{"id":199139,"date":"2024-11-08T05:01:00","date_gmt":"2024-11-08T05:16:55","guid":{"rendered":"https:\/\/www.cyberark.com\/podcasts\/ep-65-machine-identities-ai-and-the-future-of-security-with-the-identity-jedi\/"},"modified":"2026-04-04T07:17:47","modified_gmt":"2026-04-04T11:17:47","slug":"ep-65-machine-identities-ai-and-the-future-of-security-with-the-identity-jedi","status":"publish","type":"podcast","link":"https:\/\/www.cyberark.com\/ko\/podcasts\/ep-65-machine-identities-ai-and-the-future-of-security-with-the-identity-jedi\/","title":{"rendered":"EP 65 – Machine Identities, AI and the Future of Security with the ‘Identity Jedi’"},"content":{"rendered":"

In this episode of the Trust Issues podcast, host David Puner and David Lee, aka \u201cThe Identity Jedi,\u201d<\/a> delve into the evolving landscape of identity security. They discuss the critical challenges and advancements in securing both human and machine identities. Lee shares insights on the fear and misconceptions surrounding AI, drawing parallels to pop culture references like Marvel’s Jarvis. They explore the potential of autonomous AI in monitoring and managing security tasks, emphasizing the need for real time data analysis and context understanding. The conversation highlights the importance of providing context on both human and machine sides to enhance security measures. They also touch on the role of investors in the identity security space and the need for better storytelling in the industry.<\/p>\n

[00:00:00] David Puner: You’re listening to the Trust Issues Podcast. I’m David Puner, a Senior Editorial Manager at CyberArk, the global leader in identity security.<\/p>\n

We don’t know what we don’t know. I’ve heard that quite a bit recently, including a couple of times in today’s episode. It seems almost like a Yogi-ism, as in Yogi Berra, the late Hall of Fame New York Yankees catcher, and coiner of sayings like, “Nobody goes there anymore; it\u2019s too crowded.” It contradicts, and it’s also somehow true.<\/p>\n

Yogi was sort of an inadvertent Jedi wordsmith of sorts. Today’s guest is a self-proclaimed Jedi, David Lee, aka the Identity Jedi.<\/p>\n

[00:01:00] In our conversation, we get to the bottom of what we do know and what we don’t know about the complexities of AI in identity security and many other points related to the past, present, and future of identity management.<\/p>\n

Thanks to David, who’s been in the identity space for a long time and has worn several hats. Now, among other things, he’s the host of the Identity Jedi podcast and a sought-after speaker.<\/p>\n

So, why am I talking about Yogi Berra and Yogi-isms? Well, we recorded this episode right before the start of this year’s fall classic\u2014baseball, that is. And at the end of this episode, David and I, a Los Angeles Dodgers fan and a Yankees fan, make serious predictions. And let’s just say mine was very incorrect. The cyber lesson? Just like basic cyber hygiene, you can’t win if you don’t execute on the fundamentals. And you can’t know what you don’t know.<\/p>\n

[00:02:00] Congrats to David Lee and all you Dodgers fans in B2B land. As Yogi Berra once said, “The future ain’t what it used to be.” Here’s my conversation with David Lee.<\/p>\n

[00:02:30] David Puner: David Lee, the identity Jedi. Welcome to Trust Issues. Thanks for coming on the podcast.<\/p>\n

[00:02:36] David Lee: Oh, thanks for having me, man. This is, uh, it’s, it’s, it’s an honor to be here. I, um, when you sent out the message, I looked it up and was like, “Oh, man, they’ve had some good interviews on here.” So I’m honored to join the list of interviewees who\u2019ve been on Trust Issues.<\/p>\n

[00:02:51] David Puner: We are super excited to have you. And I guess maybe to start things off, because the name, the moniker kind of calls for this, when did you start thinking about identity, and how did you become the Identity Jedi?<\/p>\n

[00:03:00] David Lee: I started thinking about identity 20 years ago. I mean, it was by accident. I got assigned to a project that called for J2EE developers.<\/p>\n

My background’s in computer science. I’m a software engineer by trade. So I came into this project thinking, “Hey, I’m going to build this cool system. I get to flex my development skills.” And instead, what I got was Sun IDM, right? The architect walks in, places these books on my desk, and goes, “Hey, I need you to read this, understand what this program is. I’m going on vacation for two weeks. Have something ready by the time I get back,” and walked out the door. “Oh, by the way, welcome to the project.” Like, okay.<\/p>\n

[00:03:34] David Puner: All right.<\/p>\n

[00:03:35] David Lee: And so that’s kind of when I started thinking about identity. The way my mind works, when I’m looking at something, I want to understand everything about it so I can understand exactly what I’m working on.<\/p>\n

An analogy I like to use is if I’m going to grab a screwdriver, I like to understand everything else that’s in the toolbox, right? What’s the toolbox? What it’s for? What are these other tools? What are these things? Okay, now that I know that, let me go use this screwdriver because it helps me understand, “Hey, I’m using this tool for the right purpose.” Right? You can cut [00:04:00] a tree down with a hammer if you want to, but it’s probably a lot easier if you use a saw, right? So if you know which tools to use, it kind of makes things easier. And that’s kind of how I approached identity. I started learning all these things about Sun IDM and access management, LDAP.<\/p>\n

And then look up 20 years later, I’m still doing it. The identity Jedi moniker came around five years ago. There was an Identiverse call for papers. At the time, I was working for SailPoint, and, you know, when you start submitting for these call-for-papers, right, you’re just submitting and submitting. So I just got a little cheeky and thought, “Oh, let me put together a title like ‘How to Become an Identity Jedi.’ That sounds pretty cool,” right? At the time, everybody was doing this thing, like, “Oh, I’m your customer support ninja” or this, that, or whatever. And I’m a huge Star Wars nerd.<\/p>\n

So I said, “How to Become an Identity Jedi.” And it got accepted. I gave the talk. People loved it. Everybody that showed up came after me to talk to me afterward. And after that, at Identiverse, people would be like, “Hey, you’re the Jedi guy, right?” Like, “Oh my God, I make everybody watch that video when they come to my team.” It kind of stuck, and I just kept rolling with it. And then five years later, it’s turned into [00:05:00] a podcast and a newsletter. So I just kind of rolled with it.<\/p>\n

[00:05:02] David Puner: Well, that’s a great story. So, the podcast and the newsletter, we should point out, is, uh, and perhaps obviously, you can find it at theidentityjedi.com. It\u2019s the Identity Jedi Newsletter and the Identity Jedi Podcast. So was there, like, a Yoda-type of figure in your life, or is that kind of where the actual Jedi parallel comes in?<\/p>\n

[00:05:20] David Lee: There were a couple; there wasn\u2019t just one. There were a couple over the years, and it wasn\u2019t so much about identity but more about mentors that I was lucky enough to have early on in life. So yeah, the analogy starts to get a little thin the more you play it out, but yeah, I\u2019ve had a couple of really, really good mentors in my life, and I\u2019ve been lucky to call my mentors and friends. So, it\u2019s been great.<\/p>\n

