Building Passwordless Trust Through Machine Identity Automation

Speaking with TechNadu, Bert Kashyap, CEO and Co-Founder of SecureW2, discusses how the company’s open-source origins shaped its mission to deliver passwordless access at a global scale. 

Before founding SecureW2, Kashyap worked in enterprise software and security architecture. He has a deep understanding of the operational burdens security teams face in managing identity across diverse environments. 

With nearly a decade leading SecureW2 as an architect and evangelist for certificate-driven security, Kashyap has focused on combining robust network protection with seamless user experience.

His approach bridges open standards with enterprise automation to make Zero Trust achievable in the age of hybrid infrastructure. 

Kashyap emphasizes that certificate-based trust now forms the foundation for continuous verification, adaptive enforcement, and intelligent threat response.

Vishwa: Your journey with SecureW2 began as an open-source project to solve the pain points of device identity in mixed environments. How did that origin shape your strategic vision for passwordless access at scale?

Bert: Our open-source beginnings shaped the DNA of our strategy. They taught us that scalable solutions must be built on open standards like PKI, X.509, and 802.1X, and designed for full interoperability across every device and operating system. 

That experience also gave us a clear understanding of the operational complexity security teams face when managing identity at scale across mixed environments. We saw early on that the only way to deliver passwordless access at global scale was by fully automating PKI and extending it to integrate with the customer’s broader security signal ecosystem. 

The real breakthrough was removing the user-facing friction that has historically blocked adoption, allowing millions of devices to establish trust securely and universally, simultaneously lifting a major operational IT burden.

Vishwa: The shift from static credentials to dynamic certificate-based authentication is complex and transformative. What are the biggest architectural or operational challenges you’ve encountered when deploying this in real enterprise settings?

Bert: The biggest hurdles aren't just technical. Many teams are still dealing with the fear and overhead that came with legacy PKI complexity and the operational nightmare of manual certificate management. 

Architecturally, the challenge is making the certificate dynamic, linking its validity to real-time security and identity context from tools like the IDP, EDR, and MDM. Operationally, it ensures the entire certificate lifecycle, from onboarding to revocation, is fully automated and agentless, moving away from slow, cumbersome actions to instantaneous, API-driven policy enforcement.

Vishwa: In demanding sectors like education, government, or BYOD-heavy environments, what are the trust and usability trade-offs organizations must manage, and where do you see them getting it wrong most often? Zero trust has become a buzzword, but implementation remains uneven. What misconceptions or shortcuts do you often see when organizations describe themselves as “zero trust ready”?

Bert: Organizations often err by prioritizing complexity in the name of security, which destroys usability and drives users to find insecure workarounds, particularly in BYOD-heavy environments like education and government.  

We eliminate this trade-off by offering cryptographic device identity with no user prompts or added friction. The biggest Zero Trust shortcut we see is mistaking MFA for the entire architecture. 

True Zero Trust requires continuous verification and dynamic machine identity to enforce access based on device health, user identity, and contextual signals.

Vishwa: In a threat landscape where credential compromise remains a leading vector, how do you position SecureW2’s solutions in the broader stack. For example, alongside behavior analytics, XDR, or IAM?

Bert: We see ourselves as highly complementary, helping security teams get incremental value out of the tools they’ve already deployed. SecureW2's Dynamic PKI serves as the foundational layer of trust that eliminates credential compromise by replacing reusable passwords with non-transferable, cryptographically secured machine identities. 

We position ourselves as the key integration point for the rest of the stack. We natively integrate with the IAM/IDP to extend identity policies down to the access layer. Just as importantly, we serve as a real-time enforcement point for threat intelligence from XDR or EDR platforms. We turn detections into automatic access decisions; for example, isolating or restricting a compromised device without delay.

Vishwa: SecureW2 recently introduced features like short-lived certificates and adaptive enforcement. How do these innovations defend against modern attack vectors such as session hijacking or credential replay?

Bert: These innovations transform our defense from a static gate to a dynamic, continuously verifying guard. Short-lived certificates are a direct counter to credential replay and persistence, drastically shrinking the useful life of a stolen credential from years to hours. 

Adaptive Defense protects against session hijacking by ensuring access policy is not just checked once, but is continuously evaluated at every connection attempt based on real-time device posture and context. If a threat is detected mid-session, access is restricted immediately and automatically, preventing the compromise from being exploited.

Vishwa: Without naming vendors, which types of security tools or capabilities do you consider essential today for enterprises adopting certificate-based and zero-trust access, especially in identity, threat detection, or trust orchestration?

Bert: Effective certificate-based Zero Trust relies on three essential capabilities working together: a universal, API-driven identity provider to manage user context; robust EDR and MDM platforms to provide continuous, real-time device health signals across all platforms, such as disk encryption status; and most importantly, a contextual access broker or policy engine that acts as the decision point. 

This broker must ingest signals from the IDP, EDR, and MDM, combine them, and translate as a holistic trust assessment into a granular, dynamic access policy that is enforced at the network edge by the PKI and RADIUS infrastructure.