All Aboard

In this episode of All Aboard, ConductorOne CEO Alex Bovee talks with Brad Thies, Founder of BARR Advisory, about how agentic AI is reshaping audits and compliance. They explore how AI can “raise the floor” by automating evidence gathering, the risks it magnifies around data and explainability, and the frameworks like ISO 42001 and HITRUST that are emerging to guide governance.

Ever wondered how we got here?  Before SaaS and the cloud reshaped the enterprise, identity lived on-prem. In this episode of All Aboard, ConductorOne CEO Alex Bovee is joined by Karl McGuinness, former Chief Product Architect at Okta, to explore the early architecture and security assumptions that defined the on-prem era.  They dig into the rise of Active Directory, group sprawl, NT domains, and the brittle trust models that left networks vulnerable. Their conversation traces how enterprise identity evolved and what we are still carrying with us today

In this episode of All Aboard, ConductorOne Co-founder Alex Bovee sits down with AppOmni CTO Brian Soby and investor Pramod Gosavi of Blumberg Capital to unpack a provocative question: is SaaS dead? The trio dives deep into the rapid rise of agentic AI and its disruptive force on traditional software models. They explore whether agents will replace entire applications, how velocity in AI-driven development is commoditizing SaaS, and why domain expertise and data gravity are the new competitive moat. Brian offers a practitioner’s take from the front lines of SaaS security, while Pramod shares what’s exciting investors—and what’s getting laughed out of the pitch room. If you’re building, investing in, or just trying to make sense of the AI-native enterprise future, this conversation will challenge your assumptions.

In this episode of All Aboard, ConductorOne Co-founder Alex Bovee talks with Field CISO Kevin Paige about the evolving world of agentic AI. With decades of experience across government and high-growth tech, Kevin shares a practitioner’s take on the new risks—from identity sprawl to deepfakes and data poisoning. They dig into why speed without control is dangerous, how trust and security must evolve together, and why human oversight is still essential. If you’re exploring the future of AI and identity, this one’s for you.

GYTPOL co-founder, CISO, and CEO Tal Kollender loves a challenge. In this episode of All Aboard, she shares how hearing “no” from established cybersecurity companies spurred her to create an endpoint security tool that takes a fresh approach to reducing device misconfiguration risks. Tal’s story demonstrates how bringing new perspectives to common security problems can yield powerful results. A professional hacker in her teens, Tal’s ability to see vulnerabilities from an attacker’s point of view allowed her to find a solution others might have overlooked. Listen to the full episode to learn how she’s turned that solution into a thriving, fully bootstrapped business. What’s inside: Tal’s journey from teenage hacker to CISO to co-founder How Tal’s background helped her see a problem others weren’t solving Why device misconfiguration is a big security risk How GYTPOL has grown its business organically Why creating value for IT teams is critical to convincing CISOs to invest in security solutions

For this episode—the last in our series of conversations recorded live at this year’s Black Hat conference in Las Vegas—Alex catches up with David Lee, the Identity Jedi.  David is an identity security veteran and one of the sharpest thinkers in the space, so we couldn't round out the year without sharing his take on Black Hat and how he sees the security industry evolving. This episode gives practitioners and vendors alike plenty to think about as we approach 2025.  What’s inside: Who’s actually buying security products (Hint: It’s not CISOs) How Black Hat has changed and how to get the most out of it How CISOs and security teams are deciding what to prioritize in 2025 Why humans are still the biggest security threat for companies Where David sees AI making the most impact in security

For this episode we’ve got another great conversation recorded live during the 2024 Black Hat conference in Las Vegas! Alex welcomes Francis Odum, founder of the Software Analyst—a cybersecurity research platform. Francis is a well-regarded analyst with a large audience of investors, builders, and practitioners who look to him for guidance on what security solutions and technologies they should be paying attention to.  Francis and Alex talk about the state of the industry and dig into two related topics on everyone’s mind at Black Hat: non-human identities and gen AI. Francis shares his views on what’s hype, what isn’t, and how the industry is responding to new threats and new tech. It’s a timely episode that will have you looking ahead to 2025 and beyond! What’s inside: The explosion of service accounts and how the industry is solving for it AI’s possibilities—and access issues What cybersecurity trends Francis is paying attention to right now  Use cases for point solutions vs. platforms How the shared responsibility model of security is evolving

In this episode, Alex welcomes Darwin Salazar, author of the popular industry newsletter the Cybersecurity Pulse, co-host of the Enterprise Security Weekly podcast, and Founding Product Manager at Monad. Darwin and Alex got together for a live chat during some downtime at this year’s Black Hat Conference in Las Vegas. As an engineer turned product builder, Darwin has a multifaceted perspective on the cybersecurity industry. He understands security practitioners’ needs and keeps his ear to the ground to learn how product builders are innovating solutions to serve them. Alex and Darwin cover a range of industry topics including why more product builders should be practitioners, how the role of CISO is changing, and Darwin’s takeaways from the expo hall floor at Black Hat.  What’s inside: Darwin’s background and why he started the Cybersecurity Pulse newsletter Why more practitioners should transition to product building Trends seen at Black Hat 2024 Moving to a bottom-up sales motion for security tools Industry predictions for 2025 and beyond

