#320 - Authenticate 204 - FIDO Feud

This episode is sponsored by Permiso. Visit permiso.io/idac to learn more.In this sponsored episode of the Identity at the Center Podcast, hosts Jeff and Jim sit down with Paul Nguyen, co-founder and co-CEO of Permiso, to discuss the critical role of identity security in modern information security. Paul shares insights into the history of identity threats, the rise of identity-focused attacks like Scattered Spider and LLM Jacking, and the importance of real-time identity monitoring for both human and non-human identities across cloud and on-prem environments. The episode explores how Permiso is positioned in the market to provide comprehensive identity threat detection and response (ITDR) and identity security posture management (ISPM), offering advanced visibility and proactive measures against emerging threats.Chapters00:00 Introduction to Security Vendors00:50 Welcome to the Identity at the Center Podcast01:30 Sponsored Spotlight: Permiso02:14 Meet Paul Nguyen, Co-Founder of Permiso03:34 The Importance of Identity in Security05:35 Permiso's Unique Approach to Identity Security07:36 Real-Time Monitoring and Threat Detection09:23 Challenges and Solutions in Identity Security15:16 Modern Attacks and Identity Threats25:56 The Role of Honeypots in Security Research26:49 Challenges of Maintaining Security27:15 Honeypots and Breach Detection27:46 Dwell Time and Reconnaissance28:34 Password Complexity and Monitoring Gaps29:24 Roles and Responsibilities in Identity Security29:49 Unified Identity Security Teams30:57 Emerging Threats and Joint Efforts32:49 Permiso's Role in Identity Security34:10 Detection and Response Strategies36:11 Managing Identity Risks36:51 Combining Prevention and Detection39:44 Real-World Applications and Challenges51:17 Personal Insights and Final ThoughtsConnect with Paul: https://www.linkedin.com/in/paulnguyen/Learn more about Permiso: https://permiso.io/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.com and watch at idacpodcast.tvKeywords:identity security, real-time monitoring, IAM, cybersecurity, identity exploitation, modern attacks, insider threats, honeypots, organizational structure, Non-Human Identities, Identity Security, Permiso, Risk Management, Insider Threat, Shadow IT, Identity Graph, ITDR, ISPM, Cybersecurity

26 Maalis 202556min

In this episode of the Identity at the Center Podcast, Jeff and Jim discuss the upcoming European Identity and Cloud Conference (EIC) with Warwick Ashford, Senior Analyst at KuppingerCole Analysts. Warwick outlines the differences between digital identity and identity and access management (IAM), emphasizing the importance of managing non-human identities in today’s digital world. The episode covers key themes for this year's EIC, including AI's role in cybersecurity, decentralized identity, identity ecosystems, and inclusivity. Warwick also highlights the extensive agenda comprising over 200 presentations, multiple workshops, and notable speakers from global standards bodies and cybersecurity experts. Tips for first-time attendees and the exciting social events, such as the Spree River cruises, are also discussed. Both in-person and virtual attendance options are available, ensuring no one misses out on the valuable insights and networking opportunities.Chapters00:00 Understanding Digital Identity vs. Identity and Access Management01:55 Welcome to the Identity at the Center Podcast02:03 Celebrating Milestones and Consistency03:54 Conference Discount Codes and Announcements07:13 Introducing Our Guest: Warwick Ashford07:33 Warwick's Journey into Cybersecurity and Identity11:59 The Importance of Managed Services in Cybersecurity13:34 Previewing the European Identity and Cloud Conference (EIC)16:03 Who Should Attend EIC and Why19:03 Main Themes and Tracks at EIC 202326:14 The Future of Identity Ecosystems31:59 Digital Credential Services Workshop32:22 Focus on Identity Fabrics32:52 Keynote Sessions and Presentations33:15 Involvement of Various Organizations33:56 Award Winners and Their Contributions35:34 Virtual Ticket Option and Its Benefits37:41 After Hours Events and Networking40:17 EIC Awards and Finalists42:06 Notable Speakers and Topics44:46 Tips for First Timers49:51 AI in Cybersecurity51:41 Digital Identity vs. Identity and Access Management57:07 Identity's Role in Cybersecurity01:00:13 Conclusion and Wrap-UpConnect with Warwick: https://www.linkedin.com/in/warwickashford/Conference Discounts!Gartner IAM Summit - Code IDAC425 saves 425€: https://www.gartner.com/en/conferences/emea/identity-access-management-ukEuropean Identity and Cloud Conference 2025 - Use code idac25mko for 25% off: https://www.kuppingercole.com/events/eic2025?ref=partneridacIdentiverse 2025 - Use code IDV25-IDAC25 for 25% off: https://identiverse.com/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywordsIdentity, Cybersecurity, EIC, Managed Services, Decentralized Identity, Networking, Conferences, Identity Ecosystems, Workshops, Keynotes, EIC, digital identity, cybersecurity, virtual ticket, networking, awards, keynote speakers, AI, IAM, conference tips

24 Maalis 20251h 2min

In this episode of the Identity Center Podcast, Jim McDonald discusses policy enforcement, adaptive authentication, and fraud prevention with Patrick Harding, Chief Product Architect at Ping Identity. They delve into how policy enforcement can be managed locally to maintain performance for SaaS applications while ensuring greater flexibility using standards like AuthZEN. Jim and Patrick also cover the benefits and challenges of using SAML and OpenID Connect for single sign-on (SSO) and explore the future role of AI agents in identity and access management. Additionally, they provide valuable tips for attending identity-focused conferences in Berlin and Las Vegas.Chapters00:00 Introduction to Policy Enforcement01:29 Welcome to the Identity Center Podcast01:54 Conference Discount Codes03:03 Guest Introduction: Patrick Harding from Ping Identity03:54 Patrick's Journey into Identity06:56 Challenges in Adaptive Authentication10:50 SaaS Applications and Policy Enforcement21:18 Advanced Fraud Analytics29:23 Integrating On-Premise and Cloud Applications30:35 Effort and Challenges in Modernizing Applications31:22 The Shift to OpenID Connect32:22 SaaS Applications and Single Sign-On Costs33:52 AI Agents and Adaptive Authentication34:54 The Future of AI Agents in Business39:15 Delegation and Authentication for AI Agents43:46 The Impact of AI on Jobs and Efficiency47:11 Advice for Future Careers in a Tech-Driven World52:57 Conference Tips and Final ThoughtsConnect with Patrick: https://www.linkedin.com/in/pharding/Conference Discounts!European Identity and Cloud Conference 2025 - Use code idac25mko for 25% off: https://www.kuppingercole.com/events/eic2025?ref=partneridacIdentiverse 2025 - Use code IDV25-IDAC25 for 25% off: https://identiverse.com/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

17 Maalis 202558min

In this episode of the Identity at the Center Podcast, Jeff and Jim tackle questions from listeners around the world, including: "What certifications or skills would you recommend focusing on in 2025?" "What are some of the most common mistakes companies make when rolling out MFA, and how can they avoid them?" and "How should small and mid-sized businesses approach IAM when they don’t have the same resources as large enterprises?" Thanks to Ryan, Diego, and Omar for sending these in!Chapters00:00 The Unsustainable Strategy of Heroism01:48 Introducing the Identity at the Center Podcast02:04 Travel Tales and Tech Tips09:57 Listener Mailbag: Career Advice for IAM Professionals19:20 Global Listener Stats and MFA Rollout Mistakes24:30 Exploring MFA Options24:56 Common MFA Mistakes25:13 The Importance of Coverage25:44 Humorous Interlude26:00 Understanding MFA Factors26:29 Avoiding Knowledge-Based Authentication26:50 Self-Serve MFA Resets27:31 Productizing IAM28:35 Listener Question: SMB IAM Strategies31:35 Balancing Security Investments32:07 Staffing and Technology Considerations35:54 The Role of Cyber Insurance43:10 Historical Figure Swap47:10 Wrapping Up and Listener AppreciationConference Discounts!Gartner IAM Summit - Code IDAC425 saves 425€: https://www.gartner.com/en/conferences/emea/identity-access-management-ukEuropean Identity and Cloud Conference 2025 - Use code idac25mko for 25% off: https://www.kuppingercole.com/events/eic2025?ref=partneridacIdentiverse 2025 - Use code IDV25-IDAC25 for 25% off: https://identiverse.com/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

