In partnership with
Introducing the first AI-native CRM
Connect your email, and you’ll instantly get a CRM with enriched customer insights and a platform that grows with your business.
With AI at the core, Attio lets you:
Prospect and route leads with research agents
Get real-time insights during customer calls
Build powerful automations for your complex workflows
Join industry leaders like Granola, Taskrabbit, Flatfile and more.
Jordan didn’t ask for this job.
That’s the part no one ever believes.
It wasn’t some grand career move or carefully plotted leap. It was a conversation that started with “We need you to help stabilize things for a bit” and ended with a new title, a bigger calendar, and a quiet expectation that Jordan would somehow make sense of a mess no one had been able to explain.
Monday morning. Seventh floor. Glass walls. Neutral furniture. The kind of office designed to look calm no matter what’s happening inside it.
Jordan drops their bag by the desk and exhales.
First week, they think. Just get through the first week.
The laptop boots up. Slack messages start popping. Introductions. Welcome notes. A few “glad you’re here” messages that feel sincere — and slightly relieved.
Then the calendar loads. Jordan scrolls. Pauses. Scrolls back up.
Identity Strategy Sync
Wednesday. 10:00–11:00.
Jordan stares at the screen. “Identity?” they say out loud, alone in the room. They don’t remember accepting that meeting. But declining it now would raise questions they don’t yet know how to answer.
So they leave it.
For a split second, their eyes drift to the org chart pinned on the wall — the one they haven’t memorized yet. The name above theirs catches their attention.
I wonder how long they lasted, Jordan thinks.
The thought barely finishes forming before Slack pings again.
By Wednesday morning, Jordan has already sat through six meetings that all felt loosely related without ever fully connecting.
In one, Security talks about audit findings and “excessive entitlements.” In another, IT complains about access tickets piling up overnight. HR mentions onboarding delays, frustrated managers, and exceptions that keep getting escalated.
Different rooms. Same underlying tension. Things aren’t working the way they should — and everyone knows it.
At 9:58, Jordan joins the Identity Strategy Sync.
Cameras click on. A handful of familiar faces. A few new ones. Mark from Security leans back in his chair. “Glad we’re finally doing this.” “Doing what?” Jordan asks, half-joking.
Mark smiles. “Getting identity under control.”
Someone from IT nods. “Yeah, it’s gotten… messy.”
Jordan looks at the shared screen. A slide titled Current State Overview. No date. No owner. Below it, a graph labeled Access Risk Score: 72.
No scale. No explanation. No one references it. Jordan waits. Nothing.
As the discussion moves on, Jordan notices how the same words keep surfacing — risk, control, speed, experience — but they’re never used the same way twice. Mark talks about exposure. IT pushes back on friction. HR frames it as employee impact. Compliance mentions findings.
The tone shifts slightly. Not confrontational. More positional. Jordan writes in the margin of their notebook: Everyone’s solving a different problem.
The meeting ends the way many do — with agreement that something needs attention, and no clarity on what happens next. As people drop off, Mark stays on the call.
“So,” he says, folding his hands, “what do you think?”
Jordan takes a beat.
“I think everyone’s circling the same issue,” they say, choosing their words carefully, “but we don’t agree on what it actually is.”
Mark lets out a quiet laugh. “Yeah. That tracks.”
The rest of the week breaks into moments. A quick exchange with Priya from HR in the hallway.
“Do you know who approves contractor access after the first extension?” Jordan shakes their head. “I assumed HR—” Priya exhales. “So did we.”
A late-day message from IT. “Quick check — that service account tied to billing… is anyone reviewing it?” Jordan types, deletes, types again.
“I’ll look into it.” They don’t. That night, Jordan stays later than planned. The floor is mostly empty now, the hum of the building steady and low. Their notebook lies open on the desk. Arrows. Half-formed thoughts. Questions with no owners. The realization comes quietly. What if I’m in over my head? It’s not panic. Just recognition. Jordan closes the notebook.
Friday afternoon.
By the time the last meeting of the week rolls around, Jordan can feel the fatigue settling in — the kind that isn’t physical so much as cumulative. Too many conversations. Too many half-answers. Too many things that feel important without quite explaining why.
The group is smaller this time. Security. IT. Compliance. Familiar faces, quieter energy. No slide deck. No agenda anyone bothers to share.
The conversation meanders, circling the same territory it has all week. Access. Risk. Reviews. Exceptions. Each topic rises, gets a few minutes of air, then sinks again without resolution. Jordan listens more than they speak, watching how quickly people retreat to the language they’re most comfortable with.
