John Martinez

Technical Evangelist, has had a long 30+ year career in systems engineering and architecture, but has spent the last 13+ years working on the Cloud, and specifically, Cloud Security. He's currently the Technical Evangelist at StrongDM, taking the message of Zero Trust Privileged Access Management (PAM) to the world. As a practitioner, he architected and created cloud automation, DevOps, and security and compliance solutions at Netflix and Adobe. He worked closely with customers at Evident.io, where he was telling the world about how cloud security should be done at conferences, meetups and customer sessions. Before coming to StrongDM, he lead an innovations and solutions team at Palo Alto Networks, working across many of the company's security products.

StrongDM has been featured in Forbes, The New Stack, VentureBeat, DevOps.com, TechCrunch, and Fortune.

Expertise

Compliance, ISO 27001, Security, Access, Privileged Access Management, HIPAA, Compare, Identity and Access Management

Latest blog posts from John

What Are the ISO 27001 Requirements in 2025?

To become ISO 27001 certified, organizations must align their security standards to 11 clauses covered in the ISO 27001 requirements. In this article, you’ll discover what each clause in part one of ISO 27001 covers. We’ll also take a big picture look at how part two of ISO 27001—also known as Annex A—can help your organization meet the ISO/IEC 27001 requirements.

Top 8 Privileged Access Management (PAM) Solutions in 2025

In this article, we’ll review the leading privileged access management (PAM) solutions on the market. We’ll explore the pros and cons of the top privileged access management vendors so you can easily compare the best PAM solutions. By the end of this article, you’ll feel confident choosing the right privileged access management solution for your organization.

HIPAA Compliance Checklist: Easy to Follow Guide for 2025

Following a HIPAA compliance checklist can help HIPAA-covered entities comply with the regulations and become HIPAA compliant. In this HIPAA compliance guide, we’ll review the 8 primary steps to achieving HIPAA compliance, tips on how to implement them, and frequently asked questions.

BeyondTrust vs. Delinea (Thycotic): Which Solution Is Better?

This article compares two Privileged Access Management (PAM) solutions, BeyondTrust vs. Thycotic (Delinea). It takes a closer look at how these PAM products work and how they fit in with your organization’s access management strategy. We’ll examine product summaries, use cases, and pros and cons. By the time you’re done reading this article, you’ll have a clear understanding of the similarities and differences between these PAM tools and be able to choose the tool that best fits your

What Is Cloud Identity and Access Management (IAM)?

This article looks at identity and access management (IAM) in cloud computing. You’ll learn how cloud IAM differs from traditional on-premises IAM, explore the benefits and challenges of cloud IAM, and discover how to choose the best cloud IAM system for your organization. By the end of the article, you’ll have a deeper understanding of the components of cloud IAM and how these software solutions can help mitigate cyberattacks that threaten your organization.

What is AAA Security? Authentication, Authorization, and Accounting

In this article, we'll cover the Authentication, Authorization, and Accounting (AAA) framework for cybersecurity, the meaning of each AAA component, and the benefits of using it for granular access control. You'll learn about different AAA protocols and how they relate to Identity and Access Management (IAM). By the end of this article, you'll fully understand AAA networking and how the model assists with network security and monitoring.

What Is Data Exfiltration? Examples, Detection & Prevention

In this article, we’ll explore what data exfiltration is, the difference between exfiltration of data and data leakage, and how to detect data exfiltration. You’ll learn the dangers of data exfiltration in cybersecurity, data exfiltration examples, and the types of exfiltrated data that malicious actors target most. By the end of this article, you’ll know what causes data exfiltration, common data exfiltration tactics, and how to prevent data exfiltration in your organization.

How to Maintain ISO 27001 Certification in 2025 and Beyond

This article examines what happens after companies achieve IT security ISO 27001 certification. We’ll answer questions about how to maintain ISO certification, how long ISO 27001 certification is valid, and the costs and risks of failing to maintain compliance. By the end of this article, you’ll know the certifying body requirements and what your checklist should look like for staying on top of your ISO 27001 certification.

CyberArk vs. BeyondTrust: Which PAM Solution is Better?

This article compares two Privileged Access Management (PAM) solutions, CyberArk vs. BeyondTrust. It takes a closer look at what these two PAM products are, how they work, and what may make them fit well with your organization. We’ll explore product summaries, use cases, pros and cons, PAM features, and pricing. By the time you’re done reading this article, you’ll have a clear understanding of how these PAM tools operate and be able to choose the one that will work best for you.

What Is a Honeypot? How Trapping Bad Actors Helps Security

In this article, you’ll what a honeypot is what honeypots are used for, and the benefits and risks associated with them. You’ll also learn about the different types and examples of honeypots and how they work. By the end of the article, you’ll have a deeper understanding of honeypots in cyber security, and how a secure infrastructure access platform can help you safeguard your network, systems, and apps without using a honeypot.

Cyber Insurance Explained: Cost, Benefits, Coverage & More

As cyber threats have increased in recent years, more organizations are turning to cyber insurance to mitigate their financial risks. In this article, we’ll review cyber insurance basics, including what cybersecurity insurance is, how it works, what it covers, and what it costs. By the end, you will understand the different types of cyber insurance, the benefits of coverage, and how cyber insurance fits into a comprehensive security strategy.

HITRUST vs. HIPAA: Understanding the Difference

HITRUST and HIPAA often go hand-in-hand when talking about security compliance. But what are they, and how do they compare? In this article, we’ll review HITRUST vs. HIPAA, including their differences, similarities, and advantages, and we’ll explain how and when to use them in compliance efforts.

Alternatives to ManageEngine PAM360

ManageEngine’s PAM360 gives system administrators a centralized way to manage and audit user and privileged accounts within network resources. However, teams that need to manage secure access to Kubernetes environments or enforce password policies within their privileged access management (PAM) system may want to consider other options. This blog post will cover ManageEngine PAM 360 and some solid alternatives, along with the pros and cons of each.

Machine Identity Management Explained in Plain English

In this article, we'll cover machine identities and address the importance and challenges in machine identity management. You'll gain a complete understanding of how machine identity management works and see the concept in action through real-world examples. By the end of this article, you'll be able to answer in-depth: what is machine identity management?

Want to learn more?
See StrongDM in action. 👀

Book a Demo