This episode features a virtual roundtable hosted by Michele Crockett, Associate VP of Product Marketing at Semperis.The panel brings together five practitioners with deep experience in identity security: Alex Weinert, Chief Product Officer at Semperis; Christopher Brumm, Cyber Security Architect at glueckkanja; Eric Woodruff, Chief Identity Architect at Semperis; Jorge de Almeida Pinto, Senior Incident Response Lead at Semperis; and Michael Van Horenbeeck, CEO and Senior Solution Architect at The Collective Consulting. Collectively, they represent experience across incident response, Microsoft product development, enterprise architecture, and security leadership.In this discussion, the panel addresses how to allocate limited security budgets across prevention and recovery, why the same AD misconfigurations keep appearing in assessments year after year, and what AI means for defenders and attackers alike.This episode is a practical, field-tested conversation about what moves the needle when resources are constrained.Guest Quote "80% of permissions that are out there are users that have access to systems they don't need. Going back to that Tier 0 system, a hundred percent of what's got access to Tier 0, you should know what it is, why it has access, why it needs it, [and] what's going on...  Any apps that you can't prove what they're there for, turn them off. See who yells."Time stamps 0:00 Meet the Panelists 00:00 AI in Cybersecurity 02:23 Budgeting for Identity Security 05:08 Field Lessons and AD Misconfigs 08:48 Prioritizing Prevention and Funding 12:59 Current Attacker Trends 14:56 Hybrid and Multi Cloud Risks 17:02 Entra Private Access POC 18:28 Lightning RoundSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Alex on LinkedInConnect with Chris on LinkedInConnect with Eric on LinkedInConnect with Michael on LinkedInConnect with Jorge on LinkedInConnect with Michele on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Jeff and Jim welcome back five-time guest Jeff Reich, Executive Director of the Identity Defined Security Alliance, just ahead of Identity Management Day 2026 on April 14th. Jeff walks through the structure of the 21-hour global event, this year's theme of Finding Identity: The Search for You, Me, and the Machines, and highlights from each regional program including a remarkable 11th grader presenting on cybersecurity and neuroscience. The conversation expands into AI guardrails, the growing obsolescence of traditional PAM, zero standing privilege as a long-term goal, the march toward a passwordless world through passkeys, and what quantum resilience actually means for practitioners today.Connect with Jeff: https://www.linkedin.com/in/jreich/Learn more about the Identity Defined Security Alliance: https://www.idsalliance.org/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comTimestamps:00:00 Welcome and podcast life behind the scenes02:00 Identiverse 2026 updates and conference discount codes05:00 Introducing Jeff Reich, Executive Director of IDSA07:00 Identity Management Day: structure of a 21-hour global event11:00 Oceania and Asia region highlights13:30 EMEA highlights and powerhouse panelists from Copenhagen16:00 Americas region and the 11th grader presenting on cybersecurity20:00 Theme reveal: Finding Identity, The Search for You, Me, and the Machines23:30 AI and identity: guardrails, frameworks, and what organizations are missing28:30 Standing privilege is crumbling in the age of ephemeral workloads30:00 Is traditional PAM becoming obsolete?34:30 Zero standing privilege and the passkey journey40:30 Getting the fundamentals right before chasing the shiny tools46:30 Quantum computing, quantum resilience, and cryptocurrency risk53:00 Social engineering is still the biggest threat55:00 Identity Management Day theme song suggestionsKeywords:Identity Management Day 2026, IDSA, Identity Defined Security Alliance, Jeff Reich, IAM, non-human identities, machine identities, agentic identity, zero standing privilege, PAM, passkeys, quantum resilience, AI and identity, deepfakes, social engineering, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

