1 00:00:16,040 --> 00:00:19,280 Well, if I had anything to say before you take us out, it would 2 00:00:19,280 --> 00:00:22,240 just be thank you to our listeners, people who've been 3 00:00:22,240 --> 00:00:26,960 listening for five years or five episodes. 4 00:00:27,400 --> 00:00:32,520 I mean that we wouldn't do this without our watchers, our 5 00:00:32,520 --> 00:00:36,080 listeners. And we keep trying to make this 6 00:00:36,080 --> 00:00:42,240 thing better for you all because it means so much to us, like 7 00:00:42,480 --> 00:00:46,080 Jeff said, where people come up and actually know who we are and 8 00:00:46,440 --> 00:00:49,600 listen to the podcast or just connect to us on LinkedIn. 9 00:00:50,160 --> 00:00:53,520 It's it's why we do it. It's why we've been able to like 10 00:00:53,880 --> 00:00:56,880 do this for five years. And I think, look, we've 11 00:00:56,880 --> 00:01:00,800 recorded a lot of episodes on like Saturdays and Sunday nights 12 00:01:00,800 --> 00:01:04,480 to get them out on Monday. And you, you have the all the 13 00:01:04,480 --> 00:01:08,320 humans work after that to like, you know, do all the editing. 14 00:01:09,840 --> 00:01:11,800 It's a lot of work, but it's worth it. 15 00:01:12,640 --> 00:01:14,440 I don't think we've ever questioned whether or not it's 16 00:01:14,440 --> 00:01:17,040 worth it. Yeah, yeah, it's a labor of 17 00:01:17,040 --> 00:01:19,640 love. And definitely thank you to 18 00:01:19,640 --> 00:01:22,160 everybody who supported the show, listeners, people who come 19 00:01:22,160 --> 00:01:24,600 up, you know, even sponsors who are now getting involved with 20 00:01:24,600 --> 00:01:26,400 stuff. Yeah, definitely. 21 00:01:27,640 --> 00:01:36,480 Thank you. This is identity at the center 22 00:01:37,040 --> 00:01:40,080 if it has anything to do with IAM. 23 00:01:40,080 --> 00:01:46,680 This is the go to podcast now your hosts Jim McDonald and Jeff 24 00:01:46,680 --> 00:01:54,440 Stedman. Welcome to the Identity at the 25 00:01:54,440 --> 00:01:56,440 Center podcast. I'm Jeff, and that's Jim. 26 00:01:56,440 --> 00:01:58,400 Hey, Jim. Hey, Jeff, how are you? 27 00:01:58,600 --> 00:02:01,080 Oh, not so bad yourself. Doing good, man. 28 00:02:01,080 --> 00:02:04,640 It wouldn't be a episode. This is a special episode, but 29 00:02:04,640 --> 00:02:08,160 it wouldn't be an episode if I didn't bring up some thought 30 00:02:08,160 --> 00:02:10,639 that I've been having. That's been like eating away at 31 00:02:10,639 --> 00:02:12,640 my brain. Whatever. 32 00:02:12,640 --> 00:02:17,080 Is left just like that amoeba that I got in the lake last 33 00:02:17,080 --> 00:02:21,960 summer, eating away at my brain? No, it's just going back to this 34 00:02:21,960 --> 00:02:24,640 whole thing of centralized versus decentralized. 35 00:02:25,000 --> 00:02:31,520 And it's kind of been one of the topics that's always been there 36 00:02:31,760 --> 00:02:33,440 in the identity management world. 37 00:02:33,720 --> 00:02:38,000 I remember doing an identity strategy at a big university in 38 00:02:38,040 --> 00:02:44,080 the US and someone said, well, if we go to single sign on and 39 00:02:44,080 --> 00:02:49,680 have all these apps wrapped into one user account per person, 40 00:02:50,160 --> 00:02:52,840 what if they lose that account? Won't the person have access to 41 00:02:52,840 --> 00:02:58,280 all their applications? It's like contrast that with 42 00:02:58,280 --> 00:03:01,040 that person having different accounts for all those 43 00:03:01,040 --> 00:03:04,360 applications and having to try to coordinate their passwords. 44 00:03:04,680 --> 00:03:09,360 I think in the long term, where where I was easy, where I easily 45 00:03:09,360 --> 00:03:15,440 came down was that the the benefit of having just one 46 00:03:15,440 --> 00:03:18,960 account from an end user perspective and to just have to 47 00:03:18,960 --> 00:03:23,680 manage one password, one MFA and B having one place to set the 48 00:03:23,680 --> 00:03:29,480 policies outweighs the risk of potentially losing that account 49 00:03:29,480 --> 00:03:33,200 and that one account giving access to all the applications. 50 00:03:34,760 --> 00:03:37,960 But there are also other scenarios where like for 51 00:03:37,960 --> 00:03:42,160 example, I was working with the client today and they have all 52 00:03:42,160 --> 00:03:46,560 of their network configurations for all of their locations 53 00:03:46,560 --> 00:03:53,440 around the world in like an online application where you can 54 00:03:53,440 --> 00:03:56,000 go and kind of monitor all the equipment and change 55 00:03:56,000 --> 00:03:59,480 configurations. And if one account were to get 56 00:03:59,480 --> 00:04:05,280 compromised, game over, game over, you can like just change 57 00:04:05,280 --> 00:04:07,040 all the configurations you wanted. 58 00:04:07,440 --> 00:04:12,760 And so I mean, constantly have to kind of go back and forth on, 59 00:04:13,000 --> 00:04:15,680 OK, well, is that the right way to go? 60 00:04:15,680 --> 00:04:18,440 Is that just putting too much risk, too many eggs in one 61 00:04:18,440 --> 00:04:21,560 basket? And I guess that I guess I'm 62 00:04:21,560 --> 00:04:24,920 coming down on this whole thing is, is not like the final 63 00:04:24,920 --> 00:04:27,520 answer, right? I'm not giving, you know, this 64 00:04:27,520 --> 00:04:30,680 is what everyone should do, But I think you have to keep 65 00:04:30,680 --> 00:04:34,480 reevaluating and questioning things that you may just accept. 66 00:04:34,480 --> 00:04:37,440 It's kind of like, well, everybody just accepts that one 67 00:04:37,440 --> 00:04:42,040 username and password per user is better than 400. 68 00:04:43,960 --> 00:04:47,520 OK, but is that, is it a problem to question yourself and make 69 00:04:47,520 --> 00:04:50,600 sure that you can truly articulate why it's better? 70 00:04:50,920 --> 00:04:54,080 I think that's key because that same question might come from 71 00:04:54,080 --> 00:04:58,480 somebody who's an executive in your organization who says, OK, 72 00:04:58,480 --> 00:05:01,520 well, what if that account gets hijacked? 73 00:05:01,560 --> 00:05:04,720 Then what happens? Better be able ready to be at 74 00:05:05,080 --> 00:05:08,120 the ready to answer that question and answer why it's 75 00:05:08,120 --> 00:05:11,200 better to do it that way than the alternative way. 76 00:05:12,200 --> 00:05:15,400 Thoughts. Consulting answer depends. 77 00:05:17,080 --> 00:05:19,640 I mean yes, generally speaking right? 78 00:05:19,640 --> 00:05:22,960 One account is easier to manage, but I think it should be a risk 79 00:05:22,960 --> 00:05:24,880 based approach. I don't think you do one account 80 00:05:24,880 --> 00:05:27,480 if it's only a password. I think we've all learned 81 00:05:27,480 --> 00:05:30,120 hopefully by now that password alone is not good enough. 82 00:05:30,120 --> 00:05:34,080 There should be appropriate risk based controls on that single 83 00:05:34,080 --> 00:05:38,400 sign on account, MFA, conditional rules, adaptive, you 84 00:05:38,400 --> 00:05:43,000 know, all kinds of stuff that can be done to really secure 85 00:05:43,000 --> 00:05:44,680 that one account. If that's the strategy you're 86 00:05:44,840 --> 00:05:46,520 going to follow. And a lot of companies do and 87 00:05:46,520 --> 00:05:49,040 they do a great job with it. So you know, they they're 88 00:05:49,040 --> 00:05:53,000 managing based on the risk. Do they put all of their network 89 00:05:53,000 --> 00:05:54,240 infrastructure on the same account? 90 00:05:54,360 --> 00:05:56,080 Probably not. They probably separate it out 91 00:05:56,080 --> 00:05:59,240 into a different system, maybe different accounts, you know, 92 00:05:59,240 --> 00:06:03,560 different Mfas, even different different MFA methods. 93 00:06:03,560 --> 00:06:09,280 So I think there's options out there and you have to weigh the 94 00:06:09,280 --> 00:06:12,960 risk versus the reward, the usability versus, you know, the 95 00:06:12,960 --> 00:06:15,480 potential for red tape that might get involved and people 96 00:06:15,480 --> 00:06:17,960 finding ways around it. So yeah, I'll stick with 97 00:06:17,960 --> 00:06:20,640 depends. That's my that's my answer. 98 00:06:21,000 --> 00:06:24,960 So yeah, depends a good answer because you know, I, I do think 99 00:06:24,960 --> 00:06:29,920 that the single sign on that large, that was probably solved 100 00:06:29,920 --> 00:06:32,400 a long time ago. I kind of went through like how 101 00:06:32,400 --> 00:06:35,720 I, my mind evolved to answer that question. 102 00:06:36,000 --> 00:06:38,760 But then take a scenario like a password vault. 103 00:06:39,320 --> 00:06:42,920 What if you are, should you integrate your password vault to 104 00:06:42,920 --> 00:06:45,520 your IDP? Now what if the account gets 105 00:06:45,520 --> 00:06:49,360 compromised or somebody gets into the IDP and does like a 106 00:06:49,360 --> 00:06:52,960 lateral movement and then is able to log into your password 107 00:06:52,960 --> 00:06:55,880 vault now has hundreds of service account passwords. 