Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementSecurity & Business ResilienceCybersecurity News

5 minutes with David Mahdi — Establishing digital trust with identity-first security

By Maria Henriquez
SEC_Web_5Minutes-Mahdi-0922_1170x658.jpg

Headshot courtesy of Sectigo

August 30, 2022

Security magazine sits downs with David Mahdi, Chief Strategy Officer and Chief Information Security Officer (CISO) Advisor at Sectigo. Previously, Mahdi was a Gartner analyst, advising clients and executives on topics ranging from cybersecurity, identity and access management (IAM), blockchain, PKI, Internet of Things, cloud and data security.


Mahdi discusses why enterprise security leaders must establish and maintain digital trust in today’s increasingly virtual world.


1. Security: What is the role of digital trust?   

Mahdi: Digital trust — that is, trust in machines, software, devices, and humans interacting with digital services that now power our world — needs to be established as it is now a critical requirement to conduct business securely and seamlessly. Ultimately, the goal of digital trust is to enable secure access to data, systems, and resources.

 

Enterprises now find themselves with a problem: the need to individually verify, onboard, and authenticate every device, user, application (software), and entity interacting with the organization’s network to ensure legitimacy, wherever the connections come from.

 

While many organizations have focused on implementing a zero-trust approach, it is just the first piece of a much larger puzzle to trusting the humans and machines that are at the center of their businesses.

 

As organizations scale to keep pace with today’s technological innovation and new hybrid work trends, it is imperative that they protect all human, non-human, and machine identities across their environment, which is why all businesses need digital trust and identity-first security to compete and operate today.

 

2. Security: What does identity-first security enable?   

Mahdi: Identity-first security is a term increasingly referenced by cybersecurity practitioners and leading industry analysts as a top priority for every IT security department as the post-COVID technology landscape, and threat factors have dramatically changed and continue to shift. In fact, Gartner recently identified identity-first security as a top security trend in their annual Top Security Trends report.  

 

At its core, identity-first security enables “the right individuals to access the right resources at the right times for the right reasons.” That means identity is now operating as the new perimeter, securing all identities — human or machine — throughout the cycle of accessing critical business assets and sensitive information.

 

Each access point that requires a credential needs identity verification to be unlocked, and herein lies the gap for error and data mishaps if it’s not identity-proof. As we move forward, the world will see digital certificates acting as a critical element for identity-first security for all digital businesses.   

 

3. Security: What risks exist in the realm of digital trust? How can enterprises establish digital trust with identity-first security?  

Mahdi: Attackers are effectively hijacking digital trust by compromising and stealing identities — either by buying leaked credentials or by socially engineering them — to target organizational issues inherent with hybrid work, human error, and shadow IT.   

 

To start, social engineering is a weak link when it comes to security, as even the most tech-savvy people can be tricked. Other risks to digital identities, from password theft and ransomware to bypassing multifactor authentication, prove that bad actors are finding sophisticated ways to attack digital identities in order to compromise data and other resources.

 

The well-covered Solarwinds digital supply chain attack, for example, involved compromising identities and manipulating privileged access, serving as a wake-up call for business leaders to protect and maintain identity infrastructures.  

 

An enterprise’s identity-first security strategy must include centralized control to manage the explosion of identities all requiring digital trust to access networks and resources. Identity-first security must start with flexible, cloud-first and forward digital identities.

 

While a myriad of human and machine identity products and services will likely be needed; many security and risk leaders are recognizing that digital certificates are critical to enabling many identity-first use cases today. Such as passwordless authentication and machine identity management. All must be enabled with an open and interoperable digital certificate platform.

 

Digital certificates are proven to instill digital trust in any modern-day IT environment. Issued by Certificate Authorities (CAs), they secure and authenticate human and machine identities and should include Certificate Lifecycle Management (CLM) for a new automated approach.


4. Security: Why is this critical to implement in the height of tech innovation?

Mahdi: From digitally signing emails to blockchain-enabled technologies, digital certificates underpin the security of digital identities and the digital world and are further relied on by all technologies from the oldest to the newest.

 

As digital transformation excels, it’s easy to forget to revisit old technologies that have been relied on for decades without re-assessing the infrastructure that will enable future-forward technologies.  

 

Thanks to digital transformation, the amount of human and machine identities being created is growing every day, and this number will only continue to explode. As we look ahead to the future of technology, from the metaverse and Web3 to quantum computing, organizations must take the necessary steps to validate and secure every single identity trying to access their networks.

 

Knowing that bad actors will take advantage of any gaps in the new perimeters and accelerate in manipulating identity as an attack surface, security experts need to have the tools in place today to outpace the identity security threats of tomorrow.  

KEYWORDS: cyber security digital trust identity security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • 5mw Golden

    5 minutes with Deborah Golden - Establishing trust in the digital identity ecosystem

    See More
  • laptop

    Identity-first security boosts digital trust for humans & machines

    See More
  • 5 mins with Soroko

    5 minutes with Jason Soroko - The importance of zero trust during COVID-19

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing