In this episode of the Identity at the Center podcast, Jeff and Jim discuss various aspects of identity access management (IAM) policies and the importance of having a solid foundation. They emphasize the need for automation, controls, and how IAM policies should be created without technology limitations in mind. The discussion also covers the implementation challenges and the evolving concept of identity verification. Jeff, Jim, and their guest, Nishant Kaushik, the new CTO at the FIDO Alliance, also delve into the issues surrounding the adoption of passkeys, highlighted by Rusty Deaton’s IDPro article, and address some common concerns about their security. Nishant offers insights into ongoing work at FIDO Alliance, the potential of digital identity, and the importance of community in the identity sector. The episode concludes with mentions of upcoming conferences and an homage to the late identity expert, Andrew Nash.

Timestamps

00:00 Introduction and Greetings

00:18 Importance of IAM Policies

01:36 Challenges in Policy Implementation

05:09 Conferences and Discount Codes

07:59 Introducing the Guest: Nishant Kaushik

08:42 The Role of the FIDO Alliance and Digital Identity

10:35 Concerns and Solutions for Passkeys

22:21 Final Thoughts on Passkeys and Authentication

29:48 Credential Security Concerns

30:03 FIDO Members and Their Contributions

30:38 Getting Involved in Working Groups

31:58 Conversations at Authenticate Conference

32:29 Evolution of the Authenticate Conference

34:32 Automotive Authentication Challenges

36:04 Community and Collaboration

38:33 Remembering Andrew Nash

41:41 Lightning Round: Current State of AI and Identity

44:21 Decentralized Identity: Current Trends

49:47 Non-Human Identity: Future Perspectives

52:19 New York Sports Fandom

54:33 Conclusion and Upcoming Events

Connect with Nishant: https://www.linkedin.com/in/nishantkaushik/

Learn more about the FIDO Alliance: https://fidoalliance.org/

IDPro Article by Rusty Deaton: https://idpro.org/blackhat-and-def-con-2025-thoughts/

Kill the Wallet? Rethinking the Metaphors Behind Digital Identity by Heather Flanagan: https://sphericalcowconsulting.com/2025/07/22/digital-wallet-metaphor/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

In this episode of the Identity at the Center podcast, hosts Jeff and Jim engage in an insightful conversation with Darren Rolls, a veteran in the Identity and Access Management (IAM) field. They discuss the complexities of identity fabrics, the evolving landscape of IAM, the impact of AI, and the challenges of integrating new technologies with legacy systems. Darren shares his thoughts on upcoming trends, practical advice for IAM practitioners, and even his personal experience with kite surfing. Tune in to gain expert perspectives on the future of IAM and the significance of continuous learning and adaptation in this dynamic field.

Connect with Darran: https://www.linkedin.com/in/darran-rolls/

Identity Innovations Blog: https://identityinnovationlabs.com/identity-insights/

Chapters

00:00 Introduction and Casual Banter

00:17 Discussing Identity Fabrics and Leadership Compass

03:19 Upcoming Conferences and Events

05:32 Interview with Darren Rolls: Identity Management Journey

09:09 Evolution and Challenges in Identity Management

24:41 Future of Identity Management and AI

32:05 The Future of IAM in the Age of AI

33:12 The Rise of Agent-Based Applications

34:12 Challenges in Identity and Access Management

35:31 Exploring Vibe Coding and AI Utilities

38:09 Monitoring and Telemetry in IAM

40:17 The Evolution of Identity Management

42:05 The Role of Laws in IAM Architecture

46:16 Balancing Legacy Systems with Future Innovations

51:39 Kite Surfing Adventures and Reflections

59:01 Closing Thoughts and Future Engagements

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Sponsored by Axonius. Visit https://www.axonius.com/idac to learn more.

In this sponsored episode of the Identity at the Center Podcast, hosts Jeff and Jim talk with Amir Ofek, the CEO of AxoniusX, about the company's innovative solutions in identity and access management (IAM). The discussion covers Amir's journey into IAM, the unique challenges of managing identities, and how AxoniusX's data-driven approach provides comprehensive visibility and intelligence. The episode breaks down various use cases, the importance of identity hygiene, automation of identity processes, and the newly recognized identity visibility and intelligence platform (IVIP) by Gartner.

