Podcasts about identity security

Jeff and Jim welcome back Robert Snodgrass, Principal at RSM, for a deep dive into the RSM Middle Market Business Index cybersecurity report. The conversation covers the confidence gap facing middle market organizations, why digital identity remains undervalued despite being the primary attack surface, non-human identity governance, flat cybersecurity budgets, risk framework adoption, and what good incident response preparedness actually looks like. The episode wraps with a spirited Bitcoin Pizza Day toppings debate.Connect with Robert: https://www.linkedin.com/in/robert-snodgrass-7a199412/Review the RSM US Middle Market Business Index Special Report on Cybersecurity 2026: https://rsmus.com/middle-market/cybersecurity-mmbi.html?cmpid=ola:45559-idac:bb01IDPro new member discount: https://idpro.org/idac/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comTIMESTAMPS00:00:00 Introduction and Scatter Spider social engineering discussion00:04:00 IDPro discount code and upcoming conferences00:06:26 Guest intro: Robert Snodgrass and the MMBI report00:09:05 Defining the modern middle market00:12:00 The confidence gap: 96% confident, 18% breached00:15:04 Why attackers log in and top identity investment priorities00:19:00 Why only 23% of leaders prioritize digital identity00:22:00 Internal partnerships as the path to identity program success00:25:10 AI, shadow AI, and non-human identity risks00:31:00 NHI governance at scale: 45 to 1 ratio00:34:50 Cybersecurity budget realities in the middle market00:39:00 EU regulation and top-line cybersecurity drivers00:42:03 NIST CSF adoption and risk framework value00:46:00 Incident response planning: the two-minute drill00:52:16 Bitcoin Pizza Day and closing thoughtsKEYWORDSidentity security, middle market, cybersecurity, MMBI, RSM, Robert Snodgrass, phishing-resistant MFA, non-human identities, NHI, shadow AI, incident response, NIST CSF, IAM, identity governance, ransomware, tabletop exercises, digital identity, cybersecurity budget, identity program, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

In our World Password Day Special, we're digging into credentials, identity, and authentication  — and where security is  heading next.

This episode features Angie Klein, IAM Business Technology Manager at Federated Insurance.Angie brings over a decade of experience spanning systems development and identity security leadership, holding CISSP, CIDPRO, and CISM certifications and working hands-on with CyberArk, SailPoint IDN, and Active Directory in a regulated environment.In this episode, Angie dives into the organizational and cultural work that most identity programs skip. She shares why identity deserves its own program, how to apply OCM to bring resistant stakeholders on board, and why governance must come first. Angie's core argument is that if identity security creates too much friction, people will route around it, and that's where the real risk lives.This episode makes the case that the hardest part of identity security isn't the technology, it's getting people to trust it enough to stop working around it.Guest Bio As the IAM Business Technology Manager at Federated Insurance, Angie is dedicated to advancing our Identity and Access Management program and the industry as a whole. With over 10 years of experience and currently leading a team of Security Engineers and Identity and Access Analysts, Angie is passionate about IAM and love to see "ah ha" moments when colleagues understand that security is everyone's job.Angie bring over a decade of experience as a Systems Developer, providing extensive technical expertise in the Identity Security domain. I hold certifications, including CISSP, CIDPRO, and CISM. Additionally, she has experience working in the insurance industry and am skilled in CyberArk, Active Directory, SailPoint IDN, Analytical Skills, Project Management, and Public Speaking.Guest Quote "Identity security is ultimately about trust. People have to trust that you are doing the things that will help them do their job securely and not stop them from doing their job."Time stamps 01:45 Meet Angie Klein: Expert IAM Practitioner 01:22 Why Identity Needs Its Own Program 04:30 Why Identity Programs Stall 07:27 Organizational Change Management (OCM) Explained 12:51 OCM in Action 17:08 How to Gain Buy-In for an Identity Security Program 25:05 First Steps for Standing Up a Program 30:22 The Core Pillars of Identity Security 35:00 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Connect with Angie on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

The floor at RSAC Conference 2026 had one dominant frequency, and it was not subtle. Every booth, every hallway, every late-night conversation kept circling back to the same question: how do enterprises adopt AI agents without losing control of them? In a post-conference follow-up, Itamar Apelblat, Co-Founder and CEO of Token Security, translates what he heard on the ground into what the data now confirms. Token Security arrived at RSAC with a fresh set of findings, produced in collaboration with the Cloud Security Alliance and released alongside the event. The report, Autonomous but Not Controlled: AI Agent Incidents Now Common in Enterprises, puts numbers to what practitioners already suspected: 65 percent of organizations have experienced an AI agent-related incident in the past twelve months, and 82 percent discovered agents running in their environment that no one had authorized. Only 21 percent have a formal process for decommissioning agents — a gap Itamar Apelblat flags as a low-hanging attack path. The short version from the conversation: visibility is the starting line, not the finish line, and the path from discovery to intent-based enforcement is where most programs are stuck. This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Itamar Apelblat, Co-Founder and CEO, Token Security | https://www.linkedin.com/in/itamar-apelblat/ RESOURCES Learn more about Token Security: https://www.token.security/ Download the CSA + Token Security Report — Autonomous but Not Controlled: AI Agent Incidents Now Common in Enterprises: https://cloudsecurityalliance.org/artifacts/autonomous-but-not-controlled-ai-agent-incidents-now-common-in-enterprises Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Itamar Apelblat, Token Security, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, AI agents, agentic AI, non-human identity, identity security, shadow AI, CSA report, Cloud Security Alliance, intent-based access, AI agent governance, agent decommissioning, RSAC Conference 2026 Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Your organization may have hundreds of AI agents running right now that your security team doesn't know exist. Every single one is an identity. Every identity is an attack surface. In this episode of The Audit, co-hosts Joshua Schmidt, Eric Brown, and Nick Mellem sit down with Madhav Nakar, security researcher on the Phantom Labs team at BeyondTrust, to break down one of the most underexplored threats in enterprise security today: untracked AI agents creating exploitable "ghost identities." Madhav just returned from RSA — where he noticed every booth had an AI angle and a bubble forming — and he's here to cut through the noise with hard-hitting research and practical guidance. 

Sharing information with AI has quickly become second nature. But what are you really giving away?

This episode features a virtual roundtable hosted by Michele Crockett, Associate VP of Product Marketing at Semperis.The panel brings together five practitioners with deep experience in identity security: Alex Weinert, Chief Product Officer at Semperis; Christopher Brumm, Cyber Security Architect at glueckkanja; Eric Woodruff, Chief Identity Architect at Semperis; Jorge de Almeida Pinto, Senior Incident Response Lead at Semperis; and Michael Van Horenbeeck, CEO and Senior Solution Architect at The Collective Consulting. Collectively, they represent experience across incident response, Microsoft product development, enterprise architecture, and security leadership.In this discussion, the panel addresses how to allocate limited security budgets across prevention and recovery, why the same AD misconfigurations keep appearing in assessments year after year, and what AI means for defenders and attackers alike.This episode is a practical, field-tested conversation about what moves the needle when resources are constrained.Guest Quote "80% of permissions that are out there are users that have access to systems they don't need. Going back to that Tier 0 system, a hundred percent of what's got access to Tier 0, you should know what it is, why it has access, why it needs it, [and] what's going on...  Any apps that you can't prove what they're there for, turn them off. See who yells."Time stamps 0:00 Meet the Panelists 00:00 AI in Cybersecurity 02:23 Budgeting for Identity Security 05:08 Field Lessons and AD Misconfigs 08:48 Prioritizing Prevention and Funding 12:59 Current Attacker Trends 14:56 Hybrid and Multi Cloud Risks 17:02 Entra Private Access POC 18:28 Lightning RoundSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Alex on LinkedInConnect with Chris on LinkedInConnect with Eric on LinkedInConnect with Michael on LinkedInConnect with Jorge on LinkedInConnect with Michele on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Wrapping Up 2025: AI Advancements and Future of Identity Security | Identity Jedi ShowIn the final episode of the Identity Jedi Show for 2025, host David reflects on the rollercoaster year in identity and AI, explaining his plans to release a video on 2026 trends later on. He encourages listeners to subscribe to the channel to not miss out on the upcoming content, including a top 10 highlights video. The episode features an insightful interview with Raz Rotenburg, CEO and co-founder of Fabrics, discussing AI's explosion in recent years, its impact on cybersecurity, the potential of AI in revolutionizing identity and access management, and the concerning speed at which AI-driven attacks can occur. David and Roz delve into how AI can automate and enhance security processes, reflecting on the need for the industry to adopt more sophisticated tools for real-time security. The episode concludes with David expressing gratitude to his audience, urging everyone to cherish every moment as we head into the new year. Don't miss this thought-provoking wrap-up of 2025 with exciting insights into the future of AI and identity security!www.theidentityjedi.com00:00 Introduction and Welcome00:46 Year-End Reflections and Upcoming Trends01:53 Housekeeping and Announcements02:16 Special Guest Interview Teaser02:55 AI and Identity Management Insights07:12 The Future of AI in Cybersecurity11:06 In-Depth AI Discussion with Special Guest33:25 The Exciting Potential of AI in Cybersecurity34:00 Sophistication and Speed of AI-Driven Attacks35:21 The Role of AI in Enhancing Defense Mechanisms38:24 Challenges in Identity and Access Management41:43 The Future of AI in Cybersecurity45:06 Personal Anecdotes and Industry Insights48:44 The Vision for AI-Driven Identity Security59:08 Closing Thoughts and Future Outlook

