This episode is sponsored by Aembit. Visit aembit.io/idac to learn more.

Jeff and Jim welcome David Goldschlag, CEO and Co-founder of Aembit, to discuss the rapidly evolving world of non-human access and workload identity. With the rise of AI agents in the enterprise, organizations face a critical challenge: how to secure software-to-software connections without relying on static, shared credentials.

David shares his unique background, ranging from working on The Onion Router (Tor) at the Naval Research Lab to the DIVX rental system, and explains how those experiences inform his approach to identity today. The conversation covers the distinction between human and non-human access, the risks of using user credentials for AI agents, and why we must shift from managing secrets to managing access policies.

This episode explores real-world use cases for AI agents in financial services and retail, the concept of hybrid versus autonomous agents, and practical advice for identity practitioners looking to get ahead of the agentic AI wave.

Visit Aembit: https://aembit.io/idac

Connect with David: https://www.linkedin.com/in/davidgoldschlag

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at idacpodcast.com

Timestamps

00:00 - Intro00:51 - Pronunciation of Aembit and the extra 'E'01:56 - David's background: From NSA to Enterprise Security04:58 - The meaning behind the name Aembit06:00 - David's history with The Onion Router (Tor)10:00 - Differentiating Non-Human Access from Workforce IAM11:39 - The security risks of AI Agents using human credentials14:15 - Manage Access, Not Secrets16:00 - Use Cases: Financial Analysts and Retail24:00 - Hybrid Agents vs. Autonomous Agents30:38 - Will we have agentic versions of ourselves?36:45 - How Identity Practitioners can handle the AI wave38:33 - Measuring success and ROI for workload identity43:20 - A blast from the past: DIVX and Circuit City52:15 - Closing

Keywords

IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Aembit, David Goldschlag, Non-human access, Workload Identity, AI Agents, Machine Identity, Cybersecurity, IAM, InfoSec, Tor, DIVX, Zero Trust, Secrets Management, Authentication, Authorization

In this episode of The Identity at the Center Podcast, hosts Jim McDonald and Jeff Steadman catch up with John Tolbert, Director of Cybersecurity Research at KuppingerCole Analysts, to talk about the rapidly evolving world of Fraud Reduction Intelligence Platforms (FRIP).

They explore:

• The six capabilities of modern fraud reduction systems
• How AI and machine learning are both helping and hurting fraud prevention
• Why shared signals and orchestration are critical for financial and e-commerce use cases
• How identity verification, device intelligence, and behavioral biometrics work together
• The role of usability and integration in FRI adoption

Plus, stick around for a fun discussion about concerts, classic rock, and which legendary bands they wish they’d seen live.

Listen now to learn how identity, fraud, and AI are colliding — and what’s next for fraud intelligence.

Connect with John: https://www.linkedin.com/in/john-tolbert/

Fraud Reduction Intelligence Platforms - Finance (KuppingerCole Report): https://www.kuppingercole.com/research/lc80841/fraud-reduction-intelligence-platforms-finance

Fraud Reduction Intelligence Platforms - eCommerce (KuppingerCole Report): https://www.kuppingercole.com/research/bc81030/fraud-reduction-intelligence-platforms-ecommerce

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Chapter Timestamps:

00:00 – Jim’s passwordless rant and setup woes

05:00 – Introducing guest John Tolbert

06:30 – Catching up: four years since John’s last appearance

07:30 – What is CIAM and how has it evolved?

09:30 – Understanding Fraud Reduction Intelligence Platforms (FRIP)

10:00 – The six core capabilities of FRI solutions

13:00 – Are most vendors point solutions or full platforms?

14:00 – How identity verification is improving

16:00 – SaaS and API-driven fraud detection models

18:00 – What kinds of fraud can (and can’t) FRI prevent?

21:00 – The growing problem of bots and automation

22:00 – Fraud trends in finance: scams, account takeovers, and synthetic identities

25:00 – Information sharing and the role of shared signals

28:00 – Collaboration vs. competition in fraud prevention

31:00 – Fraud in e-commerce: bots, loyalty points, and returns abuse

34:00 – Streaming and citizen fraud use cases

36:00 – Where do FRI capabilities fit within IAM platforms?

