This episode is sponsored by HYPR. Visit hypr.com/idac to learn more.

In this episode from Authenticate 2025, Jim McDonald and Jeff Steadman are joined by Bojan Simic, Co-Founder and CEO of HYPR, for a sponsored discussion on the evolving landscape of identity and security.

Bojan shares his journey from software engineer to cybersecurity leader and dives into the core mission of HYPR: providing fast, consistent, and secure identity controls that complement existing investments. The conversation explores the major themes from the conference, including the push for passkey adoption at scale and the challenge of securely authenticating AI agents.

A key focus of the discussion is the concept of "Know Your Employee" (KYE) in a continuous manner, a critical strategy for today's remote and hybrid workforces. Bojan explains how the old paradigm of one-time verification is failing, especially in the face of sophisticated, AI-powered social engineering attacks like those used by Scattered Spider. They discuss the issue of "identity sprawl" across multiple IDPs and why consolidation isn't always the answer. Instead, Bojan advocates for a flexible, best-of-breed approach that provides a consistent authentication experience and leverages existing security tools.

Connect with Bojan: https://www.linkedin.com/in/bojansimic/

Learn more about HYPR: https://www.hypr.com/idac

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at idacpodcast.com

Chapter Timestamps:

00:00 - Introduction at Authenticate 2025

00:23 - Sponsored Episode Welcome: Bojan Simic, CEO of HYPR

01:11 - How Bojan Simic Got into Identity and Cybersecurity

02:10 - The Elevator Pitch for HYPR

04:03 - The Buzz at Authenticate 2025: Passkeys and Securing AI Agents

05:29 - The Trend of Continuous "Know Your Employee" (KYE)

07:33 - Is Your MFA Program Enough Anymore?

09:44 - Hackers Don't Break In, They Log In: The Scattered Spider Threat

11:19 - How AI is Scaling Social Engineering Attacks Globally

13:08 - When a Breach Happens, Who's on the Hook? IT, Security, or HR?

16:23 - What is the Right Solution for Identity Practitioners?

17:05 - The Critical Role of Internal Marketing for Technology Adoption

22:27 - The Problem with Identity Sprawl and the Fallacy of IDP Consolidation

25:47 - When is it Time to Move On From Your Existing Identity Tools?

28:16 - The Role of Document-Based Identity Verification in the Enterprise

32:31 - What Makes HYPR's Approach Unique?

35:33 - How Do You Measure the Success of an Identity Solution?

36:39 - HYPR's Philosophy: Never Leave a User Stranded

39:00 - Authentication as a Tier Zero, Always-On Capability

40:05 - Is Identity Part of Your Disaster Recovery Plan?

41:36 - From the Ring to the C-Suite: Bojan's Past as a Competitive Boxer

47:03 - How to Learn More About HYPR

Keywords:

IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Bojan Simic, HYPR, Passkeys, Know Your Employee, KYE, Continuous Identity, Identity Verification, Authenticate 2025, Phishing Resistant, Social Engineering, Scattered Spider, AI Security, Identity Sprawl, Passwordless Authentication, FIDO, MFA, IDP Consolidation, Zero Trust, Cybersecurity, IAM, Identity and Access Management, Enterprise Security

In this episode, Jim McDonald and Jeff Steadman are joined by Steve Rennick, Senior Leader for IAM Architecture at Ciena, for a wide-ranging discussion on the most pressing topics in identity today.

The conversation kicks off with a practical look at vendor demos, sharing best practices for cutting through the slideware and getting to the heart of a product's capabilities. From there, they dive deep into the complex world of Non-Human Identities (NHI). Steve shares his practitioner's perspective on why NHIs are such a hot topic, the challenges of managing them, and the risks they pose when left unchecked.

