#395 - Sponsor Spotlight - RedblockThis episode is sponsored by Redblock. Visit redblock.ai/idac to learn more.Jeff and Jim come to you live from the Gartner IAM Summit in Grapevine, Texas, for a special Sponsor Spotlight with Redblock. They sit down with CEO Indus Khaitan to discuss how Redblock uses AI and computer vision to solve the "last mile" problem in identity management: disconnected applications.Indus explains how Redblock acts as an "agentic" layer, using screen recordings to learn administrative tasks for apps that lack APIs. The conversation covers the origin of the company name, the urgency of securing the "long tail" of applications, and how they build trust and guardrails around AI execution. They also discuss the "DoorDash" analogy for identity fulfillment and wrap up with a fun chat about Indus's passion for flying planes.Connect with Indus: https://www.linkedin.com/in/khaitan/Learn more: redblock.ai/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at [idacpodcast.com](http://idacpodcast.com)Timestamps00:00 Introduction from Gartner IAM Summit00:46 Guest Introduction: Indus Khaitan of Redblock01:40 Indus's Journey into Identity02:41 The Origin of the Name "Redblock"04:20 The Underserved Market: Services vs. Software07:34 The Urgency of Securing Disconnected Apps09:19 Why Traditional IGA and PAM Aren't Enough11:35 The DoorDash Analogy: Where Redblock Fits14:30 What Makes Redblock Unique? (Agentic Process Automation)16:15 Trusting AI with Security Tasks18:50 Onboarding Apps via Video Recording21:23 Deployment: Running Air-Gapped on Customer Cloud22:17 Handling UI Changes and "Full Self-Driving" Analogy25:40 Integration with SailPoint and Governance Tools27:13 Speed of Integration: Days vs. Years32:00 How the "Headless Browser" Works33:35 Limitations: Web Apps vs. Thick Clients36:58 Redblock's 2025 Milestones and Future Outlook39:48 Call to Action: Solving Disconnected Apps40:27 Impressions of the Gartner IAM Summit44:26 Are We in an AI Bubble?46:46 Indus's Hobby: Flying PlanesKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Redblock, Indus Khaitan, AI, Artificial Intelligence, IAM, Identity and Access Management, Disconnected Apps, Agentic AI, Computer Vision, Gartner IAM Summit, RPA, IGA, Cybersecurity

We are live from the Gartner IAM Summit 2025 in Grapevine, Texas! In this episode, we welcome back Sarah Clark, now the Chief Product Officer and GM of North America at Hopae. Sarah shares her journey from Mastercard to buying rainforests in Costa Rica and rescuing dogs, before diving deep into the world of digital identity infrastructure. We discuss connecting government-issued digital IDs with the private sector to combat fraud and improve user experiences. Sarah breaks down the differences in global adoption, highlighting why the EU is leading the charge with upcoming mandates and how countries like Brazil and India are scaling their programs. We also explore the state of mobile driver's licenses in the US, the potential for age verification and workforce management use cases, and whether the US can catch up to the rest of the world. Plus, we wrap up with a heartfelt conversation about dog rescue and the challenges of pet adoption.Connect with Sarah https://www.linkedin.com/in/sarahmclark/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comTimestamps00:00:00 - Intro: Live from Gartner IAM Summit 202500:01:25 - Introducing Sarah Clark and her journey to Hopae00:03:00 - What is Hopae and the vision for digital identity infrastructure?00:04:19 - Why governments are moving toward digital IDs (186 countries!)00:05:32 - Solving the fraud crisis with government-issued credentials00:07:05 - The benefits: Security, efficiency, and inclusion00:08:52 - Global adoption curves: India, Philippines, and Brazil00:10:48 - The EU vs. US: Who is winning the digital ID race?00:14:04 - eIDAS 2.0 mandates and the intermediary role00:17:03 - Future trends: Age verification, Fintech, and stablecoins00:19:54 - Workforce management and "Know Your Employee"00:21:28 - Sarah's passion project: Rainforest preservation and dog rescue00:25:35 - Closing thoughts on the future of identityKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Sarah Clark, Hope, Digital Identity, Digital Wallets, Mobile Driver's License, mDL, eIDAS 2.0, Identity Verification, Fraud Prevention, KYC, Verifiable Credentials, Gartner IAM Summit, Digital Infrastructure, Biometrics, Age Verification

