Hey Jedi welcome to the 101st edition of the Identity Jedi Newsletter. Sorry I’m late. It’s been a wild ride since we last spoke or since you last read?? You get what I’m saying. First, a much-needed vacation on my part as the year has been off to a fantastic ( but very busy) start, and with the end of Q1 coming up ( and the Greatest Day in the History of the Planet) I figured it would be a good time to get some R&R, and that I did. But immediately upon returning, it was a whirlwind of events and bottom line I didn’t get the newsletter done by Wednesday. So you get a Friday morning edition! ( For Premium and Mastery subscribers, you get two!!!)

So this happened

So apparently, Google really liked Wiz, so much so that this time, they closed the deal. 32 BILLION dollars later and we are looking at the largest acquisition in Cybersecurity history. Wiz has been the most popular Cloud Security platform over the last 5 years. We all know cloud security is important but as you look at Wiz and Google’s cloud offerings you can’t help but to see a GLARING hole in the functionality that it offers. ( I’ll give you one guess on what that is).

Could this been the sign of even more consolidation coming in the cybersecurity market? Will cloud security platform vendors ever realize that THEY NEED TO ADDRESS THE IDENTITY gap? Will the Severance Season finale make more sense the thrid time I watch it?

Only time will tell.

But I bet this won’t be the last acquisition we see this year.

Well, this was awkward…

So, remember all those blogs and posts talking about NHI and how the exposure was ten times worse than human accounts. Yeah…that wasn’t just marketing talk. This article does a great job of breaking down what happened and tracing out the attack vector. The bottom line is this: If you aren’t having a real conversation around NHI, you need to be..RIGHT NOW. Am I telling you to go out and buy a tool tomorrow, no. But you need to understand at least where you are vulnerable because, believe me, you are. At a minimum, have an inventory of where you use NHIs and how they are authenticating; if you feel spunky, create the password rotation policy and start implementing it.

Lalit Choda and the NHI Gropu have some great resources.

Power of Asking Questions

Let’s talk about the most underrated tool in Identity and Access Management.

No, it’s not some shiny new platform.

It’s not AI (though I’m always here for that conversation).

And it’s definitely not another 100-slide deck on Zero Trust.

It’s this: Asking the right questions.

In all my years navigating the identity galaxy—from strategy rooms to war rooms—there’s one thing that separates the IAM programs that succeed from the ones that just… exist. It’s not budget. It’s not even tech.

It’s the habit of asking better questions.

Why Asking Questions Is the IAM Cheat Code

Too many IAM projects launch with answers already baked in.

“We need SailPoint.”

“We need SSO.”

“We need an access review tool.”

But… do you?

What problem are you solving?

What outcome are you chasing?

What does better actually look like?

The organizations that get it right take a step back and ask.

They get curious before they get busy.

Questions Are the Language of Strategy

When I walk into an identity workshop, I don’t start by showing off credentials or demoing tech. I start with a question like:

“What does access mean to your business?”

And I usually get blank stares.

Because they’ve never thought about it that way.

But that question—simple, open-ended—is the key to unlocking everything else:

• The right roles

• The right policies

• The right automation

• The right user experience

You can’t build effective IAM if you’re solving the wrong problem. And you won’t know what the problem is unless you ask.

IAM Leaders: Become Chief Question Officers

If you lead an IAM team, your job isn’t just to manage projects or implement tech.

Your real job? It’s to become a Chief Question Officer.

That means creating a culture where curiosity is baked into every part of the program.

Instead of:

“How fast can we deploy this?”

Ask:

“What does success look like when this is deployed?”

Instead of:

“Who owns this app?”

Ask:

“Who understands how people use this app and why access matters?”

These questions unlock context—and context drives alignment. And alignment is where IAM becomes more than a checkbox; it becomes a business accelerator.

Questions Are Free. Misalignment Is Expensive.

Let’s be honest. The cost of rework, delays, failed rollouts, and frustrated users adds up fast.

And most of it? Comes from skipping the question phase.

If you start with “how,” you’ll end up chasing tools.

If you start with “why” and “what,” you’ll end up delivering value.

My Favorite IAM Questions (Steal These)

Here’s your Jedi toolkit—some of my go-to questions in any IAM engagement:

1. What’s the biggest access-related risk keeping you up at night?

2. What does your dream IAM program look like?

3. Who defines what “appropriate access” looks like for critical apps?

4. What would your business gain if access decisions were made faster and with more confidence?

5. If we removed a major identity tool tomorrow, what would break?

These questions reveal priorities, expose assumptions, and help everyone see the bigger picture.

The Bottom Line

You don’t need to have all the answers to lead a successful IAM program.

You do need to ask the right questions.

Because curiosity doesn’t just make you smarter—it makes your strategy clearer.

And in the world of identity, clarity is power.

So, before you kick off your next IAM project, pause.

Don’t reach for the roadmap.

Reach for a question.

And if you ever get stuck, you know where to find your friendly neighborhood Identity Jedi. 🧘🏾‍♂️

The Identity Jedi Universe

Powered by OnTheCornerMedia

Be Good to each other, Be Kind to each other, Love each other

-Identity Jedi