The Death of Advisory (As We Knew It)

For a long time, advisory services existed because information was difficult to obtain and even harder to synthesize. If you wanted to understand how identity governance should work, how access models scaled, or how regulations translated into real operational controls, you needed someone who had been there before. You paid for proximity to experience. You paid for pattern recognition. You paid because the answers weren’t readily available, and the cost of getting them wrong was high.

That dynamic no longer exists.

AI didn’t merely improve access to information; it fundamentally inverted the value equation that advisory was built on. The knowledge that once justified long engagements, complex assessments, and expansive slide decks is now instantly accessible. Frameworks, architectures, vendor comparisons, policy drafts, and even multi-year IAM roadmaps can be generated in minutes with a level of polish that would have passed for senior consulting work not very long ago.

Information, once the core product of advisory, has become abundant. And abundance has a way of collapsing value.

This shift has created a quiet but unavoidable reckoning for consulting and advisory—one that is especially pronounced in identity and access management. For years, IAM advisory benefited from the perception of complexity. Identity programs looked inscrutable from the outside, full of interdependencies, technical nuance, and regulatory nuance. That complexity made it easy to position information as expertise and documentation as progress. But complexity was never the real challenge.

The real challenge in IAM has always lived in the space between systems and people—between what should happen and what organizations are actually willing to enforce. AI can explain how access reviews are designed to work. It can describe least privilege models, Zero Trust architectures, and lifecycle automation in flawless detail. What it cannot do is confront the reality that many organizations lack clear ownership for access decisions, tolerate poor upstream data, and avoid making the tradeoffs that security actually requires.

That gap—between knowing and deciding—is where advisory either proves its value or quietly becomes irrelevant.

AI didn’t eliminate the need for advisors. It eliminated the tolerance for advisory that mistakes explanation for leadership. When a roadmap avoids naming who must be accountable, when an assessment highlights gaps without forcing prioritization, when recommendations are framed to preserve consensus rather than drive outcomes, the engagement may feel productive, but it rarely changes anything. Those forms of advisory survived for years because customers had no alternative source for the underlying knowledge.

Now they do.

And once information becomes freely available, the only defensible value left is judgment. Judgment is not the ability to recite best practices or reproduce industry patterns. Judgment is the ability to understand context, recognize constraints, and still make a clear recommendation that someone has to own. It is the willingness to say that not everything can be done, that some risks must be accepted explicitly, and that certain behaviors—not technologies—are the true blockers to progress. This is why IAM advisory is being rewritten more aggressively than most disciplines. Identity sits at the intersection of security, operations, and human behavior. It forces organizations to answer uncomfortable questions about trust, authority, and accountability. AI can help model access. It cannot resolve political friction, negotiate ownership, or absorb the fallout when a decision creates resistance or inconvenience.

That responsibility belongs to people.

The future advisor in IAM will not win by being the smartest person in the room. They will win by being the most honest. They will be the ones willing to slow a program down to clarify ownership, to challenge executives who want security outcomes without organizational change, and to push teams to decide what they are actually optimizing for. Convenience, compliance, and risk reduction cannot all be maximized at the same time, and pretending otherwise is no longer acceptable. For IAM leaders, this moment should trigger a reassessment of what they are paying for. Advisory should no longer be measured by the volume of deliverables or the sophistication of diagrams. It should be measured by whether the engagement forced clarity, accelerated decision-making, and reduced ambiguity where it mattered most. Anything less is documentation, not leadership.Advisory is not dying because of AI. It is shedding the parts of itself that were never durable to begin with. What remains is harder, more personal, and more consequential work. Work that requires standing behind recommendations, not just presenting them. Work that accepts responsibility for outcomes, not just inputs.

In the age of AI, the value of advisory is no longer found in answers. It is found in the courage to make decisions visible, uncomfortable, and unavoidable.

And what emerges from this shift is not a vacuum, but a different kind of gravity.

As information becomes commoditized and tools grow increasingly capable on their own, organizations will need fewer translators of features and far more interpreters of intent. This is where a new form of value begins to reassert itself—one that looks familiar on the surface, but fundamentally different in practice. The idea of the Value Added Reseller, long diluted by feature-driven selling and shallow implementation models, starts to matter again. Not because of resale, but because of value.

In this next phase, the most trusted partners will not be those who introduce yet another platform, but those who can help organizations understand how to fully use what they already have. Advisors who can see across identity, security, and infrastructure. Specialists who know how to orchestrate existing capabilities into coherent outcomes, rather than layering complexity on top of complexity. People who understand not just how technology works, but how it should work together—inside a real organization, with real constraints.

That world is still taking shape, and it deserves deeper exploration than a single post can offer. For now, it’s enough to recognize the direction of travel. Advisory as information delivery is fading. Advisory as judgment, orchestration, and outcome ownership is returning—with sharper expectations and higher stakes.

The reset has already begun.

What comes next will separate those who sell tools from those who create clarity.