108 00:06:56,600 --> 00:07:01,360 That's a real sticky situation. So I think that there's there's 109 00:07:01,360 --> 00:07:03,560 one of those places where you really need to ask yourself that 110 00:07:03,560 --> 00:07:05,400 question. Well, if you've architected your 111 00:07:05,400 --> 00:07:08,080 vault in a way where everything is literally in one spot and 112 00:07:08,080 --> 00:07:10,440 requires only one set of credentials and maybe one 113 00:07:10,440 --> 00:07:12,880 permission group to get to it, yeah, maybe. 114 00:07:12,880 --> 00:07:14,440 That's probably not the best way to architect it. 115 00:07:14,440 --> 00:07:18,880 There are ways to, you know, create blast doors in between 116 00:07:18,880 --> 00:07:20,440 things. So if you think about it like a 117 00:07:20,440 --> 00:07:24,200 submarine, you know, if one compartment gets breached, the 118 00:07:24,200 --> 00:07:27,400 whole thing doesn't go down. Hopefully they seal the doors 119 00:07:28,080 --> 00:07:30,560 and yes, there's going to be damage and things are, you know, 120 00:07:30,560 --> 00:07:32,080 bad things are going to happen in that one area. 121 00:07:32,080 --> 00:07:37,040 But the whole idea is to contain that, you know, that that issue. 122 00:07:37,440 --> 00:07:40,880 And so I think if you have enough doors to close on your IM 123 00:07:40,880 --> 00:07:43,600 submarine, you know, I think you've got a better shot. 124 00:07:43,600 --> 00:07:45,240 I think that's what most organizations try to do, right, 125 00:07:45,240 --> 00:07:49,120 is you want to limit sort of the, the breach impact, the 126 00:07:49,120 --> 00:07:51,400 scope of what could happen and, and things like that. 127 00:07:51,400 --> 00:07:54,200 I mean, that's why a lot of organizations will separate like 128 00:07:54,200 --> 00:07:57,600 PCI networks from their regular networks or their operational 129 00:07:57,600 --> 00:08:00,960 technology stuff away from other stuff, because they want to have 130 00:08:00,960 --> 00:08:05,240 a very, you know, very clear line as to who can get access to 131 00:08:05,240 --> 00:08:07,560 what and what it takes to get access to those things. 132 00:08:08,360 --> 00:08:10,920 That's that's putting a blast door in between things. 133 00:08:11,920 --> 00:08:14,600 Yeah, that's, that's a really good analogy. 134 00:08:14,600 --> 00:08:20,960 The I am submarine, You better go, you better go, you know, put 135 00:08:20,960 --> 00:08:23,280 the the copyright on that one and. 136 00:08:24,000 --> 00:08:26,000 That'll be our next podcast, the I Am Submarine. 137 00:08:27,120 --> 00:08:29,440 I don't know if there's any like positive though puns on that 138 00:08:29,440 --> 00:08:30,720 one. I feel like submarines just go 139 00:08:30,720 --> 00:08:33,919 down. We want to be uplifting here. 140 00:08:33,919 --> 00:08:35,880 I mean, it's our five year anniversary, man. 141 00:08:35,919 --> 00:08:37,799 We've been doing this show for five years. 142 00:08:38,600 --> 00:08:41,840 And this is, let's see, what's this, episode 292? 143 00:08:42,159 --> 00:08:47,960 I mean, that's absolutely nuts. Yeah, it's, you know, when we 144 00:08:47,960 --> 00:08:50,960 first set out on it, I never could have imagined five years 145 00:08:50,960 --> 00:08:53,000 later we'd still be doing it. But here we are. 146 00:08:53,840 --> 00:08:57,040 And it's pretty much every Monday we drop an episode we 147 00:08:57,480 --> 00:09:00,720 have taken off like Christmas and New Year's because who's 148 00:09:00,720 --> 00:09:04,640 going to listen them anyway? But then there have been weeks 149 00:09:04,640 --> 00:09:09,840 where we dump five to seven episodes in a week to two weeks. 150 00:09:09,840 --> 00:09:13,080 So I think we've more than made-up for it. 151 00:09:13,080 --> 00:09:16,280 In fact, we have another Pat Yourself on the Back episode 152 00:09:16,280 --> 00:09:20,000 coming up where it'll be episode 300 here in the near future. 153 00:09:20,200 --> 00:09:22,160 Yeah, other milestone. It would be cool if they kind of 154 00:09:22,160 --> 00:09:25,080 tied together, but no, let's spread out the good vibes across 155 00:09:25,080 --> 00:09:28,720 a couple episodes here. But yeah, I mean, it's crazy how 156 00:09:28,720 --> 00:09:31,040 much this thing has grown and, you know, the community has has, 157 00:09:31,880 --> 00:09:34,480 you know, caught on to it. And we thank everybody who 158 00:09:34,480 --> 00:09:37,080 listens and subscribes and shares and stuff like that. 159 00:09:37,720 --> 00:09:40,360 I get, I tell you, I get such a thrill when I, you know, talk to 160 00:09:40,360 --> 00:09:42,400 people and it's like, oh, I've heard your podcast and you know, 161 00:09:42,840 --> 00:09:45,600 it's like, oh, OK, that's cool, 'cause I feel like podcast is 162 00:09:45,600 --> 00:09:47,720 sometimes a little like a dirty word, like everybody has them. 163 00:09:48,800 --> 00:09:50,360 But we've, we've been consistent. 164 00:09:50,360 --> 00:09:53,440 We've tried to put out content that is timely, at least the 165 00:09:53,440 --> 00:09:54,800 time, right? It's a time capsule. 166 00:09:54,800 --> 00:09:58,560 This is what we know right now. But try to be helpful and kind 167 00:09:58,560 --> 00:10:01,120 of get out there and show some of the personality I think that 168 00:10:01,120 --> 00:10:04,160 I am has, you know, not everybody is a, is a robot. 169 00:10:04,160 --> 00:10:06,560 And we like to have fun with it. I, I especially like to have fun 170 00:10:06,560 --> 00:10:08,480 with it. So any time that I can, you 171 00:10:08,480 --> 00:10:10,920 know, sneak in a movie reference or make a joke, you know, I'm 172 00:10:10,920 --> 00:10:12,800 all about that. Yeah, right. 173 00:10:12,800 --> 00:10:14,840 I think we call it edutainment, right? 174 00:10:14,840 --> 00:10:17,480 It's a mixture of education and entertainment. 175 00:10:17,480 --> 00:10:20,720 Usually the guests provide the education and you and I provide 176 00:10:20,720 --> 00:10:23,360 the entertainment. Try to It's subjective. 177 00:10:23,360 --> 00:10:25,040 Obviously not. We don't entertain everybody and 178 00:10:25,040 --> 00:10:27,200 that's fine. Not everyone gets my sense of 179 00:10:27,200 --> 00:10:30,080 humor, and I'm OK with that. Yeah, absolutely. 180 00:10:31,560 --> 00:10:32,880 Yeah. So I was wondering, I was 181 00:10:32,880 --> 00:10:37,720 actually going to ask you high points and low points are some 182 00:10:38,600 --> 00:10:41,800 high highlight memories or low light memories from the podcast? 183 00:10:41,800 --> 00:10:44,640 What do you have? Let's see highlights. 184 00:10:44,680 --> 00:10:49,560 I think I, I don't know if I can point to any specific like 185 00:10:49,560 --> 00:10:51,960 thing. It's, it's just general idea of 186 00:10:51,960 --> 00:10:54,520 all the people that we've been able to meet along the way. 187 00:10:55,800 --> 00:10:58,160 You know, really the who's who of the identity industry has 188 00:10:58,200 --> 00:11:00,720 been on this show and we've had the opportunity to talk with 189 00:11:00,720 --> 00:11:05,120 them for 30 to 60 minutes and maybe a little bit more and 190 00:11:05,120 --> 00:11:07,200 really pick the brain of the smartest people in the industry. 191 00:11:07,640 --> 00:11:09,320 And I hope that that continues, right. 192 00:11:09,320 --> 00:11:13,240 And I hope we talk to new people and, you know, people that that 193 00:11:13,960 --> 00:11:15,680 are coming up in this space as well. 194 00:11:15,840 --> 00:11:19,760 And I really do enjoy that. I, I especially like when I talk 195 00:11:19,760 --> 00:11:23,080 with people who are doing it in the real world, you know, real 196 00:11:23,080 --> 00:11:25,640 identity practitioners. Tell me about your IM program. 197 00:11:25,640 --> 00:11:26,920 How's it working? What's not working? 198 00:11:26,920 --> 00:11:30,360 Share your story with us and with the rest of our audience so 199 00:11:30,360 --> 00:11:33,560 that we can learn from that. I think there's a real benefit 200 00:11:33,680 --> 00:11:37,320 to learning what works and sometimes, just as importantly, 201 00:11:37,320 --> 00:11:39,960 what doesn't work so we don't repeat the same mistakes. 202 00:11:40,920 --> 00:11:43,680 I think we're very fortunate that identity is not really 203 00:11:43,680 --> 00:11:46,560 secret sauce. You know, security, most 204 00:11:46,560 --> 00:11:49,880 organizations are not competitive when it comes to 205 00:11:50,200 --> 00:11:52,600 this type of security. Everybody's doing it. 206 00:11:52,600 --> 00:11:54,040 We're kind of all in this together. 207 00:11:54,760 --> 00:11:56,880 It's not a trade secret or anything like that. 208 00:11:56,880 --> 00:11:58,760 And obviously, if you're a product company in the space, 209 00:11:58,760 --> 00:12:02,320 sure, there are methods and ways that things get done that, you 210 00:12:02,320 --> 00:12:04,840 know, probably are a little more sensitive in in that area. 211 00:12:04,840 --> 00:12:07,240 But for the most part, people who are doing identity, we're 212 00:12:07,240 --> 00:12:09,800 all in it together. And I think for me, that's been 213 00:12:09,800 --> 00:12:11,240 a real highlight. It's just meeting people. 