Notifications
Clear all
Topic starter
06/06/2026 2:04 am
TL;DR: A curated list highlights 15 identity and cybersecurity professionals whose work spans IAM, NHI governance, standards, and emerging AI risk, offering practitioners a compact way to track the people shaping current identity debates, according to Oasis Security. The real value is not the list itself but the pattern it reveals: identity security is increasingly cross-domain, and practitioners need wider signal sources to keep pace.
NHIMG editorial — based on content published by Oasis Security: Top 15+1 Identity Pros to Follow on LinkedIn
By the numbers:
- Paul Lanzi says privileged access was identified in 82% of security breaches according to the Verizon DBIR.
Questions worth separating out
Q: How should security teams build a cross-domain identity programme?
A: Start by aligning human IAM, NHI governance, PAM, and cloud identity around shared control outcomes such as ownership, privilege reduction, and lifecycle review.
Q: Why do service accounts and other NHIs need lifecycle governance?
A: Because inventory alone does not remove risk.
Q: What do security teams get wrong about following identity experts?
A: They often treat it as content consumption instead of programme design input.
Practitioner guidance
- Map your identity advisory inputs across domains Create a short list of external voices that cover human IAM, NHI governance, PAM, standards, and cloud identity so your programme is not shaped by a single specialty.
- Use cross-domain experts to challenge control gaps Ask reviewers to test whether your current controls handle service accounts, third-party access, and delegated identity paths with the same discipline as employee access.
- Align identity reviews with lifecycle ownership For every non-human identity in scope, document an owner, a review cadence, and an offboarding trigger.
What's in the full article
Oasis Security's full blog post covers the practitioner context this summary intentionally leaves out:
- Brief profile notes on each listed identity professional and the specific area of expertise they are known for
- The article's own rationale for why each person was selected for the LinkedIn list
- Reference links to each expert's LinkedIn profile for direct follow-up
- Additional commentary on how the list fits into Oasis Security's wider resources and blog catalogue
👉 Read Oasis Security's list of identity experts to follow on LinkedIn →
Identity pros on LinkedIn: what IAM teams can learn now?
Explore further
06/06/2026 3:33 am
Identity governance is becoming a cross-domain discipline, not a product category. The strongest signal in this list is that practitioners now need to understand human IAM, privileged access, NHI governance, and standards work together. That convergence changes how programmes are staffed, reviewed, and measured. The implication is that identity teams should stop organising expertise by tool class and start organising it by control outcome.
A few things that frame the scale:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to the Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to Ultimate Guide to NHIs: Lifecycle Processes for Managing NHIs.
A question worth separating out:
Q: How do teams know their identity controls are keeping up?
A: Look for evidence that the programme can explain who owns each identity, when access is reviewed, and how quickly dormant access is removed. If those answers are unclear for service accounts or third-party connections, the control model is lagging behind the environment.
👉 Read our full editorial: Identity pros to follow as IAM, NHI, and AI risk converge
