Notifications
Clear all
Topic starter
25/06/2026 10:25 pm
TL;DR: A live event listing for a cryptography-focused session, with no substantive threat findings or technical detail in the page itself, is the subject of ASPG’s July 16 CryptoZ webinar; the practical question for IAM and security teams is how cryptography tooling, access management, and operational controls fit together when the source material provides only logistics.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams evaluate a cryptography webinar listing?
A: Treat it as a signal of topic interest, not as technical evidence.
Q: Why do cryptography discussions often become identity governance problems?
A: Because the control only works if someone owns the keys, certificates, and secrets throughout their lifecycle.
Practitioner guidance
- Classify the page as event context, not control evidence Use the webinar listing only to identify the topic area and likely audience.
- Review key ownership and expiry for cryptographic assets Check which teams own certificates, keys, and secrets, then confirm that expiry, revocation, and review responsibilities are documented and tested.
- Map cryptographic material into identity governance workflows Bring secrets, certificates, and administrative keys into the same lifecycle controls used for service accounts, including onboarding, recertification, and offboarding.
What to expect at the briefing
ASPG’s full event page covers the scheduling and registration details this post intentionally leaves to the source:
- The exact webinar timing and registration path for attendees who want to join the session.
- The vendor’s own event context around CryptoZ and the surrounding product ecosystem.
- Practical logistics for accessing the live briefing rather than the analytical interpretation provided here.
👉 Register for ASPG’s CryptoZ webinar on cryptography and access management →
CryptoZ webinar: what cryptography teams should expect on July 16?
Explore further
25/06/2026 10:55 pm
Event listings are not governance evidence. A webinar page can indicate topic interest, but it cannot establish whether a cryptographic control is effective, whether an access model is safe, or whether a product change is operationally sound. Security teams should treat this kind of source as context only, not as the basis for control design.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap, according to The State of Secrets in AppSec.
A question worth separating out:
Q: Who is accountable when cryptographic credentials are left active too long?
A: Accountability should sit with the asset owner, the system owner, and the control owner together, because cryptographic credentials cross technical and governance boundaries. If ownership is unclear, revocation becomes delayed and audit evidence weakens. Frameworks like the NIST Cybersecurity Framework 2.0 still depend on clear internal responsibility.
👉 Read our full editorial: CryptoZ webinar on cryptography operations and access management