43:00 – The importance of orchestration and integration

44:30 – The role of AI and ML in fraud prevention

47:30 – Smart questions for evaluating FRI vendors

50:30 – Concert talk: Pink Floyd, Metallica, and the ones that got away

58:00 – Wrap-up and where to find John Tolbert’s reports

Keywords:

Fraud Reduction Intelligence, FRI Platforms, John Tolbert, KuppingerCole, Identity at the Center, IDAC, IAM, CIAM, Cybersecurity Research, Fraud Prevention, Machine Learning, Artificial Intelligence, Behavioral Biometrics, Device Intelligence, Identity Verification, Risk Orchestration, API Security, Financial Fraud, E-Commerce Fraud, Shared Signals, Jim McDonald, Jeff Steadman, IDAC Podcast

Jim McDonald and Jeff Steadman sit down with Mike Reiring of RSM at InfoSec World 2025 to explore how managed service providers are reshaping IT and identity operations. They dig into the differences between MSPs and MSSPs, how to choose the right partner, and how AI is transforming help desks, problem management, and security monitoring. The conversation closes with a fun dive into Mike’s passion for photography and how creativity ties into continuous learning in tech.

Connect with Mike: https://www.linkedin.com/in/mreiring/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Chapters

00:00 Intro – Live from InfoSec World 2025

02:00 Meet Mike Reiring of RSM

04:30 Evolution of Managed Service Providers

06:30 Shared Accounts, Identity, and Security Maturity

09:00 Vendor Gaps and Federated Access Challenges

11:30 What Makes a Good MSP Partner

13:00 The Cost and Effort of Changing Providers

16:30 MSP vs MSSP – Key Differences

18:30 Coordination Between Managed Providers

21:30 Top 3 Questions to Ask Your MSP

25:00 Identity Ownership: IT or Security?

27:30 Licensing, Active Directory, and Hidden Accounts

30:00 RFP Challenges and Procurement Pitfalls

32:00 Measuring Risk and Reducing Identity Exposure

34:30 Vendor Management and Shadow IT Risks

35:00 How AI Is Transforming MSP and MSSP Operations

38:30 AI, Problem Management, and the Future of Help Desks

42:30 Photography, Creativity, and Continuous Learning

48:00 Closing Thoughts and IDAC Outro

Keywords

IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Mike Reiring, RSM, InfoSec World 2025, Managed Service Provider, MSP, MSSP, AI in Cybersecurity, Help Desk, Identity Management, Managed Identity, Partner Transparency, IT Outsourcing, Risk Reduction, Problem Management, Active Directory, DaVinci Resolve, Photography in Tech, Identity Governance, Cybersecurity Podcast

In this episode of the Identity at the Center podcast, hosts Jeff and Jim broadcast from InfoSec World 2025, sharing lively discussions on identity management, AI security, and identity's evolving role in information security. They are joined by Ross Young and G Mark Hardy, co-hosts of the CISO Tradecraft podcast, who share their journeys into cybersecurity, illuminating how identity intersects with cybersecurity topics like deep fakes, AI implications, and non-human identities. The conversation also covers practical advice for securing budget approvals for identity projects and speculations on the role of AI in cybersecurity's future. The episode wraps up with each guest sharing personal ideas for potential new podcast ventures.

The CISO Tradecraft podcast: CISOTradecraft.com

Connect with Ross: https://www.linkedin.com/in/mrrossyoung/

Connect with G Mark: https://www.linkedin.com/in/gmarkhardy/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Chapters

00:00 Introduction and Welcome

00:16 Live from InfoSec World 2025

00:52 Shoutouts and Day Jobs

01:37 Meeting Ross and G Mark from the CISO Tradecraft podcast

02:22 Ross's Journey into Cybersecurity

04:24 G Mark's Cybersecurity Career Path

07:44 Top Concerns for CISOs Today

09:53 The Role of Identity in Cybersecurity

16:18 Challenges and Trends in Identity Management

24:33 Pitching Identity Projects to CISOs

32:21 The Role of AI in Automating SOC Operations

33:23 AI's Impact on Developer Efficiency

35:48 The Future of AI-Assisted Coding

37:42 Challenges and Opportunities in AI and Cybersecurity

39:46 The Importance of Human Expertise in AI Development

48:17 The Role of Identity in Information Security

49:44 Introduction to CISO Tradecraft Podcast

55:24 Podcasting Tips and Personal Interests

01:00:48 Conclusion and Final Thoughts

Keywords:

Identity at the Center, IDAC, CISO Tradecraft, InfoSec World 2025, cybersecurity leadership, identity security, IAM, AI security, Jeff Steadman, Jim McDonald, Ross Young, G. Mark Hardy, InfoSec, CISOs, cyber career development, non-human identity, deepfakes, security automation

This episode is sponsored by Nexis. Visit nexis-secure.com/idac to learn more.

In this sponsored episode of *Identity at the Center*, host Jim McDonald sits down with Dr. Heiko Klarl, CEO of Nexis, to explore how the company is advancing authorization governance for modern enterprises. Dr. Klarl explains how Nexis builds visibility and control across fragmented identity landscapes and why “better together” is the right strategy for enterprises with multiple IAM systems.

