Identity at the Center

Identity at the Center
  • 4.9 (40)
  • TECHNOLOGY
  • UPDATED WEEKLY

Identity at the Center is a weekly podcast all about identity security in the context of identity and access management (IAM). With decades of real-world IAM experience, hosts Jim McDonald and Jeff Steadman bring you conversations with news, topics, and guests from the identity management industry. Do you know who has access to what?

  1. DEC 17

    #392 - Identiverse DC - Majority Rules

    Join hosts Jeff Steadman and Jim McDonald for a special live episode recorded on location at Identiverse DC! In this interactive session, Jeff and Jim host a game of "Majority Rules," where the audience competes not to answer correctly, but to guess the most popular answer in the room. The game covers a wide range of topics, from the trivial (worst conference swag and the official uniform of an IAM architect) to the technical (securing API keys, the biggest bottlenecks in IGA, and the primary causes of role explosion). Things get intense halfway through with the introduction of the Battle Royale rules, where picking the minority answer sends a player's score back to zero. Watch to see who survives the explosions and takes home the grand prize. Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com Chapter Timestamps 00:00 Intro to Identity at the Center Live00:36 Explaining the Rules of Majority Rules04:25 Question 1: The Worst Conference Swag06:00 Question 2: Replying to Access Denied07:05 Question 3: AI in Identity Management08:40 Question 4: Favorite MFA Method10:12 Question 5: Least Favorite Auth Factor11:15 Turning up the Heat: Battle Royale Mode12:10 Question 6: Why RBAC is Difficult at Scale13:30 Question 7: The IAM Architect Uniform14:50 Question 8: Best Place to Hide a Secret16:15 Question 9: Protocols You Secretly Miss17:25 Question 10: Most Hated Specialized Key18:40 Question 11: Conference Responsibilities20:00 Question 12: Securing API Keys21:20 Question 13: Secrets to Surviving Keynotes22:55 Question 14: The Biggest Bottleneck in IGA24:45 Question 15: Causes of Role Explosion25:50 Question 16: What Breaks First After a Schema Update26:40 Final Question: Fastest Way to Confuse a User27:40 Crowning the Winner Keywords IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Identiverse, Identiverse DC, IAM, Identity and Access Management, Cybersecurity, InfoSec Game Show, Live Podcast, Majority Rules, MFA, IGA, API Security, RBAC, Role Explosion, Tech Humor, Cyberrisk Alliance

    29 min

  2. DEC 15

    #391 - Live from Identiverse DC with John DelMauro

    Jeff and Jim come to you live from the expo floor at Identiverse DC 2025. They are joined by John DelMauro, Executive Vice President at Cyber Risk Alliance, to discuss the energy of regional events and how they differ from the massive Las Vegas gatherings. The group discusses the current state of the identity industry, the inevitable presence of AI in both marketing and event planning, and the "Identity at the Center" game show that took place earlier in the conference. John provides an exclusive look ahead at what is being planned for Identiverse in Las Vegas, including a new algorithmic approach to one-on-one networking, expanded pavilions, and potentially even puppies. Finally, the conversation shifts to a fun hypothetical: if money and logistics were no object, what kind of conference would each of them launch? The answers range from health and longevity in Austin to a technology expo in Japan. Connect with John: https://www.linkedin.com/in/john-del-mauro/ Learn more about the CyberRisk Alliance: https://www.cyberriskalliance.com/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com Chapter Timestamps00:00 Introduction and vibes from Identiverse DC00:52 Recapping the Majority Rules game show02:00 Introducing John DelMauro from Cyber Risk Alliance03:59 What is Cyber Risk Alliance?05:25 The benefits of regional events vs. Las Vegas09:15 Current themes: AI dominating the conversation13:21 How AI helps in planning and researching events15:50 Previewing Identiverse Las Vegas 202517:10 The new one-on-one networking algorithm22:15 Breaking news: Puppies at the conference?24:45 Hypothetical: What dream conference would you host?27:45 Jim's take on a longevity conference29:18 Jeff's dream of a tech nerd-con31:00 Closing thoughts and wrap up KeywordsIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, John DelMauro, CyberRisk Alliance, Identiverse, Cybersecurity, Event Planning, Networking, InfoSec, AI in Events, Washington DC, Conference Trends