Larissa Crandall, 1Password’s global vice president of channel and alliances 1Password is a company many Canadian partners know, but the Toronto-based firm has evolved well beyond the password vault it’s historically been associated with. Now positioning itself as an identity security company, 1Password recently expanded its global partner program, won the 2025 AWS Canada Rising Star Technology Partner of the Year award, and was named to CRN’s 2026 Security 100 list. The company counts more than 180,000 business customers, with over 75 per cent of its revenue now coming from the enterprise side. Larissa Crandall, 1Password’s global vice president of channel and alliances, joins us to talk about what that evolution means for MSPs looking to build identity security practices. Crandall talks openly about the need to “myth bust” how partners think about 1Password, pointing to strategic integrations with CrowdStrike and Zscaler and the company’s growing presence in AI labs and enterprise security stacks as evidence of the shift. The numbers that emerge are striking. Non-human identities – AI agents, service accounts, API keys – now outnumber human identities 82 to 1, according to Crandall, and SMBs remain largely unprepared for the challenge. That’s the gap MSPs can step into. She shares the story of an MSP that made 1Password mandatory across its entire customer base – not as an add-on, but as a baseline requirement – because you can’t credibly sell identity security if you haven’t secured the front door yourself. On building a profitable practice, Crandall identifies three keys: proper discovery, understanding scope and complexity, and having the right skill sets on your own team before delivering it to clients. Partners interested in learning more can visit the 1Password partner program page. Read Full Transcript Robert Dutt: Hello and welcome to In the Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and as always, your host for the show. If you’ve been following the cybersecurity conversation this year, you’ve probably noticed that identity keeps coming up – not as one item on the security checklist, but increasingly as the item. The attack surface is shifting. SaaS sprawl, shadow AI, and a growing universe of non-human identities – things like AI agents, service accounts, and API keys – are creating access governance challenges that traditional security tools were never designed to handle. And for MSPs, that shift represents both a risk and an opportunity to build a real practice around identity security. 1Password is a company that a lot of us know, but the Toronto-based company has evolved beyond the password vault that many partners may remember. It’s now positioning itself as an Extended Access Management platform, recently expanded its global partner program, and counts more than 180,000 businesses among its customers. Joining me today to talk about what that evolution means for the channel is Larissa Crandall, global vice president of channel and alliances at 1Password. We’re going to dig into why identity has become the front door to the security conversation, what MSPs need to understand about non-human identities before their customers start asking, and what building a profitable identity security practice actually looks like. Larissa, thanks for taking the time. I appreciate it. Larissa Crandall: Thank you so much for having me. Excited for a conversation. Robert Dutt: We keep hearing that identity is the new security perimeter. For a lot of MSPs, the bread and butter is still firewall, endpoint, some MFA. Can you help me with what’s changing in the threat landscape that makes identity security an urgent, a “build a practice around it right now” kind of opportunity? Larissa Crandall: Yeah, absolutely. AI is here to stay. I think the opportunity for MSPs is now. It’s prevalent. We’re seeing a lot of MSPs build practices around identity security, and those are the ones that are getting ahead of it, are leading the charge. I think for us personally, spending a lot of time with MSPs, the attack surface has changed. It’s no longer about human, it’s about non-human identities, and it spans across SaaS applications, endpoints, APIs, service accounts, and AI agents. All of the MSPs that are getting ahead of it are helping our customers and growing. Robert Dutt: You guys have been around for 20 years now or so. I think for a lot of folks, the on-ramp, the familiar place is the personal password vault, of course. Some partners certainly are selling you alongside other tools, are working you into the mix. What would surprise a partner who hasn’t looked closely at 1Password in the last couple of years about where you guys are at right now? Larissa Crandall: Love this question, because I’ve been talking to a lot of partners. As we’ve built out the partner program that we just launched and going to truly partner first, we have to – what I call – myth bust. A lot of how people perceived us is just traditional EPM, the Enterprise Password Manager business, into this true solution that’s attached to everything that they’re already selling. For instance, we have large integrations with CrowdStrike and Zscaler, and that’s getting the attention of some of the partners out there not realizing that we fit into that full conversation and that tech stack as a platform play, versus thinking of us traditionally just on that human-centric credential management play. We’ve definitely flipped the script, I would say, on having sellers think of us different. MSPs – we also have a lot that we’re doing with AWS, and that has changed some of the landscape for us here, is positioning that full technology solution. Robert Dutt: You touch on partner first on the program launch. Can you walk me through what partner first means from a 1Password point of view at this point and the highlights there in terms of what it means to your partner base or your prospective partner base? Larissa Crandall: Sure, absolutely. We built what I call a customer-centric partner strategy. What that means to us internally – and as I’ve shared this with our partner ecosystem – is however a customer wants to transact with us. Via AWS Marketplace, whether they want to work with us with a partner through Marketplace, if they want to work with their traditional reseller and VAR partners out there. We have obviously SMB customers, a lot around working with their MSPs. We have that all taken care of, where we have prescriptive partners across the globe as well as working with our distribution partners. What that means for us internally is we have worked through an entire strategy top-down. It goes from our executives all the way through our sellers that they’re to engage partners. Now it could be an existing account that we have that we’re wanting to bring a partner into. We’re also spending a lot of time with partners, both new and existing, teaching them the 1Password story and teaching them how we fit in what they’re selling today and what the opportunity is. Increased enablement, certifications, all of that. Again, it goes back to what I would say is that myth bust of how you think of us and what we’re doing, versus how we’re getting a lot of attention from partners that have talked with us previous but are seeing us different, talking about putting us in their AI labs and their security practices and a full wrapper into platform. Robert Dutt: That’s two fronts of myth busting, or developing the stories to partners. Where would you say you’re at in getting that out there, broadly disseminated and well understood on both of those fronts? Larissa Crandall: It’s a daily, right? I think it’s a daily spend. I spent this morning talking to two partners and they were both new. They were in a region that we have not spoken to before, and it was newer partners wanting to learn more because they’re hearing the market demand and they’re having customers call about 1Password and identity security. That has flipped as well, where identity security is no longer a “it’s a nice” – it’s needed. Same thing across MSPs. They’re building foundational practices as well around identity security and we’re having them come to us and say, “Teach us more. How do we build this? How do we do the discovery and how do we get in front of it?” Especially around AI. Robert Dutt: You’ve talked about something you call the Access-Trust Gap – the space between what IT can see and control versus what employees are actually using to get their work done. Can you walk us through what that looks like in a real organization and the why as to why traditional IAM tools aren’t closing that gap? Larissa Crandall: I have an example for you that I love to use, and it’s related to an MSP that we have that shared with us how they personally worked with 1Password. It’s a mature MSP that made a deliberate decision as a company to bring in 1Password and make it mandatory for all of their customers. Not an add-on – make it mandatory for all. They did that because they wanted to ensure that security was embedded into everything they did from the start and how they interacted with customers. The reason that they did that is they wanted to make sure – if they weren’t ahead of it and they weren’t giving customers a secure way to manage their credentials, they would find their own way. That’s the problem still. There’s spreadsheets, there’s shared sticky notes. You put it in your phone. That’s never good. This MSP shared that and said, “If we’re going to go preach this and sell 1Password, we’re going to basically do it ourselves.” If you leave it up to your own devices, employees will do it on their own and that’s the big risk. For us, that’s the big opportunity that we’re sharing with our partners to make sure that they know that – that is not the way to go. You need to make sure that you’re protecting it. You can’t begin to address that identity sprawl if you haven’t first secured the front door. When we say that to partners, we let that sink in. If you haven’t done it personally as an organization and you’re working with customers, you have to secure that front door. MSPs that are building the basics and getting ahead of it are going to nail this and be far ahead of their competition. I love that example because it’s a real life, “If I’m going to go sell it, I’m going to make sure that we’re using it ourselves.” Robert Dutt: The new front, I think, that’s maybe catching MSPs a little bit off guard, that’s certainly building awareness, is the non-human identities side of things. You touched on AI agents a little earlier, the service accounts, the API keys – the things that need credentials but aren’t employees. How big of a governance problem is this becoming and what does it mean for an MSP who’s trying to help clients figure this out and navigate this problem? Larissa Crandall: It’s a big problem. Non-human machines are growing every day, and a stat that we’ve been using and explaining this – just on the severity of it – with our partners, is non-human identities now outnumber human 82 to 1. Think about that. If that is the number of how much you would have to protect non-human, you can’t just think about it from that human perspective. “I log in, I do the right thing.” It’s everything that they don’t know. That gap, again, is helping customers get that visibility and control around that across human and non-human, is generally hard to replicate because you have to teach it. That’s where, again, the partners come in and they bring that up and explain that. They’re ahead of it. What I will say, though, is SMBs are not ahead of that just yet. They’re not thinking about non-human every day, and that’s where partners can come in and being their true trusted advisor and explain that and explain the risk to their businesses. Because that’s their job – to keep businesses running – and that’s why customers go to them. Robert Dutt: For an MSP who’s at the point of saying, “OK, I see your point. I see the opportunity around identity security. I need to build around this,” but they aren’t there yet necessarily – what does a profitable identity security practice look like? What are they selling? What services are they wrapping around it? Where do you fit into that stack? Larissa Crandall: MSPs are all different. Obviously, they’re great about doing that first initial assessment and analyzing the infrastructure and set of tools and governance that they have. I think the first piece that we’re explaining, and we’re talking to MSPs, is just how to get started and how to build a practice around this. You first have to do that discovery. Most customers are not getting an accurate inventory of what they have. That piece, and explaining “if you do this, here’s the risk mitigation around it, this is how it could help your business.” The second piece I think that some don’t really truly understand is the scope complexity, meaning identifying the infrastructure, the dev, the security, the operations team, everybody else that’s all-encompassing around this. I think the third is staffing. Some MSPs don’t realize, “OK, if we have this, how do we build a profitable practice?” – you need to ensure that you have the right skill set from your own teams to do that assessment up front. It’s a step-by-step, but you can’t do only one of those. Proper discovery, scope, and staffing are really key. Robert Dutt: You guys are a Toronto-based company. For Canadian MSPs or resellers in the audience, is there anything specific about how you’re building the partner ecosystem up here in the market that they should know about, and what’s the first step that a partner should take who’s intrigued by this conversation and wants to find out more? Larissa Crandall: Join a partner program. Obviously, I will say that. I think one of the proud moments for us right now is we launched a new partner program in February. Simplified, it did increase profitability and economics for them, and also did a complete overhaul of all the training, enablement, everything that they were asking for. It sounds simple, hard to do. We did this outside in. We spent a lot of time surveying Canadian resellers, MSPs across the world and really asking them what was needed around that. When we launched it, we had a record number of logins immediately on our partner portal in the first eight days of the program that we had seen in a while. That just goes to show that there’s just this strong pent-up demand for “Teach me and tell me more” because they’re hearing customers with some of these issues. We want to be there first and foremost and be proactive with them. Join the program. That’s what I would say. It’s very simple to start. I promise you, it’s a very profitable program. We’ll help you through and do all the onboarding and spend some time with us. Robert Dutt: From a Canadian point of view, anything particular that you’re looking at in the market up here, as far as building the ecosystem or as far as how you view where the Canadian channel’s at with you guys? Larissa Crandall: I’ve spent quite a bit of time there, talking to partners up there and spending some time with AWS. We spent a lot of time – we just won the Rising Star Award for Canada for the work that we’ve done in partnership with AWS. That has got a lot of press for us personally and what we’re doing and how we’re building solutions together. I would also say we have quite a bit of employees there, obviously. That’s been where we started. I would say a lot of loyal partners that have been with us through the entire journey. I would say that I’m hoping they’re pleased with all the changes and the added incentives there, and happy to talk to them. Robert Dutt: All right, a few quick-answer lightning round type questions before we wrap up. You touched upon this a little bit, but can you maybe elaborate? When you talk to MSPs who are doing identity security really well, what’s one thing that’s common amongst them? What’s the common thread amongst those who are doing well in this space? Larissa Crandall: Great. I would say exactly how we started this conversation – that they have recognized that AI is here and here to stay, and the ones that have built in the forefront and done really well with enablement out to their customers around that human and non-human identity security space and explained it are crushing it. Those are the ones that we’re seeing seat count increase, seeing some of their large customers come on and do true – what I would say, we call it – wall to wall. Bring in customers that have done exactly what that mature MSP did and said, “If we’re going to go do this and preach it ourselves and sell it, we better make sure that we are doing it as a company.” We’re continually seeing that. The ones that really get that from the very beginning are the ones that are on the forefront and being proactive about it versus reactive. You have to be trusted advisors out there, especially to even the SMB community. Robert Dutt: Finally, without naming any names if you don’t want to, what’s the worst password hygiene you have personally witnessed? Larissa Crandall: I would say sticky notes. I would say everything that your grandparents have done, your parents have done. I think it’s one of those where we’re all guilty of – where do we put that password? Did you share it with someone? That’s the worst thing that you can do. Of course, I work here, I’m going to say it, but being a 1Password customer even before – and that’s the fun about being here. I could be in an airport, I’d have a 1Password sweatshirt on walking through and we’re this beloved brand out there because they started with us on that B2C journey and have moved and brought us through into their businesses today. It’s a great place to be. Robert Dutt: Quite the evolution, and thanks for walking us through it, and good luck with the program rollout. Thank you so much for taking the time. Larissa Crandall: Thank you so much, Robert. I appreciate it. [MUSIC] Robert Dutt: My thanks to Larissa Crandall from 1Password for that conversation. A couple of things I want you to take away from it. First, that stat: non-human identities now outnumber human identities 82 to 1. If that number doesn’t make you rethink the scope of the identity conversation you’re having with customers, I’m not sure what will. Second, the MSP who made 1Password mandatory across their entire customer base – not as an add-on, not as an option, but as a baseline requirement for doing business. That’s the kind of conviction that turns a product into a practice. Whether 1Password is the right fit for your stack or not, the broader point stands: identity security is no longer a nice to have, and the MSPs who treat it that way are the ones building real recurring revenue around it. Thanks for listening today. If you haven’t already, please do consider subscribing to or following the podcast in your podcast app of choice. We’re up on Apple Podcasts, Spotify, YouTube Music, iHeartRadio, and more. And if you’re old school and you like your RSS feed to be, well, an RSS feed, we got you covered too. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.

Madhav Nakar — AI Security Researcher and Documentarian of Spirituality and Play   No Password Required Season 7: Episode 3 - Madhav Nakar   Madhav Nakar is a Security Researcher at BeyondTrust specializing in identity threats, endpoint security, and cloud attack paths. With a background in theoretical mathematics, his current research focuses on analyzing attacker behavior to build practical systems of detection.   In this episode, Madhav shares the pivotal moments that shaped his career, including his first experience witnessing a nation-state attack unfold in real time from his seat in a SOC. He explains how mathematical thinking sharpens security strategy and why strong research is rooted in exploration, not predetermined outcomes.   Jack Clabby of Carlton Fields, joined by co-host Kayley Melton of the Cognitive Security Institute, welcomes Madhav for a conversation on modern cyber defense. From AI-driven attacks and agentic systems to privilege escalation risks in role-based access environments, Madhav breaks down what teams are getting wrong about AI and why defending against AI increasingly requires AI-powered tools.   The conversation turns to Madhav's philosophy of “serious play,” where curiosity, experimentation, and failure fuel better research and resilience. He also shares insights from his spiritual and philosophy project, The Fire of Knowing, exploring consciousness and belief through a neutral lens.   In the Lifestyle Polygraph, Madhav pitches a cybersecurity documentary, debates growth versus comfort, and reflects public dancing experiments.  Follow Madhav Nakar here: https://www.linkedin.com/in/madhav-nakar/ Follow "The Fire of Knowing" on Instagram and Youtube!  CHAPTERS:  00:00 Introduction with Kayley and Jack 08:08 Transition from Theoretical Math to Cybersecurity 16:13 Exploring Spiritual Traditions and Madhav's Documentary 19:48 The Intersection of Art and Science in Content Creation 25:20 The Lifestyle Polygraph: Challenging Perspectives on Security

Are we focusing on the wrong threats while ignoring the ones growing right inside our own communities? Join Mike, Tim, and Seth as they dive deep into the biblical definition of the Antichrist, the manipulative power of fear, and how the modern church often aligns itself with worldly systems rather than the Kingdom of God. This episode moves beyond traditional labels to explore what it actually means to live in a cosmically contested space. In this conversation, the team unpacks the startling New Testament reality that antichrists are often plural and internal to the church, rather than a single external boogeyman. We discuss the recent tragic events in Iran and how nationalistic rhetoric often blinds us to the suffering of others. By looking at the life of Jesus through the lens of security versus threat, we explore why the church is so easily led by fear and how we can begin to resist the systemic powers of individualism, tribalism, and redemptive violence. CHAPTERS: 0:00 Intro and Spring Break Shenanigans 3:15 Subscribe or Die 7:45 Global Conflict and the Good Guys Narrative 12:30 Redefining the Antichrist: Plural and Internal 18:15 The Theology of Gnosticism and the Flesh 23:50 Why Fear Drives Us to Authoritarianism 28:10 Jesus, Foot Washing, and Identity Security 34:20 James Baldwin: Every Dead Child is My Child 39:45 The Kingdom of God vs. The Counter-Kingdom 44:10 The Origin of Evil and Moral Agency 49:30 Salvation as a Cosmic Dimension 55:15 Cultural Discernment Beyond Safe for the Family 59:40 Six Powers Dominating the American Church  As always, we encourage and would love discussion as we pursue. Feel free to email in questions to hello@voxpodcast.com, and to engage the conversation on Facebook and Instagram. We're on YouTube (if you're into that kinda thing): VOXOLOGY TV. Our Merch Store! Etsy Learn more about the Voxology Podcast Subscribe on iTunes or Spotify Support the Voxology Podcast on Patreon The Voxology Spotify channel can be found here: Voxology Radio Follow us on Instagram: @voxologypodcast and "like" us on Facebook Follow Mike on Twitter: www.twitter.com/mikeerre Music in this episode by Timothy John Stafford Instagram & Twitter: @GoneTimothy

Security teams are under more pressure than ever, reacting at human speed while systems, identities, and AI agents operate at machine speed. In this episode of Security Matters, host David Puner sits down with cybersecurity leader and former FBI executive MK Palmore to explore why defenders struggle to keep pace and what it takes to regain control.From AI agents that overshare sensitive data to cloud misconfigurations that never seem to disappear to the persistent success of ransomware, MK explains how complexity, vendor sprawl, and overloaded teams create gaps that attackers continue to exploit. The conversation highlights how identity across human, machine, and emerging agent types has become the center of modern security and why fundamentals, prioritization, and platform thinking matter more than ever.Listeners will hear insight on: • Identity at machine speed and the rise of autonomous access • Why attackers still win more than 51 percent of the time • How ransomware continues to succeed despite industry progress • Why SMBs face “mission impossible” expectations • The true cost of vendor sprawl and operational overload • What effective security leadership looks like in the current threat environmentIf you work in identity, security operations, strategy, or leadership, this discussion cuts through hype and focuses on the realities defenders face and how to push back against the constant pressure of the tyranny of the now.

Get 90 days of Fellow free at Fellow.ai/coo In this episode, Michael Koenig speaks with Greg Keller, co-founder and CTO of JumpCloud, about identity access management and why it's becoming one of the most important operational systems in the age of AI. Greg explains how traditional identity systems were designed for office-based companies running Microsoft infrastructure and why that model broke as companies moved to SaaS, cloud infrastructure, and remote work. The discussion then turns to the next big shift: the rise of AI agents and synthetic identities inside organizations. As companies deploy more AI tools, the number of machine identities may soon outnumber human employees. Managing what those systems can access will become a critical security and operational challenge.   Topics Covered What a CTO actually does Greg explains the different types of CTO roles and how technology leaders help companies anticipate where the market is headed. Identity Access Management explained simply IAM answers three core questions inside every company: Who are you? What can you access? How is that access managed?   Why the old IT model broke Traditional identity systems were built for on-premise offices and Microsoft infrastructure. Modern companies now operate across: SaaS applications cloud infrastructure remote work environments multiple operating systems How JumpCloud approaches identity JumpCloud was built to manage identity across devices, applications, and infrastructure regardless of platform. Where Okta fits in the ecosystem Okta helped modernize browser-based authentication through Single Sign-On, while JumpCloud focuses on broader identity infrastructure.   AI, Security, and Synthetic Identities Why COOs should push AI adoption Greg argues AI adoption is no longer optional. Companies must encourage teams to improve productivity and efficiency using AI.   The rise of synthetic identities AI agents, bots, APIs, and service accounts are becoming new actors inside companies that require identity governance.   Bots may soon outnumber employees Organizations will soon manage more machine identities than human ones.   AI as a potential insider threat AI systems can become security risks if they are granted excessive permissions or misinterpret policies.   The API key governance problem Many AI integrations rely on API keys, which are often poorly managed and can create hidden security risks.   Key Takeaway As companies adopt AI, identity access management becomes the control layer that determines what both humans and machines are allowed to do inside the organization. The companies that manage identity well will move faster and operate more securely.   Links: Michael on LinkedIn: https://linkedin.com/in/michael-koenig514 Greg on LinkedIn: https://www.linkedin.com/in/gregorykeller/ JumpCloud: https://jumpcloud.com/ Between Two COO's: https://betweentwocoos.com Episode Link: https://betweentwocoos.com/ai-agents-identity-access-greg-keller

株式会社日立ソリューションズは2月16日、Okta, Inc.の「Okta Identity Security Posture Management（Okta ISPM）」を2月17日から提供すると発表した。

Simon Moffatt, founder and analyst at The Cyber Hut and co-host of The Analyst Brief podcast, returns to Identity at the Center for a wide-ranging conversation about the strategic evolution of identity security. Simon shares an update on his second book, IAM at 2035, which explores where identity is heading over the next decade. The discussion covers why identity has shifted from a back office function to a strategic business enabler, driven by the convergence of cloud, zero trust, and expanding digital ecosystems.Jim and Jeff dig into how organizations can measure their identity security posture, and Simon introduces his Identity Security Scorecard, a framework of 50-plus data points covering visibility, protection, detection, and response. The conversation shifts to the identity attack lifecycle, where Simon explains why organizations need to move beyond log-based forensics and toward real-time detection and response before attacks complete.The group also explores how non-identity data signals, like CAEP and shared signals frameworks, are critical to building a fuller picture of risk. The final segment tackles agentic AI and its implications for identity, including the argument that agentic identities may represent a third identity type distinct from both human and machine. Simon makes the case that AI adoption is outpacing identity and security innovation, creating a widening gap that the industry must address through governance, accountability, and new architectural patterns.Connect with Simon: https://www.linkedin.com/in/simonmoffatt/The Analyst Brief Podcast: https://www.thecyberhut.com/podcast/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comTimestamps00:00 Introduction and conference discount codes02:29 Simon Moffatt returns to the show03:58 Update on the IAM at 2035 book07:25 The Analyst Brief podcast and covering identity trends08:44 Identity shifts from back office to strategic priority11:47 The compliance trap and reactionary identity management14:25 Customer identity transparency influencing workforce identity16:52 Defining identity security across 80-plus vendors20:11 Products alone do not solve identity security21:14 Thinking like an attacker about identity flows23:23 Red flags in an organization's identity posture25:43 The identity security scorecard and measuring risk29:27 Avoiding FUD when presenting identity risk to the board32:34 The identity attack lifecycle explained36:53 Building the mindset for real-time detection and response37:41 CAEP, shared signals, and non-identity data sources40:10 Identity as a 24/7 security operations function43:24 Agentic AI drops like a nuclear explosion on identity46:49 The widening gap between AI adoption and identity security47:51 Is agentic identity a third identity type?50:47 What needs to change to address the agentic identity explosion53:24 Will AI shake the core of enterprise IT?57:24 AI may be the only thing that can secure AI58:04 Travel tips for EIC Berlin and European conferences01:02:45 Wrapping upKeywordsidentity security, identity attack lifecycle, identity attack paths, agentic AI, agentic identity, non-human identity, NHI, identity security scorecard, zero trust, CAEP, shared signals framework, identity governance, identity strategy, IAM, identity posture, Simon Moffatt, The Cyber Hut, The Analyst Brief, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

CyberArk founder and executive chairman Udi Mokady returns to Security Matters at a transformational moment—now as part of Palo Alto Networks, following the acquisition's close on February 11. In this far‑reaching conversation, Udi and host David Puner explore why identity has become the attack vector for modern enterprises, driven by an unprecedented surge in human, machine and AI‑powered identities that attackers increasingly exploit.Udi discusses what the combined companies' scale and capabilities mean for customers, why identity security must now operate as frontline defense rather than a management layer, and how AI agents are rapidly reshaping the threat landscape. He also reflects on CyberArk's long‑distance entrepreneurial journey, the cultural foundations that have made the company durable over 26 years, and how productive paranoia, innovation and trust continue to guide the mission forward inside Palo Alto Networks.Note: This episode was recorded in January, prior to the acquisition's close.

In this episode of Identity at the Center, hosts Jeff and Jim dive into the details of the Shared Signals Framework (SSF) and Continuous Access Evaluation Profile (CAEP), with special guest Atul Tulshibagwale, the CTO of Signal. The trio discusses the complexities and applications of these identity security standards, recent adoption by major tech companies, and how they are transforming the approach towards identity and access management. Atul also shares exciting news about Signal's impending acquisition by CrowdStrike and reflects on a recent safari trip in Kenya. Tune in to learn about the evolution of identity security and the future of SSF and CAEP.Connect with Atul: https://www.linkedin.com/in/tulshi/Learn more about the Artificial Intelligence Identity Management Community Group: https://openid.net/cg/artificial-intelligence-identity-management-community-group/Learn more about SSF and CAEP:https://openid.net/how-authzen-and-shared-signals-caep-complement-each-other/https://sgnl.ai/whitepaper/caep-best-practices/https://caep.dev/https://youtu.be/qakOw0g2mZ8?si=p8z9imn7x-HhLdcVhttps://www.youtube.com/live/e64YiAmGmf4?si=QPKDg2Jm9oSZmbhZhttp://sharedsignals.guide/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comTimestamps:00:00 Introduction and Episode Milestone00:17 Challenges with Installing Molt Bot02:32 MoltBook and AI Agents03:21 Jim's Perspective on AI Assistants09:24 Conferences and Networking10:10 Introduction to Shared Signals and CAEP13:03 CrowdStrike Acquisition of Signal14:03 AI Identity Management Community16:59 Shared Signals Framework and CAEP Explained30:03 Final Version of CAEP and Shared Signals Released30:35 Adoption by Major Technology Providers32:49 Benefits of Implementing Shared Signals36:32 Future of SSF and CAEP40:51 Certification Program for Shared Signals52:48 Real-World Safari Adventure01:00:34 Conclusion and Final ThoughtsKeywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Atul Tulshibagwale, Shared Signals Framework, SSF, CAEP, Continuous Access Evaluation Profile, OpenID Foundation, CrowdStrike, SGNL AI Identity, Agentic Identity, AuthZEN, Risk, Identity Security, IAM, Podcast

This episode is sponsored by PlainID. Visit plainid.com/idac to learn more.In this sponsored episode, Jim McDonald and Jeff Steadman talk with Gal Helemski, CTO and co-founder of PlainID, about the evolving landscape of authorization. The conversation covers the transition from traditional roles and attributes to a modern policy-based access control (PBAC) approach. Gal explains how PlainID helps organizations centralize authorization logic, improve security posture, and simplify the management of access across complex hybrid and multi-cloud environments. The discussion also touches on the importance of visibility into who has access to what and the role of standards like Cedar and Rego in the future of authorization.Connect with Gal: https://www.linkedin.com/in/gal-helemski-b9542231/Learn more about PlainID: plainid.com/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comTimestamps:00:00 Introduction to the Sponsor Spotlight02:15 Meet Gal Helemski from PlainID05:30 The shift from RBAC to PBAC10:45 Challenges with traditional authorization methods15:20 How PlainID centralizes authorization logic22:10 Integrating with existing identity providers28:45 The role of visibility and auditing in authorization35:30 Discussion on authorization standards: Cedar and Rego42:15 Future trends in identity and access management50:00 Final thoughts and where to learn moreKeywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, PlainID, Authorization, Policy-Based Access Control, PBAC, RBAC, Cybersecurity, IAM, Access Management, Gal Helemski, Identity Security

