2025-06-30 –, Room 1
In the evolving landscape of identity security, Microsoft Entra ID's Privileged Identity Management (PIM) stands as a cornerstone solution promising just-in-time (JIT) access and least privilege enforcement. However, beneath this security veneer lies a troubling reality that many organizations fail to recognize, or won't admit. This session will peel back the layers of PIM and JIT implementation to reveal how this widely-adopted control has often created a false sense of security rather than meaningful protection.
Drawing from experience analyzing diverse customer environments, I'll demonstrate how common PIM implementations can reduce security to a mere procedural formality - transforming "just-in-time" into "just-a-button" that sophisticated adversaries easily circumvent.
I'll reveal a couple gaps in PIM and improvements that convert checkbox security into actual protection.
I bring a decade of diverse experience in the IT industry. My career has included roles in software development, with the majority focused on cybersecurity encompassing threat detection, threat research, data loss prevention, endpoint security, networking, access controls, and more. For the past seven years, my primary focus has been the proactive identification of potential threats. I have honed my skills in developing sophisticated methods for detecting these threats, ensuring that defense mechanisms stay one step ahead of malicious actors. Today, that includes thoughtfully integrating AI to enhance and simplify intelligence and detection pipelines. I hold a B.S. in Computer Information Systems and an M.S. in Information Security from Robert Morris University.