214 00:12:11,240 --> 00:12:13,560 And then, you know, just the fans, the people who listen and 215 00:12:13,560 --> 00:12:17,200 I, I, it's such a weird word for me to say fans of the show, but 216 00:12:17,200 --> 00:12:20,440 people who follow and listen and walk up and, you know, say hello 217 00:12:20,440 --> 00:12:23,200 and introduce themselves. I think it's awesome and you 218 00:12:23,200 --> 00:12:24,880 know, if I feel like every time I go to a conference, there's 219 00:12:24,880 --> 00:12:27,440 just more and more people coming up, which is which is always 220 00:12:27,840 --> 00:12:30,080 very, you know, very well appreciated by me. 221 00:12:30,080 --> 00:12:31,440 What about you? What are some of your 222 00:12:31,440 --> 00:12:33,640 highlights? Yeah, I'm actually glad to have 223 00:12:33,640 --> 00:12:35,600 a highlight that's different than what you just said, even 224 00:12:35,600 --> 00:12:37,440 though I totally agree with. Everything so you don't care 225 00:12:37,440 --> 00:12:38,760 about the listeners is what I'm hearing. 226 00:12:38,840 --> 00:12:41,360 Oh, no, no, no, I totally agree with everything you just said. 227 00:12:41,400 --> 00:12:45,000 The listeners, the guests that we've had, the the people are 228 00:12:45,000 --> 00:12:49,280 the highlight for sure. But some of the greatest 229 00:12:49,280 --> 00:12:53,000 memories for me have been being on stage with you and being at 230 00:12:53,000 --> 00:12:57,400 conferences with you and doing this podcast that we love doing 231 00:12:59,560 --> 00:13:03,640 the industry events that we used to just go and attend because 232 00:13:03,640 --> 00:13:06,800 they're fantastic learning opportunities. 233 00:13:06,800 --> 00:13:09,400 And now we're going and we're part of the event. 234 00:13:09,680 --> 00:13:14,200 I think, you know, authenticate last year where we're on stage 235 00:13:14,200 --> 00:13:17,080 and we did the, you know, we're part of the keynote. 236 00:13:17,080 --> 00:13:19,320 Like I'll just never forget that. 237 00:13:19,600 --> 00:13:24,400 And also being on the Gartner stage with Henrique and Becky, 238 00:13:24,560 --> 00:13:27,680 I'll never forget that. I mean, those were highlights 239 00:13:27,680 --> 00:13:31,120 for me. And you being so sick and it's 240 00:13:31,160 --> 00:13:33,560 and you're very white shoes. You know we can't forget the 241 00:13:33,560 --> 00:13:37,560 white shoes at Gartner. Absolutely ran I I took it as an 242 00:13:37,560 --> 00:13:40,400 opportunity to go out and buy some some new dress clothes and 243 00:13:40,400 --> 00:13:44,640 be a little extra fancy as far as low light. 244 00:13:44,840 --> 00:13:47,960 I I really had to dig for one, but the one that always jumps 245 00:13:47,960 --> 00:13:50,360 out at me is not always our guest. 246 00:13:50,360 --> 00:13:53,560 Sometimes it's me on the rare occasions you and you're at a 247 00:13:53,560 --> 00:13:56,720 hotel, it's the bad network connections. 248 00:13:57,240 --> 00:14:01,960 Man. I think that you do such a good 249 00:14:01,960 --> 00:14:04,800 job with the editing of this podcast that people don't even 250 00:14:04,800 --> 00:14:07,480 realize most of the time. But we've done some video 251 00:14:07,480 --> 00:14:11,160 podcasts where we had to just turn them into audio only 252 00:14:11,160 --> 00:14:14,800 because the then bandwidth was so poor. 253 00:14:15,120 --> 00:14:19,000 Now the recording platform that we're on is nothing like the way 254 00:14:19,000 --> 00:14:22,200 we did things five years ago, where it was like, basically 255 00:14:22,200 --> 00:14:24,040 we're just recording a Teams meeting. 256 00:14:24,440 --> 00:14:27,880 So for anybody who's thinking about doing a podcast, it's not 257 00:14:27,880 --> 00:14:30,400 a good place to start. Oh no I disagree, I think it is 258 00:14:30,400 --> 00:14:32,200 a good place to start. It's a low barrier entry. 259 00:14:32,360 --> 00:14:35,880 You probably have a license through your work or it's cheap. 260 00:14:36,640 --> 00:14:38,040 Look, it was fine for what we started. 261 00:14:38,040 --> 00:14:40,160 We graduated and decided, hey, you know what? 262 00:14:40,160 --> 00:14:43,160 Really, you know, I think it's well documented that I am 263 00:14:43,160 --> 00:14:49,680 extremely focused, let's call it particular, yes, on the quality 264 00:14:49,800 --> 00:14:52,360 of the show, right? Both especially audio since that 265 00:14:52,360 --> 00:14:54,640 we're doing and now that we're getting into video on YouTube, 266 00:14:55,160 --> 00:14:58,320 you know, having that sort of production to it, not 267 00:14:58,320 --> 00:15:02,520 necessarily overly produced, but just good quality audio and 268 00:15:02,520 --> 00:15:04,000 video. So it's not distracted with the 269 00:15:04,000 --> 00:15:07,440 conversation we started on Zoom. A lot of people do still do 270 00:15:07,440 --> 00:15:10,200 things on Zoom and there are things that Zoom can do that it 271 00:15:10,200 --> 00:15:12,400 couldn't do even four or five years ago. 272 00:15:12,800 --> 00:15:17,120 So like original audio sound is like a higher fidelity now is as 273 00:15:17,120 --> 00:15:19,000 good as a paid platform like this, which is a little more 274 00:15:19,000 --> 00:15:21,320 expensive. No, but I think it's a good way 275 00:15:21,320 --> 00:15:23,120 to start. If you're interested, give it a 276 00:15:23,120 --> 00:15:24,200 shot. I mean, that's how we did it. 277 00:15:24,680 --> 00:15:27,920 I mean, it's, you know, if you listen to episode one and you 278 00:15:27,920 --> 00:15:29,920 listen to this episode, yes, there's clearly a difference. 279 00:15:30,520 --> 00:15:33,920 As long as the as long as the recording doesn't distract from 280 00:15:33,920 --> 00:15:35,880 what you're trying to say, have fun. 281 00:15:36,120 --> 00:15:39,800 Go at it, give it a shot. What do you have for low lights? 282 00:15:40,920 --> 00:15:43,720 It's I mean, it's definitely the the technical issues that come 283 00:15:43,720 --> 00:15:47,320 up, especially when like we have things kind of set up and we're 284 00:15:47,320 --> 00:15:50,440 ready to rock and you've planned and planned and planned. 285 00:15:50,440 --> 00:15:52,520 It's like, all right, You've thought of every possible 286 00:15:52,520 --> 00:15:55,320 scenario, the little finger school of thought, fight every 287 00:15:55,320 --> 00:15:57,480 battle everywhere, never be surprised. 288 00:15:57,920 --> 00:15:59,400 And then just something comes out of the blue. 289 00:15:59,400 --> 00:16:02,120 Like I remember one time I was like, all right, we got 290 00:16:02,120 --> 00:16:04,840 everything set up and then my power went out in the middle of 291 00:16:04,840 --> 00:16:06,640 a, of a, of a recording. Is that OK? 292 00:16:06,640 --> 00:16:09,000 Well, I guess guess what I'm going, I bought on Amazon the 293 00:16:09,000 --> 00:16:12,800 next day was a UPS power supply, which I still have here sitting 294 00:16:12,800 --> 00:16:15,440 off to my side that powers everything that I'm recording 295 00:16:15,440 --> 00:16:18,880 through to prevent that. You know, I mean, stuff like 296 00:16:18,880 --> 00:16:22,400 that where it's just kind of like, you know, why did that 297 00:16:22,400 --> 00:16:24,560 happen? And that's real life, I think is 298 00:16:24,560 --> 00:16:25,760 you try to plan it for as best as you can. 299 00:16:25,760 --> 00:16:28,480 And then if something goes wrong, you analyze and say, OK, 300 00:16:28,480 --> 00:16:30,960 well let's what can we do to solve for that in the future? 301 00:16:32,040 --> 00:16:34,800 Yeah. And I think, you know we started 302 00:16:34,800 --> 00:16:39,360 the sponsor spotlight this year. I was in year five, we started 303 00:16:39,360 --> 00:16:41,440 that, but I think after a lot. Of demand A. 304 00:16:42,280 --> 00:16:45,640 Lot of demand, but there's also a lot of expense in getting to 305 00:16:45,640 --> 00:16:49,720 this point like you bought that UPS that's one of many, many 306 00:16:49,720 --> 00:16:51,880 expenses and on top of all the I didn't even. 307 00:16:51,880 --> 00:16:53,400 Include that my totals so maybe I. 308 00:16:53,440 --> 00:16:54,680 Should you didn't even include that? 309 00:16:54,680 --> 00:16:57,080 All right. So yeah, your, your, your total 310 00:16:57,080 --> 00:17:01,400 was definitely 5 figures, right and then some. 311 00:17:02,400 --> 00:17:07,680 So, yeah, but I guess the big question is, do you think we'll 312 00:17:07,680 --> 00:17:11,160 be doing this five years from now and they have a 10 year 313 00:17:12,160 --> 00:17:13,440 episode. I hope so. 314 00:17:13,440 --> 00:17:15,920 I mean, I like doing it. I think, you know, you and I 315 00:17:15,920 --> 00:17:19,280 will keep doing it as long as we're having fun doing it, you 316 00:17:19,280 --> 00:17:20,960 know, will people stay engaged? I hope so. 317 00:17:20,960 --> 00:17:24,119 I think as long as we continue to evolve and stay current with 318 00:17:24,119 --> 00:17:29,160 the times, hopefully people do. And yeah, at some point we might 319 00:17:29,160 --> 00:17:32,440 get too tired, too old or, you know, whatever it might be to 320 00:17:32,600 --> 00:17:35,360 kind of do it more consistently. But I'm going to ride the wave 321 00:17:35,360 --> 00:17:40,480 as long as I possibly can. And I and I and I, we'll just 322 00:17:40,480 --> 00:17:42,360 look to the future and we'll go as far as we can. 323 00:17:43,000 --> 00:17:45,600 I'm enjoying it. I'd like to be here five years 324 00:17:45,600 --> 00:17:49,360 down the road, 10 years down the road for the 15 year episode, 325 00:17:50,200 --> 00:17:54,120 but let's go for 10 first. Actually, let's just go for five 326 00:17:54,120 --> 00:17:56,760 years plus one. Let's go one episode at a time. 327 00:17:57,000 --> 00:17:58,920 Exactly. You know, it's just like the old 328 00:17:58,920 --> 00:18:00,760 sports attitude, right? We're, we're all just, we're all 329 00:18:00,760 --> 00:18:03,160 day-to-day. Keep it, keep it going. 