#329 - Discovering Effective User Access Reviews with Stephen Washington
02/03/25 • 69 min
In this episode of the Identity at the Center podcast, hosts Jeff and Jim discuss the vital role of user access reviews, device identity, and the evolving landscape of Identity Access Management (IAM) with guest Stephen Washington, Head of IAM at Discover Financial. The conversation delves into regulatory compliance, the use of AI in IAM, and practical steps for improving user access certifications. They also explore the importance of managing service accounts, innovations in IGA, and the role of identity in modern cybersecurity frameworks. The episode wraps up on a lighter note with a chat about fitness challenges like Tough Mudder and personal cheese preferences for grilled cheese sandwiches.
Chapters
00:00 Introduction to Regulatory Compliance in Financial Services 01:54 Welcome to the Identity at the Center Podcast 02:07 Exploring Device Identity 03:19 The Role of Identity in Modern Security 06:44 Engaging with the IAM Community 10:31 Upcoming Conferences and Events 13:58 Interview with Stephen Washington 25:36 The Importance of User Access Reviews 33:55 Backend Changes in IGA Systems 35:04 The Concept of Identity Data Lake 36:37 AI and Identity Fatigue 37:22 Importance of Identity Hygiene 38:32 Challenges with Access Reviews 39:42 Regulatory Compliance and Policy Changes 41:06 Advice for Practitioners on Access Reviews 45:47 NYDFS and User Access Reviews 47:41 The Role of NIST Cybersecurity Framework 52:35 Training Auditors and Policy-Based Access Control 57:38 Fitness and Stress Relief 01:05:38 Grilled Cheese and Final Thoughts
Connect with Stephen: https://www.linkedin.com/in/stephen-washington-jr-5569b57/
Gartner IAM Summit - Code IDAC425 saves 425€: https://www.gartner.com/en/conferences/emea/identity-access-management-uk
European Identity and Cloud Conference 2025 - Use code idac25mko for 25% off: https://www.kuppingercole.com/events/eic2025?ref=partneridac
Identiverse 2025 - Use code IDV25-IDAC25 for 25% off: https://identiverse.com/
Connect with us on LinkedIn:
Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/
Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/
Visit the show on the web at http://idacpodcast.com
In this episode of the Identity at the Center podcast, hosts Jeff and Jim discuss the vital role of user access reviews, device identity, and the evolving landscape of Identity Access Management (IAM) with guest Stephen Washington, Head of IAM at Discover Financial. The conversation delves into regulatory compliance, the use of AI in IAM, and practical steps for improving user access certifications. They also explore the importance of managing service accounts, innovations in IGA, and the role of identity in modern cybersecurity frameworks. The episode wraps up on a lighter note with a chat about fitness challenges like Tough Mudder and personal cheese preferences for grilled cheese sandwiches.
Chapters
00:00 Introduction to Regulatory Compliance in Financial Services 01:54 Welcome to the Identity at the Center Podcast 02:07 Exploring Device Identity 03:19 The Role of Identity in Modern Security 06:44 Engaging with the IAM Community 10:31 Upcoming Conferences and Events 13:58 Interview with Stephen Washington 25:36 The Importance of User Access Reviews 33:55 Backend Changes in IGA Systems 35:04 The Concept of Identity Data Lake 36:37 AI and Identity Fatigue 37:22 Importance of Identity Hygiene 38:32 Challenges with Access Reviews 39:42 Regulatory Compliance and Policy Changes 41:06 Advice for Practitioners on Access Reviews 45:47 NYDFS and User Access Reviews 47:41 The Role of NIST Cybersecurity Framework 52:35 Training Auditors and Policy-Based Access Control 57:38 Fitness and Stress Relief 01:05:38 Grilled Cheese and Final Thoughts
Connect with Stephen: https://www.linkedin.com/in/stephen-washington-jr-5569b57/
Gartner IAM Summit - Code IDAC425 saves 425€: https://www.gartner.com/en/conferences/emea/identity-access-management-uk
European Identity and Cloud Conference 2025 - Use code idac25mko for 25% off: https://www.kuppingercole.com/events/eic2025?ref=partneridac
Identiverse 2025 - Use code IDV25-IDAC25 for 25% off: https://identiverse.com/
Connect with us on LinkedIn:
Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/
Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/
Visit the show on the web at http://idacpodcast.com
Previous Episode
#328 - Continuous Identity with Sean O’Dentity
Jeff and guest co-host Sean O'Dell, an identity expert from Disney, discuss the importance of knowing and cleaning data to optimize identity and access management. They delve into topics like Shared Signals Framework (SSF) and Continuous Access Evaluation Profile (CAEP), and how these standards are paving the way for event-driven IAM. They also touch on the complexities of verifying identities, role management, and session management in a zero-trust environment. The episode includes insights into the future of identity practices, emphasizing the shift from runtime to event-driven models and the critical role of accurate data.
Chapters
00:00 Introduction: The Importance of Data Integrity 02:16 Welcome to the Identity at the Center Podcast 03:12 Catching Up with Sean O'Dell 09:23 The Role of Identity in Business 12:36 Understanding Shared Signals Framework (SSF) and CAEP 20:49 The Future of Identity and Access Management (IAM) 32:36 Continuous Management and Identity Verification 33:33 Contextual Signals and Security Regulations 34:44 Data Hygiene and Business Process Challenges 37:52 Centralizing Data for Better Identity Management 44:08 Session Management and Access Control 50:04 Zero Trust and Ephemeral Access 55:51 Defining Continuous Identity 56:50 Fun and Lighter Notes
Connect with Sean: https://www.linkedin.com/in/seanodentity/
European Identity and Cloud Conference 2025 - Use code idac25mko for 25% off: https://www.kuppingercole.com/events/eic2025?ref=partneridac
Connect with us on LinkedIn:
Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/
Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/
Visit the show on the web at http://idacpodcast.com
Next Episode
#330 - Mastering Group Management with Microsoft's David Johnson
In this episode of the Identity at the Center Podcast, hosts Jeff and Jim dive deep into group management, AI, and organizational governance with David Johnson, Principal PM Architect at Microsoft. Join the conversation as David shares his extensive experience managing Microsoft 365, Entra, and SharePoint permissions, and provides best practices for guest management and labeling sensitive data. David also discusses how these paradigms shift with the introduction of AI-driven tools like Copilot. Tune in to understand the essential steps to secure your IT infrastructure and ensure efficient data management.
Chapters
00:00 Introduction to AI and Permissions00:29 Reflecting on SharePoint Innovations00:59 Group Membership Management01:49 Podcast Introduction and Baseball Talk04:25 Upcoming Conferences and Discount Codes08:19 Interview with David Johnson12:40 Managing Microsoft 365 Groups24:29 Understanding Guest Invitations in Microsoft Environments25:09 Defining Guests and Their Access26:45 Common Mistakes in Guest Setup28:22 Lifecycle Management for Guests29:53 Delegated Authority and Guest Management32:28 SharePoint and Teams Integration38:50 Future Trends in Identity and Access Management43:29 Reflections on Microsoft Leadership45:16 Personal Insights and Travel Tips49:22 Conclusion and Farewell
Connect with David:https://www.linkedin.com/in/david-johnson-a12909196/
GMM GitHub repo is available to the public: Https://github.com/microsoftgraph/group-membership-management-tenant
Learn more or for installation support: Contact GMM inquiries at[email protected]
Conference Discounts!
Gartner IAM Summit - CodeIDAC425 saves 425€:https://www.gartner.com/en/conferences/emea/identity-access-management-uk
European Identity and Cloud Conference 2025 - Use codeidac25mko for 25% off:https://www.kuppingercole.com/events/eic2025?ref=partneridac
Identiverse 2025 - Use code IDV25-IDAC25 for 25% off:https://identiverse.com/
Connect with us on LinkedIn:
Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/
Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/
Visit the show on the web athttp://idacpodcast.com
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/identity-at-the-center-290852/329-discovering-effective-user-access-reviews-with-stephen-washington-83517805"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to #329 - discovering effective user access reviews with stephen washington on goodpods" style="width: 225px" /> </a>
Copy