Live from Authenticate 2025, Jeff Steadman and Jim McDonald sit down with Dr. Tina Srivastava, an IDPro board member and co-founder of Badge Inc., for a crucial discussion on the rapidly evolving landscape of identity and authentication.

Tina shares her insights on the conference, the evolution from physical hacks to sophisticated AI-driven threats like supercharged phishing, and the current challenges facing the industry. The conversation delves into the complexities of synced Passkeys, the critical vulnerability of account recovery processes, and the slow pace of regulation in keeping up with technology.

As a board member for IDPro, Tina highlights the immense value of the practitioner-focused community, the supportive culture within its Slack channels, and makes an exciting announcement about the creation of new member-driven committees to shape the future of the organization. They explore the concept of the "AI arms race" and why identity professionals cannot afford to wait for the next big thing, emphasizing that collaboration and information sharing through communities like IDPro are essential to staying ahead of adversaries.

Connect with Tina: https://www.linkedin.com/in/tina-s-8291438a/

Find out more about IDPro: https://www.idpro.org/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Chapters

00:00 Introduction and Greetings

00:16 Highlights from Authenticate 2025

01:39 FIDO Feud Rematch Discussion

03:17 Guest Introduction: Tina Srivastava

03:46 Conference Insights and AI Challenges

06:16 Regulatory Environment and Passkeys

09:11 Phishing and AI Supercharged Attacks

12:28 QR Codes and Accessibility Issues

13:09 The Importance of Phishing Resistant Authentication

22:24 IDPro Community and Practitioner Support

25:18 Community Support and Engagement

26:26 IDPro's Role in Identity Events

27:48 Future Directions for IDPro

29:19 Introducing Committees in IDPro

30:39 AI and Identity Verification

37:07 The Importance of Information Sharing

45:35 Public Speaking and Personal Growth

50:58 Conclusion and Final Thoughts

Keywords

IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Tina Srivastava, IDPro, Authenticate 2025, Passkeys, AI, Artificial Intelligence, Cybersecurity, Phishing, Deepfakes, Authentication, Account Recovery, Biometrics, Identity and Access Management, IAM, NIST, Regulation, Identity Verification, Synced Passkeys, FIDO Alliance

This episode is sponsored by HYPR. Visit hypr.com/idac to learn more.

In this episode from Authenticate 2025, Jim McDonald and Jeff Steadman are joined by Bojan Simic, Co-Founder and CEO of HYPR, for a sponsored discussion on the evolving landscape of identity and security.

Bojan shares his journey from software engineer to cybersecurity leader and dives into the core mission of HYPR: providing fast, consistent, and secure identity controls that complement existing investments. The conversation explores the major themes from the conference, including the push for passkey adoption at scale and the challenge of securely authenticating AI agents.

A key focus of the discussion is the concept of "Know Your Employee" (KYE) in a continuous manner, a critical strategy for today's remote and hybrid workforces. Bojan explains how the old paradigm of one-time verification is failing, especially in the face of sophisticated, AI-powered social engineering attacks like those used by Scattered Spider. They discuss the issue of "identity sprawl" across multiple IDPs and why consolidation isn't always the answer. Instead, Bojan advocates for a flexible, best-of-breed approach that provides a consistent authentication experience and leverages existing security tools.

Connect with Bojan: https://www.linkedin.com/in/bojansimic/

Learn more about HYPR: https://www.hypr.com/idac

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at idacpodcast.com

Chapter Timestamps:

00:00 - Introduction at Authenticate 2025

00:23 - Sponsored Episode Welcome: Bojan Simic, CEO of HYPR

01:11 - How Bojan Simic Got into Identity and Cybersecurity

02:10 - The Elevator Pitch for HYPR

04:03 - The Buzz at Authenticate 2025: Passkeys and Securing AI Agents

05:29 - The Trend of Continuous "Know Your Employee" (KYE)

07:33 - Is Your MFA Program Enough Anymore?

09:44 - Hackers Don't Break In, They Log In: The Scattered Spider Threat

11:19 - How AI is Scaling Social Engineering Attacks Globally

13:08 - When a Breach Happens, Who's on the Hook? IT, Security, or HR?

