AI & IAM: Where Security Gets Superhuman (Or Supremely Stuck) – Dor Fledel, Alexander Makarov, Aaron Parecki, Heather Ceylan, Matt Immler, Nitin Raina – ESW #427
At Oktane 2025, leaders from across the security ecosystem shared how identity has become the new front line in protecting today’s AI-driven enterprises. As SaaS adoption accelerates and AI agents proliferate, organizations face an explosion of human and non-human identities—and with it, growing risks like misconfigured access, orphaned accounts, and identity-based attacks.
In this special Enterprise Security Weekly episode, we bring together insights from top experts:
- Dor Fledel (Okta) explains how teams can gain visibility into AI agents, uncover risks, and enforce appropriate access controls.
- Alexander Makarov (Adyen) shares how a global fintech unified and streamlined identity with Okta, improving both security and employee experience across 200+ countries.
- Aaron Parecki (Okta) highlights the importance of open standards—like IPSIE, MCP, and A2A—for building secure, interoperable AI ecosystems and centralized control over AI-driven interactions.
- Heather Ceylan (Box) discusses how Box embeds AI into workflows to enhance data protection, even for highly regulated industries.
- Matt Immler (Okta) offers lessons from the field on strengthening defenses with behavioral monitoring, automation, and a security-first culture to counter attackers who now “log in” instead of hacking in.
- Nitin Raina (Thoughtworks) warns about AI-driven social engineering—from deepfakes to multi-channel phishing—and shares practical strategies like phishing-resistant MFA, zero-trust architecture, and better employee training.
From open standards to privileged access management and AI-powered defense, these Oktane 2025 conversations explore how identity-driven strategies are shaping the future of enterprise security.
Segment Resources: https://www.okta.com/newsroom/articles/old-security-challenges--new-ai-risks--managing-authorization-in https://www.okta.com/newsroom/press-releases/okta-introduces-cross-app-access-to-help-secure-ai-agents-in-the/ https://www.okta.com/blog/ai/securing-the-ai-agent-ecosystem/ https://www.okta.com/customers/adyen/ https://www.okta.com/newsroom/?sort=featured&filters=okta%3Acategories%2Fidentity-security https://www.okta.com/customers/thoughtworks/
This segment is sponsored by Oktane by Okta. Visit https://securityweekly.com/oktane to learn more about them!
Dor Fledel is a Senior Director of Product Management for Okta’s Identity Security Posture Management and Privileged Access Management practice. He has more than 12 years of hands-on experience in cybersecurity in leading organizations and holds an MBA and M.Sc in cryptography. He founded Spera Security, an industry leader in Identity Security, which Okta acquired in 2024.
Alexander is a passionate technologist with 14+ years in Enterprise IT, driving digital transformation across Europe and the Middle East for clients in fintech, healthcare, public sector, and retail. At Adyen, he has spearheaded the design and optimization of IAM and IGA architectures – ensuring scalable, secure access at enterprise scale within GDPR and ISO compliance frameworks. As part of this role, he partners with technical and executive stakeholders to align identity solutions with business objectives, mentor engineering peers to uphold rigorous quality standards and advance best practices. These efforts helped Adyen achieve a 99.6 % phishing‑resistant authenticator rate and earn recognition as one of Okta’s most innovative clients.
Aaron Parecki is Director of Identity Standards at Okta with over 20 years of experience in the industry. He is active in multiple standards development organizations (SDOs), including IETF, OpenID Foundation, and W3C. He is an editor of OAuth 2.1 along with several other OAuth specifications, and co-chairs the SCIM working group at IETF, and the IPSIE working group at the OpenID Foundation. He has taught the fundamentals of OAuth and online security to thousands of developers worldwide through his book OAuth 2.0 Simplified as well as video courses and live online trainings.
Heather Ceylan is the Chief Information Security Officer at Box, where she leads the global information security program and strategy. With over 15 years of experience, she has built and led high-performing security teams across technology, healthcare, and financial services—industries with some of the most rigorous regulatory environments. Prior to Box, she served as Deputy CISO at Zoom, where she helped scale the company’s security posture during a period of rapid global growth. She also held previous roles as the VP of Security, Privacy, and Compliance at Collective Health and a Director in PwC’s cybersecurity practice where she advised Fortune 500 companies on complex security and privacy programs. Recognized as the 2024 Women in Cybersecurity Leader of the Year, Heather is known for her pragmatic approach to building security programs that enable innovation while safeguarding trust.
Matt Immler is the Regional Chief Security Officer for Okta in the Eastern Americas, where he leverages his Identity expertise to drive customer success. Matt’s background includes Auth0 Security and Compliance, in addition to previous roles in information security, network operations and software engineering.
Nitin Raina brings 25+ years of experience in IT, Security and Risk leadership, and currently serves as the Chief Information Security Officer at Thoughtworks. In this role, he focuses on safeguarding both Thoughtworks clients and the internal business by ensuring security is embedded into every stage of technology delivery. His mandate is to prioritize and balance security, technology, and risk considerations in ways that enable trusted client partnerships while protecting the enterprise.
