Jeff Steadman is joined by RSM colleagues Rich Servillas and Charles John to explore the critical intersection of identity access management, operational resilience, and disaster recovery. Rich, a director from the cyber response group, shares insights from the front lines of ransomware and cloud intrusions, while Chuck, director of operational resilience, discusses the importance of business continuity planning. The conversation covers the true impact of security incidents on brand reputation and operations, the necessity of out-of-band communication, and why identity is often the first thing challenged and the last thing trusted during a crisis. The guests also provide practical advice for IAM professionals on reducing blast radius through standing privilege reduction and robust logging.

Connect with Rich: https://www.linkedin.com/in/richard-servillas-041a0551/

Connect with Chuck: https://www.linkedin.com/in/chuckjohn/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Timestamps:

00:00:00 - Introduction and 2026 conference outlook

00:01:44 - Introducing guests Rich and Chuck from RSM

00:03:56 - Defining operational resilience and business continuity

00:06:22 - When and how to start the planning process

00:09:55 - Chuck's background in public health and emergency management

00:12:44 - The broad impact of incidents on brand and operations

00:16:45 - Key elements every recovery plan must include

00:19:14 - Defining incident severity and matrixes

00:21:52 - Identity as the new perimeter and its operational dependencies

00:24:57 - Why hackers log in rather than break in

00:26:46 - The first hours of a cyber incident response

00:29:35 - Current threat trends and the role of AI

00:31:29 - Updating plans through post-action debriefs

00:34:31 - Cyber insurance gaps and contractual SLAs

00:40:24 - Advice for identity professionals on reducing blast radius

00:46:10 - Personal milestones and looking forward to 2026

Keywords:

IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, IAM, Cybersecurity, Business Continuity, Disaster Recovery, Operational Resilience, RSM, Incident Response, Ransomware, Cyber Insurance, Identity Governance

Jeff and Jim are joined by Gartner Analyst Rebecca Archambault for a special live edition of the podcast recorded at the Gartner Identity & Access Management Summit in Grapevine, Texas on December 10, 2025. Instead of a traditional interview, the trio hosts "Majority Rules," an interactive game show where the live audience votes on pressing and fun identity topics. Listen in to hear the pulse of the room on everything from the biggest buzzwords of the year and the true purpose of analyst 1:1 sessions, to the best strategies for navigating the vendor hall. The group explores audience preferences on IGA, AI risks, non-human identities, and the most common lies told in sales cycles. It is a fun, lighthearted look at what identity professionals are actually thinking about the current state of the industry.

Connect with Rebecca: https://www.linkedin.com/in/rebecca-becky-archambault-4b4285111/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

Chapter Timestamps

00:00 - Intro and Game Rules

02:40 - First Question: Favorite Podcast

03:15 - Networking vs. Education

04:08 - Buzzword of the Year: Agentic Identity

04:47 - User Behavior Analytics Usage

05:37 - Expo Hall Memories and Socks

06:20 - The Twist: Battle Royale Rules

06:45 - The True Purpose of Analyst 1:1s

07:55 - Mitigating Agentic AI Risks

08:55 - Strategies for the Vendor Hall

09:37 - The Future of IGA

10:15 - Favorite Gartner Reports

11:05 - Benefits of Just-in-Time Access

11:45 - AI in Authentication Priorities

12:35 - Securing Non-Human Identities

13:05 - Keys to Successful B2B IAM 13:40 - The Hardest Part of Role Mining

14:15 - PAM for AI Agents

14:50 - Keynote Takeaways

15:40 - Measuring IAM Success

16:20 - Defining ITDR

17:05 - The Biggest Lie in IAM Sales

17:35 - Least Favorite Gartner Report

18:10 - Audit Preparation Preferences

18:45 - Common Lies in the Vendor Hall

19:15 - The Most Dangerous Access Right

19:35 - Winner Announcement and Outro

Keywords

IAM, identity management, cybersecurity, Gartner IAM Summit, Majority Rules, game show, Rebecca Archambault, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Agentic Identity, ITDR, non-human identity, role mining, zero standing privileges

#395 - Sponsor Spotlight - Redblock

This episode is sponsored by Redblock. Visit redblock.ai/idac to learn more.

Jeff and Jim come to you live from the Gartner IAM Summit in Grapevine, Texas, for a special Sponsor Spotlight with Redblock. They sit down with CEO Indus Khaitan to discuss how Redblock uses AI and computer vision to solve the "last mile" problem in identity management: disconnected applications.

Indus explains how Redblock acts as an "agentic" layer, using screen recordings to learn administrative tasks for apps that lack APIs. The conversation covers the origin of the company name, the urgency of securing the "long tail" of applications, and how they build trust and guardrails around AI execution. They also discuss the "DoorDash" analogy for identity fulfillment and wrap up with a fun chat about Indus's passion for flying planes.

Connect with Indus: https://www.linkedin.com/in/khaitan/

Learn more: redblock.ai/idac

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at [idacpodcast.com](http://idacpodcast.com)

Timestamps

00:00 Introduction from Gartner IAM Summit

00:46 Guest Introduction: Indus Khaitan of Redblock

01:40 Indus's Journey into Identity

02:41 The Origin of the Name "Redblock"

04:20 The Underserved Market: Services vs. Software

07:34 The Urgency of Securing Disconnected Apps

09:19 Why Traditional IGA and PAM Aren't Enough

11:35 The DoorDash Analogy: Where Redblock Fits

14:30 What Makes Redblock Unique? (Agentic Process Automation)

16:15 Trusting AI with Security Tasks

18:50 Onboarding Apps via Video Recording

21:23 Deployment: Running Air-Gapped on Customer Cloud

22:17 Handling UI Changes and "Full Self-Driving" Analogy

25:40 Integration with SailPoint and Governance Tools

27:13 Speed of Integration: Days vs. Years

32:00 How the "Headless Browser" Works

33:35 Limitations: Web Apps vs. Thick Clients

36:58 Redblock's 2025 Milestones and Future Outlook

39:48 Call to Action: Solving Disconnected Apps

40:27 Impressions of the Gartner IAM Summit

44:26 Are We in an AI Bubble?

46:46 Indus's Hobby: Flying Planes

Keywords

IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Redblock, Indus Khaitan, AI, Artificial Intelligence, IAM, Identity and Access Management, Disconnected Apps, Agentic AI, Computer Vision, Gartner IAM Summit, RPA, IGA, Cybersecurity