Identity lifecycle and risk focus: what Axiad’s CFO interview signals

TL;DR: A tighter focus on identity lifecycle management, infrastructure simplification, and measured growth highlights how enterprise identity complexity is pushing companies toward comprehensive credential management, according to Axiad’s interview with new CFO Brian Szeto. The signal for practitioners is that identity programmes are being judged less by feature breadth and more by governance clarity, operational control, and the ability to reduce sprawl.

NHIMG editorial — based on content published by Axiad: Q&A With Axiad’s New CFO, Brian Szeto

By the numbers:

• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
• Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
• NHIs outnumber human identities by 25x to 50x in modern enterprises.

Questions worth separating out

Q: How should teams govern identity lifecycle across humans and machines?

A: Treat lifecycle governance as a shared discipline, but apply it differently by actor type.

Q: Why does credential sprawl make identity risk harder to control?

A: Credential sprawl makes risk harder to control because ownership, expiry, and usage context become distributed across too many systems.

Q: What is the difference between identity lifecycle management and secrets rotation?

A: Secrets rotation is one control inside lifecycle management, but lifecycle management is broader.

Practitioner guidance

• Inventory identity classes by lifecycle owner Create a single inventory that separates human users, service accounts, workloads, and other machine identities, then assign an owner for provisioning, review, rotation, and offboarding for each class.
• Unify credential revocation workflows Make secret, token, and certificate revocation part of the same offboarding process used for access removal so that no credential type can outlive the business relationship that justified it.
• Reduce duplicate identity control paths Identify overlapping identity stores, manual exception flows, and parallel approval paths, then remove the ones that prevent a single answer to who owns access and where it is still valid.

What's in the full article

Axiad's full post covers the leadership context and company priorities this analysis intentionally leaves for the source:

• Brian Szeto's background across cybersecurity and enterprise finance roles
• Axiad's stated view of where its identity lifecycle management work fits in the market
• The company's short-term focus on simplifying and optimising existing infrastructure
• The interviewer's questions on leadership style, growth objectives, and market trends

👉 Read Axiad's interview with new CFO Brian Szeto on identity lifecycle strategy →

Identity lifecycle and risk focus: what Axiad’s CFO interview signals?

Explore further

View Full Forum →  |  NHI Foundation Course →