Identity at the Center

Darren Rolls, a veteran in identity and access management with a rich background at SailPoint, shares his insights on the complexities of identity fabrics and the evolving landscape of IAM. He discusses the impact of AI on identity management and the challenges of integrating new technologies with legacy systems. Darren emphasizes the importance of standards, the necessity for real-time policy-based access, and the potential of agent-based applications. He even dives into his adventurous side, touching on kite surfing and how it reflects a mindset of continuous learning.

Sponsored by Axonius. Visit https://www.axonius.com/idac to learn more.In this sponsored episode of the Identity at the Center Podcast, hosts Jeff and Jim talk with Amir Ofek, the CEO of AxoniusX, about the company's innovative solutions in identity and access management (IAM). The discussion covers Amir's journey into IAM, the unique challenges of managing identities, and how AxoniusX's data-driven approach provides comprehensive visibility and intelligence. The episode breaks down various use cases, the importance of identity hygiene, automation of identity processes, and the newly recognized identity visibility and intelligence platform (IVIP) by Gartner.Timestamps:00:00 Introduction and Episode Overview00:57 Guest Introduction: Amir, CEO of AxoniusX01:12 Amir's Journey into Identity Access Management02:40 Understanding Axonius and AxoniusX08:03 The Importance of Identity Visibility and Intelligence11:48 Challenges in Identity Management22:10 Axonius's Approach to Identity Visibility26:35 Leveraging AI and Machine Learning in Identity Management31:18 Understanding Permission Changes and Their Importance32:10 The Role of Observability in Axonius32:37 Driving Actions with Axonius33:30 Common Use Cases and Workflows35:19 Axonius as a Swiss Army Knife36:16 Ease of Use and AI Integration38:49 Starting with Axonius and Measuring Value43:42 Future Directions for Axonius49:49 The Identity Community and Upcoming Events51:23 Skiing Adventures and Tips57:54 Conclusion and Final ThoughtsConnect with Amir: https://www.linkedin.com/in/amirofek/Learn more about Axonius: https://www.axonius.com/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.com

Vaishnavi Vaidyanathan, Digital Identity Director at RSM with ~18 years in IAM, and Justin Devine, Cloud Transformation Director at RSM who leads secure cloud migrations, discuss cloud security and identity. They cover aligning IAM with cloud moves. They explore automation, identity orchestration, governance sequencing, RBAC and monitoring, and practical first steps like CSPM and MFA.

Anthony Viggiano, an IAM leader and member of the Identity Underground and IDPro, shares his deep expertise on Identity and Access Management. He delves into the challenges of making access reviews effective and how to future-proof IAM programs. Anthony discusses the importance of role-based and attribute-based access control, emphasizing the need for clearer communication in identity governance. He also makes a quirky analogy between managing identities and mountain biking, offering tips for beginners along the way. A blend of insights and personal anecdotes awaits!

This episode is sponsored by P0 Security. Visit p0.dev/idac to learn why P0 is the easiest and fastest way to implement just-in-time, short-lived, and auditable access to your entire infrastructure stack, like servers, databases, Kubernetes clusters, cloud consoles, and cloud services, for users as well as non-human identities.In this sponsor spotlight episode, Jim and Jeff are joined by Shashwat Sehgal, CEO and founder of P0 Security, to discuss the evolving challenges of privileged access management in modern, cloud-native environments. Shashwat explains how traditional PAM solutions often create friction for developers, leading to over-provisioning and security risks, and how P0 is tackling this problem with a developer-first, just in time (JIT) access model. The conversation covers the core problems with developer productivity, how P0's use of technologies like eBPF provides deep visibility and control without agents, the "Priority Zero" philosophy, and how a JIT approach simplifies audits and compliance. They also discuss the competitive landscape and what sets P0 Security apart from traditional and open-source solutions.Learn more about P0: https://www.p0.dev/idacConnect with Shashwat: https://www.linkedin.com/in/shashwatsehgal/Chapter Timestamps:00:00 - Podcast Intro00:29 - Sponsor Introduction: P0 Security01:38 - What is the problem P0 Security is trying to solve?03:52 - Defining "Just-in-Time" (JIT) Access06:21 - The challenge with traditional PAM for developers08:23 - How P0 provides access without agents using eBPF12:15 - What does the user experience look like?15:58 - Supporting various infrastructure and access protocols19:15 - How does P0 handle session recording and auditing?22:20 - Is this a replacement for Privileged Access Management (PAM)?26:40 - The story behind the name P0 Security29:20 - Who is the ideal customer for P0?33:15 - Handling break-glass scenarios36:04 - Discussing the competitive landscape42:30 - How is P0 deployed? (Cloud vs. On-prem)46:50 - The future of P0 and the "Priority Zero" philosophy50:32 - Final thoughts: "Access is our priority zero."Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywords:P0 Security, Shashwat Sagal, Privileged Access Management, PAM, Just-in-Time Access, JIT, Developer Security, Cloud-Native Security, Hybrid Cloud, eBPF, Kubernetes, IAM, Identity and Access Management, Cybersecurity, Zero Trust, Ephemeral Access, Developer Experience, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