    33 min

  3. DEC 8

    #390 - Identity Management for Agentic AI with Tobin South

    In this episode of the Identity at the Center Podcast, hosts Jeff and Jim sit down with Tobin South, co-chair of the OpenID Foundation's AI Identity Management Community Group, to delve into the intricacies of identity management in the age of agentic AI. They discuss the challenges and solutions related to AI agents, the role of the Model Context Protocol (MCP), and the concept of recursive delegation and scope attenuation. Additionally, the conversation covers practical advice for developers and enterprises on preparing for AI-driven identity management and explores the cultural touchstone of coffee from various global perspectives. Connect with Tobin: https://www.linkedin.com/in/tobinsouth/ OpenID Foundation: https://openid.net/ Identity Management for Agentic AI (OpenID Whitepaper): https://openid.net/wp-content/uploads/2025/10/Identity-Management-for-Agentic-AI.pdf Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com Chapter Timestamps: 00:00 – Jeff and Jim banter about unopened iPads and conference season 05:55 – Introduction to Tobin South and his AI identity background 07:00 – How AI has evolved from machine learning to generative models 09:00 – The OpenID AI Identity Management Community Group 10:30 – ChatGPT’s impact on the AI perception shift 12:00 – Users vs. Agents: What’s the difference? 14:00 – Letting the right bots in: AI agents vs. bad bots 17:00 – AI impersonation, delegation, and the risk of shared credentials 20:00 – Impersonation vs. Delegation – what practitioners need to know 23:00 – Governance, oversight, and delegated authority for agents 26:00 – Liability and “who is responsible” in agentic systems 30:00 – How developers can prepare for agent identity and access management 32:00 – Explaining the Model Context Protocol (MCP) 36:00 – Enterprise use cases for MCP and internal automation 38:00 – Is MCP the next SAML? 42:00 – Recursive delegation and scope attenuation explained 46:00 – The one key takeaway for IAM professionals 48:00 – Lighter note: Coffee talk – from Sydney to San Francisco 54:00 – Wrap-up and where to find more IDAC content Keywords: IDAC, Identity at the Center, Jim McDonald, Jeff Steadman, Tobin South, OpenID Foundation, AI Identity Management, Agentic AI, Delegated Authority, Impersonation vs Delegation, Model Context Protocol (MCP), Recursive Delegation, Scope Attenuation, Identity Access Management, IAM, AI Governance, AI Standards, Enterprise AI, AI Agents, Identity Security

    56 min

  4. DEC 3

    #389 - Sponsor Spotlight - Aembit

    This episode is sponsored by Aembit. Visit aembit.io/idac to learn more. Jeff and Jim welcome David Goldschlag, CEO and Co-founder of Aembit, to discuss the rapidly evolving world of non-human access and workload identity. With the rise of AI agents in the enterprise, organizations face a critical challenge: how to secure software-to-software connections without relying on static, shared credentials. David shares his unique background, ranging from working on The Onion Router (Tor) at the Naval Research Lab to the DIVX rental system, and explains how those experiences inform his approach to identity today. The conversation covers the distinction between human and non-human access, the risks of using user credentials for AI agents, and why we must shift from managing secrets to managing access policies. This episode explores real-world use cases for AI agents in financial services and retail, the concept of hybrid versus autonomous agents, and practical advice for identity practitioners looking to get ahead of the agentic AI wave. Visit Aembit: https://aembit.io/idac Connect with David: https://www.linkedin.com/in/davidgoldschlag Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com Timestamps 00:00 - Intro00:51 - Pronunciation of Aembit and the extra 'E'01:56 - David's background: From NSA to Enterprise Security04:58 - The meaning behind the name Aembit06:00 - David's history with The Onion Router (Tor)10:00 - Differentiating Non-Human Access from Workforce IAM11:39 - The security risks of AI Agents using human credentials14:15 - Manage Access, Not Secrets16:00 - Use Cases: Financial Analysts and Retail24:00 - Hybrid Agents vs. Autonomous Agents30:38 - Will we have agentic versions of ourselves?36:45 - How Identity Practitioners can handle the AI wave38:33 - Measuring success and ROI for workload identity43:20 - A blast from the past: DIVX and Circuit City52:15 - Closing Keywords IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Aembit, David Goldschlag, Non-human access, Workload Identity, AI Agents, Machine Identity, Cybersecurity, IAM, InfoSec, Tor, DIVX, Zero Trust, Secrets Management, Authentication, Authorization

