Identity Security - AI Powered IAM and ITDR
Course 1214
3 DAY COURSE

Price: $1,844.00
Course Outline

This course is an "Identity Bootcamp", providing a progression from foundational identity best practices to advanced AI-driven implementation. It bridges the gap between proactive Identity and Access Management (IAM) and reactive Identity Threat Detection and Response (ITDR), using AI as the intelligence layer for real-time detection, behavioral analytics (UEBA), and automated response. The included LABs are built on a stack that supports Identity Orchestration, Behavioral Analytics, and Machine Identity Management.

The content is organized into 4 areas: The Human Element & Risk Orchestration, The Machine & Agentic Explosion, Identity Threat Detection & Response, and Privacy, Governance, and the Future. Zero Trust is the foundational philosophy of this course, woven into the curriculum by shifting focus from traditional perimeter security to "Identity-First" security.

Identity Security - AI Powered IAM and ITDR Benefits

  • Course Benefits

    • Modernize authentication with FIDO2, WebAuthn, and passkeys, replacing vulnerable shared-secret methods.
    • Build AI-driven risk engines using behavioral biometrics for continuous identity verification.
    • Secure machine identities with SPIFFE and HashiCorp Vault using just-in-time credentials.
    • Govern agentic AI through security guardrails that control permissions and prevent data leakage.
    • Map identity attack paths and shadow administrators using graph analytics and BloodHound.
    • Automate threat response with Sigma rules and Wazuh-driven active defense playbooks.
    • Implement next-generation privacy using Zero-Knowledge Proofs (ZKP) and Decentralized Identifiers (DID).

    Prerequisites

    Attendees should have intermediate knowledge in networking and cybersecurity and knowledge of AI at the level of AI and Cyber Security: Attack and Defend.

AI Identity Security Training Outline

Learning Objectives

Module 1: Architecture of Modern Authentication

  • Understand the shift from shared secrets to cryptographic identity verification.
  • Analyze the limitations of SMS and TOTP-based MFA against modern attacks.
  • Implement strong authentication using FIDO2 and WebAuthn.
  • Deploy passkeys and passwordless authentication workflows.
  • Secure account recovery with AI-assisted identity verification.
  • Configure trusted certificate authorities and identity trust chains.
  • LAB: Establish ADFS trust relationships using Microsoft PKI.
  • LAB: Implement passwordless X.509 certificate-based authentication.

Module 2: Real-Time Risk Engines

  • Building the AI "Brain" that decides when to trust a login signal
  • Behavioral Biometrics: Capturing keystroke dynamics, mouse velocity and touch pressure
  • Contextual Telemetry: Analyzing "Geo-velocity" and IP reputation signals
  • ML Anomaly Detection: Training Scikit-learn models on "Normal" user login patterns
  • LAB: Adaptive Risk Orchestration
  • LAB: "Geo-Velocity" Risk Trigger
  • LAB: Adding, executing and reviewing tests with Playwright

Module 3: Securing the Machine Workforce (NHI)

  • Managing identities for the 95% of accounts that aren't human
  • Workload Identity Federation: Understanding the SPIFFE standard for platform-agnostic identity
  • Dynamic Secret Injection: Using HashiCorp Vault for "Just-in-Time" database credentials
  • Attestation Mechanics: How containers prove integrity before receiving OAuth tokens
  • Mutual TLS (mTLS): Securing the connection between Keycloak and autonomous AI agents
  • API Security: Ensuring that autonomous agents have the correct OAuth "scopes" and "claims" before they can access backend data
  • Auto-Enrollment AI Audit: Using AI to monitor AD CS logs for certificate anomalies
  • LAB: Securing n8n workflows with mTLS
  • LAB: mTLS with SPIRE Workload Attestation

Module 4: Identity Governance for Agentic AI

  • Designing security guardrails for autonomous AI agents
  • The "On-Behalf-Of" Problem: Manage how an AI agent proves it has explicit user consent to perform a task with OAuth
  • Blast Radius Management: Restricting agent access based on intent with OAuth scopes
  • Identity-Aware LLM Chains: OAuth tokens carry the identity context for AI prompts to prevent data leakage
  • LAB: AI Agent Secret Retrieval
  • LAB: AI Agent "Human-in-the-Loop" Approval

Module 5: Visualizing the Identity Attack Surface

  • Using Graph Theory AI to see what the attacker sees
  • Identity Graph Fundamentals: Mapping nodes (users) and edges (permissions)
  • Shadow Admins: Detecting users with excessive permissions outside standard groups
  • Tiered Administration: Implementing the "Red Forest" or Enterprise Access Model
  • ESC (Escalation) Vulnerabilities: Using BloodHound to find Certificate Template misconfigurations
  • Monitoring CA Logs: Sending AD CS "Certificate Issued" events to Wazuh
  • LAB: The "BloodHound" Attack Path Hunt
  • LAB: Detecting Certificate Forgery

Module 6: Active Defense & Autonomous Response

  • Detecting and killing sessions in the middle of an attack
  • Embody Zero Trust continuous monitoring and automated remediation
  • Token Theft & Session Hijacking: Real-time detection of "Cookie Replay" attacks with OAuth bearer tokens
  • Sigma for Identity: Writing rules for Kerberoasting, DCSync and Brute Force
  • Automated Remediation Playbooks: Configuring Wazuh to trigger a "Global Logout" via OAuth APIs when an attack is detected
  • LAB: Detecting "Golden Ticket" Anomalies

Module 7: Active Defense & Autonomous Response

  • Using AI to automate the tedious parts of compliance
  • Entitlement Outlier Detection: Using Peer Group Analysis to find excessive permissions
  • Continuous Access Certification: Moving from quarterly reviews to real-time reviews
  • Joiner-Mover-Leaver (JML) Pipeline: Automating role changes during department switches and termination
  • CRL and OCSP: Using Keycloak to check if a Windows certificate has been revoked
  • LAB: Entitlement Auditing with "Baton"
  • LAB: The Offboarding Workflow

Module 8: The Future of Privacy: ZKP & DID

  • Decoupling "Who you are" from "What you are allowed to do"
  • Decentralized Identifiers (DID): Giving users ownership of their own identity "Wallet"
  • Zero-Knowledge Proofs (ZKP): Mathematically proving a claim without revealing raw data
  • Verifiable Credentials: Issuing digitally signed "badges" for offline verification
  • LAB: Building a Zero Knowledge Proof Circuit
Course Dates
Attendance Method

How will you be attending the class?

Selecting 'Live Virtual' allows you to attend remotely from work or home. You will receive email communication well before the class starts with detailed instructions on how to validate your equipment and connect to the classroom for a quality learning experience.

Additional Details (optional)

Private Team Training

Interested in this course for your team? Please complete and submit the form below and we will contact you to discuss your needs and budget.