This episode features host Sean Deuby and fellow Semperis colleague Guido Grillenmeier, Principal Technologist, EMEA, in a candid recap of the 2025 Hybrid Identity Protection Conference in Charleston. They trade takeaways on what they heard, what surprised them, and what the event revealed about where hybrid identity security is headed.Sean and Guido highlight some key observations from keynote speakers including Chris Inglis (former US National Cyber Director), Alex Weinert (Semperis CPO and former VP of Identity Security at Microsoft), and other identity security and recovery experts across the world.This is a fast, grounded debrief designed to help you take in the conference highlights and carry forward the insights that will matter most in the year ahead.Time stamps 01:45 Welcome to the HIP Conf Recap04:27 The Biggest Conference Themes and What They Signal08:39 Active Directory’s Evolution + Microsoft’s Presence12:54 Keynotes and the Broader Identity Threat Picture17:14 Practical Practitioner Takeaways26:49 Identity Security as an Ongoing Program31:39 Wrap-Up and What’s Next for HIP ConfSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Watch all the sessions from HIP Conf 2025Connect with Guido on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Join Jeff, Jim, and special guest Ian Glazer at the Gartner IAM Summit 2025 as they discuss the Identity and Access Management (IAM) industry, the evolution of IAM practices, and the exciting new concepts like Continuous Identity. They delve into topics such as the impact of AI, shared signals framework, and the struggles and triumphs of identity practitioners. Plus, hear about the Digital Identity Advancement Foundation’s mission and enjoy some lighter moments with tales of 'chuckles' and supper clubs. Don't miss this insightful and entertaining episode of the Identity at the Center podcast.Connect with Ian: https://www.linkedin.com/in/iglazer/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comTimestamps00:00 Introduction and Casual Banter00:50 Conference Highlights and Podcast Milestones03:00 Introducing Ian Glazer05:43 Digital Identity Advancement Foundation (DIF)08:09 Challenges in Identity Governance and Administration (IGA)13:28 Continuous Identity: A Paradigm Shift22:31 Real-World Applications and Organizational Impact31:51 Realistic Security Measures32:28 Maturity of Identity and Access Management34:54 Skills and Challenges in IAM36:44 Metrics and Outcomes in IAM40:23 Identity Practitioner Skills41:19 Solving Problems with AI46:21 Continuous Identity and Future Trends48:45 Identity Salon and Community54:19 Wrapping Up and Future EventsKeywordsIan Glazer, Continuous Identity, Shared Signals Framework, CAEP, Gartner IAM Summit, Identity Security, Joiner Mover Leaver, IGA, Access Certification, Identity Salon, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, IAM, Cybersecurity, Non-Human Identity, Identity Practitioner, DIAF

Join hosts Jeff Steadman and Jim McDonald for a special live episode recorded on location at Identiverse DC! In this interactive session, Jeff and Jim host a game of "Majority Rules," where the audience competes not to answer correctly, but to guess the most popular answer in the room.The game covers a wide range of topics, from the trivial (worst conference swag and the official uniform of an IAM architect) to the technical (securing API keys, the biggest bottlenecks in IGA, and the primary causes of role explosion).Things get intense halfway through with the introduction of the Battle Royale rules, where picking the minority answer sends a player's score back to zero. Watch to see who survives the explosions and takes home the grand prize.Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comChapter Timestamps00:00 Intro to Identity at the Center Live00:36 Explaining the Rules of Majority Rules04:25 Question 1: The Worst Conference Swag06:00 Question 2: Replying to Access Denied07:05 Question 3: AI in Identity Management08:40 Question 4: Favorite MFA Method10:12 Question 5: Least Favorite Auth Factor11:15 Turning up the Heat: Battle Royale Mode12:10 Question 6: Why RBAC is Difficult at Scale13:30 Question 7: The IAM Architect Uniform14:50 Question 8: Best Place to Hide a Secret16:15 Question 9: Protocols You Secretly Miss17:25 Question 10: Most Hated Specialized Key18:40 Question 11: Conference Responsibilities20:00 Question 12: Securing API Keys21:20 Question 13: Secrets to Surviving Keynotes22:55 Question 14: The Biggest Bottleneck in IGA24:45 Question 15: Causes of Role Explosion25:50 Question 16: What Breaks First After a Schema Update26:40 Final Question: Fastest Way to Confuse a User27:40 Crowning the WinnerKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Identiverse, Identiverse DC, IAM, Identity and Access Management, Cybersecurity, InfoSec Game Show, Live Podcast, Majority Rules, MFA, IGA, API Security, RBAC, Role Explosion, Tech Humor, Cyberrisk Alliance

This episode features Christopher Brumm, Cyber Security Architect at glueckkanja AG.With 15+ years in IT security, Chris has worked across Microsoft’s security portfolio and beyond, moving from network and data-center defense into deep identity work with Active Directory and Entra ID. He’s now an identity SME, a GK Identity Community moderator, a frequent community speaker, and a regular writer on security and identity.In this episode, Chris explores the limitations of Active Directory security and how Microsoft’s new Global Secure Access directly addresses those gaps. He breaks down how zero trust principles and granular controls work in practice, and why connecting on-prem servers to the cloud is now simpler and safer. Chris shows how this shift strengthens defenses by enforcing access through identity-first policies instead of outdated network-centric models.This is a clear, field-tested walkthrough of why hybrid identity security needs a new playbook, and how Global Secure Access helps teams close the holes attackers rely on most.Guest BioFor over 15 years, Christopher Brumm has been immersed in IT security topics, possessing extensive knowledge and practical experience in the Microsoft Security Portfolio and beyond. Over the years, he has progressed from network and data center topics to Active Directory and Entra ID, delving deeper into identity security. Today, he is a Subject Matter Expert for Identity in the Security Team and a moderator of the GK Identity Community. He regularly speaks at community events and publishes blog posts on security and identity topics. Chris's latest passion is Global Secure Access, where the themes of identity, security, and networking converge to enable a comprehensive Zero Trust approach.Guest Quote “It’s not realistic to modernize protocols like Kerberos or SMB to support MFA and device compliance... but we have an option to control the network layer.”Time stamps01:07 Meet Christopher Brumm: Microsoft Security MVP and CISSP02:00 The Hybrid Identity Attack Playbook06:03 Active Directory vs. Entra ID: The Security Gap09:02 Breaking Down Global Secure Access11:58 What This Looks Like for Real Users16:17 Bringing Zero Trust to the Network Layer17:50 What You Need to Deploy Global Secure Access20:48 Conclusion and Final ThoughtsSponsorThe HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Christopher on LinkedInLearn more about glueckkanja AGWatch Christopher’s talk at HIPConf 2025Connect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Jeff and Jim come to you live from the expo floor at Identiverse DC 2025. They are joined by John DelMauro, Executive Vice President at Cyber Risk Alliance, to discuss the energy of regional events and how they differ from the massive Las Vegas gatherings.The group discusses the current state of the identity industry, the inevitable presence of AI in both marketing and event planning, and the "Identity at the Center" game show that took place earlier in the conference. John provides an exclusive look ahead at what is being planned for Identiverse in Las Vegas, including a new algorithmic approach to one-on-one networking, expanded pavilions, and potentially even puppies.Finally, the conversation shifts to a fun hypothetical: if money and logistics were no object, what kind of conference would each of them launch? The answers range from health and longevity in Austin to a technology expo in Japan.Connect with John: https://www.linkedin.com/in/john-del-mauro/Learn more about the CyberRisk Alliance: https://www.cyberriskalliance.com/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comChapter Timestamps00:00 Introduction and vibes from Identiverse DC00:52 Recapping the Majority Rules game show02:00 Introducing John DelMauro from Cyber Risk Alliance03:59 What is Cyber Risk Alliance?05:25 The benefits of regional events vs. Las Vegas09:15 Current themes: AI dominating the conversation13:21 How AI helps in planning and researching events15:50 Previewing Identiverse Las Vegas 202517:10 The new one-on-one networking algorithm22:15 Breaking news: Puppies at the conference?24:45 Hypothetical: What dream conference would you host?27:45 Jim's take on a longevity conference29:18 Jeff's dream of a tech nerd-con31:00 Closing thoughts and wrap upKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, John DelMauro, CyberRisk Alliance, Identiverse, Cybersecurity, Event Planning, Networking, InfoSec, AI in Events, Washington DC, Conference Trends

In this episode of the Identity at the Center Podcast, hosts Jeff and Jim sit down with Tobin South, co-chair of the OpenID Foundation's AI Identity Management Community Group, to delve into the intricacies of identity management in the age of agentic AI. They discuss the challenges and solutions related to AI agents, the role of the Model Context Protocol (MCP), and the concept of recursive delegation and scope attenuation. Additionally, the conversation covers practical advice for developers and enterprises on preparing for AI-driven identity management and explores the cultural touchstone of coffee from various global perspectives.Connect with Tobin: https://www.linkedin.com/in/tobinsouth/OpenID Foundation: https://openid.net/Identity Management for Agentic AI (OpenID Whitepaper): https://openid.net/wp-content/uploads/2025/10/Identity-Management-for-Agentic-AI.pdfConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comChapter Timestamps:00:00 – Jeff and Jim banter about unopened iPads and conference season05:55 – Introduction to Tobin South and his AI identity background07:00 – How AI has evolved from machine learning to generative models09:00 – The OpenID AI Identity Management Community Group10:30 – ChatGPT’s impact on the AI perception shift12:00 – Users vs. Agents: What’s the difference?14:00 – Letting the right bots in: AI agents vs. bad bots17:00 – AI impersonation, delegation, and the risk of shared credentials20:00 – Impersonation vs. Delegation – what practitioners need to know23:00 – Governance, oversight, and delegated authority for agents26:00 – Liability and “who is responsible” in agentic systems30:00 – How developers can prepare for agent identity and access management32:00 – Explaining the Model Context Protocol (MCP)36:00 – Enterprise use cases for MCP and internal automation38:00 – Is MCP the next SAML?42:00 – Recursive delegation and scope attenuation explained46:00 – The one key takeaway for IAM professionals48:00 – Lighter note: Coffee talk – from Sydney to San Francisco54:00 – Wrap-up and where to find more IDAC contentKeywords:IDAC, Identity at the Center, Jim McDonald, Jeff Steadman, Tobin South, OpenID Foundation, AI Identity Management, Agentic AI, Delegated Authority, Impersonation vs Delegation, Model Context Protocol (MCP), Recursive Delegation, Scope Attenuation, Identity Access Management, IAM, AI Governance, AI Standards, Enterprise AI, AI Agents, Identity Security

