Posts

Welcome to the Posts section! Here you’ll find our collection of articles and tutorials covering Identity & Access Management, security policies, AI governance, and other related topics. Feel free to browse by category or tag to find what interests you most.

Handling Enhanced Non-Human Identities (NHIs) in 2025: Risks, Signals, and Safeguards

TL;DR In 2025, non-human identities (NHIs)—like bots, service accounts, and automation agents—are no longer passive infrastructure components. They can now request access, trigger workflows, and even be AI-augmented. That makes them riskier than ever. This post breaks down how to spot bad practices, apply controls, and align your IAM strategy to handle NHIs like first-class identities. 🧠 Background: What Are Enhanced NHIs? Traditionally, non-human identities were limited to API keys or service accounts performing narrow tasks....

Zero Trust Readiness Quiz

TL;DR Feeling confident in your organization’s Zero Trust posture? This “Zero Trust Readiness Quiz” leverages the same practical checklist approach I’ve used across enterprises, SMBs, and personal environments to help you gauge where you stand across the seven tenets of Zero Trust defined by NIST SP 800‑207 and CISA’s Zero Trust Maturity Model. Answer ten quick checklist questions about your asset inventory, least‑privilege policies, continuous monitoring, and more. Score your results to identify gaps and prioritize your next steps....

Common IAM Misconfigurations in 2025 and How to Fix Them

Introduction Identity and Access Management (IAM) is the foundation of organizational security. Yet, even the most well-intentioned IAM deployments are riddled with misconfigurations that open dangerous backdoors for attackers. In today’s cloud-first and hybrid work environments, a single oversight in IAM can lead to data breaches, compliance violations, and business disruptions. In this article, we’ll walk through the most common IAM misconfigurations—and how to avoid them using practical strategies, with real-world examples to highlight the risks....

Responsible Use of AI: Why Checks & Balances Matter More Than Ever

Introduction In the first part of this series, we examined the mounting risks that come with using AI in financial documentation and identity workflows. From deepfake-enabled fraud to AI-generated receipts that are indistinguishable from real ones, it’s clear that relying too heavily on automation can undermine trust, integrity, and security. In this second post, we shift our focus to solutions. We’ll explore how to establish safeguards, maintain accountability, and implement the Zero Trust Human philosophy to ensure AI enhances rather than harms our digital ecosystems....

The Hidden Dangers of AI in Receipts and Identity Workflows

From self-generating invoices to automated ID verification, AI is quickly becoming a foundational tool in business operations, security protocols, and digital transactions. Organizations use AI to process documents, detect anomalies, and streamline workflows—boosting speed and reducing human error. But there’s a darker side. When these systems are deployed without adequate oversight, they can be exploited by threat actors or produce flawed outcomes at scale. This blog post explores how AI-generated receipts and identity automation can lead to data fraud, compliance violations, and systemic vulnerabilities—especially in the absence of human checks and balances....

AI and PII: The Privacy Risks You Can't Ignore in 2025

In today’s digital age, artificial intelligence (AI) has become increasingly mainstream, shaping everything from how we search online to how we interact with technology daily. However, as AI grows more prevalent, concerns about privacy, particularly regarding personally identifiable information (PII), have emerged as critical issues that users must understand. Mainstream AI tools, such as conversational AI assistants (e.g., ChatGPT, Google Bard) and generative AI platforms (e.g., Midjourney, DALL-E), rely heavily on data gathered from the internet....

Passwords in the Wild: Why Credential Hygiene Still Matters in 2025

Passwords in the Wild: Why Credential Hygiene Still Matters in 2025 In today’s digital age, protecting your online identity and personal information has become more crucial than ever. Cyber threats are continually evolving, and one of the most effective ways to safeguard yourself against these risks is by practicing excellent password hygiene. Here’s why it matters and what steps you can take to ensure your passwords are strong and secure....

The High Cost of Poor Privileged Account Management

The High Cost of Poor Privileged Account Management In the past year, several major security breaches were traced back to basic failures in privileged account management. Weak controls on admin-level accounts – from not using multi-factor authentication (MFA) to poor password hygiene – have proven to be low-hanging fruit for attackers. Microsoft reports that over 99.9% of compromised accounts lacked MFA, making them easy targets for password attacks ( Security at your organization - Multifactor authentication (MFA) statistics - Partner Center | Microsoft Learn )....

Zero Trust Human: Never Trust a Ping Without the Proof

Zero Trust Human: Never Trust a Ping Without the Proof (Especially in 2025) In today’s hyper-connected world, our devices are constantly vying for our attention. Notifications, emails, and calls flood our screens, each demanding immediate action. A text message claims your package is delayed. An email warns your bank account is locked. A phone call demands payment for unpaid taxes. It’s tempting to react impulsively, but in an era increasingly shaped by sophisticated AI-powered scams, blind trust is a dangerous vulnerability....