The discussion covers:

• Why traditional IAM approaches fail for non-human identities.
• The importance of visibility and creating a standardized process for NHI creation.
• The debate around terminology: NHI vs. machine identity vs. service accounts.
• The reasons for NHI's current prominence, including threat actors shifting focus away from MFA-protected human accounts.
• Practical, actionable advice for getting a handle on legacy service accounts.
• The emerging challenge of IAM for AI and the complexities of managing agentic AI.
• The critical role of authorization and the future of policy-based access control.

Whether you're struggling with service account sprawl, preparing for an AI-driven future, or just want to run more effective vendor demos, this episode is packed with valuable insights.

Connect with Steve: https://www.linkedin.com/in/steven-rennick/

ARIA (Agent Relationship-Based Identity & Authorization) LinkedIn Post from Patrick Parker: https://www.linkedin.com/posts/patrickparker_ai-agent-authorization-activity-7335265428774031360-braE/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

CHAPTER TIMESTAMPS:

00:00:10 - Introduction & The Art of the Vendor Demo

00:08:02 - Steve Rennick's Take on Vendor Demos

00:12:39 - Formal Introduction: Steve Rennick

00:14:45 - Recapping the Identiverse Squabble Game Show

00:17:22 - The Hot Topic of Non-Human Identities (NHI)

00:22:22 - Is NHI a Joke or a Serious Framework?

00:26:41 - The Controversy Around the Term "NHI"

00:30:24 - How to Simplify NHI for Practitioners

00:34:06 - First Steps for Getting a Handle on NHI

00:37:20 - Can Active Directory Be a System of Record for NHI?

00:45:08 - Why is NHI a Hot Topic Right Now?

00:51:19 - The Challenge of Cleaning Up Legacy NHIs

00:58:00 - IAM for AI: Managing a New Breed of Identity

01:03:33 - The Future is Authorization

01:06:22 - The Zero Standing Privilege Debate

01:10:39 - Favorite Dinosaurs and Outro

KEYWORDS:

NHI, Non-Human Identity, Machine Identity, Service Accounts, Vendor Demos, IAM for AI, Agentic AI, Authorization, Zero Trust, Zero Standing Privilege, Secrets Management, IAM Strategy, Cybersecurity, Identity and Access Management, Steve Rennick, Ciena, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

In this episode of the Identity at the Center podcast, Jim McDonald interviews Sebastian Rohr, the Chief Troublemaker at Umbrella Labs. They discuss the evolution of identity management, the challenges of digital identity, and the importance of national ID systems. Sebastian shares his personal journey into the identity field, the impact of digital identities on individuals, and the challenges faced in developing countries regarding identity verification. The conversation also touches on the role of AI in identity management, the importance of community in the identity space, and the cultural significance of German Unification Day.

Connect with Sebastian: https://www.linkedin.com/in/sebastianrohr/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Chapters

00:00 Introduction and Guest Introduction

05:13 Sebastian's Origin Story in Identity

11:00 The Evolution of Identity Verification

15:24 Challenges in Identity Verification Technology

20:13 The Importance of Birth Registration

26:58 Real-World Stories from Identity Management

32:30 Tips for Identity Practitioners

35:22 Finding the Right Balance in Digital Transformation

36:21 EUDI: The Future of Digital Identity

40:02 Addressing Bias in Identity Systems

44:11 The Impact of AI on Identity Management

52:20 The Rise of Identity Beer: Community and Connection

59:40 Celebrating German Unification Day

Keywords

identity, decentralized identity, digital identity, identity verification, national ID systems, AI in identity, identity management, global identity challenges, identity beer, German unification

In this episode of the Identity at the Center Podcast, Eve Maler, founder and CEO of Venn Factory joins host Jim McDonald. They discuss the significance of identity in the corporate world; detailing Eve's new book aimed at educating CEOs on the importance of treating identity as a strategic asset rather than mere infrastructure. They explore concepts like the evolving role of identity in security, the increasing risks posed by AI and cybersecurity threats, and the potential for organizational paralysis without proper identity management. Eve emphasizes the need for cross-functional focus and strategic ownership of identity functions within companies. The episode concludes with insights into public speaking and preparation, providing listeners with practical advice and industry insights.