They discuss the emerging Identity Visibility and Intelligence Platform (IVIP) category, the value of automation and remediation in governance, Nexis’s unique “health check” service, and their ISPM capability that helps clients identify unnecessary access—and even save on software licensing.

Learn how Nexis integrates with IGA and PAM tools, streamlines application onboarding, and helps customers measure the real business impact of their identity programs.

Connect with Heiko: https://www.linkedin.com/in/heiko-klarl/

More about Nexis: https://nexis-secure.com/idac

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at idacpodcast.com

Chapters

00:00 Introduction and Sponsor Message

00:42 Meet Dr. Heiko Klarl, CEO of Nexis

01:29 Dr. Klarl's Journey into Identity and Access Management

03:09 What Does Nexis Do?

05:00 Challenges in Authorization Governance

06:43 The Importance of Visibility in Identity Systems

08:23 Nexis' Role in Enhancing Existing IAM Investments

10:05 The Concept of IVIP and Its Relevance

21:48 Nexis Platform Capabilities

23:24 The Health Check: A Deep Dive

27:22 Understanding Health Check Costs

28:27 Exploring ISPM and License Management

32:09 How Nexis Integrates with IGA Systems

34:11 Application Onboarding and Compliance

36:38 Measuring Value and Success with Nexis

43:10 Global Reach and Market Focus

45:02 Connecting at Conferences

46:49 Visiting Germany: Recommendations and Insights

50:17 Final Thoughts and Resources

Keywords

IDAC, Identity at the Center, Jim McDonald, Jeff Steadman, Dr. Heiko Klarl, Nexis, Nexis Secure, NEXIS 4, authorization governance, role mining, role management, IGA, IAM, IVIP, Identity Visibility and Intelligence Platform, access certification, remediation automation, health check, ISPM, Identity Security Posture Management, license management, enterprise identity, compliance, visibility, identity governance, access review, Gartner IAM, EIC, KuppingerCole

Live from Authenticate 2025, Jeff Steadman and Jim McDonald sit down with the Cal Ripken of IDAC, Andrew Shikiar, Executive Director and CEO of the FIDO Alliance. Andrew shares exciting updates on the incredible progress of Passkeys, revealing that over 3 billion are now in use securing accounts. We discuss the key themes of the conference, including the ongoing arms race with AI in security and the critical role of identity verification. Andrew also unveils the new Passkey Index, an initiative to provide industry benchmarks for deployment success. Looking ahead, the conversation shifts to the FIDO Alliance's broadening focus on digital credentials and wallets, aiming to solve the usability and certification challenges that have held the space back. Finally, we hear about the global expansion of the Authenticate conference brand, with a new event launching in Singapore.

Connect with Andrew: https://www.linkedin.com/in/andrewshikiar/

Learn more about FIDO: https://fidoalliance.org/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Chapter Timestamps:

00:00:00 - Introduction to Authenticate 2025 Themes

00:02:50 - Welcoming Andrew Shikiar of the FIDO Alliance

00:04:00 - Andrew's Keynote: Passkey Progress and Future Goals

00:05:17 - Over 3 Billion Passkeys in Use

00:06:57 - Improving the Passkey User Experience (UX)

00:09:02 - Introducing the Passkey Index for Benchmarking

00:10:46 - The Growth of the Authenticate Conference

00:14:55 - FIDO Alliance's New Focus: Digital Credentials and Wallets

00:17:25 - Overcoming Hurdles in Digital Credential Adoption

00:20:03 - The Role of Major Stakeholders in FIDO's Success

00:23:05 - The Future of the Authenticate Conference

00:24:00 - Announcing Authenticate APAC in Singapore

00:25:07 - Global Differences in Passkey Adoption

00:28:19 - Closing Thoughts and FIDO Feud Recap

Keywords:

Andrew Shikiar, FIDO Alliance, Passkeys, Authenticate 2025, identity verification, digital credentials, digital wallets, passwordless, WebAuthn, user experience, Passkey Index, cybersecurity, authentication, mobile driver's license, multi-factor authentication, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

Live from Authenticate 2025, Jeff Steadman and Jim McDonald sit down with Dr. Tina Srivastava, an IDPro board member and co-founder of Badge Inc., for a crucial discussion on the rapidly evolving landscape of identity and authentication.

Tina shares her insights on the conference, the evolution from physical hacks to sophisticated AI-driven threats like supercharged phishing, and the current challenges facing the industry. The conversation delves into the complexities of synced Passkeys, the critical vulnerability of account recovery processes, and the slow pace of regulation in keeping up with technology.

