New Leader in Identity, Breaking News, and Let's talk Digital Identity Fraud

The 99th Edition of the Identity Jedi Newsletter

Author

David Lee
February 19, 2025

Hey Jedi welcome to the 99TH EDITION of the Identity Jedi Newsletter. One away from 100! We’ll be launching some new things around the IDJ Universe, but more on that later. This week let’s talk CyberArk, digital identity fraud, and a little announcement.

Let’s get to the GOOD STUFF!!

This week's edition

The 1000-LB Gorilla that no one talks about

Ok so I can admit when I’m wrong. I mean it rarely happens, but when it does I am the first to admit it. 😂

I’ve often said that SailPoint has been the unquestioned leader when it comes to the Identity space, The One, The Champ, insert your colloquialism here. ( Is that the right use of this word here? ) And everyone was chasing them, and that soon a new champ would be crowned. But maybe…the champ was there all along and I just didn’t notice them.

Hear me out. I’m very aware of CyberArk, in past lives I’ve worked partnerships with them, some light implementation work of their product but I just didn’t look at them as a major player. They were the PAM company. They did it well, and they had tremendous penetration in the Fortune 500. They were part of the big three. IAM, IGA, PAM.

However, looking closely and man are they so much more than that. Some quick numbers to throw at you:

  • Shares of CYBR have rallied 58.7% in the past year.

  • 841 Million in cash*

  • Stock currently trading at 409 ( as of when I’m writing this)

Not bad for a 20+ year old company.

Their recent acquisitions of Venafi and Zilla help them round out their claim as an all around Identity Security Platform ( on paper). The Zilla move gives them access to a smaller market with a chance to increase their footprint, while simultaneously allowing them to cross sell into their current base. Methodical, repeatable growth. We see you CyberArk…kudos.

CyberArk Rises 8% Since Q4 Earnings Beat: How to Play the Stock

CYBR's robust identity security offerings, strategic acquisitions and growing ARR make it a great investment choice at present.

www.zacks.com/stock/news/2417387/cyberark-rises-8-since-q4-earnings-beat-how-to-play-the-stock

The New Road Ahead

I couldn’t help reading this PR about Socure’s RiskOS system and thinking to myself..why isn’t this a workforce thing? Why haven’t we ( the identity industry) adopted this line of thinking and technology into how we handle identity security for enterprises? We talk to much about user onboarding, but we only pick up AFTER information is entered into an HR system. We should be interacting ( dare I say controlling) the identity process from the moment the notion of a digital identity is needed.

Gazing into my crystal ball and I can envision a future in which a product like Socure’s and their RiskOS platform are baked into a broader identity platform. This means divisions like fraud and risk, compliance, IT, and security would all have to work together. Imagine that…

Socure launches RiskOS for identity verification and fraud prevention

Socure, a provider of digital identity verification and fraud prevention technologies, has announced the general availability of its new RiskOS platform.

thepaypers.com/digital-identity-security-online-fraud/socure-launches-riskos-for-identity-verification-and-fraud-prevention--1272315

Hey..your API’s open..

Oh, I could give a dissertation on the architecture of modern applications, but I won’t. I’ll keep this brief. API’s have the building blocks of application development and are the underlying force that gives us the “ease of use” functionality we crave as users. However, they are often left WIDE open and are a complete disaster when it comes to managing them. API’s and NHI’s are the PAM of ten years ago. We all know we need to manage them, but we all just sweep it into the closet, slam the door and pray no one ever opens it.

Well…yeah..not going to happen. Everyone is opening the door. It’s literally why API’s were created in the first place.

See long ago, in the before times we built these ancient things called monolithic applications. We trapped allll the goodness of the application into one big area and we didn’t share anything. Want to post data from one app to the other, TOUGH. Send notifications when I one application finished a process, NOPE!

We did things the old-fashioned way and just duplicated functionality everywhere. It was gloriously inefficient and cumbersome.

Then, one day, we thought..man, wouldn’t it be nice if apps could just share data and functionality? And kinda like the Big Bang Theory ( no, not the TV show), APIs were brought into existence. ( ok, not really, but I told you I wouldn’t do a dissertation on application architecture so just go with it). With this newfound technology, we leaped into action like a caveman with a brand-new fire torch. We created an API for everything, putting them everywhere, and it was pure bliss. There was just this one nagging little question that we didn’t really answer: If I’m User A in the XYZ application, and I want to access the ABC application where I’m User B, how do I make sure I’m getting the right data?

…………….

………………………………..

Yeah…that silence..was the same thing the developers got when they asked the question. Fast forward to today, and we got 99 problems, and an API is one.

I’ll probably do a deep dive on this in an upcoming edition, but for now I’ll say this. API security relies on Identity ( SHOCKER!!) and it should be a part of identity, at least in your identity strategy as an organization, and maybe someday combined in your identity product. ( Different story for a different day) If you haven’t had the discussion internally, now would be a good time to start the conversation with your dev team around things like API Hygiene, credential rotation, and inventory. Be warned, you probably aren’t going to like the answers.

