Identity at the Center

Simon Moffatt, founder and analyst at The Cyber Hut and co-host of The Analyst Brief podcast, returns to Identity at the Center for a wide-ranging conversation about the strategic evolution of identity security. Simon shares an update on his second book, IAM at 2035, which explores where identity is heading over the next decade. The discussion covers why identity has shifted from a back office function to a strategic business enabler, driven by the convergence of cloud, zero trust, and expanding digital ecosystems.Jim and Jeff dig into how organizations can measure their identity security posture, and Simon introduces his Identity Security Scorecard, a framework of 50-plus data points covering visibility, protection, detection, and response. The conversation shifts to the identity attack lifecycle, where Simon explains why organizations need to move beyond log-based forensics and toward real-time detection and response before attacks complete.The group also explores how non-identity data signals, like CAEP and shared signals frameworks, are critical to building a fuller picture of risk. The final segment tackles agentic AI and its implications for identity, including the argument that agentic identities may represent a third identity type distinct from both human and machine. Simon makes the case that AI adoption is outpacing identity and security innovation, creating a widening gap that the industry must address through governance, accountability, and new architectural patterns.

Connect with Simon: https://www.linkedin.com/in/simonmoffatt/
The Analyst Brief Podcast: https://www.thecyberhut.com/podcast/

Connect with us on LinkedIn:
Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/
Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/
Visit the show on the web at http://idacpodcast.com

Timestamps00:00 Introduction and conference discount codes02:29 Simon Moffatt returns to the show03:58 Update on the IAM at 2035 book07:25 The Analyst Brief podcast and covering identity trends08:44 Identity shifts from back office to strategic priority11:47 The compliance trap and reactionary identity management14:25 Customer identity transparency influencing workforce identity16:52 Defining identity security across 80-plus vendors20:11 Products alone do not solve identity security21:14 Thinking like an attacker about identity flows23:23 Red flags in an organization's identity posture25:43 The identity security scorecard and measuring risk29:27 Avoiding FUD when presenting identity risk to the board32:34 The identity attack lifecycle explained36:53 Building the mindset for real-time detection and response37:41 CAEP, shared signals, and non-identity data sources40:10 Identity as a 24/7 security operations function43:24 Agentic AI drops like a nuclear explosion on identity46:49 The widening gap between AI adoption and identity security47:51 Is agentic identity a third identity type?50:47 What needs to change to address the agentic identity explosion53:24 Will AI shake the core of enterprise IT?57:24 AI may be the only thing that can secure AI58:04 Travel tips for EIC Berlin and European conferences01:02:45 Wrapping up

Keywordsidentity security, identity attack lifecycle, identity attack paths, agentic AI, agentic identity, non-human identity, NHI, identity security scorecard, zero trust, CAEP, shared signals framework, identity governance, identity strategy, IAM, identity posture, Simon Moffatt, The Cyber Hut, The Analyst Brief, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

In this episode of Identity at the Center, hosts Jeff and Jim dive into the details of the Shared Signals Framework (SSF) and Continuous Access Evaluation Profile (CAEP), with special guest Atul Tulshibagwale, the CTO of Signal. The trio discusses the complexities and applications of these identity security standards, recent adoption by major tech companies, and how they are transforming the approach towards identity and access management. Atul also shares exciting news about Signal's impending acquisition by CrowdStrike and reflects on a recent safari trip in Kenya. Tune in to learn about the evolution of identity security and the future of SSF and CAEP.

Connect with Atul: https://www.linkedin.com/in/tulshi/
Learn more about the Artificial Intelligence Identity Management Community Group: https://openid.net/cg/artificial-intelligence-identity-management-community-group/
Learn more about SSF and CAEP:
https://openid.net/how-authzen-and-shared-signals-caep-complement-each-other/
https://sgnl.ai/whitepaper/caep-best-practices/
https://caep.dev/
https://youtu.be/qakOw0g2mZ8?si=p8z9imn7x-HhLdcV
https://www.youtube.com/live/e64YiAmGmf4?si=QPKDg2Jm9oSZmbhZ
http://sharedsignals.guide/

Connect with us on LinkedIn:
Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/
Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/
Visit the show on the web at http://idacpodcast.com

Timestamps:
00:00 Introduction and Episode Milestone
00:17 Challenges with Installing Molt Bot
02:32 MoltBook and AI Agents
03:21 Jim's Perspective on AI Assistants
09:24 Conferences and Networking
10:10 Introduction to Shared Signals and CAEP
13:03 CrowdStrike Acquisition of Signal
14:03 AI Identity Management Community
16:59 Shared Signals Framework and CAEP Explained
30:03 Final Version of CAEP and Shared Signals Released
30:35 Adoption by Major Technology Providers
32:49 Benefits of Implementing Shared Signals
36:32 Future of SSF and CAEP
40:51 Certification Program for Shared Signals
52:48 Real-World Safari Adventure
01:00:34 Conclusion and Final Thoughts

Keywords:
IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Atul Tulshibagwale, Shared Signals Framework, SSF, CAEP, Continuous Access Evaluation Profile, OpenID Foundation, CrowdStrike, SGNL AI Identity, Agentic Identity, AuthZEN, Risk, Identity Security, IAM, Podcast

This episode is sponsored by PlainID. Visit plainid.com/idac to learn more.
In this sponsored episode, Jim McDonald and Jeff Steadman talk with Gal Helemski, CTO and co-founder of PlainID, about the evolving landscape of authorization. The conversation covers the transition from traditional roles and attributes to a modern policy-based access control (PBAC) approach. Gal explains how PlainID helps organizations centralize authorization logic, improve security posture, and simplify the management of access across complex hybrid and multi-cloud environments. The discussion also touches on the importance of visibility into who has access to what and the role of standards like Cedar and Rego in the future of authorization.

