Hybrid Identity Protection Podcast

Semperis
  • 5.0 (4)
  • TECHNOLOGY
  • UPDATED SEMIMONTHLY

The HIP Podcast is the premier podcast for cybersecurity pros charged with defending hybrid identity environments. Hosted by 15-time Microsoft MVP and Active Directory security expert, Sean Deuby. Presented by Semperis: the pioneers of identity-driven cyber resilience for the hybrid enterprise.

  1. Securing Non-Human Identities in the Age of Agentic AI with Sarah Cecchetti, Director of Product Management at Semperis

    APR 28

    Securing Non-Human Identities in the Age of Agentic AI with Sarah Cecchetti, Director of Product Management at Semperis

    This episode features Sarah Cecchetti, Director of Product Management at Semperis. A veteran identity executive, Sarah co-founded IDPro and co-authored NIST SP 800-63-3C Digital Identity Guidelines. She previously led Amazon Cognito as Head of Product at AWS, where she also open-sourced Cedar, the policy language at the center of this conversation. In this episode, Sarah presents her Bsides Seattle talk "Identity Crisis: IAM's Wild Ride in the AI Jungle" on why the assumptions that shaped modern identity have been overturned by the pace of agentic AI. She covers where authentication and authorization standards currently fall short for non-human identities and walks through the emerging frameworks the industry is building to fill that gap. This episode makes the case that natural language safety instructions are not a substitute for provable, external guardrails. Guest Bio Sarah Cecchetti is a seasoned technology executive driving product management at Semperis. At AWS, she led Amazon Cognito to triple-digit growth as Head of Product and led the open-sourcing of Cedar, a new access management language. She co-founded IDPro and co-authored NIST SP 800-63-3C Digital Identity Guidelines. Sarah has designed secure identity systems for corporate clients as well as US and Canadian governments and is recognized as a top identity professional by Okta Ventures and OWI. She’s a keynote speaker at global identity conferences like Identiverse and Authenticate. Guest Quote  “[The] average enterprise has 250,000 non-human identities, and 97% of those have excessive privilege. And 68% of organizations lack AI identity controls...The concept of excessive privilege has almost been accepted by the industry at this point. That's just the way it's done.” Time stamps 01:45 Meet Sarah Cecchetti: Seasoned Identity Executive 02:36 Sarah’s Bsides Seattle Talk: Identity Crisis: IAM's Wild Ride in the AI Jungle 04:19 How Deepfakes Broke Biometrics 06:37 The Scale of Non-Human Identities 09:34 How NHIs Differ from Human Identities 10:38 Why FIDO Doesn't Work for AI Agents 12:19 Introducing SPIFFE and Workload Identity 15:45 How SPIFFE Works in Practice 17:34 Where AI Protocols Are Falling Short 21:12 The Problem with OAuth Client Credentials 23:18 Dynamic Registration and Database Sprawl 24:38 Client ID Metadata Documents Explained 28:43 Authentication Standards: Who Wins the Client ID Field? 30:21 Cedar: Deterministic Authorization for AI Agents 33:58 Clawdrey Hepburn: Sarah's AI Agent in Practice 40:09 Conclusion and Final Thoughts Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more. Links OAuth Client ID Metadata Document Connect with Sarah on LinkedIn Connect with Sean on LinkedIn Don't miss future episodes Learn more about Semperis

