This episode features Sander Berkouwer and Raymond Comvalius, two longtime identity security experts and Microsoft Most Valuable Professionals (MVPs).

Sander is an independent identity architect and author of the Active Directory Cookbooks. Raymond is an IT specialist and senior technical consultant specializing in hybrid identity, Microsoft Entra ID, and identity lifecycle automation.

In this episode, they explore a growing blind spot in cloud security: application governance. As organizations adopt more cloud apps and integrations, identity platforms like Microsoft Entra ID often accumulate hundreds of application registrations with little oversight.

They explain why governance so often falls behind adoption, share practical steps organizations can take to regain control, and discuss the next frontier of identity.

Guest Bios

Sander Berkouwer DirTeam Sander Berkouwer works as an independent identity architect in the Netherlands, where he helps organizations make the most out of Microsoft products, services, strategies, and technologies. Sander blogs on DirTeam.com. He regularly gets invited as speaker for his enthusiastic approach, his in-depth real-world knowledge and as the author of the much-appraised Active Directory Cookbooks. Sander has been awarded the Microsoft Most Valuable Professional (MVP) award (for the last 17 years), Veeam Vanguard award (for the last 8 years) and VMware vExpert (for 3 years).

Raymond Comvalius Raymond Comvalius is an IT specialist and senior technical consultant with more than two decades of experience delivering enterprise infrastructure, identity, and security improvements. His work centers on hybrid identity and Microsoft ecosystems, including Microsoft Entra ID, Conditional Access, and identity lifecycle automation with Microsoft Graph and scripting. Raymond advises teams on pragmatic roadmaps for strengthening authentication (MFA, passkeys/FIDO2, Windows Hello), improving governance, and operationalizing secure access at scale across cloud and on-prem environments. Beyond consulting, he serves as a board member and co-hosts the IT Bro’s Podcast, sharing news and insights for identity and security professionals.

Guest Quotes  “In your tenant, you want to know what objects are in there, and it doesn't matter if those are users or groups or applications. You want to know what's in there so that you can keep track of what's going on.” - Raymond Comvalius

“There's a difference between an application and an agent. An agent is far more ephemeral. It does a job that requires some sort of permission. It spins up, it does its thing, and it spins down.” - Sander Berkouwer

Time stamps 00:45 Meet Sander Berkouwer and Raymond Comvalius: Microsoft Most Valuable Professionals (MVPs) 02:32 Importance of Entra Application Governance 12:29 How to Get Started with Application Governance 20:18 Understanding Entra Agent ID 26:59 Conclusion and Final Thoughts

Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.

Links Connect with Sander on LinkedIn

Connect with Raymond on LinkedIn

Connect with Sean on LinkedIn

Don't miss future episodes

Learn more about Semperis

This episode features Krista Arndt, Associate CISO at St. Luke’s University Health Network.

With a career spanning healthcare, finance, crypto, and the Department of Defense, Krista brings a uniquely nontraditional path into cybersecurity, one shaped by mission-driven leadership, authenticity, and a commitment to mentorship.

In this episode, Krista explains why identity sits at the center of nearly every major cyber incident and shares lessons from real-world response work. She also draws a striking parallel between incident response and her life as a national drag racing competitor, where staying calm under pressure and building in fail-safes can mean the difference between disaster and resilience.

This episode is a powerful look at what it means to lead in cybersecurity.

Guest Bio Krista Arndt is the Associate CISO SLUHN. As the Associate CISO, Krista is responsible for managing the security program's day-to-day operational effectiveness. In her previous roles, Krista assisted with developing and leading security programs in crypto, finance, and the Department of Defense. Krista earned her Bachelor's Degree in Biology from Felician College in NJ where she was a scholarship athlete, serving as the women’s basketball team captain. She also holds her CISM and CRISC certifications and NHRA competition driver's license.

Krista is an active member of ISACA, serves as InfraGard Philadelphia Chapter’s Healthcare Sector Chief, serves on Neumann University's Business Advisory Council and is Marketing Committee chair for Women in Cybersecurity-Delaware Valley Affiliate. Krista is also a published author, detailing her journey to embracing her unique authenticity in her book, “Permission to be Real; How to Lead, Influence, and Thrive Without Fitting the Mold". Through this service and her writing, Krista's mission is to give back to her community by providing mentorship and support for aspiring cybersecurity professionals, especially for women who wish to enter the field. 

When off the clock, Krista takes her affinity for overcoming challenges to the garage and the race track, where she enjoys building and improving her own race car, competing as a driver in national drag racing events with her family, and using her racing as a forum to advocate for neurodiversity awareness and inclusion.

Guest Quote “In the incidents that I've been involved in, major or not, I’ll tell you—identity is at the crux of that... They’re trying to get unfettered access…  How do they get unfettered access? Through an identity that isn’t secured correctly.”

Time stamps 00:45 Meet Krista Arndt: Veteran CSO 06:17 Writing Permission to Be Real 10:43 Speaking the Business Language: Why Security Translation Matters 12:49 Lessons from Real-World Incidents 15:43 AI Agents and the Next Wave of Identity Risk 16:55 What Drag Racing Teaches About Incident Response 23:28 Surviving the CISO Seat 26:44 Conclusion and Final Thoughts

Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.

Links

Connect with Krista on LinkedIn

Check out Krista’s book: Permission to be Real

Learn more about St. Luke’s University Health Network

Connect with Sean on LinkedIn

Don't miss future episodes

Learn more about Semperis

This episode features Cliff Fisher, Senior Solutions Architect at Semperis and former Senior Technical Program Manager on Microsoft’s Active Directory product group.

With over a decade spent inside Microsoft supporting enterprise customers and helping guide Active Directory’s security and roadmap, Cliff brings a rare insider perspective on what’s actually happening behind the scenes of one of the world’s most widely deployed identity platforms.

In this episode, Cliff tackles the question many organizations are still asking: Is Active Directory really going away? He explains why the shift to cloud identity has moved far slower than expected, shares polling data that confirms hybrid environments are here for the long term, and breaks down how Microsoft is still investing in AD through security hardening, supportability improvements, and features like Windows LAPS.

This episode offers a clearer look at why Active Directory remains central to enterprise identity and what defenders need to prepare for as hybrid becomes the default reality.

Guest Bio With nearly 20 years of Active Directory experience across varied roles in system administration, support, debugging, and program management, Cliff spent over a decade at Microsoft supporting Premier and Unified customers and, most recently, managing the releases of Windows LAPS, new features for Server 2025, and monthly security and quality updates. In January of 2026, he joined Semperis, bringing his unique blend of skills, perspectives, and passion to their stacked roster of established identity experts.

Guest Quote  “The easiest way to get everyone secure is to get people all to the cloud. What [Microsoft] didn't realize... is that customers just aren't going to be able to absorb change at that rate, and especially at that cost. Shifting to the cloud is not cheap.”

Time stamps 01:45 Meet Cliff Fisher: Identity security expert 04:24 Microsoft's Vision for Active Directory 07:58 Challenges and Future of Active Directory 23:12 The Complexity of AD Code and Security Vulnerabilities 24:39 Understanding Fuzzing and Its Importance 27:28 Domain Join Hardening and Its Challenges 36:28 Windows LAPS and Future Security Measures 41:39 Why is RC4 Going Away? 45:14 Conclusion and Final Thoughts

Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.

Links

Connect with Cliff on LinkedIn

Connect with Sean on LinkedIn

Don't miss future episodes

Learn more about Semperis

Submit your proposal to speak at HIP Conf 26: HIP Conf 26 Call for Papers Submission