[00:05:48] David Puner: So when considering identity and identity security right now, in this day and age, what are some significant trends and challenges that come to mind?<\/p>\n

[00:05:57] David Lee: Yeah. The biggest trend that first comes to mind is consolidation, right? We\u2019re in this wave in identity where we\u2019re swinging on the pendulum from best of breed back to platform. And I say back to platform because some of us who\u2019ve been around a little bit\u2014seasoned, got a little gray in the beard\u2014remember a time when we tried to do this platform approach.<\/p>\n

You had big companies like Oracle roll out these huge, big stacks, IBM, right? And it fell flat, right? It just absolutely fell flat. They were monolithic. They were slow, required huge amounts of customization, and just didn\u2019t work. So we went best of breed. And now we\u2019re starting to see with SaaS and IDaaS, right? We\u2019re starting to understand that hey, we can kind of do this better together with more standards. This should be a platform, right? It got too expensive to do best of breed with integration. So, that\u2019s one big trend we\u2019re seeing. And we\u2019re seeing it in the marketplace from competitors and vendors who became competitors who used to be strategic allies. And now they\u2019re just kind of like, hey, we\u2019re all going to do the same things. But you\u2019re also seeing it from the investment side, like investors investing into this, right? We\u2019ve seen Thoma Bravo the last, you know, a couple of years as a PE firm, just kind of bought up all these little companies. We all think they\u2019re going to put something together and push them out, and they\u2019ve done a little bit of that.<\/p>\n

[00:07:00] So that\u2019s the one big trend, right? It\u2019s this consolidation, giving the customer everything in one, making it easier for them. The second one is just the term “identity security,” right? That\u2019s fairly new within the last couple of years as we\u2019ve been marketing this pitch like “identity is the new perimeter” and “identity is at the center of security” and yada yada yada. But what we\u2019re actually starting to see is, like, what does it mean to make identity more security-like? For most of its existence, identity has been more administrative-focused, right? “Let me help you with access reviews. Let me help you provision more access. Let me help you reduce tickets,” things like that. It hasn\u2019t really been focused on, “Let me actually help you secure your identity and how this fits into your security framework.” And so, we\u2019re starting to see more of that. So we get things like identity security posture management tools, we get identity threat detection tools, right? We\u2019re starting to see these things where, as we\u2019re looking at identities and access, we\u2019re able to take these things such as risk and contextualize them and say, “Here\u2019s what this means within your organization from a security perspective.” That is another big trend we\u2019re seeing. And even customers and CISOs are starting to ask these questions of vendors: “How does this actually play into my security standpoint?” which is excellent, right? It\u2019s something I think we\u2019ve needed for a long time.<\/p>\n

[00:08:10] David Puner: So an identity security approach is built on a foundation of privileged access management, which secures all identities, human or machine, throughout the cycle of accessing critical assets. You had mentioned something to me earlier about how you had seen a similar pattern with privilege and identity like 10 or 15 years ago. I thought that was really interesting. Can you maybe rehash that a bit for the audience?<\/p>\n

[00:08:31] David Lee: So right now, like, the hot thing in the streets is non-human identity. Everybody’s like, “Oh yeah, non-human, non-human.” And, like, VCs are throwing cash like it\u2019s the first of the month and they just got their checks, right? I mean, there\u2019s a new non-human identity organization popping up just about every other month, and there\u2019s all this investment into it, which is good because it\u2019s an area that needs to be established. But, like, non-human identity has this very similar pattern to privileged access management about 10 or 15 years ago. You look at it, and you say, “Yes, customers will tell you, \u2018I absolutely understand that I need to get a handle on this. There are all these things I don\u2019t know. I don\u2019t have good visibility. I\u2019ve got to better discover these things and the governance around it.\u2019 Yeah, yeah, yeah, I got it. But, like, just these normal identities are still kicking my butt. I still can\u2019t figure this part out, and now you\u2019re telling me you want me to go handle this stuff? I\u2019ll get to it. I\u2019ll get to it. I\u2019ll get to it.\u2019”<\/p>\n

Let\u2019s jump in our time machine and go back 15 years ago. This is the exact same conversation with privileged access management, right? We were talking to companies saying, “Hey, like, hey, these accounts over here, like, we know you need to manage all these accounts, but these, like, 10, 15, 20, 100 accounts depending on the size of your organization, right? Like, these control the keys to the kingdom. We should really be focused on those.” It\u2019s like, “Got it. Totally. No, it\u2019s important. I\u2019m trying to figure out these things. I\u2019ll get to that. I\u2019ll get to that. I\u2019ll get to that,” right?<\/p>\n

And so, that same type of thing where it\u2019s like, it\u2019s so weird where we realize the importance of it. Like, “Hey, this is more than likely going to be where the breach happens. If we have any kind of incident, it\u2019s going to deal with these types of accounts. Here\u2019s where it\u2019s happening.” But our focus is elsewhere. It is so very weird that the customers do that, but most of it\u2014and again, the pattern that I recognize\u2014is that back then, you couldn\u2019t really explain privileged access management to the business side of the customers. The admins got it. Think about it: you were talking about Linux accounts, mainframe admin accounts, all these different admin accounts. It\u2019s just a small group of people who really understand that world, and trying to explain to your executives why this is important\u2014it\u2019s the same thing with non-human, right?<\/p>\n

[00:10:37] The same thing with non-human, which makes it kind of even worse, is that the scale of non-human is bigger. With privileged access management, it was like, okay, if I\u2019ve got 10,000 identities, I\u2019ll probably get, like, 500 privileged identities, hopefully, right? It\u2019s usually a smaller percentage of privileged access management to identities. With non-human, it\u2019s the exact opposite. You have 10,000, and you probably have 30,000, upwards of maybe 40,000 to 50,000 when you get to non-human because it\u2019s just the world we live in, where we connect with APIs and API secrets and keys\u2014all these things that we do. It creates all these credentials and this access in a non-human way that just outnumbers the sheer amount of human identities. So now you\u2019re saying, “Hey, there\u2019s this thing to really understand. Oh, by the way, it\u2019s so much bigger. There\u2019s a whole bunch of data with it. So we\u2019re just gonna throw it at you,” and customers do what they normally do and go, “Yeah, I\u2019m not going to deal with that.”<\/p>\n

[00:11:30] David Puner: Right. So I want to stay on the machine identities track, but first, just to sort of give the audience an understanding of where you are with organizations and customers, who are you talking to on a regular basis? How are you keeping a finger on the pulse of what\u2019s going on out there?<\/p>\n

[00:11:46] David Lee: I have this very interesting kind of network, which is super cool. So I get a chance to talk to both product companies and, more focused on, like, identity leaders who are doing this day in and day out and trying to put together strategies. So I\u2019m usually talking to them about their strategies, what they\u2019re approaching, what they\u2019re struggling with, and how to go about this as they deal with things like, “Hey, we\u2019re seeing this consolidation or trying to consolidate. We\u2019re at this phase with an identity where it\u2019s the next evolution for software.”<\/p>\n

[00:12:16] I\u2019ll give you an example. We\u2019ve got organizations. I had one gentleman, um, who is a CISO of an organization. They have three different PAM vendors that they\u2019ve bought over the course of six years. And he\u2019s like, “So we\u2019ve got three PAM tools. We\u2019ve got one IGA tool that we hate. We want to bring in a new one, and then we\u2019ve got Azure.” And so they\u2019re looking at all this and going, like, “How do we refactor this? I want to get this down, you know, simplified as much as possible. What should I be looking at, and what\u2019s my strategy on top of that?”<\/p>\n

On the other side, I get to talk to vendors, a lot of startup vendors that are coming in, just kind of helping them on either product strategy or just really messaging, right? I think one of the things that\u2019s interesting right now\u2014this might be a little harsh\u2014but we, as an industry, kind of suck at telling stories about identity.<\/p>\n

[00:13:02] David Puner: And when you say “we,” who do you mean by “we”?<\/p>\n

[00:13:05] David Lee: “We” as in the vendor industry. We who develop products and put those out to customers and say, “Hey, we have your solutions.” We don\u2019t tell stories very well about what the solution does and how it helps. I have a lot of conversations with product leaders or marketing leaders about what their product is, how they tell their story, how to connect to the customer as far as what the customer is really going through, and how they can point to, “Here\u2019s what the actual solution is, and here\u2019s what we do. We differ here. We\u2019re the same here. We\u2019re this here.”<\/p>\n

And I tell people, just lean into that. Don\u2019t do this thing where it\u2019s like, “It\u2019s not the same market; we can do this whole, like, \u2018we kind of do everything\u2019 thing.” Be really vague. We do this here. And it\u2019s like, that\u2019s not going to work. You\u2019ve got to be very to the point: “We solve this.”<\/p>\n

[00:14:00] David Puner: Right.<\/p>\n

[00:14:01] David Lee: To go back to answer your question, those are kind of the two conversations that I have the most. Mostly with security identity leaders and then with the leaders on the smaller vendors, right? The bigger vendors, they\u2019ve got their own direction, right, wrong, or indifferent. I just write about them and judge them from afar because it\u2019s fun. So, you know.<\/p>\n

[00:14:22] David Puner: Going back to machine identities, with the increasing complexity of environments, including cloud and hybrid environments, how do you see the role of machine identities evolving, and what are the critical challenges organizations face in managing these identities?<\/p>\n

[00:14:36] David Lee: I want to start with the challenge. The challenge is the scale, because machine identities are much more automated than the human identity, right? Like, the lifecycle is automated and quicker with machine identities. To give a concrete example, with a simple API call, you could stand up an identity that needs to go access something, and it does it maybe for a couple of hours. It shuts itself down again, and then it\u2019s gone. Right. And that\u2019s kind of getting, like, a little bit of a longer workload.<\/p>\n

But the point is, you can do that with bots or even now AI agents, or, like, something that needs to go out and connect. So, you have the actual identity that connects in real-time, and it\u2019s not quite always there. So its lifecycle could be very short. And then you also have, like, the credential side of it, where we usually give it long-standing credentials. And so just the scale and the mass of what\u2019s going on there and the ability to get the connectivity to understand what this identity is connecting to, what access it has, and what it means, that\u2019s one of the biggest challenges, right?<\/p>\n

[00:15:32] And it\u2019s a big challenge because we struggle\u2014we\u2019re just now getting to the point where we can provide that context on the human side. And now we\u2019ve got to turn around and provide that context on the machine side. And you have to, because at least with humans, I\u2019m looking at something like, “Oh, I know David. I know his manager. I can go talk to her and figure something out.” Like, you have a path to go figure things out. With machine identity, it\u2019s like, “Uh, there\u2019s this thing here, and it accesses something, right? Whose machine is this? What is this thing?” Right?<\/p>\n

And so that context is super important. That\u2019s the biggest challenge there to get over. And then the trend is more so, like, I hate to say it, but it\u2019s really governance. It\u2019s the same aspects we took on the human identity side, and now we\u2019ve got to govern all these things. So, it\u2019s about taking those same playbooks, those same workflows, and I\u2019m using those words very generically, but those same things that we did for humans like, “Hey, was it assigned? How to review it? When do we get access to it? Let\u2019s make sure this access is good. Do we have any policies that this thing shouldn\u2019t have?” And we should apply the same thing over there on a machine.<\/p>\n

[00:16:31] In some ways, part of this we should solve easier. We\u2019ve been doing governance for 20 years now. Like, we know how to do that. So, we just apply those same techniques over here.<\/p>\n

[00:16:41] David Puner: So then it comes down to magnitude, really?<\/p>\n

[00:16:44] David Lee: Yeah, it\u2019s really the magnitude and, honestly, the relationships. Looking at how we model those relationships and understanding that when we focused on identities, human identities, we did a very, very, like, okay, human-manager-application-entitlement type of\u2014it was a very set structure of relationships, right? And we didn\u2019t really look past that. We\u2019re just now starting to see, like, okay, well, let\u2019s look at everything. Let\u2019s look at how an application to an entitlement to a human to a user to a role\u2014let\u2019s look at the spread of what that really means.<\/p>\n

[00:17:15] I\u2019m a big fan of graphs and trees when you look at this because you need to see the responsibility of this access, right? If I have access to this entitlement, it gives me access to this machine. What does that mean? What can I do with this access? So, as we\u2019re starting to understand that, that is critically important on the machine side, because you have to understand what all these things mean.<\/p>\n

At the end of the day, back to identity security, we\u2019re trying to actually be more secure with this stuff now. So what\u2019s the blast radius of this? If this machine identity wakes up every Thursday and connects to move data over and is using this role in this AWS account for access, what does it actually give it access to? If this gets compromised, what can somebody do? What\u2019s the blast radius of this access? That context is so important because that\u2019s going to drive your policies and how you govern those machine identities.<\/p>\n

[00:18:02] Because you say, “No, this thing needs to run every Thursday morning. No problem.” So we have no problem with it having the access. We just need to understand it and know the patterns. So then, if we ever see something that\u2019s off about that, it\u2019s like, “Wait, but it\u2019s Friday, and somebody\u2019s logging in with David\u2019s account, using that thing and trying to do that.” Hey, that\u2019s not right. Right? But right now, it\u2019s all just noise because we don\u2019t have any context there.<\/p>\n

[00:18:26] David Puner: So then, getting back to the organizational level, how do you think organizations can align their identity security strategies with their overall business objectives? And have you seen any kind of examples or best practices that you can share?<\/p>\n

[00:18:38] David Lee: How they do it\u2014you\u2019ve got to talk to the business.<\/p>\n

[00:18:41] David Puner: Okay.<\/p>\n

[00:18:42] David Lee: It really is that simple. As an identity security leader, you\u2019ve got to look at an initiative and then\u2014I\u2019ll kind of walk you through an example recently of somebody we talked to on the pod\u2014but you\u2019ve got to talk to your level of business unit and say, “What are you trying to accomplish?”<\/p>\n

To get very, very concrete, let\u2019s say you\u2019re the identity leader, and you sit under the CIO\u2019s office. The CIO says, “Okay, you now own identity, and we need to roll out passwordless.” Okay, great. Cool. We\u2019re gonna roll out passwordless. So now it\u2019s your job to either ask your CIO, “Hey, so why are we rolling out passwordless? Like, who wants this, and what benefit is it going to give to the business?”<\/p>\n

[00:19:20] And your CIO says, “Well, legal asked for it because whatever.” Cool. Let\u2019s go talk to legal. “Hey, legal, what are you looking for when you look at passwordless? How is this going to affect you day in, day out? What\u2019s going to make it easier for you? What\u2019s going to make it harder for you?” Great. Now let\u2019s go talk to the applications that we\u2019re going to put into passwordless and roll in. Let\u2019s talk to the application owners. Let\u2019s talk to, like, how they administer this. “What\u2019s this going to look like?”<\/p>\n

You need to have these conversations with your business and align them and say, “Okay, legal, you said this was really important to you. When do you want to have it rolled out? CIO, when do you want to have this done?” Okay. These are our dates. This is what we need to do. Now we know why we\u2019re doing something, and we know that we have a goal to go hit, not just from a technical standpoint, because we can say, “Hey, we rolled out passwordless to 30 percent of our applications.” Great. Nobody cares. But in this case, we know that the business cares. So let\u2019s find out why they care, why it\u2019s important to them. And now you have your objectives.<\/p>\n

[00:20:10] And now that you have those objectives, you then work backward from there and say, “Okay, well, this is what we\u2019re going to meet for our goals,” right? So based on these objectives, you want all of your\u2014let\u2019s say legal said, “We want all of our SOC compliance or our most heavily regulated applications that access personal data within our organization. We want those using passwordless because we feel like that\u2019s the strongest, right? CISO proved this, that that\u2019s the strongest.” Cool. All right. Well, then now we know the business objective. We\u2019re going to work back from there and make our goals.<\/p>\n

The reason why this is so important, and I walk through that specific example, is because as you start hitting your milestones, your milestones match up to what the business wants to do. Identity projects go to die when you mark off a milestone, and it\u2019s, like, the total opposite direction of what the business wants to do, or, more than likely, what happens, the business just doesn\u2019t care. “Hey, we deprovisioned a hundred accounts today,” and the business is like, “And?”<\/p>\n

[00:21:00] David Puner: Is it fair to say that this is in part a communication issue?<\/p>\n

[00:21:03] David Lee: It is very fair to say, and it is absolutely a communication issue. We have not figured out the right language to communicate the value of what we\u2019re doing in identity to match the value of what happens in business.<\/p>\n

[00:21:14] David Lee: And to give an example of that recently, we had a gentleman on the pod who just rolled out a new IGA deployment. He\u2019s got an interesting responsibility set. He\u2019s the first identity leader I\u2019ve met in a while who\u2019s had such a wide range of responsibilities. Not only did he own infrastructure, but he also owned identity. He had a little bit of ops operation. So, he had a very wide range of where he could exert some control, which was good.<\/p>\n

But he could also bring those organizations in together, right? When you\u2019re trying to get something done, it\u2019s easier when you have somebody that says, “Hey, I\u2019m your boss, so do it.” Right? Like, that wasn\u2019t a request; that was an order. Right? “Okay, I guess I\u2019m showing up to this meeting.”<\/p>\n

[00:21:48] David Puner: Yeah.<\/p>\n

[00:21:49] David Lee: So that was one very unique thing. But what he did was, as he was getting ready to roll it out, he went and talked to the different business users of IGA and said, “Hey, this is what we want to roll out. What apps should be important when you\u2019re doing access reviews? What\u2019s your biggest pain point? So if we did these and automated these access reviews for these applications, would this work for you?” Yes. Like, he made sure that his team was working with the business. And then, when they had something ready, they said, “Okay, we\u2019re going to go do this. Let\u2019s go show it to the business. Hey, let\u2019s get in front of you. Is this what you…” “Yes, absolutely. This looks great.” “Okay, now let\u2019s keep rolling.” So, he was able to get his kind of first rollout in about four months. They loved it. Now they\u2019re rolling on to the next one.<\/p>\n

[00:22:29] And so that\u2019s what I mean about engaging and communicating with the business. This isn\u2019t something that we can just go off into the corner and develop and then go, “Business, you\u2019re going to like it because we\u2019re security.” Well, that\u2019s a way to not get them to like it. You\u2019ve got to make sure they have an active voice and that they\u2019re walking with you side by side in deploying that. And when you do that, that\u2019s when you see really, really successful identity programs.<\/p>\n

[00:22:54] David Puner: Is the CISO the person and the role that should carry that weight, or are you talking about another role, like the Chief Identity Officer? Or does it not really matter what the title is?<\/p>\n

[00:23:06] David Lee: It doesn\u2019t really matter what the title is, to be honest. It just needs to get done. I think, though, that we will see the Chief Identity Officer role kind of step up because I think what needs to happen is that CISOs right now are completely overwhelmed as it is. They\u2019ve got so much to answer for, and CISOs are learning how to develop the skills needed to be the security person but also to handle the “C” that\u2019s in their title. They\u2019re a Chief Security Officer, right? So they\u2019ve got to care about revenue, business costs\u2014all these things that we don\u2019t really talk about on the technical security side. They\u2019ve got to care about those things. They\u2019ve got to turn the security conversations into those business conversations.<\/p>\n

Add to that, they\u2019ve got to understand identity. That\u2019s a lot to ask. And I think having a\u2014and I don\u2019t know if it\u2019ll eventually be a C-level position\u2014but having somebody that basically owns identity within your organization, that\u2019s at that higher level, so like right under the CISO or a peer to the CIO, that\u2019s going out and saying, “Hey, look, we\u2019re going to own this. We\u2019re going to have these conversations. We\u2019re going to help the CIO or CISO, whoever they\u2019re reporting to, map those values back into business values.” I think that\u2019s going to be critical over this next evolution that we see of identity. Right? Especially as we start making this more of a security play. It\u2019s going to have to be there because, right now, I just think it\u2019s too much to ask the CISO to take on that as well. I don\u2019t think it\u2019s going to turn out very well.<\/p>\n

[00:24:34] David Puner: Right. CISOs are definitely overburdened, to say the least. Going back, then, to machine identity management, and I know you\u2019re a futurist of sorts, so looking ahead, what future trends do you expect we\u2019ll see with machine identity management, particularly in the context of hybrid and multi-cloud environments?<\/p>\n

[00:24:52] David Lee: I really think that\u2019s where automation and AI will have the biggest play. I don\u2019t see a successful path with machine identity management taking the same evolutionary path we took with human identity management\u2014those same steps. And here\u2019s what I mean by that. What we did historically in the identity industry is when we deliver product, the first thing we do is visibility, right? Okay, cool. So, we\u2019ll make a product that makes sure you can see everything that\u2019s out there, and that\u2019s the only feature you get\u2014visibility. “You can\u2019t secure what you can\u2019t see,” right? So, we start with visibility. Then, after visibility, we go, “Let\u2019s do some governance,” right? Now that we see it, let\u2019s group it together, let\u2019s apply some policies. Cool, that\u2019s awesome. And then we can give them back to you and show them to you in these nice reports. Awesome. Do you do anything? No, not yet. Then we go to take action, right? And now we can provision by sending a ticket. Oh my God, it\u2019s just this painful walkthrough process.<\/p>\n

[00:25:51] The scale is just way too much. So, I think looking ahead with machine identity management, we\u2019re going to see this roll into that kind of DevOps shift-left, where it\u2019s like, okay, a lot of this stuff is very fluid, happening very quickly, very automated. I think the tools need to be the same way, and it\u2019s going to be more so, “Hey, we\u2019re going to roll out these policies. We\u2019ve got discovery. We see these things,” and then it\u2019s like, “Hey, based on the policies that we have within access and the entitlements and things you\u2019re accessing, yes, you\u2019re approved, no, you\u2019re not approved.” We\u2019re tracking the lifecycle, and it\u2019s more of when these things are being provisioned or deprovisioned or happening. Those are more of the reports, and we\u2019re seeing those actions, but, like, the policy enforcement and what they\u2019re getting is more real-time.<\/p>\n

[00:26:37] So, I see machine identity turning into this access management kind of enforcement play, with the lifecycle being the after-action report. Like, “Hey, I\u2019ll just pull up a report that says, \u2018We had 10 machine identities spin up this morning. This one had access here, this one had access here. This was approved by this policy, this was denied by this policy. A request was sent to so-and-so to go investigate.\u2019” We can see the lifecycle, but we\u2019re not necessarily trying to control the lifecycle to where it\u2019s like, “David needs to go log into the production server, so he put in a request to go get it.” We don\u2019t have time for that. David needed to go get his work done, or he\u2019s pushing out a new build or whatever\u2019s happening. So, he needed the access at that time. We\u2019re tracking and seeing the lifecycle, and we\u2019re authorizing and enforcing least privilege at that time and managing it that way.<\/p>\n

[00:27:31] And anything that goes out of policy is when we\u2019ll step up and go, “Hey, okay, David, I know you wanted this, or this machine is doing this. Hey, this is really risky, really out of policy. Now we\u2019re going to put in some friction. Now we\u2019ll do the approval thing and figure that out.” Why? Because we want to pause and stop something from happening. Everything else we can just kind of report on after. I think it\u2019s going to have to go in that way because I just can\u2019t see the rigorous process of what we do now, dropping that in on your business and going, “This is now how you access these machine identities. Here\u2019s how you get an API secret, here\u2019s where you save it.” There\u2019s no way; it\u2019s just going to bring things almost to a halt.<\/p>\n

[00:28:10] David Puner: So, AI and ML being baked into the solution, obviously, is one side of the equation. On the other side of the equation, you\u2019ve got the new AI-driven attack techniques and threats that are rolling out and evolving, and who knows where they\u2019re going. How are you thinking about that? How do you anticipate for what we don\u2019t know and what\u2019s coming?<\/p>\n

[00:28:30] David Lee: I\u2019m a big fan of AI. I see the dangers, I absolutely do, but again, my background\u2014I\u2019m a computer scientist. I studied this stuff, and I was always fascinated by it. So we don\u2019t know what we don\u2019t know. Like, I\u2019m a big fan of looking at how we actually start to evolve and create autonomous AI that is looking at these things. And it becomes kind of like that helper mechanism. I say this a lot, but I have a huge Marvel fan base, right? Like, when I saw Iron Man for the first time back in 2008, and I saw Jarvis, I was like, “That\u2019s it.”<\/p>\n

[00:28:58] David Puner: Okay.<\/p>\n

[00:28:59] David Lee: That is every engineer\u2019s dream\u2014to have an autonomous intelligence that can help you with the administrative work. Like, “Hey, do this, do this, grab this, okay, we\u2019re going to put this together, okay, run this calculation for me, okay, great, that\u2019s how we do this, okay, go do that.” And so, I look at going forward with what we\u2019re going to have to do with AI, and it\u2019s like, a lot of the things that we do with these products really don\u2019t require humans, right? It\u2019s very heavily administrative tasks, however advanced they may be.<\/p>\n

So now, it\u2019s going and looking at this and having something I could monitor and look at things in real-time. Not quite Skynet to where it\u2019s completely taking all actions and doing all these things or whatever, but it\u2019s looking at data that\u2019s coming in, looking at context, looking at configurations. And it\u2019s something that a security practitioner or identity practitioner can interact with and go, “Okay, hey, tell me what\u2019s going on in my network today.”<\/p>\n

“Here are the patterns that we\u2019re seeing. Here are things that are happening. We\u2019re seeing a lot of heavy activity going against, you know, these servers using possible known threats. Here\u2019s this information. This is probably what we should do, and here\u2019s how we apply this.” Like, it\u2019s a conversation.<\/p>\n

What I would tell somebody to do is, like, ChatGPT\u2014what they\u2019re doing over there at OpenAI is amazing. Go check out ChatGPT\u2019s latest 4.0 reasoning model and do the voice interaction with it. And just kind of go back and forth and ask it questions. It\u2019s like me and you talking, dude. It\u2019s like I ask you a question, and it responds, and it\u2019s super quick for what it\u2019s been used to. I see that type of thing coming to be able to help us understand and work through what\u2019s going on against threats against our networks and security vectors, because I just don\u2019t think the average practitioner is going to be able to consume enough data and look at enough things to catch everything at the rate and speed at which these attacks are going to start happening.<\/p>\n

[00:30:19] David Puner: Are there any particular trends that you think organizations should be aware of when it comes to the identity security landscape and how it\u2019s going to evolve over the next few years?<\/p>\n

[00:30:30] David Lee: I think it\u2019s not a big trend now. Here\u2019s what I would say to look at: what all this stuff means at the end of the day is you really need to understand your data models underneath. Not just permissions and entitlements or accounts, but all of the metadata information that connects with that. What does an identity relationship mean within my organization, and what is that in relation to risk?<\/p>\n

