This episode features Geoffrey Mattson, CEO of SecureAuth, joined by co-host Sarah Cicchetti, Director of Product Management at Semperis. Geoffrey has spent decades building and leading companies at the intersection of AI and cybersecurity, including MistNet.ai, an AI-native threat detection platform acquired by LogRhythm, and Xage Security, where he drove zero trust adoption across the U.S. military, global energy firms, and Fortune 500 enterprises. At SecureAuth, he leads a platform built around continuous, real-time identity authority across workforces, APIs, and AI agents. In this episode, Geoffrey argues that agents combine the speed of automation with the unpredictability of humans, making real-time per-action authorization the only viable control model. He discusses why “friendly fire” from well-meaning employees is the biggest threat vector right now, how MCP vendors are ignoring their own OAuth spec, and what a practical agent rollout with real guardrails actually looks like. This episode reframes authorization as the problem the identity industry has been deferring for years and can no longer avoid. Guest Bio Geoffrey Mattson is a serial entrepreneur and globally recognized cybersecurity and AI executive with decades of experience building market-defining companies and technologies that protect the world’s most critical systems. He is currently CEO of SecureAuth, a leader in AI-driven identity and access management with its Continuous Authority, ensuring ongoing verification across workforces, customers, APIs, and AI agents. This is enabled through its Private Authority Platform, which puts authentication and authorization under your control through any deployment model (cloud, on prem, hybrid, air-gapped). Prior to SecureAuth, Mattson served as CEO of Xage Security, where he led the company in Zero Trust for critical environments from energy to agentic AI. Under his leadership, Xage achieved rapid adoption across the U.S. military, global energy firms, and Fortune 500 enterprises. Previously, Geoffrey Mattson was co-founder and CEO of MistNet.ai, an AI-native threat detection platform acquired by LogRhythm. He pioneered decentralized analytics and machine learning approaches for real-time cyber defense, and later served as SVP of Product at LogRhythm, driving global expansion and shaping the next generation of SIEM/SOAR solutions. Earlier, he held senior executive roles at Juniper Networks, overseeing a $2B product portfolio and leading major M&A efforts, and at Huawei Technologies as SVP and CTO for networking and data center platforms. His engineering leadership at Corona Networks, Caspian, and Bay Networks helped build foundational technologies in network and security architecture. Guest Quote “With agents, you have the power and the speed of an automated process with the unpredictability of a human. And in fact, we are seeing their behavior and their psychology makes them even perhaps less predictable than a human.” Time stamps 01:45 Meet Geoffrey Mattson: Serial Entrepreneur and Cybersecurity Executive 02:40 Why Identity Is Having a Moment 08:40 Defining Agent Identity 12:15 Behavioral Guardrails for Agents 14:37 Agent Identity Lifecycle 17:36 Just-in-Time vs. Standing Privilege 18:02 C-Suite Pressure and Friendly Fires 21:00 When Agents Live Off the Land 26:12 MCP, OAuth, and Token Pitfalls 28:04 Threat Models and Rollout Strategy 30:13 LLMs and Policy Authoring 31:23 Conclusion and Final Thoughts Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more. Links Connect with Geoffrey on LinkedIn Connect with Sarah on LinkedIn Connect with Sean on LinkedIn Don't miss future episodes Learn more about Semperis
