This episode features Andy Drag, Staff Product Manager at Cohesity.

With a background in systems administration and two managed service provider startups, Andy brings deep, hands-on insight into the challenges IT teams face. Over the last decade, he’s led product management across backup vendors and SaaS continuity platforms, shaping products around integrations, cyber recovery, and resilience.

In this episode, Andy shows how ransomware has changed the stakes for backup and identity, and why they must be treated as tier-zero systems. He explains how attackers now target backup platforms, what tighter roles, isolation, and immutability look like in practice, and why actually rehearsing recovery is more important than any architecture diagram.

This is a realistic look at whether your recovery plan will work in a real-world attack or only looks good on paper.

Guest Bio Andrew Drag is a Staff Product Manager at Cohesity, focused on identity resilience and Microsoft enterprise applications.. He began his career in systems administration before founding two local managed service provider startups, giving him deep, hands-on experience with the challenges IT teams face. Over the last decade, he has transitioned into product management, shaping products across legacy backup and recovery vendors as well as SaaS business continuity platforms with specific focuses on integrations, cyber recovery, and SaaS-ification. Drawing on this blend of practitioner insight and product leadership, he is passionate about building solutions that help organizations stay resilient in the face of change. Based in the New York metro area, he brings a practitioner’s perspective to product leadership, ensuring technology solves real-world challenges.

Guest Quote "One of the most important things is testing your recoveries. In a disaster, when you do a recovery, you don't want it to be the first time that you're performing that recovery.”

Time stamps 01:16 Meet Andrew Drag: Identity Resilience and Data Protection Expert 01:57 Why Traditional Data Protection Breaks Down 04:19 Modern Data Protection: From Backups to Resilience 05:47 The Hard Truth About Recovering After an Attack 08:43 Core Best Practices for Data Protection 10:32 Elevating Backup and Identity to Tier 0 13:23 Using Backup Data for AI and Analytics 16:22 Conclusion and Final Thoughts

Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.

Links Connect with Andy on LinkedIn

Learn more about Cohesity

Connect with Sean on LinkedIn

Don't miss future episodes

Learn more about Semperis

This episode features host Sean Deuby and fellow Semperis colleague Guido Grillenmeier, Principal Technologist, EMEA, in a candid recap of the 2025 Hybrid Identity Protection Conference in Charleston. They trade takeaways on what they heard, what surprised them, and what the event revealed about where hybrid identity security is headed.

Sean and Guido highlight some key observations from keynote speakers including Chris Inglis (former US National Cyber Director), Alex Weinert (Semperis CPO and former VP of Identity Security at Microsoft), and other identity security and recovery experts across the world.

This is a fast, grounded debrief designed to help you take in the conference highlights and carry forward the insights that will matter most in the year ahead.

Time stamps 01:45 Welcome to the HIP Conf Recap

04:27 The Biggest Conference Themes and What They Signal

08:39 Active Directory’s Evolution + Microsoft’s Presence

12:54 Keynotes and the Broader Identity Threat Picture

17:14 Practical Practitioner Takeaways

26:49 Identity Security as an Ongoing Program

31:39 Wrap-Up and What’s Next for HIP Conf

Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.

Links Watch all the sessions from HIP Conf 2025

Connect with Guido on LinkedIn

Connect with Sean on LinkedIn

Don't miss future episodes

Learn more about Semperis

This episode features Christopher Brumm, Cyber Security Architect at glueckkanja AG.

With 15+ years in IT security, Chris has worked across Microsoft’s security portfolio and beyond, moving from network and data-center defense into deep identity work with Active Directory and Entra ID. He’s now an identity SME, a GK Identity Community moderator, a frequent community speaker, and a regular writer on security and identity.

In this episode, Chris explores the limitations of Active Directory security and how Microsoft’s new Global Secure Access directly addresses those gaps. He breaks down how zero trust principles and granular controls work in practice, and why connecting on-prem servers to the cloud is now simpler and safer. Chris shows how this shift strengthens defenses by enforcing access through identity-first policies instead of outdated network-centric models.

This is a clear, field-tested walkthrough of why hybrid identity security needs a new playbook, and how Global Secure Access helps teams close the holes attackers rely on most.