    43 min
  2. 1 Thing to Do to Avoid a Breach: 5 Identity Experts Answer

    APR 14

    1 Thing to Do to Avoid a Breach: 5 Identity Experts Answer

    This episode features a virtual roundtable hosted by Michele Crockett, Associate VP of Product Marketing at Semperis. The panel brings together five practitioners with deep experience in identity security: Alex Weinert, Chief Product Officer at Semperis; Christopher Brumm, Cyber Security Architect at glueckkanja; Eric Woodruff, Chief Identity Architect at Semperis; Jorge de Almeida Pinto, Senior Incident Response Lead at Semperis; and Michael Van Horenbeeck, CEO and Senior Solution Architect at The Collective Consulting. Collectively, they represent experience across incident response, Microsoft product development, enterprise architecture, and security leadership. In this discussion, the panel addresses how to allocate limited security budgets across prevention and recovery, why the same AD misconfigurations keep appearing in assessments year after year, and what AI means for defenders and attackers alike. This episode is a practical, field-tested conversation about what moves the needle when resources are constrained. Guest Quote "80% of permissions that are out there are users that have access to systems they don't need. Going back to that Tier 0 system, a hundred percent of what's got access to Tier 0, you should know what it is, why it has access, why it needs it, [and] what's going on...  Any apps that you can't prove what they're there for, turn them off. See who yells." Time stamps 0:00 Meet the Panelists 00:00 AI in Cybersecurity 02:23 Budgeting for Identity Security 05:08 Field Lessons and AD Misconfigs 08:48 Prioritizing Prevention and Funding 12:59 Current Attacker Trends 14:56 Hybrid and Multi Cloud Risks 17:02 Entra Private Access POC 18:28 Lightning Round Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more. Links Connect with Alex on LinkedIn Connect with Chris on LinkedIn Connect with Eric on LinkedIn Connect with Michael on LinkedIn Connect with Jorge on LinkedIn Connect with Michele on LinkedIn Connect with Sean on LinkedIn Don't miss future episodes Learn more about Semperis

    28 min
  3. Governance After the Fact: The Hidden Risk of App Sprawl with Sander Berkouwer and Raymond Comvalius, Microsoft MVPs

    MAR 31

    Governance After the Fact: The Hidden Risk of App Sprawl with Sander Berkouwer and Raymond Comvalius, Microsoft MVPs

    This episode features Sander Berkouwer and Raymond Comvalius, two longtime identity security experts and Microsoft Most Valuable Professionals (MVPs). Sander is an independent identity architect and author of the Active Directory Cookbooks. Raymond is an IT specialist and senior technical consultant specializing in hybrid identity, Microsoft Entra ID, and identity lifecycle automation. In this episode, they explore a growing blind spot in cloud security: application governance. As organizations adopt more cloud apps and integrations, identity platforms like Microsoft Entra ID often accumulate hundreds of application registrations with little oversight. They explain why governance so often falls behind adoption, share practical steps organizations can take to regain control, and discuss the next frontier of identity. Guest Bios Sander Berkouwer DirTeam Sander Berkouwer works as an independent identity architect in the Netherlands, where he helps organizations make the most out of Microsoft products, services, strategies, and technologies. Sander blogs on DirTeam.com. He regularly gets invited as speaker for his enthusiastic approach, his in-depth real-world knowledge and as the author of the much-appraised Active Directory Cookbooks. Sander has been awarded the Microsoft Most Valuable Professional (MVP) award (for the last 17 years), Veeam Vanguard award (for the last 8 years) and VMware vExpert (for 3 years). Raymond Comvalius Raymond Comvalius is an IT specialist and senior technical consultant with more than two decades of experience delivering enterprise infrastructure, identity, and security improvements. His work centers on hybrid identity and Microsoft ecosystems, including Microsoft Entra ID, Conditional Access, and identity lifecycle automation with Microsoft Graph and scripting. Raymond advises teams on pragmatic roadmaps for strengthening authentication (MFA, passkeys/FIDO2, Windows Hello), improving governance, and operationalizing secure access at scale across cloud and on-prem environments. Beyond consulting, he serves as a board member and co-hosts the IT Bro’s Podcast, sharing news and insights for identity and security professionals. Guest Quotes  “In your tenant, you want to know what objects are in there, and it doesn't matter if those are users or groups or applications. You want to know what's in there so that you can keep track of what's going on.” - Raymond Comvalius “There's a difference between an application and an agent. An agent is far more ephemeral. It does a job that requires some sort of permission. It spins up, it does its thing, and it spins down.” - Sander Berkouwer Time stamps 00:45 Meet Sander Berkouwer and Raymond Comvalius: Microsoft Most Valuable Professionals (MVPs) 02:32 Importance of Entra Application Governance 12:29 How to Get Started with Application Governance 20:18 Understanding Entra Agent ID 26:59 Conclusion and Final Thoughts Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more. Links Connect with Sander on LinkedIn Connect with Raymond on LinkedIn Connect with Sean on LinkedIn Don't miss future episodes Learn more about Semperis

    28 min
  4. 130 MPH Decisions: What Drag Racing Teaches About Incident Response with Krista Arndt, Associate CISO at SLUHN

