#132 - The A in CIAM with Ward Duchamps

Sponsored by Veza. Visit veza.com/idac for more info.In this sponsored episode of the Identity at the Center Podcast, hosts Jeff and Jim welcome Tarun Thakur, the co-founder and CEO of Veza, and Phil Venables, a strategic security advisor with Google and board director for Veza. The discussion spans the critical role of identity security in modern organizations, the innovative solutions offered by Veza's Access Graph, and the challenges posed by both human and non-human identities. They delve into the evolving landscape of privilege access management (PAM), the transformative potential of AI in identity security, and actionable steps organizations can take to achieve least privilege and reduce risk. The episode also highlights Veza's recent $108 million Series D investment, underscoring its mission to build the next-generation identity platform.Chapters00:00 Understanding Privilege in Organizations02:10 Introduction to the Podcast03:13 Meet the Experts: Tarun and Phil03:46 Tarun's Journey into Identity05:24 Phil's Background in Identity08:35 The Vision and Differentiation of Veza11:38 Announcing Major Investments13:48 Challenges in Identity Security27:48 Challenges of Privilege Access Management28:09 The Evolution of Privilege Access30:25 Session Recording and Management in Modern Infrastructure33:17 The Role of Access Graph in Identity Management44:47 Leveraging AI in Identity Security52:50 Final Thoughts and Future DirectionsConnect with Tarun: https://www.linkedin.com/in/tarunthakur/Learn more about Veza: https://veza.com/idacConnect with Phil: https://www.linkedin.com/in/philvenables/Phil’s Blog: https://www.philvenables.com/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.com

30 Apr 56min

In this episode of the Identity at the Center podcast, hosts Jeff and Jim dive into the complexities and challenges of Identity and Access Management (IAM). They discuss the cumbersome user experience of Multi-Factor Authentication (MFA) setups, assess the value of IAM maturity programs, and highlight the changing landscape of authentication standards over time. Listener questions address topics such as the future of passwords, the importance of user experience, AI's impact on IAM, budget-conscious IAM strategies for smaller companies, and the dream guests for the show. The episode concludes with a lighter note on what superpowers an IAM superhero might have, emphasizing the role of clear communication in combating the confusion rampant in IAM.Timestamps00:00 The Hassles of Multi-Factor Authentication01:03 Welcome to the Identity at the Center Podcast01:18 The Value of IAM Maturity Assessments03:23 Evolving Standards in Authentication10:55 Upcoming Conferences and Events15:56 Listener Mailbag: IAM Questions Answered27:26 Replicating Manual Processes with Automation28:36 The Importance of User Experience in Automation29:51 Dynamic Access and Self-Service Models31:39 Strategic IAM Program Management33:03 AI's Impact on Identity Governance43:11 Building Strong IAM Programs on a Budget47:07 Dream Guests and IAM Superpowers54:22 Listener Questions and Wrap-UpConference Discounts!European Identity and Cloud Conference 2025 - Use code idac25mko for 25% off: https://www.kuppingercole.com/events/eic2025?ref=partneridacIdentiverse 2025 - Use code IDV25-IDAC25 for 25% off: https://identiverse.com/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

28 Apr 56min

In this episode of the Identity at the Center Podcast, hosts Jeff and Jim enthusiastically announce that their podcast is now the official podcast of IDPro. Heather Flanagan, the Executive Director of IDPro, joins the discussion to share insights about the previous IDPro Show, the time and resource constraints of producing it, and the transition to making Identity at the Center the official IDPro podcast. They also discuss her global travels and participation in various identity-related conferences, including EIC and Identiverse. They also delve into the ID Pro's Slack community, the CIDPRO certification, and the Identity Salon initiative. The episode concludes with discussions about upcoming personal travel plans and their experiences in organizing and attending identity industry events.Chapters00:00 Exciting Announcement: Official Podcast of IDPro01:54 Introduction and Casual Banter03:23 Conference Season and Identity Beers06:39 Welcoming Heather Flanagan08:22 IDPro and Community Building15:05 The CIDPRO Certification19:59 The Identity Salon27:30 IDPro's Global Presence and Challenges28:54 IDPro at EIC: Workshops and Job Descriptions31:15 Addressing the Identity Talent Shortage33:14 The Origin and Culture of Identity Beers35:07 IDPro's Role at Identiverse38:55 The Rigors of the CIDPRO Exam40:26 Balancing Travel and Personal Life46:09 Vacation Planning Styles52:40 Closing Remarks and Future PlansConnect with Heather: https://www.linkedin.com/in/hlflanagan/Learn more about IDPro: https://idpro.org/The Identity Salon: https://theidentitysalon.com/Identibeer tracker - https://github.com/martin-sandren-conf/iamconfs/blob/main/Meetups_and_IdentiBeers_2025_springConference Discounts!Gartner IAM Summit - Code IDAC425 saves 425€: https://www.gartner.com/en/conferences/emea/identity-access-management-ukEuropean Identity and Cloud Conference 2025 - Use code idac25mko for 25% off: https://www.kuppingercole.com/events/eic2025?ref=partneridacIdentiverse 2025 - Use code IDV25-IDAC25 for 25% off: https://identiverse.com/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

21 Apr 54min

In this episode of Identity at the Center, Kristin Olsen, Director of Product Management for the guest travel experience at Alaska Airlines, shares insights into the evolving world of digital identity in the travel industry. Kristin discusses the vision for seamless travel using face or phone for identity verification, collaboration with TSA, and future trends like AI and mobile IDs. The conversation also delves into the challenges and opportunities of enhancing guest experience, risk management, and the importance of strong IAM practices. Stick around for a lighter note as Kristin reveals her background in improv comedy and how it has influenced her professional journey. Plus, don't miss exclusive conference codes for upcoming events!Chapters00:00 Introduction to Digital Identity in the Travel Industry01:26 Welcome to the Identity of the Center Podcast01:48 Discussing MFA and Adaptive Authentication07:23 Conference Announcements and Identity Beers12:23 Introducing Kristin Olsen from Alaska Airlines12:43 Kristin Olsen's Role and Insights on Digital Identity30:05 Engineering Excitement in the Airline Industry30:42 Enhancing Guest Experience with Technology33:03 Digital Identity and Day of Travel35:05 Future Trends in Identity Management44:27 The Role of AI in Product Management53:09 Kristin's Improv Comedy Background01:01:55 Wrapping Up and Final ThoughtsConnect with Kristin: https://www.linkedin.com/in/kristin-olsen-b252032/Conference Discounts!Gartner IAM Summit - Code IDAC425 saves 425€: https://www.gartner.com/en/conferences/emea/identity-access-management-ukEuropean Identity and Cloud Conference 2025 - Use code idac25mko for 25% off: https://www.kuppingercole.com/events/eic2025?ref=partneridacIdentiverse 2025 - Use code IDV25-IDAC25 for 25% off: https://identiverse.com/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

14 Apr 1h 3min

Join Jeff and Jim in this episode of the Identity at the Center Podcast as they delve into the upcoming Identity Management Day 2025. Featuring guest Jeff Reich, Executive Director at the Identity Defined Security Alliance (IDSA), this episode unpacks the significance of non-human identities, AI in identity management, and the existential questions surrounding identity. The discussion covers upcoming events, awards, and what to expect from Identity Management Day, while also exploring the potential impact of Quantum Computing. Don't miss out on this in-depth conversation that combines humor with profound insights into the evolving landscape of identity management.Chapters00:00 Introduction and Identity Concerns01:30 AI and Podcasting01:59 AI Limitations and Future05:41 Conference Announcements07:30 Identity Management Day 202509:35 Global Identity Trends18:39 Existential Identity and AI27:29 The Concept of Identity in Technology28:05 Machine Identity and Its Implications29:30 Human vs. Machine Identity31:07 The Future of Identity with AI and Quantum Computing38:13 Identity Management Day Awards45:17 Fun and Lighthearted Discussion51:35 Conclusion and Final ThoughtsConnect with Jeff: https://www.linkedin.com/in/jreich/Learn more about the IDSA: https://www.idsalliance.org/Register for Identity Management Day 2025: https://www.accelevents.com/e/Identity-Management-Day-2025-Virtual-ConferenceConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywords: Identity Management, AI, Non-Human Identities, Identity Defined Security Alliance, IDSA, Quantum Computing, Identity Management Day 2025, Identity at the Center Podcast.

7 Apr 53min

Join AI Jeff and AI Jim on 'Identity at the Center' as they explore the most outrageous and entertaining innovations in identity and access management (IAM) for this special April Fools' episode. From 'Identity at the Center - After Dark' on Diz-Prime-flix to the rise of 'Carrier Pigeon Authentication,' this episode promises a wild ride through the absurdities of digital identity. Don't miss highlights like toaster authentication challenges, karaoke biometric logins, and the surreal 'Session_Expired' club experience. Stay secure and get ready to laugh out loud with the most bizarre IAM content you've ever seen!Chapters00:00:00 Welcome & Introduction00:01:00 Special Announcement: 'Identity at the Center - After Dark' on Diz-Prime-flix00:02:00 News: Biometric Authentication Requires Singing Karaoke00:03:00 Sponsor: SonataSecure - Musical Authentication00:04:00 Sponsor: WhisperGuard - Secure Messaging with AuraScan00:05:00 News: Identity Management Replaced by Carrier Pigeons & Caffeine Level Access Control00:06:00 Sponsor: Fortress of Fabulousness Firewall00:07:00 Sponsor: Zeus's Zero Trust Zenith00:08:00 News: Digital Certificates Require Imaginary Friend Permission & Interpretive Dance Passphrases00:09:00 Sponsor: EgoSphere - Decentralized Identity Platform00:10:00 Sponsor: RoleRescue - Rehabilitate RBAC Systems00:11:00 News: Sentient Corporate Directory 'Dirk' Playing Matchmaker00:12:00 Sponsor: Omni-Identity Nexus - Transdimensional Identity00:13:00 Sponsor: Packet Politeness Protocol00:14:00 News: Principle of Extreme Least Privilege (PELP) & Spirit Animal Check Authentication00:15:00 Sponsor: The Sentient Security Snail00:16:00 News: Quantum Entanglement Authentication & PAM Crowns00:17:00 News: Mandatory Offboarding Serenades00:18:00 Sponsor: AccessStream & Permission Patrol00:19:00 Sponsor: The Great Identity Governance Swamp Romp Webinar00:20:00 News: Fortune Cookie Authentication & Jim's Consciousness Theory00:21:00 City Correspondent Tyler: Session_Expired Club Entry Requirements00:22:00 City Correspondent Tyler: Explaining Human SAML Assertions00:23:00 City Correspondent Tyler: Human SAML Assertions & Club Details00:24:00 City Correspondent Tyler: Session_Expired Club Summary00:25:00 Closing Remarks & OutroConnect with us on LinkedIn:Real Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Real Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywords: Identity and Access Management, digital identity, cybersecurity, AI Jeff, AI Jim, alternative realities, IAM news, April Fool's.

