector.They explore what it means to be a mission-driven CISO, how to build trust from the boardroom to the front lines, and why identity has always been the true perimeter. Marene also reflects on her post-CISO chapter and the evolving role of cybersecurity leaders in a rapidly evolving threat landscape.

Tune in here to this Friday’s edition of the Brett Winterble Show! Brett kicks off the program with Pete Kaliner for this edition of The Hangover as they discuss the slower pace of summer news cycles and the challenge of generating meaningful content during quieter months. The conversation begins lightheartedly with observations about seasonal radio topics, but it quickly transitions into a more substantive discussion about personality, loyalty, and political theater. Later, Brett discusses the challenges facing modern American patriotism and whether the current generation would defend the country in the event of a major global conflict. He questions the influence of institutions and academia on young Americans' views of national service and loyalty. Brett criticizes what he sees as a dangerous shift in values, highlighting comments from Boston Mayor Michelle Wu and Congressman Hakeem Jeffries that he believes undermine ICE agents and public safety. Listen here for all of this and more on The Brett Winterble Show! For more from Brett Winterble check out his YouTube channel. See omnystudio.com/listener for privacy information.

Ping Identity helps some of the largest enterprises in the world secure the logins of their employees and customers, helping to keep systems secure, prevent fraud, and decrease friction as companies undergo their digital transformation. In this episode of Behind the Deal, Thoma Bravo Founder and Managing Partner, Orlando Bravo, and Partner, Chip Virnig, sit down with Ping Identity Founder & CEO, Andre Durand, to discuss the $2.8 billion take-private transaction and the strategic rationale behind combining Ping with ForgeRock to create a leading identity security platform for some of the world's largest organizations For more information on Thoma Bravo's Behind the Deal, visit https://www.thomabravo.com/behindthedeal Learn more about Thoma Bravo: https://www.thomabravo.com/ Visit Ping's website: https://www.pingidentity.com/en.html To learn more about listener data and our privacy practices visit: https://www.audacyinc.com/privacy-policy Learn more about your ad choices. Visit https://podcastchoices.com/adchoices

This episode is sponsored by Duo. Visit duo.com to learn more.Join Jim McDonald and Jeff Steadman on this sponsored episode of the Identity at the Center Podcast, brought to you by Duo! We welcome back Matt Caulfield, VP of Duo and Identity at Cisco, to discuss the ongoing "identity crisis" in security, where 60% of attacks have identity as a key component. Matt introduces Duo's new Security-First IAM, a revolutionary approach that prioritizes security by making it the default, enabling easy passwordless adoption, and building in phishing resistance from day zero.Discover how Duo is differentiating itself in a crowded market by focusing on end-to-end phishing resistance capabilities and user-centric security. Matt shares insights into Cisco's innovation culture, drawing from his experience as a founder and the integration of acquired technologies like ORT into Duo's identity intelligence, including a new trust scoring mechanism to identify compromised accounts.We also delve into the powerful insights from Cisco Talos, whose research on identity-based attacks directly influences Duo's product development, and how customer feedback is shaping the future of identity security. Explore the exciting innovations in authentication, including Duo's proximity verification for phishing-resistant, passwordless access, and the continuous authentication capabilities powered by Duo Desktop and Identity Intelligence.Finally, Matt discusses the impact of AI on identity security, both in enabling attackers and enhancing defense mechanisms like the new Duo AI assistant for administrators. The conversation concludes with a look into the future of identity, including the challenges and opportunities presented by machine and agentic AI identities, and the critical need for advanced authorization solutions.Don't forget to visit duo.com for more information!Chapter Timestamps:00:00:00 - Introduction to the Identity Crisis and Security First IAM00:02:22 - Welcome to the Identity at the Center Podcast & Sponsored Episode Introduction00:03:00 - Introducing Matt Caulfield and His Journey at Duo/Cisco00:04:35 - Defining the Digital Identity Crisis00:06:04 - Understanding Security-First IAM00:07:17 - Differentiating Duo's Identity Solution00:08:36 - Cisco's Acquisition Strategy and Continued Innovation00:10:55 - The Impact of Cisco Talos Intelligence00:14:39 - Customer Insights and Challenges in Identity00:16:50 - Is Authentication Solved? Innovation in Phishing Resistance00:19:32 - AI's Impact on Identity Security and Future Threats00:21:55 - How Duo is Leveraging AI Internally and for Customers00:24:00 - Duo's Repositioning: From MFA to Identity and Access Management00:25:27 - Shifting Metrics of Success for Duo Customers00:27:44 - Workforce, Extended Workforce, and B2B Use Cases for Duo IAM00:29:48 - Deep Dive into Proximity-Based Authentication00:32:31 - The Importance of Phishing Resistance in Duo's Strategy00:35:57 - Continuous Authentication and Shared Signals Framework00:39:07 - Identity as a Core Pillar of SASE00:40:32 - Why Shared Signals Framework is a Key Investment for Duo00:43:25 - Future Outlook for Identity Practitioners: Passwordless and AI00:46:27 - Agentic AI and the Future of Authorization00:48:53 - Jim's Swag Tips for Identiverse00:51:57 - Final Thoughts from Matt CaulfieldConnect with Matt: https://www.linkedin.com/in/mcaulfie/Learn more about Duo: https://duo.com/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.com#idac #IdentitySecurity #Cybersecurity #DuoSecurity

