The Signal

A Government deputy CISO took a call with Strivacity this month. The goal was to wrangle a sprawling identity landscape that now covers external users, not just staff. A software IT director is outgrowing Entra ID across 9,000 remote users and several clouds. A finance fraud-risk executive said it flatly. Traditional privileged access "was not designed for today's dynamic ecosystem of vendors, cloud services, automation platforms, and APIs."

Across the DoGood network, identity is the densest cluster this month outside of AI code. The members naming it span six industries: Government, Hospitality, Software, Construction, Finance, and Law. They are not asking which IAM tool is best. They are re-shopping the whole category. Their current tools were built for one job: humans logging into known systems.

That job changed. The new job is machine identities, AI agents, and credentials that live for minutes. One holding-company CISO is investigating Heeler because CoPilot Studio's agent guardrails felt too thin. A Government deputy CISO wants security agents that "can ONLY act within their boundaries." No vendor owns this category yet. That is why the names in play keep shifting.

From the Network

"Traditional privileged access management approaches were not designed for today's dynamic ecosystem of vendors, cloud services, automation platforms, APIs, and remote administration models."

— Cybersecurity & Fraud Risk Executive, Finance

"Managing 9K remote users across multiple clouds is risky because our current Entra ID setup lacks deep visibility, leaving us potentially vulnerable to credential leaks and manual secrets management bottlenecks."

— IT Director, Software

"We have a zero trust strategy we are trying to employ as an organization. We are evaluating whether a solution like yours will help us achieve our objectives. Security compliance is a big part of this."

— Head of Information Security, Healthcare

Three industries, three doors into the same room. The tool was built for employees. The environment is now full of machines.

Top Open Priorities This Week

Two raw asks pulled directly from member submissions in the last two weeks, unedited:

"Had a call with Strivacity. Want to comapare and contrast. We have a lot of identity landscape and I want something that can wrangle it. not only for internal users, but for external users of our services if possible."

— Head of Risk & Compliance (Deputy CISO), Government

"We are exploring the identity management area. We have a couple of tools in our environment that can do this. Need help determining and how we would do lifecycle management and automation."

— Chief Information Officer, Hospitality

Both members already own identity tools. Both are shopping anyway. The gap is lifecycle and scale, not basic login.

New to the Network

Thirty-five IT leaders joined the DoGood network in June. The senior cohort included the Vice Chancellor for IT and CIO at the University of Massachusetts Amherst, the Global CIO at Cadwalader, Wickersham & Taft, the CISO at the Southeastern Pennsylvania Transportation Authority, the Deputy CISO at Biogen, the Chief AI Officer at N-able, the SVP Supply Chain and CIO/CISO at Accuride, the Global VP of IT M&A at WSP, the CIO at the City of Scottsdale, and the VP and Head of Cyber Security at A+E Global Media. The May cohort skews public sector and IT services, and runs 83% senior by title.

Member Spotlight: Joe Letizia, Armstrong International

Every member re-shopping identity this week is about to hit the problem Joe Letizia already solved: running two systems at once during a swap. He leads global IT at Armstrong International, and he put it plainly in his DoGood member spotlight, "When you buy software as a service now, ask for sixty days on the front end, because you're going to be running two systems at once while you stand the new one up."

The Context

KPMG's Cybersecurity Considerations 2026 report landed this month with one number that explains the pattern. Non-human identities now outnumber human users 80 to 1 in the average enterprise. These are the service accounts, machine credentials, and AI agents your IAM tool was never built to see. KPMG also found that 61% of US companies have already mandated a human in the loop for autonomous agents. That is the same instinct a Government deputy CISO voiced this month: agents that can only act within their boundaries.

The headlines are catching up to what the network already knew. Members started re-shopping identity before the report named the reason.

Bottom Line: Identity used to be a people problem. The 80-to-1 ratio makes it a machine problem now, and most org charts have not caught up.

What to Do About It

Pull your identity provider's count of non-human identities this week: service accounts, API keys, tokens, and any registered AI agents. Set it next to your human headcount. If the ratio surprises you, you have found your next budget line. Then ask your IAM vendor one question: which of these can you govern today, and which are invisible?

The CXO Brief is powered by the DoGood network, 5,000+ IT leaders sharing what they are actually working on.

Know a CIO who needs this? Forward it and they can subscribe here.

Enterprise IT leader at a $100M+ company? Apply to join DoGood.

Keep Reading