Early-bird Discount
expires in
Register Now


Solving IAM Security Risks

Solving IAM Security Risks

Combined Session
Friday, June 07, 2024 10:30—11:30
Location: B 07-08

Top Risks of Identity and Credential-Based Cyberattacks

Watch the video


This session explores the pressing risks posed by identity and credential-based cyber attacks, spotlighting live demonstrations to expose vulnerabilities and real-world examples that underscore the dire consequences when identities are compromised.

Attendees will gain actionable insights into fortifying their defenses against evolving threats, with a focus on proactive cybersecurity strategies.

Join us to navigate the complexities of this ever-evolving threat landscape and learn from practical demonstrations and case studies.

Joseph Carson
Chief Security Scientist & Advisory CISO
Joseph Carson is an award-winning cyber security professional and ethical hacker with more than 25 years’ experience in enterprise security specialising in blockchain, endpoint security,...
Zero Data Enabled Zero Trust

Watch the video


Zero data is the idea that organizations can store much less data than they used to - sometimes zero data- because of the advent of just-in-time identity streaming technologies like verifiable credentials. Verifiable credentials, combined with ubiquitous fine-grained access control can provide significant benefits to organizations using zero trust principals to secure their applications and internal workloads.

This talk will discuss how just-in-time data that is easily verifiable can streamline workflows while reducing the burden of data management and increasing security. 

Dr. Phil Windley
Senior Software Development Manager
Amazon Web Services
Phil Windley is a Senior Software Development Manager at AWS Identity. He is also the co-founder and organizer of the Internet Identity Workshop. He was previously an Enterprise Architect and...
An Identity Company's Own Enterprise Journey to ZTA, Passwordless & Phishing Resistance

Watch the video


This is an implementation and enterprise change management story about how we moved Okta from a baseline of traditional MFA gating app/resources access to a far more dynamic & secure app/resource access policy position using ZTA principles, passwordless, & eventually, phishing resistance. It’s about cross-departmental partnership, iterative improvement, and performance benchmarking to deliver a data-driven transformation in our security posture in a short, yet realistic, time frame.

This session will show WHY and HOW we managed both the technical and cultural enterprise changes needed to make this a success, and provide attendees within all industries with ideas and examples they can take back to undertake iterative security improvement in their own organizations.

We will start by introducing Okta on Okta. OoO are the identity practitioners within Okta, and just like other EIC attendees, we have to deliver solutions to business identity challenges. Though we may wear “team colors,” we talk shop with the credibility that comes from having to actually implement, own, and iterate it - without the marketing mission to distract us.

We will highlight the status quo and the drivers for this change. We will then move on to the foundational work needed to overhaul our security signals and access policies based on said signals, including how we kept the enterprise from experiencing change & security fatigue, how passwordless was a QoL feature to start, but evolved as the program did to emphasize phishing resistance as the real value. As the program went on, we began layering security feature after feature at sign-on time, including user behavior analysis, managed and BYOD device profiling and security signals, CrowdStrike signals, and more until organically we got to a place were we authenticate every user, every device, and constantly review and adjust our policies based on new security threats.

We will share the metrics on how we tracked our objectives, including auth metrics we tracked to know we were making an impact. We will share the business value impact as well in terms of UX, security hygiene, and worker hours saved - and emphasize this is how we kept exec attention on this program so it wouldn’t peter out. We will end by highlighting that our phishing-resistant journey is not “complete” until all aspects of the user’s identity lifecycle are secured with PR credentials, including onboarding, desktop sign-on, and credential recovery.

This is an implementation & ent. change management story. It IS set w/in Okta & executed by Okta employees, but this is not about the product- it is about the doers getting this done. This is a universally applicable story on passwordless as the first step toward the real goal of phishing resistance, and the iterative process toward ZTA using diverse identity & security tooling signals.

Lana Grechko
Sr. Principal Technical Program Manager
Lana Grechko is a Senior Principal Program Manager and Portfolio Lead at Okta. In this capacity, she’s focusing on ensuring Okta products and systems meet Federal Security Standards such as...
Almost Ready to Join EIC 2024?
Reach out to our team with any remaining questions
Get in touch