Identity Security - AI Powered IAM and ITDR

Course 1214

  • Duration: 3 days
  • Language: English
  • Level: Intermediate

This course is an "Identity Bootcamp", providing a progression from foundational identity best practices to advanced AI-driven implementation. It bridges the gap between proactive Identity and Access Management (IAM) and reactive Identity Threat Detection and Response (ITDR), using AI as the intelligence layer for real-time detection, behavioral analytics (UEBA), and automated response. The included LABs are built on a stack that supports Identity Orchestration, Behavioral Analytics, and Machine Identity Management.

The content is organized into 4 areas: The Human Element & Risk Orchestration, The Machine & Agentic Explosion, Identity Threat Detection & Response, and Privacy, Governance, and the Future. Zero Trust is the foundational philosophy of this course, woven into the curriculum by shifting focus from traditional perimeter security to "Identity-First" security.

AI Identity Security Training Delivery Methods

  • In-Person

  • Online

  • Upskill your whole team by bringing Private Team Training to your facility.

AI Identity Security Training Information

  • Course Benefits

    • Modernize authentication with FIDO2, WebAuthn, and passkeys, replacing vulnerable shared-secret methods.
    • Build AI-driven risk engines using behavioral biometrics for continuous identity verification.
    • Secure machine identities with SPIFFE and HashiCorp Vault using just-in-time credentials.
    • Govern agentic AI through security guardrails that control permissions and prevent data leakage.
    • Map identity attack paths and shadow administrators using graph analytics and BloodHound.
    • Automate threat response with Sigma rules and Wazuh-driven active defense playbooks.
    • Implement next-generation privacy using Zero-Knowledge Proofs (ZKP) and Decentralized Identifiers (DID).

    Prerequisites

    Attendees should have intermediate knowledge in networking and cybersecurity and knowledge of AI at the level of AI and Cyber Security: Attack and Defend.

AI Identity Security Training Outline

Module 1: Architecture of Modern Authentication

  • Understand the shift from shared secrets to cryptographic identity verification.
  • Analyze the limitations of SMS and TOTP-based MFA against modern attacks.
  • Implement strong authentication using FIDO2 and WebAuthn.
  • Deploy passkeys and passwordless authentication workflows.
  • Secure account recovery with AI-assisted identity verification.
  • Configure trusted certificate authorities and identity trust chains.
  • LAB: Establish ADFS trust relationships using Microsoft PKI.
  • LAB: Implement passwordless X.509 certificate-based authentication.

Module 2: Real-Time Risk Engines

  • Building the AI "Brain" that decides when to trust a login signal
  • Behavioral Biometrics: Capturing keystroke dynamics, mouse velocity and touch pressure
  • Contextual Telemetry: Analyzing "Geo-velocity" and IP reputation signals
  • ML Anomaly Detection: Training Scikit-learn models on "Normal" user login patterns
  • LAB: Adaptive Risk Orchestration
  • LAB: "Geo-Velocity" Risk Trigger
  • LAB: Adding, executing and reviewing tests with Playwright

Module 3: Securing the Machine Workforce (NHI)

  • Managing identities for the 95% of accounts that aren't human
  • Workload Identity Federation: Understanding the SPIFFE standard for platform-agnostic identity
  • Dynamic Secret Injection: Using HashiCorp Vault for "Just-in-Time" database credentials
  • Attestation Mechanics: How containers prove integrity before receiving OAuth tokens
  • Mutual TLS (mTLS): Securing the connection between Keycloak and autonomous AI agents
  • API Security: Ensuring that autonomous agents have the correct OAuth "scopes" and "claims" before they can access backend data
  • Auto-Enrollment AI Audit: Using AI to monitor AD CS logs for certificate anomalies
  • LAB: Securing n8n workflows with mTLS
  • LAB: mTLS with SPIRE Workload Attestation

Module 4: Identity Governance for Agentic AI

  • Designing security guardrails for autonomous AI agents
  • The "On-Behalf-Of" Problem: Manage how an AI agent proves it has explicit user consent to perform a task with OAuth
  • Blast Radius Management: Restricting agent access based on intent with OAuth scopes
  • Identity-Aware LLM Chains: OAuth tokens carry the identity context for AI prompts to prevent data leakage
  • LAB: AI Agent Secret Retrieval
  • LAB: AI Agent "Human-in-the-Loop" Approval

Module 5: Visualizing the Identity Attack Surface

  • Using Graph Theory AI to see what the attacker sees
  • Identity Graph Fundamentals: Mapping nodes (users) and edges (permissions)
  • Shadow Admins: Detecting users with excessive permissions outside standard groups
  • Tiered Administration: Implementing the "Red Forest" or Enterprise Access Model
  • ESC (Escalation) Vulnerabilities: Using BloodHound to find Certificate Template misconfigurations
  • Monitoring CA Logs: Sending AD CS "Certificate Issued" events to Wazuh
  • LAB: The "BloodHound" Attack Path Hunt
  • LAB: Detecting Certificate Forgery

Module 6: Active Defense & Autonomous Response

  • Detecting and killing sessions in the middle of an attack
  • Embody Zero Trust continuous monitoring and automated remediation
  • Token Theft & Session Hijacking: Real-time detection of "Cookie Replay" attacks with OAuth bearer tokens
  • Sigma for Identity: Writing rules for Kerberoasting, DCSync and Brute Force
  • Automated Remediation Playbooks: Configuring Wazuh to trigger a "Global Logout" via OAuth APIs when an attack is detected
  • LAB: Detecting "Golden Ticket" Anomalies

Module 7: Active Defense & Autonomous Response

  • Using AI to automate the tedious parts of compliance
  • Entitlement Outlier Detection: Using Peer Group Analysis to find excessive permissions
  • Continuous Access Certification: Moving from quarterly reviews to real-time reviews
  • Joiner-Mover-Leaver (JML) Pipeline: Automating role changes during department switches and termination
  • CRL and OCSP: Using Keycloak to check if a Windows certificate has been revoked
  • LAB: Entitlement Auditing with "Baton"
  • LAB: The Offboarding Workflow

Module 8: The Future of Privacy: ZKP & DID

  • Decoupling "Who you are" from "What you are allowed to do"
  • Decentralized Identifiers (DID): Giving users ownership of their own identity "Wallet"
  • Zero-Knowledge Proofs (ZKP): Mathematically proving a claim without revealing raw data
  • Verifiable Credentials: Issuing digitally signed "badges" for offline verification
  • LAB: Building a Zero Knowledge Proof Circuit

Need Help Finding The Right Training Solution?

Our training advisors are here for you.

AI Identity Security Training FAQs

Traditional Identity and Access Management (IAM) focuses on managing identities, authentication, and access permissions. ITDR extends IAM by continuously monitoring identities for suspicious behavior, detecting identity-based attacks, and automating response actions. In this course, you'll learn how AI enhances ITDR by identifying anomalies, compromised accounts, privilege abuse, and machine identity threats in real time.

No. The course focuses on identity security concepts, architectures, and best practices that apply across modern identity platforms. While examples and labs may leverage technologies such as Microsoft Entra ID, Active Directory, FIDO2, Keycloak, or other leading solutions, the skills learned are transferable across IAM and ITDR environments.

Absolutely. Identity has become the primary security perimeter in modern enterprises. The course examines how identity security supports Zero Trust principles through continuous verification, adaptive access controls, strong authentication, least-privilege access, and AI-powered threat detection.

Participants will gain practical experience implementing passwordless authentication, configuring trust relationships, analyzing identity attack paths, detecting identity threats, securing machine identities, and applying AI-powered techniques to strengthen IAM and ITDR programs. The labs are designed to mirror real-world identity security challenges faced by modern enterprises.