Before SaaS and the cloud reshaped the enterprise, identity lived on-prem. In this episode of All Aboard, ConductorOne CEO Alex Bovee is joined by Karl McGuinness, former Chief Product Architect at Okta, to explore the early architecture and security assumptions that defined the on-prem era. 

They dig into the rise of Active Directory, group sprawl, NT domains, and the brittle trust models that left networks vulnerable. Their conversation traces how enterprise identity evolved and what we are still carrying with us today

They dig into what AI tooling actually looks like inside a global enterprise and why AI adoption is often more behavioral than technical. Abraham shares how cultural norms around regulation, privacy, and autonomy shape how teams use AI, and how those differences play out across borders. The conversation also explores the identity governance challenges introduced by both personal and corporate AI agents, and why just-in-time access, no birthright permissions, and AI-native IAM are essential for security at scale.

It’s a global, ground-level look at where security is heading with one of the most observant voices in the space.

The trio dives deep into the rapid rise of agentic AI and its disruptive force on traditional software models. They explore whether agents will replace entire applications, how velocity in AI-driven development is commoditizing SaaS, and why domain expertise and data gravity are the new competitive moat. Brian offers a practitioner’s take from the front lines of SaaS security, while Pramod shares what’s exciting investors—and what’s getting laughed out of the pitch room.

If you’re building, investing in, or just trying to make sense of the AI-native enterprise future, this conversation will challenge your assumptions.

They dig into why speed without control is dangerous, how trust and security must evolve together, and why human oversight is still essential. If you’re exploring the future of AI and identity, this one’s for you.

Tal’s story demonstrates how bringing new perspectives to common security problems can yield powerful results. A professional hacker in her teens, Tal’s ability to see vulnerabilities from an attacker’s point of view allowed her to find a solution others might have overlooked. Listen to the full episode to learn how she’s turned that solution into a thriving, fully bootstrapped business.

What’s inside:

• Tal’s journey from teenage hacker to CISO to co-founder
• How Tal’s background helped her see a problem others weren’t solving
• Why device misconfiguration is a big security risk
• How GYTPOL has grown its business organically
• Why creating value for IT teams is critical to convincing CISOs to invest in security solutions

David is an identity security veteran and one of the sharpest thinkers in the space, so we couldn't round out the year without sharing his take on Black Hat and how he sees the security industry evolving. This episode gives practitioners and vendors alike plenty to think about as we approach 2025. 

What’s inside:

• Who’s actually buying security products (Hint: It’s not CISOs)
• How Black Hat has changed and how to get the most out of it
• How CISOs and security teams are deciding what to prioritize in 2025
• Why humans are still the biggest security threat for companies
• Where David sees AI making the most impact in security

Francis and Alex talk about the state of the industry and dig into two related topics on everyone’s mind at Black Hat: non-human identities and gen AI. Francis shares his views on what’s hype, what isn’t, and how the industry is responding to new threats and new tech. It’s a timely episode that will have you looking ahead to 2025 and beyond!

What’s inside:

• The explosion of service accounts and how the industry is solving for it
• AI’s possibilities—and access issues
• What cybersecurity trends Francis is paying attention to right now 
• Use cases for point solutions vs. platforms
• How the shared responsibility model of security is evolving

As an engineer turned product builder, Darwin has a multifaceted perspective on the cybersecurity industry. He understands security practitioners’ needs and keeps his ear to the ground to learn how product builders are innovating solutions to serve them. Alex and Darwin cover a range of industry topics including why more product builders should be practitioners, how the role of CISO is changing, and Darwin’s takeaways from the expo hall floor at Black Hat. 

What’s inside:

• Darwin’s background and why he started the Cybersecurity Pulse newsletter
• Why more practitioners should transition to product building
• Trends seen at Black Hat 2024
• Moving to a bottom-up sales motion for security tools
• Industry predictions for 2025 and beyond

Together, Alex and Ross analyze what success looks like in the security industry, weighing in on the platform vs. point solution debate and discussing the importance of hiring strategically at startups. Finally, Ross shares his predictions for the near future of the security space. This episode has a little something for everyone—don’t miss it!

What’s inside:

• A deep dive into Ross’s creative process behind Venture in Security
• Platforms vs. point solutions 
• What does success mean for security startups?
• Hiring at startups—what’s the best strategy?
• Ross’s cyberindustry predictions for next year

Together, Alex, Nancy, and Ashish tackle one of the industry’s hottest topics right now: AI agents and their impact on the future of security workflows. From analyzing what makes an AI agent to unpacking these agents’ security implications and areas of promise, this episode covers it all. If you’re curious about where the AI revolution is going to take the security space next, this is one episode you don’t want to miss!