The foundation of modern software development is under rising cyber attack

Organizations are seeing a rise in cybersecurity attacks against application programming interfaces, or APIs, and aren't always prepared to defend themselves.

www.cnbc.com/2025/02/15/foundation-of-modern-software-development-is-under-rising-attack.html

Big Changes, Bigger Vision

A few weeks ago, someone asked me: “After 20 years (it still hurts to write that), why are you still in the identity industry?”

The simple answer? I love it.

I’ve spent two decades watching this industry evolve—growing from a niche IT function to the backbone of security, digital transformation, and business enablement. And in some small way, I’ve had the privilege of being part of that journey.

But what really keeps me here? The challenge.

Every era of identity has come with its own set of complex problems: scalability, security, usability, compliance. And every time, we’ve stepped up—not just to solve them, but to push the industry forward.

Now, as we stand on the edge of the next technological revolution—AI, quantum computing, decentralized identity, and beyond—I see one thing clearly: identity is at the center of it all.

This next phase of identity isn’t just about managing access. It’s about securing the foundation of trust in a hyper-connected, AI-driven world.

That’s why I’m excited to announce that I’ve joined Saviynt as Field CTO.

Saviynt has long been at the forefront of modern identity governance and cloud security, enabling organizations to move faster, stay secure, and build trust at scale. Their vision isn’t just about compliance—it’s about empowering businesses to embrace the future without compromising security.

In this role, I’ll continue doing what I love—working with customers, solving hard problems, and helping organizations turn identity into a true enabler of business transformation.

The future of identity is being written right now—and I couldn’t be more excited to be part of it with Saviynt.

Saviynt, a Global Leader in Cloud Identity Security, Achieves Record Results for 2024

saviynt.com/press-release/saviynt-a-global-leader-in-cloud-identity-security-achieves-record-results-for-2024?hsLang=en

Threat Spotlight: Inside the World’s Fastest Rising Ransomware Operator — BlackLock

Key Findings Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affiliate link – your enrollment helps support this platform at no extra cost to you. First observed in March 2024, “BlackLock” (aka El Dorado or Eldorado) has rapidly emerged as a major player in the ransomware-as-a-service (RaaS) ecosystem. By Q4 2024, it ranked as the 7th most prolif...

malware.news/t/threat-spotlight-inside-the-world-s-fastest-rising-ransomware-operator-blacklock/91170

The passwordless future of finance

Financial services organisations are among the most common targets of cyberattacks, with threat actors ranging from individual scammers to highly organised cybercriminal groups that attempt to exploit and disrupt the sector. Cybersecurity is therefore a vitally important consideration for financial institutions and their clients to prevent fines and reputational damage, and ensure confidence and ensure confidence.   For years, usernames and passwords have been the go-to method...

www.technologyrecord.com/article/the-passwordless-future-of-finance

The Hidden Cybersecurity Crisis: How GenAI is Fueling the Growth of Unchecked Non-Human Identities

Proper GenAI governance will control and manage the risks associated with NHI growth, bringing equilibrium and balance between security and AI innovation to IT ecosystems.

securityboulevard.com/2025/02/the-hidden-cybersecurity-crisis-how-genai-is-fueling-the-growth-of-unchecked-non-human-identities

E60 - SGNL $30m Raise / What is Identity Security / IAM Standards / Behaviour Monitoring

The Analyst Brief · Episode

open.spotify.com/episode/35aaviQ4jQy6gVUeNKmqVy?si=0ea985a0e15741ee

#331 - RSM & IDAC Present - Risk Management & Digital Identity with Matt Franko

Identity at the Center · Episode

open.spotify.com/episode/7dH2oflLaGTK1rpQX0oEP7?si=8ce5a51656134562

#23 Fractured Identity: An In-Depth Exploration

The Identity Navigator · Episode

open.spotify.com/episode/12GTtgPfXwdXVYyTKvB3xA?si=ae148ac0428e46e0

The Identity Jedi Universe

Powered by OnTheCornerMedia

Identity Jedi Show Podcast

Wait I’m In Charge? Micro Podcast

Identity Jedi Show Podcast

Leadership Newsletter

The Last Word

Ok Ok,I can hear you worrying from across Elon Musk’s Internet. So let’s answer some of those questions you may have:

Q: Does this mean the IDJ Newsletter is done?

A: No, the Identity Jedi Newsletter isn’t going anywhere

Q: What about the podcast?

 A: No the Identity Jedi Show Podcast isn’t going anywhere.

Q: Does that mean we’ll see Saviynt stuff in the newsletter?

A: Yes, you will see some Saviynt promos, and yes, we will work on some things together regarding content, in fact we are cooking up something special for Identiverse. But it will be similar to other vendors that have sponsored content before.

All in all, there will be minimal changes to the newsletter and podcast. This was significant to me in my talks with Saviynt about joining the organization. I value every one of my readers, and I love building this brand and have many more things planned. So get ready for a fantastic year. We are also celebrating 100 EDITIONS in two weeks!!!!

Be Good to each other, Be Kind to each other, Love each other

-Identity Jedi

What did you think of this weeks newsletter?

Login or Subscribe to participate in polls.

Reply

or to participate.