In this episode of All Aboard, Alex Bovee is joined by Ross Haleliuk, Head of Product at LimaCharlie and writer of one of the best newsletters covering the cybersecurity space, Venture in Security. Together, Alex and Ross analyze what success looks like in the security industry, weighing in on the platform vs. point solution debate and discussing the importance of hiring strategically at startups. Finally, Ross shares his predictions for the near future of the security space. This episode has a little something for everyone—don’t miss it! What’s inside: A deep dive into Ross’s creative process behind Venture in Security Platforms vs. point solutions  What does success mean for security startups? Hiring at startups—what’s the best strategy? Ross’s cyberindustry predictions for next year

In this episode of All Aboard, Alex Bovee is joined by Nancy Wang and Ashish Popli, security veterans and co-hosts of the De-FUD Podcast. Nancy is a venture partner at Felicis who's built data security products at some of the biggest names in SaaS, and Ashish led information security projects at Microsoft before moving on to create top-notch security teams as CISO at companies like UiPath and Spotnana. Together, Alex, Nancy, and Ashish tackle one of the industry’s hottest topics right now: AI agents and their impact on the future of security workflows. From analyzing what makes an AI agent to unpacking these agents’ security implications and areas of promise, this episode covers it all. If you’re curious about where the AI revolution is going to take the security space next, this is one episode you don’t want to miss! What’s inside: What are AI agents? And what are the security concerns around them? The security implications of leveraging AI agents within your environment Opportunities for security practitioners to use AI agents in their workflows Where does the most promise lie for using AI and LLM technologies in security? Are AI bots going to become domain specific? And how do they fit into the age-old build vs. buy debate?

In this episode of All Aboard, Alex Bovee is joined by CEO and Founder of Weave Identity, Ian Glazer. A true identity veteran, Ian most recently spent nine years heading up identity products and services at Salesforce. He started Weave Identity to offer advisory services to companies looking to create, mature, and scale digital identity products. Together, Ian and Alex tackle two of the most discussed concepts in identity security: least privilege access (LPA) and zero standing privilege (ZSP). They analyze the pros and cons of each framework and how and where companies can put them into practice. Ian also shares his thoughts on how the identity industry has evolved and his predictions on how it will look in the near future. What’s inside: ZSP vs. LPA: How do they differ? What are the shortcomings of each? Which is more effective? How to get started on the journey to implementing ZSP and LPA How to successfully control access sprawl The evolution of Identity as a shared concern between IT and security Ian’s identity security predictions 

In the latest episode of All Aboard, Alex Bovee is joined by Observa CEO, Rob Picard. Rob got his start in security as a pen tester and went on to be an early security hire at both Robinhood and Vanta, where he helped establish security programs designed to scale. He’s now leading Observa, a security consulting firm focused on helping startups develop a strong security structure. Alex and Rob dive into Rob’s four-pillar framework for securing early-stage companies, which includes GRC, security engineering, enterprise security, and security operations. Rob details challenges and best practices for each pillar, the impact they have across the different stages of a company, and how teams should allocate resources to address each one effectively. What’s inside: When to get a SOC 2 and how to choose compliance frameworks based on your organization’s needs The risks every startup should be thinking about and how to address them Why adopting the right technology doesn’t require a massive investment When to make your first security hire How to manage device and contractor security Alert fatigue and the steps you can take to combat it Why Rob’s optimistic about AI and emerging trends in the security industry

Inspired by the popular YouTube series Hot Ones, this week Alex Bovee invited David Lee, the Identity Jedi, to share hot wings and spicy takes on the past, present, and future of identity security for a special edition of the podcast.  Alex and David share opinions about everything IGA, including how the space has evolved from the early days to where it is now, becoming a P0 security initiative for companies and moving away from legacy solutions toward more modern, SaaS-based tools—all while trying to survive the hottest wing sauces out there! What’s inside: What David finds most exciting about working in identity today Why approximately 50% of IGA deployments are distressed What customers want from modern IGA solutions Will tool consolidation continue? Is traditional PAM dead? How will it evolve over the next few years? Do security teams care about identity?

This week Alex Bovee and JumpCloud CTO Greg Keller dive into the past, present, and future of identity management. A seasoned identity veteran, Greg, alongside JumpCloud CEO Rajat Bhargava, founded and scaled the popular open directory platform into the top industry player it is today. Greg’s been a first-hand witness to the changing identity management landscape and provides insights into how the needs of cloud-forward companies have driven this change.  Alex and Greg talk about what it takes to disrupt a market dominated by an established leader, staying true to your vision, the growing intersection of IT and Security teams, and the impact the emergence of AI and LLMs may have in the space. What’s inside: JumpCloud’s journey to becoming a successful market disrupter Using product as the primary vehicle of a GTM strategy How to foster a great company culture and the impact it has on output The intertwining of IT and security teams, and what it means for the future of identity The difference between consumer and workforce identity—should they be under the same umbrella? What impact will AI and LLMs have on identity security?

