John Martinez

Technical Evangelist, has had a long 30+ year career in systems engineering and architecture, but has spent the last 13+ years working on the Cloud, and specifically, Cloud Security. He's currently the Technical Evangelist at StrongDM, taking the message of Zero Trust Privileged Access Management (PAM) to the world. As a practitioner, he architected and created cloud automation, DevOps, and security and compliance solutions at Netflix and Adobe. He worked closely with customers at Evident.io, where he was telling the world about how cloud security should be done at conferences, meetups and customer sessions. Before coming to StrongDM, he lead an innovations and solutions team at Palo Alto Networks, working across many of the company's security products.

StrongDM has been featured in Forbes, The New Stack, VentureBeat, DevOps.com, TechCrunch, and Fortune.

Expertise

Identity and Access Management, Authentication, Compliance, Security, DevOps, Access, Privileged Access Management, Zero Trust, Productivity, Integrations, Databases, NIST, HIPAA

Latest blog posts from John

Workforce Identity and Access Management (IAM) Explained

Workforce identity and access management (IAM) secures your internal users, employees, contractors, and engineers by verifying who they are, controlling what they can do, and monitoring how they interact with sensitive systems. It’s the foundation of Zero Trust in a cloud-first world. This guide breaks down everything from SSO and MFA to RBAC, JIT access, and directory services, and how they all work together to keep your workforce productive and protected.

What Is Context-Aware Authentication? Examples & How It Works

Passwords alone don’t stop breaches anymore. Context-aware authentication changes the game by using real-time signals like device, location, time, and behavior to decide whether access should be granted.

The State of Compliance in Financial Institutions Report by StrongDM

StrongDM’s latest survey of 1,000 IT, compliance, and security professionals at financial institutions and fintech firms reveals a telling picture: while confidence in compliance planning is high, operational challenges persist, especially around privileged access management and audit preparedness.

Top 7 Secrets Management Tools for 2025 and Beyond

Explore the top 7 secrets management tools, including StrongDM, HashiCorp Vault, AWS Secrets Manager, and Doppler. Discover secure, Zero Trust solutions that reduce secret sprawl, automate credential rotation, enforce least privilege, and integrate seamlessly with DevOps workflows.

15 Best Kubernetes Management Tools for Cluster Control in 2025

Explore the best Kubernetes management tools, including StrongDM, Lens, Rancher, and Argo CD. Discover powerful solutions for cluster control, secure access, automation, observability, and cost optimization to streamline your Kubernetes infrastructure.

SAML vs. SSO: What's the Difference & How They Work Together

Single sign-on (SSO) gives users one login to access everything. SAML is one of the key protocols that makes that possible—passing identity data securely between identity providers and service providers. But while all SAML implementations are part of SSO, not all SSO solutions rely on SAML. Understanding how SAML fits into your authentication stack helps you choose the right tools for modern access control. This guide breaks down how SAML works, how it powers SSO, and how you can manage

User Access Review Checklist: Best Practices & Automation

As teams grow and roles shift, it’s easy for permissions to get out of sync. That’s where user access reviews come in—they ensure every employee, vendor, or service account has exactly the access they need, and nothing more.Regular reviews reduce risk, prevent privilege creep, and help meet compliance requirements like SOX, ISO 27001, and HIPAA. But manual reviews? They’re slow, messy, and often incomplete.This guide breaks down the essentials of access reviews—what they are, why they matter,

What Is Secrets Management? Best Practices for 2025

Secrets management is the practice of securely storing, accessing, and controlling digital authentication credentials such as passwords, API keys, certificates, and tokens used by applications and systems. It ensures that sensitive information is protected from unauthorized access, while supporting automation, compliance, and security across modern infrastructure.

Financial Security in the Cloud: Why IAM & PAM Aren’t Enough

Legacy security models can’t protect modern financial systems. Continuous Authorization ensures real-time, risk-based access control for true Zero Trust. Learn how to secure your cloud and hybrid environments today.

Top 9 Cloud Databases for 2025 (Free & Paid)

This guide breaks down the top cloud database solutions reshaping how organizations store, manage, and scale data. From relational databases to NoSQL options, we’ll cover what matters most when choosing the right solution for your needs. By the end, you’ll understand how modern cloud databases drive scalability and performance—and which one is the best fit for your organization.

NIST Password Guidelines: 2025 Updates & Best Practices

The latest updates in NIST Special Publication shift focus from complexity to usability. Key changes include: 1. Prioritizing password length over complexity. 2. Mandating compromised credential screening. 3. Encouraging passwordless authentication methods. 4. Eliminating forced password resets unless compromise is suspected.

15 Cybersecurity Regulations for Financial Services in 2025

In this guide, we’ll cover the 15 most important cybersecurity regulations for financial services providers. We’ll show exactly which ones—from GDPR and PCI DSS to MAS TRM, CBEST, and others—apply to your organization, and explain, in plain in English, what they are, how they impact your business, and how you can initiate a path for compliance.

HIPAA Multi-Factor Authentication (MFA) Requirements in 2025

The HIPAA Multi-Factor Authentication (MFA) requirement is a security measure that requires users to verify their identity using at least two different factors—such as something they know (a password), something they have (a smartphone or token), or something they are (a fingerprint)—to access systems containing electronic Protected Health Information (ePHI). This additional layer of security is designed to protect sensitive healthcare data from unauthorized access, even if one credential is

How to Streamline PSD2 Compliance with StrongDM

In this post, we’ll explore what PSD2 compliance challenges businesses face, and how StrongDM simplifies secure access to help organizations confidently meet PSD2 requirements.

Want to learn more?
See StrongDM in action. 👀

Book a Demo