From Compliance Theater to Real Risk: Anthony Viggiano on Identity That Actually Works

Most identity programs look mature on paper. Very few actually reduce risk. In this episode of SaviTalk, Anthony Viggiano joins David Lee and Henrique Teixeira for a candid conversation about the gap between compliance-driven identity programs and real operational security. Anthony shares lessons from leading identity initiatives at enterprise scale, including why governance breaks down, how organizations mistake activity for progress, and why many identity programs quietly fail despite massive investment. In this episode, we cover: Why compliance does not equal security The operational reality of identity governance Why identity teams stay stuck in reactive mode Organizational politics behind failed IAM programs The hidden cost of poor identity hygiene What mature identity security actually looks like AI, automation, and the future of governance About Anthony Viggiano Anthony Viggiano is a Senior Director of Identity Security at Ascension, where he focuses on identity governance, operational security, and enterprise-scale identity strategy. ⸻ CHAPTERS: 0:00 — Welcome Back to SaviTalk 1:45 — Introducing Anthony Viggiano 4:12 — How Anthony Got Into Identity Security 7:20 — Why Most Identity Programs Stall 9:04 — Compliance Theater vs Real Risk 12:41 — Governance at Enterprise Scale 16:28 — The Operational Reality of Identity 20:11 — Why Security Teams Stay Reactive 24:52 — Organizational Resistance & Identity Politics 29:44 — Measuring Real Security Outcomes 34:08 — The Hidden Cost of Poor Governance 38:17 — Why Mature Identity Is Rare 41:52 — Building Identity Programs That Actually Work 46:38 — AI, Automation & Future Risk 49:14 — Final Thoughts & Industry Advice Hosts: David Lee Henrique Teixeira Subscribe to SaviTalk for more executive conversations on identity security, AI, governance, and digital trust.