Connect with Eve: https://www.linkedin.com/in/evemaler/

Chapters

00:00 Introduction and Guest Welcome00:32 The Story Behind 'Venn Factory'02:09 Eve Maler's Book for CEOs04:42 The Importance of Digital Identity10:53 AI and Its Impact on Executives17:25 Organizational Challenges in Identity Management23:49 The Role of Identity in Organizations24:44 Escaping Organizational Paralysis25:08 Valuing Identities in the Digital Age28:13 B2B Identity Dynamics35:21 The Rise of Identity Security42:32 Public Speaking Tips and Lighter Notes

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

This episode of the Identity at the Center podcast delves into the complex topic of death and the digital estate (DADE). Jim McDonald hosts Dean Saxe, Heather Flanagan, and Mike Kiser, who discuss the importance of planning for digital assets after death, the cultural implications of digital identity, and the evolving role of technology in managing these assets. They emphasize the need for individuals to take proactive steps in documenting their digital estate and the challenges posed by varying legal frameworks and cultural perspectives. The conversation also touches on the future of digital identity in the age of AI and the ethical considerations surrounding it.

Episode Links:

Death and the Digital Estate (DADE) Community Group: https://openid.net/cg/death-and-the-digital-estate/

Connect with Dean: https://www.linkedin.com/in/deanhsaxe/

Connect with Heather: https://www.linkedin.com/in/hlflanagan/

Connect with Mike: https://www.linkedin.com/in/mike-kiser/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Chapters

00:00 Introduction to Identity at the Center Podcast00:10 Introduction to the Death and Digital Estate (DADE) group03:07 The Role of Identity in Digital Estates06:01 Understanding Digital Estate and Its Components09:09 Community Groups vs. Working Groups in Standards11:59 The Importance of Digital Estate Management15:09 Cultural Perspectives on Digital Death18:12 Legal and Ethical Considerations in Digital Estates20:59 Future of Digital Estate Planning24:03 Conclusion and Call to Action31:33 Cultural Frameworks and Digital Estates35:12 The Importance of Protocols in Digital Estate Management39:30 Navigating Digital Wills and Estate Planning42:19 Challenges in Digital Recovery and Access45:18 Actionable Steps for Digital Estate Planning48:52 Personal Reflections on Digital Legacy50:57 The Future of Digital Remembrance54:25 Final Thoughts and Community Engagement

Keywords

digital estate, death, identity management, OpenID Foundation, digital assets, cultural perspectives, technology, legal considerations, AI, planning guide

This episode is sponsored by Hush Security. Visit hush.security/idac to learn more.

In this sponsored episode of Identity at the Center, hosts Jeff Steadman and Jim McDonald spotlight Hush Security, a company emerging from stealth with an innovative approach to machine identity and access management. CEO and co-founder Micha Rave explains why traditional secrets vaults can’t keep up with today’s scale, what it means to truly go “secrets-free,” and how Hush enables visibility, governance, and operability for modern and legacy environments alike.

Discover:

• The real difference between non-human identities and static keys
• Why legacy secrets management is breaking in the cloud and automation age
• Hush Security’s journey from stealth mode to active customers
• The business case for removing vaults (and the risks with “hope and prayer” key rotation)
• How to transition to policy-based access—and measurement metrics for success
• Fun discussions on pancakes vs. waffles in security leadership (really!)

Learn more about Hush Security and get a free environment assessment: hush.security/idac

Connect with Micha: https://www.linkedin.com/in/micharave/

Connect with IDAC on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at idacpodcast.com

#idac #identitymanagement #machineidentity #secretsmanagement #podcast #cybersecurity #JimMcDonald #JeffSteadman #HushSecurity #IdentityattheCenter

Chapters / Timestamps:

00:00 - Welcome and Introduction (Hosts: Jeff and Jim)

01:00 - Introducing Micha Rave and Hush Security

03:00 - Micha’s Background and the Hush Team’s Journey

06:00 - What Is Hush Security and Why Now?

09:00 - Leaving Stealth Mode: Patents and Novel Approaches

12:00 - What Makes Hush Special? Remediation vs. Visibility

15:00 - Vaults vs. Secrets-Free Approach & Industry Gaps

18:00 - Non-Human Identities: Static Keys, Secrets, and Access

22:00 - Solving Problems Beyond Cloud: Custom vs. Packaged Software

26:00 - The Scale of Machine Identity in the Cloud and Automation Age

29:00 - Why Secrets Management Is Breaking and the Case for Policy-Based Access

34:00 - From Scanning to Policy Enforcement: How Hush Works

39:00 - Metrics, Success, and Executive Buy-in for Modern IAM

43:00 - How to Get Started with Hush Security (Free Assessments)

46:00 - Micha’s Conference Plans and Final Thoughts

49:00 - Pancakes or Waffles?

Keywords:

IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Hush Security, machine identity, secrets management, secrets vault, IAM, cybersecurity, sponsored episode, non-human identities, policy-based access, vault elimination, cloud security, automation, zero trust, Micha Rave, podcast, identity management

In this episode of the Identity at the Center podcast, hosts Jeff and Jim dive into the concept of device identity within a Zero Trust framework. They are joined by Shea McGrew, CTO of Maricopa County Arizona, who provides insights into the importance of managing not just human but also device identities. The discussion explores the philosophical debate on whether machines can have identities, Zero Trust principles, and their application in a diverse and semi-autonomous organizational structure like that of the county government. Shea also shares her career journey, emphasizing the importance of curiosity, customer service, and continuous learning in IT. The episode wraps up with a light-hearted conversation on the never-ending pursuit of knowledge.

Connect with Shea: https://www.linkedin.com/in/shea-m-6b82a36/

Timestamps:

00:00 Introduction and Podcast Theme

00:17 Defining Identity in Cybersecurity

01:34 Debate: Can Non-Humans Have Identities?

01:57 Guest Introduction: Shea McGrew

04:15 Shea's Career Journey and Role as CTO

09:28 Challenges and Rewards of Being a CTO

11:41 Identity Strategy at Maricopa County

14:48 Device Identity and Zero Trust Architecture

29:56 Managed vs. Unmanaged Devices

40:15 Understanding the NIST Framework

42:52 Balancing Technology and People

43:58 Training and Partner Collaboration

48:03 Organizational Change Management

50:40 Future of Device Identity

54:40 Debating Machine Identity

01:06:36 Curiosity as an Olympic Sport

01:13:00 Conclusion and Final Thoughts

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Join Jeff Steadman and Jim McDonald for the September 2025 mailbag episode of Identity at the Center! This episode features listener questions from around the world about digital identity, trust, technology challenges, inclusion, biometrics, and even a candid discussion on air travel etiquette. Whether you're new to IAM or a veteran, you'll find practical advice and real stories. Plus, hear shout-outs to our global community and learn what’s coming up for the podcast team, including conferences and game shows. Don’t forget to leave your thoughts or questions in the comments—let’s keep the conversation going!

Chapter Timestamps:

00:00 - Intro & Community Shout-Outs

04:00 - Upcoming Conferences & Discount Codes

07:00 - What the Podcast Is All About

08:40 - Mailbag Intro: Listener Questions From Around the World

09:20 - Engaging IT with IAM Concepts (Matt in Maine)

13:20 - Building Trust in Digital Identity (Amara in India)

18:30 - Practical Challenges for Large Programs (Sophie in France)

25:45 - Digital Identity and the Unconnected (Jonas in Germany)

33:15 - Biometric Data & Security Pros/Cons (Rachel in Canada)

39:45 - Air Travel Etiquette: From Shoes Off to Elbow Room

48:10 - Outro & Thanks

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Keywords:

IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, mailbag, listener questions, digital identity, IAM, identity and access management, trust, technology inclusion, biometrics, air travel etiquette, conferences, community, YouTube, podcast, global audience, #idac

This episode is sponsored by SGNL. Visit sgnl.ai/idac to learn more.