Guest Bio

For over 15 years, Christopher Brumm has been immersed in IT security topics, possessing extensive knowledge and practical experience in the Microsoft Security Portfolio and beyond. Over the years, he has progressed from network and data center topics to Active Directory and Entra ID, delving deeper into identity security. Today, he is a Subject Matter Expert for Identity in the Security Team and a moderator of the GK Identity Community. He regularly speaks at community events and publishes blog posts on security and identity topics. Chris's latest passion is Global Secure Access, where the themes of identity, security, and networking converge to enable a comprehensive Zero Trust approach.

Guest Quote

 “It’s not realistic to modernize protocols like Kerberos or SMB to support MFA and device compliance... but we have an option to control the network layer.”

Time stamps

01:07 Meet Christopher Brumm: Microsoft Security MVP and CISSP

02:00 The Hybrid Identity Attack Playbook

06:03 Active Directory vs. Entra ID: The Security Gap

09:02 Breaking Down Global Secure Access

11:58 What This Looks Like for Real Users

16:17 Bringing Zero Trust to the Network Layer

17:50 What You Need to Deploy Global Secure Access

20:48 Conclusion and Final Thoughts

Sponsor

The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.

Links

Connect with Christopher on LinkedIn

Learn more about glueckkanja AG

Watch Christopher’s talk at HIPConf 2025

Connect with Sean on LinkedIn

Don't miss future episodes

Learn more about Semperis

This episode features Daniel Stefaniak, Vice President Architect - Cybersecurity and Identity at JPMorgan Chase.

With deep experience as an IT architect, consultant, and technical program manager, Daniel has helped design and deploy large-scale IAM and CIAM solutions that support millions of users. He is widely recognized for his expertise in Active Directory and Entra ID and for bringing clear, unfiltered insight into some of the industry’s toughest identity challenges.

In this episode, Daniel explains why attack path management is never a one-and-done effort, how to focus on the high-impact issues that matter most, and why success depends on dedicated ownership rather than tools alone.

This is an honest and practical look at what it truly takes to understand and manage attack paths in modern identity environments.

Guest Bio Experienced IT Architect, Consultant, and Technical Program Manager specializing in Active Directory and Entra ID (Azure AD). A recognized industry leader in Identity and Access Management (IAM) and cybersecurity, with extensive expertise designing and deploying large-scale cloud-based IAM and CIAM solutions supporting millions of users.

Former Microsoft Program Manager, instrumental in driving technical content, readiness, and enterprise adoption of Azure AD. Proven ability to lead end-to-end project lifecycles, align security strategies with regulatory requirements, and design robust directory and identity federation solutions.

Guest Quote " You cannot be an active directory admin or an architect owner of the service, and run an attack path management program on the side. You need a dedicated team to do it.”

Time stamps 01:05 Meet Daniel Stefaniak: The IAM Guy 02:08 The Insanity of Attack Path Management 03:27 Challenges and Realities of Attack Path Management 07:57 Choosing the Right Tools 10:32 Implementing Effective Attack Path Management 12:50 Using OKRs in Tech Path 14:50 Team and Resource Requirements 16:20 Conclusion and Final Thoughts

Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.

Links Connect with Daniel on LinkedIn

Learn more about JPMorgan Chase

Connect with Sean on LinkedIn

Don't miss future episodes

Learn more about Semperis

This episode features Nathan Wenzler, Field Chief Information Security Officer at Optiv.

With nearly 30 years of experience leading cybersecurity programs across government agencies, nonprofits, and Fortune 1000 companies, Nathan has spent his career at the intersection of people, process, and technology. He’s helped organizations redefine what it means to build security cultures that actually work.

In this episode, Nathan explains why communication (not technology) s a CISO’s most important skill, how to create a culture that values security without slowing innovation, and why empathy may be the most underrated tool in cybersecurity.

This is an insightful look at the people-first mindset behind stronger, more resilient security programs.

Guest Bio Nathan Wenzler is a field chief information security officer at Optiv, where he advises clients on how to strengthen and optimize every aspect of their cybersecurity program. With nearly 30 years of experience, he has built and led security initiatives for government agencies, nonprofits and Fortune 1000 companies.

Wenzler has served as a CISO, executive management consultant and senior analyst, holding leadership roles at Tenable, Moss Adams, AsTech and Thycotic. He also spent more than a decade in public sector IT and security roles with Monterey County, California, and supported state and federal agencies.