Eventually, Mark leans back in his chair and asks the question Jordan has been bracing for.
“So what’s our identity strategy?”
There’s no edge to it. No challenge. Just a matter-of-fact expectation, like he’s asking for a status update that should already exist.
Jordan feels it immediately — that sudden tightening in the chest, the brief spike of awareness.
Oh shit.
This is the moment the role stops being theoretical. For a second, Jordan considers offering something safe. A placeholder. A directionally correct answer that sounds like progress without committing to anything real.
Instead, they pause.
“I don’t know yet,” Jordan says. The words hang in the air, longer than expected. No one interrupts. No one pushes back. Jordan continues, more measured now. “I don’t think we can call anything a strategy until we’re clear on what we’re actually protecting.” The room stays quiet. Not uncomfortable — thoughtful.
Priya is the first to speak. “That would explain… a lot.”
A few heads nod. The tension doesn’t disappear, but it softens. The meeting winds down soon after, not because anything has been solved, but because everyone seems to recognize they’ve reached the edge of what pretending can get them. As Jordan shuts their laptop, the office outside the conference room is already thinning out, the late afternoon light stretching across empty desks. The weight of the week settles in, not heavy, just undeniable.
This role came with assumptions — that answers already existed, that clarity was hiding somewhere just out of view. Jordan picks up their bag, pauses at the door, and looks back once more at the room.
I didn’t ask for this, they think.
Then, with a quiet sense of finality: But it’s mine now.
Episode 1: The Lesson
Before you can build an identity program, you have to recognize what you’ve actually inherited.
Most identity programs form over time — shaped by urgent fixes, partial decisions, and metrics no one can explain. Eventually, everyone assumes a program exists, even when no one can clearly describe what success looks like.
Identity is responsibility.
Responsibility without clarity is where identity programs actually begin.
If Jordan’s first week felt familiar, that’s because this is how most identity programs actually begin.
Not with a roadmap. Not with a tool. But with a quiet realization that responsibility has arrived long before clarity. Before you try to fix anything, slow down. The first moves matter more than the fast ones.
1.) Start by naming what you’re on the hook for
Before titles, charters, or strategies, take a blank page and answer one uncomfortable question: What will land on my desk this this goes wrong?
Access outages. Audit findings. Broken onboarding. Vendor access that never gets reviewed. Service accounts no one remembers creating.
If people expect you to deal with it, it’s already part of your identity program even if no on ever said so out loud.
2.) Listen for the assumptions everyone is standing on
As you move through conversations, you’ll start hearing the same phrases repeated with confidence.
“That’s handled by the tool”. “HR data is clean” “Someone reviews that” “Thats already governed”
Instead of challenging them head-on, ask a quieter follow-up: How do we know?
If the answer is vague, historical, or hypothetical, you’ve just found the places where risk is hiding in plain sight. Those assumptions aren’t failures. They’re clues.
3.) Be skeptical of metrics no one can explain
Early on, you’ll be shown scores, dashboards, and maturity levels meant to reassure you that progress is being made.
Pause.
Ask what the number actually represents. Who owns it. What decision it’s supposed to influence. If the room can’t answer all three, the metric isn’t guiding the program, it’s giving everyone something to point at while avoiding harder conversations. At this stage, clarity matters more than precision. A number you understand beats a score you don’t.
4.) Pay attention to where conversations get tense
When Security pushes for control, IT pushes for speed, HR pushes for experience and Compliance pushes for evidence, that friction isn’t dysfunction. It’s the business revealing itself.
Identity lives in those moments, where priorities collide and owners gets blurry. The more carefully you observe them, the clearer your real work becomes. Don’t rush to resolve the tension. Understand it first.
5.) Give yourself permission to not have answers yet
There’s pressure, early on, to sound confident. To reassure everyone that a plan exists even if it doesn’t. Resist that urge.
Saying “I don’t know yet” isn’t weakness. It’s honesty. And in identity, honesty buys you more credibility than false certainty ever will. Clarity earned lasts longer than confidence performed.
The takeaway
Episode 1 isn’t about solving identity.
It’s about recognizing that identity is responsibility before it ever becomes strategy.
Once you accept that, the work ahead starts to take shape—not as a checklist, but as a series of deliberate choices. Next episode, we step back into the story as Jordan begins mapping the business itself—and discovers that most identity risk doesn’t sit neatly inside an org chart.
And once you see that, you can’t unsee it.
The next step seems obvious: map the business.
What Jordan doesn’t realize yet is how much of it lives outside the org chart, and how many people are going to be uncomfortable once that becomes visible.
Episode 2 drops Friday.