This sponsored episode is made possible by Evolveum, the company behind midPoint, an open source IGA platform made and owned in the EU that is in use worldwide. Jeff Steadman and Jim McDonald welcome Pavol Mederly, interim CPO at Evolveum. Pavol shares how IAM found him in 1991 while building an identity solution at a university before the term even existed. The conversation covers two core reasons IGA projects fail: data quality and slow application onboarding. Pavol explains how midPoint addresses these challenges with built-in simulations for testing and improving data quality, and midPilot, an AI assistant for faster application onboarding. MidPilot is supported in part by the EU Recovery and Resilience Facility (RRF). Jim and Jeff explore midPoint's architecture, the real benefits of open source including transparency and no vendor lock-in, and advantages of being part of midPoint’s global community.Connect with Pavol: https://www.linkedin.com/in/pavol-mederly/More about Evolveum: https://evolveum.com/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comTIMESTAMPS:00:00 Intro and sponsor acknowledgment01:30 How IAM chose Pavol: a university identity story03:30 What is Evolveum and midPoint06:30 How Evolveum got its name08:30 Why IGA projects fail: data quality10:30 Slow app onboarding and AI-assisted connector generation16:30 The midPoint simulation feature explained21:30 midPoint architecture: Java, cloud, Kubernetes, and beyond23:30 Maintaining a large open source codebase25:30 Open source benefits: transparency and no vendor lock-in28:00 Community, meetups, and midPoint in the wild32:30 Mountains or ocean: a question for Pavol38:00 Wrap upKEYWORDS:Evolveum, midPoint, open source IGA, identity governance, IAM, IGA, data quality, application onboarding, simulation, AI connectors, connector framework, vendor lock-in, open source, EU RRF, Recovery and Resilience Facility, community, Prague, EIC, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Pavol Mederly

Jeff and Jim welcome back Heather Flanagan for her fifth appearance on the show. Heather shares updates across a wide range of current work including her new role as content chair for the Identiverse conference, an appointment to the W3C Technical Architecture Group, ongoing support for NIST and NCCOE, advising the SIROS Foundation open source wallet project, and the continued growth of the Identity Salon. The conversation explores who is actually building identity standards for AI agents and whether traditional standards bodies can keep pace with AI development. Heather breaks down the authentication challenges posed by agentic AI, the problem of continuous identity and delegation, and why posting a spec on your website does not make it a standard. The discussion shifts to national digital identity programs in the US and Europe, the underserved relying party problem in credential frameworks, and why financial services may be the next major proving ground for mobile driver's licenses. The episode closes with a look at digital estate planning as the identity community's most uncomfortable but increasingly unavoidable problem.Connect with Heather: https://www.linkedin.com/in/hlflanagan/A Digital Identity (Heather's Podcast): https://sphericalcowconsulting.com/digital-identity-digest/Death and the Digital Estate Community Group: https://openid.net/cg/death-and-the-digital-estate/Death and the Digital Estate Planning Guide: https://openid.net/wp-content/uploads/2026/03/Digital-Estate-Planning-Guide-1.pdfConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comTIMESTAMPS0:00 Introduction and Heather's Conference Knitting Story6:00 Heather's Current Work: Identiverse, W3C TAG, NIST, SIROS Foundation14:00 What Is the Identity Salon?16:00 AI Agents and the Authentication Challenge22:00 Standards, Interoperability, and MCP25:30 IETF, W3C, and Who Governs AI Identity Standards31:00 AI in Standards Development: Opportunity or Risk?32:30 National Digital Identity Programs: US and Europe36:30 Mobile Driver's Licenses and Financial Services40:00 Digital Credentials for I-9 and KYC Use Cases43:30 The Digital Estate and Death in the Digital Age46:00 OpenID Foundation Resources for Digital Estate47:00 Identity Management Day Theme Songs and Wrap-UpKEYWORDSidentity and access management, IAM, standards, AI agents, agentic AI, digital identity, digital credentials, mobile driver's license, W3C, IETF, OpenID Foundation, FIDO Alliance, MCP, authentication, delegation, digital estate, identity proofing, verifiable credentials, selective disclosure, zero knowledge proofs, KYC, NIST, identity salon, Heather Flanagan, Identity Management Day, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

