Console Hero to IAM Zero: Learn from Temporal's Just-In-Time Journey
Brandon Sherman 👾
fwd:cloudsec Europe 2025 · Day 2 · Main Room
Brandon Sherman of Temporal Technologies delivered a practitioner-focused talk on eliminating static credentials across AWS and GCP by implementing **just-in-time (JIT) access** as a core security control. Drawing from his experience as a solo security engineer at a fast-growing startup, Sherman laid out a phased, human-centered strategy for moving an entire engineering organization from persistent administrative access to time-bounded, approval-gated credentials — without destroying developer productivity. The talk is equal parts technical playbook and organizational change-management guide, offering concrete lessons on earning user trust while systematically reducing the blast radius of compromised credentials.
AI review
A well-structured operational playbook for eliminating static credentials through just-in-time access, grounded in real-world experience at Temporal. While it lacks novel vulnerability research or offensive technique depth, it delivers actionable defensive architecture that addresses the single most exploited attack vector in cloud environments.