Identity at the Center

Identity at the Center

Identity at the Center is a weekly podcast all about identity security in the context of identity and access management (IAM). With decades of real-world IAM experience, hosts Jim McDonald and Jeff Steadman bring you conversations with news, topics, and guests from the identity management industry. Do you know who has access to what?

  1. 15h ago

    #426 - Sponsor Spotlight - Crowdstrike

    This episode and the Identity at the Center podcast is supported by CrowdStrike. Learn more at crowdstrike.com. Jeff Steadman and Jim McDonald sit down with Scott Kriz, GM of Continuous Identity at CrowdStrike, for a deep dive into continuous identity, zero standing access, and the convergence of identity and security. Scott traces his path from co-founding Bitium, to selling it to Google Cloud, to building SGNL and ultimately joining CrowdStrike. The conversation covers how continuous identity works in practice, why traditional PAM and IGA fall short in a real-time world, and what the rise of agentic AI means for identity governance at scale. Connect with Scott: https://www.linkedin.com/in/scottkriz/ Learn more about Crowdstrike: https://www.crowdstrike.com/en-us/platform/next-gen-identity-security/caep/?idac Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com 00:00:00 Introduction and welcome 00:01:21 How Scott got into identity and co-founded Bitium 00:03:55 Selling to Google Cloud and the inspiration for SGNL 00:05:02 Continuous identity and zero standing access explained 00:09:13 Defining continuous identity at CrowdStrike 00:10:20 How continuous identity differs from PAM and IGA 00:15:06 Data as the foundation for continuous identity 00:19:29 Open ecosystems, Shared Signals Framework, and CAEP 00:25:26 Agents, identity chaining, SPIFFE, SPIRE, and MCP gateways 00:33:02 Identity inside CrowdStrike's broader security strategy 00:37:27 Identity security budgets and ROI-driven purchasing 00:40:04 Agentic scale and the need for automated identity controls 00:43:39 The SGNL acquisition: what it means for both companies 00:50:25 Zero trust as a real architectural framework 00:54:00 Helicopter skiing, avalanches, and staying present Keywords: IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Scott Kriz, CrowdStrike, SGNL, continuous identity, zero standing access, PAM, IGA, zero trust, agentic AI, non-human identity, NHI, SPIFFE, SPIRE, MCP, identity security, real-time authorization, cybersecurity

    1h 2m

  2. 2d ago

    #425 - EIC 2026 Recap & IdentiBeer Berlin

    Jeff and Jim recap their week at KuppingerCole's EIC 2026 in Berlin, covering standout keynotes, hallway conversations, and sessions on securing AI agents, CIAM, and AI versus nuclear regulation. They announce a giveaway of Eve Maler's signed copy of Mastering Digital Identity for YouTube commenters by June 12th. The episode also features live footage and a full interview with Espen Bago, founder of IdentiBeer, recorded at the Berlin event. Jeff, Jim, and Espen discuss the rapid global growth of the IdentiBeer community, terminology challenges around NHI and IAM concepts, the gap between conference talk and real client needs, and why the industry keeps bypassing foundational data work in the rush toward AI and agentic identity. Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com 00:00:10 Welcome and EIC 2026 Setup 00:03:57 Eve Maler Book Giveaway Details 00:05:00 Conference Highlights: Keynotes and Hallway Con 00:06:07 Elizabeth Garber's Standing Ovation Keynote 00:07:02 Brazil Invitation and Securing AI Agents 00:09:10 Nuclear Regulation vs. AI Regulation 00:11:07 Upcoming EIC Episode Preview 00:14:16 IdentiBeer Berlin Live Event 00:14:29 Interview with Espen Bago Begins 00:15:14 IdentiBeer Growth and Global Expansion 00:17:23 The IdentiBeer Name Debate 00:23:26 Data Quality Gaps in NHI and IAM 00:26:31 Who Owns IAM Terminology? 00:34:20 Conference Talk vs. Client Reality 00:40:52 The HR-IAM Gap Nobody Talks About 00:43:17 Fundamentals: The Karate Kid Analogy Keywords: EIC 2026, European Identity Conference, IdentiBeer, Espen Bago, Eve Maler, Elizabeth Garber, Mastering Digital Identity, Berlin, Identiverse, NHI, non-human identities, IAM fundamentals, AI regulation, agentic identity, IGA, PAM, CIAM, IDPro, identity community, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