Jim McDonald is joined by Jeff Margolies, Chief Product and Strategy Officer at Saviynt, to discuss the intersection of artificial intelligence and identity security. Jeff shares his decades of experience in the industry, from building the IAM practice at Accenture to his current leadership role at Saviynt. The conversation covers how AI is making manually intensive identity tasks more efficient, the emergence of Identity Security Posture Management (ISPM), and the critical need to govern identities for AI agents. Jeff also provides his perspective on the future of the identity practitioner and why he remains an optimist in a rapidly changing technological landscape.Connect with Jeff Margolies on LinkedIn: https://www.linkedin.com/in/jmargolies/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comTimestamps:00:00:00 - Introduction and Gartner Identity Conference Recap00:02:11 - Jeff Margolies' Career Journey in Identity and Security00:04:36 - Returning to Identity and Joining Saviynt00:06:13 - How AI is Impacting Identity Security and Governance00:09:56 - The Future of Identity Services in an AI World00:13:58 - Will AI Disrupt the SaaS Model for Identity?00:19:50 - The Impact of AI on the Identity Practitioner Job Market00:26:16 - Identity for AI: Governing Agents and Delegated Authority00:32:00 - Combating Deepfakes and Proving What is Real00:34:40 - The Rise of Identity Security Posture Management (ISPM)00:41:46 - Comparing Posture Management and ITDR00:44:17 - Advice for CISOs: Why Posture Should Come First00:49:35 - The Secret to Saviynt's Success and Future Outlook00:52:19 - Lighter Note: Why Jeff Chose a Tesla for His DaughterKeywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Jeff Margolies, Saviynt, IAM, Identity and Access Management, AI, Artificial Intelligence, ISPM, ITDR, Cybersecurity, Identity Governance, SaaS, IGA

This episode features Dr. Mary Aiken, Professor of Cyberpsychology at Capitol Technology University and one of the world's leading experts on the impact of technology on human behavior.With a career spanning academia, law enforcement advisory roles, and global policy work with organizations like INTERPOL and Europol, Dr. Aiken brings deep insight into how human psychology shapes security outcomes. Her work focuses on the human layer of cyber risk—how trust, perception, fatigue, and bias influence behavior in digital environments.In this episode, Dr. Aiken explains why humans aren't the weakest link in cybersecurity but the most targeted. She shows how attackers weaponize human behavior through phishing, MFA fatigue, and insider recruitment, and why hybrid identity must be treated as a cyber-psychological battlefield. She also discusses what human-aware defenses look like in practice and why intelligence augmentation is critical to psychological and technical resilience.This episode reframes identity security as a human problem first and offers a clearer way to think about protecting people in an increasingly manipulative digital world.Guest BioDr Mary Aiken is a world leading expert in Cyberpsychology – the study of the impact of technology on human behaviour. She is Professor of Cyberpsychology and Chair of the Department of Cyberpsychology at Capitol Technology University Washington D.C.'s premier STEM University, and Professor of Forensic Cyberpsychology at the University of East London. Professor Aiken is a Member of the INTERPOL Global Cybercrime Expert Group and an Academic Advisor to Europol's European Cyber Crime Centre (EC3). She is a Fellow of The Royal Society of Medicine, a member of the Medico-Legal Society and an International Affiliate Member of the American Psychological Association (APA). She is a former Global Fellow at the Washington DC Wilson Center, and is a Fellow of the Society for Chartered IT Professionals. She is a former Director of the Royal College of Surgeons (RCSI) Cyberpsychology Research Centre. Dr Aiken's work inspired the CBS PrimeTime TV series 'CSI: Cyber.' Her landmark bestselling book 'The Cyber Effect' was a 2016 'Times book of the year.' Dr Mary Aiken is recognised as an international expert in industry and policy debates at the intersection of technology and human behaviour she has been invited to present at events organised by global organisations such as the United Nations, the European Union, NATO, G7, Europol, INTERPOL and the White House.Guest Quote“People talk about humans being the weakest link in the cybersecurity equation. They're not the weakest link, they're just simply the most targeted link.”Time stamps01:58 Meet Dr. Mary Aiken: World-leading Expert in Cyberpsychology 03:17 The Psychology of Cybersecurity 10:40 Behavioral Differences Online vs. Real World 15:17 Cyber Behavioral Attack Vectors 23:05 Future of Cybersecurity: AI and Human Collaboration 25:46 Conclusion and Final ThoughtsSponsorThe HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Dr. Aiken on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

S1E8: Killing Passwords, Building Trust: Modern Identity Security in Healthcare On this episode of We Have Trust Issues, our hosts dive into the intersections of modern identity security and clinician workflows with Joel Burleson-Davis, CTO of Imprivata. Joel discusses transformative strategies like passwordless authentication, mobile workflows, and AI-powered solutions that enhance both clinician productivity and security. Discover how healthcare organizations can build trust and improve efficiency without sacrificing data protection. For more insights, listen to Imprivata's podcast, Access Point, exploring cybersecurity and operational strategies in critical industries. To stream our Station live 24/7 visit www.HealthcareNOWRadio.com or ask your Smart Device to “….Play Healthcare NOW Radio”. Find all of our network podcasts on your favorite podcast platforms and be sure to subscribe and like us. Learn more at www.healthcarenowradio.com/listen

Software stocks have been left in the dust while hardware and semiconductor stocks (like Nvidia) have sucked the air out of the room. But after a brutal 5-year underperformance compared to hardware, is there finally value in the software sector?In this episode, we are joined by Ryan Henderson of the Chit Chat Stocks Podcast and Fiscal.ai to break down the hardware decade and discuss where he is finding value right now. We cover the threat of AI "vibe coding" replacing SaaS, why Adobe might be the Western Union of creative software, and deep dives into Remitly, Wise, Monday.com, and Airbnb.Find Ryan and The Chit Chat Stocks Podcast here: https://open.spotify.com/show/4SBtOWGEOmD9pmltgIXO8r?si=2d1f06dc987f41aaSupercharge your analysis with AI! Get 15% of your membership with our special link here: https://fiscal.ai/csi/Join us on Discord with Semiconductor Insider, sign up on our website: www.chipstockinvestor.com/membershipSign Up For Our Newsletter: https://mailchi.mp/b1228c12f284/sign-up-landing-page-short-formChapters:[00:00] Intro: The Great Software vs. Hardware Divergence[00:58] The Charts: SMH vs. IGV (Software ETF) Performance[06:21] Ryan's Value Pick #1: Remitly (RELY) vs. Western Union[10:59] Remitly vs. Wise (TransferWise): Key Differences[14:19] Is Adobe (ADBE) a Value Trap or Future Compounder?[18:49] Pick #3: Monday.com (MNDY) & Moving Upmarket[19:58] The "Vibe Coding" Debate: Will AI Kill SaaS Companies?[24:59] Pick #4: Airbnb (ABNB) – A Monopoly on Alternative Stays?[29:45] ServiceNow (NOW): Acquisitions, Identity Security, & 98% Renewal Rates[32:59] The Real AI Threat: Disruption of Data Aggregation & Financial DataIf you found this video useful, please make sure to like and subscribe!*********************************************************Affiliate links that are sprinkled in throughout this video. If something catches your eye and you decide to buy it, we might earn a little coffee money. Thanks for helping us (Kasey) fuel our caffeine addiction!Content in this video is for general information or entertainment only and is not specific or individual investment advice. Forecasts and information presented may not develop as predicted and there is no guarantee any strategies presented will be successful. All investing involves risk, and you could lose some or all of your principal.#SoftwareStocks #StockMarket #Investing #Adobe #Airbnb #SaaS #AI #Semiconductors #remitly #monday.comNick and Kasey own shares of Monday.com

Welcome back to Forcepoint's "To the Point Cybersecurity Podcast"! In this episode, Rachael Lyon and Jonathan Knepper kick off the new year by diving into a fresh and fascinating topic for the show: cybersecurity within the hospitality industry. Joining them are Jasson Casey, CEO and founder of Beyond Identity, and Josh Johansen, Director of IT for Brent Hospitality Group. The conversation unfolds like a real-world thriller, as Josh Johansen recounts a recent cyberattack targeting his organization—a phishing attempt that nearly fooled hotel staff with convincing fake invoices. The discussion expands into how passwordless technology stopped the attack, the ever-evolving world of AI-driven threats like voice cloning and document forgery, and how companies can keep up with sophisticated adversaries who increasingly use AI. Jasson Casey offers expert insight into the rapid advancements in impersonation techniques, sharing eye-opening examples from his own experimentation with voice cloning and underlining the need for robust attestation methods. Together, the group weighs in on privacy implications, the societal shifts brought by social media, and practical strategies for managing security in a complex hospitality ecosystem. If you're interested in the intersection of hospitality, AI, and cybersecurity—and what brands and individuals can do to protect themselves—this episode is one you can't miss. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e368

Rob Hughes — CISO at RSA and Champion of a Passwordless FutureNo Password Required Season 7:  Episode 1 - Rob HughesRob Hughes, the CISO at RSA, has more than 25 years of experience leading security and cloud infrastructure teams. In this episode, he reflects on his unconventional career path, from co-founding the original Geek.com and serving as its Chief Technologist during the early days of the internet, to leading security and systems design at Philips Home Monitoring.Jack Clabby of Carlton Fields, P.A. and Kayley Melton welcome Rob for a wide-ranging conversation on identity, leadership, and the realities of modern cybersecurity. Rob currently leads RSA's Security and Risk Office, overseeing cybersecurity, information security governance, and risk across both RSA's products and corporate environment.Rob explains his dream for a passwordless future. He unpacks why passwords remain one of the largest sources of cyber risk, how real-world incidents and password-spraying attacks have accelerated change, and why phishing-resistant technologies like passkeys may finally be reaching a tipping point.  The episode wraps with the Lifestyle Polygraph, where Rob lightens the conversation with stories about gaming with his kids, underrated horror films, and classic cars.Follow Rob on LinkedIn: https://www.linkedin.com/in/robert-hughes-816067a4/Chapters: 00:00 Introduction to No Password Required01:43 Meet Rob Hughes, CISO at RSA02:05 The Role of a CISO in a Security Company05:09 Transitioning to the CISO Role08:00 The Early Days of Geek.com12:14 Launching a Startup During the Dot Com Boom14:30 The Push for a Passwordless Future18:21 Tipping Point for Passwordless Adoption20:20 Ongoing Learning in Cybersecurity26:09 Managing Stress in High-Pressure Environments33:46 The Lifestyle Polygraph Begins34:15 Career Insights in Cybersecurity36:08 Dream Cars and Personal Preferences39:58 Underrated Horror Films41:19 Creating a Cybersecurity Monster

