Identity Decoded | The Identity Security Podcast podcast artwork

PODCAST · technology

Identity Decoded | The Identity Security Podcast

The only podcast where identity and security finally sit down together for a conversation that’s long overdue. Defining what Identity Security should look like is harder than it sounds, so let’s skip the buzzwords and vendor pitches and get straight to honest conversations with people like you doing the work. From the role identity plays in incident response to programmatically getting rid of AD tech debt or finally achieving least privilege, expect candid conversations about what's actually working, what's broken, and what's next. Tune in as leaders from every discipline unpack the tensions, tradeoffs, and lessons learned from building Identity Security programs in the real world. A Silverfort production hosted by Roy Akerman and Rob Ainscough, new episodes drop every two weeks.

Publisher-supplied feed metadata · PodParley refreshed Jun 4, 2026 · Source feed

  1. 2

    Beyond the vault: Why AI agents force us to rethink Privileged Access Management (PAM)

    Rohit Agnihotri has spent nearly two decades helping organizations rethink identity, building and leading IAM programs and advising executives on strategy. He's also the founder and host of the widely listened to Identity Navigator podcast. In this episode of Identity Decoded, he joins Roy Akerman and Rob Ainscough to make the case that traditional, vaulting-first privileged access management is dead, and to unpack what's replacing it. Rohit walks through why the old "vault everything" model breaks down under the sheer volume of machine identities, why standing privileges are one of the biggest attack vectors in the enterprise, and why organizations are shifting from vaulting to just-in-time access and, ultimately, zero standing privileges. The conversation turns to agentic AI, where Rohit introduces his own "Identity Uncertainty Principle": as an agent's autonomy increases, certainty about whether it's still the same agent you started with decreases. Together, they explore what that means for privilege, behavioral analytics, and why every autonomous agent needs a kill switch. Key Topics 1. Why the old, vaulting-first model of PAM is dead 2. Moving from vaulting to just-in-time access to zero standing privileges 3. The Identity Uncertainty Principle: why more autonomous agents are less certain 4. Why every agentic AI identity needs a kill switch, not just a session timeout 🎧 Episode Highlights [01:37]: Rohit's identity journey, from backend developer to IAM leader [03:27]: Why the traditional, vaulting-first PAM model is dead [07:57]: The rise of the authorization plane, and why brokered access is the future [14:21]: Introducing the Identity Uncertainty Principle for agentic AI [21:37]: Why agentic AI security can't be session-based, and the case for a kill switch [26:33]: Rapid-fire round: identity myths, hard truths, and the most over hyped term in the industry 🔑 Key Takeaways: ● Vaulting credentials doesn't scale to machine identities. With machine identities projected to outnumber human ones by as much as 82ish to1 or more, vaulting every credential becomes too expensive to license, too static for identities that spin up and disappear, and too painful to review. Organizations are moving from vaulting to just-in-time access, and ultimately toward zero standing privileges. ● "What identities are privileged?" is becoming the wrong question to ask. Every organization defines privilege differently, and that inconsistency breaks down further with AI agents. Rather than asking how privileged an identity is, security teams are better served asking how much freedom it has to act, and what outcomes and risks that freedom creates. ● The more autonomous agents are, by definition, the less predictable they are, too. Rohit's Identity Uncertainty Principle holds that as an agent's autonomy increases, certainty about whether it's still behaving as originally intended decreases. Because agents can chain tools and pathways in ways no one anticipated, and carry none of the guilt, shame, or job-related restraint that shapes human behavior, security teams need dynamic risk scoring, behavioral analytics built for agents rather than humans, and a kill switch that can act in real time, not just at the end of a session. 👤 Guest Spotlight: Rohit Agnihotri Rohit Agnihotri has spent nearly two decades turning identity and access management from a technical function into a strategic business lever. His path into identity began early in his career writing back-end code, before a move to a startup introduced him to single sign-on and identity federation — and he's been leaning into the discipline ever since. He has led IAM from every angle, as a developer, architect, consultant, and executive, building and leading global teams at organizations including Northwestern Mutual, KPMG, and Cyberinc across IGA, PAM, cloud identity, and Zero Trust transformation. Today, CISOs and business leaders trust him to drive enterprise-wide IAM strategy, align identity with cloud modernization and M&A, and build high-performance teams and future-proof operating models. He's also known across the industry for challenging conventional thinking on privileged access management and identity for agentic AI, including his own "Identity Uncertainty Principle," and is the founder and host of the widely listened to Identity Navigator podcast. Stay Connected: ● ⁠https://www.silverfort.com⁠ ● ⁠https://linkedin.com/in/rob-ainscough ⁠ ● ⁠https://www.linkedin.com/in/roy-akerman⁠ ● ⁠https://www.linkedin.com/in/rohit-agnihotri