    47 min

  3. May 25

    #424 - IDAC Mailbag for May 2026

    Jeff and Jim are back with the May 2026 mailbag, answering listener questions from Amsterdam, Mumbai, Austin, and Berlin. Topics include navigating IAM vendor acquisitions, defending against AI deepfakes in remote onboarding, governing contractor and third-party identities, fixing the leaver process in IGA, and tackling a decade of IAM technical debt. The episode closes with unpopular industry opinions: why RFPs are procurement theater, why rip and replace should be normalized, and why one-throat-to-choke vendor thinking usually backfires. IDPro new member discount: https://idpro.org/idac/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com CHAPTER TIMESTAMPS 00:00 Intro and SNL nostalgia 03:25 AI model roundup: ChatGPT, Claude, Gemini, and usage limits 10:16 Identiverse 2026 and IDPro member discount 14:53 Q1: Navigating vendor acquisitions (Isabelle, Amsterdam) 24:00 Q2: AI deepfakes in identity verification (Rajan, Mumbai) 32:32 Q3: Contractor and third-party identity governance (Caleb, Austin) 43:00 Q4: The leaver process and IGA scope gaps (Anonymous) 51:10 Q5: Tackling IAM technical debt (Tomas, Berlin) 57:00 Normalizing rip and replace 01:01:00 RFPs, one throat to choke, and other hot takes 01:08:00 Wrap-up KEYWORDS IAM, identity governance, IGA, vendor consolidation, acquisitions, deepfakes, identity verification, contractor management, non-employee identity, technical debt, rip and replace, RFP, joiner mover leaver, leaver process, Identiverse 2026, IDPro, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

    1h 11m

  4. May 18

    #423 - The Middle Market Identity Security Gap with Robert Snodgrass

    Jeff and Jim welcome back Robert Snodgrass, Principal at RSM, for a deep dive into the RSM Middle Market Business Index cybersecurity report. The conversation covers the confidence gap facing middle market organizations, why digital identity remains undervalued despite being the primary attack surface, non-human identity governance, flat cybersecurity budgets, risk framework adoption, and what good incident response preparedness actually looks like. The episode wraps with a spirited Bitcoin Pizza Day toppings debate. Connect with Robert: https://www.linkedin.com/in/robert-snodgrass-7a199412/ Review the RSM US Middle Market Business Index Special Report on Cybersecurity 2026: https://rsmus.com/middle-market/cybersecurity-mmbi.html?cmpid=ola:45559-idac:bb01 IDPro new member discount: https://idpro.org/idac/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com TIMESTAMPS 00:00:00 Introduction and Scatter Spider social engineering discussion 00:04:00 IDPro discount code and upcoming conferences 00:06:26 Guest intro: Robert Snodgrass and the MMBI report 00:09:05 Defining the modern middle market 00:12:00 The confidence gap: 96% confident, 18% breached 00:15:04 Why attackers log in and top identity investment priorities 00:19:00 Why only 23% of leaders prioritize digital identity 00:22:00 Internal partnerships as the path to identity program success 00:25:10 AI, shadow AI, and non-human identity risks 00:31:00 NHI governance at scale: 45 to 1 ratio 00:34:50 Cybersecurity budget realities in the middle market 00:39:00 EU regulation and top-line cybersecurity drivers 00:42:03 NIST CSF adoption and risk framework value 00:46:00 Incident response planning: the two-minute drill 00:52:16 Bitcoin Pizza Day and closing thoughts KEYWORDS identity security, middle market, cybersecurity, MMBI, RSM, Robert Snodgrass, phishing-resistant MFA, non-human identities, NHI, shadow AI, incident response, NIST CSF, IAM, identity governance, ransomware, tabletop exercises, digital identity, cybersecurity budget, identity program, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

