This episode features Andy Drag, Staff Product Manager at Cohesity.

With a background in systems administration and two managed service provider startups, Andy brings deep, hands-on insight into the challenges IT teams face. Over the last decade, he’s led product management across backup vendors and SaaS continuity platforms, shaping products around integrations, cyber recovery, and resilience.

In this episode, Andy shows how ransomware has changed the stakes for backup and identity, and why they must be treated as tier-zero systems. He explains how attackers now target backup platforms, what tighter roles, isolation, and immutability look like in practice, and why actually rehearsing recovery is more important than any architecture diagram.

This is a realistic look at whether your recovery plan will work in a real-world attack or only looks good on paper.

Guest Bio Andrew Drag is a Staff Product Manager at Cohesity, focused on identity resilience and Microsoft enterprise applications.. He began his career in systems administration before founding two local managed service provider startups, giving him deep, hands-on experience with the challenges IT teams face. Over the last decade, he has transitioned into product management, shaping products across legacy backup and recovery vendors as well as SaaS business continuity platforms with specific focuses on integrations, cyber recovery, and SaaS-ification. Drawing on this blend of practitioner insight and product leadership, he is passionate about building solutions that help organizations stay resilient in the face of change. Based in the New York metro area, he brings a practitioner’s perspective to product leadership, ensuring technology solves real-world challenges.

Guest Quote "One of the most important things is testing your recoveries. In a disaster, when you do a recovery, you don't want it to be the first time that you're performing that recovery.”

Time stamps 01:16 Meet Andrew Drag: Identity Resilience and Data Protection Expert 01:57 Why Traditional Data Protection Breaks Down 04:19 Modern Data Protection: From Backups to Resilience 05:47 The Hard Truth About Recovering After an Attack 08:43 Core Best Practices for Data Protection 10:32 Elevating Backup and Identity to Tier 0 13:23 Using Backup Data for AI and Analytics 16:22 Conclusion and Final Thoughts

Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.

Links Connect with Andy on LinkedIn

Learn more about Cohesity

Connect with Sean on LinkedIn

Don't miss future episodes

Learn more about Semperis

This episode features host Sean Deuby and fellow Semperis colleague Guido Grillenmeier, Principal Technologist, EMEA, in a candid recap of the 2025 Hybrid Identity Protection Conference in Charleston. They trade takeaways on what they heard, what surprised them, and what the event revealed about where hybrid identity security is headed.

Sean and Guido highlight some key observations from keynote speakers including Chris Inglis (former US National Cyber Director), Alex Weinert (Semperis CPO and former VP of Identity Security at Microsoft), and other identity security and recovery experts across the world.

This is a fast, grounded debrief designed to help you take in the conference highlights and carry forward the insights that will matter most in the year ahead.

Time stamps 01:45 Welcome to the HIP Conf Recap

04:27 The Biggest Conference Themes and What They Signal

08:39 Active Directory’s Evolution + Microsoft’s Presence

12:54 Keynotes and the Broader Identity Threat Picture

17:14 Practical Practitioner Takeaways

26:49 Identity Security as an Ongoing Program

31:39 Wrap-Up and What’s Next for HIP Conf

Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.

Links Watch all the sessions from HIP Conf 2025

Connect with Guido on LinkedIn

Connect with Sean on LinkedIn

Don't miss future episodes

Learn more about Semperis

This episode features Christopher Brumm, Cyber Security Architect at glueckkanja AG.

With 15+ years in IT security, Chris has worked across Microsoft’s security portfolio and beyond, moving from network and data-center defense into deep identity work with Active Directory and Entra ID. He’s now an identity SME, a GK Identity Community moderator, a frequent community speaker, and a regular writer on security and identity.

In this episode, Chris explores the limitations of Active Directory security and how Microsoft’s new Global Secure Access directly addresses those gaps. He breaks down how zero trust principles and granular controls work in practice, and why connecting on-prem servers to the cloud is now simpler and safer. Chris shows how this shift strengthens defenses by enforcing access through identity-first policies instead of outdated network-centric models.

This is a clear, field-tested walkthrough of why hybrid identity security needs a new playbook, and how Global Secure Access helps teams close the holes attackers rely on most.

Guest Bio

For over 15 years, Christopher Brumm has been immersed in IT security topics, possessing extensive knowledge and practical experience in the Microsoft Security Portfolio and beyond. Over the years, he has progressed from network and data center topics to Active Directory and Entra ID, delving deeper into identity security. Today, he is a Subject Matter Expert for Identity in the Security Team and a moderator of the GK Identity Community. He regularly speaks at community events and publishes blog posts on security and identity topics. Chris's latest passion is Global Secure Access, where the themes of identity, security, and networking converge to enable a comprehensive Zero Trust approach.

Guest Quote

 “It’s not realistic to modernize protocols like Kerberos or SMB to support MFA and device compliance... but we have an option to control the network layer.”

Time stamps

01:07 Meet Christopher Brumm: Microsoft Security MVP and CISSP

02:00 The Hybrid Identity Attack Playbook

06:03 Active Directory vs. Entra ID: The Security Gap

09:02 Breaking Down Global Secure Access

11:58 What This Looks Like for Real Users

16:17 Bringing Zero Trust to the Network Layer

17:50 What You Need to Deploy Global Secure Access

20:48 Conclusion and Final Thoughts

Sponsor

The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.

Links

Connect with Christopher on LinkedIn

Learn more about glueckkanja AG

Watch Christopher’s talk at HIPConf 2025

Connect with Sean on LinkedIn

Don't miss future episodes

Learn more about Semperis