Public Key Infrastructure (PKI) underpins nearly every secure interaction in modern IT, but it's also one of the most misunderstood and overlooked foundations of security.In this episode of Secure IT, host Jason Kikta is joined by Mark Cooper, CEO and founder of PKI Solutions, to unpack why PKI is so critical to identity, authentication, and trust, and what happens when it fails.They explore how certificates enable passwordless authentication, secure TLS connections, IoT devices, endpoints, and enterprise systems, while also examining why misconfigured or poorly monitored PKI environments often become an attacker's fastest path to privilege escalation. From certificate expirations and operational outages to real-world breach scenarios and pen test failures, this conversation maps the full PKI risk spectrum.Jason and Mark also challenge a common assumption in cybersecurity: that recovery equals resilience. Instead, they argue that true resilience means staying secure and operational, even during misconfiguration, failure, or attack.Whether you're new to PKI or responsible for running it, this episode will change how you think about identity infrastructure, resilience, and trust.Topics covered:- What PKI is and why most organizations already depend on it- Certificates, passwordless authentication, and digital identity- How PKI misconfigurations enable high-impact attacks- Why recovery is the weakest form of resilience- The hidden operational and security risks of foundational systems

AI systems are moving fast, sometimes faster than the guardrails meant to contain them. In this episode of Security Matters, host David Puner digs into the hidden risks inside modern AI models with Pamela K. Isom, exploring the governance gaps that allow agents to make decisions, recommendations, and even commitments far beyond their intended authority.Isom, former director of AI and technology at the U.S. Department of Energy (DOE) and now founder and CEO of IsAdvice & Consulting, explains why AI red teaming must extend beyond cybersecurity, how to stress test AI governance before something breaks, and why human oversight, escalation paths, and clear limits are essential for responsible AI.The conversation examines real-world examples of AI drift, unintended or unethical model behavior, data lineage failures, procurement and vendor blind spots, and the rising need for scalable AI governance, AI security, responsible AI practices, and enterprise red teaming as organizations adopt generative AI.Whether you work in cybersecurity, identity security, AI development, or technology leadership, this episode offers practical insights for managing AI risk and building systems that stay aligned, accountable, and trustworthy.

This episode features host Sean Deuby and fellow Semperis colleague Guido Grillenmeier, Principal Technologist, EMEA, in a candid recap of the 2025 Hybrid Identity Protection Conference in Charleston. They trade takeaways on what they heard, what surprised them, and what the event revealed about where hybrid identity security is headed.Sean and Guido highlight some key observations from keynote speakers including Chris Inglis (former US National Cyber Director), Alex Weinert (Semperis CPO and former VP of Identity Security at Microsoft), and other identity security and recovery experts across the world.This is a fast, grounded debrief designed to help you take in the conference highlights and carry forward the insights that will matter most in the year ahead.Time stamps 01:45 Welcome to the HIP Conf Recap04:27 The Biggest Conference Themes and What They Signal08:39 Active Directory's Evolution + Microsoft's Presence12:54 Keynotes and the Broader Identity Threat Picture17:14 Practical Practitioner Takeaways26:49 Identity Security as an Ongoing Program31:39 Wrap-Up and What's Next for HIP ConfSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Watch all the sessions from HIP Conf 2025Connect with Guido on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Join Jeff, Jim, and special guest Ian Glazer at the Gartner IAM Summit 2025 as they discuss the Identity and Access Management (IAM) industry, the evolution of IAM practices, and the exciting new concepts like Continuous Identity. They delve into topics such as the impact of AI, shared signals framework, and the struggles and triumphs of identity practitioners. Plus, hear about the Digital Identity Advancement Foundation's mission and enjoy some lighter moments with tales of 'chuckles' and supper clubs. Don't miss this insightful and entertaining episode of the Identity at the Center podcast.Connect with Ian: https://www.linkedin.com/in/iglazer/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comTimestamps00:00 Introduction and Casual Banter00:50 Conference Highlights and Podcast Milestones03:00 Introducing Ian Glazer05:43 Digital Identity Advancement Foundation (DIF)08:09 Challenges in Identity Governance and Administration (IGA)13:28 Continuous Identity: A Paradigm Shift22:31 Real-World Applications and Organizational Impact31:51 Realistic Security Measures32:28 Maturity of Identity and Access Management34:54 Skills and Challenges in IAM36:44 Metrics and Outcomes in IAM40:23 Identity Practitioner Skills41:19 Solving Problems with AI46:21 Continuous Identity and Future Trends48:45 Identity Salon and Community54:19 Wrapping Up and Future EventsKeywordsIan Glazer, Continuous Identity, Shared Signals Framework, CAEP, Gartner IAM Summit, Identity Security, Joiner Mover Leaver, IGA, Access Certification, Identity Salon, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, IAM, Cybersecurity, Non-Human Identity, Identity Practitioner, DIAF

How are defenders supposed to keep up when attackers move at the speed of AI? In this episode of Security Matters, host David Puner welcomes Rick McElroy, founder and CEO of Nexasure, for a candid conversation about cybersecurity's breaking point. Together, they unpack the realities of defending organizations in an era of identity sprawl, machine risk, agentic AI, and relentless automation. Rick shares hard-won insights from decades on the front lines, challenging the myth of perfect defense and revealing why identity remains at the root of most breaches. Whether you're a CISO, IT leader, or cybersecurity professional, you'll get actionable advice on managing machine identities, rethinking risk, and building resilience for a future where change is the only constant.

In this episode of Security Matters, host David Puner welcomes back David Higgins, senior director in CyberArk's Field Technology Office, for a timely conversation about the evolving cyber threat landscape. Higgins explains why today's attackers aren't breaking in—they're logging in—using stolen credentials, AI-powered social engineering, and deepfakes to bypass traditional defenses and exploit trust.The discussion explores how the rise of AI is eroding critical thinking, making it easier for even seasoned professionals to fall for convincing scams. Higgins and Puner break down the dangers of instant answers, the importance of “never trust, always verify,” and why zero standing privilege is essential for defending against insider threats. They also tackle the risks of shadow AI, the growing challenge of misinformation, and how organizations can build a culture of vigilance without creating a climate of mistrust.Whether you're a security leader, IT professional, or just curious about the future of digital trust, this episode delivers actionable insights on identity security, cyber hygiene, and the basics that matter more than ever in 2026 and beyond.

In this episode of the Identity at the Center Podcast, hosts Jeff and Jim sit down with Tobin South, co-chair of the OpenID Foundation's AI Identity Management Community Group, to delve into the intricacies of identity management in the age of agentic AI. They discuss the challenges and solutions related to AI agents, the role of the Model Context Protocol (MCP), and the concept of recursive delegation and scope attenuation. Additionally, the conversation covers practical advice for developers and enterprises on preparing for AI-driven identity management and explores the cultural touchstone of coffee from various global perspectives.Connect with Tobin: https://www.linkedin.com/in/tobinsouth/OpenID Foundation: https://openid.net/Identity Management for Agentic AI (OpenID Whitepaper): https://openid.net/wp-content/uploads/2025/10/Identity-Management-for-Agentic-AI.pdfConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comChapter Timestamps:00:00 – Jeff and Jim banter about unopened iPads and conference season05:55 – Introduction to Tobin South and his AI identity background07:00 – How AI has evolved from machine learning to generative models09:00 – The OpenID AI Identity Management Community Group10:30 – ChatGPT's impact on the AI perception shift12:00 – Users vs. Agents: What's the difference?14:00 – Letting the right bots in: AI agents vs. bad bots17:00 – AI impersonation, delegation, and the risk of shared credentials20:00 – Impersonation vs. Delegation – what practitioners need to know23:00 – Governance, oversight, and delegated authority for agents26:00 – Liability and “who is responsible” in agentic systems30:00 – How developers can prepare for agent identity and access management32:00 – Explaining the Model Context Protocol (MCP)36:00 – Enterprise use cases for MCP and internal automation38:00 – Is MCP the next SAML?42:00 – Recursive delegation and scope attenuation explained46:00 – The one key takeaway for IAM professionals48:00 – Lighter note: Coffee talk – from Sydney to San Francisco54:00 – Wrap-up and where to find more IDAC contentKeywords:IDAC, Identity at the Center, Jim McDonald, Jeff Steadman, Tobin South, OpenID Foundation, AI Identity Management, Agentic AI, Delegated Authority, Impersonation vs Delegation, Model Context Protocol (MCP), Recursive Delegation, Scope Attenuation, Identity Access Management, IAM, AI Governance, AI Standards, Enterprise AI, AI Agents, Identity Security

As enterprises embrace agentic AI, a new security risk equation emerges. In this episode of Security Matters, host David Puner sits down with Lavi Lazarovitz, VP of Cyber Research at CyberArk Labs, to unpack how AI agents and identity security are reshaping the threat landscape. Learn why privileged access is now the fault line of enterprise security, how attackers exploit overprivileged AI agents, and what security teams must rethink before scaling AI. Packed with real-world examples and actionable insights, this is a must-listen for anyone meeting the challenges of AI and cybersecurity.

Illinois Secretary of State Alexi Giannoulias joins John Williams to talk about Illinois implementing Mobile IDs. Secretary Giannoulias explains how the digital technology works, why this technology is both convenient and safe, where you can use your digital ID right now, when the mobile ID will come to Android phones, and if passports will be coming to your […]

Illinois Secretary of State Alexi Giannoulias joins John Williams to talk about Illinois implementing Mobile IDs. Secretary Giannoulias explains how the digital technology works, why this technology is both convenient and safe, where you can use your digital ID right now, when the mobile ID will come to Android phones, and if passports will be coming to your […]

Illinois Secretary of State Alexi Giannoulias joins John Williams to talk about Illinois implementing Mobile IDs. Secretary Giannoulias explains how the digital technology works, why this technology is both convenient and safe, where you can use your digital ID right now, when the mobile ID will come to Android phones, and if passports will be coming to your […]

Eric O'Neill, former FBI ghost and author of “Spies, Lies & Cybercrime,” joins host David Puner to take a deep dive into the mindset and tactics needed to defend against today's sophisticated cyber threats. Drawing on O'Neill's experience catching spies and investigating cybercriminals, the conversation explains how thinking like an attacker can help organizations and individuals stay ahead. The episode covers actionable frameworks, real-world stories, and practical advice for building cyber resilience in an age of AI-driven scams and industrialized ransomware.

In this episode of Security Matters, host David Puner sits down with Yuval Moss, CyberArk's VP of Solutions for Global Strategic Partners, to explore the fast-evolving world of agentic AI and its impact on enterprise security. From rogue AI agents deleting production databases to the ethical blind spots of autonomous systems, the conversation dives deep into how identity and Zero Trust principles must evolve to keep pace. Yuval shares insights from his 25-year cybersecurity journey, including why AI agents behave more like humans than machines—and why that's both exciting and dangerous. Whether you're a security leader, technologist or curious listener, this episode offers practical guidance on managing AI agent identities, reducing risk, and preparing for the next wave of autonomous innovation.Explore more of Yuval's thinking on agentic AI and identity-first security in these recent articles:The life and death of an AI agent: Identity security lessons from the human experienceWhen AI Agents Mirror Humanity's Best Behaviors…and Worst Behaviors The Agentic AI Revolution: 5 Unexpected Security Challenges

In this episode of the Identity at the Center Podcast, Eve Maler, founder and CEO of Venn Factory joins host Jim McDonald. They discuss the significance of identity in the corporate world; detailing Eve's new book aimed at educating CEOs on the importance of treating identity as a strategic asset rather than mere infrastructure. They explore concepts like the evolving role of identity in security, the increasing risks posed by AI and cybersecurity threats, and the potential for organizational paralysis without proper identity management. Eve emphasizes the need for cross-functional focus and strategic ownership of identity functions within companies. The episode concludes with insights into public speaking and preparation, providing listeners with practical advice and industry insights.Connect with Eve: https://www.linkedin.com/in/evemaler/Chapters00:00 Introduction and Guest Welcome00:32 The Story Behind 'Venn Factory'02:09 Eve Maler's Book for CEOs04:42 The Importance of Digital Identity10:53 AI and Its Impact on Executives17:25 Organizational Challenges in Identity Management23:49 The Role of Identity in Organizations24:44 Escaping Organizational Paralysis25:08 Valuing Identities in the Digital Age28:13 B2B Identity Dynamics35:21 The Rise of Identity Security42:32 Public Speaking Tips and Lighter NotesConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

Modern digital supply chains are increasingly complex and vulnerable. In this episode of Security Matters, host David Puner is joined by Retsef Levi, professor of operations management at the MIT Sloan School of Management, to explore how organizations can “sense the signals” of hidden risks lurking within their software supply chains, from open source dependencies to third-party integrations and AI-driven automation.Professor Levi, a leading expert in cyber resilience and complex systems, explains why traditional prevention isn't enough and how attackers exploit unseen pathways to infiltrate even the most secure enterprises. The conversation covers the critical need for transparency, continuous monitoring, and rapid detection and recovery in an era where software is built from countless unknown components.Key topics include:How to sense early warning signs of supply chain attacksThe role of AI and automation in both risk and defenseBest practices for mapping and securing your digital ecosystemWhy resilience—not just prevention—must be at the core of your security strategyWhether you're a CISO, IT leader or security practitioner, this episode will help you rethink your approach to digital supply chain risk and prepare your organization for what's next.Subscribe to Security Matters for expert insights on identity security, cyber resilience and the evolving threat landscape.

In cybersecurity, identity has become the primary attack vector. We explore identity in CXOTalk 892, with the CEO of RSA Security, Rohit Ghai, who explains how stolen credentials, social engineering, and AI-enabled impersonation break defenses. And what boards, CISOs, and executives must do now.What you'll learn:-- Why credential theft remains the #1 initial access vector and what “phishing resistant” MFA actually requires-- How attackers bypass MFA via help desk social engineering and voice impersonation, and how to stop it-- Managing identity across the joiner–mover–leaver lifecycle to close high-risk gaps-- The “assume breach” mindset: zero trust, least privilege, and blast radius reduction-- The CISO's evolving mandate: business vs. technology, board communication, and risk quantification-- AI in cyber: sword, shield, and attack surface, and the changing economics of attack vs. defense-- Ransomware beyond backups: data theft, response playbooks, and legal/PR readinessWho should watch:Board members, CEOs, CISOs, CIOs, and security leaders who seek clear actions to improve resilience without slowing the business.

CyberArk's technology leader discusses their strategy for securing against AI threats, protecting agentic AI systems, and their vision for the future in an increasingly AI-driven cybersecurity landscape.Topics Include:CyberArk celebrates recent exciting news while discussing their incredible cybersecurity journeyFounded in 1999, CyberArk pioneered privilege access management and expanded into comprehensive identity securityCompany executed textbook SaaS transformation from perpetual licensing to subscription-based cloud modelLeadership set clear customer expectations, framing SaaS shift as faster innovation deliveryAddressed customer concerns about cost predictability, security compliance, and data residency requirementsTechnical team implemented lift-and-shift architecture with AWS RDS and multi-tenant improvementsCorporate initiative tracked weekly metrics and milestones throughout full development lifecycle processCustomer Success evolved from transactional support to strategic partnership embedded in security journeysAWS partnership fundamental to cloud journey with 25+ integrations and Marketplace collaborationAI strategy focuses on three pillars: using AI, securing against AI threatsFuture 12-24 months: continue securing all identities while expanding AI capabilities and solutionsAWS partnership expanding in 2025 leveraging machine identity leadership and GenAI advancesParticipants:Peretz Regev – Chief Product & Technology Officer, CyberArkBoaz Ziniman – Principal Developer Advocate - EMEA, Amazon Web ServicesFurther Links:· CyberArk: Website – LinkedIn – AWS MarketplaceSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

In this episode of the Identity at the Center Podcast, hosts Jeff and Jim dive into the critical intersection of cloud security and identity and access management (IAM). They are joined by experts from RSM Justin Devine, Cloud Transformation Director, and Vaishnavi Vaidyanathan, Digital Identity Director, to discuss the challenges and strategies involved in explaining complex identity topics in business terms to executives. The conversation covers the integration of IAM with cloud initiatives, the importance of automation and governance, and actionable steps for improving cloud security and identity management. The episode also touches on the evolving role of identity in cybersecurity and offers practical advice for organizations undergoing cloud migrations.Connect with Justin: https://www.linkedin.com/in/justindevine/Connect with Vaishnavi: https://www.linkedin.com/in/vaishnavi-vaidyanathan-6913072b/Learn more about RSM:Digital Identity consulting: https://rsmus.com/services/risk-fraud-cybersecurity/cybersecurity-business-vulnerability/identity-and-access.htmlSecure Cloud: https://rsmus.com/services/risk-fraud-cybersecurity/cybersecurity-business-vulnerability/secure-cloud.htmlCheck out more RSM & IDAC episodes: https://rsmus.com/insights/services/risk-fraud-cybersecurity/IDAC-podcast-featuring-RSMs-digital-identity-team.htmlChapters00:00 Introduction and Banter00:37 Explaining Identity in Business Speak04:03 Conference Season and Upcoming Events06:19 Intersection of Cloud Security and IAM07:05 Guest Introductions: Justin and Vaishnavi07:37 Vaishnav's Journey in Identity12:20 Justin's Background and Cloud Security14:32 Cloud and IAM Strategies29:28 Challenges in Identity Management30:09 Identity Orchestration and Cloud Transformation31:07 Modernizing Identity for Cloud Adoption33:03 Importance of Identity in Advanced Cloud Implementations37:28 Identity Security and Monitoring in the Cloud41:34 Practical Advice for Cloud and Identity Management53:23 Music Preferences and Final ThoughtsConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

At Black Hat 2025, Sean Martin sits down with Ofir Stein, CTO and Co-Founder of Apono, to discuss the pressing challenges of identity and access management in today's hybrid, AI-driven environments. Stein's background in technology infrastructure and DevOps, paired with his co-founder's deep cybersecurity expertise, positions the company to address one of the most common yet critical problems in enterprise security: how to secure permissions without slowing the pace of business.Organizations often face a tug-of-war between security teams seeking to minimize risk and engineering or business units pushing for rapid access to systems. Stein explains that traditional approaches to access control — where permissions are either always on or granted through manual processes — create friction and risk. Over-provisioned accounts become prime targets for attackers, while delayed access slows innovation.Apono addresses this through a Zero Standing Privilege approach, where no user — human or non-human — retains permanent permissions. Instead, access is dynamically granted based on business context and automatically revoked when no longer needed. This ensures engineers and systems get the right access at the right time, without exposing unnecessary attack surfaces.The platform integrates seamlessly with existing identity providers, governance systems, and IT workflows, allowing organizations to centralize visibility and control without replacing existing tools. Dynamic, context-based policies replace static rules, enabling access that adapts to changing conditions, including the unpredictable needs of AI agents and automated workflows.Stein also highlights continuous discovery and anomaly detection capabilities, enabling organizations to see and act on changes in privilege usage in real time. By coupling visibility with automated policy enforcement, organizations can not only identify over-privileged accounts but also remediate them immediately — avoiding the cycle of one-off audits followed by privilege creep.The result is a solution that scales with modern enterprise needs, reduces risk, and empowers both security teams and end users. As Stein notes, giving engineers control over their own access — including the ability to revoke it — fosters a culture of shared responsibility for security, rather than one of gatekeeping.Learn more about Apono: https://itspm.ag/apono-1034Note: This story contains promotional content. Learn more.Guest:Ofir Stein, CTO and Co-Founder of Apono | On LinkedIn: https://www.linkedin.com/in/ofir-stein/ResourcesLearn more and catch more stories from Apono: https://www.itspmagazine.com/directory/aponoLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: sean martin, ofir stein, apono, zero standing privilege, access management, identity security, privilege creep, just in time access, ai security, governance, cloud security, black hat, black hat usa 2025, cybersecurity, permissions

Cybercriminals today operate more like startups than stereotypes—complete with org charts, sprint cycles, and pizza parties to celebrate successful breaches. In this episode of Security Matters, host David Puner talks with former CISO and U.S. Air Force veteran Ian Schneller about the evolving sophistication of threat actors and what it takes to stay ahead.From zero-day vulnerabilities and machine identity risks to AI-powered attacks and insider threats, Ian shares practical strategies drawn from his experience in military intelligence, offensive cyber operations, and corporate security leadership. Learn how to build resilience, translate cyber risk into business outcomes, and lead with mission-driven clarity in a threat landscape that never slows down.