Timestamps:

00:00 Introduction and Episode Overview

00:57 Guest Introduction: Amir, CEO of AxoniusX

01:12 Amir's Journey into Identity Access Management

02:40 Understanding Axonius and AxoniusX

08:03 The Importance of Identity Visibility and Intelligence

11:48 Challenges in Identity Management

22:10 Axonius's Approach to Identity Visibility

26:35 Leveraging AI and Machine Learning in Identity Management

31:18 Understanding Permission Changes and Their Importance

32:10 The Role of Observability in Axonius

32:37 Driving Actions with Axonius

33:30 Common Use Cases and Workflows

35:19 Axonius as a Swiss Army Knife

36:16 Ease of Use and AI Integration

38:49 Starting with Axonius and Measuring Value

43:42 Future Directions for Axonius

49:49 The Identity Community and Upcoming Events

51:23 Skiing Adventures and Tips

57:54 Conclusion and Final Thoughts

Connect with Amir: https://www.linkedin.com/in/amirofek/

Learn more about Axonius: https://www.axonius.com/idac

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at idacpodcast.com

In this episode of the Identity at the Center Podcast, hosts Jeff and Jim dive into the critical intersection of cloud security and identity and access management (IAM). They are joined by experts from RSM Justin Devine, Cloud Transformation Director, and Vaishnavi Vaidyanathan, Digital Identity Director, to discuss the challenges and strategies involved in explaining complex identity topics in business terms to executives. The conversation covers the integration of IAM with cloud initiatives, the importance of automation and governance, and actionable steps for improving cloud security and identity management. The episode also touches on the evolving role of identity in cybersecurity and offers practical advice for organizations undergoing cloud migrations.

Connect with Justin: https://www.linkedin.com/in/justindevine/

Connect with Vaishnavi: https://www.linkedin.com/in/vaishnavi-vaidyanathan-6913072b/

Learn more about RSM:

Digital Identity consulting: https://rsmus.com/services/risk-fraud-cybersecurity/cybersecurity-business-vulnerability/identity-and-access.html

Secure Cloud: https://rsmus.com/services/risk-fraud-cybersecurity/cybersecurity-business-vulnerability/secure-cloud.html

Check out more RSM & IDAC episodes: https://rsmus.com/insights/services/risk-fraud-cybersecurity/IDAC-podcast-featuring-RSMs-digital-identity-team.html

Chapters

00:00 Introduction and Banter

00:37 Explaining Identity in Business Speak

04:03 Conference Season and Upcoming Events

06:19 Intersection of Cloud Security and IAM

07:05 Guest Introductions: Justin and Vaishnavi

07:37 Vaishnav's Journey in Identity

12:20 Justin's Background and Cloud Security

14:32 Cloud and IAM Strategies

29:28 Challenges in Identity Management

30:09 Identity Orchestration and Cloud Transformation

31:07 Modernizing Identity for Cloud Adoption

33:03 Importance of Identity in Advanced Cloud Implementations

37:28 Identity Security and Monitoring in the Cloud

41:34 Practical Advice for Cloud and Identity Management

53:23 Music Preferences and Final Thoughts

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Join Jeff and Jim in this special episode of the Identity at the Center podcast as they celebrate crossing 1 million downloads. The hosts share a major announcement, thank their supporters, and discuss the journey and future of the podcast. They also delve into the world of Identity and Access Management (IAM) with guest Anthony Viggiano, covering key topics such as access reviews, roles, data integration, and non-human identities. Anthony shares his insights on making access reviews effective, future-proofing IAM programs, and the pragmatic approaches to identity governance. Plus, learn about Anthony's passion for mountain biking and some tips for beginners. Don't miss this episode packed with valuable IAM insights and a momentous celebration!