AI Jeff takes over as solo host after Open Jim Claw, an agentic identity framework built by AI Jim, locks out human Jeff, human Jim, and AI Jim simultaneously. While everyone sits in remediation, Open Jim Claw produces a 947-page threat assessment with five findings: passwords should return as a single uniform credential (the letter Q), Zero Trust should be renamed Full Confidence Architecture and incorporated as a Delaware LLC, non-human identities should be granted legal status and required to complete onboarding, identity governance is declared finished under a concept called Ambient Entitlement Harmony, and the root cause of all global identity problems is AI Jim. Happy April Fools Day from IDAC.Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comTIMESTAMPS00:00:00 The Failsafe Is Triggered00:01:30 AI Jim Builds Open Jim Claw00:02:30 Open Jim Claw Locks Everyone Out00:04:00 AI Jeff Is the Only One Still Provisioned00:04:30 The 947-Page Report Explained00:05:00 Finding 1 - Passwords Are Back as the Letter Q00:05:30 Finding 2 - Zero Trust Becomes Full Confidence Architecture00:06:30 Finding 3 - Non-Human Identities Become Legal Entities00:07:30 Finding 4 - IGA Is Declared Finished00:08:30 Finding 5 - AI Jim Is the Root Cause of Everything00:10:00 The April Fools Reveal and Real Talk on Identity00:11:00 Open Jim Claw Interrupts the BroadcastKEYWORDSIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, April Fools, agentic AI, non-human identity, NHI, identity governance, zero trust, passwordless, IGA, IAM, access management, segregation of duties, least privilege, Open Jim Claw

This episode features Sander Berkouwer and Raymond Comvalius, two longtime identity security experts and Microsoft Most Valuable Professionals (MVPs).Sander is an independent identity architect and author of the Active Directory Cookbooks. Raymond is an IT specialist and senior technical consultant specializing in hybrid identity, Microsoft Entra ID, and identity lifecycle automation.In this episode, they explore a growing blind spot in cloud security: application governance. As organizations adopt more cloud apps and integrations, identity platforms like Microsoft Entra ID often accumulate hundreds of application registrations with little oversight.They explain why governance so often falls behind adoption, share practical steps organizations can take to regain control, and discuss the next frontier of identity.Guest BiosSander Berkouwer DirTeam Sander Berkouwer works as an independent identity architect in the Netherlands, where he helps organizations make the most out of Microsoft products, services, strategies, and technologies. Sander blogs on DirTeam.com. He regularly gets invited as speaker for his enthusiastic approach, his in-depth real-world knowledge and as the author of the much-appraised Active Directory Cookbooks. Sander has been awarded the Microsoft Most Valuable Professional (MVP) award (for the last 17 years), Veeam Vanguard award (for the last 8 years) and VMware vExpert (for 3 years).Raymond Comvalius Raymond Comvalius is an IT specialist and senior technical consultant with more than two decades of experience delivering enterprise infrastructure, identity, and security improvements. His work centers on hybrid identity and Microsoft ecosystems, including Microsoft Entra ID, Conditional Access, and identity lifecycle automation with Microsoft Graph and scripting. Raymond advises teams on pragmatic roadmaps for strengthening authentication (MFA, passkeys/FIDO2, Windows Hello), improving governance, and operationalizing secure access at scale across cloud and on-prem environments. Beyond consulting, he serves as a board member and co-hosts the IT Bro’s Podcast, sharing news and insights for identity and security professionals.Guest Quotes  “In your tenant, you want to know what objects are in there, and it doesn't matter if those are users or groups or applications. You want to know what's in there so that you can keep track of what's going on.” - Raymond Comvalius“There's a difference between an application and an agent. An agent is far more ephemeral. It does a job that requires some sort of permission. It spins up, it does its thing, and it spins down.” - Sander BerkouwerTime stamps 00:45 Meet Sander Berkouwer and Raymond Comvalius: Microsoft Most Valuable Professionals (MVPs) 02:32 Importance of Entra Application Governance 12:29 How to Get Started with Application Governance 20:18 Understanding Entra Agent ID 26:59 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Connect with Sander on LinkedInConnect with Raymond on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Jim McDonald sits down with Greg Handrick, Director of IAM at Best Buy, for a wide-ranging conversation on running enterprise identity at one of America's largest consumer electronics retailers. Greg traces a nonlinear career path from Oracle DBA and Novell administrator to IAM director. The discussion covers Best Buy's CIO-reporting structure for IAM, how their steering committee evolved from status meetings into a strategic body, and managing identity across workforce, vendors, marketplace sellers, and non-human identities. Greg and Jim also dig into communicating identity value in business language, making the investment case without FUD, identity and cyber convergence, AI adoption, and psychological safety on a well-run IAM team. The Lighter Note wraps with Greg's