The 116th Edition of the Identity Jedi Newsletter

Welcome to the 116th edition of the Identity Jedi Newsletter. It’s that time of year. SKO Season. Sales guys and gals are anxiously awaiting to see if they made club. ( I mean let’s be honest, most of them already know). And soon some of us will be spending a week with motivations speeches, new GTM motions, and a huge quota over our heads that we have no clue how we are going to hit. ( Too soon?)

The rest of us non sales types are actively thinking—not just about the next tool or the next vendor slide deck, or the next shiny checkbox—but about why identity matters… and how it’s about to matter even more.

This week, we’re zooming out to the fundamentals while peering into where identity security has to go next. Because if you don’t master the basics, Phase 2 will eat you alive.

Ready? Let’s dive.

Oh also we redesigned the newsletter a little bit..Hope you like it…Ok LET’S GO!!

Back to Basics. Because Phase 2 Is Coming.

Can we be real a second? For just a millisecond? Most organizations skipped step one and went straight to step eight. They bought the shiny tool. They ran a workshop. They declared “IAM is done” and moved on.

( And now that I have Hamilton stuck in your head)

But friends here’s the the important part I feel like we forgot.

You can’t skip the fundamentals.

And as we enter what I’m calling Identity Security: Phase 2, the cracks are starting to show.

Phase 1 was all about building the table stakes:

Phase 2? It’s about risk. Not just compliance. Not just governance. But actual, measurable risk tied to access. And most orgs are nowhere near ready for that. So here’s my ask this week: Start over. Not literally—but mentally. Pretend you were building your identity program from scratch. What would you do differently? What would you finally document? What would you stop duct‑taping?

This next phase isn’t going to be won with more features.

It’s going to be won by people who can explain the fundamentals better than anyone else—and tie them to real risk.

Are We Viewing Identity the Wrong Way?

Had a conversation this week that spun my brain a bit. We always talk about identity in terms of lifecycle, governance, authentication, etc.

But what if… that’s the wrong lens?

What if identity is simply a measure of access?Not roles. Not titles. Not systems.

Access.

How much of it do you have? What’s the cumulative risk of that access at this moment in time? How does that access footprint grow or shrink based on:

If we started thinking about identity in this way—as an active, living access footprint—we could change how we model risk, design controls, and respond to threats. Might be time for a shift. From “Who are you?” to “How dangerous is your access right now?”

One Identity Major Upgrade Released — One Identity has announced a significant update to One Identity Manager with stronger risk‑based governance, ITDR, and AI‑driven insights to strengthen enterprise identity security. Honestly I didn’t know they were still around 🤣 ( I kid, I kid)…kinda.

AI Adoption in IAM Still Lagging — According to recent reporting, organizations are slow to adopt AI in IAM despite obvious benefits, leaving gaps identity security could fill.

🚨 Identity: Season One just dropped.

This is not your typical blog series. I’m telling a story—the journey of building an identity program from scratch.

📘 Episode 1: “The Inheritiance” You’ve inherited a mess. Welcome to the jungle.

➡️ Read it here

📘 Episode 2 drops tomorrow (Friday).

Make sure you’re subscribed so you don’t miss the chaos.

You don’t need 17 dashboards. You need clarity. You need alignment.And you need the guts to say, “This process is trash, and we’re not carrying it into Phase 2.” Keep pushing. The future isn’t coming. It’s already here — and your access model is leaking. Let’s make 2026 the year we Make Identity Great Again. (I couldn’t resist)

Love each and every one of you!