In this sponsored episode of Identity at the Center podcast, hosts Jeff and Jim discuss hot trends in the identity space, focusing on continuous identity with their guest Erik Gustavson, co-founder and CPO at SGNL. Erik shares his journey into the IAM space, exploratory projects, the thought processes behind SGNL’s continuous identity solutions, and provides insights on how SGNL’s approach integrates with existing identity and security tools. He delves into trends such as the convergence of identity and security, the generational change in identity tech, and the practical use cases SGNL addresses. The episode concludes with a light-hearted conversation about the perfect meal for Jeff, reflecting Eric's passion for cooking.

Connect with Erik: https://www.linkedin.com/in/erikgustavson/

Learn more about SGNL: https://sgnl.ai/idac

Timestamps

00:00 Introduction and Episode Overview

00:36 Sponsor Spotlight: SGNL

01:10 Guest Introduction: Erik Gustavson

01:41 Eric's Journey into the IAM Space

05:47 Role of a Chief Product Officer

07:54 The Concept of Continuous Identity

20:26 Data Integration and Policy Enforcement

26:40 Target Audience for SGNL

29:42 Introduction to SGNL’s Ecosystem

30:13 Complementing Existing Systems

30:44 Challenges with Current Identity Solutions

33:27 New Trends in Authorization Management

34:09 Aligning with AMP and PBA

37:58 Use Cases and Real-World Applications

46:31 What Sets SGNL Apart

48:37 Future Trends in Identity and Security

52:35 A Lighter Note: Cooking and Personal Interests

58:32 Conclusion and Final Thoughts

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at idacpodcast.com

In this episode of the Identity at the Center podcast, Jeff and Jim discuss various aspects of identity access management (IAM) policies and the importance of having a solid foundation. They emphasize the need for automation, controls, and how IAM policies should be created without technology limitations in mind. The discussion also covers the implementation challenges and the evolving concept of identity verification. Jeff, Jim, and their guest, Nishant Kaushik, the new CTO at the FIDO Alliance, also delve into the issues surrounding the adoption of passkeys, highlighted by Rusty Deaton’s IDPro article, and address some common concerns about their security. Nishant offers insights into ongoing work at FIDO Alliance, the potential of digital identity, and the importance of community in the identity sector. The episode concludes with mentions of upcoming conferences and an homage to the late identity expert, Andrew Nash.

Timestamps

00:00 Introduction and Greetings

00:18 Importance of IAM Policies

01:36 Challenges in Policy Implementation

05:09 Conferences and Discount Codes

07:59 Introducing the Guest: Nishant Kaushik

08:42 The Role of the FIDO Alliance and Digital Identity

10:35 Concerns and Solutions for Passkeys

22:21 Final Thoughts on Passkeys and Authentication

29:48 Credential Security Concerns

30:03 FIDO Members and Their Contributions

30:38 Getting Involved in Working Groups

31:58 Conversations at Authenticate Conference

32:29 Evolution of the Authenticate Conference

34:32 Automotive Authentication Challenges

36:04 Community and Collaboration

38:33 Remembering Andrew Nash

41:41 Lightning Round: Current State of AI and Identity

44:21 Decentralized Identity: Current Trends

49:47 Non-Human Identity: Future Perspectives

52:19 New York Sports Fandom

54:33 Conclusion and Upcoming Events

Connect with Nishant: https://www.linkedin.com/in/nishantkaushik/

Learn more about the FIDO Alliance: https://fidoalliance.org/

IDPro Article by Rusty Deaton: https://idpro.org/blackhat-and-def-con-2025-thoughts/

Kill the Wallet? Rethinking the Metaphors Behind Digital Identity by Heather Flanagan: https://sphericalcowconsulting.com/2025/07/22/digital-wallet-metaphor/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com