Identity at the Center

Identity at the Center

Identity at the Center is a weekly podcast all about identity security in the context of identity and access management (IAM). With decades of real-world IAM experience, hosts Jim McDonald and Jeff Steadman bring you conversations with news, topics, and guests from the identity management industry. Do you know who has access to what?

  1. 2d ago

    #430 - AI for IAM and IAM for AI with Martin Sandren

    Recorded live at EIC 2026 in Berlin, Jeff and Jim sit down with Martin Sandren, IAM Product Lead at IKEA, for a wide-ranging conversation covering nearly every corner of modern identity security. Martin shares what has changed since his first IDAC appearance on episode 293, including the rise of AI, growing interest in digital sovereignty, and the maturing shared signals framework. The conversation moves through risk-based defense in depth, tiered MFA rollout strategies, session management, and the real challenge of trusting AI to make security decisions. Martin introduces identity dark matter and explains how IVIP can surface the 95-plus percent of applications that never reach an IGA system. The episode also covers shadow AI, MCP server risks, the SaaSpocalypse debate, and the EU AI Act. It closes on a grounded note: solar panels. Connect with Martin: https://www.linkedin.com/in/martinsandren/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com TIMESTAMPS 00:00 Welcome and EIC 2026 intro 01:47 What has changed in two years: AI, sovereignty, shared signals 03:06 Martin's EIC presentations: AI for IAM and IAM for AI 04:46 Can you prioritize one direction over the other? 07:13 What would it take to trust AI making identity decisions? 09:32 AI-enhanced detection and risk-based session management 13:07 Session invalidation and the shared signals framework 14:11 Defense in depth and right-sizing privileges 18:25 MFA today: any MFA versus phish-resistant MFA 19:17 AI chatbots, enterprise LLMs, and shadow AI 23:11 MCP servers, NHI risk, and return on risk thinking 27:00 AI configuring IAM systems: how close are we? 31:30 LLM costs, the SaaSpocalypse, and enterprise AI futures 40:10 Identity dark matter and the IVIP concept 44:16 CMDB versus IVIP: do you need both? 46:18 The EU AI Act and building an AI governance registry 49:18 Where to start: get your AI inventory in place first 50:00 Closing thoughts and the solar panel tangent KEYWORDS AI for IAM, IAM for AI, identity dark matter, IVIP, IGA, shared signals framework, phish-resistant MFA, defense in depth, session management, MCP servers, NHI, shadow AI, SaaSpocalypse, EU AI Act, AI governance, zero standing privilege, EIC 2026, IKEA, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Martin Sandren

    1 hr

  2. Jun 17

    #429 - Sponsor Spotlight - SailPoint

    This episode is presented courtesy of SailPoint. Rob Sebaugh, Senior Identity Strategist at SailPoint, joins Jeff and Jim for a wide-ranging conversation on the past, present, and future of identity governance. Rob brings more than two decades of practitioner experience to the table, including 16 years running large-scale identity programs before making the move to the vendor side. The conversation covers what identity governance means today, why it must move to the forefront rather than be treated as an afterthought in an agentic world, and how organizations need to think fundamentally differently about non-human identities. Jeff and Jim explore the concept of treating AI as a first-class identity, how AI is beginning to replace rubber-stamp access certifications, the shift toward policy-based access control, and the practical path toward zero standing privilege. The episode wraps with a lighter conversation about Rob's 3D printing hobby. About SailPoint: SailPoint (Nasdaq: SAIL) is defining the new era of adaptive identity security. In a world where non-human identities now significantly outnumber humans, our AI-powered platform unifies identity, security, and data intelligence to protect today’s enterprise from advanced identity-based threats. We deliver the identity solution that spans both the breadth of identities and the depth of context needed to drive real-time access with confidence. Built on principles like zero-standing privilege and contextualized risk, our SailPoint platform transforms identity from a point of vulnerability into a powerful security advantage. Trusted by many of the world's leading organizations, SailPoint secures the enterprise with intelligent, autonomous identity security. Learn more about SailPoint: https://www.sailpoint.com/ Connect with Rob: https://www.linkedin.com/in/rob-sebaugh-1ba9013/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com Timestamps: 00:00 Introduction 00:48 Rob Sebaugh and the identity strategist role at SailPoint 04:38 Practitioner advice from the field 07:49 What SailPoint does: the hotel key analogy 11:04 Buying identity technology means buying a business process 13:30 What identity governance is and why it still matters 16:47 Risk-appropriate governance and privileged access 19:39 Non-human identities and the scale of the agentic challenge 22:57 Treating AI as a first-class identity 24:28 When AI makes governance decisions: beyond rubber stamping 28:04 Is identity governance a binary decision? 29:58 Securing data inside AI and large language models 34:09 Identity: the field that reinvents itself 35:01 Identity as the new control plane 37:21 Is all access privileged access? 40:25 Zero standing privilege in practice 44:22 Innovation, continuous identity, and what SailPoint is building 46:28 Identity posture management 50:13 Practitioner advice for the next three to five years 53:00 The future of IGA in ten years 57:44 Lighter note: 3D printing with Rob Sebaugh 1:05:35 Final thoughts on SailPoint Keywords: Rob Sebaugh, SailPoint, identity governance, identity security, IGA, non-human identities, agentic AI, zero standing privilege, just-in-time access, identity posture management, control plane, zero trust, policy-based access control, AI certification, rubber stamping, sponsor spotlight, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