    54 min

  5. DEC 1

    #388 - Fraud Reduction Intelligence Platforms with John Tolbert

    In this episode of The Identity at the Center Podcast, hosts Jim McDonald and Jeff Steadman catch up with John Tolbert, Director of Cybersecurity Research at KuppingerCole Analysts, to talk about the rapidly evolving world of Fraud Reduction Intelligence Platforms (FRIP). They explore: The six capabilities of modern fraud reduction systemsHow AI and machine learning are both helping and hurting fraud preventionWhy shared signals and orchestration are critical for financial and e-commerce use casesHow identity verification, device intelligence, and behavioral biometrics work togetherThe role of usability and integration in FRI adoptionPlus, stick around for a fun discussion about concerts, classic rock, and which legendary bands they wish they’d seen live. Listen now to learn how identity, fraud, and AI are colliding — and what’s next for fraud intelligence. Connect with John: https://www.linkedin.com/in/john-tolbert/ Fraud Reduction Intelligence Platforms - Finance (KuppingerCole Report): https://www.kuppingercole.com/research/lc80841/fraud-reduction-intelligence-platforms-finance Fraud Reduction Intelligence Platforms - eCommerce (KuppingerCole Report): https://www.kuppingercole.com/research/bc81030/fraud-reduction-intelligence-platforms-ecommerce Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com Chapter Timestamps: 00:00 – Jim’s passwordless rant and setup woes 05:00 – Introducing guest John Tolbert 06:30 – Catching up: four years since John’s last appearance 07:30 – What is CIAM and how has it evolved? 09:30 – Understanding Fraud Reduction Intelligence Platforms (FRIP) 10:00 – The six core capabilities of FRI solutions 13:00 – Are most vendors point solutions or full platforms? 14:00 – How identity verification is improving 16:00 – SaaS and API-driven fraud detection models 18:00 – What kinds of fraud can (and can’t) FRI prevent? 21:00 – The growing problem of bots and automation 22:00 – Fraud trends in finance: scams, account takeovers, and synthetic identities 25:00 – Information sharing and the role of shared signals 28:00 – Collaboration vs. competition in fraud prevention 31:00 – Fraud in e-commerce: bots, loyalty points, and returns abuse 34:00 – Streaming and citizen fraud use cases 36:00 – Where do FRI capabilities fit within IAM platforms? 43:00 – The importance of orchestration and integration 44:30 – The role of AI and ML in fraud prevention 47:30 – Smart questions for evaluating FRI vendors 50:30 – Concert talk: Pink Floyd, Metallica, and the ones that got away 58:00 – Wrap-up and where to find John Tolbert’s reports Keywords: Fraud Reduction Intelligence, FRI Platforms, John Tolbert, KuppingerCole, Identity at the Center, IDAC, IAM, CIAM, Cybersecurity Research, Fraud Prevention, Machine Learning, Artificial Intelligence, Behavioral Biometrics, Device Intelligence, Identity Verification, Risk Orchestration, API Security, Financial Fraud, E-Commerce Fraud, Shared Signals, Jim McDonald, Jeff Steadman, IDAC Podcast

    59 min

  6. NOV 24

    #387 - InfoSec World 2025 - Trust, Transparency, and Technology: Building Better MSP Partnerships

    Jim McDonald and Jeff Steadman sit down with Mike Reiring of RSM at InfoSec World 2025 to explore how managed service providers are reshaping IT and identity operations. They dig into the differences between MSPs and MSSPs, how to choose the right partner, and how AI is transforming help desks, problem management, and security monitoring. The conversation closes with a fun dive into Mike’s passion for photography and how creativity ties into continuous learning in tech. Connect with Mike: https://www.linkedin.com/in/mreiring/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com Chapters 00:00 Intro – Live from InfoSec World 2025 02:00 Meet Mike Reiring of RSM 04:30 Evolution of Managed Service Providers 06:30 Shared Accounts, Identity, and Security Maturity 09:00 Vendor Gaps and Federated Access Challenges 11:30 What Makes a Good MSP Partner 13:00 The Cost and Effort of Changing Providers 16:30 MSP vs MSSP – Key Differences 18:30 Coordination Between Managed Providers 21:30 Top 3 Questions to Ask Your MSP 25:00 Identity Ownership: IT or Security? 27:30 Licensing, Active Directory, and Hidden Accounts 30:00 RFP Challenges and Procurement Pitfalls 32:00 Measuring Risk and Reducing Identity Exposure 34:30 Vendor Management and Shadow IT Risks 35:00 How AI Is Transforming MSP and MSSP Operations 38:30 AI, Problem Management, and the Future of Help Desks 42:30 Photography, Creativity, and Continuous Learning 48:00 Closing Thoughts and IDAC Outro Keywords IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Mike Reiring, RSM, InfoSec World 2025, Managed Service Provider, MSP, MSSP, AI in Cybersecurity, Help Desk, Identity Management, Managed Identity, Partner Transparency, IT Outsourcing, Risk Reduction, Problem Management, Active Directory, DaVinci Resolve, Photography in Tech, Identity Governance, Cybersecurity Podcast