Where is all this data at, and can I see most of this data? How am I collecting most of this data? Where is this data being stored? Because it is there, whether you can see it or not, and it\u2019s probably in different places. I would really start focusing on understanding, “Do I have a clear picture and understanding of my identity data?” Because all these things that we\u2019ve been talking about and all these new features these vendors are talking about and what they\u2019re going to do with, quote-unquote, “AI,” it all depends on data.<\/p>\n

This goes back to, like, a 10-year-old statement where “data is the new oil,” right? Absolutely. So, like, if you don\u2019t have a clear understanding of where your data is or access to your data, that is going to be kind of like your crown jewel. It is going to kind of help you going forward. And so, that\u2019s the trend I would start to see. Because you\u2019re not going to be able to take advantage of a lot of these features without understanding some kind of data quality issues or what you have going there.<\/p>\n

And these vendors are going to struggle to deliver the things they\u2019re telling you because they\u2019re dependent on that data, right? So, how that shapes up is going to be interesting. Not saying that every company needs to go off and go do data cleanup. Nobody ever wants to do that, and nobody ever will, but it\u2019s going to become an issue. Now, whether the vendors end up solving it or something else comes up that makes it easier\u2014great. But that\u2019s what I would tell people: put that in the back of your head. Don\u2019t go out and spend your budget today, or I\u2019m not saying you\u2019ve got to abandon other stuff, but be thinking about that, right? If you\u2019ve got the bandwidth, assign one or two people who are like, “Hey, go track this trend and see what\u2019s going on there.”<\/p>\n

[00:32:15] David Puner: On that Marvel thread, you made an interesting point. And I\u2019m wondering, is the fear that you\u2019re hearing or that you\u2019re receiving on the receiving end of when it comes to AI and AI consciousness potentially one day\u2014that we\u2019re hearing a lot about\u2014is this fear irrational or rational? And what about it and why, I guess?<\/p>\n

[00:32:32] David Lee: It\u2019s only special\u2014it\u2019s a rational fear. And the fear is speed and the unknown, and I\u2019ll break those two things down. We are seeing, publicly, the AI movement moving so fast and being able to do so many things, I think that\u2019s really where the fear comes from. It\u2019s like, “Whoa, whoa, whoa!” And then also you just got to look at, like, pop culture. We\u2019ve been trained over the last 30, 40 years to think of all this scary super stuff that could happen with AI and all these things, right?<\/p>\n

[00:33:02] And then we\u2019re starting to see things mimic that. I mean, look at Tesla a week ago or two weeks ago, right? They did a little event, and it was literally right out of I, Robot. Like, everything they designed looked like it was out of I, Robot. So, it\u2019s like, “Oh my God, it\u2019s these things come to life!” And so, I think the fears of the speed are like, “Oh, this is kind of happening too fast.”<\/p>\n

There is some rationale to it in that the ability to be able to do a lot of these things so quickly can be a little overwhelming. The feasibility of it is more likely than unlikely. We\u2019ve done a ton of research\u2014when I say “we,” like, the computing industry has done a ton of research. AI has been a topic for half a century, right, and researched and things like that. And over the last 10 years, we\u2019ve gotten a lot of developments for us to see the things that we see now. But we\u2019re starting to see, like, autonomous movements, autonomous actions where you can give this thing just general instructions, and it learns what to go do, and it moves and goes from there.<\/p>\n

And so, the ability for this to then say, “Okay, well, we can always give it guardrails,” it\u2019s like, well, eventually, that\u2019s what we\u2019re training models not to have\u2014guardrails. It\u2019s like, “Hey, just go do this and figure it out,” right? And that\u2019s the part where that\u2019s a rational fear, like, “Hey, no, this thing is actually figuring stuff out. I didn\u2019t tell it anything, and it just went and did more things,” right?<\/p>\n

[00:34:30] And so, that\u2019s where the fear comes from. A perfect phrase always is in Malcolm. We look and say, “Can we do something?” We never stop and say, “Well, should we do it?” We keep pushing because that\u2019s what scientists do.<\/p>\n

[00:34:44] David Puner: Yeah.<\/p>\n

[00:34:45] David Lee: And so, that part is a little rational because we don\u2019t know what we don\u2019t know there. I think we\u2019re a couple\u2014maybe two, three decades\u2014from seeing that. There\u2019s a lot on the computation side, the resource side that would have to happen. Quantum computing is a wild card in there, right? If that becomes a real and viable thing in the next decade or so, then that changes things, right? And the ability to harness even more computing and quantum computing\u2019s ability to do certain things could give it kind of more power to do this computation.<\/p>\n

[00:35:15] So, all of that to say, right, it\u2019s complicated. I\u2019ll ease it like this: There\u2019s a lot of irrational fear out there, right? On the feasibility of something taking over and, “Oh my gosh, we\u2019re all going to have machine overlords in the next five years.” That\u2019s irrational. The more rational side is caution versus fear. It\u2019s like, some of these things are actually really, really possible now.<\/p>\n

[00:35:42] David Puner: Yeah. There\u2019s a lot to think about, and that\u2019s actually humans thinking about it\u2014not necessarily AIs thinking about it. Going back to your futurist take on things, what do you see as the biggest challenges around identity over the next few years, and how can organizations prepare for these challenges?<\/p>\n

[00:35:58] David Lee: I think the biggest challenge for organizations is just scale, right? I think we are seeing identity challenges at a scale we\u2019ve never quite seen before at the regular business level. And kind of here\u2019s what I mean by that:<\/p>\n

[00:36:11] David Puner: And when you mean, like, the number of identities?<\/p>\n

[00:36:13] David Lee: Yes, the number of identities, permissions, and things that you have to manage. This cloud and hybrid kind of environments, right? There\u2019s just a lot more. Things were simpler and easier 20 years ago. Everything was in my network. I see everything. I control it. That\u2019s it. Or even 10 years ago, where it\u2019s like, I\u2019m in the cloud and on-prem, right?<\/p>\n

And now you\u2019ve got this hybrid thing, right? And hybrid was really for the old folks who couldn\u2019t move out their mainframes. But now people are just going hybrid. “Hey, I want access here. I want this thing.” And so, the speed at which we\u2019re creating applications, creating access, and proliferating data means more and more access and more and more identities, and it is a problem.<\/p>\n

[00:36:48] And so, I think as we are looking at, “Okay, we want to centralize this thing, and we want to centralize around a platform and be better about this,” the challenge they have is, how do I get a hold of this? How do I structure it within my organization to make sure they have the\u2014 and I\u2019ll use this term “political power” within the organization\u2014to knock the changes?<\/p>\n

And then how do I ramp up the practitioners that I need for this? Because with identity security, typically identity practitioners have been IT kind of based, right? And most organizations, it\u2019s administrators, and they\u2019re used to provisioning tickets, handling certain things. It\u2019s more of a “care and feeding.” We\u2019re just coming in, like, everything did its thing, close the tickets, or re-provision. Great.<\/p>\n

[00:37:34] Security practitioners, you\u2019re active. You\u2019re in it every day. You\u2019re looking for\u2014you\u2019re hunting down threats, trying to see what\u2019s going on, looking at different vulnerabilities. Identity hasn\u2019t had those muscles to flex, and so now they\u2019ve got to start learning how to flex those. So scalability, and then just your resources in building that team, I think, are the biggest challenges in the short term for organizations to figure out how to do that and what this looks like.<\/p>\n

And then, the scary thing that I would say, “Okay, sure, everybody gets this platform, and everything\u2019s all in one,” but what happens when that goes down? Right? We\u2019ve done a lot, and I think we\u2019ve gotten really lazy with SaaS in that we forget about disaster recovery and backup. Like, all of a sudden, if everything that\u2019s managing your access and your sign-on is in the cloud, and that goes down, what do you do now?<\/p>\n

And so, those kinds of discussions and this shared responsibility model that became popular with SaaS, I think we need to start rethinking that and making sure we\u2019re clearly drawing those lines and knowing where that is. Those are kind of the two of the things as I look into the future that I think are going to be important in how you look at that and structure this. It\u2019s going to cause a change. I\u2019m so excited to see what organizations look like 10 years from now and how they\u2019re structured. I think it\u2019s going to be completely different than how they are right now.<\/p>\n

[00:39:01] David Puner: Really interesting stuff, David. I\u2019m going to ask you to look into the short-term future one last time because we\u2019re coming to the end of this podcast. We\u2019re recording this toward the end of October. The World Series is going to be starting tomorrow. You\u2019re an LA Dodgers fan. You grew up in LA. I\u2019m a New York Yankees fan, live in Boston, grew up in New York. Exciting stuff. Who\u2019s going to win? How many games? This is coming out after the World Series is over. So, what are we looking at?<\/p>\n

[00:39:30] David Lee: Dodgers in six, man.<\/p>\n

[00:39:32] David Puner: All right. We\u2019re starting in LA, so you think you\u2019re going to come up with a couple of quick wins there?<\/p>\n

[00:39:35] David Lee: Nope. I think they\u2019re going to come out of the gates pretty fast and kind of catch the Yankees off guard, but that Yankees lineup, man, that\u2019s nothing to\u2014 they will not be silenced.<\/p>\n

[00:39:45] David Puner: Nothing to trifle with. Yes.<\/p>\n

[00:39:46] David Lee: Yeah. I think it\u2019s going to be a hard-fought match, but I mean, I got to go Dodgers in six. I can\u2019t\u2014I can\u2019t.<\/p>\n

[00:39:51] David Puner: Yeah.<\/p>\n

[00:39:52] David Lee: Dodgers in six. I think, either way, this is going to be a great World Series, though.<\/p>\n

[00:39:57] David Puner: I\u2019m super excited for it. And I guess I\u2019ve got to make my pick now too. I haven\u2019t really thought about it, but I know I want the Yankees to win. I think the Yankees are going to win. Hopefully, the long layoff isn\u2019t going to mean that they\u2019re going to be rusty, but I\u2019m thinking Yankees in seven.<\/p>\n

[00:40:12] David Lee: Okay.<\/p>\n

[00:40:13] David Puner: I think MLB would like that too.<\/p>\n

[00:40:15] David Lee: Yeah, I bet they would.<\/p>\n

[00:40:16] David Puner: Yeah. David Lee, the identity Jedi. Check out his newsletter and subscribe over there at theidentityjedi.com. You got a newsletter, you got a podcast, you got a lot of things going on. It\u2019s been really fabulous having you on the podcast, and we hope to talk to you sometime down the road again.<\/p>\n

[00:40:30] David Lee: Hey man, appreciate you having me on. I\u2019m happy to come back anytime.<\/p>\n

[00:40:34] David Puner: Thanks for listening to Trust Issues. If you liked this episode, please check out our back catalog for more conversations with cyber defenders and protectors. And don\u2019t miss new episodes. Make sure you\u2019re following us wherever you get your podcasts and, oh yeah, drop us a line if you feel so inclined. Questions, comments, suggestions, which come to think of it are kind of like comments. Our email address is trustissues, all one word, at cyberark.com. See you next time.<\/p><\/div>\n","protected":false},"featured_media":213900,"template":"","class_list":["post-199139","podcast","type-podcast","status-publish","has-post-thumbnail","hentry"],"acf":[],"yoast_head":"\nEP 65 - Machine Identities, AI and the Future of Security with the 'Identity Jedi' | CyberArk<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cyberark.com\/podcasts\/ep-65-machine-identities-ai-and-the-future-of-security-with-the-identity-jedi\/\" \/>\n<meta property=\"og:locale\" content=\"ko_KR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"EP 65 - Machine Identities, AI and the Future of Security with the 'Identity Jedi'\" \/>\n<meta property=\"og:description\" content=\"In this episode of the Trust Issues podcast, host David Puner and David Lee, aka \u201cThe Identity Jedi,\u201d delve into the evolving landscape of identity security. They discuss the critical challenges and advancements in securing...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cyberark.com\/podcasts\/ep-65-machine-identities-ai-and-the-future-of-security-with-the-identity-jedi\/\" \/>\n<meta property=\"og:site_name\" content=\"CyberArk\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/CyberArk\/\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-04T11:17:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.cyberark.com\/wp-content\/uploads\/2024\/11\/OWM5OS5qcGc-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1400\" \/>\n\t<meta property=\"og:image:height\" content=\"1400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@CyberArk\" \/>\n<meta name=\"twitter:label1\" content=\"\uc608\uc0c1 \ub418\ub294 \ud310\ub3c5 \uc2dc\uac04\" \/>\n\t<meta name=\"twitter:data1\" content=\"45\ubd84\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cyberark.com\/podcasts\/ep-65-machine-identities-ai-and-the-future-of-security-with-the-identity-jedi\/\",\"url\":\"https:\/\/www.cyberark.com\/podcasts\/ep-65-machine-identities-ai-and-the-future-of-security-with-the-identity-jedi\/\",\"name\":\"EP 65 - Machine Identities, AI and the Future of Security with the 'Identity Jedi' | CyberArk\",\"isPartOf\":{\"@id\":\"https:\/\/www.cyberark.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.cyberark.com\/podcasts\/ep-65-machine-identities-ai-and-the-future-of-security-with-the-identity-jedi\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.cyberark.com\/podcasts\/ep-65-machine-identities-ai-and-the-future-of-security-with-the-identity-jedi\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.cyberark.com\/wp-content\/uploads\/2024\/11\/OWM5OS5qcGc-1.jpg\",\"datePublished\":\"2024-11-08T05:16:55+00:00\",\"dateModified\":\"2026-04-04T11:17:47+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.cyberark.com\/podcasts\/ep-65-machine-identities-ai-and-the-future-of-security-with-the-identity-jedi\/#breadcrumb\"},\"inLanguage\":\"ko-KR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cyberark.com\/podcasts\/ep-65-machine-identities-ai-and-the-future-of-security-with-the-identity-jedi\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ko-KR\",\"@id\":\"https:\/\/www.cyberark.com\/podcasts\/ep-65-machine-identities-ai-and-the-future-of-security-with-the-identity-jedi\/#primaryimage\",\"url\":\"https:\/\/www.cyberark.com\/wp-content\/uploads\/2024\/11\/OWM5OS5qcGc-1.jpg\",\"contentUrl\":\"https:\/\/www.cyberark.com\/wp-content\/uploads\/2024\/11\/OWM5OS5qcGc-1.jpg\",\"width\":1400,\"height\":1400},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.cyberark.com\/podcasts\/ep-65-machine-identities-ai-and-the-future-of-security-with-the-identity-jedi\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.cyberark.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"EP 65 – Machine Identities, AI and the Future of Security with the ‘Identity Jedi’\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cyberark.com\/#website\",\"url\":\"https:\/\/www.cyberark.com\/\",\"name\":\"CyberArk\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.cyberark.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.cyberark.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ko-KR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.cyberark.com\/#organization\",\"name\":\"CyberArk Software\",\"url\":\"https:\/\/www.cyberark.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ko-KR\",\"@id\":\"https:\/\/www.cyberark.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.cyberark.com\/wp-content\/uploads\/2021\/02\/cyberark-logo-dark.svg\",\"contentUrl\":\"https:\/\/www.cyberark.com\/wp-content\/uploads\/2021\/02\/cyberark-logo-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"CyberArk Software\"},\"image\":{\"@id\":\"https:\/\/www.cyberark.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/CyberArk\/\",\"https:\/\/x.com\/CyberArk\",\"https:\/\/www.linkedin.com\/company\/cyber-ark-software\/\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"EP 65 - Machine Identities, AI and the Future of Security with the 'Identity Jedi' | CyberArk","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cyberark.com\/podcasts\/ep-65-machine-identities-ai-and-the-future-of-security-with-the-identity-jedi\/","og_locale":"ko_KR","og_type":"article","og_title":"EP 65 - Machine Identities, AI and the Future of Security with the 'Identity Jedi'","og_description":"In this episode of the Trust Issues podcast, host David Puner and David Lee, aka \u201cThe Identity Jedi,\u201d delve into the evolving landscape of identity security. They discuss the critical challenges and advancements in securing...","og_url":"https:\/\/www.cyberark.com\/podcasts\/ep-65-machine-identities-ai-and-the-future-of-security-with-the-identity-jedi\/","og_site_name":"CyberArk","article_publisher":"https:\/\/www.facebook.com\/CyberArk\/","article_modified_time":"2026-04-04T11:17:47+00:00","og_image":[{"width":1400,"height":1400,"url":"https:\/\/www.cyberark.com\/wp-content\/uploads\/2024\/11\/OWM5OS5qcGc-1.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_site":"@CyberArk","twitter_misc":{"\uc608\uc0c1 \ub418\ub294 \ud310\ub3c5 \uc2dc\uac04":"45\ubd84"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.cyberark.com\/podcasts\/ep-65-machine-identities-ai-and-the-future-of-security-with-the-identity-jedi\/","url":"https:\/\/www.cyberark.com\/podcasts\/ep-65-machine-identities-ai-and-the-future-of-security-with-the-identity-jedi\/","name":"EP 65 - Machine Identities, AI and the Future of Security with the 'Identity Jedi' | CyberArk","isPartOf":{"@id":"https:\/\/www.cyberark.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.cyberark.com\/podcasts\/ep-65-machine-identities-ai-and-the-future-of-security-with-the-identity-jedi\/#primaryimage"},"image":{"@id":"https:\/\/www.cyberark.com\/podcasts\/ep-65-machine-identities-ai-and-the-future-of-security-with-the-identity-jedi\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cyberark.com\/wp-content\/uploads\/2024\/11\/OWM5OS5qcGc-1.jpg","datePublished":"2024-11-08T05:16:55+00:00","dateModified":"2026-04-04T11:17:47+00:00","breadcrumb":{"@id":"https:\/\/www.cyberark.com\/podcasts\/ep-65-machine-identities-ai-and-the-future-of-security-with-the-identity-jedi\/#breadcrumb"},"inLanguage":"ko-KR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cyberark.com\/podcasts\/ep-65-machine-identities-ai-and-the-future-of-security-with-the-identity-jedi\/"]}]},{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/www.cyberark.com\/podcasts\/ep-65-machine-identities-ai-and-the-future-of-security-with-the-identity-jedi\/#primaryimage","url":"https:\/\/www.cyberark.com\/wp-content\/uploads\/2024\/11\/OWM5OS5qcGc-1.jpg","contentUrl":"https:\/\/www.cyberark.com\/wp-content\/uploads\/2024\/11\/OWM5OS5qcGc-1.jpg","width":1400,"height":1400},{"@type":"BreadcrumbList","@id":"https:\/\/www.cyberark.com\/podcasts\/ep-65-machine-identities-ai-and-the-future-of-security-with-the-identity-jedi\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cyberark.com\/"},{"@type":"ListItem","position":2,"name":"EP 65 – Machine Identities, AI and the Future of Security with the ‘Identity Jedi’"}]},{"@type":"WebSite","@id":"https:\/\/www.cyberark.com\/#website","url":"https:\/\/www.cyberark.com\/","name":"CyberArk","description":"","publisher":{"@id":"https:\/\/www.cyberark.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cyberark.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ko-KR"},{"@type":"Organization","@id":"https:\/\/www.cyberark.com\/#organization","name":"CyberArk Software","url":"https:\/\/www.cyberark.com\/","logo":{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/www.cyberark.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.cyberark.com\/wp-content\/uploads\/2021\/02\/cyberark-logo-dark.svg","contentUrl":"https:\/\/www.cyberark.com\/wp-content\/uploads\/2021\/02\/cyberark-logo-dark.svg","width":"1024","height":"1024","caption":"CyberArk Software"},"image":{"@id":"https:\/\/www.cyberark.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/CyberArk\/","https:\/\/x.com\/CyberArk","https:\/\/www.linkedin.com\/company\/cyber-ark-software\/"]}]}},"_links":{"self":[{"href":"https:\/\/www.cyberark.com\/ko\/wp-json\/wp\/v2\/podcast\/199139","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cyberark.com\/ko\/wp-json\/wp\/v2\/podcast"}],"about":[{"href":"https:\/\/www.cyberark.com\/ko\/wp-json\/wp\/v2\/types\/podcast"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cyberark.com\/ko\/wp-json\/wp\/v2\/media\/213900"}],"wp:attachment":[{"href":"https:\/\/www.cyberark.com\/ko\/wp-json\/wp\/v2\/media?parent=199139"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}