    MAR 17

    130 MPH Decisions: What Drag Racing Teaches About Incident Response with Krista Arndt, Associate CISO at SLUHN

    This episode features Krista Arndt, Associate CISO at St. Luke’s University Health Network. With a career spanning healthcare, finance, crypto, and the Department of Defense, Krista brings a uniquely nontraditional path into cybersecurity, one shaped by mission-driven leadership, authenticity, and a commitment to mentorship. In this episode, Krista explains why identity sits at the center of nearly every major cyber incident and shares lessons from real-world response work. She also draws a striking parallel between incident response and her life as a national drag racing competitor, where staying calm under pressure and building in fail-safes can mean the difference between disaster and resilience. This episode is a powerful look at what it means to lead in cybersecurity. Guest Bio Krista Arndt is the Associate CISO SLUHN. As the Associate CISO, Krista is responsible for managing the security program's day-to-day operational effectiveness. In her previous roles, Krista assisted with developing and leading security programs in crypto, finance, and the Department of Defense. Krista earned her Bachelor's Degree in Biology from Felician College in NJ where she was a scholarship athlete, serving as the women’s basketball team captain. She also holds her CISM and CRISC certifications and NHRA competition driver's license. Krista is an active member of ISACA, serves as InfraGard Philadelphia Chapter’s Healthcare Sector Chief, serves on Neumann University's Business Advisory Council and is Marketing Committee chair for Women in Cybersecurity-Delaware Valley Affiliate. Krista is also a published author, detailing her journey to embracing her unique authenticity in her book, “Permission to be Real; How to Lead, Influence, and Thrive Without Fitting the Mold". Through this service and her writing, Krista's mission is to give back to her community by providing mentorship and support for aspiring cybersecurity professionals, especially for women who wish to enter the field.  When off the clock, Krista takes her affinity for overcoming challenges to the garage and the race track, where she enjoys building and improving her own race car, competing as a driver in national drag racing events with her family, and using her racing as a forum to advocate for neurodiversity awareness and inclusion. Guest Quote “In the incidents that I've been involved in, major or not, I’ll tell you—identity is at the crux of that... They’re trying to get unfettered access…  How do they get unfettered access? Through an identity that isn’t secured correctly.” Time stamps 00:45 Meet Krista Arndt: Veteran CSO 06:17 Writing Permission to Be Real 10:43 Speaking the Business Language: Why Security Translation Matters 12:49 Lessons from Real-World Incidents 15:43 AI Agents and the Next Wave of Identity Risk 16:55 What Drag Racing Teaches About Incident Response 23:28 Surviving the CISO Seat 26:44 Conclusion and Final Thoughts Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more. Links Connect with Krista on LinkedIn Check out Krista’s book: Permission to be Real Learn more about St. Luke’s University Health Network Connect with Sean on LinkedIn Don't miss future episodes Learn more about Semperis

    28 min
  5. Is Active Directory Dead? The Future of Microsoft AD with Cliff Fisher, Senior Solutions Architect at Semperis

    MAR 3

    Is Active Directory Dead? The Future of Microsoft AD with Cliff Fisher, Senior Solutions Architect at Semperis

    This episode features Cliff Fisher, Senior Solutions Architect at Semperis and former Senior Technical Program Manager on Microsoft’s Active Directory product group. With over a decade spent inside Microsoft supporting enterprise customers and helping guide Active Directory’s security and roadmap, Cliff brings a rare insider perspective on what’s actually happening behind the scenes of one of the world’s most widely deployed identity platforms. In this episode, Cliff tackles the question many organizations are still asking: Is Active Directory really going away? He explains why the shift to cloud identity has moved far slower than expected, shares polling data that confirms hybrid environments are here for the long term, and breaks down how Microsoft is still investing in AD through security hardening, supportability improvements, and features like Windows LAPS. This episode offers a clearer look at why Active Directory remains central to enterprise identity and what defenders need to prepare for as hybrid becomes the default reality. Guest Bio With nearly 20 years of Active Directory experience across varied roles in system administration, support, debugging, and program management, Cliff spent over a decade at Microsoft supporting Premier and Unified customers and, most recently, managing the releases of Windows LAPS, new features for Server 2025, and monthly security and quality updates. In January of 2026, he joined Semperis, bringing his unique blend of skills, perspectives, and passion to their stacked roster of established identity experts. Guest Quote  “The easiest way to get everyone secure is to get people all to the cloud. What [Microsoft] didn't realize... is that customers just aren't going to be able to absorb change at that rate, and especially at that cost. Shifting to the cloud is not cheap.” Time stamps 01:45 Meet Cliff Fisher: Identity security expert 04:24 Microsoft's Vision for Active Directory 07:58 Challenges and Future of Active Directory 23:12 The Complexity of AD Code and Security Vulnerabilities 24:39 Understanding Fuzzing and Its Importance 27:28 Domain Join Hardening and Its Challenges 36:28 Windows LAPS and Future Security Measures 41:39 Why is RC4 Going Away? 45:14 Conclusion and Final Thoughts Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more. Links Connect with Cliff on LinkedIn Connect with Sean on LinkedIn Don't miss future episodes Learn more about Semperis Submit your proposal to speak at HIP Conf 26: HIP Conf 26 Call for Papers Submission