RSA 2025 revealed a shift: identity is now a primary threat vector in cloud security. In this episode, Jason Kikta breaks down the key takeaways from the conference—why identity has overtaken malware, how threat actors exploit service accounts and IDPs, and what this means for modern defense strategies. Plus, Jason shares observations on the evolving risk landscape and whether Black Hat will follow RSA's lead.Whether you're a CISO, CTO, or security architect, this episode is your briefing on where the industry is headed.

Send us a textIn this episode, Matt interviews Bel Lepe, CEO and co-founder of Cerby, discussing the challenges and opportunities in identity security. They explore the significance of disconnected applications, the impact of shadow IT, and the importance of automation and AI in enhancing security practices. Bel shares insights from his previous experience at Ooyala and the lessons learned in building Cerby, including the recent Series B funding and future plans for the company.TakeawaysDisconnected applications pose significant risks in identity management.Shadow IT is becoming a major part of the IT landscape, not just a side issue.The startup journey involves learning from past experiences and adapting strategies.The human element remains a critical factor in cybersecurity incidents.

In this episode of Security Matters, host David Puner welcomes Kevin Bocek, CyberArk SVP of Innovation, for an insightful discussion on the critical role of machine identity in modern cybersecurity. As digital environments become increasingly complex, securing machine identities has never been more crucial.According to the CyberArk 2025 Identity Security Landscape, machine identities now outnumber human identities by more than 80 to 1. As organizations scale cloud workloads and automation, these identities are becoming a critical part of the cybersecurity frontline. From TLS certificate outages to API key exposures, failures in machine identity management can lead to outages, breaches, and cascading system failures. In this episode of Security Matters, Kevin Bocek explains why this moment is pivotal for getting machine identity right—and how Zero Trust principles, automation, and visibility are essential to building cyber resilience.We also explore the future of identity security—from AI kill switches and agentic AI to quantum threats—and how identity can serve as both a safeguard and a kill switch in the age of autonomous systems.Whether you're a cybersecurity professional or simply interested in the latest security trends, this episode offers valuable insights into the importance of machine identity in safeguarding our digital world. Don't forget to subscribe, leave a review, and follow Security Matters for more expert discussions on the latest in cybersecurity.

