This episode and the Identity at the Center podcast is supported by CrowdStrike. Learn more at crowdstrike.com.Jeff Steadman and Jim McDonald sit down with Scott Kriz, GM of Continuous Identity at CrowdStrike, for a deep dive into continuous identity, zero standing access, and the convergence of identity and security. Scott traces his path from co-founding Bitium, to selling it to Google Cloud, to building SGNL and ultimately joining CrowdStrike. The conversation covers how continuous identity works in practice, why traditional PAM and IGA fall short in a real-time world, and what the rise of agentic AI means for identity governance at scale. Connect with Scott: https://www.linkedin.com/in/scottkriz/Learn more about Crowdstrike: https://www.crowdstrike.com/en-us/platform/next-gen-identity-security/caep/?idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com00:00:00 Introduction and welcome00:01:21 How Scott got into identity and co-founded Bitium00:03:55 Selling to Google Cloud and the inspiration for SGNL00:05:02 Continuous identity and zero standing access explained00:09:13 Defining continuous identity at CrowdStrike00:10:20 How continuous identity differs from PAM and IGA00:15:06 Data as the foundation for continuous identity00:19:29 Open ecosystems, Shared Signals Framework, and CAEP00:25:26 Agents, identity chaining, SPIFFE, SPIRE, and MCP gateways00:33:02 Identity inside CrowdStrike's broader security strategy00:37:27 Identity security budgets and ROI-driven purchasing00:40:04 Agentic scale and the need for automated identity controls00:43:39 The SGNL acquisition: what it means for both companies00:50:25 Zero trust as a real architectural framework00:54:00 Helicopter skiing, avalanches, and staying presentKeywords: IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Scott Kriz, CrowdStrike, SGNL, continuous identity, zero standing access, PAM, IGA, zero trust, agentic AI, non-human identity, NHI, SPIFFE, SPIRE, MCP, identity security, real-time authorization, cybersecurity

Jeff and Jim recap their week at KuppingerCole's EIC 2026 in Berlin, covering standout keynotes, hallway conversations, and sessions on securing AI agents, CIAM, and AI versus nuclear regulation. They announce a giveaway of Eve Maler's signed copy of Mastering Digital Identity for YouTube commenters by June 12th. The episode also features live footage and a full interview with Espen Bago, founder of IdentiBeer, recorded at the Berlin event. Jeff, Jim, and Espen discuss the rapid global growth of the IdentiBeer community, terminology challenges around NHI and IAM concepts, the gap between conference talk and real client needs, and why the industry keeps bypassing foundational data work in the rush toward AI and agentic identity.Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com00:00:10 Welcome and EIC 2026 Setup00:03:57 Eve Maler Book Giveaway Details00:05:00 Conference Highlights: Keynotes and Hallway Con00:06:07 Elizabeth Garber's Standing Ovation Keynote00:07:02 Brazil Invitation and Securing AI Agents00:09:10 Nuclear Regulation vs. AI Regulation00:11:07 Upcoming EIC Episode Preview00:14:16 IdentiBeer Berlin Live Event00:14:29 Interview with Espen Bago Begins00:15:14 IdentiBeer Growth and Global Expansion00:17:23 The IdentiBeer Name Debate00:23:26 Data Quality Gaps in NHI and IAM00:26:31 Who Owns IAM Terminology?00:34:20 Conference Talk vs. Client Reality00:40:52 The HR-IAM Gap Nobody Talks About00:43:17 Fundamentals: The Karate Kid AnalogyKeywords: EIC 2026, European Identity Conference, IdentiBeer, Espen Bago, Eve Maler, Elizabeth Garber, Mastering Digital Identity, Berlin, Identiverse, NHI, non-human identities, IAM fundamentals, AI regulation, agentic identity, IGA, PAM, CIAM, IDPro, identity community, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

