EPISODE · Jun 17, 2026 · 27 MIN
From IT support to security's core: General Motors' identity story
from Identity Decoded | The Identity Security Podcast · host Silverfort
Andrew Cameron has over two decades at General Motors watching identity evolve from an IT function to the core of enterprise security. In this episode, he shares about that journey and explains why GM now treats identity as the control plane across an incredibly complex environment that includes factories, legacy OT systems, and robots on the plant floor. Andrew gets into the real tension between governing access upfront versus controlling it in real time, and why a one-time login event is never really enough. He and the hosts give a refreshingly grounded take on the difference between identity sitting in security and identity being part of security—and why closing that gap is critical. His two north stars to leave you thinking: kill standing privilege, and get rid of passwords wherever you can. Key Topics: 1. From IT support to security control plane, 20+ years at GM. 2. Beyond one-time auth: continuous verification and just-in-time access. 3. Identity Security on the factory floor: robots, legacy OT, and non-human identities. 4. Leadership, culture, and the economics of bringing identity into the security team. 🎧 Episode Highlights [02:00]: How GM went from countless passwords per employee to enterprise single sign-on. [05:44]: The moment identity stopped being an IT function and became a security control plane. [14:18]: The case for shrinking admin-time security and investing in runtime controls. [18:45]: Securing robots, legacy OT, and non-human identities on the factory floor. 🔑 Key Takeaways: ● Identity Security doesn't end at login. A user who authenticated eight hours ago might not be who they say they are right now. GM evolved toward real-time, event-based controls where every access request gets validated in the moment, not just at the front door. ● Zero standing privilege isn't a slogan, it's the destination. Most enterprises are sitting on years of accumulated, over-provisioned access that nobody fully cleaned up. The goal is making access ephemeral and just-in-time by default, which means investing less in periodic access reviews and more in runtime enforcement. ● OT, robots, and non-human identities are where identity programs hit their hardest wall. On the factory floor, modern identity protocols and MFA often simply don't work, and nobody's replacing a $2M machine for a security upgrade. The answer is applying the same core identity principles at scale through policy-based automation. 👤 Guest Spotlight: Andrew Cameron Andrew Cameron is a Distinguished Engineer of Identity and Cybersecurity at General Motors with over two decades of experience shaping how one of the world's largest automakers manages Identity Security. He started in infrastructure and directory services and has since built GM's identity function into a foundational security capability spanning corporate IT, manufacturing, and everything in between. Stay Connected: ● https://www.silverfort.com ● https://linkedin.com/in/rob-ainscough ● https://www.linkedin.com/in/roy-akerman ● https://www.linkedin.com/in/kandrewcameron
What this episode covers
Andrew Cameron has over two decades at General Motors watching identity evolve from an IT function to the core of enterprise security. In this episode, he shares about that journey and explains why GM now treats identity as the control plane across an incredibly complex environment that includes factories, legacy OT systems, and robots on the plant floor. Andrew gets into the real tension between governing access upfront versus controlling it in real time, and why a one-time login event is never really enough. He and the hosts give a refreshingly grounded take on the difference between identity sitting in security and identity being part of security—and why closing that gap is critical. His two north stars to leave you thinking: kill standing privilege, and get rid of passwords wherever you can. Key Topics: 1. From IT support to security control plane, 20+ years at GM. 2. Beyond one-time auth: continuous verification and just-in-time access. 3. Identity Security on the factory floor: robots, legacy OT, and non-human identities. 4. Leadership, culture, and the economics of bringing identity into the security team. 🎧 Episode Highlights [02:00]: How GM went from countless passwords per employee to enterprise single sign-on. [05:44]: The moment identity stopped being an IT function and became a security control plane. [14:18]: The case for shrinking admin-time security and investing in runtime controls. [18:45]: Securing robots, legacy OT, and non-human identities on the factory floor. 🔑 Key Takeaways: ● Identity Security doesn't end at login. A user who authenticated eight hours ago might not be who they say they are right now. GM evolved toward real-time, event-based controls where every access request gets validated in the moment, not just at the front door. ● Zero standing privilege isn't a slogan, it's the destination. Most enterprises are sitting on years of accumulated, over-provisioned access that nobody fully cleaned up. The goal is making access ephemeral and just-in-time by default, which means investing less in periodic access reviews and more in runtime enforcement. ● OT, robots, and non-human identities are where identity programs hit their hardest wall. On the factory floor, modern identity protocols and MFA often simply don't work, and nobody's replacing a $2M machine for a security upgrade. The answer is applying the same core identity principles at scale through policy-based automation. 👤 Guest Spotlight: Andrew Cameron Andrew Cameron is a Distinguished Engineer of Identity and Cybersecurity at General Motors with over two decades of experience shaping how one of the world's largest automakers manages Identity Security. He started in infrastructure and directory services and has since built GM's identity function into a foundational security capability spanning corporate IT, manufacturing, and everything in between. Stay Connected: ● https://www.silverfort.com ● https://linkedin.com/in/rob-ainscough ● https://www.linkedin.com/in/roy-akerman ● https://www.linkedin.com/in/kandrewcameron
NOW PLAYING
From IT support to security's core: General Motors' identity story
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m