Summary

In this episode of the Identity Heroes podcast, Aldo Pietropaolo speaks with Adrian Mendoza from Mendoza Ventures about the current state of the identity and cybersecurity market. They discuss the evolution of cybersecurity investments, the importance of cost optimization in identity management, and the intersection of fintech and cybersecurity. Adrian shares insights on evaluating investment opportunities in cybersecurity and highlights the work of Mendoza Impact, a nonprofit focused on supporting aspiring venture capitalists and entrepreneurs.

Takeaways

• The cybersecurity market has evolved significantly since 2016.
• AI strategies are becoming more critical than traditional IAM strategies.
• Cost optimization is a primary focus for enterprises in identity management.
• The intersection of fintech and cybersecurity is increasingly relevant.
• The identity management market is oversaturated with similar solutions.
• Partnerships are crucial for success in cybersecurity sales.
• Most cybersecurity software is sold through channel partnerships.
• Understanding the business of venture capital is essential for founders.
• Networking is key to finding opportunities in the industry.
• Mendoza Impact is dedicated to supporting underrepresented communities in venture capital.

Summary

In this episode of the Identity Heroes Podcast, Aldo Pietropaolo discusses the evolving landscape of authentication and identity management with guests Przemek Czerklewicz and Marcin. They explore whether authentication is genuinely solved, the importance of continuous trust and assurance, and the challenges posed by the authentication chasm. The conversation also delves into Relock's innovative approach to enhancing security through dynamic (ephemeral) secrets and machine identity verification, the future of passwordless authentication, and the role of CAPE in improving security signals across systems.

Takeaways

• Authentication is a spectrum, not a binary solution.
• Continuous trust is essential for a zero-trust strategy.
• The authentication chasm represents a significant security gap.
• Dynamic or ephemeral secrets can enhance user authentication security.
• CAPE enables better communication between security systems.
• User experience should not be compromised for security.
• Passwordless authentication is the future of security.
• Organizations must replace static secrets with dynamic ones.
• Relock's approach combines human and machine identity verification.
• The industry is moving towards continuous adaptive trust.

Summary

In this episode of the Identity Heroes podcast, hosts Aldo Pietropaolo and Brad Tumy engage with Tim Youngblood, a cybersecurity expert from Astrix Security, to explore the concept of non-human identities (NHI) and their implications in the cybersecurity landscape. Tim explains the evolution of NHIs, their management challenges, and the impact of AI on identity security. The conversation delves into the lifecycle management of NHIs, the role of Astrix Security in addressing these challenges, and the importance of governance in identity management. Tim also shares insights on the future of identity management, the responsibilities of CISOs, and advice for aspiring cybersecurity professionals.

Takeaways

• Non-human identities (NHI) are identities not tied to human beings.
• The explosion of cloud services has increased the prevalence of NHIs.
• Managing NHIs presents unique challenges, including overprivileged access.
• AI is creating new connectivity that needs to be managed.
• Discovery and risk assessment are critical for managing NHIs.
• Lifecycle management of NHIs is essential to prevent security blind spots.
• Automation and rule sets can streamline identity management processes.
• The future of identity management will see more reliance on AI and automation.
• CISOs face increasing accountability and risk in their roles.

St. Jude
Tim has been supporting St. Jude for over 10 years. Tim participates in their advisory council and helps them with their technology strategy in the fight to beat cancer. Please feel free to donate to St. Jude.

Summary

In this episode of the Identity Heroes podcast, host Aldo Pietropaolo interviews Tom Kemp, the founder of Centrify, about privileged access management and privacy policy. They discuss the evolution of Centrify from focusing on extending Active Directory to non-Microsoft platforms to becoming a cloud-based privileged access management solution. They also explore the importance of addressing machine identity in privileged access management and the potential future of PAM 4.0. Tom Kemp also shares his insights on technology policy and his book, 'Containing Big Tech,' which examines the consequences of big tech's surveillance and monopolistic practices.

Takeaways

• Centrify evolved from extending Active Directory to non-Microsoft platforms to becoming a cloud-based privileged access management solution.
• Machine identity is an essential aspect of privileged access management that needs to be addressed.
• The future of privileged access management (PAM) may involve combining escalated privileged identities and machine identities.
• Identity 4.0 could involve a blockchain-like architecture and merging personal and business accounts.
• Tom Kemp is involved in technology policy and has worked on privacy laws and regulations to protect consumer data.
• His book, 'Containing Big Tech,' explores the consequences of big tech's surveillance and monopolistic practices and provides actionable solutions.

