In partnership with

The Tech newsletter for Engineers who want to stay ahead

Tech moves fast, but you're still playing catch-up?

That's exactly why 100K+ engineers working at Google, Meta, and Apple read The Code twice a week.

Here's what you get:

  • Curated tech news that shapes your career - Filtered from thousands of sources so you know what's coming 6 months early.

  • Practical resources you can use immediately - Real tutorials and tools that solve actual engineering problems.

  • Research papers and insights decoded - We break down complex tech so you understand what matters.

All delivered twice a week in just 2 short emails.

Join 100K+ engineers

Hey {{first_name | Jedi}} , welcome to the 112th Edition of the Identity Jedi Newsletter. Live from Down Under!

Coming up this week, let’s talk about how we move from identity management to identity security. What does that look like and what does it mean both for our platforms and for our identity teams?

Who’s the latest Identity Security vendor to raise funds? I’ll take ConductorOne for 80 Million Alex.

Table of Contents

Let’s Talk: moving from Identity management to Identity Security

I’ve written about this before, but it’s worth saying again: we’re not just upgrading tools — we’re being asked to change the job. Vendors are rebranding platforms as identity security — slapping on threat dashboards, drawing pretty threat-timeline views, and folding identity systems into the broader security ingestion pipelines. That’s fine. The UI looks cooler. The slides read better at board meetings.

But the real shift is deeper: operations are moving from how did this account get access to what risk does this identity and its access pose right now. It’s less about clicking “approve” on a provisioning ticket and more about hunting the anomalous account that’s living on the edge of your environment and whispering to the crown jewels.

That shift isn’t cosmetic. It changes the entire cadence of the work.

Today, most identity teams were built to be reliable — not ruthless. They’re staffed with talented system admins who can build provisioning pipelines, fish tickets out of help desks, and write scripts that make HR less annoying. Those skills are valuable. They are not, however, threat-hunting skills.

Threat hunting requires curiosity and a little paranoia. It requires:

  • reading logs like a detective reads witness statements,

  • stitching signals across directories, apps, and network telemetry,

  • and making judgment calls when the data is messy and incomplete.

Photo by Travis Essinger on Unsplash

That’s not what most identity folks trained for. Yet the vendors expect they’ll just… pivot. Like changing lanes at 70 mph.

So here’s the reality: identity teams must pick up a new toolkit — fast — or watch security teams absorb identity into their stack and leave the identity people to the ticket graveyard.

The real blocker: most identity programs haven’t fixed the basics

We can’t leap to advanced identity security use-cases while still tripping over application onboarding and access reviews. That’s the painful part. If your org is still fighting basic hygiene — apps half-onboarded, stale entitlements everywhere, review completion rates hovering around “oops” — then the identity security tools are going to be a pretty dashboard that hides a landfill.

Fix the fundamentals first. No one can make a risk decision with confidence if the data is wrong.

A practical roadmap — stop theorizing, start reducing risk

Identity Security isn’t a checkbox you turn on. It’s a culture change: identity teams start thinking like defenders, security teams start trusting identity signals, and business leaders start accepting risk-based decisions instead of checkbox compliance. That’s messy, political, sometimes expensive — and absolutely necessary.

IAM Foundations: Build an IAM Program That Actually Moves the Business

Photo by JC Gellidon on Unsplash

If you’re standing at a blank whiteboard wondering how to build an IAM program from zero, don’t treat this like another IT task. Treat it like a business capability that earns trust every day. Identity is the control plane for humans, machines, and partners — build it to protect and enable the outcomes the company cares about.

Begin with a clear business map. Pick 2–3 business outcomes and attach metrics to them: faster time-to-hire, fewer hours spent in audit, fewer privileged escalations, reduced mean-time-to-contain for identity incidents. Those numbers are what your CFO and CISO will understand — not “we implemented role-based access.” Translate those outcomes into concrete IAM use-cases: automated onboarding flows, entitlement catalogs, privileged access controls, or continuous certification for high-risk apps. Prioritize ruthlessly; early wins create credibility.

Treat your identity data as capital. A canonical identity record with trusted sources (HR, contractor systems, identity providers) is non-negotiable. Duplicate accounts, stale entitlements, and missing owner fields don’t just make your life harder — they make risk decisions impossible. Spend the time to model attributes, enforce authoritative sources, and remove obvious garbage. That boring work multiplies the value of every automation and analytics play you build later.

Staff the work with the right mix. You need system builders and risk thinkers. Hire or train people who can interpret telemetry, ask investigative questions, and map identity signals into the language of the SOC. Pair identity admins with security analysts and app owners for cross-pollination — tabletop exercises and joint investigations accelerate skill transfer faster than any course.

Choose tooling to solve the use-cases, not to chase checkboxes. A minimum viable platform that automates lifecycle events, feeds security telemetry, and integrates with your SIEM/XDR will beat an expensive, half-integrated enterprise suite every time. Focus on integration points: provisioning, authentication logs, privileged access sessions, and event enrichment with HR and device posture.

Automate where it reduces risk and repeatable toil. Start with reversible, observable actions: expired entitlements cleanups, just-in-time access for privileged sessions, and step-up authentication on risky flows. Let automation handle the high-volume stuff so humans can investigate what actually matters. Measure risk, not tickets. Replace vanity KPIs with indicators that reflect security posture: percent of identities with canonical records, reduction in excessive privileges for critical apps, MTTR for identity incidents, and percentage of critical apps onboarded. Report these in business terms — it makes budget and priority conversations easier.

Governance should speed decisions, not slow them. A lightweight steering group with app owners, HR, security, and an executive sponsor keeps scope focused and prevents scope creep. Make accountability visible — owners sign off on app onboarding, entitlements, and exceptions.

Finally, tell the story clearly. Identity touches revenue, customer trust, and resilience. Share wins, show the business metrics, and explain the tradeoffs. Identity isn’t invisible — it’s strategic.

I’m going to be creating a new series diving into this over the next couple of weeks, and planning something even bigger later ( stay tuned on that one). Let’s get the foundation right. So we can get to the GOOD STUFF!

Identity Jedi Show Podcast: Sponsored By:

Industry News

I’ll take ConductorOne for 80 Million Alex! ConductorOne comes in hot, raising an 80 million dollar ( ok 79, I mean, c’mon, seriously, what’s another 1 million at this point) Series B round to service the growing Identity Security Market. I’ve written about Alex Bovee and the C1 crew for a couple of years now, and it’s been interesting to see their journey in the space. ( Check the Identity 50)

ConductorOne Raises $79 Million Series B to Scale the World’s First AI-Native Identity Security Platform

ConductorOne, the world’s first AI-native identity security platform, today announced $79M in Series B funding, bringing total capital raised to more than $100M to date.

www.conductorone.com/news/press-release/conductorone-raises-79-million-series-b

Palo Alto dropped Cortex Cloud 2.0 + Prisma AIRS 2.0 — AI-native threat hunting for cloud and agent fleets. Starting to get interesting over there at Palo…..

Palo Alto Networks launches AI-driven security offerings to tackle cyberattacks

Palo Alto Networks is expanding its artificial intelligence-powered cybersecurity offerings, as clients seek to secure their business operations from rising hacking incidents.

www.reuters.com/business/media-telecom/palo-alto-launches-ai-driven-security-offerings-tackle-cyberattacks-2025-10-28/?utm_source=chatgpt.com

Sophos added ITDR into its XDR stack — automated detection + kill-switches for compromised creds and identity misuse. Fewer tickets, faster containment — provided you actually feed it decent identity telemetry.

Sophos Launches ITDR to Protect Against Growing Identity-Based Attacks

Expands Sophos SecOps Portfolio, Delivering Faster Detection of Identity Risks and Exposure of  Compromised Credentials...

www.globenewswire.com/news-release/2025/10/21/3170001/0/en/Sophos-Launches-ITDR-to-Protect-Against-Growing-Identity-Based-Attacks.html?utm_source=chatgpt.com

Podcasts

The Last Word

I 💗 Australia.

Aussie!, Aussie!, Aussie!

That’s it…see ya in two weeks

Be Good to each other, Be Kind to each other, Love each other

David

What did you think of this weeks newsletter?

Login or Subscribe to participate

Reply

or to participate

Keep Reading

No posts found

© 2025 Identity Jedi Newsletter.

Privacy policy

Terms of use

Powered by beehiiv