In this episode of the Identity at the Center podcast, hosts Jeff and Jim dive into an enriching discussion with Shawna Hofer, Chief Information Security Officer at St. Luke's Health System in Idaho. Discover the vital link between cybersecurity and patient safety, the evolving role of AI in healthcare, and the challenges of integrating new technologies securely. Shawna shares her unique journey from an identity and access management manager to a CISO, offering valuable insights on risk management, data privacy, machine identities, and resilient security infrastructure. This is a must-watch episode for anyone interested in the intersection of healthcare and cybersecurity!Timestamps:00:00 Introduction and Podcast Overview00:37 ID Pro Membership Benefits03:35 Conferences and Events06:03 Introducing Shawna Hofer07:00 Shawna's Journey to CISO10:55 Identity Security in Healthcare13:49 Balancing Security and User Experience19:08 Challenges with IoT in Healthcare24:27 AI in Healthcare Security30:01 Upskilling for AI in Security33:07 The Ever-Improving AI Landscape33:21 Embracing the AI Mindset33:58 Resiliency in Healthcare and AI35:06 The Future of Jobs in an AI-Driven World37:37 Trusting AI in Security Decisions40:56 Learning the Language of Risk43:44 Making the Business Case for Identity45:50 Balancing Security Investments51:48 The Future of Healthcare and AI54:40 Fun and Food: The Potato Question01:02:13 Closing Remarks and FarewellConnect with Shawna: https://www.linkedin.com/in/shawna-hofer-7259b21a/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

⬥GUEST⬥Sean Metcalf, Identity Security Architect at TrustedSec | On LinkedIn: https://www.linkedin.com/in/seanmmetcalf/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Sean Metcalf, a frequent speaker at conferences like Black Hat, DEF CON, and RSAC, brings a sharp focus to identity security—especially within Microsoft environments like Active Directory and Entra ID. In this episode, he walks through the practical and tactical role of honeypots and deception in detecting intrusions early and with higher fidelity.While traditional detection tools often aim for broad coverage, honeypots flip the script by offering precise signal amidst the noise. Metcalf discusses how defenders can take advantage of the attacker's need to enumerate systems and accounts after gaining access. That need becomes an opportunity to embed traps—accounts or assets that should never be touched unless someone is doing something suspicious.One core recommendation: repurpose old service accounts with long-lived passwords and believable naming conventions. These make excellent bait for Kerberoasting attempts, especially when paired with service principal names (SPNs) that mimic actual applications. Metcalf outlines how even subtle design choices—like naming conventions that fit organizational patterns—can make a honeypot more convincing and effective.He also draws a distinction between honeypots and deception technologies. While honeypots often consist of a few well-placed traps, deception platforms offer full-scale phantom environments. Regardless of approach, the goal remains the same: attackers shouldn't be able to move around your environment without tripping over something that alerts the defender.Importantly, Metcalf emphasizes that alerts triggered by honeypots are high-value. Since no legitimate user should interact with them, they provide early warning with low false positives. He also addresses the internal politics of deploying these traps, from coordinating with IT operations to ensuring SOC teams have the right procedures in place to respond effectively.Whether you're running a high-end deception platform or just deploying free tokens and traps, the message is clear: identity is the new perimeter, and a few strategic tripwires could mean the difference between breach detection and breach denial.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/activity-7353806074694541313-xzQl/Article: The Art of the Honeypot Account: Making the Unusual Look Normal: https://www.hub.trimarcsecurity.com/post/the-art-of-the-honeypot-account-making-the-unusual-look-normalArticle: Trimarc Research: Detecting Kerberoasting Activity: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-kerberoasting-activityArticle: Detecting Password Spraying with Security Event Auditing: https://www.hub.trimarcsecurity.com/post/trimarc-research-detecting-password-spraying-with-security-event-auditing⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

What does "secure by default" really mean—and is it enough? In this episode of CyberArk's Security Matters, host David Puner sits down with Scott Barronton, Chief Information Security Officer (CISO) at Diebold Nixdorf, to explore the often-overlooked risks of cloud default settings and how assumptions can lead to vulnerabilities.Drawing on over 25 years in cybersecurity, Scott shares how he balances product and corporate security, leads a global team, and chairs his company's AI steering committee. He discusses the importance of machine identity management, certificate automation, and building security programs that support both innovation and accountability.Plus, Scott reflects on how his passion for travel—including a group trip to Antarctica—informs his leadership style and security mindset.

In this episode of Security Matters, host David Puner sits down with Deepak Taneja, co-founder of Zilla Security and General Manager of Identity Governance at CyberArk, to explore why 2025 marks a pivotal moment for identity security. From the explosion of machine identities—now outnumbering human identities 80 to 1—to the convergence of IGA, PAM, and AI-driven automation, Deepak shares insights from his decades-long career at the forefront of identity innovation.Listeners will learn:Why legacy identity governance models are breaking under cloud scaleHow AI agents are reshaping entitlement management and threat detectionWhat organizations must do to secure non-human identities and interlinked dependenciesWhy time-to-value and outcome-driven metrics are essential for modern IGA successWhether you're a CISO, identity architect, or security strategist, this episode delivers actionable guidance for navigating the evolving identity security landscape.

Join Jim McDonald and Jeff Steadman on the Identity at the Center podcast as they welcome Lalit Choda, founder and CEO of the Non-Human Identity Management Group. Lalit, also known as "Mr. NHI," shares his journey from investment banking to becoming a leading expert in non-human identities. This episode delves into the critical and often overlooked world of NHI, exploring why it's such a hot topic now, the challenges practitioners face in managing these identities, and how to approach the problem from a risk-based perspective. Lalit discusses the limitations of traditional PAM and IGA tools for NHI, the importance of foundational controls, and the alarming implications of AI on non-human identity management. Plus, hear a fun segment about vinyl records and some surprising finds!Chapter Timestamps:00:00:00 - Introduction to Lalit Choda and the NHI Community00:02:31 - Welcome to the Identity at the Center Podcast & IdentiVerse Discussion00:06:18 - Lalit Choda's Identity Origin Story: From Mr. SOX to Mr. NHI00:12:03 - Why Non-Human Identities Are a Big Deal Right Now00:15:37 - Defining NHI and the Practitioner's Framework00:19:13 - The Scale and Challenges of NHI Management00:23:01 - New Types of NHI and Tooling Limitations00:27:12 - The Lack of a Single Source of Truth for NHI00:33:57 - Prioritizing NHI Management and the Role of PAM00:38:58 - A Risk-Based Approach to NHI and Foundational Controls00:48:15 - What Scares Lalit Most About NHI (and AI)00:50:54 - Lalit's Impressive Vinyl Collection00:56:38 - Jim and Jeff's First, Best, and Favorite Albums01:01:15 - The Intersection of Music and Non-Human Identities01:02:00 - Wrapping Up & Where to Find More InformationConnect with Lalit: https://www.linkedin.com/in/lalit-choda-5b924120/Non-Human Identity Management Group: https://www.nhimg.org/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywords:Lalit Choda, Non-Human Identity, NHI, Machine Identity, Workload Identity, Identity Management, Cybersecurity, PAM, IGA, Privilege Access Management, Identity Governance and Administration, Secrets Management, Cloud Security, AI, Artificial Intelligence, DevSecOps, Risk-Based Approach, Identity Security, Service Accounts, Identity at the Center, IDAC, Jeff Steadman, Jim McDonald, IdentiVerse, Vinyl Collection, Podcast, Mr. NHI#idac #nonhumanidentity #machineidentity #cybersecurity #identityaccessmanagement #IAM #infosec #digitalidentity #workloadsecurity #devsecops #cloudsecurity #privilegedaccessmanagement #identitygovernance #zerotrust #nhi #mrnhi

In this wholly sponsored Soap Box edition of the show, Patrick Gray chats with Adam Bateman and Luke Jennings from Push Security. Push has built an identity security platform that collects identity information and events from your users' browsers. It can detect phish kits and shut down phishing attempts, protect SSO credentials, and find shadow/personal account that a user has spun up. It's extremely difficult to bypass. That's because when you're in the browser it doesn't matter how a phishing link arrives, or how a threat actor has concealed it from your detection stack – if the user sees it, Push sees it. There are solutions for protecting your users SSO credentials, like passkeys. But what about all the SaaS in your environment? Even if it's enrolled into your SSO, are you sure that's how your users are authenticating to it? What about the automation platforms your developers and admins use? What about data platforms like Snowflake? Are your using setting up passkeys for those accounts? How would you know, and what problems can it cause if those accounts are vulnerable? This is a fun one! This episode is also available on Youtube. Show notes