16:23 - What is the Right Solution for Identity Practitioners?

17:05 - The Critical Role of Internal Marketing for Technology Adoption

22:27 - The Problem with Identity Sprawl and the Fallacy of IDP Consolidation

25:47 - When is it Time to Move On From Your Existing Identity Tools?

28:16 - The Role of Document-Based Identity Verification in the Enterprise

32:31 - What Makes HYPR's Approach Unique?

35:33 - How Do You Measure the Success of an Identity Solution?

36:39 - HYPR's Philosophy: Never Leave a User Stranded

39:00 - Authentication as a Tier Zero, Always-On Capability

40:05 - Is Identity Part of Your Disaster Recovery Plan?

41:36 - From the Ring to the C-Suite: Bojan's Past as a Competitive Boxer

47:03 - How to Learn More About HYPR

Keywords:

IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Bojan Simic, HYPR, Passkeys, Know Your Employee, KYE, Continuous Identity, Identity Verification, Authenticate 2025, Phishing Resistant, Social Engineering, Scattered Spider, AI Security, Identity Sprawl, Passwordless Authentication, FIDO, MFA, IDP Consolidation, Zero Trust, Cybersecurity, IAM, Identity and Access Management, Enterprise Security

In this episode, Jim McDonald and Jeff Steadman are joined by Steve Rennick, Senior Leader for IAM Architecture at Ciena, for a wide-ranging discussion on the most pressing topics in identity today.

The conversation kicks off with a practical look at vendor demos, sharing best practices for cutting through the slideware and getting to the heart of a product's capabilities. From there, they dive deep into the complex world of Non-Human Identities (NHI). Steve shares his practitioner's perspective on why NHIs are such a hot topic, the challenges of managing them, and the risks they pose when left unchecked.

The discussion covers:

• Why traditional IAM approaches fail for non-human identities.
• The importance of visibility and creating a standardized process for NHI creation.
• The debate around terminology: NHI vs. machine identity vs. service accounts.
• The reasons for NHI's current prominence, including threat actors shifting focus away from MFA-protected human accounts.
• Practical, actionable advice for getting a handle on legacy service accounts.
• The emerging challenge of IAM for AI and the complexities of managing agentic AI.
• The critical role of authorization and the future of policy-based access control.

Whether you're struggling with service account sprawl, preparing for an AI-driven future, or just want to run more effective vendor demos, this episode is packed with valuable insights.

Connect with Steve: https://www.linkedin.com/in/steven-rennick/

ARIA (Agent Relationship-Based Identity & Authorization) LinkedIn Post from Patrick Parker: https://www.linkedin.com/posts/patrickparker_ai-agent-authorization-activity-7335265428774031360-braE/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

CHAPTER TIMESTAMPS:

00:00:10 - Introduction & The Art of the Vendor Demo

00:08:02 - Steve Rennick's Take on Vendor Demos

00:12:39 - Formal Introduction: Steve Rennick

00:14:45 - Recapping the Identiverse Squabble Game Show

00:17:22 - The Hot Topic of Non-Human Identities (NHI)

00:22:22 - Is NHI a Joke or a Serious Framework?

00:26:41 - The Controversy Around the Term "NHI"

00:30:24 - How to Simplify NHI for Practitioners

00:34:06 - First Steps for Getting a Handle on NHI

00:37:20 - Can Active Directory Be a System of Record for NHI?

00:45:08 - Why is NHI a Hot Topic Right Now?

00:51:19 - The Challenge of Cleaning Up Legacy NHIs

00:58:00 - IAM for AI: Managing a New Breed of Identity

01:03:33 - The Future is Authorization

01:06:22 - The Zero Standing Privilege Debate

01:10:39 - Favorite Dinosaurs and Outro

KEYWORDS:

NHI, Non-Human Identity, Machine Identity, Service Accounts, Vendor Demos, IAM for AI, Agentic AI, Authorization, Zero Trust, Zero Standing Privilege, Secrets Management, IAM Strategy, Cybersecurity, Identity and Access Management, Steve Rennick, Ciena, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

In this episode of the Identity at the Center podcast, Jim McDonald interviews Sebastian Rohr, the Chief Troublemaker at Umbrella Labs. They discuss the evolution of identity management, the challenges of digital identity, and the importance of national ID systems. Sebastian shares his personal journey into the identity field, the impact of digital identities on individuals, and the challenges faced in developing countries regarding identity verification. The conversation also touches on the role of AI in identity management, the importance of community in the identity space, and the cultural significance of German Unification Day.

