Identity at the Center·May 6, 2026·1h 13m·Episode #420

#420 - Sponsor Spotlight - GitGuardian

Download audio Show notes Apple Podcasts

Show notes

Connect with Dwayne: https://www.linkedin.com/in/dwaynemcdaniel/

Dwayne's website: https://dwayne-mcdaniel.com/

Learn more about GitGuardian: https://www.gitguardian.com/lps/idac

GitGuardian Good Samaritan Program (free) - https://www.gitguardian.com/good-samaritan

The State of Secrets Sprawl 2026: https://www.gitguardian.com/state-of-secrets-sprawl-report-2026

SPIFFE Book: https://spiffe.io/book/

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at http://idacpodcast.com

TIMESTAMPS:

00:00 Introduction and sponsor welcome

00:48 Dwayne's background and path to developer advocacy

04:11 Surprises from entering the identity and security space

06:29 What a principal developer advocate actually does

09:32 Why secrets became Dwayne's focus area

14:10 GitGuardian: overview and mission

19:36 Where secrets commonly leak across the SDLC

22:17 The Good Samaritan notification program explained

28:00 Why 70% of leaked secrets from 2022 were still valid in 2025

33:54 State of Secret Sprawl 2026: the year software changed

40:39 AI coding tools, Claude Code, and secrets leakage data

47:28 Practical questions for IAM practitioners to start asking

52:24 Zero standing privilege and the case for SPIFFE/SPIRE

01:00:00 Resources: the SPIFFE book, WIMSE, and AWS STS

01:02:51 Hot sauce, the Cubs, and closing thoughts

KEYWORDS:

secrets sprawl, hardcoded secrets, non-human identity, NHI governance, GitGuardian, SPIFFE, SPIRE, workload identity, DevSecOps, agentic AI, Claude Code, zero standing privilege, supply chain security, credential abuse, identity and access management, IAM, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Dwayne McDaniel

← Previous

#419 - Identity Management Day 2026 - IDAC Live

#421 - The AI Identity Control Plane with Henrique Teixeira

This episode is made possible by GitGuardian. Jeff speaks with Dwayne McDaniel, Principal Developer Advocate at GitGuardian, about secrets sprawl, non-human identity governance, and the findings of the State of Secret Sprawl 2026 report. With 28.6 million secrets leaked to public GitHub in 2025 - a 34% year-over-year increase - they explore why hardcoded credentials persist, how agentic AI tools are making the problem worse, and what IAM practitioners can do to start addressing machine identity governance. Topics include GitGuardian's Good Samaritan notification program, the growing NHI inventory challenge, SPIFFE and SPIRE as a path to zero standing privilege, and data showing Claude Code co-authored commits are more than twice as likely to contain leaked secrets. Visit gitguardian.com/lps/idac to learn more. Connect with Dwayne: https://www.linkedin.com/in/dwaynemcdaniel/ Dwayne's website: https://dwayne-mcdaniel.com/ Learn more about GitGuardian: https://www.gitguardian.com/lps/idac GitGuardian Good Samaritan Program (free) - https://www.gitguardian.com/good-samaritan The State of Secrets Sprawl 2026: https://www.gitguardian.com/state-of-secrets-sprawl-report-2026 SPIFFE Book: https://spiffe.io/book/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com TIMESTAMPS: 00:00 Introduction and sponsor welcome 00:48 Dwayne's background and path to developer advocacy 04:11 Surprises from entering the identity and security space 06:29 What a principal developer advocate actually does 09:32 Why secrets became Dwayne's focus area 14:10 GitGuardian: overview and mission 19:36 Where secrets commonly leak across the SDLC 22:17 The Good Samaritan notification program explained 28:00 Why 70% of leaked secrets from 2022 were still valid in 2025 33:54 State of Secret Sprawl 2026: the year software changed 40:39 AI coding tools, Claude Code, and secrets leakage data 47:28 Practical questions for IAM practitioners to start asking 52:24 Zero standing privilege and the case for SPIFFE/SPIRE 01:00:00 Resources: the SPIFFE book, WIMSE, and AWS STS 01:02:51 Hot sauce, the Cubs, and closing thoughts KEYWORDS: secrets sprawl, hardcoded secrets, non-human identity, NHI governance, GitGuardian, SPIFFE, SPIRE, workload identity, DevSecOps, agentic AI, Claude Code, zero standing privilege, supply chain security, credential abuse, identity and access management, IAM, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Dwayne McDaniel