    1h 7m

  3. Jun 15

    #428 - Modernizing IGA with Thomas Zarnhofer

    Recorded live at EIC 2026 in Berlin, Jeff and Jim sit down with Thomas Zarnhofer, IAM Architect at a major retail company in central Europe. Thomas shares his experience leading a full IGA transformation from a decade-old on-premise system to a modern cloud-based platform. The conversation covers the shift from a contract-based to a person-based identity model, the importance of cleaning data before migration begins, a three-phase framework of Foundation, Migration, and Adoption, lessons learned from running two systems in parallel, and a look at how AI could make IGA predictive. The episode ends with Thomas's tips for visiting Austria. Connect with Thomas: https://www.linkedin.com/in/tzarnhofer/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com Timestamps 00:00 Introduction and EIC 2026 Setting 02:00 Thomas's Identity Origin Story 04:21 The Catalyst for IGA Modernization 07:43 Contract-Based vs Person-Based Identity Models 09:22 Consolidating Master Data Sources 11:39 Data Quality and Attribute Ownership 13:34 Partnering with HR for Clean Data 16:43 Data Analysis: Why They Chose Excel Over AI 17:53 Clean Your Data Before You Migrate 18:23 The Three Phases: Foundation, Migration, Adoption 20:12 Driving Adoption Across the Organization 21:10 Running Two Systems in Parallel 22:47 Challenge Everything vs Lift and Shift 27:23 Surprises in the Cloud IGA Journey 29:02 Testing Requirements in the Cloud 29:51 AI and the Future of IGA 32:25 AI Chatbots and Role Discovery 35:30 Scoping Business Role Visibility 36:06 Life Outside IAM: Travel and Austria Tips Keywords: IAM, IGA, Identity Governance, IGA Migration, On-Premises to Cloud, Identity Model, Contract-Based Identity, Person-Based Identity, Master Data, Data Quality, HR Integration, Joiner Mover Leaver, Cloud IGA, Retail IAM, EIC 2026, AI in IGA, Predictive IGA, Role Management, Access Governance, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Thomas Zarnhofer

    42 min

  4. Jun 8

    #427 - Identiverse 2026 Preview with Heather Flanagan and Andi Hindle

    Jeff and Jim are joined by Heather Flanagan, Content Chair, and Andi Hindle, Conference Chair, for a full preview of Identiverse 2026 at Mandalay Bay in Las Vegas. They cover the 2026 theme of trust and change, why AI was removed as a standalone track and redistributed across all content areas, the provocative argument that non-human access now dramatically outpaces human access and is reshaping identity system design, whether authentication is truly solved, authorization as the harder unsolved problem, CFP surprises, networking events including Women at Identiverse, and predictions for 2027. Save 30% with code IDV26-IDAC30%. New IDPro members save $25 at idpro.org/idac. Connect with Heather: https://www.linkedin.com/in/hlflanagan/ Connect with Andi: https://www.linkedin.com/in/ahindle/ Identiverse 2026: https://events.identiverse.com/2026/begin?code=IDV26-IDAC30%25 Heather's IAM Conference List: https://github.com/fedidcg/meetings/wiki/2026-List-of-Identity-and-Related-Conferences-and-Standards-Development-Events Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com TIMESTAMPS 00:00:00 Introduction and SolarWinds breach banter 00:03:27 Identiverse preview and discount codes 00:06:10 Guest introductions 00:06:52 Role of Content Chair 00:08:46 Role of Conference Chair 00:11:16 2026 conference theme 00:15:00 AI as context, not a standalone track 00:16:32 Control plane vs enablement plane debate 00:22:19 What the industry is underestimating 00:24:00 Non-human access outpaces human access 00:26:52 Is authentication solved? Passkeys 00:30:31 Authorization: far from solved 00:36:04 Extensibility in standards and deployments 00:38:22 CFP surprises: fraud and identity proofing 00:41:48 Usability and UX gaps 00:43:18 Agentic AI: identity or governance? 00:47:55 Networking and newcomer programming 00:51:45 Women at Identiverse 00:52:46 AI-generated CFP submissions 00:55:00 Predictions for Identiverse 2027 00:58:04 Theme songs for Identiverse 2026 01:02:58 Heather's identity conference list on GitHub 01:04:47 Swag culture at identity conferences 01:12:25 Wrap-up KEYWORDS Identiverse 2026, Heather Flanagan, Andi Hindle, identity conference, NHI, non-human identity, agentic AI, passkeys, authentication, authorization, IAM, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, digital identity, continuous identity architecture, zero standing privilege, verifiable credentials, identity governance