Connect with Sebastian: https://www.linkedin.com/in/sebastianrohr/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Chapters

00:00 Introduction and Guest Introduction

05:13 Sebastian's Origin Story in Identity

11:00 The Evolution of Identity Verification

15:24 Challenges in Identity Verification Technology

20:13 The Importance of Birth Registration

26:58 Real-World Stories from Identity Management

32:30 Tips for Identity Practitioners

35:22 Finding the Right Balance in Digital Transformation

36:21 EUDI: The Future of Digital Identity

40:02 Addressing Bias in Identity Systems

44:11 The Impact of AI on Identity Management

52:20 The Rise of Identity Beer: Community and Connection

59:40 Celebrating German Unification Day

Keywords

identity, decentralized identity, digital identity, identity verification, national ID systems, AI in identity, identity management, global identity challenges, identity beer, German unification

In this episode of the Identity at the Center Podcast, Eve Maler, founder and CEO of Venn Factory joins host Jim McDonald. They discuss the significance of identity in the corporate world; detailing Eve's new book aimed at educating CEOs on the importance of treating identity as a strategic asset rather than mere infrastructure. They explore concepts like the evolving role of identity in security, the increasing risks posed by AI and cybersecurity threats, and the potential for organizational paralysis without proper identity management. Eve emphasizes the need for cross-functional focus and strategic ownership of identity functions within companies. The episode concludes with insights into public speaking and preparation, providing listeners with practical advice and industry insights.

Connect with Eve: https://www.linkedin.com/in/evemaler/

Chapters

00:00 Introduction and Guest Welcome00:32 The Story Behind 'Venn Factory'02:09 Eve Maler's Book for CEOs04:42 The Importance of Digital Identity10:53 AI and Its Impact on Executives17:25 Organizational Challenges in Identity Management23:49 The Role of Identity in Organizations24:44 Escaping Organizational Paralysis25:08 Valuing Identities in the Digital Age28:13 B2B Identity Dynamics35:21 The Rise of Identity Security42:32 Public Speaking Tips and Lighter Notes

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

This episode of the Identity at the Center podcast delves into the complex topic of death and the digital estate (DADE). Jim McDonald hosts Dean Saxe, Heather Flanagan, and Mike Kiser, who discuss the importance of planning for digital assets after death, the cultural implications of digital identity, and the evolving role of technology in managing these assets. They emphasize the need for individuals to take proactive steps in documenting their digital estate and the challenges posed by varying legal frameworks and cultural perspectives. The conversation also touches on the future of digital identity in the age of AI and the ethical considerations surrounding it.

Episode Links:

Death and the Digital Estate (DADE) Community Group: https://openid.net/cg/death-and-the-digital-estate/

Connect with Dean: https://www.linkedin.com/in/deanhsaxe/

Connect with Heather: https://www.linkedin.com/in/hlflanagan/

Connect with Mike: https://www.linkedin.com/in/mike-kiser/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Chapters

00:00 Introduction to Identity at the Center Podcast00:10 Introduction to the Death and Digital Estate (DADE) group03:07 The Role of Identity in Digital Estates06:01 Understanding Digital Estate and Its Components09:09 Community Groups vs. Working Groups in Standards11:59 The Importance of Digital Estate Management15:09 Cultural Perspectives on Digital Death18:12 Legal and Ethical Considerations in Digital Estates20:59 Future of Digital Estate Planning24:03 Conclusion and Call to Action31:33 Cultural Frameworks and Digital Estates35:12 The Importance of Protocols in Digital Estate Management39:30 Navigating Digital Wills and Estate Planning42:19 Challenges in Digital Recovery and Access45:18 Actionable Steps for Digital Estate Planning48:52 Personal Reflections on Digital Legacy50:57 The Future of Digital Remembrance54:25 Final Thoughts and Community Engagement

Keywords

digital estate, death, identity management, OpenID Foundation, digital assets, cultural perspectives, technology, legal considerations, AI, planning guide

This episode is sponsored by Hush Security. Visit hush.security/idac to learn more.