    1h 2m

  5. May 15

    #422 - Decoded - Securing AI Agents with Standards You Already Have

    Episode 422 is the debut of Decoded by Identity at the Center, a new sub-series hosted by Jeff Steadman and Sean O'Dell dedicated to unpacking the specifications and standards powering IAM. Joining them is Pieter Kasselman, VP of Open Standards at Defakto and chair of the WIMSE working group. The conversation covers why traditional non-human identity approaches break at agentic scale, how SPIFFE and SPIRE enable short-lived automated credential provisioning without long-lived secrets, and why treating agents as workloads unlocks a decade of existing standards. Pieter walks through critical OAuth specs including JWT authorization grant, token exchange, client ID metadata, and the emerging transaction tokens draft. Sean connects these to practical gateway architecture, continuous access evaluation, and policy-based authorization. The episode closes with real-world deployment examples and a clear takeaway: the tools to secure agentic identity are available today. Episode Links:Pieter Kasselman: https://www.linkedin.com/in/pieter-kasselman-0259862/AI Agent Authentication and Authorization: https://datatracker.ietf.org/doc/draft-klrc-aiagent-auth/Workload Identity in Multi-system environments (WIMSE): https://ietf-wg-wimse.github.io/OAuth SPIFFE Client Authentication: https://datatracker.ietf.org/doc/draft-ietf-oauth-spiffe-client-auth/Transaction Tokens: https://datatracker.ietf.org/doc/draft-ietf-oauth-transaction-tokens/08/Agentic Identity Control Framework. You Already Have the Pieces. Now Build It. by Sean O'Dell: https://www.linkedin.com/pulse/agentic-identity-control-framework-you-already-have-pieces-o-dell-61b5e/ Timestamps: 00:00 Introduction to Decoded by Identity at the Center 00:13 The mission of the Decoded sub-series 03:02 Guest intro: Pieter Kasselman, VP of Open Standards at Defakto 06:21 Why agentic identity is urgent: scale, multi-platform, and shifting threat landscape 10:42 The real cost of API keys and credential sprawl in agentic systems 13:23 Agentic identity identifiers and how SPIFFE assigns unique workload IDs 21:00 Credential types: X.509, JWTs, and workload identity tokens 31:00 Connecting SPIFFE to OAuth and dynamic registration with client ID metadata 38:18 SPIFFE SVIDs, multiple credentials per agent, and governance traceability 41:44 Authentication versus authorization: delegation versus impersonation 47:00 Transaction tokens: binding access to specific transactions to stop token theft 51:21 Identity chaining and cross-domain authorization 55:00 Shared Signals Framework and dynamic authorization 57:00 Gateways, CAEP, and mid-flight token revocation for rogue agents 59:31 What you can deploy today with SPIFFE, OAuth, and existing IDPs 01:02:58 Policy-based access control and why instance-level governance cannot scale 01:04:58 Workload identity federation: Anthropic and Google Agent ID updates 01:07:13 Cross-platform federation and the law of agentic utility 01:11:55 Elevator pitch: agents are workloads and 95% of the problem is solved now 01:17:03 What is coming next: a transaction tokens deep dive Keywords: agentic identity, SPIFFE, SPIRE, OAuth, transaction tokens, Shared Signals Framework, WIMSE, workload identity, non-human identity, authorization delegation, JWT, CAEP, API gateway, IAM standards, AIMS, Jeff Steadman, Sean O'Dell, Pieter Kasselman, IDAC, Identity at the Center, Jim McDonald, Decoded by Identity at the Center Decoded by Identity at the Center: Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Sean O'Dell: https://www.linkedin.com/in/seanodentity/ Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Visit the show on the web at https://idacdecoded.com/

    1h 18m

  6. May 11

    #421 - The AI Identity Control Plane with Henrique Teixeira

    Jeff and Jim welcome back Henrique Teixeira, SVP of Strategy at Saviynt, for his fourth appearance on the podcast. The episode opens with Jim's firsthand experience building an AI agent for a work project and discovering in real time how identity management challenges surface in the agentic era. After conference updates on EIC in Berlin and Identiverse in Las Vegas, Henrique unpacks the crowded terminology around AI agent governance, from Gartner's agent management platforms to UADP, the Unified Agentic Defense Platform. He proposes a three-pillar framework for managing AI and non-human identities: discovery, identity lifecycle and governance, and runtime access management, with guidance on where to start depending on whether your organization is greenfield or legacy-heavy. The conversation then examines how AI is reshaping the analyst business model, what makes information sources trustworthy, and how proprietary inquiry data forms the real competitive moat for firms like Gartner and Forrester. The episode closes with a wide-ranging discussion on AI's risk to shared cultural experiences, hyper-personalized entertainment, and the ethics of licensing your digital identity in the afterlife. Connect with Henrique: https://www.linkedin.com/in/bernardes/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com 00:00:00 Intro 00:00:55 Jim's AI Agent Experiment and Identity Lessons 00:06:04 Conference News: EIC and Identiverse 00:07:22 Identity Beer Community Events 00:08:40 Introducing Henrique Teixeira 00:12:00 AI Control Plane: Competing Terminologies 00:17:36 Three Pillars of AI Agent Identity Management 00:18:46 Why Visibility Matters More for NHI 00:20:00 Ownership, Accountability, and Humans at the Control Plane 00:24:26 Industry Maturity and the Gaps That Remain 00:25:41 Where to Start: Governance-First vs. Visibility-First 00:29:52 AI's Impact on the Analyst Profession 00:34:57 What Analyst Firms Have That AI Cannot Replace 00:39:04 Trust, Boutique Analysts, and Repeatability 00:44:34 Proprietary AI Chatbots and Gated Intelligence 00:49:30 IP Rights and the Legal Gray Zone of AI Training 00:52:14 AI and the Erosion of Shared Cultural Experience 00:58:00 AI Music, Personalized Entertainment, and the Future of Art 01:03:47 Digital Afterlife, Voice Clones, and AI Personas 01:08:18 Wrap-Up and Closing Keywords: IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Henrique Teixeira, Saviynt, AI identity control plane, non-human identities, NHI, agentic AI, AI agents, AI governance, identity lifecycle, access management, discovery, agent management platform, UADP, IAM, Gartner, analyst firms, AI and culture, digital identity, identity security, EIC, Identiverse, identity beer

    1h 10m

  7. May 6

    #420 - Sponsor Spotlight - GitGuardian

    This episode is made possible by GitGuardian. Jeff speaks with Dwayne McDaniel, Principal Developer Advocate at GitGuardian, about secrets sprawl, non-human identity governance, and the findings of the State of Secret Sprawl 2026 report. With 28.6 million secrets leaked to public GitHub in 2025 - a 34% year-over-year increase - they explore why hardcoded credentials persist, how agentic AI tools are making the problem worse, and what IAM practitioners can do to start addressing machine identity governance. Topics include GitGuardian's Good Samaritan notification program, the growing NHI inventory challenge, SPIFFE and SPIRE as a path to zero standing privilege, and data showing Claude Code co-authored commits are more than twice as likely to contain leaked secrets. Visit gitguardian.com/lps/idac to learn more. Connect with Dwayne: https://www.linkedin.com/in/dwaynemcdaniel/ Dwayne's website: https://dwayne-mcdaniel.com/ Learn more about GitGuardian: https://www.gitguardian.com/lps/idac GitGuardian Good Samaritan Program (free) - https://www.gitguardian.com/good-samaritan The State of Secrets Sprawl 2026: https://www.gitguardian.com/state-of-secrets-sprawl-report-2026 SPIFFE Book: https://spiffe.io/book/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com TIMESTAMPS: 00:00 Introduction and sponsor welcome 00:48 Dwayne's background and path to developer advocacy 04:11 Surprises from entering the identity and security space 06:29 What a principal developer advocate actually does 09:32 Why secrets became Dwayne's focus area 14:10 GitGuardian: overview and mission 19:36 Where secrets commonly leak across the SDLC 22:17 The Good Samaritan notification program explained 28:00 Why 70% of leaked secrets from 2022 were still valid in 2025 33:54 State of Secret Sprawl 2026: the year software changed 40:39 AI coding tools, Claude Code, and secrets leakage data 47:28 Practical questions for IAM practitioners to start asking 52:24 Zero standing privilege and the case for SPIFFE/SPIRE 01:00:00 Resources: the SPIFFE book, WIMSE, and AWS STS 01:02:51 Hot sauce, the Cubs, and closing thoughts KEYWORDS: secrets sprawl, hardcoded secrets, non-human identity, NHI governance, GitGuardian, SPIFFE, SPIRE, workload identity, DevSecOps, agentic AI, Claude Code, zero standing privilege, supply chain security, credential abuse, identity and access management, IAM, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Dwayne McDaniel

    1h 13m

  8. May 4

    #419 - Identity Management Day 2026 - IDAC Live

    Recorded live as part of the Identity Management Day 2026 streaming program, Jeff and Jim mark their fifth IMD episode. Introduced by Jeff Reich from the Identity Defined Security Alliance, they reflect on how the IAM industry has evolved since their first IMD episode in 2021 and grade overall progress a C. Topics include what has genuinely improved (passkeys, MFA adoption, broader awareness), what hasn't (compliance fatigue, security theater, persistent credential theft), the exploding challenge of non-human identity governance, whether AI will eventually need to certify other AI, and how AI-powered phishing and deep fakes are raising the bar for identity verification. The episode wraps with chat-submitted IAM bumper stickers. Identity Management Day 2026: https://www.idsalliance.org/event/identity-management-day-2026/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com CHAPTERS 0:00 - Jeff Reich intro from the IMD stream 2:00 - Identity Management Day 2026 kicks off 3:30 - Five years of IMD: a look back at episode 88 7:00 - Does IMD move the needle? 9:30 - Who is Identity Management Day actually for? 12:00 - What has improved in IAM over five years 16:00 - What hasn't improved: compliance fatigue and security theater 18:30 - Grading the IAM industry 21:00 - NHI governance: visibility and accountability 26:00 - Can AI certify AI? Agentic identity governance 29:00 - AI-powered phishing and the evolving threat landscape 32:00 - Deep fakes and the identity verification challenge 36:00 - Lighter note: IAM bumper stickers KEYWORDS identity management day, identity management day 2026, NHI, non-human identity, agentic AI, phishing, deep fakes, IGA, passkeys, MFA, IAM, identity governance, access management, cybersecurity, credential theft, security awareness, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

    30 min
See All (426)

4.9
out of 5
40 Ratings

About

Identity at the Center is a weekly podcast all about identity security in the context of identity and access management (IAM). With decades of real-world IAM experience, hosts Jim McDonald and Jeff Steadman bring you conversations with news, topics, and guests from the identity management industry. Do you know who has access to what?

Information

  • Creator
    Identity at the Center
  • Years Active
    2019 - 2026
  • Episodes
    426
  • Rating
    Clean
  • Copyright
    © 771327
  • Show Website
    Identity at the Center

You Might Also Like