What’s inside:

• What are AI agents? And what are the security concerns around them?
• The security implications of leveraging AI agents within your environment
• Opportunities for security practitioners to use AI agents in their workflows
• Where does the most promise lie for using AI and LLM technologies in security?
• Are AI bots going to become domain specific? And how do they fit into the age-old build vs. buy debate?

Together, Ian and Alex tackle two of the most discussed concepts in identity security: least privilege access (LPA) and zero standing privilege (ZSP). They analyze the pros and cons of each framework and how and where companies can put them into practice. Ian also shares his thoughts on how the identity industry has evolved and his predictions on how it will look in the near future.

What’s inside:

• ZSP vs. LPA: How do they differ? What are the shortcomings of each? Which is more effective?
• How to get started on the journey to implementing ZSP and LPA
• How to successfully control access sprawl
• The evolution of Identity as a shared concern between IT and security
• Ian’s identity security predictions 

What’s inside:

• When to get a SOC 2 and how to choose compliance frameworks based on your organization’s needs
• The risks every startup should be thinking about and how to address them
• Why adopting the right technology doesn’t require a massive investment
• When to make your first security hire
• How to manage device and contractor security
• Alert fatigue and the steps you can take to combat it
• Why Rob’s optimistic about AI and emerging trends in the security industry

Alex and David share opinions about everything IGA, including how the space has evolved from the early days to where it is now, becoming a P0 security initiative for companies and moving away from legacy solutions toward more modern, SaaS-based tools—all while trying to survive the hottest wing sauces out there!

What’s inside:

• What David finds most exciting about working in identity today
• Why approximately 50% of IGA deployments are distressed
• What customers want from modern IGA solutions
• Will tool consolidation continue?
• Is traditional PAM dead? How will it evolve over the next few years?
• Do security teams care about identity?

What’s inside:

• JumpCloud’s journey to becoming a successful market disrupter
• Using product as the primary vehicle of a GTM strategy
• How to foster a great company culture and the impact it has on output
• The intertwining of IT and security teams, and what it means for the future of identity
• The difference between consumer and workforce identity—should they be under the same umbrella?
• What impact will AI and LLMs have on identity security?

Jeff and Alex talk about 1Password’s evolution, what it means to build products that are “Angry Birds easy,” how staying true to a simple goal—keep people safe online—has guided 1Password’s growth, and what the future of personal online safety looks like. 

What’s inside:

• Why protecting personal data is critical to protecting company data
• How to stay focused on customer success at a growing company
• Where acquisitions fit into 1Password’s growth strategy
• How to manage resources when running two business lines
• Why making people’s lives more convenient is key to keeping them safe
• When to make boring technology choices and when to focus on innovation
• Will we ever move past passwords? 

In this episode, Chris and host Alex Bovee tackle the broad topic of compliance from multiple angles, going over the basics of compliance frameworks and why they matter and then breaking down how to use compliance to improve security outcomes and add business value.

What’s inside:

• Intro to compliance frameworks
• Why certifications like SOC 2 Type 2 matter to customers
• The intersection of GRC and security
• How to work well with auditors
• Using compliance to push your security program forward
• How to measure the value of compliance
• When and how to do FedRAMP

David is about as much of an identity expert as you can be. He’s worked in identity at Sailpoint and AWS, and is now the co-founder and CEO of Raincoat. David has really seen it all and has devoted his career to the domain. We’re thrilled to have him on!

What’s inside:

• Identity governance and AI in the past: broken promises?
• How AI has the opportunity to leverage structured relationships and connections of identity
• Unique applications of LLMs and AI in the identity space

• Why zero trust is only one piece of the security puzzle 
• The tie between employee happiness and company success
• Why prioritizing a more secure VPN was the way to go
• How to sell products internally 
• The faults of a ‘security first’ mindset
• Building effective relationships between sellers and buyers

The average security team today is receiving about 10,000 alerts daily across an average of 77 SaaS tools. SaaS products are only effective when implemented by teams on the frontline. That means for a team to use a product, they have to be easy to use and robust enough to handle the complexity of a security team. Eoin delves into the internal struggles of security teams and why automation is key in a modern workforce. 

What’s inside:

• Building the product that Eoin wished he could use
• Characteristics people look for in a new automation SaaS product
• The need for human involvement at certain steps in the workflow
• Why automation is going to increase headcount over time
• Eoin’s founder story and experience with competition in the SaaS startup world

• How Oort shifted from an access controls solution to a threat detection one to acquisition
• Why there’s value in positioning through the user’s perspective
• The key differences and current uses for IAM vs CIAM 
• Balancing advanced detection modeling and the day-to-day security necessities 
• Why test driven models are the way to go 
• Future goals and predictions for IAM and ITDR

Hiring is hard, and hiring quality security professionals is even harder. Code Red saw this need and made it their super power – finding and connecting the right security folks to the right companies. In the interview, Tom dives into how Code Red helps companies form realistic hiring expectations, how to find talent “outside of the box,” and tips around making your first security hire. 

What’s inside:

• Code Red Partners’ origin story
• Making the first security hire 
• Tom and Code Red’s hiring philosophies
• Why unconventional hiring is not something to be afraid of

With over a decade of experience in the security space, Rob has seen the good, the bad, and the ugly of vulnerability management. In this episode, he spills the beans on vulnerability management, how government cybersecurity directives impact compliance regulations, and achieving compliance without compromising efficiency. 

What’s inside:

• What SBOMs actually are and why they are so important
• How Edgebit secures software supply chains 
• The differences between centralized and decentralized security 
• What stage should companies start thinking about compliance
• Edgebit’s origin and how they empower security teams 

What’s inside:

• Why IT and Security teams and workloads are converging and why that’s a good thing
• Kandji’s journey, from its founding story to today 
• Dom’s advice on cultivating a security “consciousness” at your company
• How device identity and security fits into Zero Trust

In this episode of the All Aboard Podcast, Alex dives into the world of security engineering and cloud privilege access management with Will Bengston. Will is a security researcher, an angel investor, and currently leads the Security Engineering team at HashiCorp. 

What’s inside:

• The key differences between traditional PAM and cloud PAM
• How Will’s team grappled with the explosion of infrastructure accounts and permissions in their environment.
• How the Security Engineering team at Hashi home grew a cloud privileged access management solution
• A practical framework and approach for realizing least privilege access

• A deep dive of [security] platform engineering
• How the Netflix security team kept up with explosive growth and digital transformation
• Jason’s advice to founders innovating in the security space

• The discovery of a company security fault that led to the start of Resourcely
• Travis’s advice on where time should be spent to optimize developers’ workload
• Why ticketing is an outdated practice to drive security remediation
• What the platform engineering movement is and how it has changed the way teams are organized
• How to empower developer teams with self service access controls 

In this episode of the All Aboard Podcast, Alex chats with Avery Pennarun, CEO and Co-Founder at Tailscale. Founded in 2019, Tailscale uses mesh networking technology to help companies ditch their VPN and provide access to critical infrastructure and resources without sacrificing speed, scalability, or performance.

What’s inside:

• Avery shares the accidental origin story of how Tailscale was founded
• How and why traditional VPNs are falling short for the remote first world
• How Tailscale’s mesh networking technology creates a delightful connectivity experience for users
• Avery’s advice on managing product lead growth in startups

But IT is so much more than just the "break fix" function.

In this episode of the All Aboard Podcast, Alex talks to Ylan Muller, Senior IT Manager at FireHydrant. With over a decade of experience spanning from smaller startups to high-growth, late-stage tech companies, Ylan helps demystify the role of IT and explores its transformative potential for organizations.

What’s inside:

• A deep dive into the true scope of the IT function
• Ylan shares insights into the unique challenges and opportunities faced by IT teams at early vs. later-stage companies
• How Ylan measures success and evaluates progress
• Ylan’s advice for balancing productivity and security in a remote-first world
• How forward-thinking IT teams are thinking about security amidst growth

In this episode of the All Aboard Podcast, Kunal Agarwal, founder and CEO at Dope Security, dives into what a Secure Service Edge is and where it fits in the security stack. We hear Kunal’s tips on channeling passion into product development and how the team at Dope is setting themselves apart in an established space.

What’s inside: 

• What is a Secure Service Edge and how is it used?
• How Dope is reimagining the secure web gateway
• Kunal’s advice on channeling passion into product  development
• His approach to fundraising and investors
• Kunal’s advice on having an “anti-exec mindset” 

In the second episode of the All Aboard Podcast, Twingate CEO and Co-Founder, Tony Huie,  breaks down why securing access is at the core of modern cybersecurity and why there is a growing mandate for “usability” in security products.

What’s inside:

• His experience at Dropbox and how the “consumerization of IT” trend has manifested in security
• Why modern security products should be built with usability in mind
• An underappreciated challenge of moving to a Zero Trust model
• Why the prevalence of buzzwords like “Zero Trust” can be a good thing
• How forward thinking organizations are embracing security as a shared responsibility

In the first episode of the All Aboard podcast, one of the early pioneers of developer first security joins us to talk about scaling security controls in a modern environment, measuring the success of your security program, and how buying behavior in security is evolving.

What’s inside:

• The importance of Shifting Left in a cloud first world
• Guy’s three approaches to measuring security
• Security’s evolution towards decentralization
• What does it mean for security teams to become a platform that enables developer teams to build faster and more securely
• The “paved road” concept in security popularized by Netflix
• How purchasing decisions are changing under the current macroeconomic conditions