    50 min

  7. NOV 17

    #386 - InfoSec World 2025 - CISO Tradecraft for IAM

    In this episode of the Identity at the Center podcast, hosts Jeff and Jim broadcast from InfoSec World 2025, sharing lively discussions on identity management, AI security, and identity's evolving role in information security. They are joined by Ross Young and G Mark Hardy, co-hosts of the CISO Tradecraft podcast, who share their journeys into cybersecurity, illuminating how identity intersects with cybersecurity topics like deep fakes, AI implications, and non-human identities. The conversation also covers practical advice for securing budget approvals for identity projects and speculations on the role of AI in cybersecurity's future. The episode wraps up with each guest sharing personal ideas for potential new podcast ventures. The CISO Tradecraft podcast: CISOTradecraft.com Connect with Ross: https://www.linkedin.com/in/mrrossyoung/ Connect with G Mark: https://www.linkedin.com/in/gmarkhardy/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com Chapters 00:00 Introduction and Welcome 00:16 Live from InfoSec World 2025 00:52 Shoutouts and Day Jobs 01:37 Meeting Ross and G Mark from the CISO Tradecraft podcast 02:22 Ross's Journey into Cybersecurity 04:24 G Mark's Cybersecurity Career Path 07:44 Top Concerns for CISOs Today 09:53 The Role of Identity in Cybersecurity 16:18 Challenges and Trends in Identity Management 24:33 Pitching Identity Projects to CISOs 32:21 The Role of AI in Automating SOC Operations 33:23 AI's Impact on Developer Efficiency 35:48 The Future of AI-Assisted Coding 37:42 Challenges and Opportunities in AI and Cybersecurity 39:46 The Importance of Human Expertise in AI Development 48:17 The Role of Identity in Information Security 49:44 Introduction to CISO Tradecraft Podcast 55:24 Podcasting Tips and Personal Interests 01:00:48 Conclusion and Final Thoughts Keywords: Identity at the Center, IDAC, CISO Tradecraft, InfoSec World 2025, cybersecurity leadership, identity security, IAM, AI security, Jeff Steadman, Jim McDonald, Ross Young, G. Mark Hardy, InfoSec, CISOs, cyber career development, non-human identity, deepfakes, security automation

    1h 2m

  8. NOV 13

    #385 - Sponsor Spotlight - Nexis

    This episode is sponsored by Nexis. Visit nexis-secure.com/idac to learn more. In this sponsored episode of *Identity at the Center*, host Jim McDonald sits down with Dr. Heiko Klarl, CEO of Nexis, to explore how the company is advancing authorization governance for modern enterprises. Dr. Klarl explains how Nexis builds visibility and control across fragmented identity landscapes and why “better together” is the right strategy for enterprises with multiple IAM systems. They discuss the emerging Identity Visibility and Intelligence Platform (IVIP) category, the value of automation and remediation in governance, Nexis’s unique “health check” service, and their ISPM capability that helps clients identify unnecessary access—and even save on software licensing. Learn how Nexis integrates with IGA and PAM tools, streamlines application onboarding, and helps customers measure the real business impact of their identity programs. Connect with Heiko: https://www.linkedin.com/in/heiko-klarl/ More about Nexis: https://nexis-secure.com/idac Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com Chapters 00:00 Introduction and Sponsor Message 00:42 Meet Dr. Heiko Klarl, CEO of Nexis 01:29 Dr. Klarl's Journey into Identity and Access Management 03:09 What Does Nexis Do? 05:00 Challenges in Authorization Governance 06:43 The Importance of Visibility in Identity Systems 08:23 Nexis' Role in Enhancing Existing IAM Investments 10:05 The Concept of IVIP and Its Relevance 21:48 Nexis Platform Capabilities 23:24 The Health Check: A Deep Dive 27:22 Understanding Health Check Costs 28:27 Exploring ISPM and License Management 32:09 How Nexis Integrates with IGA Systems 34:11 Application Onboarding and Compliance 36:38 Measuring Value and Success with Nexis 43:10 Global Reach and Market Focus 45:02 Connecting at Conferences 46:49 Visiting Germany: Recommendations and Insights 50:17 Final Thoughts and Resources Keywords IDAC, Identity at the Center, Jim McDonald, Jeff Steadman, Dr. Heiko Klarl, Nexis, Nexis Secure, NEXIS 4, authorization governance, role mining, role management, IGA, IAM, IVIP, Identity Visibility and Intelligence Platform, access certification, remediation automation, health check, ISPM, Identity Security Posture Management, license management, enterprise identity, compliance, visibility, identity governance, access review, Gartner IAM, EIC, KuppingerCole

    53 min
See All (392)

4.9
out of 5
40 Ratings

About

Identity at the Center is a weekly podcast all about identity security in the context of identity and access management (IAM). With decades of real-world IAM experience, hosts Jim McDonald and Jeff Steadman bring you conversations with news, topics, and guests from the identity management industry. Do you know who has access to what?

Information

  • Creator
    Identity at the Center
  • Years Active
    2019 - 2025
  • Episodes
    392
  • Rating
    Clean
  • Copyright
    © 771327
  • Show Website
    Identity at the Center

You Might Also Like