Podcast highlights from Smells Like Identity Hygiene
Identity hygiene has become the frontline of enterprise security. From compliance to AI adoption, organizations are realizing that without strong hygiene practices, identity risks multiply.
In this post, we highlight insights from the Smells Like Identity Hygiene episode featuring Edelmira “Angie” Woodruff, Director of Identity Governance & Compliance at JetBlue. Angie’s career journey — from QA to cybersecurity leadership — offers a playbook for operationalizing identity hygiene at scale.
From QA to Cybersecurity: An Identity Hygiene Aha Moment
Angie began her career in QA before transitioning into cybersecurity. Her “aha moment” came when she discovered a user with inappropriate system access due to legacy group membership.
That experience reshaped her perspective: identity hygiene is security. Just as QA uncovers flaws before deployment, hygiene ensures improper access is caught before attackers exploit it.
Operationalizing Identity Hygiene at JetBlue
JetBlue’s approach to identity hygiene started with leadership buy-in. Angie emphasized that educating executives on IAM’s scope was critical to driving change.
The airline partnered with SPHERE to streamline user access reviews — making hygiene practices simple and accessible across employees and contractors. A turning point came when a C-suite executive praised the tool’s ease of use, validating the program and accelerating adoption.
Human and Non-Human Identities in Hygiene
Identity hygiene extends to both human and non-human accounts.
- Human accounts require controls that adapt to life changes such as onboarding, role shifts, or offboarding.
- Non-human accounts (service accounts, bots, scripts) demand ownership clarity to prevent them from becoming orphaned risks.
For Angie, orphaned accounts are hygiene red flags: a forgotten identity is as dangerous as a password that never changes.
Metrics for Healthy Identity Hygiene
What defines strong identity hygiene? At JetBlue, it includes:
- Password management and rotation across human and service accounts.
- Active Directory group governance to prevent deep nesting.
- Admin account strategies, including just-in-time provisioning.
- Clear ownership and accountability for every identity.
“Start with the foundation,” Angie advises. Cleaning up groups and establishing ownership is essential before scaling more advanced identity hygiene programs.
Continuous Identity Hygiene in Practice
Identity hygiene isn’t a project with an end date — it’s a daily discipline. “Like making your bed every morning,” Angie explained.
At JetBlue, user access reviews are expanding from SOX applications to cover 90–95% of applications. As hygiene practices improved, word of mouth spread: business users began requesting that more applications be added.
AI and the Future of Identity Hygiene
AI promises new possibilities for identity hygiene, but Angie warns against rushing in. “AI is only as good as the data it consumes,” she said. Without clean foundations, AI will amplify messes rather than fix them.
JetBlue is focusing first on data cleanliness and ownership — ensuring hygiene is solid before layering AI capabilities. Transparency from vendors and strong fundamentals remain non-negotiable.
Looking Ahead: Seamless Identity Hygiene
Angie’s five-to-ten-year vision is for identity hygiene to become seamless:
- Less dependence on manual reviews.
- More automation and biometrics where appropriate.
- Tools that reduce disruption for business users.
- Proactive governance that strengthens trust.
The future of identity hygiene is about embedding security into everyday operations without slowing down the business.
Takeaway
JetBlue’s journey shows that identity hygiene is built on foundation, ownership, and courage. By operationalizing governance, embracing automation, and preparing carefully for AI, enterprises can make hygiene a lasting discipline.
To hear the full conversation, check out the Smells Like Identity Hygiene episode with Angie Woodruff: Jet Setting Through Identity Hygiene.