330 00:18:03,920 --> 00:18:06,760 Yeah, exactly. You and I were talking kind of 331 00:18:06,760 --> 00:18:08,680 like, well, what are we going to do for five years? 332 00:18:08,760 --> 00:18:12,600 And you actually had the brilliant idea of why don't we 333 00:18:12,640 --> 00:18:16,400 go back and start with episode one and kind of redo it. 334 00:18:17,000 --> 00:18:18,960 This is something that you and I have talked about and it's kind 335 00:18:18,960 --> 00:18:23,400 of like, oh, you know, should we re record it or like remaster it 336 00:18:23,400 --> 00:18:25,360 or somehow or kind of improve the auto quality? 337 00:18:25,360 --> 00:18:27,560 It's like I've kind of pushed it off for now. 338 00:18:27,560 --> 00:18:30,360 It's like, no, it kind of shows the journey of the show, but I 339 00:18:30,360 --> 00:18:35,400 think it's time maybe to refresh how we, how you and I in our 340 00:18:35,400 --> 00:18:38,240 real lives, you know, develop IM strategies. 341 00:18:38,640 --> 00:18:40,280 What's our framework, what's our process? 342 00:18:40,280 --> 00:18:44,080 So today's episode is really focused on you and I, you know, 343 00:18:44,080 --> 00:18:48,280 what we do all the time for our actual, you know, real life jobs 344 00:18:48,800 --> 00:18:51,400 and how do we develop an IM strategy? 345 00:18:51,400 --> 00:18:52,640 That's really what we're going to talk about. 346 00:18:52,640 --> 00:18:56,560 So you can listen to episode one for what we thought back in July 347 00:18:56,560 --> 00:19:00,920 2nd, 2019. So almost, let's see, five years 348 00:19:00,920 --> 00:19:03,360 ago, well, it'll be about 5 years by the time this thing 349 00:19:03,360 --> 00:19:07,360 that by the time this publishes and see what's changed because 350 00:19:07,640 --> 00:19:09,640 just like anything else, right, things will evolve. 351 00:19:09,640 --> 00:19:13,000 You have to think about what has changed in your organization, 352 00:19:13,000 --> 00:19:14,360 what's going to change next year, etcetera. 353 00:19:14,360 --> 00:19:17,680 So why don't we start with that and then we're going to kind of 354 00:19:17,680 --> 00:19:19,080 do this in a four hour. I'm going to ask you a bunch of 355 00:19:19,080 --> 00:19:20,920 questions. You're going to give me your two 356 00:19:20,920 --> 00:19:23,200 cents, I'll pile on my two cents and we'll just kind of keep 357 00:19:23,200 --> 00:19:26,800 things moving. So I guess the first question is 358 00:19:26,960 --> 00:19:30,120 why do we need an IM strategy? Because there's a lot of people 359 00:19:30,120 --> 00:19:31,280 are like, oh, isn't it just a piece of paper? 360 00:19:31,280 --> 00:19:33,600 It just says here's what we're going to do and that's it. 361 00:19:34,040 --> 00:19:37,800 Why do we need this? Well, I think, I think the big 362 00:19:37,800 --> 00:19:40,840 purpose of it's not just strategy, it's the strategy on a 363 00:19:40,840 --> 00:19:43,440 road map. And it's kind of like if you 364 00:19:43,440 --> 00:19:48,080 decided to drive back to Chicago, you you might be able 365 00:19:48,080 --> 00:19:50,760 to do it by memory. If you just jump in your car and 366 00:19:50,760 --> 00:19:56,080 start driving, intuition may get you there, but probably it's not 367 00:19:56,080 --> 00:19:59,400 going to get you there as quick as if you chart a course that 368 00:19:59,400 --> 00:20:03,160 takes you in the most efficient way from where you are today to 369 00:20:03,160 --> 00:20:07,400 where you're going. In fact, I picked Chicago as an 370 00:20:07,400 --> 00:20:10,200 example because you know, you want to go to Chicago, you know 371 00:20:10,200 --> 00:20:13,880 you want to go back to maybe where you lived in Chicago, but 372 00:20:13,880 --> 00:20:16,200 sometimes you don't even know where you're going. 373 00:20:16,200 --> 00:20:17,520 You don't know where you want to go. 374 00:20:17,760 --> 00:20:20,760 Sometimes you pick a place on the map and say that's where we 375 00:20:20,760 --> 00:20:22,720 want to go, and then you map the course. 376 00:20:23,000 --> 00:20:26,400 And so I think having a strategy and a road map is the most 377 00:20:26,400 --> 00:20:29,920 efficient way to get from. Where you are today to where you 378 00:20:29,920 --> 00:20:33,160 want to go. Yeah, I mean, what's your 379 00:20:33,160 --> 00:20:34,440 destination? It's like you said, you know, 380 00:20:34,440 --> 00:20:37,040 when I get in the car, if I'm going somewhere that I don't 381 00:20:37,040 --> 00:20:39,600 know how to get there, what's the first thing we all do? 382 00:20:40,080 --> 00:20:43,440 I'll get their GPS, right? Google Maps, Apple Maps, 383 00:20:43,440 --> 00:20:44,640 whatever it may be. Very. 384 00:20:44,640 --> 00:20:47,120 I don't think any of us really rely on the old. 385 00:20:47,120 --> 00:20:50,160 If you're an old timer like we, you know, AAA and they're 386 00:20:50,160 --> 00:20:52,360 triptychs that they used to have where you'd actually go to like 387 00:20:52,360 --> 00:20:56,040 a AAA store and like get this paper weird, right? 388 00:20:56,040 --> 00:20:59,040 They had like step by step, turn by turn directions on how to get 389 00:20:59,040 --> 00:21:01,520 there. I remember using that in a drive 390 00:21:01,520 --> 00:21:04,720 from, you know, Chicago area to Florida for years. 391 00:21:05,240 --> 00:21:07,200 You know, I would drive down for the summer and stuff like that 392 00:21:07,200 --> 00:21:08,800 and spend there, spend time there. 393 00:21:09,440 --> 00:21:12,280 Now you've got a road map built into your pocket. 394 00:21:12,440 --> 00:21:14,400 You just need to tell the destination where you want to go 395 00:21:14,400 --> 00:21:18,120 and it creates that road map for you based on a whole bunch of 396 00:21:18,400 --> 00:21:21,480 information that it's already been collected by whatever 397 00:21:21,480 --> 00:21:24,440 mapping service you're using. So I think I totally agree with 398 00:21:24,440 --> 00:21:26,800 that. You asked me at one point, do I 399 00:21:26,800 --> 00:21:30,800 think AI will replace us? And I'm going to use the analogy 400 00:21:30,800 --> 00:21:34,320 now, which is if you just said, I want to go back to my old 401 00:21:34,320 --> 00:21:39,880 address in Chicago and type that address into Apple Maps, it 402 00:21:39,880 --> 00:21:42,960 might say, well, if I take you this way, it's going to save you 403 00:21:42,960 --> 00:21:44,320 2 minutes. So we're going to jump off the 404 00:21:44,320 --> 00:21:48,920 highway and drive through this like, crowded area to get you 405 00:21:48,920 --> 00:21:52,800 there to save 2 minutes. Experience tells you even if it 406 00:21:52,800 --> 00:21:56,280 saves me two minutes, it's not worth the headache, right? 407 00:21:56,280 --> 00:22:00,760 So I don't think AI is going to replace this because I do think 408 00:22:01,080 --> 00:22:04,720 AI won't really have the experience of having, you know, 409 00:22:05,200 --> 00:22:08,000 gone through this. That's not to say that people 410 00:22:08,000 --> 00:22:09,760 can't develop their own road map. 411 00:22:09,760 --> 00:22:12,520 I just don't think we'll be replaced by computers overnight. 412 00:22:13,400 --> 00:22:17,360 Not overnight, but I, I, I do think stuff like this will 413 00:22:17,360 --> 00:22:21,120 become easier to replicate, especially if you're looking to 414 00:22:21,120 --> 00:22:22,960 take like a standard space approach. 415 00:22:23,400 --> 00:22:27,000 Oh, we follow NIST to the, you know, to the letter and there 416 00:22:27,000 --> 00:22:29,480 are no deviations from it. Great, fantastic. 417 00:22:30,000 --> 00:22:32,360 I sure hope the rest of your organization is on board with 418 00:22:32,360 --> 00:22:34,640 that. And there are 0 variables that 419 00:22:34,640 --> 00:22:36,320 you have to worry about. Good luck. 420 00:22:36,760 --> 00:22:38,560 So I think the experience part will definitely be there. 421 00:22:38,560 --> 00:22:41,200 But you know, I, I think it's just anything else. 422 00:22:41,200 --> 00:22:45,400 AI is going to iterate and evolve the way we do things, and 423 00:22:46,200 --> 00:22:48,760 people will just need to adapt us, include it as we go through 424 00:22:48,760 --> 00:22:53,480 this process. So next we've got why we do 425 00:22:53,480 --> 00:22:56,040 this. Who is typically involved when 426 00:22:56,040 --> 00:22:58,320 we're setting up an IM strategy and a road map? 427 00:22:59,400 --> 00:23:01,200 Yeah. I mean that's a great question. 428 00:23:01,200 --> 00:23:04,720 I think the most important people to be involved probably 429 00:23:04,720 --> 00:23:08,320 are the people who are doing IM on the day-to-day basis, the 430 00:23:08,320 --> 00:23:12,480 manager as well as the team who are hands on doing the IM 431 00:23:12,480 --> 00:23:15,400 because they know what's working well, what's not working well. 432 00:23:15,880 --> 00:23:19,880 They have ideas for wow. If we could just do this thing, 433 00:23:20,400 --> 00:23:22,120 it would make life so much better. 434 00:23:22,480 --> 00:23:26,920 And the contributions of those ideas is really what is going to 435 00:23:26,920 --> 00:23:29,440 tell you. You know, here's what your 436 00:23:29,440 --> 00:23:31,880 strategy needs to be. But I also think you have to 437 00:23:31,880 --> 00:23:35,680 include other groups, especially groups like human resources, 438 00:23:35,680 --> 00:23:39,040 which are, you know, the folks who should be in charge of who 439 00:23:39,040 --> 00:23:42,880 works here, the identities. Now that's an assumption that 440 00:23:42,880 --> 00:23:45,600 you're talking about, you know, workforce identity. 441 00:23:45,600 --> 00:23:48,120 If you're talking about customer identity, it's a different group 442 00:23:48,120 --> 00:23:51,080 of stakeholders. But I, I guess what's most 443 00:23:51,080 --> 00:23:54,720 important is like people who are either going to impact your IM 444 00:23:54,720 --> 00:23:58,480 strategy or be impacted by your IM strategy, you need to be 445 00:23:58,480 --> 00:24:01,000 involved at the appropriate level, right? 446 00:24:01,000 --> 00:24:04,000 You're not asking somebody to come from human resources or 447 00:24:04,000 --> 00:24:07,240 your chief marketing officer to come and tell you what 448 00:24:07,240 --> 00:24:10,680 technology to employ or how to set up your disaster recovery 449 00:24:10,680 --> 00:24:12,840 plan. You need to involve them 450 00:24:12,840 --> 00:24:17,080 appropriately, but you know they should be involved because 451 00:24:17,160 --> 00:24:22,080 here's my perspective is that if you're not invited to a seat to 452 00:24:22,080 --> 00:24:25,520 the table to contribute to the problem, you won't be bought 453 00:24:25,520 --> 00:24:28,720 into the solution. Yeah, absolutely. 454 00:24:28,720 --> 00:24:31,760 I think this is an opportunity to bring the organization 455 00:24:31,760 --> 00:24:35,440 together and really work together to solve problems. 456 00:24:35,600 --> 00:24:36,960 You know, I think the past is the past. 457 00:24:36,960 --> 00:24:38,920 So I think a lot of things that you and I like to do is we don't 458 00:24:38,920 --> 00:24:41,160 like to do audits. That's not the way we like to 459 00:24:41,160 --> 00:24:43,000 approach it. We like to approach it as a 460 00:24:43,000 --> 00:24:44,600 conversation, Right? Sure. 461 00:24:44,880 --> 00:24:46,760 Mistakes remain the past. How do we get better? 462 00:24:46,760 --> 00:24:48,160 How do we get smarter? That's fine, right? 463 00:24:48,160 --> 00:24:50,040 Those things are in the past. Let's figure it out. 464 00:24:50,520 --> 00:24:52,640 But yeah, having those conversations and sometimes 465 00:24:52,640 --> 00:24:54,680 those conversations are political in nature. 466 00:24:54,840 --> 00:24:57,880 You know, maybe it is a greasy wheel within, you know, within 467 00:24:57,880 --> 00:25:00,280 the organization that you're a squeaky wheel, I should say, you 468 00:25:00,280 --> 00:25:02,720 know, and the conversation might be the grease that kind of helps 469 00:25:02,720 --> 00:25:06,440 smooth things out. I think having enough 470 00:25:06,440 --> 00:25:12,400 representation is, is really the art and the balance because I 471 00:25:12,400 --> 00:25:15,120 see a lot of organizations struggle with too many people 472 00:25:15,280 --> 00:25:19,480 involved and it becomes, well, we want to get down to this 473 00:25:19,480 --> 00:25:22,720 level of detail on all 1300 of our applications. 474 00:25:23,080 --> 00:25:28,240 And that is not realistic, not for a strategic, you know, 475 00:25:28,240 --> 00:25:30,320 initiative. This is strategic, it is not 476 00:25:30,320 --> 00:25:33,040 tactical, which means you're trying to look at the big 477 00:25:33,040 --> 00:25:34,760 picture. You're trying to look at how 478 00:25:35,080 --> 00:25:39,240 dots connect and you're playing, you know, hopefully 4D chess, 479 00:25:39,480 --> 00:25:42,000 while the rest is the organization's doing 3D chess, 480 00:25:42,000 --> 00:25:44,800 right, or things like that. So I think there's that balance 481 00:25:44,800 --> 00:25:48,520 in having enough representation to get a sense of what's going 482 00:25:48,520 --> 00:25:51,160 on and where you're trying to go, what's your destination. 483 00:25:51,360 --> 00:25:53,120 Yeah. And the point that you brought 484 00:25:53,120 --> 00:25:57,360 up that I think was right on which was like the level of 485 00:25:57,360 --> 00:26:00,760 depth of the strategy. So you mentioned the 1500 486 00:26:00,960 --> 00:26:05,960 applications and whether or not all 1500 could be integrated and 487 00:26:05,960 --> 00:26:09,280 how they should be integrated. And that's not a strategy. 488 00:26:09,640 --> 00:26:13,880 It's like a project plan or a detailed integration document. 489 00:26:14,680 --> 00:26:16,680 A strategy has to be at the right level. 490 00:26:16,920 --> 00:26:20,760 So if you're planning a trip from New York to San Francisco, 491 00:26:20,960 --> 00:26:24,040 you don't need to map out every rest stop that you're going to 492 00:26:24,040 --> 00:26:26,560 hit along the way. And we're going to stop at 9:00 493 00:26:26,560 --> 00:26:30,440 AM to go to the bathroom here, and then we'll stop at noon over 494 00:26:30,440 --> 00:26:32,360 here and have lunch. I mean, if you're driving. 495 00:26:32,360 --> 00:26:34,120 Electric you need to find out your stops. 496 00:26:35,560 --> 00:26:36,840 If you're driving, lecture. You do. 497 00:26:36,840 --> 00:26:38,720 You can tell you that for sure. Yeah. 498 00:26:38,880 --> 00:26:43,120 So I mean, the strategy's got to be at the right level and that's 499 00:26:43,120 --> 00:26:45,200 kind of more of an art than the science. 500 00:26:45,560 --> 00:26:50,480 But you're building a strategy, not a detailed project plan. 501 00:26:50,480 --> 00:26:53,480 Detailed project plan is kind of the next step. 502 00:26:53,480 --> 00:26:55,720 And even that I would say you don't want to get into the 503 00:26:55,720 --> 00:27:00,040 detailed project plan for the next two to three years, like 504 00:27:00,440 --> 00:27:04,240 plan out your projects at that detailed level prior to those 505 00:27:04,240 --> 00:27:08,160 projects happening. How long does it typically take 506 00:27:08,400 --> 00:27:10,280 to create a strategy and a road map? 507 00:27:11,520 --> 00:27:13,200 Yeah, I mean, this is a good question as well. 508 00:27:13,200 --> 00:27:18,200 I'd say, you know, based on my experience and you and I do this 509 00:27:18,200 --> 00:27:20,840 together all the time. So it's like anywhere from like 510 00:27:20,840 --> 00:27:24,040 6 to 10 weeks. Obviously, we can do it down to 511 00:27:24,040 --> 00:27:27,320 31 in less time. It can take longer if you throw 512 00:27:27,320 --> 00:27:30,800 in doing some detailed requirements analysis and 513 00:27:30,800 --> 00:27:34,280 documentation as well. So, but that's kind of our sweet 514 00:27:34,280 --> 00:27:35,920 spot. Again, we're kind of starting 515 00:27:35,920 --> 00:27:39,760 with all of our templates in place with a process that has 516 00:27:39,760 --> 00:27:42,960 been tried and true. Like I think the framework of 517 00:27:42,960 --> 00:27:45,320 the process, somebody goes back in this since five years, 518 00:27:45,560 --> 00:27:49,000 they're not going to find like these guys have completely 519 00:27:49,000 --> 00:27:52,160 reinvented how they do strategy and road map. 520 00:27:52,240 --> 00:27:54,840 No, it's still kind of follows that same structure. 521 00:27:55,960 --> 00:28:00,280 And so we have templates that we use and we don't kind of have to 522 00:28:00,320 --> 00:28:04,720 ponder, like when we come out of the assessment phase, we want to 523 00:28:04,720 --> 00:28:07,840 make sure that we're making things memorable. 524 00:28:07,840 --> 00:28:11,640 We're talking about like three major headlines or four major 525 00:28:11,640 --> 00:28:14,640 headlines. Like if that's not there then we 526 00:28:14,640 --> 00:28:20,040 kind of skip the step. Yeah, I mean, I think it's the 527 00:28:20,880 --> 00:28:23,560 timeline. The innovations are really 528 00:28:23,560 --> 00:28:24,480 small. They're micro. 