As a board member for IDPro, Tina highlights the immense value of the practitioner-focused community, the supportive culture within its Slack channels, and makes an exciting announcement about the creation of new member-driven committees to shape the future of the organization. They explore the concept of the "AI arms race" and why identity professionals cannot afford to wait for the next big thing, emphasizing that collaboration and information sharing through communities like IDPro are essential to staying ahead of adversaries.

Connect with Tina: https://www.linkedin.com/in/tina-s-8291438a/

Find out more about IDPro: https://www.idpro.org/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Chapters

00:00 Introduction and Greetings

00:16 Highlights from Authenticate 2025

01:39 FIDO Feud Rematch Discussion

03:17 Guest Introduction: Tina Srivastava

03:46 Conference Insights and AI Challenges

06:16 Regulatory Environment and Passkeys

09:11 Phishing and AI Supercharged Attacks

12:28 QR Codes and Accessibility Issues

13:09 The Importance of Phishing Resistant Authentication

22:24 IDPro Community and Practitioner Support

25:18 Community Support and Engagement

26:26 IDPro's Role in Identity Events

27:48 Future Directions for IDPro

29:19 Introducing Committees in IDPro

30:39 AI and Identity Verification

37:07 The Importance of Information Sharing

45:35 Public Speaking and Personal Growth

50:58 Conclusion and Final Thoughts

Keywords

IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Tina Srivastava, IDPro, Authenticate 2025, Passkeys, AI, Artificial Intelligence, Cybersecurity, Phishing, Deepfakes, Authentication, Account Recovery, Biometrics, Identity and Access Management, IAM, NIST, Regulation, Identity Verification, Synced Passkeys, FIDO Alliance

This episode is sponsored by HYPR. Visit hypr.com/idac to learn more.

In this episode from Authenticate 2025, Jim McDonald and Jeff Steadman are joined by Bojan Simic, Co-Founder and CEO of HYPR, for a sponsored discussion on the evolving landscape of identity and security.

Bojan shares his journey from software engineer to cybersecurity leader and dives into the core mission of HYPR: providing fast, consistent, and secure identity controls that complement existing investments. The conversation explores the major themes from the conference, including the push for passkey adoption at scale and the challenge of securely authenticating AI agents.

A key focus of the discussion is the concept of "Know Your Employee" (KYE) in a continuous manner, a critical strategy for today's remote and hybrid workforces. Bojan explains how the old paradigm of one-time verification is failing, especially in the face of sophisticated, AI-powered social engineering attacks like those used by Scattered Spider. They discuss the issue of "identity sprawl" across multiple IDPs and why consolidation isn't always the answer. Instead, Bojan advocates for a flexible, best-of-breed approach that provides a consistent authentication experience and leverages existing security tools.

Connect with Bojan: https://www.linkedin.com/in/bojansimic/

Learn more about HYPR: https://www.hypr.com/idac

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at idacpodcast.com

Chapter Timestamps:

00:00 - Introduction at Authenticate 2025

00:23 - Sponsored Episode Welcome: Bojan Simic, CEO of HYPR

01:11 - How Bojan Simic Got into Identity and Cybersecurity

02:10 - The Elevator Pitch for HYPR

04:03 - The Buzz at Authenticate 2025: Passkeys and Securing AI Agents

05:29 - The Trend of Continuous "Know Your Employee" (KYE)

07:33 - Is Your MFA Program Enough Anymore?

09:44 - Hackers Don't Break In, They Log In: The Scattered Spider Threat

11:19 - How AI is Scaling Social Engineering Attacks Globally

13:08 - When a Breach Happens, Who's on the Hook? IT, Security, or HR?

16:23 - What is the Right Solution for Identity Practitioners?

17:05 - The Critical Role of Internal Marketing for Technology Adoption

22:27 - The Problem with Identity Sprawl and the Fallacy of IDP Consolidation

25:47 - When is it Time to Move On From Your Existing Identity Tools?

28:16 - The Role of Document-Based Identity Verification in the Enterprise

32:31 - What Makes HYPR's Approach Unique?

35:33 - How Do You Measure the Success of an Identity Solution?

36:39 - HYPR's Philosophy: Never Leave a User Stranded

39:00 - Authentication as a Tier Zero, Always-On Capability

40:05 - Is Identity Part of Your Disaster Recovery Plan?

41:36 - From the Ring to the C-Suite: Bojan's Past as a Competitive Boxer

47:03 - How to Learn More About HYPR

Keywords:

IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Bojan Simic, HYPR, Passkeys, Know Your Employee, KYE, Continuous Identity, Identity Verification, Authenticate 2025, Phishing Resistant, Social Engineering, Scattered Spider, AI Security, Identity Sprawl, Passwordless Authentication, FIDO, MFA, IDP Consolidation, Zero Trust, Cybersecurity, IAM, Identity and Access Management, Enterprise Security