Resources

/

Podcasts

/

Secure IT

PKI, Certificates, and What Breaks When Trust Fails

Episode 22   Published January 20, 2026 18 minute watch

Secure IT

The Secure IT Podcast, hosted by Automox CISO Jason Kikta, is your one-stop shop for all things IT and cybersecurity. Jason knows good security comes from good IT. Step into a CISO’s shoes and trek through the world of technology and cyber defense to stay ahead of potential threats. Each episode is packed with the latest trends, tips, and expert advice.

Jason Kikta is the CTO of Automox

Host

Jason Kikta

RECENT EPISODES

Best-In-Class Remote Control

CISA's BOD 26-04 Directive Explained

[Nothing Weaponized, Everything Exposed]

[AI Hits the Hat Trick], Ep. 32

View all episodes

Available wherever you get your podcasts

Youtube

Apple Podcasts

Spotify

Overcast

Pocket Casts

Amazon Music

Castro

Goodpods

Castbox

Podcast Addict

Player FM

Deezer

Summary

A misconfigured PKI lets a low-level compromised account request a certificate as an admin or even the CEO. That certificate is then assumed valid wherever it appears. Mark Cooper, CEO and founder of PKI Solutions, spent a decade at Microsoft on public key infrastructure before founding his company. PKI underpins passwordless authentication, TLS, IoT, and endpoint identity, yet it rarely enters the security conversation. With host Jason Kikta, now CTO at Automox, Cooper maps the PKI risk spectrum from certificate expiration to high-end compromise. He also questions the assumption that having a backup is the same as being resilient.

Takeaways

  1. Most organizations already run a PKI without realizing it. Public key infrastructure issues the certificates behind passwordless authentication, TLS connections, IoT systems, and endpoint identity. It rarely surfaces in day-to-day security conversations.

  2. Certificate management reaches deep into hardware. Smart thermostats, connected cars, and every Boeing and Airbus airplane rely on certificates for identity. So the question of who secures the issuing PKI extends far past laptops and servers.

  3. Certificate lifecycle management tools such as Jamf, Microsoft Intune, and Venafi secure the output of the PKI. That output is the certificates landing on endpoints, firewalls, and servers. They do not address whether the PKI itself stays reliable, resilient, and secure.

  4. A misconfigured PKI is a leading path to escalate a breach. A low-level compromised account can request a certificate as an admin or the CEO. PKI assumes any issued certificate is valid wherever it appears.

  5. Recovery is the weakest form of resilience. Reaching for a backup means you are already in an outage, and the backup only shortens the rebuild.

Topics

Vulnerability Remediation

See for yourself how policy-driven IT Automation saves time and eliminates risk.

Dive deeper into this topic

CISA's BOD 26-04 Directive Explained

Podcast

CISA BOD 26-04 sets a 3-day patch deadline for federal agencies. Here's what changed, why it will reach your organization, and what to do before it does
The Three-Day Clock: What CISA's New Patching...

CISA BOD 26-04 sets a 3-day patch deadline for federal agencies....

Dirty Frag: What You Need to Know and How to...

Dirty Frag is an unpatched Linux LPE chain affecting esp4, esp6,...

The Math of Modern Attacks

Podcast