In this sponsored episode of Identity at the Center, hosts Jeff Steadman and Jim McDonald spotlight Hush Security, a company emerging from stealth with an innovative approach to machine identity and access management. CEO and co-founder Micha Rave explains why traditional secrets vaults can’t keep up with today’s scale, what it means to truly go “secrets-free,” and how Hush enables visibility, governance, and operability for modern and legacy environments alike.

Discover:

• The real difference between non-human identities and static keys
• Why legacy secrets management is breaking in the cloud and automation age
• Hush Security’s journey from stealth mode to active customers
• The business case for removing vaults (and the risks with “hope and prayer” key rotation)
• How to transition to policy-based access—and measurement metrics for success
• Fun discussions on pancakes vs. waffles in security leadership (really!)

Learn more about Hush Security and get a free environment assessment: hush.security/idac

Connect with Micha: https://www.linkedin.com/in/micharave/

Connect with IDAC on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at idacpodcast.com

#idac #identitymanagement #machineidentity #secretsmanagement #podcast #cybersecurity #JimMcDonald #JeffSteadman #HushSecurity #IdentityattheCenter

Chapters / Timestamps:

00:00 - Welcome and Introduction (Hosts: Jeff and Jim)

01:00 - Introducing Micha Rave and Hush Security

03:00 - Micha’s Background and the Hush Team’s Journey

06:00 - What Is Hush Security and Why Now?

09:00 - Leaving Stealth Mode: Patents and Novel Approaches

12:00 - What Makes Hush Special? Remediation vs. Visibility

15:00 - Vaults vs. Secrets-Free Approach & Industry Gaps

18:00 - Non-Human Identities: Static Keys, Secrets, and Access

22:00 - Solving Problems Beyond Cloud: Custom vs. Packaged Software

26:00 - The Scale of Machine Identity in the Cloud and Automation Age

29:00 - Why Secrets Management Is Breaking and the Case for Policy-Based Access

34:00 - From Scanning to Policy Enforcement: How Hush Works

39:00 - Metrics, Success, and Executive Buy-in for Modern IAM

43:00 - How to Get Started with Hush Security (Free Assessments)

46:00 - Micha’s Conference Plans and Final Thoughts

49:00 - Pancakes or Waffles?

Keywords:

IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Hush Security, machine identity, secrets management, secrets vault, IAM, cybersecurity, sponsored episode, non-human identities, policy-based access, vault elimination, cloud security, automation, zero trust, Micha Rave, podcast, identity management

In this episode of the Identity at the Center podcast, hosts Jeff and Jim dive into the concept of device identity within a Zero Trust framework. They are joined by Shea McGrew, CTO of Maricopa County Arizona, who provides insights into the importance of managing not just human but also device identities. The discussion explores the philosophical debate on whether machines can have identities, Zero Trust principles, and their application in a diverse and semi-autonomous organizational structure like that of the county government. Shea also shares her career journey, emphasizing the importance of curiosity, customer service, and continuous learning in IT. The episode wraps up with a light-hearted conversation on the never-ending pursuit of knowledge.

Connect with Shea: https://www.linkedin.com/in/shea-m-6b82a36/

Timestamps:

00:00 Introduction and Podcast Theme

00:17 Defining Identity in Cybersecurity

01:34 Debate: Can Non-Humans Have Identities?

01:57 Guest Introduction: Shea McGrew

04:15 Shea's Career Journey and Role as CTO

09:28 Challenges and Rewards of Being a CTO

11:41 Identity Strategy at Maricopa County

14:48 Device Identity and Zero Trust Architecture

29:56 Managed vs. Unmanaged Devices

40:15 Understanding the NIST Framework

42:52 Balancing Technology and People

43:58 Training and Partner Collaboration

48:03 Organizational Change Management

50:40 Future of Device Identity

54:40 Debating Machine Identity

01:06:36 Curiosity as an Olympic Sport

01:13:00 Conclusion and Final Thoughts

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com