Notifications
Clear all
Topic starter
27/06/2026 1:16 pm
TL;DR: Security leaders from Wiz, Rubrik, Noname, and Abnormal discuss the threats targeting their own companies, how they prioritise defensive tools, and why automation is becoming more important amid the cybersecurity skills shortage, according to Abnormal AI. The resource is best read as a signal that operational pressure is driving security teams toward automation and tighter prioritisation, not as a product story.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams decide which identity controls to automate first?
A: Start with high-volume, repeatable tasks that create delay when handled manually, such as access review routing, entitlement reminders, and offboarding follow-up.
Q: Why do security skills shortages affect IAM and NHI governance?
A: Because shortages change how much review and enforcement a team can realistically perform.
Practitioner guidance
- Review where automation already touches identity operations Identify which access reviews, alert triage steps, onboarding tasks, and entitlement changes are already being automated or are candidates for automation.
- Prioritise identity controls by operational blast radius Rank human accounts, service accounts, API keys, and emerging AI agent identities by the damage they could cause if misused.
- Reduce dependence on manual security chores Automate repetitive work such as ticket enrichment, secret expiry reminders, and offboarding prompts so teams can focus on exceptions and high-risk access.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- First-hand perspectives from security leaders at Wiz, Rubrik, Noname, and Abnormal on the threats they are prioritising.
- Discussion of how teams decide which tools and controls deserve attention when defensive demand exceeds capacity.
- Context on why automation is becoming more attractive as cybersecurity staffing pressure grows.
- A practitioner-oriented view of the questions that keep security leaders awake at night.
👉 Watch Abnormal AI's on-demand webinar on security leaders, threats, and automation →
Cyber defence leaders on automation and top threats: what matters now?
Explore further
27/06/2026 2:32 pm
Security skills shortages are now an identity governance problem, not just an operations problem. When teams cannot keep up with threat volume, they do not simply work harder. They start changing how access is approved, reviewed, and monitored, which directly affects IAM, PAM, and NHI governance quality. That makes staffing constraints a control risk, not just a resourcing issue. Practitioners should treat capacity as part of the access model.
A few things that frame the scale:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to The 2026 Infrastructure Identity Survey.
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
A question worth separating out:
Q: Who should own identity decisions when security operations become more automated?
A: Ownership should remain with the control domain that understands the risk, even if execution is automated. IAM, PAM, and security operations each need clear accountability for approvals, exceptions, and review outcomes. Automation should execute policy, not replace policy ownership.
👉 Read our full editorial: Security leaders on automation and emerging threats in cyber defence
