Sign up to save your podcasts
Or
Share #420 - Sponsor Spotlight - GitGuardian
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
#420 - Sponsor Spotlight - GitGuardian
This episode is made possible by GitGuardian. Jeff speaks with Dwayne McDaniel, Principal Developer Advocate at GitGuardian, about secrets sprawl, non-human identity governance, and the findings of the State of Secret Sprawl 2026 report. With 28.6 million secrets leaked to public GitHub in 2025 - a 34% year-over-year increase - they explore why hardcoded credentials persist, how agentic AI tools are making the problem worse, and what IAM practitioners can do to start addressing machine identity governance. Topics include GitGuardian's Good Samaritan notification program, the growing NHI inventory challenge, SPIFFE and SPIRE as a path to zero standing privilege, and data showing Claude Code co-authored commits are more than twice as likely to contain leaked secrets. Visit gitguardian.com/lps/idac to learn more.
Connect with Dwayne: https://www.linkedin.com/in/dwaynemcdaniel/
Dwayne's website: https://dwayne-mcdaniel.com/
Learn more about GitGuardian: https://www.gitguardian.com/lps/idac
GitGuardian Good Samaritan Program (free) - https://www.gitguardian.com/good-samaritan
The State of Secrets Sprawl 2026: https://www.gitguardian.com/state-of-secrets-sprawl-report-2026
SPIFFE Book: https://spiffe.io/book/
Connect with us on LinkedIn:
Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/
Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/
Visit the show on the web at http://idacpodcast.com
TIMESTAMPS:
00:00 Introduction and sponsor welcome
00:48 Dwayne's background and path to developer advocacy
04:11 Surprises from entering the identity and security space
06:29 What a principal developer advocate actually does
09:32 Why secrets became Dwayne's focus area
14:10 GitGuardian: overview and mission
19:36 Where secrets commonly leak across the SDLC
22:17 The Good Samaritan notification program explained
28:00 Why 70% of leaked secrets from 2022 were still valid in 2025
33:54 State of Secret Sprawl 2026: the year software changed
40:39 AI coding tools, Claude Code, and secrets leakage data
47:28 Practical questions for IAM practitioners to start asking
52:24 Zero standing privilege and the case for SPIFFE/SPIRE
01:00:00 Resources: the SPIFFE book, WIMSE, and AWS STS
01:02:51 Hot sauce, the Cubs, and closing thoughts
KEYWORDS:
secrets sprawl, hardcoded secrets, non-human identity, NHI governance, GitGuardian, SPIFFE, SPIRE, workload identity, DevSecOps, agentic AI, Claude Code, zero standing privilege, supply chain security, credential abuse, identity and access management, IAM, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Dwayne McDaniel
View all episodes
By Identity at the Center
4.9
4040 ratings
This episode is made possible by GitGuardian. Jeff speaks with Dwayne McDaniel, Principal Developer Advocate at GitGuardian, about secrets sprawl, non-human identity governance, and the findings of the State of Secret Sprawl 2026 report. With 28.6 million secrets leaked to public GitHub in 2025 - a 34% year-over-year increase - they explore why hardcoded credentials persist, how agentic AI tools are making the problem worse, and what IAM practitioners can do to start addressing machine identity governance. Topics include GitGuardian's Good Samaritan notification program, the growing NHI inventory challenge, SPIFFE and SPIRE as a path to zero standing privilege, and data showing Claude Code co-authored commits are more than twice as likely to contain leaked secrets. Visit gitguardian.com/lps/idac to learn more.
Connect with Dwayne: https://www.linkedin.com/in/dwaynemcdaniel/
Dwayne's website: https://dwayne-mcdaniel.com/
Learn more about GitGuardian: https://www.gitguardian.com/lps/idac
GitGuardian Good Samaritan Program (free) - https://www.gitguardian.com/good-samaritan
The State of Secrets Sprawl 2026: https://www.gitguardian.com/state-of-secrets-sprawl-report-2026
SPIFFE Book: https://spiffe.io/book/
Connect with us on LinkedIn:
Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/
Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/
Visit the show on the web at http://idacpodcast.com
TIMESTAMPS:
00:00 Introduction and sponsor welcome
00:48 Dwayne's background and path to developer advocacy
04:11 Surprises from entering the identity and security space
06:29 What a principal developer advocate actually does
09:32 Why secrets became Dwayne's focus area
14:10 GitGuardian: overview and mission
19:36 Where secrets commonly leak across the SDLC
22:17 The Good Samaritan notification program explained
28:00 Why 70% of leaked secrets from 2022 were still valid in 2025
33:54 State of Secret Sprawl 2026: the year software changed
40:39 AI coding tools, Claude Code, and secrets leakage data
47:28 Practical questions for IAM practitioners to start asking
52:24 Zero standing privilege and the case for SPIFFE/SPIRE
01:00:00 Resources: the SPIFFE book, WIMSE, and AWS STS
01:02:51 Hot sauce, the Cubs, and closing thoughts
KEYWORDS:
secrets sprawl, hardcoded secrets, non-human identity, NHI governance, GitGuardian, SPIFFE, SPIRE, workload identity, DevSecOps, agentic AI, Claude Code, zero standing privilege, supply chain security, credential abuse, identity and access management, IAM, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Dwayne McDaniel
More shows like Identity at the Center
View all
Security Now (Audio)
2,011 Listeners
Risky Business
371 Listeners
HBR IdeaCast
154 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
CyberWire Daily
1,028 Listeners
The Diary Of A CEO with Steven Bartlett
8,876 Listeners
Darknet Diaries
8,077 Listeners
Hacking Humans
315 Listeners
All-In with Chamath, Jason, Sacks & Friedberg
10,254 Listeners
Cybersecurity Headlines
139 Listeners
The Ezra Klein Show
16,525 Listeners
Honestly with Bari Weiss
8,447 Listeners
The Rest Is Politics
3,858 Listeners
Rabona
4 Listeners
Fotballpodcasten Dødball
0 Listeners