He is known for helping security leaders better communicate the measurable value and benefit of a mature, effective cybersecurity program to executives, technical stakeholders and nontechnical business partners. His approach emphasizes not only technical excellence but also the human and organizational factors that drive long-term security success.

Wenzler has spoken at more than 400 events worldwide, educating security leaders and professionals on how to excel in their role as an organization's risk expert. He has also served on advisory boards, including the Tombolo Institute at Bellevue College, and is a former member of the Forbes Technology Council. His areas of expertise include vulnerability and exposure management, privileged access management and identity governance, cyber risk management, incident response, and executive-level communications and program management

Guest Quote  “If you can win the people over in your organization, you can make those big changes for better identity governance.”

Time stamps 01:22 Meet Nathan Wenzler: Veteran CISO and Security Strategist 02:16 Redefining Identity in a World of Infinite Accounts 05:15 How Culture Can Make or Break Your Security Program 13:34 Winning Over the Business: Aligning Security and Culture 24:45 From “Department of No” to Trusted Partner: Fixing Cyber Communication 40:25 The Human Side of Incident Response 46:23 Leading with Empathy: Nathan’s Advice for Security Leaders

Sponsor

The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.

Links

Connect with Nathan on LinkedIn

Learn more about Optiv

Connect with Sean on LinkedIn

Don't miss future episodes

Learn more about Semperis

This episode features Heather Costa, Director of Technology Resilience at Mayo Clinic.

With over two decades of experience building resilience programs at leading healthcare institutions, Heather has redefined what it means to prepare for and thrive through disruption. From Cleveland Clinic to Mayo Clinic, she’s led enterprise-wide recovery strategies that balance people, process, and technology.

In this episode, Heather explains why true resilience starts with leadership, not technology, how to set clear priorities when everything feels critical, and how to design organizations that adapt and recover faster.

This is a powerful look at the mindset and methods behind building resilience that lasts in healthcare and beyond.

Guest Bio Heather M. Costa is a leading authority in cyber and technology resilience, currently serving as Director of Technology Resilience at Mayo Clinic. With over twenty years of experience, she has shaped resilience programs at premier healthcare institutions, notably pioneering business resilience at Cleveland Clinic before architecting Mayo Clinic’s enterprise-wide recovery and continuity initiatives.

Heather is a dynamic leader, keynote speaker, and mentor, frequently invited to share her insights at organizations and conferences such as Harvard NPLI, HIMSS, and the HIPAA Summit. She is recognized for building high-performing teams and fostering the next generation of cybersecurity leaders.

Heather holds a Master’s in Homeland Security – Information Security and Forensics from Penn State, a summa cum laude Bachelor’s in Emergency Management from the University of Akron, and multiple esteemed certifications including Certified Business Continuity Professional (CBCP), Certified Cyber Resilience Professional (CCRP). She is Vice President for the WiCyS Healthcare Affiliate and a member of several distinguished honor societies.

Outside of work, Heather is a dedicated solo mom to five children, inspiring her family and community with her resilience and leadership.

Guest Quote "[Resilience]  means not just recovering, but being better. Adapting, where we're wired in our DNA organizationally, to thrive in disruption, not just survive.”

Time stamps 01:08 Meet Heather Costa: Cyber Resilience Expert 04:49 Understanding Resilience in Healthcare 22:36 Starting with Minimal Viable Recovery 25:56 Worst Case Scenario Planning 28:30 Building a Resilient Environment 29:33 Heather's Blue Sky Strategy Planning 35:26 What's Missed When Building Resilience 37:43 Final Advice on Resilience

Sponsor

The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.

Links

Connect with Heather on LinkedIn Learn more about Mayo Clinic Connect with Sean on LinkedIn Don't miss future episodes Register for HIP Conf 2025 Learn more about Semperis

This episode features Dr. Chase Cunningham, Chief Strategy Officer at Demo-Force.com.

Widely known as “Dr. Zero Trust”, he’s the creator of the Zero Trust Extended Framework and former Forrester principal analyst. With decades of experience supporting the NSA, U.S. Navy, FBI Cyber, and other government missions, Chase brings deep expertise on how nation-states wage digital conflict.

