Notifications
Clear all
Topic starter
06/06/2026 1:46 am
TL;DR: Risk, resilience, compliance, and agentic AI-driven cyber defense are increasingly shaping identity security leadership, while hybrid identity recovery and identity-first ransomware response across Active Directory, Entra ID, Okta, and Ping Identity are becoming central priorities, according to Semperis. The move signals that identity security leadership is converging with crisis response, not just control administration.
NHIMG editorial — based on content published by Semperis: announcement of John Podboy as Chief Information Security Officer
By the numbers:
- Semperis says it serves customers in more than 40 countries.
- Semperis says more than 1,200 organizations rely on its platform.
Questions worth separating out
Q: How should security teams build resilience into hybrid identity environments?
A: They should identify every authoritative identity service, test recovery when the primary plane is unavailable, and separate trusted restoration from routine administration.
Q: Why does identity security need crisis response planning?
A: Because modern identity incidents become business outages when teams cannot quickly restore trusted access, privileged control, and directory integrity.
Q: When does AI-driven defence become an autonomy problem?
A: When the system can choose actions, tools, and execution timing without human approval.
Practitioner guidance
- Test identity recovery under real failure conditions Run restore exercises for Active Directory, federation, and privileged access systems with the primary plane offline, corrupted, or unavailable.
- Define clear containment authority for identity incidents Pre-assign who can suspend, reissue, or roll back identity state across directories, SSO, and privileged workflows so crisis response does not stall on approval ambiguity.
- Separate AI-assisted defence from autonomous response If AI is used in detection or containment, limit it to pre-authorised actions with logging, review, and rollback paths.
What's in the full analysis
Semperis' full announcement covers the leadership and operational context this post intentionally leaves for the source:
- John Podboy's background across federal and enterprise security leadership roles and how Semperis positions that experience.
- The company's own framing of how AI-driven detection and response fits into its identity resilience strategy.
- The stated product and internal-security priorities tied to the CISO appointment.
- The broader company context around hybrid identity protection, crisis response, and customer support.
👉 Read Semperis' announcement on its new CISO and identity resilience strategy →
Identity resilience and agentic AI defense: what changes for security teams?
Explore further
06/06/2026 3:04 am
Identity resilience is becoming the governance test, not a side effect of good operations. Semperis frames this role around risk, resilience, compliance, and agentic AI-driven cyber defense, which reflects a broader shift in identity programmes. The market is moving from purely preventive IAM language toward recovery-centric identity security, because modern attacks are won or lost when identity services fail. Practitioners should treat recoverability as a control objective alongside access control.
A few things that frame the scale:
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, with 46% confirmed and 26% suspected, according to the 2024 ESG Report: Managing Non-Human Identities.
- Enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months, which shows how quickly identity failures can compound across environments.
A question worth separating out:
Q: Who should own identity recovery decisions during an incident?
A: The teams responsible for identity governance, privileged access, and incident command should share pre-defined recovery authority. If ownership is vague, restoration slows and compromised state can persist. Clear decision rights are as important as technical backups because recovery is ultimately an operational governance problem.
👉 Read our full editorial: Semperis deepens identity resilience leadership with Podboy appointment
