Title: Keys Without People” — John Heasman on Cleaning Up Non-Human Access
Summary: John breaks today’s non-human identity mess into three buckets: core tools your business runs on, old/one-off integrations that linger, and engineer tokens left behind. His playbook is simple: decide what’s truly critical, assign a clear owner, keep access minimal, and review it on a schedule. With AI spawning even more “non-human users,” basics done well—prioritize, tighten, rotate, repeat—win the day.
This segment is sponsored by Saviynt. Visit https://cisostoriespodcast.com/saviynt to learn more about them!
John Heasman is Chief Information Security Officer (CISO) of Proof. An accomplished cybersecurity leader with over two decades of experience securing global technology companies, John oversees Proof’s information security program and serves Proof’s clients as the voice of the customer on security. In this role, John is at the forefront of safeguarding digital trust, navigating the rapidly evolving threat landscape shaped by AI and emerging fraud techniques.
Prior to joining Proof in 2024, he served as CISO at a public EdTech company for five years and before that, as Deputy CISO at DocuSign. John has presented at top cybersecurity forums like Black Hat, Defcon, and OWASP AppSec on diverse technical and leadership topics. He has also co-authored two top-selling books on cybersecurity.
He holds a Master’s degree in Engineering and Computing Science from the University of Oxford.
