IAM for MSSPs: The Hidden Risk of Blind Trust – Dustin Sachs – CSP #224
Identity and access management is often sold as a technical problem, but real-world deployments tell a different story. For MSSPs managing access across multiple client environments, IAM becomes a test of trust, accountability, decision fatigue, and human behavior. In this episode of CISO Stories, we explore why access reviews become rubber stamps, why least privilege is harder than it sounds, and how cognitive bias can quietly shape security decisions. We also dig into the uncomfortable question: when organizations outsource IAM, are they outsourcing control — or just the labor? Because in the end, identity is not just about who gets access. It is about who owns the risk when access goes wrong.
Dr. Dustin Sachs is the Chief Technologist and Sr. Director of Programs at CyberRisk Collaborative. He is a highly accomplished cybersecurity professional with a proven track record in risk management, compliance, incident response, and threat mitigation. He is CISSP-certified and holds a Doctor of Computer Science (DCS) degree in Cybersecurity and Information Assurance. Dr. Sachs has worked in various industries, including public utilities, food distribution, and oil and gas. He is a respected thought leader in the cybersecurity community.