    47 min
  6. How a Single Breach Can Turn into a Full Compromise with Tim Beasley, Senior Incident Response Consultant at Semperis

    FEB 17

    How a Single Breach Can Turn into a Full Compromise with Tim Beasley, Senior Incident Response Consultant at Semperis

    This episode features Tim Beasley, a Senior Incident Response Consultant at Semperis with decades of experience in compromise recovery and post-breach response. With a background that includes leading recovery efforts at Microsoft’s DART team and helping build the Compromise Recovery Security Practice, Tim brings deep operational insight into what happens after attackers gain access. His work spans ransomware, nation-state intrusions, and large-scale identity compromises across public and private sector organizations. In this episode, Tim explains why gaining access is only the beginning of modern attacks and why identity remains the primary path for escalation. He breaks down how attackers exploit credential exposure and identity infrastructure, and why prevention alone fails without a recovery-first mindset. He shares real-world lessons from incident response and recovery, including how teams contain threats and limit the impact of identity compromises. This episode reframes identity security as a resilience problem and offers a clearer way to think about preparing for the breach you haven’t detected yet. Guest Bio Tim Beasley is a Senior Incident Response Consultant at Semperis. He is Microsoft and VMware Certified, a MIS graduate, and a self-driven IT professional with experience in both public sector and private sector technology. While extremely loyal to employers, Tim has gained quality knowledge throughout a career that's enabled tremendous growth in an IT security environment. He enjoys challenges and implements proactive measures to maintain complete customer satisfaction and success. Guest Quote “Everything in compromise essentially starts with identity. We always say identity is the new perimeter. It's true. All attacks, breaches, every engagement that I've been a part of... all start with a compromised set of credentials.” Time stamps 00:41 Meet Tim Beasley: Cybersecurity Specialist 01:32 Tim's Journey at Microsoft 12:24 The Role of Identity in Cybersecurity 20:57 Real-World Cybersecurity Identity Challenges 23:27 The Big Four in Identity Management 24:01 Flashcard Fiascos: Cyberattacks Across Industries 32:50 Assume Breach Mentality 37:08 Conclusion and Final Thoughts Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more. Links Connect with Tim on LinkedIn Connect with Sean on LinkedIn Don't miss future episodes Learn more about Semperis

    40 min
  7. Rethinking the Human Factor in Identity Security with World-Leading Cyberpsychologist, Dr. Mary Aiken

    FEB 3

    Rethinking the Human Factor in Identity Security with World-Leading Cyberpsychologist, Dr. Mary Aiken

