IAM

🧠 TL;DR IAM projects don’t succeed because of tools—they succeed because of project discipline. This post breaks down core project management pillars—scope, stakeholders, communications, risk, and delivery—and ties them to identity work like Okta, Adaxes, and JAMF rollouts. 🏗️ IAM Projects Are Still Projects While identity work is technical and security-driven, the project fundamentals are universal: Stakeholder alignment drives decisions Scope controls chaos Communication prevents surprises Testing builds confidence Governance ensures long-term success Every successful identity project I’ve led—whether rolling out JAMF, Okta, or ServiceNow—followed proven project management best practices....

Breached Passwords and Modern Authentication: How Clerk Protects Your App from Known Risks TL;DR Using passwords found in previous breaches is like leaving your door unlocked for attackers. Developers can stop this risk cold—tools like Clerk Authentication and its competitors (Auth0, Okta, Microsoft Entra ID, and others) automatically block known breached passwords during signup and reset. Let’s break down why this matters, what the latest password dumps look like, and how you can protect your users (and your reputation) in a few lines of code....

IAM 101: Zero Trust and Identity – Continuous Verification in Practice EverydayIdentity TL;DR Zero Trust isn’t a product—it’s a security philosophy. At its core is continuous verification: a principle that access decisions should never rely on a one-time check. This post breaks down how identity, context, device posture, and dynamic access policies form the foundation of Zero Trust, and how IAM teams can implement this model in practice. What Is Zero Trust?...

What Does an IAM Manager Actually Do? First-Hand Insights from a 15-Year IAM Pro Introduction Fifteen years ago, I stumbled into Identity and Access Management (IAM) when “cloud SSO” was still a buzzword and the biggest access threat was a sticky note password. Fast-forward to today, and I manage an IAM team responsible for protecting thousands of users, devices, and applications. If you’re wondering what an IAM Manager actually does—and what it takes to thrive in the role—this post is for you....

Protecting Your Digital Identity: Essential Strategies for 2025 In today’s interconnected world, our digital footprints extend across countless platforms and services. As we’ve seen throughout 2024, the landscape of digital threats continues to evolve at an alarming pace. With major data breaches affecting millions and increasingly sophisticated phishing campaigns, protecting your personal identity online has never been more crucial. This guide explores comprehensive strategies to safeguard your digital identity, with a particular focus on recent developments and the emerging “Zero Trust Human” approach....

TL;DR If you’re leading or supporting an Identity and Access Management (IAM) program, you’re already touching all five functions of the NIST Cybersecurity Framework (CSF)—you just may not be thinking of it that way. This post breaks down how each function of the NIST CSF maps directly to your identity lifecycle, from provisioning to detection to post-breach recovery. 🧠 Background: Why NIST CSF Still Matters The NIST Cybersecurity Framework (CSF) remains a go-to model for organizations aiming to assess and improve their security posture....

TL;DR In 2025, non-human identities (NHIs)—like bots, service accounts, and automation agents—are no longer passive infrastructure components. They can now request access, trigger workflows, and even be AI-augmented. That makes them riskier than ever. This post breaks down how to spot bad practices, apply controls, and align your IAM strategy to handle NHIs like first-class identities. 🧠 Background: What Are Enhanced NHIs? Traditionally, non-human identities were limited to API keys or service accounts performing narrow tasks....

Introduction Identity and Access Management (IAM) is the foundation of organizational security. Yet, even the most well-intentioned IAM deployments are riddled with misconfigurations that open dangerous backdoors for attackers. In today’s cloud-first and hybrid work environments, a single oversight in IAM can lead to data breaches, compliance violations, and business disruptions. In this article, we’ll walk through the most common IAM misconfigurations—and how to avoid them using practical strategies, with real-world examples to highlight the risks....

Passwords in the Wild: Why Credential Hygiene Still Matters in 2025 In today’s digital age, protecting your online identity and personal information has become more crucial than ever. Cyber threats are continually evolving, and one of the most effective ways to safeguard yourself against these risks is by practicing excellent password hygiene. Here’s why it matters and what steps you can take to ensure your passwords are strong and secure....

The High Cost of Poor Privileged Account Management In the past year, several major security breaches were traced back to basic failures in privileged account management. Weak controls on admin-level accounts – from not using multi-factor authentication (MFA) to poor password hygiene – have proven to be low-hanging fruit for attackers. Microsoft reports that over 99.9% of compromised accounts lacked MFA, making them easy targets for password attacks ( Security at your organization - Multifactor authentication (MFA) statistics - Partner Center | Microsoft Learn )....