Episode 8: Ping Identity with Special Guest Bjorn Aannestad

https://is1-ssl.mzstatic.com/image/thumb/Podcasts221/v4/68/e2/0d/68e20d3d-5bc1-c99c-9552-3631a2271f37/mza_9326226102704004236.jpg/600x600bb.jpg

Know Your Adversary

SpecterOps

8 episodes

1 week ago

Know Your Adversary is a podcast by SpecterOps that dives deep into identity security through the lens of the attacker. Hosted by Jared Atkinson and Justin Kohler, each episode unpacks the methods, mindsets, and missteps that shape modern identity risk. From real-world war stories to cutting-edge research, the show brings together practitioners, researchers, and engineers to explore how adversaries think—and how defenders can get ahead.

Technology

RSS

All content for Know Your Adversary is the property of SpecterOps and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_nologo/44087811/44087811-1758082909155-0ec26f5fa3e58.jpg

Episode 8: Ping Identity with Special Guest Bjorn Aannestad

Know Your Adversary

45 minutes 39 seconds

1 month ago

Episode 8: Ping Identity with Special Guest Bjorn Aannestad

In this episode of Know Your Adversary, Jared Atkinson and Justin Kohler sit down with SpecterOps Principal Product Architect Andy Robbins and Ping Identity Director of Product Management Bjorn Aannestad to discuss SpecterOps’ recent attack path research engagement with the PingOne platform. The conversation covers how the collaboration began, why gaining access to a real PingOne tenant was crucial for accurate modeling, and what stood out about Ping Identity’s documentation, design choices, and security philosophy.

Andy walks through key elements of the PingOne architecture—including its RBAC model, environment structure, and controls that limit privilege escalation—while the group highlights how thoughtful design can dramatically reduce attack path complexity. They also explore the broader challenges of understanding hybrid identity systems, how cross-platform dependencies can create unexpected risk, and why validating security assumptions across interconnected services is essential for modern defenders.