Interviews

Interview with Cihan Salihoglu: “PAM is a key driver to have a compliant and secure environment”

Yulia Kondrashova

Content and Community Manager at Axidian

The growing importance of implementing privileged access management (PAM) to secure corporate environments is increasingly recognised by leading cybersecurity analysts. According to Accenture’s State of Cybersecurity Resilience 2025 report, organizations that operate in the highest maturity tier are 69 % less likely to be hit by an advanced cyber attack (such as an AI-powered incident)

The question of whether to have PAM in place is solved. If you want to have a stable business future, PAM is required. However, the selection of PAM is a complex process that can be confusing if you do not know where to start.

To help you better understand this topic, Axidian made an interview with Mr. Cihan Salihoglu, cybersecurity Director at Mastercard Advisors. Having over 15 years of professional experience, he served many companies of various sizes operating globally to improve their data protection and cybersecurity posture.

With cybersecurity investments, we pave the way for resilient future of the company

Cihan Vehbi Salihoglu, cybersecurity Director at Mastercard Advisors

Cihan Salihoglu:

I’m currently working as a Director at Mastercard Data & Services, where I’m part of the global cybersecurity team developing new offerings and enhancing existing ones.

Before Mastercard, I led the Cybersecurity and Data Protection practice at PwC Turkey for two years and spent 11 years at Deloitte in Istanbul and New York. Earlier in my career, I worked as a network engineer at Istanbul Technical University and started out as a pentester—one of the few in Turkey at that time. Over the years, I expanded my focus to information security management, crisis management, data protection, privacy, and identity and access management. I also helped establish IAM practices at both Deloitte and PwC Turkey.

Why PAM Is Important

Host:
With such experience, why do you think PAM is such an important topic today?

Cihan Salihoglu:
Privileged Access Management is one of the key drivers of a compliant and secure environment. In Turkey, one of the main reasons it’s so significant is regulation. Industries like banking, telecom, and energy are heavily regulated, and I believe this has helped Turkish companies reach higher levels of cybersecurity maturity in the region.

In addition, about five years ago, the Turkish State Data Protection Law was introduced, which further pushed organizations to strengthen their controls. So, for most companies here, PAM isn’t optional — it’s a necessity, especially for those that want to stay competitive or expand regionally.

Of course, these reasons apply globally as well — compliance, security, and operational control.

Defining the Privileged User

Host:
In your experience, who can be considered a “privileged user”?

Cihan Salihoglu:
That depends on the organization. During my career, I’ve worked with Fortune 500 companies, SMEs, and government institutions, and their definitions vary.

For a government client, privileged access might involve tracking routes of trucks carrying radioactive materials. For a manufacturing company, it could be pricing data for raw materials. A small social media agency managing major corporate accounts also holds valuable data.

So, privileged users can range from database administrators to finance employees who can change exchange rates, or even social media managers with high-level access. It’s all about the sensitivity of the data and the potential impact of misuse.

When Companies Need PAM

Host:
How can a company know it’s time to implement a PAM system?

Cihan Salihoglu:
It’s not about the size of the company—it’s about the size of the risk.
As an organization grows, risks naturally increase, but even a small company can face high risks if it handles sensitive data.

Take Instagram before it was acquired by Facebook: only 10 employees, yet managing massive amounts of personal data. For such cases, PAM isn’t a “nice to have” — it’s essential. The decision should always depend on risk exposure, not company size.

Is PAM About Control?

Host:
Many IT administrators view PAM as a control mechanism or even a sign of distrust. How do you respond to that?

Cihan Salihoglu:
I understand that perception — I’ve been on both sides: as an engineer, consultant, CISO, and board advisor.

The truth is, cybersecurity investments are often seen as costs rather than strategic investments. But they actually secure a company’s future and resilience.

When people resist PAM, it’s usually because the organization hasn’t faced a serious incident yet. I’ve supported clients during breaches, and the worst thing that can happen afterward is internal blame. PAM enforces accountability and non-repudiation, ensuring a more secure environment for both the company and its employees.

If I were a database administrator, I’d want PAM in place. It’s a safeguard, not surveillance.

Choosing a PAM Solution

Host:
What should companies pay attention to when selecting a PAM product? Are there common mistakes?

Cihan Salihoglu:
Yes, two common mistakes:

  1. Assuming what works for others will work for them.
    Every company is different — its processes, risks, and infrastructure. Copying another company’s setup rarely delivers the same results.
  2. Treating PAM as a one-time project.
    Buying and installing the tool isn’t the end. Technology must serve the company’s strategy, not the other way around. You need to define your requirements, risk priorities, and goals before designing the solution.

As the saying goes, “If you don’t know your destination, I can’t help you get there.” PAM should be designed as an enabler, helping organizations achieve clearly defined and secure outcomes.

The Future of PAM

Host:
Finally, what do you see as the future of privileged access management?

Cihan Salihoglu:
If you’d asked me ten years ago, I would have said PAM is the future. But today, it’s already a fundamental part of any secure digital environment.

For organizations that want to stay competitive, PAM isn’t optional anymore — it’s as essential as firewalls or network infrastructure. It’s here to stay.

Host:
Jihan, thank you for sharing your experience and perspective. This discussion will be very useful for anyone exploring PAM solutions or looking to build a more secure and resilient cybersecurity strategy..

Cihan Salihoglu:
Thank you for having me. It’s been a pleasure — stay safe and take care.

Read more:
What is PAM and why it matters → Understanding the basics of Privileged Access Management
Inside Axidian PrivilegeHow it helps secure privileged sessions and credentials
When PAM failsHow to stay in control and keep your systems protected

Aug 27, 2025
Identity Security in North Africa: Interview with Maher Keskes
Oct 27, 2025
Le risque de cybersécurité le plus sous-estimé dans les organisations algériennes — Interview avec Amine Hamani de Secure Network

Yulia Kondrashova

Content and Community Manager at Axidian

Over three years of experience in cybersecurity and content creation, with expertise in identity security. Focused on developing educational content that makes complex security topics clear, relevant, and practical for professionals.

Axidian and OneticAfrica: A Bridge to Securing Digital Identities in Morocco
Mar 26, 2025
 Axidian and OneticAfrica: A Bridge to Securing Digital Identities in Morocco read more
What’s Next for Identity Security in Africa? A Conversation with SPG
Jun 09, 2025
 What’s Next for Identity Security in Africa? A Conversation with SPG read more
Axidian Access
Axidian Privilege
Axidian CertiFlow
Axidian Shield