In this episode, Chase explains how China, Russia, and North Korea use cyber operations to advance long-term strategic goals, why critical infrastructure has become a silent battlefield, and why attribution makes retaliation so difficult. He shares practical guidance for hardening defenses, outpacing common attackers, and avoiding becoming the “slowest gazelle in the herd.”

This is a sobering look at how geopolitics fuels cyber risk, and the urgent realities every security leader must prepare for now.

Guest Bio

Creator of the Zero Trust eXtended framework and a cybersecurity expert with decades of operational experience in NSA, US Navy, FBI Cyber, and other government mission groups, Chase is responsible for ZTEdge's overall strategy and technology alignment. Chase was previously VP and Principal Analyst at Forrester Research; Director of Threat Intelligence for Armor; Director of Cyber Analytics for Decisive Analytics; and Chief Cryptologic Technician, US Navy. He's the author of the Cynja series and Cyber Warfare: Truth, Tactics, and Strategies.

Guest Quote

" Putin has even been noted as saying that chaos is the goal. You do that via cyber. You don't do that by putting boots on ground anymore. That is very important for everybody that's connected or digital to understand, you are operating in a live fire battlefield environment. You're not just on the internet.”

Time stamps

01:04 Meet Dr. Chase Cunningham: Dr. Zero Trust 02:47 The Fifth Horseman: Cyber Threats 04:24 Geopolitical Implications of Cyber Warfare 09:05 Understanding China's Approach to Cyber 17:27 Breaking Down Defensive Cyber 20:17 Understanding North Korea's Approach to Cyber 22:25 Russia's Cyber Chaos Tactics 24:35 Cyber Leadership Gaps in the U.S. Government 27:22 Final Thoughts and Advice

Sponsor

The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.

Links

Connect with Chase on LinkedIn

Learn more about Demo-Force.com

Chase’s HIPConf 2024 Talk: Cyber Threat: The Fifth Horseman of the Apocalypse

Connect with Sean on LinkedIn

Don't miss future episodes

Register for HIP Conf 2025

Learn more about Semperis

This episode features Jonathon Mayor, Principal Security Consultant for the Americas at Cohesity.

A founding member of Cohesity’s Security Center of Excellence and the Cyber Event Response Team, Jonathon has more than 20 years of experience in security operations, forensics, and business continuity, with past leadership roles at EMC, Dell, and Verizon. He’s guided Fortune 500 and Global 1000 organizations through high-stakes incident response and recovery.

In this episode, Jonathon explains why trust is the first casualty in a cyberattack, how to distinguish between mission critical operations and mission critical response, and why resilience depends as much on people and process as on technology. He shares candid lessons from the field on avoiding endless “what if” scenarios, preparing for the human toll of prolonged incidents, and building flexibility into every plan.

This is a practical look at cyber resilience and the critical skills every leader needs to have before the next 2 a.m. incident call.

Guest Bio Jonathon Mayor is Principal Security Consultant for the Americas at Cohesity, where he has helped many Fortune 500 and Global 1000 organizations strengthen cyber resilience through threat intelligence, incident response, and recovery strategy. A founding member of Cohesity’s Security Center of Excellence and the Cyber Event Response Team (CERT), his current focus is proactively collaborating with security partners and customers to strengthen security posture and readiness by drawing from the experiences and lessons learned through CERT.

With more than 20 years in security operations, forensics, and business continuity, Jonathon has held leadership roles at EMC, Dell, and Verizon, where he oversaw global NOC operations and major incident mitigation.

Guest Quote " The thing that's most important that's lost first and hardest to regain is trust. Everything else is secondary. If the very tools that I'm relying on to respond have been compromised, and therefore I can't trust them, where does my plan go from there?”

Time stamps 01:10 Meet Jonathan Mayor 03:37 Rethinking What's Mission Critical 12:25 Avoiding Endless What If's 15:50 Paranoia Has a Budget: Prioritizing Risks 21:27 The Human Element in Cyber Defense 25:01 Importance of Mindset Flexibility 27:11 Post-Incident Advice

Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.

Links

Connect with Jonathon on LinkedIn

Learn more about Cohesity

Connect with Sean on LinkedIn

Don't miss future episodes

Learn more about Semperis