Identity Security - AI Powered IAM and ITDR

Course 1214
3 DAY COURSE
Price: $2,228.00
Course Outline

This course is an "Identity Bootcamp", providing a progression from foundational identity best practices to advanced AI-driven implementation. It bridges the gap between proactive Identity and Access Management (IAM) and reactive Identity Threat Detection and Response (ITDR), using AI as the intelligence layer for real-time detection, behavioral analytics (UEBA), and automated response. The included LABs are built on a stack that supports Identity Orchestration, Behavioral Analytics, and Machine Identity Management.

The content is organized into 4 areas: The Human Element & Risk Orchestration, The Machine & Agentic Explosion, Identity Threat Detection & Response, and Privacy, Governance, and the Future. Zero Trust is the foundational philosophy of this course, woven into the curriculum by shifting focus from traditional perimeter security to "Identity-First" security.

Identity Security - AI Powered IAM and ITDR Benefits

  • Course Benefits

    • Modernize authentication with FIDO2, WebAuthn, and passkeys, replacing vulnerable shared-secret methods.
    • Build AI-driven risk engines using behavioral biometrics for continuous identity verification.
    • Secure machine identities with SPIFFE and HashiCorp Vault using just-in-time credentials.
    • Govern agentic AI through security guardrails that control permissions and prevent data leakage.
    • Map identity attack paths and shadow administrators using graph analytics and BloodHound.
    • Automate threat response with Sigma rules and Wazuh-driven active defense playbooks.
    • Implement next-generation privacy using Zero-Knowledge Proofs (ZKP) and Decentralized Identifiers (DID).

    Prerequisites

    Attendees should have intermediate knowledge in networking and cybersecurity and knowledge of AI at the level of AI and Cyber Security: Attack and Defend.

AI Identity Security Training Outline

Learning Objectives

Module 1: Architecture of Modern Authentication

  • Understand the shift from shared secrets to cryptographic identity verification.
  • Analyze the limitations of SMS and TOTP-based MFA against modern attacks.
  • Implement strong authentication using FIDO2 and WebAuthn.
  • Deploy passkeys and passwordless authentication workflows.
  • Secure account recovery with AI-assisted identity verification.
  • Configure trusted certificate authorities and identity trust chains.
  • LAB: Establish ADFS trust relationships using Microsoft PKI.
  • LAB: Implement passwordless X.509 certificate-based authentication.

Module 2: Real-Time Risk Engines

  • Building the AI "Brain" that decides when to trust a login signal
  • Behavioral Biometrics: Capturing keystroke dynamics, mouse velocity and touch pressure
  • Contextual Telemetry: Analyzing "Geo-velocity" and IP reputation signals
  • ML Anomaly Detection: Training Scikit-learn models on "Normal" user login patterns
  • LAB: Adaptive Risk Orchestration
  • LAB: "Geo-Velocity" Risk Trigger
  • LAB: Adding, executing and reviewing tests with Playwright

Module 3: Securing the Machine Workforce (NHI)

  • Managing identities for the 95% of accounts that aren't human
  • Workload Identity Federation: Understanding the SPIFFE standard for platform-agnostic identity
  • Dynamic Secret Injection: Using HashiCorp Vault for "Just-in-Time" database credentials
  • Attestation Mechanics: How containers prove integrity before receiving OAuth tokens
  • Mutual TLS (mTLS): Securing the connection between Keycloak and autonomous AI agents
  • API Security: Ensuring that autonomous agents have the correct OAuth "scopes" and "claims" before they can access backend data
  • Auto-Enrollment AI Audit: Using AI to monitor AD CS logs for certificate anomalies
  • LAB: Securing n8n workflows with mTLS
  • LAB: mTLS with SPIRE Workload Attestation

Module 4: Identity Governance for Agentic AI

  • Designing security guardrails for autonomous AI agents
  • The "On-Behalf-Of" Problem: Manage how an AI agent proves it has explicit user consent to perform a task with OAuth
  • Blast Radius Management: Restricting agent access based on intent with OAuth scopes
  • Identity-Aware LLM Chains: OAuth tokens carry the identity context for AI prompts to prevent data leakage
  • LAB: AI Agent Secret Retrieval
  • LAB: AI Agent "Human-in-the-Loop" Approval

Module 5: Visualizing the Identity Attack Surface

  • Using Graph Theory AI to see what the attacker sees
  • Identity Graph Fundamentals: Mapping nodes (users) and edges (permissions)
  • Shadow Admins: Detecting users with excessive permissions outside standard groups
  • Tiered Administration: Implementing the "Red Forest" or Enterprise Access Model
  • ESC (Escalation) Vulnerabilities: Using BloodHound to find Certificate Template misconfigurations
  • Monitoring CA Logs: Sending AD CS "Certificate Issued" events to Wazuh
  • LAB: The "BloodHound" Attack Path Hunt
  • LAB: Detecting Certificate Forgery

Module 6: Active Defense & Autonomous Response

  • Detecting and killing sessions in the middle of an attack
  • Embody Zero Trust continuous monitoring and automated remediation
  • Token Theft & Session Hijacking: Real-time detection of "Cookie Replay" attacks with OAuth bearer tokens
  • Sigma for Identity: Writing rules for Kerberoasting, DCSync and Brute Force
  • Automated Remediation Playbooks: Configuring Wazuh to trigger a "Global Logout" via OAuth APIs when an attack is detected
  • LAB: Detecting "Golden Ticket" Anomalies

Module 7: Active Defense & Autonomous Response

  • Using AI to automate the tedious parts of compliance
  • Entitlement Outlier Detection: Using Peer Group Analysis to find excessive permissions
  • Continuous Access Certification: Moving from quarterly reviews to real-time reviews
  • Joiner-Mover-Leaver (JML) Pipeline: Automating role changes during department switches and termination
  • CRL and OCSP: Using Keycloak to check if a Windows certificate has been revoked
  • LAB: Entitlement Auditing with "Baton"
  • LAB: The Offboarding Workflow

Module 8: The Future of Privacy: ZKP & DID

  • Decoupling "Who you are" from "What you are allowed to do"
  • Decentralized Identifiers (DID): Giving users ownership of their own identity "Wallet"
  • Zero-Knowledge Proofs (ZKP): Mathematically proving a claim without revealing raw data
  • Verifiable Credentials: Issuing digitally signed "badges" for offline verification
  • LAB: Building a Zero Knowledge Proof Circuit
Course Dates
Attendance Method
Additional Details (optional)