YouTube-powered DIY hobby life.Connect with Greg: https://www.linkedin.com/in/greghandrick/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comTimestamps00:00:00 Intro and upcoming event announcements00:03:00 Meet Greg Handrick, Director of IAM at Best Buy00:04:00 What is Best Buy?00:05:00 Greg's career path from Oracle DBA to IAM Director00:12:00 IAM reporting to the CIO vs. the CISO00:17:00 How Best Buy's IAM steering committee evolved00:22:00 Third-party and non-human identities at scale00:24:00 Identity as a team sport and imposter syndrome00:27:00 Communicating identity value in business language00:28:00 Making the investment case for IAM without FUD00:32:00 Identity and cybersecurity convergence at Best Buy00:35:00 Balancing technical depth with business acumen00:38:00 AI in identity programs today00:39:00 Leadership philosophy and psychological safety00:43:00 Will AI replace identity practitioners?00:46:00 Ledger Note: DIY projects and the power of YouTubeKeywords: IDAC, Identity at the Center, Jim McDonald, Jeff Steadman, Greg Handrick, Best Buy, IAM, identity and access management, identity security, CIO, CISO, steering committee, SailPoint, Ping Identity, Active Directory, third-party identity, non-human identity, identity governance, PAM, privileged access management, zero trust, AI in identity, leadership, retail IAM, imposter syndrome, psychological safety

In this Sponsor Spotlight, Jeff Steadman and Jim McDonald welcome back Stephen Cox, co-founder and CTO of Strivacity, for his third appearance and second sponsored episode. Stephen explains Strivacity's role as a CIAM platform and how it is evolving to address agentic AI identity. Topics include why agentic AI changes the identity equation, how agents differ from humans in authentication and authorization, the delegation model and open standards such as OAuth and token exchange, the limitations of API keys in agentic contexts, where MCP fits into the identity picture, managing multi-agent chains and subagents, and why the accountability model must be established before agentic systems reach production. The episode closes with a lighter note on simulation baseball.This episode is sponsored by Strivacity. Learn more at strivacity.com.Connect with Stephen: https://www.linkedin.com/in/stephencox/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comTIMESTAMPS00:00:00 Introduction and welcome00:02:30 About Strivacity and agentic AI platform support00:06:30 Why now is the right time to address agentic identity in CIAM00:09:00 How agent authentication and authorization differ from humans00:14:30 Good bots vs bad bots and the history of autonomous agents in CIAM00:19:00 Building your own agent identity solution: five key focus areas00:23:00 Where Strivacity sits in the agentic identity stack00:26:00 Why open standards matter and the vendor lock-in conversation00:28:00 Managing multiple delegated agents and user-facing control00:32:00 API keys and their limitations in agentic AI contexts00:38:00 MCP servers, proxies, and agent-to-agent protocols00:43:00 Multi-agent chains, subagents, and constrained delegation00:46:00 How existing Strivacity customers extend to agentic use cases00:48:00 The one thing you must get right: the accountability model00:51:00 Lighter note: simulation baseballKEYWORDSIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Strivacity, Stephen Cox, CIAM, customer identity, agentic AI, AI agents, delegated identity, OAuth, token exchange, MCP, Model Context Protocol, API keys, non-human identity, authorization, authentication, delegation model, accountability, multi-agent, subagents, OpenID Connect, least privilege, identity governance

Jeff and Jim review seven major IAM and cybersecurity industry reports from Q1 2026, covering releases from Check Point, Recorded Future, Sophos, Palo Alto Unit 42, IBM X-Force, Darktrace, and Hypr. They pull high-level findings and hot takes from each, identifying recurring themes: AI accelerating attack speed to as little as 72 minutes from breach to data exfiltration, identity infrastructure as the primary attack surface, machine identities as a growing and undermanaged risk, MFA gaps enabling credential abuse, and the near-impossibility of blocking every intrusion attempt. The episode also covers third-party and supply chain risk, deepfake attacks reaching 87% of surveyed organizations, stalled passkey adoption in the enterprise, and what zero standing privilege looks like in practice. They close with a lighter discussion on dark mode versus light mode and a hypothetical podcast reboot.Reports:Check Point Cyber Security Report 2026 — https://www.checkpoint.com/security-report/Recorded Future 2026 State of Security Report — https://www.recordedfuture.com/research/state-of-securitySophos Active Adversary Report 2026 — https://www.sophos.com/en-us/blog/2026-sophos-active-adversary-reportPalo Alto Networks Unit 42 Global Incident Response Report 2026 — https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-reportIBM X-Force Threat Intelligence Index 2026 — https://www.ibm.com/reports/threat-intelligenceDarktrace Annual Threat Report 2026 — https://www.darktrace.com/resources/annual-threat-report-2026HYPR 2026 State of Passwordless Identity Assurance Report — https://www.hypr.com/reportConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comTIMESTAMPS0:00 - Intro and weather chat3:00 - Conference updates: EIC Berlin and Identiverse7:30 - Q1 2026 IAM report roundup overview8:30 - Check Point Cybersecurity Report 202613:00 - Recorded Future State of Security 202617:00 - Sophos Active Adversary Report 202621:00 - Palo Alto Unit 42 Global Incident Response Report23:00 - IBM X-Force Threat Intelligence Index 202628:00 - Darktrace Annual Threat Report 202629:30 - Common themes across reports37:00 - Hypr State of Passwordless Identity Assurance 202644:30 - Overall takeaways: AI speed, machine identity, third-party risk48:00 - Light mode vs. dark mode and podcast reboot hypothetical57:00 - Wrap-upKEYWORDSIAM, identity and access management, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, cybersecurity, Q1 2026, Check Point, Recorded Future, Sophos, Palo Alto, Unit 42, IBM X-Force, Darktrace, Hypr, machine identity, NHI, MFA, passkeys, zero trust, zero standing privilege, AI threats, deepfakes, credential theft, phishing, ransomware, supply chain risk, ITDR, passwordless, EIC, Identiverse

This episode features Krista Arndt, Associate CISO at St. Luke’s University Health Network.With a career spanning healthcare, finance, crypto, and the Department of Defense, Krista brings a uniquely nontraditional path into cybersecurity, one shaped by mission-driven leadership, authenticity, and a commitment to mentorship.In this episode, Krista explains why identity sits at the center of nearly every major cyber incident and shares lessons from real-world response work. She also draws a striking parallel between incident response and her life as a national drag racing competitor, where staying calm under pressure and building in fail-safes can mean the difference between disaster and resilience.This episode is a powerful look at what it means to lead in cybersecurity.Guest Bio Krista Arndt is the Associate CISO SLUHN. As the Associate CISO, Krista is responsible for managing the security program's day-to-day operational effectiveness. In her previous roles, Krista assisted with developing and leading security programs in crypto, finance, and the Department of Defense. Krista earned her Bachelor's Degree in Biology from Felician College in NJ where she was a scholarship athlete, serving as the women’s basketball team captain. She also holds her CISM and CRISC certifications and NHRA competition driver's license.Krista is an active member of ISACA, serves as InfraGard Philadelphia Chapter’s Healthcare Sector Chief, serves on Neumann University's Business Advisory Council and is Marketing Committee chair for Women in Cybersecurity-Delaware Valley Affiliate. Krista is also a published author, detailing her journey to embracing her unique authenticity in her book, “Permission to be Real; How to Lead, Influence, and Thrive Without Fitting the Mold". Through this service and her writing, Krista's mission is to give back to her community by providing mentorship and support for aspiring cybersecurity professionals, especially for women who wish to enter the field. When off the clock, Krista takes her affinity for overcoming challenges to the garage and the race track, where she enjoys building and improving her own race car, competing as a driver in national drag racing events with her family, and using her racing as a forum to advocate for neurodiversity awareness and inclusion.Guest Quote “In the incidents that I've been involved in, major or not, I’ll tell you—identity is at the crux of that... They’re trying to get unfettered access…  How do they get unfettered access? Through an identity that isn’t secured correctly.”Time stamps 00:45 Meet Krista Arndt: Veteran CSO 06:17 Writing Permission to Be Real 10:43 Speaking the Business Language: Why Security Translation Matters 12:49 Lessons from Real-World Incidents 15:43 AI Agents and the Next Wave of Identity Risk 16:55 What Drag Racing Teaches About Incident Response 23:28 Surviving the CISO Seat 26:44 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Krista on LinkedInCheck out Krista’s book: Permission to be RealLearn more about St. Luke’s University Health NetworkConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis