Posts

Breached Passwords and Modern Authentication: How Clerk Protects Your App from Known Risks TL;DR Using passwords found in previous breaches is like leaving your door unlocked for attackers. Developers can stop this risk cold—tools like Clerk Authentication and its competitors (Auth0, Okta, Microsoft Entra ID, and others) automatically block known breached passwords during signup and reset. Let’s break down why this matters, what the latest password dumps look like, and how you can protect your users (and your reputation) in a few lines of code....

IAM 101: Zero Trust and Identity – Continuous Verification in Practice EverydayIdentity TL;DR Zero Trust isn’t a product—it’s a security philosophy. At its core is continuous verification: a principle that access decisions should never rely on a one-time check. This post breaks down how identity, context, device posture, and dynamic access policies form the foundation of Zero Trust, and how IAM teams can implement this model in practice. What Is Zero Trust?...

Hidden Workers Lost in the ATS Hiring Black Hole An Opinion From the Other Side of the Algorithm There’s an uncomfortable truth most HR leaders won’t say out loud: Applicant Tracking Systems (ATS) aren’t finding your next best hire—they’re hiding them. Over the past decade, automation in recruiting was sold as a revolution. More candidates. More efficiency. Less bias. But walk into any organization struggling to fill open roles, and you’ll hear a different story: “We just aren’t seeing enough qualified people....

When a Phished Employee Has Admin Rights TL;DR Phishing remains one of the most effective initial access methods for attackers—but the real risk begins when the compromised user has admin or privileged rights. In this post, we’ll dissect how privilege escalation turns a single click into a breach, the downstream impacts, and practical steps to contain the blast radius in your own organization. The Real-World Scenario: One Click, Total Compromise Let’s paint a picture....

What Does an IAM Manager Actually Do? First-Hand Insights from a 15-Year IAM Pro Introduction Fifteen years ago, I stumbled into Identity and Access Management (IAM) when “cloud SSO” was still a buzzword and the biggest access threat was a sticky note password. Fast-forward to today, and I manage an IAM team responsible for protecting thousands of users, devices, and applications. If you’re wondering what an IAM Manager actually does—and what it takes to thrive in the role—this post is for you....

Protecting Your Digital Identity: Essential Strategies for 2025 In today’s interconnected world, our digital footprints extend across countless platforms and services. As we’ve seen throughout 2024, the landscape of digital threats continues to evolve at an alarming pace. With major data breaches affecting millions and increasingly sophisticated phishing campaigns, protecting your personal identity online has never been more crucial. This guide explores comprehensive strategies to safeguard your digital identity, with a particular focus on recent developments and the emerging “Zero Trust Human” approach....

AI + Human-in-the-Loop IAM: Compliance Mapping Guide Introduction This guide maps how AI-driven IAM—with human-in-the-loop—meets the world’s leading security compliance frameworks. Use this as a reference for your governance and audit strategies. SOX (Sarbanes-Oxley) Key Controls: Change management for financial systems, privileged access approval, audit logs. HiTL Mapping: All privileged access changes require manual sign-off. Maintain full, immutable logs of both automated and human actions. HIPAA (Health Insurance Portability and Accountability Act) Key Controls: Controls for PHI, traceability of access, breach notification....

TL;DR AI brings speed, scale, and intelligence to Identity and Access Management (IAM). But real-world breaches, compliance rules, and business complexity prove a critical truth: without a human-in-the-loop (HiTL), automation introduces unacceptable risks. This guide covers how AI is transforming IAM, what can go wrong, real-world incidents, case studies, key compliance requirements (SOX, HIPAA, GDPR, NIST, and more), and a downloadable mapping document for your security program. 1. Introduction: The New Age of IAM Automation Identity and Access Management (IAM) is now at the crossroads of AI, automation, and Zero Trust....

TL;DR If you’re leading or supporting an Identity and Access Management (IAM) program, you’re already touching all five functions of the NIST Cybersecurity Framework (CSF)—you just may not be thinking of it that way. This post breaks down how each function of the NIST CSF maps directly to your identity lifecycle, from provisioning to detection to post-breach recovery. 🧠 Background: Why NIST CSF Still Matters The NIST Cybersecurity Framework (CSF) remains a go-to model for organizations aiming to assess and improve their security posture....

TL;DR In 2025, non-human identities (NHIs)—like bots, service accounts, and automation agents—are no longer passive infrastructure components. They can now request access, trigger workflows, and even be AI-augmented. That makes them riskier than ever. This post breaks down how to spot bad practices, apply controls, and align your IAM strategy to handle NHIs like first-class identities. 🧠 Background: What Are Enhanced NHIs? Traditionally, non-human identities were limited to API keys or service accounts performing narrow tasks....