1 00:00:09,700 --> 00:00:13,000 You're listening to the identity of the center podcast, this is 2 00:00:13,000 --> 00:00:15,600 the show that talks about identity and access management 3 00:00:15,700 --> 00:00:18,600 and making sure you know who has access to what let's get 4 00:00:18,600 --> 00:00:25,600 started. Welcome to the identity of the 5 00:00:25,600 --> 00:00:27,600 sender podcast I'm Jeff and that's Jim. 6 00:00:27,600 --> 00:00:30,800 Hey Jim hey Jeff, how are you? Oh not too bad yourself. 7 00:00:31,100 --> 00:00:34,800 I'm doing good. Just kind of thinking about this 8 00:00:34,800 --> 00:00:38,400 week we did a little more traveling and I'm wondering how 9 00:00:38,400 --> 00:00:42,900 you're enjoying small airport. Life, you move from Chicago to 10 00:00:42,900 --> 00:00:45,500 Asheville, Chicago. You can fly direct to pretty 11 00:00:45,500 --> 00:00:49,100 much everywhere in the world. Actually, you can pretty much 12 00:00:49,100 --> 00:00:51,500 fly direct to nowhere and the world. 13 00:00:52,200 --> 00:00:54,300 That's not true. We have like Non-Stop. 14 00:00:54,400 --> 00:00:57,700 UPS to like seven different places on on airlines that I 15 00:00:57,700 --> 00:01:03,100 don't travel with so you know it's fine I think it's I liked 16 00:01:03,100 --> 00:01:08,300 it for the most part and here's why security is so easy. 17 00:01:09,200 --> 00:01:12,600 I mean I can park or if I'm getting dropped off I can 18 00:01:12,600 --> 00:01:14,600 literally be at the gate in like 30 seconds. 19 00:01:14,900 --> 00:01:17,700 You know, nine times out of 10, there is like no weight at all 20 00:01:17,700 --> 00:01:19,900 to get through the TSA PreCheck line. 21 00:01:19,900 --> 00:01:23,700 So I'm satisfied with that. I mean, it's a smaller port, 22 00:01:23,700 --> 00:01:27,600 five gates, It's my real airport is really Atlanta just because 23 00:01:27,600 --> 00:01:30,300 that's the hub for Delta. So and then from there, you get 24 00:01:30,300 --> 00:01:32,800 kind of anywhere but it's all bit of a change. 25 00:01:32,800 --> 00:01:34,500 The worst thing is the parking situation. 26 00:01:34,500 --> 00:01:37,300 The Asheville parking Asheville Airport. 27 00:01:37,300 --> 00:01:42,300 Parking is not great. So hopefully that'll get fixed 28 00:01:42,300 --> 00:01:44,500 sooner rather than later, but it's fine. 29 00:01:44,500 --> 00:01:47,900 Yeah, yeah. I find that what you said is is 30 00:01:47,900 --> 00:01:53,600 spot on, except I think the biggest risk is that they cancel 31 00:01:53,600 --> 00:01:58,500 or Early delay, The Hop from Atlanta to you know, from The 32 00:01:58,508 --> 00:02:02,100 Hub to your smaller airport. It happens a lot. 33 00:02:02,200 --> 00:02:07,500 It happened to me this week, but I guess the thought that I was 34 00:02:07,500 --> 00:02:10,199 having is really around traveling, it makes it more 35 00:02:10,199 --> 00:02:14,600 challenging when you're in the throes of, you know, driving a 36 00:02:14,600 --> 00:02:18,700 project. And what I think the real key is 37 00:02:18,700 --> 00:02:23,500 to success as having a team of people and being able to trust 38 00:02:23,500 --> 00:02:26,400 those people. So I think kind of the career 39 00:02:26,400 --> 00:02:29,400 progression and identity access management, right? 40 00:02:29,400 --> 00:02:33,600 As you become like a star performer, then the question is 41 00:02:33,600 --> 00:02:38,600 like if you take that next level step to managing other people 42 00:02:39,000 --> 00:02:44,000 who have to perform, right? It's to become like that. 43 00:02:44,000 --> 00:02:47,300 Next level is just not becoming a star performer on more 44 00:02:47,300 --> 00:02:49,800 projects or like taking on more work. 45 00:02:49,800 --> 00:02:53,600 It's now how do you get things done with the team? 46 00:02:53,900 --> 00:02:56,100 You know. For trust to those folks. 47 00:02:57,300 --> 00:03:00,100 And I think a big part of that, right, is having the right team. 48 00:03:01,100 --> 00:03:02,400 I'm sure you're having a lot of thoughts. 49 00:03:02,400 --> 00:03:05,200 I just want to throw one more thing in there, which is that, 50 00:03:05,400 --> 00:03:08,800 you know, right now on my project I have like an All-Star 51 00:03:08,800 --> 00:03:15,300 cast of players who are not only doing an awesome job on the 52 00:03:15,300 --> 00:03:19,200 projects in the scope that were responsible for, but also, kind 53 00:03:19,200 --> 00:03:24,200 of like, stepping up to that next level to help the client. 54 00:03:24,300 --> 00:03:27,000 Point where we're finding deficiencies with the other 55 00:03:27,000 --> 00:03:30,100 teams are working with which are mostly not the clients 56 00:03:30,100 --> 00:03:33,000 resources, at their other consulting firms that are, you 57 00:03:33,000 --> 00:03:37,500 know, they're pretty much just working within their box and 58 00:03:37,500 --> 00:03:39,900 refusing to go outside of their scope. 59 00:03:40,000 --> 00:03:43,400 And so, you know, we're doing everything we can everything 60 00:03:43,400 --> 00:03:47,500 within our power, to try to help the client because to us like 61 00:03:47,500 --> 00:03:51,200 the success of the client is that is the most important 62 00:03:51,200 --> 00:03:53,900 thing. And so from my perspective, I 63 00:03:53,900 --> 00:03:57,800 keep Driving those messages like do, what's right for the client 64 00:03:57,800 --> 00:04:01,100 do what's right for the client, you know, even if it causes us 65 00:04:01,100 --> 00:04:04,500 to, you know, go above and beyond kind of our scope. 66 00:04:04,700 --> 00:04:07,800 Obviously, we have to watch that we're not like intruding on 67 00:04:07,800 --> 00:04:09,300 other people scope and things like that. 68 00:04:09,300 --> 00:04:12,700 But so, anyway, a lot of thoughts are. 69 00:04:12,700 --> 00:04:15,600 I'm sure you have some, some things you want to share. 70 00:04:15,900 --> 00:04:17,800 I mean, yeah, there was a lot to cover their. 71 00:04:17,800 --> 00:04:21,700 I definitely Echo having a strong team, which is why, which 72 00:04:21,700 --> 00:04:23,500 is why you're here with me. It's not it. 73 00:04:23,500 --> 00:04:28,800 So I can so I can I can get on a plane and go do stuff, you know, 74 00:04:29,000 --> 00:04:33,400 I try to simplify things as much as I can life is already hard. 75 00:04:33,700 --> 00:04:35,300 Why make it harder for other people? 76 00:04:35,600 --> 00:04:39,300 As well, as yourself, you know, there's one rule when it comes 77 00:04:39,300 --> 00:04:42,000 to Consulting in my head when it comes to anything, as long as 78 00:04:42,000 --> 00:04:44,200 the customers happy everything's fine, right? 79 00:04:44,200 --> 00:04:48,300 So if it means you need to do you know XYZ or if there's other 80 00:04:48,300 --> 00:04:51,200 things and if it's reasonable you can get it done. 81 00:04:51,200 --> 00:04:54,200 Just do it. I mean it's not rocket science. 82 00:04:54,400 --> 00:04:58,000 So surely gotta like, do you know, balanced budgets and 83 00:04:58,400 --> 00:05:01,100 margins and all this other stuff that you do when you're part of 84 00:05:01,100 --> 00:05:04,000 a Consulting practice. But, you know, this is probably 85 00:05:04,000 --> 00:05:06,600 like boring for people who are not in Consulting. 86 00:05:06,600 --> 00:05:09,200 But, you know, it's, it's part of the job. 87 00:05:09,200 --> 00:05:11,400 I think that you and I kind of do in day out, we do this for 88 00:05:11,400 --> 00:05:14,900 years now, is we've been pretty fortunate to work with great 89 00:05:14,900 --> 00:05:17,100 clients have be surrounded by great people. 90 00:05:17,400 --> 00:05:20,000 We're trying to continue that Trend and so far been successful 91 00:05:20,000 --> 00:05:22,100 in this. This new role that each of us 92 00:05:22,100 --> 00:05:26,400 has with our SM and Yeah, we do have a great team really smart 93 00:05:26,400 --> 00:05:29,400 people, you know, I can hop on a plane and feel like, yeah, Jim's 94 00:05:29,400 --> 00:05:33,100 got it right whether or not you actually do have it. 95 00:05:33,100 --> 00:05:35,600 You do a pretty good job of Faking it which is which is 96 00:05:35,700 --> 00:05:38,400 enough to give me confidence that things are going well but 97 00:05:38,500 --> 00:05:40,000 you know the end the day the customers are happy and that's 98 00:05:40,000 --> 00:05:43,200 all really matters. So yeah well I think this was 99 00:05:43,200 --> 00:05:47,500 applicable Beyond Consulting because they think the clients 100 00:05:47,500 --> 00:05:50,300 that we see be the most successful are the ones where 101 00:05:50,600 --> 00:05:53,700 they've got a good team. And the, the leaders can 102 00:05:53,700 --> 00:05:56,400 delegate And are confident in their own people. 103 00:05:57,600 --> 00:06:00,500 I think the other thing that I just wanted to mention is 104 00:06:00,700 --> 00:06:03,300 something we've talked about. I know in past episodes, which 105 00:06:03,300 --> 00:06:08,600 is kind of the win-win scenario. So we feel more confident 106 00:06:08,600 --> 00:06:14,000 stepping up and helping the client go that extra mile if we 107 00:06:14,000 --> 00:06:15,900 know we're in as a win-win, right? 108 00:06:15,900 --> 00:06:20,500 So that, you know, hey, if we do go the extra mile and maybe, you 109 00:06:20,500 --> 00:06:23,800 know, it's a little bit too much, we're not going to get our 110 00:06:23,800 --> 00:06:25,300 hands on. Op too hard. 111 00:06:25,800 --> 00:06:29,700 It's just kind of the give and take, and we're all in it there 112 00:06:29,700 --> 00:06:31,700 and they want us to be successful. 113 00:06:32,000 --> 00:06:36,500 And that helps us, you know, Drive their success more as 114 00:06:36,500 --> 00:06:38,100 well. Yep. 115 00:06:38,800 --> 00:06:43,100 I mean, it's be nice. So that hard I mean, doesn't 116 00:06:43,100 --> 00:06:46,900 cost you anything. Speaking of nice, we're going to 117 00:06:46,900 --> 00:06:50,300 be at octane in a couple weeks so for folks listening to this 118 00:06:50,300 --> 00:06:53,600 when it goes live it'll be October 31st which is Halloween. 119 00:06:53,600 --> 00:06:56,000 We definitely Some topics for today, we're going to go over. 120 00:06:56,300 --> 00:06:59,300 I am horror stories that we've got, but before that will be an 121 00:06:59,300 --> 00:07:04,500 octane November 8th to the 10th. In San Francisco, want to give a 122 00:07:04,500 --> 00:07:08,300 shout-out to the Octo folks, as well as specialist even strong. 123 00:07:08,700 --> 00:07:10,600 Definitely hooking us up. We actually have a spot to 124 00:07:10,600 --> 00:07:14,800 record on the sort of show for, I guess, have I've seen 125 00:07:14,800 --> 00:07:17,100 schematics. So I'm not exactly sure exactly 126 00:07:17,100 --> 00:07:20,000 how it'll be laid out but from from our Vantage box, when we 127 00:07:20,000 --> 00:07:21,900 see it seems like it's gonna be pretty cool spot. 128 00:07:22,200 --> 00:07:24,100 At least will be, you know, out there. 129 00:07:24,200 --> 00:07:26,700 And visible for folks. And we might even have a logo or 130 00:07:26,700 --> 00:07:28,800 something like that on our little spot. 131 00:07:28,800 --> 00:07:30,600 So it's very cool. Looking forward to getting some 132 00:07:30,600 --> 00:07:32,300 folks. I know you been looking at 133 00:07:32,300 --> 00:07:36,600 getting some some guests lined up for episodes and I think I 134 00:07:36,600 --> 00:07:39,500 think what I'm thinking is it'll probably very similar to what we 135 00:07:39,500 --> 00:07:42,400 did for Gartner's. I am Summit and the authenticate 136 00:07:42,400 --> 00:07:45,800 conference where, you know, record several episodes and sort 137 00:07:45,800 --> 00:07:50,100 of try to release them on a daily Cadence to kind of cover 138 00:07:50,100 --> 00:07:53,500 what we're seeing and hearing those days as well as the 139 00:07:53,500 --> 00:07:55,100 conversation. We're having with the really 140 00:07:55,100 --> 00:07:59,500 smart identity, folks there. So, I've got, I've also got to 141 00:07:59,500 --> 00:08:03,200 say, like, you know, yes, shout out to Stephen. 142 00:08:03,600 --> 00:08:07,000 I think, have we made this request three years ago though. 143 00:08:07,200 --> 00:08:11,100 I mean, the, the podcast was, you know, not as well-known. 144 00:08:11,100 --> 00:08:14,400 Let's just say that I've gotten to the point where, when I reach 145 00:08:14,400 --> 00:08:19,200 out to people to be guests on the podcast, I've rarely get a 146 00:08:19,200 --> 00:08:21,000 know. The only time people say no is 147 00:08:21,000 --> 00:08:26,500 like if their corporation or Or I guess their PR department 148 00:08:26,500 --> 00:08:30,600 forbids them from doing media. I'm like, oh yeah, that's right. 149 00:08:30,600 --> 00:08:33,400 We are media. Yeah it's really weird to hear 150 00:08:33,400 --> 00:08:35,900 like you're somebody at Gartner called as journalists and like 151 00:08:36,000 --> 00:08:38,500 journalists and like very big quotation marks. 152 00:08:38,500 --> 00:08:40,100 Like I don't consider myself one. 153 00:08:40,100 --> 00:08:42,500 Like, I'm just an idiot talking about identity. 154 00:08:43,000 --> 00:08:47,300 Yes, yeah, I mean that's really but, you know, now that I mean, 155 00:08:47,500 --> 00:08:52,900 a lot of people download the podcast and it's becoming pretty 156 00:08:52,900 --> 00:08:55,100 well-known. It's very cool. 157 00:08:55,100 --> 00:08:57,300 Definitely appreciate folks, who listen, if you fear. 158 00:08:57,400 --> 00:08:59,500 Listen to this. Now take a moment hit that 159 00:08:59,500 --> 00:09:02,300 thumbs up or subscribe or rape button, whatever it is. 160 00:09:02,600 --> 00:09:04,900 It definitely helps when we get that kind of stuff done. 161 00:09:04,900 --> 00:09:08,800 So you know just helps us continue to to bring 162 00:09:08,800 --> 00:09:13,100 conversations and you know, stay event as vendor-neutral and 163 00:09:13,100 --> 00:09:16,200 agnostic as we can and you know we're still commercial-free. 164 00:09:16,200 --> 00:09:20,200 So all that little stuff kind of helps us continue to doing 165 00:09:20,200 --> 00:09:23,500 things like this. Yeah, absolutely. 166 00:09:23,500 --> 00:09:26,200 So, what I would jump right into a Jeff. 167 00:09:26,200 --> 00:09:31,500 I mean, you know, this was kind of like my crazy Oddball idea 168 00:09:31,500 --> 00:09:36,600 and we had a few folks who would very much appreciate you took 169 00:09:36,600 --> 00:09:42,700 the time to kind of record audio and the, I the question was, can 170 00:09:42,700 --> 00:09:45,800 you share an? I am Horror Story. 171 00:09:46,100 --> 00:09:49,500 And you know, these aren't like slasher movies. 172 00:09:50,700 --> 00:09:54,700 It's like where I am. Has gone bad or you had to end 173 00:09:54,700 --> 00:09:58,000 up working in entire weekend to kind of clean up a mess. 174 00:09:58,400 --> 00:10:01,200 That's the kind of horror stories that we generally have 175 00:10:01,200 --> 00:10:04,600 an I am. But yeah, if you have come 176 00:10:04,600 --> 00:10:08,000 through and I was like these are good stories and then you know, 177 00:10:08,000 --> 00:10:11,100 at the end what we're going to do is kind of share our her 178 00:10:11,100 --> 00:10:14,300 stories. Yeah so we've got four audio 179 00:10:14,300 --> 00:10:17,600 clips that will play here and kind of listen to and reacts in 180 00:10:17,600 --> 00:10:20,900 disgust, I've got a written one from a new member of our team 181 00:10:20,900 --> 00:10:23,100 here. And then yeah, You and I will go 182 00:10:23,100 --> 00:10:25,800 and then we'll end on a lighter note and I get things done. 183 00:10:25,800 --> 00:10:31,200 So let's go ahead and start with our friend Alec fry AKA for 184 00:10:31,200 --> 00:10:32,600 identity. He's been on the show a couple 185 00:10:32,600 --> 00:10:35,700 times and here's what he has for his Horror Story. 186 00:10:37,600 --> 00:10:41,800 Jesse and Jim for identity here. Why Horror Story here and I am 187 00:10:41,800 --> 00:10:46,700 was a long time ago in the late 90s, when RSA security tokens 188 00:10:46,700 --> 00:10:50,900 were all the rage my colleague and I were on site doing an 189 00:10:50,900 --> 00:10:54,900 upgraded, a customer's environment and the right at the 190 00:10:54,900 --> 00:10:57,600 key time. I'd said to my colleague, now 191 00:10:57,600 --> 00:11:01,100 when I say, I want you to delete the master database because 192 00:11:01,100 --> 00:11:03,200 there was a master and a slave or I guess we should Now call 193 00:11:03,200 --> 00:11:04,900 them primary and secondary server. 194 00:11:05,500 --> 00:11:08,200 But I said when I say Delete the data bison. 195 00:11:08,200 --> 00:11:13,100 He tap on the keyboard said yet done I said no no, I said when I 196 00:11:13,100 --> 00:11:15,800 say because it was some background noise he didn't hear 197 00:11:15,800 --> 00:11:18,700 me say that. So we both looked at each other 198 00:11:19,100 --> 00:11:22,400 and very quickly. Profuse sweat started pouring 199 00:11:22,400 --> 00:11:27,300 down our faces and I realized we had anywhere between about 15 200 00:11:27,300 --> 00:11:31,800 seconds and five minutes before that change was permanent and 201 00:11:31,800 --> 00:11:33,800 all users had been deleted from the system. 202 00:11:34,300 --> 00:11:38,600 So luckily I realized very quickly If we stop the server, 203 00:11:38,900 --> 00:11:43,800 make a copy of the database and started again, which we did, 204 00:11:43,900 --> 00:11:48,300 then the system was or ignorant. All systems were unaccessible, 205 00:11:48,300 --> 00:11:51,000 for a total of about five to eight seconds. 206 00:11:51,200 --> 00:11:54,900 So making it making sure we could recover really quickly was 207 00:11:54,900 --> 00:11:57,400 lucky, because there, the network was down from that 208 00:11:57,400 --> 00:12:00,600 perspective, only for about five to eight seconds, but once that 209 00:12:00,600 --> 00:12:02,900 was done, we were able to just copy the master database back 210 00:12:02,900 --> 00:12:05,800 and recover from it. But the most fun part of that 211 00:12:05,800 --> 00:12:08,100 story was right when we're in the To live that if that 212 00:12:08,100 --> 00:12:10,000 realization in the sweat was pouring down. 213 00:12:10,300 --> 00:12:13,100 That was when the senior exec from that customer site, walked 214 00:12:13,100 --> 00:12:14,700 past us. And said, how's it going guys? 215 00:12:14,700 --> 00:12:17,000 Everything good. We post just looked at as best. 216 00:12:17,000 --> 00:12:18,700 We could wait. Yes. 217 00:12:19,100 --> 00:12:22,400 So luckily it turned out well and everything was fine, but it 218 00:12:22,400 --> 00:12:26,100 was a huge scare. So from now on, I make sure that 219 00:12:26,100 --> 00:12:28,700 people don't tap keyboards and I, and they clearly hear me when 220 00:12:28,700 --> 00:12:31,600 I say when I say, go do this action. 221 00:12:32,100 --> 00:12:34,200 Anyway, that's my story. Happy Halloween. 222 00:12:35,600 --> 00:12:39,800 Okay, so I know I get your thoughts but immediately I have 223 00:12:39,800 --> 00:12:44,200 Shivers around RS 80 and having been on the operation side, in 224 00:12:44,200 --> 00:12:47,100 the logistics side of just trying to get those out there 225 00:12:47,100 --> 00:12:50,600 and I'm thinking like okay you delete a master the master 226 00:12:50,600 --> 00:12:54,300 database for the RSA server and you're going to have to go off 227 00:12:54,300 --> 00:12:58,900 and re-enroll all those people potentially have to do token 228 00:12:58,900 --> 00:13:01,500 swaps. Oh that is bad. 229 00:13:02,000 --> 00:13:05,200 Yeah that's what that's like the you just click. 230 00:13:05,400 --> 00:13:09,700 Sudden an email and your this story sounded to me, like, you 231 00:13:09,700 --> 00:13:12,700 just sent the email and you're like, oh no, did I send that to 232 00:13:12,700 --> 00:13:15,900 the wrong person to go to check? And you're like, oh my goodness. 233 00:13:15,900 --> 00:13:17,900 I didn't. But the way your heart would 234 00:13:17,900 --> 00:13:19,900 like, pounding out of your chest. 235 00:13:20,300 --> 00:13:25,700 I also was thinking as Alec was telling my story that, you know, 236 00:13:26,100 --> 00:13:28,800 most modern systems that are going to be cloud-based. 237 00:13:28,800 --> 00:13:33,100 Probably don't you have the ability to delete the master 238 00:13:33,100 --> 00:13:39,000 database, but if you do, Do might not be so easy to kind of 239 00:13:39,300 --> 00:13:41,700 stop the stop, the problem on the spot, right? 240 00:13:41,700 --> 00:13:45,700 You have less control over the system, so probably have a 241 00:13:45,700 --> 00:13:49,200 harder time inflicting damage but also a harder time 242 00:13:49,200 --> 00:13:52,000 recovering from damage. Yeah, that's the whole point, 243 00:13:52,000 --> 00:13:53,000 right? Is you're in the cloud. 244 00:13:53,000 --> 00:13:54,400 So you don't have to worry about that kind of stuff. 245 00:13:54,400 --> 00:13:57,900 So and it's not like you can just hey, you know, let's let's 246 00:13:57,900 --> 00:14:01,700 bring down OCTA for everybody because like, that's not it. 247 00:14:01,700 --> 00:14:03,300 That's not a, that's not a thing. 248 00:14:03,300 --> 00:14:06,400 Sorry, yeah, yeah. That's a good one. 249 00:14:06,400 --> 00:14:07,800 A like thanks for sending out one in. 250 00:14:07,800 --> 00:14:11,400 Let's go to our next one. Another person who's been on the 251 00:14:11,400 --> 00:14:13,700 show, Andrew chant the phone. He's got a lot of exciting 252 00:14:13,700 --> 00:14:16,000 things going on. I think he's gonna share some 253 00:14:16,000 --> 00:14:17,200 news here in a little bit with us. 254 00:14:17,200 --> 00:14:19,500 So we'll give kind of a sneak T sneaked. 255 00:14:19,500 --> 00:14:22,300 He's hopefully so Andrew when you're ready to share that, you 256 00:14:22,300 --> 00:14:24,000 know, let us know and we'll be happy to promote it. 257 00:14:24,000 --> 00:14:29,200 But here is his or her story. Hey, Jim. 258 00:14:29,200 --> 00:14:33,200 And Geoff Andrew here. And I want to give you a fun 259 00:14:33,300 --> 00:14:38,500 Horror Story for your podcast. So I work for a company that had 260 00:14:38,500 --> 00:14:42,700 a shared passwords used across multiple departments and this 261 00:14:42,700 --> 00:14:45,500 was a very common shared password that was actually 262 00:14:45,500 --> 00:14:49,600 shared among a internal messaging system. 263 00:14:49,700 --> 00:14:54,100 I won't name the message system and also has put on a t-shirt so 264 00:14:54,100 --> 00:14:56,000 which is scary and people knew it. 265 00:14:56,500 --> 00:14:58,400 Well, I found out it made me sick. 266 00:14:58,600 --> 00:15:03,600 Stomach as an IM person however we did get it to finally remove 267 00:15:03,900 --> 00:15:08,400 the usage of this password across all areas, this password 268 00:15:08,400 --> 00:15:12,700 was used for multiple things, such as shared accounts and also 269 00:15:12,800 --> 00:15:16,200 service accounts which is scary as it is. 270 00:15:16,300 --> 00:15:20,400 But moved all those passwords. All the any scripting language 271 00:15:20,400 --> 00:15:22,100 that uses that passwords do fault. 272 00:15:22,200 --> 00:15:24,700 He took care of source no longer being used but yeah, dumb 273 00:15:24,700 --> 00:15:27,600 something that is a scary horse or a diet of the great for your 274 00:15:27,600 --> 00:15:30,400 body cast. Thanks so much for taking my 275 00:15:30,400 --> 00:15:34,300 Horror Story and pretty scary. See ya. 276 00:15:35,300 --> 00:15:42,500 Okay, the path of a password made into a t-shirt. 277 00:15:42,800 --> 00:15:46,400 I mean, come on man. Really yeah. 278 00:15:46,400 --> 00:15:50,300 That was pretty bad. I also think, though it's 279 00:15:51,300 --> 00:15:55,800 Somewhat because of the time frame, we know that Andrews not 280 00:15:55,800 --> 00:15:59,400 like a old guy like me. And you I kind of was thinking 281 00:15:59,400 --> 00:16:03,600 back to when I first started in it having the password 282 00:16:03,600 --> 00:16:08,200 spreadsheet on a file share and somebody explains me. 283 00:16:08,200 --> 00:16:10,900 I was fine. It's Pastor the spreadsheets 284 00:16:10,900 --> 00:16:13,000 password-protected. Oh yeah and you can't break 285 00:16:13,000 --> 00:16:16,000 Excel passwords. I mean no notoriously difficult. 286 00:16:16,200 --> 00:16:17,700 Yeah, yeah. It's not like there's like 287 00:16:17,700 --> 00:16:20,800 shareware out there that you can do it for free and no problem. 288 00:16:21,400 --> 00:16:25,000 And yeah, it is said there were the service accounts that the 289 00:16:25,000 --> 00:16:27,700 passwords never got changed. Everybody knew them. 290 00:16:27,900 --> 00:16:30,300 I was like oh yeah well change them if somebody leaves. 291 00:16:31,000 --> 00:16:36,200 Yeah, right, I mean I'm speculating here but this half 292 00:16:36,200 --> 00:16:40,500 this has to have been like a really funny password or 293 00:16:40,500 --> 00:16:44,700 something was inside joke. But I mean seriously like if 294 00:16:44,700 --> 00:16:49,800 even if this was within the last 15 years, let's say like who 295 00:16:49,800 --> 00:16:51,100 thought this was a good idea. Idea. 296 00:16:51,100 --> 00:16:52,900 Hey, let's put our password and a t-shirt. 297 00:16:54,200 --> 00:17:00,500 Yeah, I mean that's I'm sorry, but that is, I don't know 298 00:17:00,508 --> 00:17:03,000 what's, I don't know what the right management term would be, 299 00:17:03,000 --> 00:17:05,400 but would be like, someone's going on a performance 300 00:17:05,400 --> 00:17:10,200 Improvement plan right away. Yeah, the very least if not 301 00:17:10,200 --> 00:17:12,500 more, but okay, and her, that was a good one. 302 00:17:12,900 --> 00:17:16,700 Let's go next to a row. He landed in a whole tree. 303 00:17:17,099 --> 00:17:20,200 I know he's someone you've worked with in the past, but 304 00:17:20,200 --> 00:17:24,800 let's listen to Everyone. This is Rohit at military and I 305 00:17:24,808 --> 00:17:28,700 am a senior director of, I am at a Fortune 100 company. 306 00:17:29,200 --> 00:17:33,100 Both of these stories are about 7, to 10 years old, when I was 307 00:17:33,100 --> 00:17:35,700 working, as an architect in, I am domain. 308 00:17:36,200 --> 00:17:39,500 So the first story goes like this, one of the companies that 309 00:17:39,500 --> 00:17:44,100 I was working for was using Oracle identity manager, Why I 310 00:17:44,108 --> 00:17:48,600 am was probably the hottest idea tool in the Market at that time. 311 00:17:49,100 --> 00:17:52,200 And oh, I am uses SOA as their approval in je. 312 00:17:53,300 --> 00:17:56,300 The approval workflows are deployed on the server as 313 00:17:56,300 --> 00:17:59,700 Composites. When you deploy a new composite, 314 00:17:59,800 --> 00:18:02,400 you have to change the version else. 315 00:18:02,400 --> 00:18:05,800 All in-flight request will be rendered invalid. 316 00:18:06,900 --> 00:18:10,200 So this company moved from the waterfall model to Agile model 317 00:18:10,200 --> 00:18:14,900 recently and the team was still getting used to And new devops 318 00:18:14,900 --> 00:18:18,500 resources coming in. So there was a lot of chaos and 319 00:18:18,500 --> 00:18:21,300 not all the processes work correctly, understood or 320 00:18:21,300 --> 00:18:24,300 documented. So now the deployment team 321 00:18:24,600 --> 00:18:28,000 during the build, did not update the version in the properties 322 00:18:28,000 --> 00:18:32,700 file and the composite was deployed over an existing 323 00:18:32,700 --> 00:18:35,500 version. What that meant was there were 324 00:18:35,500 --> 00:18:39,500 about 300, in-flight requests, all rendered invalid. 325 00:18:40,300 --> 00:18:43,600 Some of these requests were raised by senior leadership The 326 00:18:43,600 --> 00:18:48,400 c-suite, there was no time for automation for any correction. 327 00:18:49,000 --> 00:18:52,200 So I am operations. Team had to manually raise 328 00:18:52,200 --> 00:18:56,800 multiple requests which was high priority and face the backlash 329 00:18:56,800 --> 00:19:01,100 for emails being sent out and overall confusion, it really 330 00:19:01,100 --> 00:19:04,600 dented, everyone's trust in the IM team at that point and took 331 00:19:04,600 --> 00:19:07,500 us some while for us to regain that confidence of all 332 00:19:07,500 --> 00:19:10,900 stakeholders. But it did help in a way that it 333 00:19:10,900 --> 00:19:13,400 was a good learning experience for us. 334 00:19:13,600 --> 00:19:19,600 No, that switching the models at such a expedited way, was not 335 00:19:19,600 --> 00:19:22,600 the best thing to do. Another horror story is with 336 00:19:22,600 --> 00:19:26,700 regards to one of the consulting firms that came in, I was a 337 00:19:26,700 --> 00:19:31,400 developer at this farm and I was tasked to create a custom engine 338 00:19:31,700 --> 00:19:35,900 for rule creation. So this for the custom UI on top 339 00:19:35,900 --> 00:19:38,000 of their existing identity engine. 340 00:19:38,800 --> 00:19:43,000 A requester, can go in raise a request or create a request for 341 00:19:43,000 --> 00:19:45,100 a new role, provide all the inputs. 342 00:19:45,300 --> 00:19:48,700 It went through the approval process and, you know, the 343 00:19:48,800 --> 00:19:50,600 generate approval workflow took place. 344 00:19:51,400 --> 00:19:55,500 Most of these words today are being done in service now, but 345 00:19:56,000 --> 00:19:57,900 it was what the client wanted at that time. 346 00:19:58,700 --> 00:20:03,300 So, while we were creating this engine for creating new roles, I 347 00:20:03,300 --> 00:20:09,200 consulting firm was hired. This consulting firm came in and 348 00:20:09,200 --> 00:20:12,700 they were tasked to create a role based access control 349 00:20:12,700 --> 00:20:16,400 strategy in terms of what the nomenclature would be. 350 00:20:16,800 --> 00:20:20,000 What the business rule? The birthright roll, the it roll 351 00:20:20,000 --> 00:20:24,700 the application roles would mean, but most importantly, how 352 00:20:24,700 --> 00:20:26,900 will they be created? What would be the mining 353 00:20:26,900 --> 00:20:30,400 strategy? So, this T came in and created a 354 00:20:30,408 --> 00:20:32,900 deck with all the buzz word bingos. 355 00:20:34,300 --> 00:20:38,700 Also, an application was chosen for pilot for the about 30 356 00:20:38,700 --> 00:20:43,000 entitlements, in 10 users. So this all went well until it 357 00:20:43,000 --> 00:20:48,500 was time for real work. Now, what we realized was that 358 00:20:48,500 --> 00:20:52,800 by strategy, did not scale There was a patient's like create 359 00:20:52,800 --> 00:20:57,700 metadata for each entitlement which was unachievable to see. 360 00:20:57,700 --> 00:21:02,100 The least there was also no regards for complex 361 00:21:02,100 --> 00:21:04,900 authorization systems like Mainframe. 362 00:21:05,400 --> 00:21:11,200 The strategy was very flat, very simplistic and not scalable. 363 00:21:11,700 --> 00:21:15,300 Although the slides for very very pretty I would say that the 364 00:21:15,308 --> 00:21:19,600 strategy was not worth the paper, it was printed on now the 365 00:21:19,600 --> 00:21:23,700 higher management friend. Like all our team had to do was 366 00:21:23,700 --> 00:21:27,200 done the model which was Northern Ireland feasible, nor 367 00:21:27,200 --> 00:21:30,900 useful and we would be presented with this set of brand new 368 00:21:30,900 --> 00:21:34,300 shining rolls, which was not the case. 369 00:21:34,800 --> 00:21:38,900 So ultimately what happened was we had to go back to the drawing 370 00:21:38,900 --> 00:21:43,400 board, to create our are back strategy and we then created an 371 00:21:43,400 --> 00:21:49,800 approach which was scalable and more importantly, feasible, it 372 00:21:49,800 --> 00:21:52,500 was a good learning experience. Dance, for all of us, including 373 00:21:52,500 --> 00:21:57,600 the strategy leadership and the developers as to how to employ 374 00:21:57,600 --> 00:22:00,400 these consulting firms. Thank you for having me on the 375 00:22:00,400 --> 00:22:01,900 show. Have a good day. 376 00:22:02,900 --> 00:22:06,400 All right, so this one involves two of, probably what I think 377 00:22:06,400 --> 00:22:08,800 are more the more challenging things to roll out access 378 00:22:08,800 --> 00:22:12,200 requests and are back. Yeah. 379 00:22:12,200 --> 00:22:15,500 I mean they're and their standard issue like everybody's 380 00:22:15,500 --> 00:22:21,100 trying to do these things. All right I think bro hit first 381 00:22:21,300 --> 00:22:27,700 that was a really well to really well told stories and kind of my 382 00:22:27,700 --> 00:22:30,800 react. My initial reaction is I guess 383 00:22:30,800 --> 00:22:35,100 I'm thinking like career-wise, you have to go through these 384 00:22:35,100 --> 00:22:36,900 hard times. You have to go through these 385 00:22:36,900 --> 00:22:40,100 mistakes. Otherwise, you know, you don't 386 00:22:40,100 --> 00:22:41,600 know what to avoid. Be nice too. 387 00:22:41,700 --> 00:22:45,500 I think that our careers building one success on top of 388 00:22:45,500 --> 00:22:50,400 the neck success but the reality is is like some spots on the way 389 00:22:50,600 --> 00:22:53,100 you have to fail. And if you don't go through 390 00:22:53,100 --> 00:22:57,400 those failures, your you I say you learn more from your 391 00:22:57,400 --> 00:22:59,600 failures than you do from your successes. 392 00:23:00,200 --> 00:23:03,700 Well, there are definitely a powerful reminder on what got to 393 00:23:03,700 --> 00:23:05,400 be right. So you don't touch the hot 394 00:23:05,400 --> 00:23:06,300 thing. Oh, okay. 395 00:23:06,400 --> 00:23:07,900 And then you burn it in your hand, right? 396 00:23:07,900 --> 00:23:10,400 Okay, yeah, I'm definitely not going to do that, you know, I 397 00:23:10,400 --> 00:23:11,600 think I think you're totally right. 398 00:23:11,700 --> 00:23:14,400 Right. I think, you know, learning 399 00:23:15,100 --> 00:23:21,800 through mistakes is great, from a learning perspective. 400 00:23:22,700 --> 00:23:25,700 It does not solve the problem of the damage that can be done 401 00:23:25,700 --> 00:23:28,500 though when it happens. I think this is something that 402 00:23:28,500 --> 00:23:31,900 you know life is life is messy. Just like identity and access 403 00:23:31,900 --> 00:23:34,200 management is you can have a great plan, it sounds like these 404 00:23:34,200 --> 00:23:35,800 you know. I'm not sure who the Consultants 405 00:23:35,800 --> 00:23:39,600 were came in and created this, you know, our back strategy and 406 00:23:39,600 --> 00:23:41,600 yeah, it looks good on paper, right? 407 00:23:41,700 --> 00:23:44,600 Very pretty slide which we love and Consulting, right? 408 00:23:45,900 --> 00:23:48,900 But when it hit the real world, it fell flat on its face and 409 00:23:48,900 --> 00:23:51,400 just didn't work. And I think that is, that is 410 00:23:51,400 --> 00:23:55,000 something every I am program needs to be prepared for, right. 411 00:23:55,000 --> 00:24:00,300 You can go through planning and strategy and like, yeah. 412 00:24:00,300 --> 00:24:03,800 We've got this great plan and, you know, when it collides with 413 00:24:03,800 --> 00:24:06,900 the real world, you have to be prepared for things that that 414 00:24:06,900 --> 00:24:09,600 just don't go, right? Maybe assumption was off, maybe 415 00:24:09,600 --> 00:24:11,100 something changed in the business. 416 00:24:11,700 --> 00:24:13,900 You know, parameters that cause it not to work anymore. 417 00:24:13,900 --> 00:24:16,300 And this, you know, this isn't specific to just to our back, 418 00:24:16,300 --> 00:24:18,000 which is notoriously difficult. Anyway. 419 00:24:18,500 --> 00:24:20,200 It could be anything, right? You can go through all this 420 00:24:20,200 --> 00:24:22,700 stuff and say, hey, we're gonna get this thing rolled out and 421 00:24:22,700 --> 00:24:24,600 then all of a sudden, next thing, you know, you're waiting 422 00:24:25,000 --> 00:24:28,000 a month because you still don't have a development environment, 423 00:24:28,200 --> 00:24:29,600 right? Something like that. 424 00:24:30,700 --> 00:24:34,900 It's it's interesting for sure. Yeah, I mean, you know, the 425 00:24:34,900 --> 00:24:38,200 other reminder that comes from this is that there are certain 426 00:24:38,500 --> 00:24:42,500 kind of core ingrained, I'll even call them T-they're not 427 00:24:42,500 --> 00:24:47,100 really information security or I am best practices and however, 428 00:24:47,100 --> 00:24:51,400 you feel about that term. They're kind of the basics basic 429 00:24:51,400 --> 00:24:54,100 blocking and tackling of how to do ITT. 430 00:24:54,300 --> 00:24:57,200 You don't take your sandbox environment and wire it to 431 00:24:57,200 --> 00:25:01,000 production, that's one, right? Like we all agree with, you 432 00:25:01,000 --> 00:25:06,700 know, yes, you shouldn't do that and if you do, you are taking 433 00:25:06,700 --> 00:25:09,200 preparing be prepared for the Fallout. 434 00:25:09,300 --> 00:25:14,400 The other is, you know, over Communicate, you've got to make 435 00:25:14,400 --> 00:25:16,200 sure that people know what's coming. 436 00:25:16,500 --> 00:25:22,400 Another is try to pile it and, you know, roll out your system 437 00:25:22,400 --> 00:25:26,100 to a small number of people who hopefully are representative of 438 00:25:26,100 --> 00:25:30,200 the whole, but rather than impact, 100,000 people, with 439 00:25:30,200 --> 00:25:34,700 your change, try to do it to 100 people, and then working on from 440 00:25:34,700 --> 00:25:38,900 there, Yeah, I think rolling a 6 out, take a small group, always 441 00:25:38,900 --> 00:25:42,800 make sense, especially if you can, if you can tie that roll 442 00:25:42,800 --> 00:25:45,100 out to a part of the business that you're trying to make 443 00:25:45,100 --> 00:25:49,000 friends with, right? So it's if you, if they go into 444 00:25:49,000 --> 00:25:50,700 this and say, hey, you know what, we're on this new, this 445 00:25:50,700 --> 00:25:53,000 new technology, this new business process, whatever may 446 00:25:53,000 --> 00:25:56,300 be, and we think it's going to solve a lot of problems. 447 00:25:56,300 --> 00:25:59,200 May be that you're having, would you be willing to help us test 448 00:25:59,200 --> 00:26:03,000 this and be part of helping make sure this goes well for the rest 449 00:26:03,000 --> 00:26:05,900 of the organization. I've never had a business unit. 450 00:26:06,000 --> 00:26:10,000 I can say no, they always want to be part of this and it is 451 00:26:10,000 --> 00:26:11,600 long as you set the appropriate expectation. 452 00:26:11,600 --> 00:26:13,900 Like, yeah, we know that there may be some issues that come up 453 00:26:13,900 --> 00:26:17,800 but we want you to help us make this right for the rest of the 454 00:26:17,800 --> 00:26:19,500 organization. In addition to yourself. 455 00:26:19,500 --> 00:26:22,100 Like I've never had anybody come back and say, no, not 456 00:26:22,100 --> 00:26:25,200 interested, here's one of the hardest ones I think. 457 00:26:25,200 --> 00:26:28,100 Overall, if you're a practitioner anywhere and it, 458 00:26:28,600 --> 00:26:32,200 you know, specifically I am sure, but it's when you have the 459 00:26:32,200 --> 00:26:35,800 executive pressure, like, here's some artificial date. 460 00:26:36,000 --> 00:26:37,900 Eight that this needs to be done by. 461 00:26:38,600 --> 00:26:41,600 And, you know, it's kind of like you're under pressure to hit 462 00:26:41,600 --> 00:26:43,800 some date. But, you know, in your heart of 463 00:26:43,808 --> 00:26:47,600 hearts, that that's not going to work or that's going to be very 464 00:26:47,600 --> 00:26:49,800 bad, that's going to have some bad consequences. 465 00:26:50,100 --> 00:26:52,200 What's the level of push back to give? 466 00:26:52,400 --> 00:26:55,500 And I think that this is like, where take some touch and take 467 00:26:55,500 --> 00:26:59,500 some maturity. Because if you signed up for it, 468 00:26:59,800 --> 00:27:03,200 you're almost doomed to fail. And if you push back, you might 469 00:27:03,200 --> 00:27:06,800 be seen as you're not a team player or you're just You know 470 00:27:07,200 --> 00:27:12,900 to - to be, you know, able to move up the move up the ladder. 471 00:27:14,600 --> 00:27:18,600 Yeah, I think you've got to be able to speak truth to power but 472 00:27:18,600 --> 00:27:24,500 that that spoken truth needs to be appropriately message through 473 00:27:24,500 --> 00:27:28,000 the appropriate channels in a in the proper way. 474 00:27:28,000 --> 00:27:33,500 And I what I mean by that is diplomacy tact thoughtfulness, 475 00:27:33,700 --> 00:27:35,700 right? I think I was given a webinar 476 00:27:35,700 --> 00:27:37,500 yesterday and I was really proud of this analogy. 477 00:27:37,500 --> 00:27:40,000 I came up with what it was like, you know, not everything is an 478 00:27:40,000 --> 00:27:42,900 Avengers level threat right there somewhere. 479 00:27:42,900 --> 00:27:45,100 You can get A good with just Daredevil. 480 00:27:45,100 --> 00:27:49,400 Sorry sorry Daredevil fans but he's not an Avenger since like 481 00:27:50,100 --> 00:27:54,400 you've got to be able to like way what is the risk versus the 482 00:27:54,400 --> 00:27:58,900 reward versus the potential impact and if you're constantly 483 00:27:58,900 --> 00:28:02,000 saying this won't work and it's because it's like a 1% problem 484 00:28:02,000 --> 00:28:04,600 or effects like 1% I think you got to make sure you bring on 485 00:28:04,600 --> 00:28:05,900 your messaging so certainly speak. 486 00:28:05,900 --> 00:28:09,800 Truth to power, do not be afraid to bring up issues and you need 487 00:28:09,800 --> 00:28:12,700 to have developed an. I am program that supports that, 488 00:28:12,800 --> 00:28:14,600 right? It can't just be Be well I'm the 489 00:28:14,600 --> 00:28:16,700 program manager. Everything I say goes and 490 00:28:16,700 --> 00:28:19,700 everything that I say is the way it's going to be and it's always 491 00:28:19,700 --> 00:28:22,100 going to be right. You've got to be able to take 492 00:28:22,100 --> 00:28:25,100 input from all parts of the business, your own teams, 493 00:28:25,100 --> 00:28:28,700 whatever may be. So have a, you know, a, an 494 00:28:28,700 --> 00:28:31,100 environment where you where you do allow that. 495 00:28:31,800 --> 00:28:34,300 And if you are the one speaking up, make sure you're doing it, 496 00:28:34,300 --> 00:28:37,000 the right message, the right vehicle, right? 497 00:28:38,500 --> 00:28:43,000 Have if you've got them stats figures, something right to help 498 00:28:43,000 --> 00:28:45,300 make the case. Yeah, I was thinking of a couple 499 00:28:45,300 --> 00:28:49,700 other tactics to one is, sometimes it's like, hey we're 500 00:28:49,700 --> 00:28:52,800 going to roll out MFA to the entire organization by the end 501 00:28:52,800 --> 00:28:55,500 of the year and here were sitting on November 1st, right? 502 00:28:55,500 --> 00:28:59,400 You're like that's not realistic but maybe we could have the MFA 503 00:28:59,400 --> 00:29:02,700 capability built or we can select a product or we could do 504 00:29:02,700 --> 00:29:09,900 something that isn't short of this audacious goal, but isn't 505 00:29:09,900 --> 00:29:11,700 that? No, we can't do it, right? 506 00:29:11,700 --> 00:29:13,700 It's just hey, we're going to do it and I like it. 507 00:29:13,800 --> 00:29:17,500 A stepwise fashion. The other tactic I was thinking 508 00:29:17,500 --> 00:29:21,800 of is really to try to build support for your idea. 509 00:29:21,800 --> 00:29:26,100 So if there are other peers in your organization who you can 510 00:29:26,300 --> 00:29:29,700 kind of like hey I'd like to have coffee with you and talk 511 00:29:29,700 --> 00:29:34,700 through this issue and here's what my challenges and you got 512 00:29:34,700 --> 00:29:38,900 some other folks who have respect within your 513 00:29:38,900 --> 00:29:40,200 organization. Maybe. 514 00:29:40,500 --> 00:29:45,300 So maybe you report to CIO and you There's big audacious goal 515 00:29:45,300 --> 00:29:48,500 is rolling downhill to you, but there are other folks who report 516 00:29:48,500 --> 00:29:51,800 to the CIO and you kind of like talk through it with them so 517 00:29:51,800 --> 00:29:56,200 that when you go and you try to propose this less than, you 518 00:29:56,200 --> 00:30:01,900 know, less than the full audacious goal that you have 519 00:30:01,900 --> 00:30:06,500 some folks in the room who are kind of in support of your plan. 520 00:30:08,000 --> 00:30:08,800 Yeah. For sure. 521 00:30:08,800 --> 00:30:11,100 I mean you don't want to be voted off the island because 522 00:30:11,100 --> 00:30:13,700 you're by yourself, right? Dalliances? 523 00:30:15,100 --> 00:30:16,900 All right, how about we get to our next one. 524 00:30:17,300 --> 00:30:21,400 We've got Tom Malta. Another individual who's been on 525 00:30:21,400 --> 00:30:23,600 the show before and let's hear from him. 526 00:30:24,500 --> 00:30:27,700 Hey, this is Tom Alta. I am, I am practitioner and the 527 00:30:27,700 --> 00:30:31,000 space for over 22 years and of late. 528 00:30:31,000 --> 00:30:32,500 I've been doing Financial Services. 529 00:30:32,500 --> 00:30:36,500 Strategic advisory work for a number of companies and I'm here 530 00:30:36,500 --> 00:30:40,200 today to tell you a little About a Halloween Horror Story, and I 531 00:30:40,200 --> 00:30:43,500 am. So, this goes back to my first 532 00:30:43,500 --> 00:30:47,500 implementation of I am, when I was running the global program 533 00:30:47,900 --> 00:30:51,600 that could Goldman Sachs, and we spent a lot of time building it 534 00:30:51,600 --> 00:30:57,500 out and on the morning of the go-live, we were attached to the 535 00:30:57,500 --> 00:31:02,200 HR System, obviously pulling an identity events from them and 536 00:31:02,200 --> 00:31:06,300 doing automation to remove Privileges and that night, the 537 00:31:06,300 --> 00:31:12,100 HR team sent Over a file that had all of the London, security, 538 00:31:12,100 --> 00:31:17,000 guards in it. Essentially terminated and we 539 00:31:17,000 --> 00:31:19,700 were scrambling that morning getting all sorts of calls from 540 00:31:19,700 --> 00:31:22,700 the London office as to what happened and what broke down. 541 00:31:23,200 --> 00:31:27,300 And obviously, later on, we found out that the file was 542 00:31:27,300 --> 00:31:32,300 obviously a bad file and ever since that implementation one of 543 00:31:32,308 --> 00:31:35,600 the things, I always advise my clients and what I've done in my 544 00:31:35,600 --> 00:31:39,300 own program since then is to make sure That you have a good 545 00:31:39,300 --> 00:31:44,000 Fail-Safe mechanism when you're attaching automation to any HR 546 00:31:44,000 --> 00:31:47,900 System and not trusting a completely, because mistakes do 547 00:31:47,900 --> 00:31:51,500 happen as in the case of this. And if she could imagine a 548 00:31:51,500 --> 00:31:54,500 couple hundred security guards sitting out on the streets of 549 00:31:54,500 --> 00:31:56,900 London trying to get into office, it wasn't a very 550 00:31:56,900 --> 00:31:59,300 pleasant thing. So I hope that you can learn 551 00:31:59,300 --> 00:32:02,000 from that. And I'm great to share this with 552 00:32:02,300 --> 00:32:06,600 my peers and colleagues at the idec broadcast team and to all 553 00:32:06,600 --> 00:32:07,300 of you. Thank you. 554 00:32:08,600 --> 00:32:10,500 Okay, so the first thing I'm thinking to me is London, 555 00:32:10,500 --> 00:32:12,600 Calling by The Clash and then I actually get into. 556 00:32:12,600 --> 00:32:18,700 I am I mean, it's a good one. I mean, for some reason, I 557 00:32:18,700 --> 00:32:23,400 imagine the security guards at Buckingham Palace with the big 558 00:32:23,400 --> 00:32:26,000 hats. Yeah, but yeah, I'm sure they 559 00:32:26,000 --> 00:32:29,200 weren't happy but I think Tom brings up a great idea which is 560 00:32:29,200 --> 00:32:32,500 like you know, plan for the unexpected. 561 00:32:32,500 --> 00:32:36,700 I mean if it especially in this day of artificial intelligence 562 00:32:36,700 --> 00:32:41,600 to kind of look for something that just doesn't smell right? 563 00:32:41,700 --> 00:32:45,900 And I guess you can imagine so many different scenarios but you 564 00:32:45,900 --> 00:32:50,400 know, a whole department Being terminated at once not a real 565 00:32:50,400 --> 00:32:54,800 likely as maybe something that should kick off some kind of 566 00:32:54,800 --> 00:32:59,700 human intervention I guess I mean that you know some of these 567 00:32:59,700 --> 00:33:04,500 things are probably tough to plan around but that's a great. 568 00:33:04,500 --> 00:33:09,500 I am her story because like who you can just imagine five hours 569 00:33:09,800 --> 00:33:14,300 earlier than I assume Tom was in New York City office at this 570 00:33:14,300 --> 00:33:16,700 time. So he's probably being woken up. 571 00:33:16,900 --> 00:33:19,300 Like yeah, nobody can get into the building. 572 00:33:19,900 --> 00:33:23,900 Yeah, that's an F, no bueno. I guess, you know, score one for 573 00:33:23,900 --> 00:33:27,400 the people who test, right, make sure that as part of your unit 574 00:33:27,400 --> 00:33:30,400 testing or validation. It's like how, how many records 575 00:33:30,400 --> 00:33:32,900 are going to be affected right by this change? 576 00:33:33,500 --> 00:33:37,300 Is that number accurate, right? Is it, is it what you're 577 00:33:37,300 --> 00:33:39,100 expecting? You know, I've seen that a few 578 00:33:39,100 --> 00:33:42,900 times where you go to, like maybe update a Meta, Meta 579 00:33:42,900 --> 00:33:46,000 attribute about somebody, or a certain area. 580 00:33:46,000 --> 00:33:48,700 And you're like, oh, Shoot, I just did it to a whole bunch 581 00:33:48,700 --> 00:33:49,800 more people. I thought it would be right? 582 00:33:49,800 --> 00:33:53,000 And everyone now has like the same title or the same email 583 00:33:53,000 --> 00:33:55,200 address domain subdomain order may be. 584 00:33:55,200 --> 00:33:57,800 So, definitely something you want to think about when you're 585 00:33:58,000 --> 00:34:03,800 when you're rolling stuff out is is the scale of the change you 586 00:34:03,800 --> 00:34:06,500 know, lining up with the expectations are supposed to be? 587 00:34:07,400 --> 00:34:11,199 Yeah, yeah, absolutely. All right, let's go to the next 588 00:34:11,199 --> 00:34:13,199 one. This one is written from the 589 00:34:13,199 --> 00:34:16,199 newest member of the Rockstar RS M, IM team. 590 00:34:16,199 --> 00:34:20,000 This is from Brian Lindstrom. He and I have worked several 591 00:34:20,000 --> 00:34:22,400 years ago in the past. I don't think this is when we 592 00:34:22,400 --> 00:34:23,600 were working at the same company. 593 00:34:23,900 --> 00:34:28,500 I don't recall it but who knows? Anyway well what's that? 594 00:34:28,600 --> 00:34:31,500 It wasn't your fault, right? Yeah I will certainly not. 595 00:34:31,500 --> 00:34:33,000 I mean he definitely is claiming ownership here. 596 00:34:33,000 --> 00:34:36,800 This is a good one too so he writes back in my early days I 597 00:34:36,800 --> 00:34:39,800 was implementing an identity solution and I inadvertently 598 00:34:39,800 --> 00:34:43,900 deleted about 1,000 active directory counts including my 599 00:34:43,900 --> 00:34:46,600 own. I first realized this when I 600 00:34:46,600 --> 00:34:49,699 said Lost access to various applications and network 601 00:34:49,699 --> 00:34:52,900 resources. I tried rebooting my PC, hoping 602 00:34:52,900 --> 00:34:56,100 that would fix my issue. But unfortunately I couldn't log 603 00:34:56,100 --> 00:34:59,800 back in and then picked my head above my cubicle, and start to 604 00:34:59,800 --> 00:35:02,200 hear people complaining about losing access. 605 00:35:02,700 --> 00:35:06,900 I slowly got up walked over to the active directory, guys, and 606 00:35:06,900 --> 00:35:10,600 asked, if they could do a restore public shaming and sued 607 00:35:10,600 --> 00:35:13,900 and a hard lesson was learned when making changes, make sure 608 00:35:13,900 --> 00:35:15,900 you're not in a production environment. 609 00:35:16,000 --> 00:35:17,400 So, congratulations. Relations, Brian. 610 00:35:17,400 --> 00:35:20,000 That is a good horror story was going to say. 611 00:35:20,000 --> 00:35:23,600 Yeah, we started off by saying these aren't / or stories but 612 00:35:23,700 --> 00:35:26,700 that very easily could have turned into a slasher Story. 613 00:35:27,200 --> 00:35:28,200 I mean. How good is that? 614 00:35:28,200 --> 00:35:29,900 I mean, not it's not good, right? 615 00:35:29,900 --> 00:35:33,200 Which is characterized it but from a like a outcome precise, 616 00:35:33,200 --> 00:35:36,900 like I just deleted a thousand accounts including my own so I 617 00:35:36,908 --> 00:35:40,600 can't even fix my own error. I've got to go to someone else 618 00:35:40,600 --> 00:35:43,400 for help I mean that's the Walk of Shame right there it does. 619 00:35:43,400 --> 00:35:46,400 Yeah I was thinking about that walk of shame kind of as we're 620 00:35:46,400 --> 00:35:48,900 listening. Ro his story which was kind of 621 00:35:48,908 --> 00:35:53,100 going back to Oracle identity manager, which kind of reminds 622 00:35:53,100 --> 00:35:57,400 me of the days when you'd still have a lot of Mainframe people 623 00:35:57,400 --> 00:36:00,300 or people who are like, from the Mainframe days and you get the 624 00:36:00,300 --> 00:36:02,600 statement. We never had to deal with this 625 00:36:02,600 --> 00:36:06,500 with the Mainframe, as if the Mainframe was just so perfect. 626 00:36:06,600 --> 00:36:08,400 And there were never any of these issues. 627 00:36:08,400 --> 00:36:13,400 So, yeah, I'm sure that Brian may have heard that echoing 628 00:36:13,400 --> 00:36:15,400 through the hallways, as well. We never had to deal with this 629 00:36:15,400 --> 00:36:18,700 with the Mainframe. Yeah, I lack of the Mainframe 630 00:36:18,700 --> 00:36:21,000 one. I shot out to Leslie who I love 631 00:36:21,000 --> 00:36:22,900 very much. We used to work together a long 632 00:36:22,900 --> 00:36:26,000 time ago and she was a rack F expert. 633 00:36:26,000 --> 00:36:30,100 I was not, I was constantly going to her to fix my mistakes. 634 00:36:31,900 --> 00:36:34,000 Yeah. All right, let's wrap up with 635 00:36:34,100 --> 00:36:36,500 horror stories for you and I want you go first. 636 00:36:37,000 --> 00:36:40,200 Okay, so I was originally planning to tell the horror 637 00:36:40,200 --> 00:36:47,300 story of my first big. I Am project where, you know, We 638 00:36:47,300 --> 00:36:50,300 estimated properly the number of help desk calls are going to 639 00:36:50,300 --> 00:36:54,800 have, but we didn't think they would all happen like 640 00:36:54,800 --> 00:36:59,500 immediately on day one, but I've already told that story once and 641 00:36:59,800 --> 00:37:03,300 you know, if anybody wants to hear it again, we could tell it 642 00:37:03,300 --> 00:37:05,900 again on a future episode. Or I called again, but it 643 00:37:05,900 --> 00:37:09,700 actually, they give like a true. I am Horror Story. 644 00:37:09,700 --> 00:37:15,600 So, when I was at in financial services, working for a client, 645 00:37:15,600 --> 00:37:20,300 I won't say that the Any name we're implementing a new, I am 646 00:37:20,300 --> 00:37:25,200 system and it was like a major deployment replacing, you know, 647 00:37:25,200 --> 00:37:30,300 a lot of manual processes and replacing a basically. 648 00:37:30,300 --> 00:37:33,600 One of the things that was unique about it was it was like 649 00:37:33,600 --> 00:37:36,200 the brand-new version. We were the first big company 650 00:37:36,500 --> 00:37:40,800 rolling in this brand new version of software and when we 651 00:37:40,800 --> 00:37:44,600 got to the first goal, I was like, you know, Friday or 652 00:37:44,600 --> 00:37:47,500 Saturday night like you know, middle of the We're going to go 653 00:37:47,500 --> 00:37:52,100 live and as we're doing all kinds of sat and unit, testing 654 00:37:52,300 --> 00:37:54,200 things for failing, left and right. 655 00:37:54,300 --> 00:37:58,800 And so, we get to the point of the go/no-go decision and made a 656 00:37:58,800 --> 00:38:01,500 decision of no go. So in other words, he had to go 657 00:38:01,500 --> 00:38:06,400 through our rollback plant. So this is why you make the full 658 00:38:06,600 --> 00:38:11,000 cut over plan with a cutback plan because you may have to use 659 00:38:11,000 --> 00:38:12,200 it. And so, we went through the 660 00:38:12,200 --> 00:38:16,600 whole cut back plan, we were able to kind of survive winter. 661 00:38:16,800 --> 00:38:22,100 Another month and like fix a lot of these problems and we got to 662 00:38:22,100 --> 00:38:25,500 the next go/no-go night. It was like a month later on a 663 00:38:25,500 --> 00:38:28,300 Saturday night, going through the whole thing, some things are 664 00:38:28,300 --> 00:38:31,300 failing as a lot better than it was before, but some things are 665 00:38:31,308 --> 00:38:37,300 still filing and like the the top consultant who's actually 666 00:38:37,300 --> 00:38:40,900 like the CEO of the consulting firm that we were using was 667 00:38:40,900 --> 00:38:44,300 like, and you've got to have some guts here and like, and go 668 00:38:44,300 --> 00:38:47,100 forward with this thing and everybody was just like, You 669 00:38:47,100 --> 00:38:50,500 know, looking at me because it was ultimately my decision and I 670 00:38:50,500 --> 00:38:53,500 made the decision like even though we were failing on some 671 00:38:53,500 --> 00:38:55,800 of these things so it's just feeling so much. 672 00:38:55,800 --> 00:38:59,900 Pressure at that moment I said all right we'll go and so we 673 00:38:59,900 --> 00:39:04,500 went and you know, some of the problems with like data 674 00:39:04,500 --> 00:39:09,400 synchronization and provisioning stuff like that and some of the 675 00:39:09,400 --> 00:39:13,000 problems were like, you know, like the data wasn't actually 676 00:39:13,000 --> 00:39:16,900 synchronizing and I mean, I was on like conference calls It's 677 00:39:17,000 --> 00:39:21,500 like everyday. Just literally getting yelled at 678 00:39:22,300 --> 00:39:28,400 for about a month after that, we were like rolling new code every 679 00:39:28,400 --> 00:39:31,400 weekend going through change control every weekend. 680 00:39:31,600 --> 00:39:36,100 I literally was working like 80 hours a week for like a month 681 00:39:36,100 --> 00:39:39,700 straight and then even then I would say, like okay we I wasn't 682 00:39:39,700 --> 00:39:44,200 drowning at that point but it still was you know, tough Sally. 683 00:39:44,300 --> 00:39:46,600 So you know, that was that's true. 684 00:39:46,900 --> 00:39:51,800 Lee was a horror horror story. I think what I learned from that 685 00:39:51,800 --> 00:39:58,300 is that, you know, one like if you don't feel like you can go 686 00:39:58,300 --> 00:40:02,100 live, if you're in that go/no-go decision and everybody's like 687 00:40:02,100 --> 00:40:04,500 pressuring you got to go but you know it's not the right 688 00:40:04,500 --> 00:40:07,100 decision. You got to share the courage to 689 00:40:07,100 --> 00:40:11,400 like say we are we're not going if this is Susan's mind to make, 690 00:40:11,400 --> 00:40:15,200 we are not going and because believe me that pain that I 691 00:40:15,207 --> 00:40:19,200 lived through the next Or weeks and it wasn't just working the 8 692 00:40:19,200 --> 00:40:20,800 hours. It was like getting yelled at 693 00:40:20,800 --> 00:40:25,300 and people think there was no way to pull a victory out of 694 00:40:25,300 --> 00:40:27,500 that. Like it was going to be seen as 695 00:40:27,500 --> 00:40:30,500 a failure, no matter how hard I worked. 696 00:40:30,600 --> 00:40:33,300 Could you imagine that? We like, you're giving up family 697 00:40:33,300 --> 00:40:34,800 time? I had young kids and everything 698 00:40:34,800 --> 00:40:39,700 and like, you know, working 80 hours a week and, you know, it 699 00:40:39,700 --> 00:40:43,200 just like your name is going through the mud so that that 700 00:40:43,200 --> 00:40:46,300 truly was like my slasher. I am Horror Story. 701 00:40:46,900 --> 00:40:50,200 That's yeah, that's a that's a good /, bad one for sure. 702 00:40:51,900 --> 00:40:56,400 Yeah, that's a rough one man. I got questions. 703 00:40:56,400 --> 00:41:00,600 So we're I guess how far along into your career where you is 704 00:41:00,600 --> 00:41:03,300 this like a new Earth like when you're kind of newer or is kind 705 00:41:03,300 --> 00:41:06,500 of middle, like how did you recover from this? 706 00:41:06,500 --> 00:41:09,300 I mean, this can be sometimes seen as like a career sort of 707 00:41:09,308 --> 00:41:11,300 limiting move, right? For some folks. 708 00:41:11,600 --> 00:41:19,500 So it was like mid-career it was probably the last time I was 709 00:41:19,500 --> 00:41:24,900 practitioner before going into Consulting and it was by far the 710 00:41:25,400 --> 00:41:28,500 toughest one that I had here was what happened was prior to the 711 00:41:28,500 --> 00:41:36,400 first, you know, pull out. I was not the I am program lead 712 00:41:36,900 --> 00:41:43,000 the lead quit, I think he saw the writing on the wall that 713 00:41:43,000 --> 00:41:48,800 like this project was heading for a crash and so I was offered 714 00:41:48,800 --> 00:41:53,000 the job for me it was a major promotion but I also knew that 715 00:41:53,300 --> 00:41:57,900 here in for some painful times I took the promotion anyway and 716 00:41:58,100 --> 00:42:00,400 now I'm responsible for this thing. 717 00:42:01,100 --> 00:42:04,100 And we're heading for the crash and like fortunately. 718 00:42:04,200 --> 00:42:06,700 At that point we hadn't pulled the plug yet. 719 00:42:06,700 --> 00:42:10,200 So that was the time and like we pulled the plug that we had to 720 00:42:10,200 --> 00:42:12,500 work. Hard to still get the system 721 00:42:12,500 --> 00:42:15,700 deployed but then on that second one I should have had the 722 00:42:15,700 --> 00:42:21,100 courage to pull the plug again, but I just felt like too much 723 00:42:21,100 --> 00:42:22,700 pressure. Have to go live. 724 00:42:22,800 --> 00:42:26,600 It was a big mistake. Yeah, it sounds like it, but I 725 00:42:26,600 --> 00:42:27,900 guess. It worked out in the end. 726 00:42:29,300 --> 00:42:33,700 I mean, I I think if we pulled the plug we could have solved 727 00:42:33,700 --> 00:42:36,200 some of the issues but eventually we did have to rip 728 00:42:36,200 --> 00:42:41,200 off the Band-Aid and go live and then you know I think also being 729 00:42:41,200 --> 00:42:46,300 alive gave us more flexibility to address some of the changes. 730 00:42:47,100 --> 00:42:50,100 I don't know. I mean it's definitely I learned 731 00:42:50,100 --> 00:42:53,000 a lot from it. One of the other things I 732 00:42:53,000 --> 00:42:58,700 learned was do not. Stake your career on you know, 733 00:42:58,700 --> 00:43:01,900 doing The Cutting Edge, latest version that nobody else has 734 00:43:02,200 --> 00:43:05,000 rolled out yet. That's not that's not a good 735 00:43:05,000 --> 00:43:07,800 career move. Yeah, you got to be really ready 736 00:43:07,800 --> 00:43:10,700 for bleeding edge pain. If you could have bleeding edge 737 00:43:10,700 --> 00:43:12,600 technology. Yeah, that's a good one. 738 00:43:12,600 --> 00:43:14,500 I'm sorry, man. That's that's, that's a that's a 739 00:43:14,500 --> 00:43:18,100 good horror story. Let's see, I've got to kind of 740 00:43:18,100 --> 00:43:21,200 small ones that will close off with one is a story. 741 00:43:21,200 --> 00:43:26,800 I think I've told before but it was New Year's Eve and I got 742 00:43:26,800 --> 00:43:31,900 stuck creating like I do five or 600 manually creating five or 743 00:43:31,900 --> 00:43:35,100 600 ldap accounts because I didn't have any Automation in 744 00:43:35,100 --> 00:43:38,100 place and it was all stuff that I just saw coming. 745 00:43:38,100 --> 00:43:41,800 I was like, you know, poor planning on the business side of 746 00:43:41,800 --> 00:43:45,500 things like, oh we'll just give it to it, operations, and I am 747 00:43:45,500 --> 00:43:47,900 operations. Kind of fix for us, was 748 00:43:47,900 --> 00:43:49,800 contract. Related is like last-minute 749 00:43:49,800 --> 00:43:51,900 stuff. I just remember, you know, 750 00:43:51,900 --> 00:43:54,800 Christine and myself Christine was my counterpart on the 751 00:43:54,800 --> 00:43:58,100 business side. And I was on the, I Am side and 752 00:43:58,100 --> 00:44:03,600 just getting stuck proofreading and validating like 500, or 600 753 00:44:03,600 --> 00:44:07,100 meters 5, or 5 or 600. I think lines on a spreadsheet 754 00:44:07,100 --> 00:44:10,900 of people who needed these ldap accounts because the contract 755 00:44:10,900 --> 00:44:13,200 said they needed him by January 1st. 756 00:44:13,500 --> 00:44:16,500 I just meant being stuck at home, running through these 757 00:44:16,500 --> 00:44:19,400 spreadsheets and flying through these ldap creations. 758 00:44:19,400 --> 00:44:23,500 I mean that was, you know, this is this is years of video game 759 00:44:23,500 --> 00:44:27,800 practice on mouse and keyboard and And dexterity, right? 760 00:44:27,900 --> 00:44:30,700 It's like alt tab, copy paste, you know, move things around 761 00:44:30,700 --> 00:44:35,000 really quickly but that was painful just because I knew it I 762 00:44:35,000 --> 00:44:37,500 was very it was very early on in my I am career I think I was 763 00:44:37,500 --> 00:44:39,900 probably a maybe it might have been a team lead at that point 764 00:44:39,900 --> 00:44:43,700 or something and I saw it coming down the pipeline and couldn't 765 00:44:43,700 --> 00:44:45,500 stop it. So it was really frustrating 766 00:44:45,500 --> 00:44:48,100 because both Christine and I both saw it coming and couldn't 767 00:44:48,100 --> 00:44:50,600 stop it. So that's one. 768 00:44:50,900 --> 00:44:53,600 The other one is more of a night. 769 00:44:54,800 --> 00:44:58,000 It all sound like a nightmare for Some people, it wasn't for 770 00:44:58,000 --> 00:44:59,600 me and I'll tell you and I'll tell you why. 771 00:44:59,600 --> 00:45:03,300 As I explained is, we were rolling on an IGA product and 772 00:45:03,300 --> 00:45:05,800 one of the first steps that you go through when you're doing 773 00:45:05,800 --> 00:45:09,400 that is you do this thing called identity mapping or count 774 00:45:09,400 --> 00:45:12,400 mapping where you're basically taking all the accounts from one 775 00:45:12,400 --> 00:45:15,900 system and you're trying to correlate them to whatever your 776 00:45:15,900 --> 00:45:18,800 identity sources, right? Say okay, here's Jeff and here's 777 00:45:18,800 --> 00:45:22,200 Jeff's account on this application, coincidentally? 778 00:45:22,200 --> 00:45:25,500 Another ldap system. So we were going through that 779 00:45:25,500 --> 00:45:29,800 process, For a few hundred thousand employees and 780 00:45:29,800 --> 00:45:33,200 consultants. And I remember sitting in a room 781 00:45:33,200 --> 00:45:37,900 with our identity integrator at the time and there was this 782 00:45:37,900 --> 00:45:41,300 system that had like everybody in the company had this account 783 00:45:41,300 --> 00:45:46,300 and and then some so there was a high-volume system and he was 784 00:45:46,400 --> 00:45:50,800 giving me the bad news of how many orphaned accounts that they 785 00:45:50,800 --> 00:45:55,900 found out of this platform which had I want to say probably 250. 786 00:45:56,100 --> 00:45:59,100 Maybe 300,000 accounts. Which, for me at the time was 787 00:45:59,100 --> 00:46:00,800 massive. I mean, I was just the sheer 788 00:46:00,800 --> 00:46:04,900 number of accounts and, you know, he's sitting there and 789 00:46:04,900 --> 00:46:07,600 he's like, like so, here's went through the count mapping 790 00:46:07,600 --> 00:46:09,300 correlation. We tried to find as many things 791 00:46:09,300 --> 00:46:15,200 as we could to try and map this up and we have 90,000 orphaned 792 00:46:15,200 --> 00:46:19,600 accounts that need to be figured out. 793 00:46:19,700 --> 00:46:22,400 Are they legitimate? Do they, you know, should they 794 00:46:22,400 --> 00:46:24,100 be in the system stuff like that. 795 00:46:24,100 --> 00:46:28,400 And I remember sitting there and I was like, Holy crap. 90,000 796 00:46:28,500 --> 00:46:31,800 orphan accounts on just one system that need to be resolved 797 00:46:32,400 --> 00:46:35,300 and wait and Wayne was the first. 798 00:46:35,300 --> 00:46:37,800 I was working with me, he and I chat about the still to this 799 00:46:37,800 --> 00:46:41,200 day. He was shocked when I said, oh, 800 00:46:41,600 --> 00:46:45,700 that's not that bad. Because in my head I was like 801 00:46:45,700 --> 00:46:48,300 there's no way we'll be able to correlate half of these. 802 00:46:48,300 --> 00:46:50,700 So I was like, okay I was prepared for like a number of 803 00:46:50,700 --> 00:46:54,700 like 150 200 thousand accounts, like something like that. 804 00:46:54,900 --> 00:46:59,200 And when he said, 80,000. I was happy that there are 805 00:46:59,207 --> 00:47:01,800 90,000 and he was like, you're crazy. 806 00:47:01,800 --> 00:47:03,900 I like, what do you mean? There's 90,000. 807 00:47:03,900 --> 00:47:06,000 I, of course, is a bad number and we ended up working through 808 00:47:06,000 --> 00:47:08,700 it and kind of resolve some of that, but there were a lot of 809 00:47:08,700 --> 00:47:11,500 Orphan accounts on that system that definitely need to be 810 00:47:11,500 --> 00:47:14,000 cleaned up. There are like real orphans 811 00:47:14,000 --> 00:47:18,300 like, oh, yeah. 90,000 how many we say were true orphans versus 812 00:47:18,300 --> 00:47:22,300 you just couldn't correlate them, because you, whatever 813 00:47:22,300 --> 00:47:24,200 rules you are using weren't good enough. 814 00:47:24,700 --> 00:47:30,200 I think probably between like 50 to 60,000 were definitely like 815 00:47:30,200 --> 00:47:33,700 those are not, those are not valid accounts because this was 816 00:47:33,700 --> 00:47:37,000 a retail environment. And at the time, the retail 817 00:47:37,000 --> 00:47:39,800 environment was allow that you could create your own accounts 818 00:47:40,100 --> 00:47:41,900 and you can use whatever name you wanted. 819 00:47:42,200 --> 00:47:46,700 And because those retail, we had a lot of, you know, people early 820 00:47:46,700 --> 00:47:49,000 on, in their careers, or just didn't care where they would 821 00:47:49,000 --> 00:47:51,100 come up with just weird names for accounts. 822 00:47:51,100 --> 00:47:54,700 Some of them not safe for work, you know? 823 00:47:54,700 --> 00:47:57,700 Some would be copyrighted. For example, maybe famous people 824 00:47:57,700 --> 00:48:01,000 or care of famous, characters of whatever. 825 00:48:01,400 --> 00:48:04,500 So, we kind of started looking over, as like, oh, I'm pretty 826 00:48:04,500 --> 00:48:06,300 sure we're not employing, Mickey Mouse. 827 00:48:06,300 --> 00:48:10,100 You know, for example, right. Or Frodo Baggins right. 828 00:48:10,100 --> 00:48:12,600 Things like that. So, but we had to go through 829 00:48:12,600 --> 00:48:16,600 each of those and sort of figure out, okay, who are the real 830 00:48:16,600 --> 00:48:17,900 ones? Who are the not real ones? 831 00:48:17,900 --> 00:48:20,900 Some were kind of, you know, whatever, what do we do, about 832 00:48:20,900 --> 00:48:25,300 the ones that were clearly, you know, not suitable for work. 833 00:48:25,700 --> 00:48:28,300 And What were the repercussions going to be for the person who 834 00:48:28,300 --> 00:48:30,700 created it? Like stuff like that and I 835 00:48:30,700 --> 00:48:32,800 highlighted a few different lack that controls where. 836 00:48:32,800 --> 00:48:34,900 Yeah, there was just like this open system, you could call it 837 00:48:34,908 --> 00:48:37,000 whatever you want, you could change your name to whatever you 838 00:48:37,000 --> 00:48:40,300 want basically in the system and there was no like, no validation 839 00:48:40,300 --> 00:48:43,600 around it. And store employees did not 840 00:48:43,600 --> 00:48:48,200 necessarily have, you know, HR on mind when they were, when 841 00:48:48,200 --> 00:48:53,200 they were naming some accounts, I think one of the things that 842 00:48:53,200 --> 00:48:57,600 you have to do to truly say you're an, I am M is open up a 843 00:48:57,600 --> 00:49:01,200 file that is like Annex shares like an Excel icon. 844 00:49:01,200 --> 00:49:06,200 So it's CSV or some other you know, data format. 845 00:49:06,500 --> 00:49:10,100 And Excel can open is like too many rows because I think the 846 00:49:10,100 --> 00:49:14,900 Excel limit was like 32 thousand rows or something like that. 847 00:49:14,900 --> 00:49:17,900 Time to go to 64 bits. Exactly. 848 00:49:18,700 --> 00:49:21,500 Yeah, that is definitely. I remember requesting a ram 849 00:49:21,500 --> 00:49:25,300 upgrade at the time because I think I had like a 4, MB MB RAM 850 00:49:25,300 --> 00:49:27,900 and I just couldn't open these files anymore. 851 00:49:28,200 --> 00:49:31,200 It was like, all right, time to go to eight able gigabytes of 852 00:49:31,200 --> 00:49:33,300 memory. Yeah, I'm gonna have so many 853 00:49:33,300 --> 00:49:35,100 spreadsheets. So many SQL queries are going to 854 00:49:35,100 --> 00:49:38,000 get done. All right, let's go ahead and 855 00:49:38,000 --> 00:49:39,800 wrap up this episode. We're going to we were thinking 856 00:49:39,800 --> 00:49:41,400 about how we're going to add on a lighter note. 857 00:49:41,400 --> 00:49:43,200 Do you want to go with your idea or my idea? 858 00:49:44,600 --> 00:49:46,800 We can see both. Okay, you go first. 859 00:49:47,100 --> 00:49:52,100 Okay, so my topic was today's halloween or the day that people 860 00:49:52,100 --> 00:49:54,700 will be listening to. This is Halloween. 861 00:49:55,300 --> 00:50:00,400 What is the best Halloween trick-or-treat, candy item or 862 00:50:00,400 --> 00:50:04,400 non candy to give away your door and think of this Through The 863 00:50:04,400 --> 00:50:08,400 Eyes of like 10 or 12 year old kid. 864 00:50:08,600 --> 00:50:11,000 What is it that you'd want to receive? 865 00:50:12,800 --> 00:50:18,200 Well, I am always happy to receive a Snickers bar that has 866 00:50:18,200 --> 00:50:21,300 been my poison for years. I don't know about 10 or 12 867 00:50:21,300 --> 00:50:22,600 years old. I think I've been just happy 868 00:50:22,600 --> 00:50:27,100 about any any sort of candy, but if you're going to give away 869 00:50:27,100 --> 00:50:29,400 candy, I mean, give away the full bar, right? 870 00:50:29,400 --> 00:50:32,700 Like the full-size instead of those, you know, snack or 871 00:50:32,700 --> 00:50:33,500 Halloween. I get it. 872 00:50:33,500 --> 00:50:34,900 There's Financial things around there. 873 00:50:34,900 --> 00:50:39,200 But if you got like a full candy bar for Halloween, you're like 874 00:50:39,600 --> 00:50:43,200 in the money, right? Yeah, as he To give away the 875 00:50:43,200 --> 00:50:47,700 full candy bar, then avoid the ones that people might not like, 876 00:50:47,700 --> 00:50:51,700 like I love coconut. So if you do like Almond Joy, 877 00:50:51,900 --> 00:50:54,200 Almond Joy. I would be happy with that, but 878 00:50:54,200 --> 00:50:56,300 I wouldn't give that away because you're probably going to 879 00:50:56,300 --> 00:50:59,600 have like 50 percent of the population of people who are in 880 00:50:59,600 --> 00:51:03,500 be like, this thing is gross. So I think the, the way to goes 881 00:51:03,500 --> 00:51:06,000 a full-size Reese's, Peanut Butter Cup. 882 00:51:06,500 --> 00:51:08,600 Yeah, that's a pretty, pretty safe one. 883 00:51:08,700 --> 00:51:11,200 I think like, if you go to Jim's house, like he's given away like 884 00:51:11,200 --> 00:51:12,800 Almond, Joy and like, Don't know. 885 00:51:13,300 --> 00:51:15,100 Black licorice or something like that. 886 00:51:16,700 --> 00:51:21,100 Your choices is full so you know king-size Almond Joy or this 887 00:51:21,100 --> 00:51:24,200 little Snickers bar which would you like to have and then I'll 888 00:51:24,200 --> 00:51:26,500 end the night with a whole box of Almond Joy. 889 00:51:26,500 --> 00:51:27,500 Yeah. And a whole bunch of 890 00:51:27,500 --> 00:51:30,300 disappointed children. Who may egg your house or snag 891 00:51:30,300 --> 00:51:33,300 my house and and put toilet paper on it? 892 00:51:33,800 --> 00:51:37,300 Yeah, exactly. All right here's mine and here's 893 00:51:37,300 --> 00:51:41,500 what I want you to come up with is what is the scariest I am 894 00:51:41,800 --> 00:51:44,400 identity and access. Management costume that you can 895 00:51:44,400 --> 00:51:47,800 come up with. I'd say it would have to be like 896 00:51:47,800 --> 00:51:54,900 the salesman costume, the person who like calls you over and over 897 00:51:54,900 --> 00:52:00,800 again to see if you have some need for their product or 898 00:52:00,800 --> 00:52:05,600 service that you have no need for and for some reason you keep 899 00:52:05,600 --> 00:52:07,700 accidentally answering it. So yeah. 900 00:52:07,700 --> 00:52:11,200 That's pretty scary get up. Yeah yeah. 901 00:52:11,900 --> 00:52:14,000 That's a That's a good. I just imagine like the 902 00:52:14,000 --> 00:52:15,700 nightmare. It's like a whole bunch of like, 903 00:52:15,700 --> 00:52:18,600 LinkedIn messages. That you curly haven't responded 904 00:52:18,600 --> 00:52:21,600 to, like not getting the hint. You know, it's the emails that 905 00:52:21,600 --> 00:52:24,000 you're not responding to its the, I don't know how it 906 00:52:24,000 --> 00:52:26,100 happens. But some people have, like, I do 907 00:52:26,100 --> 00:52:30,500 have legitimately, I am vendors, who call me on the phone on my 908 00:52:30,500 --> 00:52:33,100 personal cell phone and leave me voicemails. 909 00:52:33,600 --> 00:52:36,900 I can guarantee you that. If you do that to me, I'm never 910 00:52:36,900 --> 00:52:40,000 calling you back, right? Exactly. 911 00:52:40,300 --> 00:52:41,700 I don't know how I got that. Number is probably on my 912 00:52:41,707 --> 00:52:43,500 signature somewhere. Just you know, had one number 913 00:52:43,500 --> 00:52:44,600 four years and that's fine, right? 914 00:52:44,600 --> 00:52:47,100 It's easy enough. These days to block it but I 915 00:52:47,100 --> 00:52:50,100 mean who makes a phone call these days right? 916 00:52:50,100 --> 00:52:51,500 It's all email. Yeah. 917 00:52:51,500 --> 00:52:55,600 Well the other thing is like okay we're I am you know 918 00:52:55,600 --> 00:53:00,000 strategy develop at least my LinkedIn profile speech to I'm a 919 00:53:00,008 --> 00:53:04,300 consultant and people will hit me up and say you know desirous 920 00:53:04,300 --> 00:53:10,200 em need like email filtering. Yeah I don't know, did you read 921 00:53:10,200 --> 00:53:15,300 my profile and think that I'm a decision maker for email 922 00:53:15,800 --> 00:53:21,100 filtering for our SM because if you did you're not too smart but 923 00:53:21,100 --> 00:53:24,500 the reality is you probably just saw our SM or I showed up in 924 00:53:24,500 --> 00:53:28,300 some, you know, spreadsheet that you got and leave me alone. 925 00:53:28,800 --> 00:53:33,400 Yeah, my favorite is when I get the Mainframe, the the contract 926 00:53:33,400 --> 00:53:37,600 Mainframe position, six months, we'll get her back, F expert all 927 00:53:37,600 --> 00:53:40,200 because I somewhere have in my background like, you know, 928 00:53:40,200 --> 00:53:42,300 administrated rack F IDs or something like that. 929 00:53:42,500 --> 00:53:46,200 And I'm in a database somewhere. It's like, yes, I would totally 930 00:53:46,200 --> 00:53:49,200 interested in a six-month contract in, like, northern 931 00:53:49,200 --> 00:53:53,800 Idaho in the middle of nowhere to do Mainframe rack F. 932 00:53:54,400 --> 00:53:56,800 Yeah, work or something but I'm not even qualified for like I 933 00:53:56,808 --> 00:53:59,500 would not I would not hire me for rack F work. 934 00:53:59,900 --> 00:54:03,000 If you're on the run from the FBI, be the perfect job for you. 935 00:54:03,100 --> 00:54:05,900 This is true and I Den, it's not that Idaho is not a bad place, 936 00:54:05,900 --> 00:54:08,500 is a beautiful place, really? I don't know if I would 937 00:54:08,500 --> 00:54:10,300 necessarily just want to work there for six months on a 938 00:54:10,308 --> 00:54:13,000 contract. Do Ring worker. 939 00:54:13,000 --> 00:54:14,600 I hate for no idea how to do anymore. 940 00:54:14,900 --> 00:54:16,100 Yes. There you go. 941 00:54:16,300 --> 00:54:21,100 So, was that those that top your answer in terms of scariest 942 00:54:21,100 --> 00:54:23,100 costume it dies? Because I was thinking, I was 943 00:54:23,100 --> 00:54:25,500 like, I, you know, I it's funny. I asked the question I didn't 944 00:54:25,500 --> 00:54:27,800 really have like a good answer. I was kind of taking it down, 945 00:54:27,800 --> 00:54:31,100 like the technical wrote like some sort of like interface or 946 00:54:31,100 --> 00:54:35,700 it's like, you know, file not found or, you know, syntax error 947 00:54:35,700 --> 00:54:38,300 or something like that of like trying to figure out like why 948 00:54:38,300 --> 00:54:45,700 things aren't working but I love / hate / of The persistent sales 949 00:54:45,700 --> 00:54:50,200 sales, angle of identity. So the other potential scary 950 00:54:50,200 --> 00:54:54,500 costume would be The Insider threat person so that person 951 00:54:54,500 --> 00:54:59,300 would either look like, you know, it would be like the 952 00:55:00,200 --> 00:55:03,900 person with a trench coat and a hat and like, Shadow over their 953 00:55:03,900 --> 00:55:06,000 face. So you couldn't even see them or 954 00:55:06,000 --> 00:55:09,100 they would be wearing that mask. Which I don't even know what you 955 00:55:09,100 --> 00:55:10,600 call. It was like the black and white 956 00:55:10,600 --> 00:55:13,400 mask in the guy with like the Hi Fox. 957 00:55:14,200 --> 00:55:16,400 There you go. Yep, you know, it would be one 958 00:55:16,400 --> 00:55:19,100 of those two and that person would be basically trying to 959 00:55:19,500 --> 00:55:22,200 hack through your network, even though you work for the same 960 00:55:22,200 --> 00:55:24,500 company. You're like, stop trying to 961 00:55:24,508 --> 00:55:27,700 break our stuff. That's a very Niche scary. 962 00:55:27,700 --> 00:55:30,600 I am Halloween costume. It's like, do that, like a sea 963 00:55:30,600 --> 00:55:32,400 so convention or something like that. 964 00:55:32,800 --> 00:55:34,100 Yeah. If you're walking around your 965 00:55:34,100 --> 00:55:38,000 neighborhood, just like that, like, yeah, they might not, they 966 00:55:38,000 --> 00:55:41,400 might not realize what you're dressed up as a might 967 00:55:41,400 --> 00:55:45,000 misconstrue that So, maybe not a good idea, exactly. 968 00:55:46,100 --> 00:55:47,200 All right. Let's go ahead and wrap it up 969 00:55:47,200 --> 00:55:48,400 for this week. This was a lot of fun. 970 00:55:48,400 --> 00:55:51,300 Talking through Halloween stuff. We did it again, almost a full 971 00:55:51,300 --> 00:55:55,200 hour of Halloween identity talk. You were probably thinking at 972 00:55:55,200 --> 00:55:56,500 home. There's no way they'll come up 973 00:55:56,500 --> 00:55:58,600 with more than 30 or 45 minutes. Well, guess what? 974 00:55:58,600 --> 00:56:01,400 We did it anyway. So we'll go ahead and leave it 975 00:56:01,400 --> 00:56:04,500 for this week. You can find us on the internet 976 00:56:04,600 --> 00:56:06,600 identity at the center.com. That's where all of our shows 977 00:56:06,600 --> 00:56:09,600 are including our fancy new search engines, you can type in 978 00:56:09,600 --> 00:56:12,300 a keyword and find all the episodes. 979 00:56:12,400 --> 00:56:15,100 We talk around a different topics if you're looking for you 980 00:56:15,100 --> 00:56:18,100 know, something on zero trust or MFA or ring. 981 00:56:18,100 --> 00:56:20,800 And I am program, just type a couple words into the into the 982 00:56:20,800 --> 00:56:23,900 search at identify center.com on the listen page and you'll be 983 00:56:23,900 --> 00:56:26,100 able to find episodes of relate back to that. 984 00:56:26,400 --> 00:56:31,100 And then, of course, we're on the newly Twitter, owns or 985 00:56:31,100 --> 00:56:35,100 sorry, Elon Musk owned Twitter at idac podcast. 986 00:56:35,100 --> 00:56:38,700 So interesting to see if what, if anything changes on that 987 00:56:38,700 --> 00:56:42,300 platform but we are still there. And yeah, I think. 988 00:56:42,500 --> 00:56:45,900 That if there is a other identity and access management 989 00:56:45,900 --> 00:56:49,500 costumes that are scurrying that you want to either ping us on 990 00:56:49,500 --> 00:56:52,200 Twitter with or drop us a note on LinkedIn, would be happy to 991 00:56:52,207 --> 00:56:54,900 bring those up in future episodes or just have a good 992 00:56:54,900 --> 00:56:56,700 chuckle you know offline with folks. 993 00:56:56,700 --> 00:56:59,400 So with that we'll go ahead and leave it for this week. 994 00:56:59,600 --> 00:57:02,300 Thanks everyone for listening and we'll talk with you all in 995 00:57:02,300 --> 00:57:06,800 the next one. Thanks for listening to the 996 00:57:06,800 --> 00:57:09,600 identity at the center podcast. If you like what you heard, 997 00:57:09,600 --> 00:57:12,900 don't forget to subscribe and visit us on the web and identity 998 00:57:12,900 --> 00:57:13,800 at the center.com.