In this episode, Alex Bovee and 1Password CEO Jeff Shiner get into the details of how 1Password became an “18-year overnight success,” growing from a niche consumer product into the leading online password and authentication security provider. Jeff’s had a front-row seat to how the blurring lines between our personal and business lives online have changed the way companies think about online security.  Jeff and Alex talk about 1Password’s evolution, what it means to build products that are “Angry Birds easy,” how staying true to a simple goal—keep people safe online—has guided 1Password’s growth, and what the future of personal online safety looks like.  What’s inside: Why protecting personal data is critical to protecting company data How to stay focused on customer success at a growing company Where acquisitions fit into 1Password’s growth strategy How to manage resources when running two business lines Why making people’s lives more convenient is key to keeping them safe When to make boring technology choices and when to focus on innovation Will we ever move past passwords? 

This week we’re digging into compliance with security veteran Chris Niggel, regional CSO at Okta. Chris was Okta’s fourth security hire and has witnessed the evolution of common compliance frameworks and requirements in his time leading GRC and other security initiatives at the company.  In this episode, Chris and host Alex Bovee tackle the broad topic of compliance from multiple angles, going over the basics of compliance frameworks and why they matter and then breaking down how to use compliance to improve security outcomes and add business value. What’s inside: Intro to compliance frameworks Why certifications like SOC 2 Type 2 matter to customers The intersection of GRC and security How to work well with auditors Using compliance to push your security program forward How to measure the value of compliance When and how to do FedRAMP

AI and LLMs are disrupting the technology space at a pace that’s difficult to comprehend. Identity is no different. And so in this episode of the All Aboard podcast, we’re exploring the intersection of AI and identity with the Identity Jedi, David Lee.  David is about as much of an identity expert as you can be. He’s worked in identity at Sailpoint and AWS, and is now the co-founder and CEO of Raincoat. David has really seen it all and has devoted his career to the domain. We’re thrilled to have him on! What’s inside: Identity governance and AI in the past: broken promises? How AI has the opportunity to leverage structured relationships and connections of identity Unique applications of LLMs and AI in the identity space

In this episode of the All Aboard Podcast, our host Alex Bovee is thrilled to be joined by Den Jones. Den is the Chief Security Officer at Banyan Security, a Secure Service Edge (SSE) Solution that provides a new way to secure access to websites, SaaS applications, private applications, and infrastructure while protecting organizations from internet threats. Den has seen it all, working for some of the biggest names in tech. From managing IT Security at Adobe, to leading Enterprise Security at Cisco, and now as the CSO at a fast growing startup. Den delves into the challenges of creating a security strategy based in a zero trust framework, what ‘transparent security’ actually means, plus the role security leaders should play in building company culture. What’s inside: Why zero trust is only one piece of the security puzzle  The tie between employee happiness and company success Why prioritizing a more secure VPN was the way to go How to sell products internally  The faults of a ‘security first’ mindset Building effective relationships between sellers and buyers

In this episode of the All Aboard Podcast, our host Alex Bovee is thrilled to be joined by Eoin Hinchy. Eoin is the founder and CEO of Tines, a security automation tool secure workflow builder for your whole team which breaks down barriers across systems while decreasing duplicate efforts, unnecessary alerts, and information silos.  The average security team today is receiving about 10,000 alerts daily across an average of 77 SaaS tools. SaaS products are only effective when implemented by teams on the frontline. That means for a team to use a product, they have to be easy to use and robust enough to handle the complexity of a security team. Eoin delves into the internal struggles of security teams and why automation is key in a modern workforce.  What’s inside: Building the product that Eoin wished he could use Characteristics people look for in a new automation SaaS product The need for human involvement at certain steps in the workflow Why automation is going to increase headcount over time Eoin’s founder story and experience with competition in the SaaS startup world

This week’s episode of the All Aboard Podcast, dives into the world of Identity Threat Detection and Response – or ITDR – with Didi Dotan. Didi was the CTO and co-founder at Oort, which provides IAM analytics and helps companies check for identity security vulnerabilities.  Didi, with over a decade of experience in the cybersecurity space, shares the common identity security challenges Oort was built to address and shares his outlook on the intersection between IT and Security; specifically what it means when we say identity is the new security perimeter. Didi also chats about his experiences in taking a company through an acquisition and his thoughts on the future of the IAM space. What’s inside: How Oort shifted from an access controls solution to a threat detection one to acquisition Why there’s value in positioning through the user’s perspective The key differences and current uses for IAM vs CIAM  Balancing advanced detection modeling and the day-to-day security necessities  Why test driven models are the way to go  Future goals and predictions for IAM and ITDR