In this episode of Patch Me If You Can™, host Arek Dreyer welcomes Collin Elliott, Senior Platform Engineer at Capital One, to explore the complex relationship between security best practices and user experience in endpoint management. Collin’s background—spanning hands-on Mac support in large nonprofits to engineering roles at fast-growing startups—gives him a broad and practical view of the challenges enterprises face when shifting from an admin-centric to a least privilege approach on their endpoints.
The conversation centers around the persistent hurdles of implementing standard user accounts in environments where operating systems and app developers still assume admin rights by default. Collin discusses various strategies, from self-service elevation scripts and the SAP Privileges app to more advanced privilege management tools like Beyond Trust and CyberArk. A recurring theme is the balance between enforcing strong security without sacrificing productivity or creating a support nightmare. Collin and Arek also touch on the critical role of user and leadership buy-in, thoughtful automation, and the often-overlooked importance of minimizing friction—like reducing unnecessary clicks—to streamline processes.
Additionally, the episode delves into the realities of macOS privilege evolution, highlighting both improvements and ongoing obstacles such as limitations around certificate installations and bypassing Gatekeeper. Collin emphasizes the move toward engineering-focused solutions and automation to keep up with organizational growth and complexity. Ultimately, this episode offers an in-depth look at the push-and-pull between tight security controls and the need to empower end users, providing valuable insights for IT teams navigating similar terrain.