In this compelling episode, Dr. Dave Chatterjee is joined by Damon Fleury, Chief Product Officer, SpyCloud to dissect one of cybersecurity's most exploited and least understood attack surfaces—identity. With nearly three decades of experience in security, Damon shares real-world insights into how identity compromises serve as the entry point for major breaches, why a holistic approach to identity security is urgent, and how organizations can move from reactive defense to proactive resilience. The discussion underscores the convergence of people, processes, and technology in building durable identity security frameworks.To access and download the entire podcast summary with discussion highlights -- https://www.dchatte.com/episode-86-holistic-identity-security-shifting-the-paradigm-from-reactive-to-proactive/Connect with Host Dr. Dave Chatterjee and Subscribe to the PodcastPlease subscribe to the podcast so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes are released every two weeks. Connect with Dr. Chatterjee on these platforms: LinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338https://us.sagepub.com/en-us/nam/cybersecurity-readiness/book275712Latest Publications & Press Releases:“Meet Dr. Dave Chatterjee, the mind behind the CommitmentPreparedness-Discipline method for cybersecurity,” Chicago Tribune, February 24, 2025."Dr. Dave Chatterjee On A Proactive Behavioral Approach To Cyber Readiness," Forbes, February 21, 2025.Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparednessDr. Dave Chatterjee Hosts Global Podcast Series on Cyber Readiness, Yahoo!Finance, Dec 16, 2024Dr. Dave Chatterjee Hosts Global Podcast Series on Cyber Readiness, Marketers Media, Dec 12, 2024.Cybersecurity Readiness Podcast by Dr. Dave Chatterjee Reaches 10,000 Downloads Globally, Business Insider/Markets Insider, Dec 10, 2024.

In this wholly sponsored Soap Box edition of the show, Patrick Gray chats with Adam Bateman and Luke Jennings from Push Security. Push has built an identity security platform that collects identity information and events from your users' browsers. It can detect phish kits and shut down phishing attempts, protect SSO credentials, and find shadow/personal account that a user has spun up. It's extremely difficult to bypass. That's because when you're in the browser it doesn't matter how a phishing link arrives, or how a threat actor has concealed it from your detection stack – if the user sees it, Push sees it. There are solutions for protecting your users SSO credentials, like passkeys. But what about all the SaaS in your environment? Even if it's enrolled into your SSO, are you sure that's how your users are authenticating to it? What about the automation platforms your developers and admins use? What about data platforms like Snowflake? Are your using setting up passkeys for those accounts? How would you know, and what problems can it cause if those accounts are vulnerable? This is a fun one! This episode is also available on Youtube. Show notes

In this episode of Security Matters, host David Puner sits down with Eric Olden, co-founder and CEO of Strata Identity, and a pioneer in modern identity management. Eric shares his career journey, from founding Simplified to leading Oracle's global identity division, and discusses the critical importance of resilience in identity systems.Discover how organizations can eliminate single points of failure, test their backup plans and ensure their digital operations remain robust even in the face of unexpected outages. Eric also delves into the concept of identity orchestration, explaining how it can unify multiple identity systems and enhance security.Tune in to learn about the latest trends in identity management, including the intersection of AI and identity, and gain insights into how businesses can proactively assess and mitigate risks associated with identity outages.Don't miss this engaging conversation filled with practical advice and forward-thinking strategies to help safeguard your organization's identity infrastructure.

Eve Maler returns to Identity at the Center for her seventh episode, bringing her signature insight and humor to a deep conversation about the state of digital identity. Jeff and Jim explore the gap between lagging IAM programs and next-gen technologies with Eve, who dives into her research on non-human identities, the power of identity services as products, and how martech and adtech intersect with customer IAM. Plus, get a preview of her EIC talk and the latest on Identi-Squabble, the identity game show set for Identiverse. Don't miss this packed and playful discussion!Timestamps:00:00 - Assume breach, assume tracking02:03 - Jim's IAM theory and gap analysis10:00 - Identi-Squabble game show preview13:00 - Eve joins, talks SXSW experience18:00 - Non-traditional Venn diagrams & stakeholder models22:00 - Personhood credentials and digital death27:00 - MarTech, AdTech, and the identity connection35:00 - Consent is dead: what it means for IAM47:00 - Treating identity as a product50:00 - Identity's role in organizational silos53:00 - Identity Security: what is it really?59:00 - Is “identity” big enough to hold all these qualifiers?01:00:00 - Lighter note: would you rather meet past or future self?Connect with Eve: https://www.linkedin.com/in/evemaler/Venn Factory: https://www.vennfactory.com/Conference Discounts!Identiverse 2025 - Use code IDV25-IDAC25 for 25% off: https://identiverse.com/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywords:Eve Maler, IAM, Identity at the Center, Identiverse, Identisquabble, Martech, Adtech, Personhood Credentials, Identity Security, Consent Management, Non-Human Identity, Identity as Product, Digital Identity, Venn Factory, Identity Governance, IAM Strategy, South by Southwest Identity, Privacy by Design