This episode features Mark Diodati, Managing Vice President for Identity and Access Management at Gartner.Mark has spent two decades shaping how the industry thinks about authentication, privileged access, and cloud identity, working with renowned companies like Ping Identity, CA, RSA, and now, Gartner. Today, he leads Gartner's global IAM for Leaders analyst team and sets its research agenda across the full identity stack.In this episode, Mark explains how Gartner's research model works and what his team is prioritizing across identity verification, authorization, ITDR, and decentralized identity. He also breaks down what AI means for identity right now and why securing AI agents is harder than most teams realize.This episode is a deep dive into where identity is heading from someone whose job is to listen to everyone.Guest Bio Mark Diodati is the Managing Vice President for Identity & Access Management at Gartner.Mark is a longtime identity pioneer who helped shape the way the industry thinks about authentication, privileged access management, and cloud identity. He leads a large team of analysts, sets the global IAM research agenda, and rigorously reviews every document to keep the bar high. Before that, he guided Gartner’s IAM research for technical professionals, chaired major industry conferences like Catalyst Europe and the Cloud Identity Summit, and drove triple-digit growth in attendance and sponsorships. Earlier in his career, he held key leadership roles at CA, RSA, and Ping Identity, influencing product strategy and partnerships that many identity practitioners rely on today.Guest Quote " One thing we're critically aware of at Gartner is that nobody knows everything. It's impossible.”Time stamps (02:11) Meet Mark Diodati: Identity Analyst and IAM Research Leader (06:00) Inside Gartner: Research, Conferences, and Consulting (09:18) Hiring and Training the Gartner Analyst (15:26) How the Inquiry Process Works (24:07) Gartner Research Products for Identity Professionals (28:02) IAM Research Priorities Right Now (32:31) AI and Identity: Opportunity and Risk (39:35) A Musical Moment with Mark (44:26) Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Mark on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Jeff and Jim are back with the May 2026 mailbag, answering listener questions from Amsterdam, Mumbai, Austin, and Berlin. Topics include navigating IAM vendor acquisitions, defending against AI deepfakes in remote onboarding, governing contractor and third-party identities, fixing the leaver process in IGA, and tackling a decade of IAM technical debt. The episode closes with unpopular industry opinions: why RFPs are procurement theater, why rip and replace should be normalized, and why one-throat-to-choke vendor thinking usually backfires.IDPro new member discount: https://idpro.org/idac/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comCHAPTER TIMESTAMPS00:00 Intro and SNL nostalgia03:25 AI model roundup: ChatGPT, Claude, Gemini, and usage limits10:16 Identiverse 2026 and IDPro member discount14:53 Q1: Navigating vendor acquisitions (Isabelle, Amsterdam)24:00 Q2: AI deepfakes in identity verification (Rajan, Mumbai)32:32 Q3: Contractor and third-party identity governance (Caleb, Austin)43:00 Q4: The leaver process and IGA scope gaps (Anonymous)51:10 Q5: Tackling IAM technical debt (Tomas, Berlin)57:00 Normalizing rip and replace01:01:00 RFPs, one throat to choke, and other hot takes01:08:00 Wrap-upKEYWORDSIAM, identity governance, IGA, vendor consolidation, acquisitions, deepfakes, identity verification, contractor management, non-employee identity, technical debt, rip and replace, RFP, joiner mover leaver, leaver process, Identiverse 2026, IDPro, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

Jeff and Jim welcome back Robert Snodgrass, Principal at RSM, for a deep dive into the RSM Middle Market Business Index cybersecurity report. The conversation covers the confidence gap facing middle market organizations, why digital identity remains undervalued despite being the primary attack surface, non-human identity governance, flat cybersecurity budgets, risk framework adoption, and what good incident response preparedness actually looks like. The episode wraps with a spirited Bitcoin Pizza Day toppings debate.Connect with Robert: https://www.linkedin.com/in/robert-snodgrass-7a199412/Review the RSM US Middle Market Business Index Special Report on Cybersecurity 2026: https://rsmus.com/middle-market/cybersecurity-mmbi.html?cmpid=ola:45559-idac:bb01IDPro new member discount: https://idpro.org/idac/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comTIMESTAMPS00:00:00 Introduction and Scatter Spider social engineering discussion00:04:00 IDPro discount code and upcoming conferences00:06:26 Guest intro: Robert Snodgrass and the MMBI report00:09:05 Defining the modern middle market00:12:00 The confidence gap: 96% confident, 18% breached00:15:04 Why attackers log in and top identity investment priorities00:19:00 Why only 23% of leaders prioritize digital identity00:22:00 Internal partnerships as the path to identity program success00:25:10 AI, shadow AI, and non-human identity risks00:31:00 NHI governance at scale: 45 to 1 ratio00:34:50 Cybersecurity budget realities in the middle market00:39:00 EU regulation and top-line cybersecurity drivers00:42:03 NIST CSF adoption and risk framework value00:46:00 Incident response planning: the two-minute drill00:52:16 Bitcoin Pizza Day and closing thoughtsKEYWORDSidentity security, middle market, cybersecurity, MMBI, RSM, Robert Snodgrass, phishing-resistant MFA, non-human identities, NHI, shadow AI, incident response, NIST CSF, IAM, identity governance, ransomware, tabletop exercises, digital identity, cybersecurity budget, identity program, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald