John Martinez

Technical Evangelist, has had a long 30+ year career in systems engineering and architecture, but has spent the last 13+ years working on the Cloud, and specifically, Cloud Security. He's currently the Technical Evangelist at StrongDM, taking the message of Zero Trust Privileged Access Management (PAM) to the world. As a practitioner, he architected and created cloud automation, DevOps, and security and compliance solutions at Netflix and Adobe. He worked closely with customers at Evident.io, where he was telling the world about how cloud security should be done at conferences, meetups and customer sessions. Before coming to StrongDM, he lead an innovations and solutions team at Palo Alto Networks, working across many of the company's security products.

StrongDM has been featured in Forbes, The New Stack, VentureBeat, DevOps.com, TechCrunch, and Fortune.

Expertise

Security, Access, Authentication, DevOps, Identity and Access Management, Observability, Auditing, Zero Trust

Latest blog posts from John

5 Types of Multi-Factor Authentication (MFA) Explained

With so many advanced cyber attackers lurking on the threat landscape, a simple password is no longer enough to safeguard your sensitive data. There are many reasons to adopt MFA for your business. It supplements your security by requiring additional information from users upon their access requests—and it significantly reduces your risk of incurring a breach. Several multi-factor authentication methods are available, with varying strengths and weaknesses. Be sure to compare the differences

How to Prevent SQL Injection Attacks: 6 Proven Methods

SQL injection attacks remain one of the most prevalent and dangerous threats to database security. These attacks can compromise sensitive data, disrupt operations, and cause significant financial and reputational damage. Understanding how to prevent SQL injection attacks will help you foster a security-conscious organizational culture.

How To Monitor and Securely Access IoT Devices Remotely

Internet of Things (IoT) devices form the backbone of many modern businesses, facilitating operations, collecting valuable data, and enhancing efficiency. However, the widespread deployment of these devices creates numerous entry points for potential attackers. Without robust security measures, you risk exposing critical systems and sensitive information to malicious actors.

What Is Defense In Depth (DiD)? Strategy & Implementation

Traditional security measures like simple virus protection, firewalls, and web and email filtering are no longer sufficient to safeguard against the sophisticated tactics used by modern cybercriminals. This heightened complexity means you must implement advanced defense mechanisms that go beyond basic protections, ensuring a resilient and adaptive cybersecurity posture.

MFA: The Brave New World of Authentication (Infographic)

Get ready to secure everything and anything with MFA. Easily combine security checks such as device trust and geo-location. With StrongDM you can MFA all resources (e.g., multiple clouds, diverse databases, or critical applications, etc.) without changing your applications’ code or infrastructure.

MFA Fatigue Attack: Meaning, Types, Examples, and More

This article investigates MFA fatigue attacks. We'll explain how they work, why they're effective, and who they typically target. We'll also provide real-life examples to help your team detect and prevent these threats. You'll leave with a clear understanding of MFA fatigue attacks and tips on how to shore up your cloud security to defend against them.

Snowflake's Security Warning Is Why Enterprises Need MFA Across All Their Resources

Recently, cloud computing company Snowflake issued a warning to its customers: hackers are actively targeting accounts that lack Multi-Factor Authentication (MFA). This warning comes amidst a rapidly unfolding saga that includes the high-profile Ticketmaster breach.

7 Reasons for Enterprises to Adopt Multi-Factor Authentication (MFA)

The world we operate in today is far different than it was even a couple years ago. More employees work from remote locations (as of late 2023, more than 12% of U.S. workers are fully remote), and more companies engage the services of freelancers and other outside workers. Organizations must recognize that the traditional physical boundaries no longer apply. They now need to secure a vast array of devices used by employees spread across various locations.

The Importance of Multi-Factor Authentication (How It Works)

Getting users' passwords isn’t really that hard anymore. In fact, bad actors employ advanced technology that allows them to snowshoe (test billions of password combinations per second), rendering 90% of user-generated passwords susceptible to attacks. MFA significantly enhances security by requiring a second piece of information to verify a user’s identity. The additional 20 seconds a user spends receiving a code via SMS provides a level of protection that a password alone cannot offer.

What Is User Provisioning? How It Works, Best Practices & More

User provisioning is the process of managing user access within an enterprise. It involves creating, managing, and deprovisioning user accounts and access rights across various systems and applications. This includes setting up accounts, assigning roles and permissions, and managing identities.

Audit Logging: Examples, Best Practices, and More

Audit logging is essential for maintaining a secure and compliant IT infrastructure. By capturing detailed records of system activities, audit logs provide insights into user actions, system events, and potential security threats. Understanding audit logging helps you identify and address vulnerabilities, ensure regulatory compliance, and enhance overall system integrity.

Zero Trust vs. VPN: What Solution Is Right for You?

Understanding the core differences between a Zero Trust architecture and a Virtual Private Network (VPN) is an important step in shaping your organization’s cybersecurity strategy. Zero Trust and VPNs offer distinct approaches to security; knowing their functionalities and security philosophies helps you understand when to select one or the other to protect your data effectively—a strategic necessity for robust cybersecurity.

NSA Zero Trust Maturity Guidance Explained (TL;DR Version)

StrongDM is pleased to see that, in April 2024, the National Security Agency of the United States, has released a Cybersecurity Information (CSI) sheet that recommends why and how organizations, public and private, should adopt the Zero Trust (ZT) security model for their data tier of infrastructure. At the core of the recommendations, an organization needs to know what data it possesses, how that data is being accessed, and how to control access to that data.

9 User Authentication Methods to Stay Secure in 2025

User authentication plays an essential role in securing networks and ensuring that only authorized users can access sensitive data. As our infrastructure transitions from traditional on-premises setups to cloud and hybrid environments, our authentication methods must continue evolving.

Want to learn more?
See StrongDM in action. 👀

Book a Demo

StrongDM Architecture Overview

How Zero Trust PAM Defines Modern Enterprise Security