  2. 1

    Attackers are only as powerful as their permissions: Identity Security lessons from inside Mandiant

    Episode Summary: Chris Linklater from Mandiant has spent his career helping organizations respond to cyber incidents, recover from breaches, and strengthen their security foundations. In this episode of Identity Decoded, he joins Roy Akerman and Rob Ainscough to unpack why identity has become one of the most common paths attackers use to gain access, move laterally, and exfiltrate data. Drawing from real-world incident response engagements, Chris explains why organizations often focus too narrowly on privileged accounts while overlooking the risks posed by everyday users, delegated permissions, and poorly governed group memberships. Together, they explore the growing importance of identity segmentation, asset visibility, and modernization, as well as why security teams need a deeper understanding of both human and non-human identities. Key Topics: 1. Attackers aren't breaking in, they're logging in 2. You can't protect what you don't understand: identities, assets, and dependencies 3. The hidden risks of delegated access and group sprawl 4. Modernizing identity for an AI-accelerated threat landscape 🎧 Episode Highlights [04:41]: Why attackers are increasingly "just logging in" [11:54]: The challenge of containing breaches without disrupting the business [17:20]: Why identity segmentation is as important as network segmentation [18:08]: The hidden risks of delegated access and group management [27:39]: What every organization should learn from a compromised user account 🔑 Key Takeaways: ● Most breaches begin with identity, not sophisticated malware. Attackers increasingly gain access through stolen credentials, phishing, and vishing, making legitimate logins one of the most common entry points into an organization. Securing identity is no longer just an IAM concern, it's a core security priority. ● Visibility determines how effectively an organization can respond to an incident. Teams that understand their identities, assets, permissions, and business dependencies can contain threats more surgically and recover faster. You can't protect what you don't know exists. ● Organizations spend a lot of time protecting privileged accounts, but ordinary users often present just as much risk. A compromised non-privileged account can still expose sensitive data, enable lateral movement, or create a path to escalation. Understanding what a regular user can access is one of the most valuable security exercises a company can undertake. 👤 Guest Spotlight: Chris Linklater Chris Linklater is a cybersecurity leader at Mandiant (part of Google Cloud) with deep experience helping organizations detect, investigate, and respond to some of the world's most complex cyber threats. Over the course of his career, he has worked at the intersection of incident response, threat intelligence, and security operations, advising enterprises on how to strengthen their defenses against an increasingly sophisticated threat landscape. Today, he helps organizations translate frontline threat insights into practical strategies for resilience and security transformation. Stay Connected: ● https://www.silverfort.com ● https://linkedin.com/in/rob-ainscough ● https://www.linkedin.com/in/roy-akerman ● linkedin.com/in/chris-linklater-0323729

  3. 0

    From IT support to security's core: General Motors' identity story

    Andrew Cameron has over two decades at General Motors watching identity evolve from an IT function to the core of enterprise security. In this episode, he shares about that journey and explains why GM now treats identity as the control plane across an incredibly complex environment that includes factories, legacy OT systems, and robots on the plant floor. Andrew gets into the real tension between governing access upfront versus controlling it in real time, and why a one-time login event is never really enough. He and the hosts give a refreshingly grounded take on the difference between identity sitting in security and identity being part of security—and why closing that gap is critical. His two north stars to leave you thinking: kill standing privilege, and get rid of passwords wherever you can. Key Topics: 1. From IT support to security control plane, 20+ years at GM. 2. Beyond one-time auth: continuous verification and just-in-time access. 3. Identity Security on the factory floor: robots, legacy OT, and non-human identities. 4. Leadership, culture, and the economics of bringing identity into the security team. 🎧 Episode Highlights [02:00]: How GM went from countless passwords per employee to enterprise single sign-on. [05:44]: The moment identity stopped being an IT function and became a security control plane. [14:18]: The case for shrinking admin-time security and investing in runtime controls. [18:45]: Securing robots, legacy OT, and non-human identities on the factory floor. 🔑 Key Takeaways: ● Identity Security doesn't end at login. A user who authenticated eight hours ago might not be who they say they are right now. GM evolved toward real-time, event-based controls where every access request gets validated in the moment, not just at the front door. ● Zero standing privilege isn't a slogan, it's the destination. Most enterprises are sitting on years of accumulated, over-provisioned access that nobody fully cleaned up. The goal is making access ephemeral and just-in-time by default, which means investing less in periodic access reviews and more in runtime enforcement. ● OT, robots, and non-human identities are where identity programs hit their hardest wall. On the factory floor, modern identity protocols and MFA often simply don't work, and nobody's replacing a $2M machine for a security upgrade. The answer is applying the same core identity principles at scale through policy-based automation. 👤 Guest Spotlight: Andrew Cameron Andrew Cameron is a Distinguished Engineer of Identity and Cybersecurity at General Motors with over two decades of experience shaping how one of the world's largest automakers manages Identity Security. He started in infrastructure and directory services and has since built GM's identity function into a foundational security capability spanning corporate IT, manufacturing, and everything in between. Stay Connected: ● https://www.silverfort.com ● https://linkedin.com/in/rob-ainscough ● https://www.linkedin.com/in/roy-akerman ● https://www.linkedin.com/in/kandrewcameron

  4. -1

    What happens when a well-intentioned AI agent goes rogue ft. Susanne Senoff

    Is “identity is the new perimeter” more of a marketing slogan than a real security strategy? In this episode, Roy Akerman and Rob Ainscough sit down with Susanne Senoff from Conga to discuss how AI agents are starting to behave more like threat actors, and why traditional ideas like “perimeter” and “zero trust” are becoming harder to define. Susanne shares firsthand experience, including an AI agent that wrote reverse proxy scripts and triggered a high-severity cloud alert, showing why security hygiene, understanding critical assets, and monitoring behavior matter more than static privileges or tier-zero boundaries. Together, they explore how IAM needs to evolve from slow administrative processes to real-time, context-aware security, and why CISOs need teams and partners that can keep up with an AI-driven world. Key Topics 1. Debunking "Identity is the new perimeter" 2.AI Agents as both business enablers and threat actors 3. Evolving IAM: From administrative controls to real-time, behavioral security 4. Shifting identity from static, admin-time governance to behavior-, intent-, and context-aware controls that operate at AI speed 🎧 Episode Highlights [01:53]: The moment when an AI agent behaves like a threat actor [03:14]: Why “identity is the new perimeter” falls short in an AI-driven world [07:13]: Why managing AI agents is like parenting a rule-bending 15-year-old [12:37]: Reinventing controls around agents [14:57]: Evolving IAM from static governance to real-time, intent-aware controls 🔑 Key Takeaways: Identity security must shift from static perimeters to behavior- and intent-aware controls. The old idea of “identity as the new perimeter” and flat concepts like users vs. non-humans can’t keep up with AI agents that behave like threat actors, move across cloud surfaces, and exploit basic privileges in unexpected ways. Modern IAM has to operate at runtime, continuously understanding assets, context, ownership, and behavior so security teams can make millisecond decisions about what to allow, challenge, or shut down. AI agents are forcing security teams to rethink risk, resilience, and incident response. As the time from vulnerability discovery to exploitation collapses from months to hours (and soon minutes), defenders can’t rely on ticket-driven processes or slow business validation to decide if something is “okay.” SOCs will increasingly need predefined, business-aware guardrails that justify blocking first and asking questions later on systems that truly matter, supported by AI-driven context, stronger hygiene, and a “minimum viable enterprise” mindset focused on critical processes, data, and apps rather than just tier-zero infrastructure. IAM is becoming a core part of the CISO’s security stack, not an adjacent function. Susanne shares that CISOs must own identity security architecture, embedding identity security engineers, redefining skills around AI, and partnering with vendors based on vision rather than feature checklists. The next generation of identity teams will be judged not just on joiner/mover/leaver workflows, but on their ability to run real-time, AI-assisted identity defenses that understand intent, adjust access dynamically, and help the business adopt AI safely instead of trying (and failing) to slow it down. 👤 Guest Spotlight:Susanne Senoff Susanne Senoff is the Chief Information Security Officer at Conga, where she leads the company’s cybersecurity strategy and helps drive secure innovation in an AI-driven world. With more than 20 years of experience in cybersecurity and risk management, she has held leadership roles at companies including McAfee, Microsoft, and Morgan Stanley. Susanne is known for her practical, people-first approach to security leadership and for helping organizations adapt to emerging AI and identity threats. Stay Connected: https://www.silverfort.com https://linkedin.com/in/rob-ainscough https://www.linkedin.com/in/roy-akerman https://www.linkedin.com/in/susanne-elizer-senoff-575ba96

  5. -2

    Mythos, AI-powered attacks and the security reckoning ft. Sree Ashokkumar

    Mythos changed the rules of security. Again. In this episode, Roy and Rob sit down with Sree Ashokkumar, VP of Cybersecurity at Interactive Brokers, to talk about what happens when frontier AI models like Mythos start exposing foundational weaknesses in identity and collapsing the security controls we've relied on for years. Mythos has quickly become one of the biggest conversations in cybersecurity, and for good reason. Sree shares what he's hearing from peers who've seen it in action: breaking out of hypervisors, chaining exploits in minutes, and forcing CISOs to rethink everything from vulnerability management to privileged access and runtime identity controls. We also get into why the future CISO will need to be more technical, how identity and security teams need to stop working in silos, and what enterprise defense actually looks like in 5 to 10 years. Rob gifts us another analogy (this time involving an identity drawbridge), and Roy pressure tests all of it. Key topics: Why the future favors a more technical CISO Why identity and security teams need to stop working in silos How the CISO role is evolving as AI embeds deeper into the enterprise The "identity drawbridge" strategy for building adaptive defenses Learn more about the impact of Mythos on Identity Security: https://www.silverfort.com/blog/what-cisos-and-iam-leaders-are-calibrating-after-mythos  Follow Silverfort on LinkedIn: https://www.linkedin.com/company/silverfort  Connect with Roy Akerman: https://www.linkedin.com/in/roy-akerman   Connect with Rob Ainscough: http://linkedin.com/in/rob-ainscough    🎧 Episode Highlights:  [3:19]: Why future CISOs must be deeply technical [07:36]: Why the Mythos AI model has cybersecurity leaders on edge [11:16]: The three pillars organizations need to defend against AI-powered attacks [17:00]: How identity security and lateral movement detection are evolving [35:37]: The “drawbridge” strategy for adaptive identity defense 🔑 Key Takeaways: Frontier AI models like Mythos are changing cybersecurity by accelerating exploitation, lateral movement, and privilege abuse faster than organizations can respond using traditional patching and response-led controls. Security needs to evolve from admin-time governance into real-time, runtime defense that continuously validates behavior, access, and trust. Security leaders need layered defenses, adaptive identity controls, network segmentation, and faster response mechanisms that can contain threats before they spread. Future identity programs may rely heavily on AI-driven detection, continuous PAM, and dynamic “drawbridge” style access controls that tighten automatically during suspicious activity. Technical leadership is essential for today’s CISOs.The era of of the “Board CISO” is over as organizations experience increasingly complex attack paths that force cybersecurity leaders to deeply understand systems, architecture, and product design. Now that AI lowers the barrier to building software and launching attacks, security teams will need to evolve faster, pressure test their own environments continuously, and rethink how identity and access management operate in an AI-native world. 👤 Guest Spotlight: Sreenarayan Ashokkumar is a cybersecurity leader with expertise building and leading security programs across industries including finance, technology, and media. Over the course of his career, he has held security leadership roles at organizations such as Warner Bros., Capital One, and Interactive Brokers, where he has focused on identity security, threat detection, cloud security, and large-scale cyber defense. His work centers on helping organizations adapt to rapidly evolving threats driven by AI, automation, and increasingly complex digital ecosystems. #Mythos #AISecurity #IdentitySecurity

Type above to search every episode's transcript for a word or phrase. Matches are scoped to this podcast.

Searching…

We're indexing this podcast's transcripts for the first time — this can take a minute or two. We'll show results as soon as they're ready.

No matches for "" in this podcast's transcripts.

Showing of matches

No topics indexed yet for this podcast.

Loading reviews...

ABOUT THIS SHOW

The only podcast where identity and security finally sit down together for a conversation that’s long overdue. Defining what Identity Security should look like is harder than it sounds, so let’s skip the buzzwords and vendor pitches and get straight to honest conversations with people like you doing the work. From the role identity plays in incident response to programmatically getting rid of AD tech debt or finally achieving least privilege, expect candid conversations about what's actually working, what's broken, and what's next. Tune in as leaders from every discipline unpack the tensions, tradeoffs, and lessons learned from building Identity Security programs in the real world. A Silverfort production hosted by Roy Akerman and Rob Ainscough, new episodes drop every two weeks.

HOSTED BY

Silverfort

CATEGORIES

Frequently Asked Questions

How many episodes does Identity Decoded | The Identity Security Podcast have?

Identity Decoded | The Identity Security Podcast currently has 5 episodes available on PodParley. New episodes are automatically indexed when they're published to the podcast feed.

What is Identity Decoded | The Identity Security Podcast about?

The only podcast where identity and security finally sit down together for a conversation that’s long overdue. Defining what Identity Security should look like is harder than it sounds, so let’s skip the buzzwords and vendor pitches and get straight to honest conversations with people like you...

How often does Identity Decoded | The Identity Security Podcast release new episodes?

Identity Decoded | The Identity Security Podcast has 5 episodes. Check the episode list to see recent publication dates and frequency.

Where can I listen to Identity Decoded | The Identity Security Podcast?

You can listen to Identity Decoded | The Identity Security Podcast on PodParley by clicking any episode. We provide an embedded audio player for direct listening, and you can also subscribe via your preferred podcast app using the RSS feed.

Who hosts Identity Decoded | The Identity Security Podcast?

Identity Decoded | The Identity Security Podcast is created and hosted by Silverfort.
URL copied to clipboard!