Breaches aren’t magic tricks. They’re usually stale access, orphaned accounts, and privileges that quietly multiply until someone exploits them. We sit down with Garret Grajek—identity veteran and founder of UITES—to unpack how simple, automated access attestations can flip the script and give security leaders proof, speed, and control.

Garret’s journey runs from IBM and Cisco to building two‑factor at SecureAuth and AI at Cylance, giving him a rare view across authentication, detection, and governance. He explains why the industry’s center of gravity shifted from networks to identities as companies moved to cloud-first stacks. With 70–80% of incidents starting with identity, relying on once-a-year spreadsheets and consultants no longer works. UITES targets the gap: making it easy for risk officers and MSPs to run regular, auditable reviews that actually remove excess access instead of documenting it.

We talk through the rise of managed service providers and why they need lightweight tools to onboard clients, schedule attestations, and export clean evidence for auditors. Garret also breaks down California’s new AI transparency law, CASD53, and how it echoes EU-style expectations for measurable security and governance. The takeaway is clear: automation plus accountability turns compliance from a fire drill into a steady rhythm, and it hardens defenses against the kind of long-dwell breaches that recently hit major vendors.

If identity is your new perimeter, this conversation gives you a pragmatic playbook: start with your most sensitive systems, verify who has access, remove what’s not needed, and keep the receipts. For more insights, find Garret’s Audit Tuesday series and connect to explore how UITES fits your stack. Visit: https://youattest.com/

If you found this helpful, follow the show, share it with a teammate who owns access, and leave a quick review to help others discover practical security.