In this episode of Campus Technology Insider Podcast Shorts, host Rhea Kelly covers the key tech stories in higher education. Highlights include Fortinet's report on the critical role of identity in cloud security, Meta's launch of a standalone AI app featuring Llama 4, and a Cloudera survey revealing data privacy as a top concern for AI adoption. Tune in for more insights on these stories and their implications for the education sector. 00:00 Introduction and Host Welcome 00:17 Critical Security Perimeter in Cloud Services 00:48 Meta Platforms Launches Standalone AI App 01:21 Cloudera Survey on AI Agents and Data Privacy 01:57 Conclusion and Further Resources Source links: Report: Identity Has Become a Critical Security Perimeter for Cloud Services Meta Launches Stand-Alone AI App Study: Data Privacy a Top Concern as Orgs Scale Up AI Agents Campus Technology Insider Podcast Shorts are curated by humans and narrated by AI.

Now in its 18th year, the Verizon Business DBIR is one of the industry's longest standing and leading reports on the current cybersecurity landscape. This year's report analyzes more than 22,000 security incidents with victims spanning 139 countries, examining significant growth in third-party involvement in breaches, increases in ransomware and examines the average amounts paid and amount of time to patch vulnerabilities, among many other findings. Segment Resources: - https://www.verizon.com/about/news/2025-data-breach-investigations-report - https://www.verizon.com/business/resources/reports/dbir This segment is sponsored by Verizon Business! To read the full Verizon Business 2025 Data Breach Investigations Report, please visit https://securityweekly.com/verizonrsac. Over the past two decades, the browser has evolved from a simple web rendering engine to the primary gateway through which users interact with the internet, be it for work, leisure or transactions. In other words, browsers are becoming the new endpoint. Yet, despite the exponential growth of browser-native attacks, traditional security solutions continue to focus on endpoint and network, leaving a large gaping hole when it comes to browser security. SquareX has started the Year of Browser Bugs (YOBB), a yearlong initiative to draw attention to the lack of security research and rigor in what remains one of the most understudied attack vectors - the browser. Learn more about SquareX's Browser Detection and Response solution at https://securityweekly.com/squarexrsac Last Mile Reassembly Attacks: https://www.sqrx.com/lastmilereassemblyattacks Polymorphic Extensions technical blog: https://labs.sqrx.com/polymorphic-extensions-dd2310006e04 There is a growing overlap between endpoint and cloud environments, creating new security challenges. ThreatLocker has recently released innovative solutions designed to protect organizations operating in this space. These include Cloud Control, Cloud Detect, Patch Management, and other advanced security tools tailored to bridge the gap between endpoint and cloud protection. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerrsac to learn more about them! Jason Mical, Field CTO, discusses Devo and Detecteam's integrated solution, which proactively improves security posture by identifying and closing detection gaps. The integration combines Devo's comprehensive threat detection, investigation, and response capabilities with Detecteam's autonomic detection lifecycle platform to continuously validate and improve detection capabilities based on real-world attack scenarios. Solution demo: https://www.devo.com/interactive-demos/devo-detecteam-engineering-confidence-in-threat-detection/ This segment is sponsored by Devo . Visit https://securityweekly.com/devorsac to learn more about them! While the value of identity security remains largely untapped, SailPoint's latest Horizons of Identity Security report reveals that organizations with mature identity programs can bend their identity security-to-value curve and recognize disproportionately higher returns. These programs unlock new value pools and can help address emerging challenges, such as securing machine and AI agent identities. The 2024-25 Horizons of Identity Security report: https://www.sailpoint.com/identity-library/horizons-identity-security-3 Take the identity security maturity assessment: https://www.sailpoint.com/identity-security-adoption Learn more about SailPoint's Customer Experience Portfolio: https://www.sailpoint.com/customer-success/customer-experience-portfolio This segment is sponsored by SailPoint. Visit https://securityweekly.com/sailpointrsac to learn more about them! Identity has long been the soft underbelly of cybersecurity—but with AI, non-human identities (NHIs), and autonomous agents on the rise, it's now front and center for security teams, the C-suite, and boardrooms alike. Adversaries aren't just hacking systems anymore—they're hijacking identities to slip through the cracks and move undetected in systems. For too long, identity security was treated as interchangeable with IAM—but that mindset is exactly what left critical gaps exposed. Listen to our interview with Hed Kovetz as he unpacks why identity has become today's most urgent battleground in cyber. He'll what you can do about it with an identity security playbook that gives you the upper hand. https://resources.silverfort.com/identity-security-playbook/home https://www.silverfort.com/blog/shining-the-spotlight-on-the-rising-risks-of-non-human-identities/ This segment is sponsored by Silverfort. Visit https://securityweekly.com/silverfortrsac to learn more about Silverfort's IDEAL approach to identity security! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-405