    This episode features Dr. Mary Aiken, Professor of Cyberpsychology at Capitol Technology University and one of the world’s leading experts on the impact of technology on human behavior. With a career spanning academia, law enforcement advisory roles, and global policy work with organizations like INTERPOL and Europol, Dr. Aiken brings deep insight into how human psychology shapes security outcomes. Her work focuses on the human layer of cyber risk—how trust, perception, fatigue, and bias influence behavior in digital environments. In this episode, Dr. Aiken explains why humans aren’t the weakest link in cybersecurity but the most targeted. She shows how attackers weaponize human behavior through phishing, MFA fatigue, and insider recruitment, and why hybrid identity must be treated as a cyber-psychological battlefield. She also discusses what human-aware defenses look like in practice and why intelligence augmentation is critical to psychological and technical resilience. This episode reframes identity security as a human problem first and offers a clearer way to think about protecting people in an increasingly manipulative digital world. Guest Bio Dr Mary Aiken is a world leading expert in Cyberpsychology – the study of the impact of technology on human behaviour. She is Professor of Cyberpsychology and Chair of the Department of Cyberpsychology at Capitol Technology University Washington D.C.’s premier STEM University, and Professor of Forensic Cyberpsychology at the University of East London. Professor Aiken is a Member of the INTERPOL Global Cybercrime Expert Group and an Academic Advisor to Europol's European Cyber Crime Centre (EC3). She is a Fellow of The Royal Society of Medicine, a member of the Medico-Legal Society and an International Affiliate Member of the American Psychological Association (APA). She is a former Global Fellow at the Washington DC Wilson Center, and is a Fellow of the Society for Chartered IT Professionals. She is a former Director of the Royal College of Surgeons (RCSI) Cyberpsychology Research Centre. Dr Aiken's work inspired the CBS PrimeTime TV series 'CSI: Cyber.' Her landmark bestselling book 'The Cyber Effect' was a 2016 'Times book of the year.' Dr Mary Aiken is recognised as an international expert in industry and policy debates at the intersection of technology and human behaviour she has been invited to present at events organised by global organisations such as the United Nations, the European Union, NATO, G7, Europol, INTERPOL and the White House. Guest Quote “People talk about humans being the weakest link in the cybersecurity equation. They're not the weakest link, they're just simply the most targeted link.” Time stamps 01:58 Meet Dr. Mary Aiken: World-leading Expert in Cyberpsychology 03:17 The Psychology of Cybersecurity 10:40 Behavioral Differences Online vs. Real World 15:17 Cyber Behavioral Attack Vectors 23:05 Future of Cybersecurity: AI and Human Collaboration 25:46 Conclusion and Final Thoughts Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more. Links Connect with Dr. Aiken on LinkedIn Connect with Sean on LinkedIn Don't miss future episodes Learn more about Semperis

    26 min
  8. Stopping Ransomware at the Backup Layer with Andy Drag, Staff Product Manager at Cohesity

    JAN 20

    Stopping Ransomware at the Backup Layer with Andy Drag, Staff Product Manager at Cohesity

    This episode features Andy Drag, Staff Product Manager at Cohesity. With a background in systems administration and two managed service provider startups, Andy brings deep, hands-on insight into the challenges IT teams face. Over the last decade, he’s led product management across backup vendors and SaaS continuity platforms, shaping products around integrations, cyber recovery, and resilience. In this episode, Andy shows how ransomware has changed the stakes for backup and identity, and why they must be treated as tier-zero systems. He explains how attackers now target backup platforms, what tighter roles, isolation, and immutability look like in practice, and why actually rehearsing recovery is more important than any architecture diagram. This is a realistic look at whether your recovery plan will work in a real-world attack or only looks good on paper. Guest Bio Andrew Drag is a Staff Product Manager at Cohesity, focused on identity resilience and Microsoft enterprise applications.. He began his career in systems administration before founding two local managed service provider startups, giving him deep, hands-on experience with the challenges IT teams face. Over the last decade, he has transitioned into product management, shaping products across legacy backup and recovery vendors as well as SaaS business continuity platforms with specific focuses on integrations, cyber recovery, and SaaS-ification. Drawing on this blend of practitioner insight and product leadership, he is passionate about building solutions that help organizations stay resilient in the face of change. Based in the New York metro area, he brings a practitioner’s perspective to product leadership, ensuring technology solves real-world challenges. Guest Quote "One of the most important things is testing your recoveries. In a disaster, when you do a recovery, you don't want it to be the first time that you're performing that recovery.” Time stamps 01:16 Meet Andrew Drag: Identity Resilience and Data Protection Expert 01:57 Why Traditional Data Protection Breaks Down 04:19 Modern Data Protection: From Backups to Resilience 05:47 The Hard Truth About Recovering After an Attack 08:43 Core Best Practices for Data Protection 10:32 Elevating Backup and Identity to Tier 0 13:23 Using Backup Data for AI and Analytics 16:22 Conclusion and Final Thoughts Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more. Links Connect with Andy on LinkedIn Learn more about Cohesity Connect with Sean on LinkedIn Don't miss future episodes Learn more about Semperis

    20 min
See All (93)

Ratings & Reviews

5
out of 5
4 Ratings

About

The HIP Podcast is the premier podcast for cybersecurity pros charged with defending hybrid identity environments. Hosted by 15-time Microsoft MVP and Active Directory security expert, Sean Deuby. Presented by Semperis: the pioneers of identity-driven cyber resilience for the hybrid enterprise.

Information

You Might Also Like