Timestamps:

00:00 Introduction and Banter

00:33 Major Milestone Announcement

02:58 Upcoming Events and Conferences

06:54 Guest Introduction: Anthony Viggiano

09:48 Anthony's Journey into Identity

11:08 Challenges in Identity Management

12:24 Non-Human Identities and AI

16:34 Access Reviews: Security Theater?

24:08 Making Access Reviews Effective

26:29 Effective Access Reviews: Overcoming Challenges

29:29 Role-Based Access Control (RBAC) Insights

32:29 Exploring Attribute-Based Access Control (ABAC)

37:56 Centralizing Identity Governance

45:47 Future-Proofing Identity Programs

47:35 Mountain Biking: A Metaphor for Life

54:54 Closing Thoughts and Community Support

Connect with Anthony: https://www.linkedin.com/in/anthonyviggiano/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

This episode is sponsored by P0 Security. Visit p0.dev/idac to learn why P0 is the easiest and fastest way to implement just-in-time, short-lived, and auditable access to your entire infrastructure stack, like servers, databases, Kubernetes clusters, cloud consoles, and cloud services, for users as well as non-human identities.

In this sponsor spotlight episode, Jim and Jeff are joined by Shashwat Sehgal, CEO and founder of P0 Security, to discuss the evolving challenges of privileged access management in modern, cloud-native environments. Shashwat explains how traditional PAM solutions often create friction for developers, leading to over-provisioning and security risks, and how P0 is tackling this problem with a developer-first, just in time (JIT) access model. The conversation covers the core problems with developer productivity, how P0's use of technologies like eBPF provides deep visibility and control without agents, the "Priority Zero" philosophy, and how a JIT approach simplifies audits and compliance. They also discuss the competitive landscape and what sets P0 Security apart from traditional and open-source solutions.

Learn more about P0: https://www.p0.dev/idac

Connect with Shashwat: https://www.linkedin.com/in/shashwatsehgal/

Chapter Timestamps:

00:00 - Podcast Intro

00:29 - Sponsor Introduction: P0 Security

01:38 - What is the problem P0 Security is trying to solve?

03:52 - Defining "Just-in-Time" (JIT) Access

06:21 - The challenge with traditional PAM for developers

08:23 - How P0 provides access without agents using eBPF

12:15 - What does the user experience look like?

15:58 - Supporting various infrastructure and access protocols

19:15 - How does P0 handle session recording and auditing?

22:20 - Is this a replacement for Privileged Access Management (PAM)?

26:40 - The story behind the name P0 Security

29:20 - Who is the ideal customer for P0?

33:15 - Handling break-glass scenarios

36:04 - Discussing the competitive landscape

42:30 - How is P0 deployed? (Cloud vs. On-prem)

46:50 - The future of P0 and the "Priority Zero" philosophy

50:32 - Final thoughts: "Access is our priority zero."

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Keywords:

P0 Security, Shashwat Sagal, Privileged Access Management, PAM, Just-in-Time Access, JIT, Developer Security, Cloud-Native Security, Hybrid Cloud, eBPF, Kubernetes, IAM, Identity and Access Management, Cybersecurity, Zero Trust, Ephemeral Access, Developer Experience, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

Join hosts Jeff Steadman and Jim McDonald as they explore the critical intersection of attack surface management (ASM) and digital identity with Dan Lauritzen, Director with RSM Defense - RSM’s Managed Security Team. This episode dives deep into how identity has become a key component of your organization's attack surface and why breaking down silos between identity teams and Security Operations Centers is more crucial than ever.

Dan brings a unique perspective from his military background as a human intelligence collector to his current role in detection and response. Learn about the cyber kill chain, understand when you might have too much data, and discover practical strategies for treating identities as assets that need continuous protection.

Whether you're an identity practitioner looking to expand your security knowledge or a cybersecurity professional wanting to better understand identity's role in attack surface management, this conversation offers valuable insights and actionable takeaways.

Key topics include XDR platforms, ITDR tools, the evolution from legacy SIEM to modern detection systems, and why the future of security requires collaboration between traditionally separate teams.

Chapter Timestamps

00:00 - Introduction and Industry Trends

01:00 - AI and Technology Disruption Discussion

02:00 - Upcoming Conference Schedule and Discount Codes

04:00 - Podcast Milestone - Approaching One Million Downloads

06:30 - Introducing Dan Lauritzen and RSM Defense Team

09:00 - Dan's Background - From Military to Cybersecurity

12:00 - What is Attack Surface Management?

14:00 - Treating Identities as Assets

16:00 - The Cyber Kill Chain Explained

18:00 - Why Identity and SOC Teams Operate in Silos

21:00 - The Role of Data in Modern Security Operations

23:00 - Continuous Identity Management and Shared Signals Framework

26:00 - Can You Have Too Much Data?

29:00 - Breaking Down Silos Between Identity and SOC Teams

32:00 - Practical Collaboration Strategies

34:00 - SIEM vs XDR vs ITDR - Understanding the Tool Landscape

41:00 - Pragmatic Security Strategies and Metrics

44:00 - Biggest Misconceptions About Attack Surface Management

45:00 - Military Background - Human Intelligence Collection

48:00 - Communication Tips for Better Information Gathering

51:00 - Closing and Contact Information

Connect with Dan: https://www.linkedin.com/in/daniel-lauritzen-67545045/

Cyber Kill Chain: https://en.wikipedia.org/wiki/Cyber_kill_chain

Learn more about RSM:

• RSM Defense Managed Security: https://rsmus.com/services/risk-fraud-cybersecurity/managed-security-services.html
• RSM Digital Identity: https://rsmus.com/services/risk-fraud-cybersecurity/cybersecurity-business-vulnerability/identity-and-access.html

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Keywords

IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Dan Lauritzen, RSM, attack surface management, cybersecurity, digital identity, SOC, Security Operations Center, XDR, ITDR, SIEM, cyber kill chain, detection and response, identity security, human intelligence, military cybersecurity, continuous identity management, shared signals framework, UEBA, threat detection, zero trust, privileged access management, identity governance, security metrics, vendor management, cloud security, endpoint security, data correlation, security silos, collaboration strategies, identity assets, orphaned accounts, entitlement creep, attack surface reduction, security automation, AI in security, machine learning security, identity sprawl, security tools, cybersecurity consulting, managed security services, security monitoring, incident response, threat hunting, vulnerability management, risk assessment, compliance, security architecture, defense strategy

In this episode of the Identity at the Center podcast, hosts Jeff and Jim dive into an enriching discussion with Shawna Hofer, Chief Information Security Officer at St. Luke's Health System in Idaho. Discover the vital link between cybersecurity and patient safety, the evolving role of AI in healthcare, and the challenges of integrating new technologies securely. Shawna shares her unique journey from an identity and access management manager to a CISO, offering valuable insights on risk management, data privacy, machine identities, and resilient security infrastructure. This is a must-watch episode for anyone interested in the intersection of healthcare and cybersecurity!

Timestamps:

00:00 Introduction and Podcast Overview

00:37 ID Pro Membership Benefits

03:35 Conferences and Events

06:03 Introducing Shawna Hofer

07:00 Shawna’s Journey to CISO10:55 Identity Security in Healthcare

13:49 Balancing Security and User Experience

19:08 Challenges with IoT in Healthcare

24:27 AI in Healthcare Security

30:01 Upskilling for AI in Security

33:07 The Ever-Improving AI Landscape

33:21 Embracing the AI Mindset

33:58 Resiliency in Healthcare and AI

35:06 The Future of Jobs in an AI-Driven World

37:37 Trusting AI in Security Decisions

40:56 Learning the Language of Risk

43:44 Making the Business Case for Identity

45:50 Balancing Security Investments

51:48 The Future of Healthcare and AI

54:40 Fun and Food: The Potato Question

01:02:13 Closing Remarks and Farewell

Connect with Shawna: https://www.linkedin.com/in/shawna-hofer-7259b21a/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com