10 Maalis 202548min

This episode is sponsored by Beyond Identity. Visit https://www.beyondidentity.com/idac to learn more.In this sponsored episode of the Identity at the Center podcast, Jeff and Jim host Sarah Cecchetti, Director of Product Strategy at Beyond Identity. They discuss the transition away from password-based systems to more secure, passwordless authentication methods. Sarah explains the unique differentiators of Beyond Identity, their integration with security tools, and how they leverage cryptographic keys stored in device secure enclaves. The conversation covers user resistance to biometrics, deployment strategies, and the importance of shared security signals. Sarah also shares personal anecdotes about her backpacking trip across Spain and informs listeners about upcoming events like BeyondCon, featuring live demos and a private performance of Broadway hits.Chapters00:00 Introduction to Passwordless Authentication00:34 What Makes Beyond Identity Unique?01:35 Welcome to the Identity at the Center Podcast02:01 Introduction of Sarah Cecchetti03:04 Beyond Identity's Approach to Authentication09:31 Balancing Security and Usability16:00 Use Cases and Customer Success Stories19:15 Technical Insights and Future Directions24:32 Understanding Customer Policy Changes24:48 Real-World Scenarios of Shared Signals25:10 Implementing Shared Signals in Security27:47 Policy Simulation and Auditing28:31 Addressing Identity-Based Threats29:57 The Future of Passwordless Security33:56 Challenges in Identity Deployment37:49 BeyondCon and Industry Events41:12 Personal Adventures and Reflections46:42 Final Thoughts and FarewellConnect with Sarah: https://www.linkedin.com/in/sarahcecchetti/Learn more about Beyond Identity: https://www.beyondidentity.com/idacBeyond Con: https://insights.beyondidentity.com/beyondcon-west-2025/aboutConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.com and watch at https://www.youtube.com/@idacpodcast

6 Maalis 202548min

Get an insider's look at Identiverse with special guest Andi Hindle, the conference chair, on this episode of 'Identity at the Center.' Andi joins Jeff and Jim to discuss the upcoming Identiverse 2025 in Las Vegas, highlighting key sessions, workshops, and keynote speakers. They explore the significance of industry conferences, delve into non-human identities, and more. Plus, tips for maximizing your conference experience and enjoying Las Vegas!Chapters00:00 Engaging with Industry Experts01:26 Welcome to the Identity at the Center Podcast01:38 Morning Banter and LinkedIn Insights02:13 Gartner's Framework on Non-Human Identities06:14 Conferences and Networking Opportunities06:43 Upcoming Identity and Cloud Conferences08:42 Identiverse 2025 Preview with Andi Hindle15:53 The Importance of New Voices in Identity20:44 Navigating the Identiverse Agenda36:19 AI Experimentation and Side Projects37:12 Pre-Registration and Conference Workshops39:44 Key Workshop Topics and Industry Trends48:00 Keynote Speakers and Main Stage Highlights54:33 After Hours and Networking Events58:07 Exploring Las Vegas: Tips and Recommendations01:08:32 Final Thoughts and Wrap-UpConnect with Andi: https://www.linkedin.com/in/ahindleIdentiverse 2025 - Use code IDV25-IDAC25 for 25% off: https://identiverse.com/Conference Discounts!Gartner IAM Summit - Code IDAC425 saves 425€: https://www.gartner.com/en/conferences/emea/identity-access-management-ukEuropean Identity and Cloud Conference 2025 - Use code idac25mko for 25% off: https://www.kuppingercole.com/events/eic2025?ref=partneridacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