1 Apr 25min

In this episode of the Identity at the Center Podcast, hosts Jeff and Jim delve into the intricacies of compliance, governance, and cybersecurity with special guest and colleague Kia Smith, a director in RSM's Security and Privacy Risk Consulting practice. They explore the foundational role of compliance activities such as Sarbanes-Oxley, the crucial need to align governance with security, and the rising complexity of regulatory environments driven by third-party dependencies. Kia provides valuable insights into the Cybersecurity Maturity Model Certification (CMMC) and its widespread implications for industries beyond defense. The discussion also touches upon the relevance of legal language in contracts to manage risk effectively, the role of AI in compliance frameworks, and the importance of continuous compliance validation.Chapters00:00 Understanding Compliance: Beyond Check-the-Box01:58 Introduction to the Podcast03:46 The Importance of a Well-Rounded Identity Professional06:38 Upcoming Conferences and Discount Codes08:51 Meet Our Guest: Kia Smith09:36 Kia's Journey from Law to Cybersecurity13:50 The Role of a Director in Consulting19:37 Compliance vs. Security: A Balanced Approach21:41 The Evolving Regulatory Landscape25:00 Managing Third-Party Risks32:21 Setting IAM Security Standards32:54 Cloud Service Offerings and FedRAMP34:07 Procurement and Security Collaboration34:45 Contractual Security Requirements35:24 Business Involvement in Security Decisions36:26 Reviewing Security Practices37:10 Governance and Risk Acceptance41:12 Impact of Regulations on Industries42:58 CMMC and Its Broad Implications51:30 AI in Compliance and Cybersecurity55:33 Pickle Pops and Lighthearted FarewellConnect with Kia: https://www.linkedin.com/in/kia-smith-mpp-cisa/Learn more about RSM’s Digital Identity Consulting: https://rsmus.com/services/risk-fraud-cybersecurity/cybersecurity-business-vulnerability/identity-and-access.html?cmpid=ola:45559-idac:bb01Conference Discounts!Gartner IAM Summit - Code IDAC425 saves 425€: https://www.gartner.com/en/conferences/emea/identity-access-management-ukEuropean Identity and Cloud Conference 2025 - Use code idac25mko for 25% off: https://www.kuppingercole.com/events/eic2025?ref=partneridacIdentiverse 2025 - Use code IDV25-IDAC25 for 25% off: https://identiverse.com/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

31 Mar 1h 2min

This episode is sponsored by Permiso. Visit permiso.io/idac to learn more.In this sponsored episode of the Identity at the Center Podcast, hosts Jeff and Jim sit down with Paul Nguyen, co-founder and co-CEO of Permiso, to discuss the critical role of identity security in modern information security. Paul shares insights into the history of identity threats, the rise of identity-focused attacks like Scattered Spider and LLM Jacking, and the importance of real-time identity monitoring for both human and non-human identities across cloud and on-prem environments. The episode explores how Permiso is positioned in the market to provide comprehensive identity threat detection and response (ITDR) and identity security posture management (ISPM), offering advanced visibility and proactive measures against emerging threats.Chapters00:00 Introduction to Security Vendors00:50 Welcome to the Identity at the Center Podcast01:30 Sponsored Spotlight: Permiso02:14 Meet Paul Nguyen, Co-Founder of Permiso03:34 The Importance of Identity in Security05:35 Permiso's Unique Approach to Identity Security07:36 Real-Time Monitoring and Threat Detection09:23 Challenges and Solutions in Identity Security15:16 Modern Attacks and Identity Threats25:56 The Role of Honeypots in Security Research26:49 Challenges of Maintaining Security27:15 Honeypots and Breach Detection27:46 Dwell Time and Reconnaissance28:34 Password Complexity and Monitoring Gaps29:24 Roles and Responsibilities in Identity Security29:49 Unified Identity Security Teams30:57 Emerging Threats and Joint Efforts32:49 Permiso's Role in Identity Security34:10 Detection and Response Strategies36:11 Managing Identity Risks36:51 Combining Prevention and Detection39:44 Real-World Applications and Challenges51:17 Personal Insights and Final ThoughtsConnect with Paul: https://www.linkedin.com/in/paulnguyen/Learn more about Permiso: https://permiso.io/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.com and watch at idacpodcast.tvKeywords:identity security, real-time monitoring, IAM, cybersecurity, identity exploitation, modern attacks, insider threats, honeypots, organizational structure, Non-Human Identities, Identity Security, Permiso, Risk Management, Insider Threat, Shadow IT, Identity Graph, ITDR, ISPM, Cybersecurity

26 Mar 56min