Identiverse is right around the corner. Like most, I am sitting down to plan my calendar and getting more inspired than ever about the direction our industry is heading. For others trying to prioritize the hundreds of talks on the schedule, I’ve indexed a few I think are must-attend below.
What are your thoughts? Have I missed any that I should prioritize? Send me your thoughts on LinkedIn.
1 - Passkeys are Here! What Now?
Session Details: https://identiverse.com/idv23/session/1361531/
Speaker: Christiaan Brand, Product Manager, Identity & Security, Google
Abstract: This talk will explain how passkeys work and which platforms are supported as well as outline the user journeys for services upgrading to passkeys. Christiaan will even share some real code samples of how to implement passkeys in your apps.
Why I’m interested: We are big believers in strong authentication here at Oort. We see first-hand the prevalence of weak or no MFA every time we run an initial health assessment on prospective customers. Excited to hear Christiaan share the latest take from Google following their announcement last week on passkeys.
2 - Signing Out and Session Management in 2023
Session Details: https://identiverse.com/idv23/session/1361541/
Speaker: Vittorio Bertocci, Principal Architect, Auth0/Okta
Abstract: From backchannel logout to session-bound tokens, through CNAMEs tricks and APIs such as 1st Party sets, signing out will get trickier. This session will help you to make sense of it all.
Why I’m Interested: Long running sessions are low hanging fruit for attackers. Having a policy for session timeout is a great first step, but being able to identify when sessions aren't adhering to that policy and taking action is something else altogether.
3 - Understanding NIST Digital Identity Guidelines
Session Details: https://identiverse.com/idv23/session/1361548/
Speaker: Ryan Galluzzo, Digital Identity Program Lead, NIST Applied Cybersecurity Division, NIST
Abstract: The NIST presenters will talk about the critical changes made from the previous version of the guidelines, discuss the motivations behind these changes, and provide initial insight on the outputs of the recent public comment period that closed in late March.
Why I’m Interested: Mapping to frameworks is important to give guidance on where to start and what desired end state looks like, as well as ensure identity has a seat at the table when considering overall risk. NIST has made significant updates since their 2017 version and I’m excited to hear directly how they are thinking of identity security.
4 - Our Drive to Zero Passwords - A Discussion
Session Details: https://identiverse.com/idv23/session/1442097/
Speaker: Ryan Rowcliffe, Field CTO, Hypr
Abstract: A panel discussion covering: What are passkeys? How do they affect you? The differences between individual and enterprise passkeys. Top tips to consider when deploying enterprise passkeys in your organization and more!
Why I’m Interested: Despite the growing availability of passkeys, our research has found that less than 2% of identities have phishing resistant forms of MFA. I’m excited to hear from a leader in the passwordless space about how they support the implementation and use across the enterprise.
5 - Securing Organizations Against Large Scale Identity Attacks
Session Details: https://identiverse.com/idv23/session/1361533/
Priti Patil, STSM, IAM Analytics, IBM
Jose Rodriguez, Chief Product Architect- Identity & Access Management, IBM
Abstract: The rise in identity-based attacks reminds us that organizations need more visibility into suspicious traffic across their environments, especially cloud and hybrid environments. In this session, we will talk about various identity attacks and their indicators of compromise that can help provide customers visibility into suspicious traffic indicating potential attacks and enable automated proactive remediation action in identity tools. I
Why I’m Interested: ITDR is a critical missing piece for most security organizations and core to what Oort offers our clients. Gartner estimates by 2027, identity fabric immunity principles will prevent 85% of new attacks and thereby reduce the financial impact of breaches by 80%. ITDR plays a huge role and this discussion should not be missed for anyone interested in solving for identity-based attacks.
6 - Tectonic Collisions Between Identity & Security in 2023
Session Details: https://identiverse.com/idv23/session/1361595/
Speaker: Alexander Weinert, VP Director of Identity Security, Microsoft
Abstract: A walk through of the touch points in workflow, governance, authorization, and policy that once only belonged to identity but are now shared with those responsible for security. The presentation talks about what it means to be an IAM professional who liaisons with a SOC (security operations center) and what identity admins lacking the luxury of dedicated security ops personnel can do today to stay safe.
Why I’m Interested: Just like security and IT have had to join forces to solve network and device security, we are experiencing the need for that collaboration for identities. Bridging the divide between IAM and security is critical to successfully understanding and limited identity risk.
7 - Navigating Your Career Development as an Identity Professional
Session Details: https://identiverse.com/idv23/session/1361632/
Speaker: Jon Lehtinen, IDPro Board Member, Director - Okta on Okta
Abstract: Thoughts and advice on becoming the best practitioner you can be to enjoy an engaging and challenging career, along with some strategies for determining what your own best “next step” for your career journey may be- regardless your level of ambition or years of experience in the industry.
Why I’m Interested: Success in identity security requires well educated and successful identity practitioners. Investing in the development of strong identity professionals will have the single biggest impact on how successful we are in defending against identity threats. Great to see leaders in the space promoting the importance of career advancement!
That’s my list. What do you think?
Selfishly I’m most excited to interact with the community of experts doing the work of identity security day in and out and get their feedback on what we have built here at Oort. I founded this company to solve the biggest challenge for security teams today and give them an easy button to:
- Understand their identity population
- Identify & remedy weaknesses in their identity attack surface
- Alert when active threats are happening to prevent account takeover in the first place
I’d love to talk with as many people as possible while I’m in Vegas. Drop me an email if you’d like to meet, or swing by booth #1109 to meet myself and the Oort team and see the tool first-hand.
Not joining us in Vegas? We’ve got a Zoom link for that. Drop us a line and we will be happy to show you the solution and get your feedback.
Oort is an identity-centric enterprise security platform. As a turnkey solution for Identity Threat Detection and Response (ITDR), Oort is providing immediate value to security teams by working with existing sources of identity to enable comprehensive identity attack surface management in minutes. Led by a team with decades of domain expertise across identity, networking, and security, Oort is backed by venture capital investors including Energy Impact Partners, .406 Ventures, Bain Capital Ventures, Cisco Investments and others. Market-leading technology companies, like Collibra and Avid Technology, rely on Oort to provide full visibility into their identity populations. To learn more, please visit oort.io.