    1h 14m

  5. Jun 3

    #426 - Sponsor Spotlight - Crowdstrike

    This episode and the Identity at the Center podcast is supported by CrowdStrike. Learn more at crowdstrike.com. Jeff Steadman and Jim McDonald sit down with Scott Kriz, GM of Continuous Identity at CrowdStrike, for a deep dive into continuous identity, zero standing access, and the convergence of identity and security. Scott traces his path from co-founding Bitium, to selling it to Google Cloud, to building SGNL and ultimately joining CrowdStrike. The conversation covers how continuous identity works in practice, why traditional PAM and IGA fall short in a real-time world, and what the rise of agentic AI means for identity governance at scale. Connect with Scott: https://www.linkedin.com/in/scottkriz/ Learn more about Crowdstrike: https://www.crowdstrike.com/en-us/platform/next-gen-identity-security/caep/?idac Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com 00:00:00 Introduction and welcome 00:01:21 How Scott got into identity and co-founded Bitium 00:03:55 Selling to Google Cloud and the inspiration for SGNL 00:05:02 Continuous identity and zero standing access explained 00:09:13 Defining continuous identity at CrowdStrike 00:10:20 How continuous identity differs from PAM and IGA 00:15:06 Data as the foundation for continuous identity 00:19:29 Open ecosystems, Shared Signals Framework, and CAEP 00:25:26 Agents, identity chaining, SPIFFE, SPIRE, and MCP gateways 00:33:02 Identity inside CrowdStrike's broader security strategy 00:37:27 Identity security budgets and ROI-driven purchasing 00:40:04 Agentic scale and the need for automated identity controls 00:43:39 The SGNL acquisition: what it means for both companies 00:50:25 Zero trust as a real architectural framework 00:54:00 Helicopter skiing, avalanches, and staying present Keywords: IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Scott Kriz, CrowdStrike, SGNL, continuous identity, zero standing access, PAM, IGA, zero trust, agentic AI, non-human identity, NHI, SPIFFE, SPIRE, MCP, identity security, real-time authorization, cybersecurity

    1h 2m

  6. Jun 1

    #425 - EIC 2026 Recap & IdentiBeer Berlin

    Jeff and Jim recap their week at KuppingerCole's EIC 2026 in Berlin, covering standout keynotes, hallway conversations, and sessions on securing AI agents, CIAM, and AI versus nuclear regulation. They announce a giveaway of Eve Maler's signed copy of Mastering Digital Identity for YouTube commenters by June 12th. The episode also features live footage and a full interview with Espen Bago, founder of IdentiBeer, recorded at the Berlin event. Jeff, Jim, and Espen discuss the rapid global growth of the IdentiBeer community, terminology challenges around NHI and IAM concepts, the gap between conference talk and real client needs, and why the industry keeps bypassing foundational data work in the rush toward AI and agentic identity. Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com 00:00:10 Welcome and EIC 2026 Setup 00:03:57 Eve Maler Book Giveaway Details 00:05:00 Conference Highlights: Keynotes and Hallway Con 00:06:07 Elizabeth Garber's Standing Ovation Keynote 00:07:02 Brazil Invitation and Securing AI Agents 00:09:10 Nuclear Regulation vs. AI Regulation 00:11:07 Upcoming EIC Episode Preview 00:14:16 IdentiBeer Berlin Live Event 00:14:29 Interview with Espen Bago Begins 00:15:14 IdentiBeer Growth and Global Expansion 00:17:23 The IdentiBeer Name Debate 00:23:26 Data Quality Gaps in NHI and IAM 00:26:31 Who Owns IAM Terminology? 00:34:20 Conference Talk vs. Client Reality 00:40:52 The HR-IAM Gap Nobody Talks About 00:43:17 Fundamentals: The Karate Kid Analogy Keywords: EIC 2026, European Identity Conference, IdentiBeer, Espen Bago, Eve Maler, Elizabeth Garber, Mastering Digital Identity, Berlin, Identiverse, NHI, non-human identities, IAM fundamentals, AI regulation, agentic identity, IGA, PAM, CIAM, IDPro, identity community, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

    47 min

  7. May 25

    #424 - IDAC Mailbag for May 2026

    Jeff and Jim are back with the May 2026 mailbag, answering listener questions from Amsterdam, Mumbai, Austin, and Berlin. Topics include navigating IAM vendor acquisitions, defending against AI deepfakes in remote onboarding, governing contractor and third-party identities, fixing the leaver process in IGA, and tackling a decade of IAM technical debt. The episode closes with unpopular industry opinions: why RFPs are procurement theater, why rip and replace should be normalized, and why one-throat-to-choke vendor thinking usually backfires. IDPro new member discount: https://idpro.org/idac/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com CHAPTER TIMESTAMPS 00:00 Intro and SNL nostalgia 03:25 AI model roundup: ChatGPT, Claude, Gemini, and usage limits 10:16 Identiverse 2026 and IDPro member discount 14:53 Q1: Navigating vendor acquisitions (Isabelle, Amsterdam) 24:00 Q2: AI deepfakes in identity verification (Rajan, Mumbai) 32:32 Q3: Contractor and third-party identity governance (Caleb, Austin) 43:00 Q4: The leaver process and IGA scope gaps (Anonymous) 51:10 Q5: Tackling IAM technical debt (Tomas, Berlin) 57:00 Normalizing rip and replace 01:01:00 RFPs, one throat to choke, and other hot takes 01:08:00 Wrap-up KEYWORDS IAM, identity governance, IGA, vendor consolidation, acquisitions, deepfakes, identity verification, contractor management, non-employee identity, technical debt, rip and replace, RFP, joiner mover leaver, leaver process, Identiverse 2026, IDPro, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

    1h 11m

  8. May 18

    #423 - The Middle Market Identity Security Gap with Robert Snodgrass

    Jeff and Jim welcome back Robert Snodgrass, Principal at RSM, for a deep dive into the RSM Middle Market Business Index cybersecurity report. The conversation covers the confidence gap facing middle market organizations, why digital identity remains undervalued despite being the primary attack surface, non-human identity governance, flat cybersecurity budgets, risk framework adoption, and what good incident response preparedness actually looks like. The episode wraps with a spirited Bitcoin Pizza Day toppings debate. Connect with Robert: https://www.linkedin.com/in/robert-snodgrass-7a199412/ Review the RSM US Middle Market Business Index Special Report on Cybersecurity 2026: https://rsmus.com/middle-market/cybersecurity-mmbi.html?cmpid=ola:45559-idac:bb01 IDPro new member discount: https://idpro.org/idac/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com TIMESTAMPS 00:00:00 Introduction and Scatter Spider social engineering discussion 00:04:00 IDPro discount code and upcoming conferences 00:06:26 Guest intro: Robert Snodgrass and the MMBI report 00:09:05 Defining the modern middle market 00:12:00 The confidence gap: 96% confident, 18% breached 00:15:04 Why attackers log in and top identity investment priorities 00:19:00 Why only 23% of leaders prioritize digital identity 00:22:00 Internal partnerships as the path to identity program success 00:25:10 AI, shadow AI, and non-human identity risks 00:31:00 NHI governance at scale: 45 to 1 ratio 00:34:50 Cybersecurity budget realities in the middle market 00:39:00 EU regulation and top-line cybersecurity drivers 00:42:03 NIST CSF adoption and risk framework value 00:46:00 Incident response planning: the two-minute drill 00:52:16 Bitcoin Pizza Day and closing thoughts KEYWORDS identity security, middle market, cybersecurity, MMBI, RSM, Robert Snodgrass, phishing-resistant MFA, non-human identities, NHI, shadow AI, incident response, NIST CSF, IAM, identity governance, ransomware, tabletop exercises, digital identity, cybersecurity budget, identity program, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

    1h 2m
See All (430)

4.9
out of 5
40 Ratings

About

Identity at the Center is a weekly podcast all about identity security in the context of identity and access management (IAM). With decades of real-world IAM experience, hosts Jim McDonald and Jeff Steadman bring you conversations with news, topics, and guests from the identity management industry. Do you know who has access to what?

Information

  • Creator
    Identity at the Center
  • Years Active
    2019 - 2026
  • Episodes
    430
  • Rating
    Clean
  • Copyright
    © 771327
  • Show Website
    Identity at the Center

You Might Also Like