Now in its 18th year, the Verizon Business DBIR is one of the industry's longest standing and leading reports on the current cybersecurity landscape. This year's report analyzes more than 22,000 security incidents with victims spanning 139 countries, examining significant growth in third-party involvement in breaches, increases in ransomware and examines the average amounts paid and amount of time to patch vulnerabilities, among many other findings. Segment Resources: - https://www.verizon.com/about/news/2025-data-breach-investigations-report - https://www.verizon.com/business/resources/reports/dbir This segment is sponsored by Verizon Business! To read the full Verizon Business 2025 Data Breach Investigations Report, please visit https://securityweekly.com/verizonrsac. Over the past two decades, the browser has evolved from a simple web rendering engine to the primary gateway through which users interact with the internet, be it for work, leisure or transactions. In other words, browsers are becoming the new endpoint. Yet, despite the exponential growth of browser-native attacks, traditional security solutions continue to focus on endpoint and network, leaving a large gaping hole when it comes to browser security. SquareX has started the Year of Browser Bugs (YOBB), a yearlong initiative to draw attention to the lack of security research and rigor in what remains one of the most understudied attack vectors - the browser. Learn more about SquareX's Browser Detection and Response solution at https://securityweekly.com/squarexrsac Last Mile Reassembly Attacks: https://www.sqrx.com/lastmilereassemblyattacks Polymorphic Extensions technical blog: https://labs.sqrx.com/polymorphic-extensions-dd2310006e04 There is a growing overlap between endpoint and cloud environments, creating new security challenges. ThreatLocker has recently released innovative solutions designed to protect organizations operating in this space. These include Cloud Control, Cloud Detect, Patch Management, and other advanced security tools tailored to bridge the gap between endpoint and cloud protection. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerrsac to learn more about them! Jason Mical, Field CTO, discusses Devo and Detecteam's integrated solution, which proactively improves security posture by identifying and closing detection gaps. The integration combines Devo's comprehensive threat detection, investigation, and response capabilities with Detecteam's autonomic detection lifecycle platform to continuously validate and improve detection capabilities based on real-world attack scenarios. Solution demo: https://www.devo.com/interactive-demos/devo-detecteam-engineering-confidence-in-threat-detection/ This segment is sponsored by Devo . Visit https://securityweekly.com/devorsac to learn more about them! While the value of identity security remains largely untapped, SailPoint's latest Horizons of Identity Security report reveals that organizations with mature identity programs can bend their identity security-to-value curve and recognize disproportionately higher returns. These programs unlock new value pools and can help address emerging challenges, such as securing machine and AI agent identities. The 2024-25 Horizons of Identity Security report: https://www.sailpoint.com/identity-library/horizons-identity-security-3 Take the identity security maturity assessment: https://www.sailpoint.com/identity-security-adoption Learn more about SailPoint's Customer Experience Portfolio: https://www.sailpoint.com/customer-success/customer-experience-portfolio This segment is sponsored by SailPoint. Visit https://securityweekly.com/sailpointrsac to learn more about them! Identity has long been the soft underbelly of cybersecurity—but with AI, non-human identities (NHIs), and autonomous agents on the rise, it's now front and center for security teams, the C-suite, and boardrooms alike. Adversaries aren't just hacking systems anymore—they're hijacking identities to slip through the cracks and move undetected in systems. For too long, identity security was treated as interchangeable with IAM—but that mindset is exactly what left critical gaps exposed. Listen to our interview with Hed Kovetz as he unpacks why identity has become today's most urgent battleground in cyber. He'll what you can do about it with an identity security playbook that gives you the upper hand. https://resources.silverfort.com/identity-security-playbook/home https://www.silverfort.com/blog/shining-the-spotlight-on-the-rising-risks-of-non-human-identities/ This segment is sponsored by Silverfort. Visit https://securityweekly.com/silverfortrsac to learn more about Silverfort's IDEAL approach to identity security! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-405