This episode is sponsored by Aembit. Visit aembit.io/idac to learn more.Jeff and Jim welcome David Goldschlag, CEO and Co-founder of Aembit, to discuss the rapidly evolving world of non-human access and workload identity. With the rise of AI agents in the enterprise, organizations face a critical challenge: how to secure software-to-software connections without relying on static, shared credentials.David shares his unique background, ranging from working on The Onion Router (Tor) at the Naval Research Lab to the DIVX rental system, and explains how those experiences inform his approach to identity today. The conversation covers the distinction between human and non-human access, the risks of using user credentials for AI agents, and why we must shift from managing secrets to managing access policies.This episode explores real-world use cases for AI agents in financial services and retail, the concept of hybrid versus autonomous agents, and practical advice for identity practitioners looking to get ahead of the agentic AI wave.Visit Aembit: https://aembit.io/idacConnect with David: https://www.linkedin.com/in/davidgoldschlagConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comTimestamps00:00 - Intro00:51 - Pronunciation of Aembit and the extra 'E'01:56 - David's background: From NSA to Enterprise Security04:58 - The meaning behind the name Aembit06:00 - David's history with The Onion Router (Tor)10:00 - Differentiating Non-Human Access from Workforce IAM11:39 - The security risks of AI Agents using human credentials14:15 - Manage Access, Not Secrets16:00 - Use Cases: Financial Analysts and Retail24:00 - Hybrid Agents vs. Autonomous Agents30:38 - Will we have agentic versions of ourselves?36:45 - How Identity Practitioners can handle the AI wave38:33 - Measuring success and ROI for workload identity43:20 - A blast from the past: DIVX and Circuit City52:15 - ClosingKeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Aembit, David Goldschlag, Non-human access, Workload Identity, AI Agents, Machine Identity, Cybersecurity, IAM, InfoSec, Tor, DIVX, Zero Trust, Secrets Management, Authentication, Authorization

This episode features Daniel Stefaniak, Vice President Architect - Cybersecurity and Identity at JPMorgan Chase.With deep experience as an IT architect, consultant, and technical program manager, Daniel has helped design and deploy large-scale IAM and CIAM solutions that support millions of users. He is widely recognized for his expertise in Active Directory and Entra ID and for bringing clear, unfiltered insight into some of the industry’s toughest identity challenges.In this episode, Daniel explains why attack path management is never a one-and-done effort, how to focus on the high-impact issues that matter most, and why success depends on dedicated ownership rather than tools alone.This is an honest and practical look at what it truly takes to understand and manage attack paths in modern identity environments.Guest Bio Experienced IT Architect, Consultant, and Technical Program Manager specializing in Active Directory and Entra ID (Azure AD). A recognized industry leader in Identity and Access Management (IAM) and cybersecurity, with extensive expertise designing and deploying large-scale cloud-based IAM and CIAM solutions supporting millions of users.Former Microsoft Program Manager, instrumental in driving technical content, readiness, and enterprise adoption of Azure AD. Proven ability to lead end-to-end project lifecycles, align security strategies with regulatory requirements, and design robust directory and identity federation solutions.Guest Quote " You cannot be an active directory admin or an architect owner of the service, and run an attack path management program on the side. You need a dedicated team to do it.”Time stamps 01:05 Meet Daniel Stefaniak: The IAM Guy 02:08 The Insanity of Attack Path Management 03:27 Challenges and Realities of Attack Path Management 07:57 Choosing the Right Tools 10:32 Implementing Effective Attack Path Management 12:50 Using OKRs in Tech Path 14:50 Team and Resource Requirements 16:20 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Connect with Daniel on LinkedInLearn more about JPMorgan ChaseConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis