How Device First Security Is Changing the Game: David Rihak on Building Peig
Identity | Cybersecurity | Device First Security

Introduction
Some companies begin as slide decks and clean roadmaps. Peig began as a long list of frustrations. For years, David Rihak watched organizations drown in passwords, one time codes, and identity tools that never quite worked together. This is the story of how those lessons shaped a different approach to access and security, one that starts from the device in a person’s hand instead of the password in their head.

Seeing the Cracks in Traditional Identity
David’s background in identity and access management gave him a front row seat to the reality behind the marketing. On paper, companies had strong authentication and centralized control. In practice, users were still managing dozens of credentials, bypassing policies when they became too complex, and falling for increasingly sophisticated phishing attacks. He began to notice that almost every incident touched the same weak point. People were tired, busy, and overloaded by security that was designed around accounts instead of how they actually worked day to day.

Turning the Device into the Anchor of Trust
Out of that mess came a simple shift in perspective. Instead of treating the username and password as the center of trust, Peig treats the enrolled device as the anchor. Once a device is registered and brought into a secure posture, it becomes the key that unlocks access. From there, context and policy can be applied on top. Access flows feel more like “I open my laptop and get to work” than “I fight my way through six pop ups before my first email.” The human experience improves while the attack surface shrinks.

Building for MSPs on the Front Line
David knew that many small and mid sized organizations rely on managed service providers who are already stretched thin. Peig was designed so those MSPs can bring device first, passwordless capabilities to clients without building a complex platform by themselves. A single control plane, consistent policies, and a focus on secure yet friendly user journeys help MSPs elevate their security offerings without burning out their teams.

Responding to Real Attacks, Not Just Theories
In the current threat landscape, attackers do not need to break encryption to break a business. They only need one person to click the wrong link or approve the wrong prompt. David’s answer is to remove as many of those prompts as possible and let trust flow from protected devices. Instead of constantly asking humans to be perfect, Peig shifts more of the burden to a design that anticipates failure and closes gaps before they become incidents.

A Different Relationship Between People and Security
Underneath the technology, David’s story is about respect for the way people really behave. He does not expect a service desk agent or a field technician to become a security expert. He expects them to do their job and to feel supported by systems that make the safe path the easiest one to follow. Device first identity is his way of aligning security architecture with human reality.

Key Takeaways

• Most identity incidents come from people trying to cope with complex, account centric systems

• A device first model turns the endpoint into the anchor of trust and reduces password related risk

• Managed service providers can deliver stronger security with a unified control plane rather than a pile of disconnected tools

• Good security design assumes humans will be human and removes unnecessary friction instead of adding it

• Aligning security with real world behavior is essential for both protection and productivity

If you would like to learn more about David Rihak and his work on device first, passwordless security, visit Peig at https://peig.io.