Now in its 18th year, the Verizon Business DBIR is one of the industry's longest standing and leading reports on the current cybersecurity landscape. This year's report analyzes more than 22,000 security incidents with victims spanning 139 countries, examining significant growth in third-party involvement in breaches, increases in ransomware and examines the average amounts paid and amount of time to patch vulnerabilities, among many other findings. Segment Resources: - https://www.verizon.com/about/news/2025-data-breach-investigations-report - https://www.verizon.com/business/resources/reports/dbir This segment is sponsored by Verizon Business! To read the full Verizon Business 2025 Data Breach Investigations Report, please visit https://securityweekly.com/verizonrsac. Over the past two decades, the browser has evolved from a simple web rendering engine to the primary gateway through which users interact with the internet, be it for work, leisure or transactions. In other words, browsers are becoming the new endpoint. Yet, despite the exponential growth of browser-native attacks, traditional security solutions continue to focus on endpoint and network, leaving a large gaping hole when it comes to browser security. SquareX has started the Year of Browser Bugs (YOBB), a yearlong initiative to draw attention to the lack of security research and rigor in what remains one of the most understudied attack vectors - the browser. Learn more about SquareX's Browser Detection and Response solution at https://securityweekly.com/squarexrsac Last Mile Reassembly Attacks: https://www.sqrx.com/lastmilereassemblyattacks Polymorphic Extensions technical blog: https://labs.sqrx.com/polymorphic-extensions-dd2310006e04 There is a growing overlap between endpoint and cloud environments, creating new security challenges. ThreatLocker has recently released innovative solutions designed to protect organizations operating in this space. These include Cloud Control, Cloud Detect, Patch Management, and other advanced security tools tailored to bridge the gap between endpoint and cloud protection. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerrsac to learn more about them! Jason Mical, Field CTO, discusses Devo and Detecteam's integrated solution, which proactively improves security posture by identifying and closing detection gaps. The integration combines Devo's comprehensive threat detection, investigation, and response capabilities with Detecteam's autonomic detection lifecycle platform to continuously validate and improve detection capabilities based on real-world attack scenarios. Solution demo: https://www.devo.com/interactive-demos/devo-detecteam-engineering-confidence-in-threat-detection/ This segment is sponsored by Devo . Visit https://securityweekly.com/devorsac to learn more about them! While the value of identity security remains largely untapped, SailPoint's latest Horizons of Identity Security report reveals that organizations with mature identity programs can bend their identity security-to-value curve and recognize disproportionately higher returns. These programs unlock new value pools and can help address emerging challenges, such as securing machine and AI agent identities. The 2024-25 Horizons of Identity Security report: https://www.sailpoint.com/identity-library/horizons-identity-security-3 Take the identity security maturity assessment: https://www.sailpoint.com/identity-security-adoption Learn more about SailPoint's Customer Experience Portfolio: https://www.sailpoint.com/customer-success/customer-experience-portfolio This segment is sponsored by SailPoint. Visit https://securityweekly.com/sailpointrsac to learn more about them! Identity has long been the soft underbelly of cybersecurity—but with AI, non-human identities (NHIs), and autonomous agents on the rise, it's now front and center for security teams, the C-suite, and boardrooms alike. Adversaries aren't just hacking systems anymore—they're hijacking identities to slip through the cracks and move undetected in systems. For too long, identity security was treated as interchangeable with IAM—but that mindset is exactly what left critical gaps exposed. Listen to our interview with Hed Kovetz as he unpacks why identity has become today's most urgent battleground in cyber. He'll what you can do about it with an identity security playbook that gives you the upper hand. https://resources.silverfort.com/identity-security-playbook/home https://www.silverfort.com/blog/shining-the-spotlight-on-the-rising-risks-of-non-human-identities/ This segment is sponsored by Silverfort. Visit https://securityweekly.com/silverfortrsac to learn more about Silverfort's IDEAL approach to identity security! Show Notes: https://securityweekly.com/esw-405