Connect with Gal: https://www.linkedin.com/in/gal-helemski-b9542231/Learn more about PlainID: plainid.com/idac
Connect with us on LinkedIn:
Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/
Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/
Visit the show on the web at idacpodcast.com

Timestamps:
00:00 Introduction to the Sponsor Spotlight
02:15 Meet Gal Helemski from PlainID
05:30 The shift from RBAC to PBAC
10:45 Challenges with traditional authorization methods
15:20 How PlainID centralizes authorization logic
22:10 Integrating with existing identity providers
28:45 The role of visibility and auditing in authorization
35:30 Discussion on authorization standards: Cedar and Rego
42:15 Future trends in identity and access management
50:00 Final thoughts and where to learn more

Keywords:
IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, PlainID, Authorization, Policy-Based Access Control, PBAC, RBAC, Cybersecurity, IAM, Access Management, Gal Helemski, Identity Security

In this milestone episode of Identity at the Center, Jeff and Jim celebrate 400 episodes and reflect on their journey over the past six and a half years. They discuss the podcast’s evolution, from its early days focusing on strategy and framework to recent themes like cloud identity, governance, and AI-driven technologies. Jim shares his New Year's resolution of writing a book about identity, blending practitioner stories with educational elements, and utilizing AI tools. The duo also highlights significant trends in identity and access management, including frictionless authentication and privilege access management. They look forward to the future of identity within an AI-driven landscape, urging listeners to adapt to technological advancements. Tune in for insights, reflections, and their plans for continuing to grow the podcast.

Connect with us on LinkedIn:
Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/
Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/
Visit the show on the web at http://idacpodcast.com

Timestamps
00:00 Welcome and Milestone Celebration00:44 Reflecting on the Podcast Journey01:27 Jim's New Year's Resolution: Writing a Book05:16 Using AI in the Writing Process09:34 Podcast Growth and Listener Support13:08 Remembering Luis Almeida16:59 Conference Highlights and Discount Codes19:05 Lessons Learned from Podcasting29:01 The Evolution of the Podcast36:01 Pandemic Disruptions and Podcast Challenges36:30 Funny Moments and Swearing on the Show37:24 Identity Management Trends in 202039:20 Cloud Identity and Certifications in 202141:54 Governance and Compliance in 202244:23 Security Convergence and Milestones in 202351:07 Privilege Access Management in 202455:15 Frictionless Authentication in 202558:20 AI and the Future of Identity in 202601:09:00 Reflections and Gratitude

Keywords:
IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, IAM, podcast, cybersecurity, digital identity, AI, agentic identity, PAM, IGA, cloud security, passkeys, professional development, IDPro, identity governance

Jim McDonald is joined by Jeff Margolies, Chief Product and Strategy Officer at Saviynt, to discuss the intersection of artificial intelligence and identity security. Jeff shares his decades of experience in the industry, from building the IAM practice at Accenture to his current leadership role at Saviynt. The conversation covers how AI is making manually intensive identity tasks more efficient, the emergence of Identity Security Posture Management (ISPM), and the critical need to govern identities for AI agents. Jeff also provides his perspective on the future of the identity practitioner and why he remains an optimist in a rapidly changing technological landscape.

Connect with Jeff Margolies on LinkedIn: https://www.linkedin.com/in/jmargolies/

Connect with us on LinkedIn:
Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/
Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/
Visit the show on the web at http://idacpodcast.com

Timestamps:
00:00:00 - Introduction and Gartner Identity Conference Recap
00:02:11 - Jeff Margolies' Career Journey in Identity and Security
00:04:36 - Returning to Identity and Joining Saviynt
00:06:13 - How AI is Impacting Identity Security and Governance
00:09:56 - The Future of Identity Services in an AI World
00:13:58 - Will AI Disrupt the SaaS Model for Identity?
00:19:50 - The Impact of AI on the Identity Practitioner Job Market
00:26:16 - Identity for AI: Governing Agents and Delegated Authority
00:32:00 - Combating Deepfakes and Proving What is Real
00:34:40 - The Rise of Identity Security Posture Management (ISPM)
00:41:46 - Comparing Posture Management and ITDR
00:44:17 - Advice for CISOs: Why Posture Should Come First
00:49:35 - The Secret to Saviynt's Success and Future Outlook
00:52:19 - Lighter Note: Why Jeff Chose a Tesla for His Daughter

Keywords:
IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Jeff Margolies, Saviynt, IAM, Identity and Access Management, AI, Artificial Intelligence, ISPM, ITDR, Cybersecurity, Identity Governance, SaaS, IGA