529 00:28:24,480 --> 00:28:26,040 They're like the little stuff that happens behind the scenes. 530 00:28:26,040 --> 00:28:28,160 The framework is the framework as they work through it. 531 00:28:28,640 --> 00:28:31,040 You mentioned the, you mentioned the step of assess and that's 532 00:28:31,040 --> 00:28:34,120 kind of the first step as we go through our journey here as part 533 00:28:34,120 --> 00:28:37,360 of the framework. What is assessing and why do we 534 00:28:37,360 --> 00:28:40,960 do this? Yeah, I think the assessment 535 00:28:40,960 --> 00:28:45,400 kind of leads assessment is the foundation for the strategy in 536 00:28:45,400 --> 00:28:47,400 the road map. So you start with the assessment 537 00:28:47,400 --> 00:28:50,520 to understand where are things at today, what's working well, 538 00:28:50,520 --> 00:28:54,400 what's not working well. And then it's also kind of a, a 539 00:28:54,440 --> 00:28:58,640 gap fit to some extent, to use kind of a industry term, the 540 00:28:58,640 --> 00:29:03,080 idea that you're here, you're trying to get there, what is the 541 00:29:03,080 --> 00:29:06,720 difference between that? And that's what ought to come 542 00:29:06,720 --> 00:29:09,080 out of the assessment. Like how we get to the 543 00:29:09,080 --> 00:29:13,360 assessment. I think that's, you know, first 544 00:29:13,360 --> 00:29:14,760 starts with the questionnaire, right? 545 00:29:14,760 --> 00:29:18,600 We want to try to gather information in a written form 546 00:29:18,600 --> 00:29:20,760 because it's a very efficient way to do it. 547 00:29:21,080 --> 00:29:25,000 And part of this process when we start working with an 548 00:29:25,000 --> 00:29:28,720 organization is education. Now, if you're AI am program 549 00:29:28,720 --> 00:29:31,560 manager and you're kind of taking this on for yourself, you 550 00:29:31,560 --> 00:29:34,280 might not start with a questionnaire or maybe you do 551 00:29:34,280 --> 00:29:37,920 use questionnaires to start to engage some of your stakeholders 552 00:29:38,280 --> 00:29:41,040 and it's just an efficient way to get information. 553 00:29:41,360 --> 00:29:44,640 But typically, we then shift to workshops. 554 00:29:44,840 --> 00:29:47,320 So we get people in, we talk about a specific topic. 555 00:29:47,320 --> 00:29:50,720 It might be authentication. How's the authentication set 556 00:29:51,080 --> 00:29:54,120 system where systems set up today? 557 00:29:54,400 --> 00:29:56,240 Is there multi factor authentication? 558 00:29:56,240 --> 00:29:59,680 Are you doing kind of conditional authentication? 559 00:29:59,680 --> 00:30:02,680 Are you doing Fido authentication, etcetera, 560 00:30:02,680 --> 00:30:06,560 etcetera. And in those workshops, it's 561 00:30:06,840 --> 00:30:10,000 less about telling people the way things should be and 562 00:30:10,000 --> 00:30:13,920 listening to the way things are and also getting people's ideas 563 00:30:13,920 --> 00:30:17,600 for how things could be better. You know, if maybe you do have 564 00:30:17,600 --> 00:30:21,040 multi factor authentication today, but people are finding it 565 00:30:21,040 --> 00:30:24,560 very difficult to use because it's asking them to re 566 00:30:24,560 --> 00:30:27,040 authenticate all the time. It's like different things kind 567 00:30:27,040 --> 00:30:29,600 of leak out in some of those meetings and they can be 568 00:30:29,600 --> 00:30:33,800 impactful for the strategy. I think you know one, most 569 00:30:33,800 --> 00:30:37,280 organizations when they bring in an outside consulting firm or 570 00:30:37,280 --> 00:30:39,760 people like me and you, they want to know how they stack up 571 00:30:39,760 --> 00:30:42,400 against their peers. They want to know overall, like, 572 00:30:42,520 --> 00:30:45,200 you know, within the industry, where do we stand? 573 00:30:45,200 --> 00:30:48,680 Like you guys work with, you've worked with hundreds of 574 00:30:48,680 --> 00:30:51,800 companies doing this. So you got an idea of like where 575 00:30:51,800 --> 00:30:55,520 we sit in that hierarchy, are we doing very good? 576 00:30:55,520 --> 00:30:57,960 Are we doing very poorly? It's really broken down by 577 00:30:57,960 --> 00:31:01,120 capability area. But then I think more 578 00:31:01,120 --> 00:31:06,920 importantly is you're given all the factors that that come up 579 00:31:06,920 --> 00:31:08,440 with, what are their requirements? 580 00:31:08,440 --> 00:31:13,360 So they may have a regulatory compliance need, they might just 581 00:31:13,360 --> 00:31:17,200 have a need from a user experience standpoint, et 582 00:31:17,200 --> 00:31:19,240 cetera. They might have some very 583 00:31:19,240 --> 00:31:22,600 serious security issues, maybe some that have shown up in 584 00:31:22,600 --> 00:31:26,760 audits or resulted in breaches or maybe they're just very 585 00:31:26,760 --> 00:31:31,160 concerned about that happening. And all that should lead to, you 586 00:31:31,160 --> 00:31:33,960 know, here's the capability maturity score. 587 00:31:34,280 --> 00:31:38,960 We use a framework called CMMI as like the model upon which we 588 00:31:38,960 --> 00:31:42,160 base that. Yeah, pretty heavily customized 589 00:31:42,160 --> 00:31:45,120 specific to identity, except you, you and I have been doing 590 00:31:45,120 --> 00:31:47,640 this for together for almost nine years, maybe nine years. 591 00:31:47,640 --> 00:31:52,560 I don't remember long time. And we've it's that that cadence 592 00:31:52,560 --> 00:31:55,160 and that rhythm, right. And I think there's a lot of 593 00:31:55,160 --> 00:31:57,480 ways to collect information. You mentioned questionnaires, 594 00:31:57,480 --> 00:31:59,440 you mentioned, you know, meetings, discussions. 595 00:31:59,440 --> 00:32:04,440 And so it is it's discussions, it's not presenting, it's not 596 00:32:04,520 --> 00:32:07,200 instructing or teaching. It's listening. 597 00:32:07,320 --> 00:32:09,640 It's a discussion. It's a two way conversation. 598 00:32:10,080 --> 00:32:12,480 Tell me about this. Why do you do it that way? 599 00:32:13,120 --> 00:32:15,040 How does that work? What's working, what's not 600 00:32:15,040 --> 00:32:16,120 working right? Things like that. 601 00:32:17,120 --> 00:32:19,400 I think. And that's, and you know, it's, 602 00:32:19,480 --> 00:32:22,120 it's that again, this is not an audit, right? 603 00:32:22,440 --> 00:32:24,920 We, we, we harp on that when we go through this process a lot 604 00:32:24,920 --> 00:32:26,440 with, you know, with our, our clients. 605 00:32:26,440 --> 00:32:28,800 It's like, oh, OK, this is a safe place, right? 606 00:32:28,800 --> 00:32:30,320 Nobody here is to get in trouble, right? 607 00:32:30,320 --> 00:32:32,720 This isn't going to be end up on an audit report finding and then 608 00:32:32,720 --> 00:32:34,680 you're going to have to write a management response and then 609 00:32:34,680 --> 00:32:36,800 it's going to go up a place and I've written those and they suck 610 00:32:36,800 --> 00:32:39,880 and I don't want to do that. So we, we definitely take it 611 00:32:39,880 --> 00:32:44,480 from a conversation standpoint. So now that we've kind of 612 00:32:44,480 --> 00:32:47,720 assessed how things are going, really gotten a sense of like, 613 00:32:47,720 --> 00:32:50,320 OK, kind of get the, the way of the land here. 614 00:32:50,800 --> 00:32:52,880 The next step is we typically start to develop 615 00:32:52,880 --> 00:32:56,880 recommendations. How do we come up with those 616 00:32:56,880 --> 00:32:59,200 recommendations as we're moving through? 617 00:32:59,200 --> 00:33:01,840 Just finding out we've just kind of gone out of the phase of, OK, 618 00:33:02,360 --> 00:33:04,520 starting to get an idea of how things are working here. 619 00:33:05,080 --> 00:33:07,400 Now let's come up with some ideas on what can we do to 620 00:33:07,400 --> 00:33:08,840 improve it. How do we how do we work through 621 00:33:08,840 --> 00:33:12,000 that process? I think the biggest key is at a 622 00:33:12,000 --> 00:33:14,960 high level, the the recommendations need to tie off 623 00:33:14,960 --> 00:33:19,800 to the assessment observations. So you know, you find a bunch of 624 00:33:19,800 --> 00:33:22,760 things that stand out that the organization. 625 00:33:23,480 --> 00:33:26,840 Usually it's not just that, you know, we used the consultants 626 00:33:26,840 --> 00:33:29,440 came in and said, oh, you're not doing a good job in these areas. 627 00:33:29,440 --> 00:33:32,120 Usually they're like, we're not doing a good job in these areas. 628 00:33:32,120 --> 00:33:36,080 So we're going to point you to the areas where we've got some 629 00:33:36,080 --> 00:33:38,640 dysfunction or we have some growing to do. 630 00:33:39,120 --> 00:33:41,560 So those things usually come out loud and clear, but the 631 00:33:41,560 --> 00:33:44,320 recommendations ought to tie off to the observations. 632 00:33:44,600 --> 00:33:46,680 And then there's usually some key themes. 633 00:33:46,960 --> 00:33:49,560 And I think what's important about identifying those key 634 00:33:49,560 --> 00:33:53,040 themes, So let's say one of the key themes is that the 635 00:33:53,680 --> 00:33:58,800 governance and organization, there's a lot of development 636 00:33:58,800 --> 00:34:02,360 that needs to take place. Maybe the the policies need need 637 00:34:02,360 --> 00:34:05,120 to be matured. Maybe the organization is like 638 00:34:05,480 --> 00:34:09,239 way too small for the scope that they're managing. 639 00:34:09,480 --> 00:34:15,080 Maybe there's, you know, some centralized areas that doesn't 640 00:34:15,080 --> 00:34:18,080 fit the entire scope of all the identity that's taking place. 641 00:34:18,080 --> 00:34:21,480 And so there's other teams that are working on different areas, 642 00:34:21,480 --> 00:34:26,040 etcetera, etcetera. So a major theme might be that 643 00:34:26,400 --> 00:34:29,760 there needs to be more formalization and inclusion when 644 00:34:29,760 --> 00:34:32,840 it comes to the IAM program, right? 645 00:34:32,840 --> 00:34:36,280 So however we come up with that, that that's going to be one of 646 00:34:36,280 --> 00:34:39,360 the major themes. So I, I like to be at the level 647 00:34:39,360 --> 00:34:45,400 of like three or four major themes because ultimately those 648 00:34:45,400 --> 00:34:48,639 are going to go into how you communicate your strategy. 649 00:34:48,880 --> 00:34:51,719 These are the major four things or major three things. 650 00:34:51,719 --> 00:34:54,480 I'd like 3 especially. Here's the major three things 651 00:34:54,480 --> 00:34:57,400 that we need to do. There's science behind three. 652 00:34:57,440 --> 00:35:00,000 Like that's the magic number for people to remember. 653 00:35:00,880 --> 00:35:02,320 I agree. I agree. 654 00:35:02,320 --> 00:35:05,280 I mean, that's, you know, I've always felt three was the best 655 00:35:05,280 --> 00:35:08,960 number. And then you start to subjugate 656 00:35:08,960 --> 00:35:10,920 those recommendations under that. 657 00:35:11,320 --> 00:35:15,560 And then the idea, I think the best idea is that you start to 658 00:35:15,560 --> 00:35:18,640 group those recommendations into actual projects. 659 00:35:18,840 --> 00:35:23,280 So this is when you're going to be able to fix those things and 660 00:35:23,280 --> 00:35:26,520 it's in logical grouping. So they could be people process 661 00:35:26,520 --> 00:35:29,400 technology. A lot of times with IM, there's, 662 00:35:29,440 --> 00:35:33,320 you know, a heavy emphasis on, you know, you need to improve 663 00:35:33,320 --> 00:35:36,160 the process and implement the technology and that's going to 664 00:35:36,160 --> 00:35:38,600 happen in this project. And that should solve these 665 00:35:38,600 --> 00:35:40,960 different things. A lot of times the governance 666 00:35:40,960 --> 00:35:44,120 and organization has nothing to do with processor technology. 667 00:35:44,120 --> 00:35:47,720 It's just people. It, it might be a process, but 668 00:35:47,720 --> 00:35:51,800 it's less about technology. It's having the right people in 669 00:35:51,800 --> 00:35:54,280 the right place to people knowing what they're responsible 670 00:35:54,280 --> 00:35:58,040 for and what other people are responsible for, and then having 671 00:35:58,040 --> 00:36:02,640 good process policy, etcetera. You're kind of getting into the 672 00:36:02,640 --> 00:36:04,600 road map section, but I want to ask you a question. 673 00:36:04,600 --> 00:36:07,200 Can you have too many recommendations? 674 00:36:08,840 --> 00:36:10,560 I think so. I think it's, I think it's 675 00:36:10,560 --> 00:36:13,600 possible. I mean, you know, if you start 676 00:36:13,600 --> 00:36:17,400 getting into a recommendation like, you know, you should 677 00:36:17,400 --> 00:36:22,920 change this configuration of this type of user to this, I 678 00:36:22,920 --> 00:36:26,440 mean, you're going to end up with hundreds of recommendations 679 00:36:26,680 --> 00:36:28,760 and then it's going to like freeze people. 680 00:36:29,480 --> 00:36:31,800 It's not that this thing shouldn't be recommendations, 681 00:36:31,800 --> 00:36:33,360 it's just they shouldn't headline. 682 00:36:33,960 --> 00:36:36,640 I think that those things you don't want to lose track of 683 00:36:36,640 --> 00:36:41,080 them, but generally in terms of the strategy, they shouldn't be 684 00:36:41,080 --> 00:36:43,760 headlining. Maybe they should be part of 685 00:36:43,760 --> 00:36:47,080 the, you know, like a summary recommendation. 686 00:36:47,360 --> 00:36:50,680 Hey, some configurations need to be changed and then you start 687 00:36:50,680 --> 00:36:54,960 listing off the configurations and then you might find a 688 00:36:54,960 --> 00:36:57,080 project where it's like, OK, we're going to take on this 689 00:36:57,080 --> 00:36:59,240 configurations or maybe they get split. 690 00:36:59,840 --> 00:37:03,200 You don't want to lose track of that detail if it comes up, but 691 00:37:03,200 --> 00:37:07,440 you don't want to headline with like, hey, our IM strategy is we 692 00:37:07,440 --> 00:37:10,120 got to change all these different configurations and I'm 693 00:37:10,120 --> 00:37:12,640 going to list them off to you. No one's going to care. 694 00:37:13,560 --> 00:37:16,720 Yeah, I think this goes back to the word strategy. 695 00:37:16,800 --> 00:37:19,640 This is not a tactical project. This is something where we're 696 00:37:19,640 --> 00:37:21,040 talking about the broader picture. 697 00:37:21,560 --> 00:37:23,880 If you're getting down into, well, we need to go into the 698 00:37:23,880 --> 00:37:26,640 Azure Control Terminal or Control Panel and go into this 699 00:37:26,640 --> 00:37:30,240 menu and click this and that, I think you've lost the plot. 700 00:37:30,240 --> 00:37:32,320 Let's go. Let's go back and think about it 701 00:37:32,320 --> 00:37:34,280 from a strategy perspective again, it's important. 702 00:37:34,320 --> 00:37:37,920 Yes, you need to do that, but let's state the strategy has to 703 00:37:37,920 --> 00:37:42,160 be digestible because you need to understand it for your 704 00:37:42,160 --> 00:37:44,400 organization because you're going to have to communicate to 705 00:37:44,400 --> 00:37:48,720 others and nobody is going to care, you know, about the 706 00:37:48,720 --> 00:37:51,720 specific menu in whatever platform you're using and the 707 00:37:51,720 --> 00:37:53,200 configuration variable that you change. 708 00:37:53,480 --> 00:37:55,680 Nobody cares. It's about the outcome. 709 00:37:55,800 --> 00:37:58,240 What is it that did? Why is why is that better? 710 00:37:58,640 --> 00:37:59,920 I think it's where auto produces struggle. 711 00:37:59,920 --> 00:38:01,960 Is that that communication aspect of it? 712 00:38:03,080 --> 00:38:06,680 You talked about grouping things together, right? 713 00:38:06,680 --> 00:38:09,400 Different projects. That kind of sounds like a road 714 00:38:09,400 --> 00:38:11,720 map to me, and maybe it's the very beginnings of it. 715 00:38:12,240 --> 00:38:15,160 What goes on a road map? What's the process to create 716 00:38:15,160 --> 00:38:16,520 one? Yeah. 717 00:38:16,520 --> 00:38:19,880 I think if here's the way I always talk about it is like if 718 00:38:19,880 --> 00:38:22,440 you get the assessment right, in other words, you've identified 719 00:38:22,440 --> 00:38:26,000 the areas that need fixed and then the recommendation is 720 00:38:26,160 --> 00:38:30,360 here's how you fix all those things slash. 721 00:38:30,520 --> 00:38:33,520 So your strategy is going to be do all those fixes. 722 00:38:33,800 --> 00:38:37,200 The road map says how you're going to do all those fixes 723 00:38:37,760 --> 00:38:39,720 more. Importantly, not how maybe, but 724 00:38:39,720 --> 00:38:42,960 what order they're being done. In Yeah, that's, that's right. 725 00:38:43,240 --> 00:38:46,800 So, you know, are you going to do a series of projects over 726 00:38:46,800 --> 00:38:49,120 time? And I always say the road map is 727 00:38:49,120 --> 00:38:52,880 not only the Gantt chart, it's also the resource plan. 728 00:38:52,880 --> 00:38:55,920 It's also the budget, but it is also the Gantt chart. 729 00:38:56,600 --> 00:38:59,800 It is also because that's the thing that people kind of 730 00:38:59,800 --> 00:39:02,240 gravitate to. When are you going to fix these 731 00:39:02,240 --> 00:39:04,080 things? When am I going to see this 732 00:39:04,080 --> 00:39:06,440 happen? Well, we're going to do these 733 00:39:06,440 --> 00:39:08,840 projects. We're going to implement an IGA 734 00:39:08,840 --> 00:39:10,120 system. We're going to select the 735 00:39:10,120 --> 00:39:14,200 system, we have the requirements, we're going to 736 00:39:14,480 --> 00:39:17,560 implement the system phase one, and then we're going to do some 737 00:39:17,560 --> 00:39:20,880 additional phases. And all these recommendations 738 00:39:20,880 --> 00:39:23,920 are going to happen in these various projects. 