Skip to content

Akeyless unveiled the world’s first Unified Secrets and Machine Identity Platform to address the #1 cause of breaches. Discover Why & How.

Tackling Identity Management Challenges at Scale: Insights from Adam Arellano, Advisor at Traceable

identity management

Introduction
Oded Hareven, CEO and Co-Founder of Akeyless, sat down with Adam Arellano, Technology Advisor at Traceable, for an insightful fireside chat. From Adam’s unique journey as a Marine-turned-security leader to his thoughts on identity management, machine identity, automation, and addressing API vulnerabilities at scale, this discussion offers valuable lessons for today’s security leaders.

From the Marine Corps to Cybersecurity Leadership

Oded Hareven: Adam, thank you for joining us. Let’s start with your background. You’ve had quite an unconventional journey into cybersecurity.

Adam Arellano: It’s true. My career started after 9/11 when I joined the Marine Corps as a pacifist—an odd choice, I know. I served for 14 years, first as an enlisted Marine and later as a communications officer. That’s where I was introduced to cybersecurity, managing both classified and unclassified networks. After leaving the Marine Corps, I transitioned to roles in the private sector, including stints at Salesforce, a foster care and adoption startup, and most recently, PayPal.

A Holistic Approach to Cybersecurity and Identity Management

Oded Hareven: Your degree in social work seems like an unusual foundation for a cybersecurity career. How has it influenced your approach?

Adam Arellano: My social work background gives me a systems-focused perspective. I see every cybersecurity challenge as a combination of people, policy, and technology. For example, many breaches aren’t caused by flawed tech but by improper implementation or weak procedures. To truly secure systems, we need to address these human and organizational factors alongside the technical ones.

Oded Hareven: Can you give an example of this interplay?

Adam Arellano: Access management is a good one. Many organizations grant permissions but fail to revoke them when they’re no longer needed. Automating these processes reduces human error and ensures that access is always appropriate.

The Challenges of Machine Identity

Oded Hareven: Let’s talk about machines. What makes machine identity so complex compared to human identity?

Adam Arellano: The sheer scale is the biggest challenge. Machines now outnumber humans by orders of magnitude. Each machine, API, and service requires authentication, often with tokens or keys. Managing these identities at scale is incredibly difficult. For example, ensuring that each API call is authenticated individually, rather than granting broad permissions, is critical but often overlooked.

Oded Hareven: How do you see authentication evolving for machines?

Adam Arellano: We need to move toward action-based authentication. Instead of a machine having blanket permissions, it should authenticate for each specific action in real-time. This approach minimizes risk and mirrors how we’re improving human authentication with MFA and contextual validation.

The Rise of Automation and the Role of Developers

Oded Hareven: You’ve emphasized the importance of collaboration between security and development teams. Why is this critical?

Adam Arellano: Security teams often act as service providers for developers. To ensure secure systems, security professionals must spend time understanding how developers work. For example, watching how they interact with tools like CI/CD pipelines or key management systems can reveal opportunities to make secure practices easier and more intuitive. If the secure path is also the easiest path, developers are more likely to follow it.

Oded Hareven: What’s your advice for bridging the communication gap between these teams?

Adam Arellano: Build relationships. Security personnel should step out of their silos and spend time with the teams they’re supporting. Understanding their workflows and challenges fosters better collaboration and ensures that security measures are both effective and user-friendly.

Identity Management Lessons from Recent Breaches

Oded Hareven: Let’s dive into breaches. What trends have you noticed in recent years?

Adam Arellano: Two common themes stand out: compromised identity and API vulnerabilities. Many breaches aren’t sophisticated hacks; they’re the result of stolen credentials. Once an attacker has valid access, they can often exploit APIs to exfiltrate data. For example, poorly validated APIs can allow attackers to bypass security checks entirely.

Oded Hareven: How can organizations address these issues?

Adam Arellano: It starts with robust identity management. Rotate credentials frequently, adopt just-in-time access, and implement proper validation for APIs. These measures reduce the attack surface and make it harder for bad actors to exploit weaknesses.

Simplifying Security in a Crowded Vendor Landscape

Oded Hareven: The cybersecurity industry is saturated with vendors. How do you navigate this complexity?

Adam Arellano: One of my first tasks as a new CISO is to review every tool we’re using. If a tool isn’t delivering value, I turn it off. Consolidating tools reduces complexity, saves time, and allows teams to focus on what matters. For example, having a single platform that handles multiple use cases can streamline operations and improve efficiency.

Oded Hareven: Beyond cost savings, what are the benefits of consolidation?

Adam Arellano: Time savings are significant. Security analysts spend less time juggling tools and more time responding to incidents. Simplified systems are also easier to maintain and update, reducing the risk of vulnerabilities.

Closing Thoughts on Identity Management

Oded Hareven: Adam, thank you for sharing your insights. Any final thoughts?

Adam Arellano: Identity management is at the heart of modern cybersecurity challenges, whether we’re talking about humans, machines, or APIs. As security professionals, we need to think holistically, prioritize collaboration, and embrace automation to stay ahead of the curve.

Oded Hareven: How can people connect with you?

Adam Arellano: I’m active on LinkedIn and Blue Sky—exciting announcements coming soon, so stay tuned!


Adam’s journey and insights highlight the importance of collaboration, innovation, and adaptability in addressing today’s security challenges. By focusing on identity management, automation, and simplifying tools, organizations can better navigate the complexities of modern cybersecurity.

By understanding the factors driving the rise in identity-based attacks and adopting proactive strategies, CISOs can better protect their organizations in today’s complex cybersecurity landscape. Explore how Akeyless can help unify and secure your secrets and identities—learn more here.

About Akeyless

Trusted by Fortune 100 companies and industry leaders, Akeyless is redefining identity security for the modern enterprise, delivering the world’s first unified Secrets & Machine Identity platform designed to prevent the #1 cause of breaches – compromised identities and secrets. Backed by the world’s leading cybersecurity investors and global financial institutions including JVP, Team8, NGP Capital and Deutsche Bank, Akeyless Security delivers a cloud-native SaaS platform that integrates Vaultless® Secrets Management with Certificate Lifecycle Management, Next Gen Privileged Access Management (Secure Remote Access), Encryption and Key Management Services (KMS) to manage the lifecycle of all non-human identities and secrets across all environments.

Ready to get started?

Discover how Akeyless simplifies secrets management, reduces sprawl, minimizes risk, and saves time.

Book a Demo