In this episode of the Identity Heroes podcast, Lance Peterman shares his journey into the world of identity management, discussing his experiences at various companies, including Merck and Dick's Sporting Goods. He emphasizes the importance of user experience in identity management, the differences between workforce and customer identity, and the potential impact of AI on the field. Lance also highlights the role of ID Pro in educating identity professionals and the need for better data management in identity systems. He concludes with advice for newcomers to the industry, encouraging them to pursue their interests with curiosity and focus on building their knowledge step by step.

In this episode, Aldo and Brad interview Mike Schwartz, the CEO and founder of Gluu, an open-source identity and access management platform. They discuss Mike's background in the identity space and his passion for open source. They also talk about the challenges and innovations in authentication and authorization, the concept of identity journeys, and the importance of reusability in building custom identity flows. Mike also shares insights on the future of authentication and the role of verifiable credentials. In this conversation, Mike Schwartz, CEO of Gluu, discusses the challenges and innovations in eKYC, verifiable credentials, and authorization. He highlights the potential of eKYC with government-issued credentials in digital wallets and the need for enterprises to accept and issue verifiable credentials. Schwartz also emphasizes the importance of continuous real-time tokens and policies in authorization and the need for new infrastructure to enable real-time policy evaluation. He explains the strategies of using JWTs, lazy loading, and aggressive data initialization in the PDPs. Schwartz also mentions the AuthZen working group and the importance of externalized policies in authorization.

Join the Austin Identerati Meetup.

Summary
In this episode, Eric Leach discusses his journey into the identity space and the key evolutions he has witnessed. He also shares insights into the challenges of building identity products and the importance of standards and open source. Eric then explains his transition to consulting and advisory work, focusing on helping companies define their product vision and strategy. He explores the concept of fractional product management and its growing popularity. Eric also discusses fractional leadership in product management and the importance of sharing experiences and lessons learned. Finally, Eric also explores the challenges in the identity industry and the impact of AI on identity and security.

About the featured Identity Hero
Eric Leach is the founder and President of What Why Consulting, Inc., which offers fractional Chief Product Officer Consulting services using a unique practitioner's approach that helps companies of all sizes build products that matter. Eric is a founder, entrepreneur, author, speaker, and product leader with over 20 years of experience at startups, scale-ups, and large software companies. He's held product leadership roles at Oracle, Salesforce, and Strata Identity, where he built innovative and market-leading identity management and cybersecurity products. He tells stories about thriving in a software product management life in his weekly Substack newsletter, What and Why.

Reach Eric at eric@whatwhyconsulting.com
Eric's LinkedIn profile

Summary

In this episode, Aldo and Brad interview Atul Tulshibagwale, CTO of SGNL, about the evolution of SAML and the challenges of authorization in the identity industry. Atul explains how SAML started as a solution for authentication and later expanded to include coarse-grained authorization. He discusses the limitations of role-based access control and the need for a common standard in authorization. Atul introduces CAEP (Continuous Access Evaluation Profile) and explains how it enables real-time session communication and dynamic authorization. He also discusses the industry's adoption of CAEP and the future of authorization in the identity space.

About the featured Identity Hero

Atul is the CTO of SGNL, a company backed by Microsoft and Cisco and founded by ex-Googlers that helps enterprises mitigate damage from identity breaches. Atul is a federated identity pioneer and the inventor of the Continuous Access Evaluation Protocol (CAEP). He was previously at Google, where his seminal blog post kicked off the industry-wide movement that culminated in the OpenID Foundation’s Shared Signals working group, which he co-chairs. Atul is also a Corporate Board Member of the OpenID Foundation. His leadership in developing and promoting SSF and CAEP, the critical zero-trust standards, has been influential in their widespread adoption. Apple, Okta, Cisco, and others have announced support for these standards. Previously, Atul was a co-founder and the CEO of Trustgenix, a federated identity pioneer that was acquired by HP. Trustgenix contributed to the development of federated identity standards such as SAML 2.0 and the Liberty Alliance Framework.

Reach Atul at cto@sgnl.ai
Atul's LinkedIn profile