3 Maalis 20251h 10min

In this episode of the Identity as a Center podcast, Jeff and Jim interview Andrew Cameron, Technical Fellow in Identity and Access Management at General Motors. The discussion covers the importance of speed and security in mission-critical automotive applications, the evolution and impact of identity standards, and the integration of modern identity solutions in vehicles. Andrew also shares insights on the challenges of customer identity management, the complexity of B2B environments, and the role of AI in the future of identity. The conversation touches on GM's move towards passkeys, the centralized management of customer profiles, and the rise of car accounts.Chapters00:00 Introduction to Mission-Critical Identity02:03 Welcome to the Identity as a Center Podcast02:20 The Value of IDPro Membership06:18 Upcoming Conferences and Discount Codes11:39 Introducing Andrew Cameron from General Motors12:26 Andrew Cameron's Journey in Identity17:22 The Evolution of Identity Standards19:09 Adopting Passwordless Authentication at GM23:10 Challenges and Benefits of Passwordless Adoption24:55 Role and Responsibilities of a Technical Fellow28:32 Customer Identity Management at GM30:00 Establishing a Scalable Authentication Platform31:09 Centralizing Profile Information32:05 Challenges and Benefits of Centralized Profiles33:18 Mentorship and Collaboration in Tech34:50 Complexities of B2B Identity Management38:56 Global Privacy and Language Challenges41:32 Enhancing Vehicle User Experience with Identity46:50 Speed and Security in Vehicle Identity Systems53:52 Future of AI in Automotive Industry57:28 Detroit Pride and Personal Insights01:02:20 Conclusion and Final ThoughtsConnect with Andrew: https://www.linkedin.com/in/kandrewcameron/Conference Discounts!Gartner IAM Summit - Code IDAC425 saves 425€: https://www.gartner.com/en/conferences/emea/identity-access-management-ukEuropean Identity and Cloud Conference 2025 - Use code idac25mko for 25% off: https://www.kuppingercole.com/events/eic2025?ref=partneridacIdentiverse 2025 - Use code IDV25-IDAC25 for 25% off: https://identiverse.com/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

24 Helmi 20251h 4min

This episode is sponsored by IAMONES. Visit https://iamones.ai/idac to learn more.In this sponsored episode of the Identity at the Center podcast, Jim welcomes Andrea Rossi from IAMONES, an innovative conversational identity governance platform. They discuss the revolutionary approach IAMONES takes in simplifying identity and access management (IAM) using large language models (LLM). Andrea explains how IAMONES aims to eliminate the need for complex roles and middle layers by providing business users with direct and comprehensible access to system functions. The discussion dives into the practical applications of LLM in enhancing existing IAM systems, particularly focusing on making permissions and entitlements more understandable and manageable for business users, auditors, and administrators. The episode also highlights the ease of integrating IAMONES with existing identity infrastructures and offers insights into reducing the burden of maintaining multilingual UIs. Tune in to learn more about the potential of AI in transforming IAM.Chapters00:00 Introduction to Simplifying Access Management02:11 Welcome to the Identity at the Center Podcast02:23 Sponsor Spotlight: Andrea Rossi from IAMONES05:04 The Story Behind the Name 'IAMONES'08:16 Conversational Identity and Large Language Models12:35 Revolutionizing IGA with AI17:22 The Future of AI in Identity Management23:08 Enhancing IGA Configuration with Natural Language31:37 Understanding Outcomes in Identity Governance32:09 The Shift from RBAC to PBAC33:35 Challenges with Role Explosion34:02 Introducing Temporal Identity Graph35:27 Simplifying Access for Business Users39:36 Ensuring Proper Data Visibility46:06 Implementing the Identity Gateway48:45 Customer Feedback and Success Metrics52:07 Future of AI in Identity Management56:21 Travel Tips for Visiting ItalyConnect with Andrea: https://www.linkedin.com/in/arossi67Learn more about IAMONES: https://iamones.ai/idacRamones - Blitzkrieg Bop (Official Music Video): https://www.youtube.com/watch?v=268C3N2dDYkMicrosoft’s Satya Nadella on the evolution of SaaS: https://www.youtube.com/watch?v=a_RjOhCkhvQ&t=22sConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.com and watch at https://www.youtube.com/@idacpodcast

20 Helmi 20251h 1min