Joey Barkley — illustrated caricature portrait

Joey Barkley

Cybersecurity Practitioner · Identity Security · NHI

I've spent over 25 years in software — through QA, development, test automation, CI/CD, and cybersecurity engineering. These days I focus on identity security and non-human identity (NHI), working at the intersection of zero trust architecture and the rapidly expanding world of autonomous AI agents.

I live with my wife on a small farm in southwest Tennessee. We run a bed and breakfast, tend to the land, and try to live a life that reflects what we believe. I'm a Christian, and that shapes how I approach my work — with honesty, diligence, and a conviction that how you build something matters as much as what you build.

Building the Town

I'm writing a long-form series called The Sentinel Ridge Files about securing agentic AI systems. The series uses a small-town metaphor — Sentinel Ridge — to make complex security concepts tangible. A town clerk's office for certificate authorities. A bank vault for data sovereignty. A sheriff for behavioral governance. The metaphor comes from growing up in a place where everyone knew everyone, where institutions were visible and accountable.

How do you build systems that people can trust?

The series spans three tracks: the theoretical framework, the infrastructure to build it, and agent governance in practice. It's written for practitioners and security leaders who are deploying autonomous agent systems and need a framework that starts from first principles rather than retrofitting human identity models onto fundamentally different entities.

How I Got Here

My career has been a winding road. I started writing code, moved into quality assurance, built test automation frameworks before that was a common title, and spent over a decade in cybersecurity — network forensics, threat response, continuous diagnostics, and identity management. Each role gave me a different lens on the same question that keeps driving my work.

When AI agents started operating autonomously — reading logs, making changes, accessing systems without human intervention — I realized that question had taken on entirely new dimensions. Agents aren't people. They don't have inherent identity. They're ephemeral. And the security frameworks we've built for humans don't transfer cleanly. That gap is what I'm writing about.

Thanks for being here. If anything I write resonates or raises questions, I'd be glad to hear from you.