Dan Lauritzen, Director at RSM Defense with a military human intelligence background turned detection and response lead. He discusses treating identities as assets, how identity abuse fits into the cyber kill chain, and why identity and SOC teams must break down silos. Conversations cover ASM basics, modern detection platforms like XDR/ITDR, data volumes, and practical cross-team collaboration strategies.

Shawna Hofer, CISO at St. Luke's Health System with deep IAM and healthcare risk experience. She discusses how identity ties to patient safety. Short takes cover balancing clinician workflows with security. Challenges around IoT and legacy medical devices. The role and risks of AI, upskilling teams, and planning resiliency for automated systems.

Felix Gaehtgens, a former Gartner analyst focused on machine identity, joins the discussion to unravel the complexities of managing non-human identities. He emphasizes the crucial differences between human and machine identities and critiques outdated identity practices. Felix advocates for modern, dynamic identity solutions to tackle the challenges of increasing machine interactions. The conversation also highlights the need for collaboration between IAM teams and developers to enhance security strategies and explores the future of machine identity in a rapidly evolving cyber landscape.

Joni Brennan, Chair of IDPro and President of DIACC, brings decades of identity and digital ID leadership. She discusses strengthening IDPro’s structure, bridging local, national and international identity ecosystems, and the business side of identity beyond technical roles. They cover interoperability, digital wallets, trust anchors, and balancing immediate fraud needs with long-term standards.

This episode is sponsored by Natoma. Visit https://www.natoma.id/ to learn more.Join Jeff from the IDAC Podcast as he dives into a deep conversation with Paresh Bhaya, the co-founder of Natoma. In this sponsored episode, Paresh shares his journey into the identity space, discusses how Natoma helps enterprises accelerate AI adoption without compromising security, and provides insights into the rising importance of MCP and A2A protocols. Learn about the challenges and opportunities at the intersection of AI and security, the importance of dynamic access controls, and the significance of ensuring proper authentication and authorization in the growing world of agentic AI. Paresh also delights us with his memorable hike up Mount Whitney. Don't miss out!00:00 Introduction and Sponsor Announcement00:34 Guest Introduction: Paresh Bhaya from Natoma01:14 Paresh’s Journey into Identity04:04 Natoma's Mission and AI Security06:25 The Story Behind Natoma's Name09:29 Natoma's Unique Approach to AI Security18:32 Understanding MCP and A2A Protocols25:20 Community Development and Adoption25:56 Agent Interactions and Security Challenges27:19 Navigating Product Development29:17 Ensuring Secure Connections36:10 Deploying and Managing MCP Servers42:40 Shadow AI and Governance44:17 Personal Anecdotes and ConclusionConnect with Paresh: https://www.linkedin.com/in/paresh-bhaya/Learn more about Natoma: https://www.natoma.id/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comKeywords:IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Natoma, Paresh Bhaya, Artificial Intelligence, AI, AI Security, Identity and Access Management, IAM, Enterprise Security, AI Adoption, Technology, Innovation, Cybersecurity, Machine Learning, AI Risks, Secure AI, #idac