In this episode of the Security Matters podcast, host David Puner sits down with Lior Yaari, CEO and co-founder of Grip Security, for a discussion that covers the concept of identity debt and its implications for modern cybersecurity. Lior shares insights from his experience in Israel's elite Unit 8200 and explains why identity is now the new security perimeter. They delve into the challenges organizations face in managing SaaS applications, the impact of generative AI on cybersecurity and the importance of proactive identity governance. Tune in for tips on how to protect your organization from within and stay ahead of evolving threats.

This episode is sponsored by Permiso. Visit permiso.io/idac to learn more.In this sponsored episode of the Identity at the Center Podcast, hosts Jeff and Jim sit down with Paul Nguyen, co-founder and co-CEO of Permiso, to discuss the critical role of identity security in modern information security. Paul shares insights into the history of identity threats, the rise of identity-focused attacks like Scattered Spider and LLM Jacking, and the importance of real-time identity monitoring for both human and non-human identities across cloud and on-prem environments. The episode explores how Permiso is positioned in the market to provide comprehensive identity threat detection and response (ITDR) and identity security posture management (ISPM), offering advanced visibility and proactive measures against emerging threats.Chapters00:00 Introduction to Security Vendors00:50 Welcome to the Identity at the Center Podcast01:30 Sponsored Spotlight: Permiso02:14 Meet Paul Nguyen, Co-Founder of Permiso03:34 The Importance of Identity in Security05:35 Permiso's Unique Approach to Identity Security07:36 Real-Time Monitoring and Threat Detection09:23 Challenges and Solutions in Identity Security15:16 Modern Attacks and Identity Threats25:56 The Role of Honeypots in Security Research26:49 Challenges of Maintaining Security27:15 Honeypots and Breach Detection27:46 Dwell Time and Reconnaissance28:34 Password Complexity and Monitoring Gaps29:24 Roles and Responsibilities in Identity Security29:49 Unified Identity Security Teams30:57 Emerging Threats and Joint Efforts32:49 Permiso's Role in Identity Security34:10 Detection and Response Strategies36:11 Managing Identity Risks36:51 Combining Prevention and Detection39:44 Real-World Applications and Challenges51:17 Personal Insights and Final ThoughtsConnect with Paul: https://www.linkedin.com/in/paulnguyen/Learn more about Permiso: https://permiso.io/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.com and watch at idacpodcast.tvKeywords:identity security, real-time monitoring, IAM, cybersecurity, identity exploitation, modern attacks, insider threats, honeypots, organizational structure, Non-Human Identities, Identity Security, Permiso, Risk Management, Insider Threat, Shadow IT, Identity Graph, ITDR, ISPM, Cybersecurity