#351 - Jerome Thorstenson on B2B Identity First Security

May 26, 2025

Jerome Thorstenson, IAM Architect at Salling Group, brings hands-on experience securing B2B supply chains and leading IGA and ABAC work. He discusses identity-first security, tackling varied vendor onboarding, treating identity as a product, and using ABAC to avoid role explosion. Practical migration lessons, data quality, and retail turnover realities round out the conversation.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ANECDOTE

Pen Test Revealed Clear-Text Passwords

Jerome recounts a pen test that exposed clear-text passwords and initial passwords stored in AD attributes.
That discovery changed his view of IAM from simple user management to security-critical work.

INSIGHT

Supply Chain Identity Risks Are Organizational

Supply-chain security depends on making vendors as compliant and resilient as you are.
Regulations like NIST2 force faster vendor cybersecurity alignment and onboarding controls.

INSIGHT

ABAC Mitigates Role Sprawl

RBAC explodes with scale: thousands of stores and many apps create massive role sprawl.
ABAC lets you use attributes to reduce rigid role counts and nested groups.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

In this episode of Identity at the Center, hosts Jeff Steadman and Jim McDonald are joined by Jerome Thorstenson, IAM Architect with Salling Group, live from EIC 2025 in Berlin! Jerome shares his insights on B2B identity, the challenges of managing access for a complex supply chain, and the importance of an identity-first approach.

Discover how Salling Group, operating major labels like Target and Starbucks, handles identity for thousands of employees and external partners. Jerome dives into the complexities of balancing security, user experience, and the practicalities of implementing IGA and ABAC.

From navigating the challenges of data quality and high employee turnover to the nuances of transitioning between IGA systems, this episode offers valuable insights for identity practitioners.

Chapter Timestamps:

00:00:00 - B2B Identity Challenges
00:02:14 - Welcome to Identity at the Center from EIC 2025
00:04:14 - Jerome's Journey into Identity
00:05:19 - Salling Group Overview
00:06:57 - Securing B2B - Jerome's Presentation
00:10:54 - Controlling Access in B2B
00:11:41 - Identity as a Product
00:14:51 - The Role of the IAM Practitioner
00:16:31 - ABAC as a Game Changer
00:21:00 - Language Considerations in a European Context
00:22:33 - Employee Turnover Challenges
00:25:07 - IGA Implementation Insights
00:29:28 - Identity Fabric Discussion
00:31:21 - Jerome's Caribbean Background
00:34:06 - Wrap-up and Contact Information

Connect with Jerome: https://www.linkedin.com/in/jetdk/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Keywords:

IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, EIC 2025, B2B Identity, Identity First Security, IAM, Identity and Access Management, Supply Chain Security, IGA, ABAC, Attribute-Based Access Control, Role-Based Access Control, Identity Fabric, Digital Identity, Cybersecurity, Data Quality, Employee Turnover, Caribbean