739 00:39:24,200 --> 00:39:28,280 Now the question becomes, OK, how much money do you need and 740 00:39:28,280 --> 00:39:29,880 who are the resources that you need? 741 00:39:30,120 --> 00:39:33,160 How's it going to impact the rest of the organization, things 742 00:39:33,160 --> 00:39:34,880 like that. So now you've got the big 743 00:39:34,880 --> 00:39:38,840 picture of when are these things going to happen, What's it going 744 00:39:38,840 --> 00:39:42,200 to cost? How many resources do you need 745 00:39:43,720 --> 00:39:46,280 not only to implement but also to operate? 746 00:39:46,760 --> 00:39:49,840 And how's it going to impact other people in the 747 00:39:49,840 --> 00:39:52,920 organization? Yeah, there's a lot that goes 748 00:39:52,920 --> 00:39:55,400 into it. I think what questions that I, 749 00:39:55,840 --> 00:39:57,480 you know, typically think about as well. 750 00:39:57,960 --> 00:40:01,120 Can I just download a road map? I mean, it's the it's, it's 751 00:40:01,160 --> 00:40:02,640 identity. It's all the same thing, right? 752 00:40:02,640 --> 00:40:07,240 And I think this is where it really needs to be discussed. 753 00:40:07,400 --> 00:40:09,920 What can you tolerate from an organization standpoint? 754 00:40:10,040 --> 00:40:11,480 How much change can you tolerate? 755 00:40:11,480 --> 00:40:13,080 How many things can you work on at once? 756 00:40:13,600 --> 00:40:15,640 Can you work on more than one, more than one thing and at once, 757 00:40:16,080 --> 00:40:18,440 right, things like that. Because what you don't want to 758 00:40:18,440 --> 00:40:23,120 end up with is. Like this Boyer plate wall, you 759 00:40:23,120 --> 00:40:26,280 know, I downloaded this from just pick any source, right? 760 00:40:26,280 --> 00:40:29,080 The Internet and this is what we're going to follow. 761 00:40:30,520 --> 00:40:35,200 Yeah, I I almost guarantee that for 99.9% of the organizations 762 00:40:35,200 --> 00:40:38,040 out there, they're good ideas. What's missing is the 763 00:40:38,040 --> 00:40:40,360 prioritization. You know what's best for your 764 00:40:40,360 --> 00:40:43,560 organization. You know how your processes work 765 00:40:43,600 --> 00:40:47,120 or don't work, you know how it takes to get how long it takes 766 00:40:47,120 --> 00:40:49,560 to get through a legal review. You know if you're working 767 00:40:49,560 --> 00:40:52,600 through a contract or how long change management processes take 768 00:40:52,600 --> 00:40:54,000 place. Or you know, what is your 769 00:40:54,000 --> 00:40:56,760 organization's preferred style of communication when it comes 770 00:40:56,760 --> 00:41:00,280 to end user training, right? I think that's where you as the 771 00:41:00,320 --> 00:41:03,600 expert within your organization, and maybe it's not you, maybe 772 00:41:03,600 --> 00:41:05,800 it's other people in your organization really need to come 773 00:41:05,800 --> 00:41:07,120 together and say what's realistic. 774 00:41:07,520 --> 00:41:09,920 Because I think there's a difference between a standard 775 00:41:09,920 --> 00:41:13,360 road map that you just download and a no, this is the road map 776 00:41:13,360 --> 00:41:18,720 for XYZ organization because it has our DNA, you know, built 777 00:41:18,720 --> 00:41:20,680 into it. It's how we operate. 778 00:41:20,720 --> 00:41:24,480 It's how we do things. And it's realistic for us as an 779 00:41:24,480 --> 00:41:26,560 organization, which is the most important thing coming out of a 780 00:41:26,560 --> 00:41:29,480 out of a road map in my perspective, is it has to be 781 00:41:29,480 --> 00:41:32,200 realistic. Don't just say, yeah, well, see 782 00:41:32,200 --> 00:41:33,960 this three boxes, right? This one box right here. 783 00:41:33,960 --> 00:41:36,280 Well, that's IGA and that's a three month thing. 784 00:41:36,600 --> 00:41:39,560 OK, Good luck. You know, most IGA, you know, 785 00:41:39,560 --> 00:41:41,240 implementations take way longer than that. 786 00:41:41,720 --> 00:41:45,760 Maybe that's phase one, right? Or maybe standing up part of an 787 00:41:45,760 --> 00:41:47,960 IGA platform. And I'm sure there's other 788 00:41:47,960 --> 00:41:48,880 things like that that are out there. 789 00:41:48,880 --> 00:41:51,480 You really have to think about, OK, what's realistically how 790 00:41:51,480 --> 00:41:55,000 long it's going to take to do this task or set of tasks? 791 00:41:55,360 --> 00:41:57,920 And then try to align that with what do you have from a resource 792 00:41:57,920 --> 00:41:59,200 standpoint? What are your assumptions? 793 00:41:59,840 --> 00:42:01,080 You know, do you have the people do it? 794 00:42:01,080 --> 00:42:03,080 Do you need to go out and get people to help you do it right? 795 00:42:03,080 --> 00:42:05,480 Those sorts of things. Yeah, I think you just did a 796 00:42:05,560 --> 00:42:10,000 really good job of articulating something that I find somewhat 797 00:42:10,000 --> 00:42:14,680 hard to explain, which is why can't you just, you know, why 798 00:42:14,680 --> 00:42:17,360 can't you just copy a road map off the Internet? 799 00:42:17,360 --> 00:42:22,520 And there's just so many reasons why I think you just said it at 800 00:42:22,600 --> 00:42:27,400 a high level because I think we often say, OK, you're not a 801 00:42:27,400 --> 00:42:29,960 snowflake, right? You're not like completely 802 00:42:30,640 --> 00:42:33,920 individual, but every organization is individual 803 00:42:33,920 --> 00:42:38,440 enough and does have its own factors enough that you can't 804 00:42:38,440 --> 00:42:42,040 just kind of take something from another organization, copy it 805 00:42:42,040 --> 00:42:46,160 over. What doesn't belong on a road 806 00:42:46,160 --> 00:42:50,760 map? Well, I think that, you know, 807 00:42:50,760 --> 00:42:54,200 one of the themes of since we've been talking here is like too 808 00:42:54,200 --> 00:42:57,040 much detail. I don't think the road map 809 00:42:57,320 --> 00:42:59,920 should be a detailed project plan. 810 00:43:00,080 --> 00:43:03,080 I think that is what some folks tend to expect. 811 00:43:03,320 --> 00:43:05,520 But this is your strategy. What you're trying to 812 00:43:05,520 --> 00:43:10,320 communicate is big picture. What are we going to address for 813 00:43:10,320 --> 00:43:13,360 the next and the road maps, usually two to three years. 814 00:43:13,640 --> 00:43:15,640 Here's what we're going to address over the next two to 815 00:43:15,640 --> 00:43:18,280 three years. You try to tell the whole story 816 00:43:18,280 --> 00:43:21,200 in the Gantt chart, you're missing, you're going to miss 817 00:43:21,200 --> 00:43:23,960 the big picture. And so that's what I think 818 00:43:24,200 --> 00:43:27,840 should not go on the road map. I also think things that should 819 00:43:27,840 --> 00:43:31,880 not go on the road map are a tremendous amount of detail in 820 00:43:31,880 --> 00:43:34,000 terms of what other teams are doing. 821 00:43:34,000 --> 00:43:37,720 I think it's good to recognize like, hey, new HR system is 822 00:43:37,720 --> 00:43:41,120 being implemented and you know, recognize that on your road map, 823 00:43:41,120 --> 00:43:43,680 especially if that's a dependency. 824 00:43:43,720 --> 00:43:48,160 So new HR systems going in, in June, we're starting our project 825 00:43:48,160 --> 00:43:51,960 in April, our expectations, the HR systems going to come online 826 00:43:52,480 --> 00:43:55,160 that way if you get to that point, it's like, oh, the HR 827 00:43:55,160 --> 00:43:58,520 team just pushed back their implementation to December, 828 00:43:58,800 --> 00:44:00,120 right? That's going to impact your 829 00:44:00,120 --> 00:44:03,680 timeline either going to have to build tech dead to connect back 830 00:44:03,680 --> 00:44:06,520 to the old HR system where you're going to have to push 831 00:44:06,520 --> 00:44:11,160 your project out. So I do think projects that have 832 00:44:11,160 --> 00:44:13,600 a big dependency belong on there. 833 00:44:13,600 --> 00:44:17,080 And it could just be the fact that it's taking everybody's 834 00:44:17,080 --> 00:44:19,160 attention. New ERP system is being 835 00:44:19,160 --> 00:44:21,600 deployed, that's taking everybody's attention. 836 00:44:21,880 --> 00:44:24,520 It's going to be very hard to implement a whole bunch of 837 00:44:24,840 --> 00:44:28,320 identity technology, which is at best going to take second 838 00:44:28,320 --> 00:44:30,720 fiddle. What are your thoughts? 839 00:44:31,400 --> 00:44:33,840 I, I think you hit around the head, what are some tips for 840 00:44:33,840 --> 00:44:35,560 prioritizing things? Because I think you mentioned 841 00:44:35,560 --> 00:44:37,840 one, right? It's like technical dependency 842 00:44:37,840 --> 00:44:41,960 on something else or maybe other organizational initiatives that 843 00:44:41,960 --> 00:44:45,240 might take resources away. What are other ways or other 844 00:44:45,240 --> 00:44:47,680 other things you can think about that might be helpful for people 845 00:44:47,680 --> 00:44:50,240 as they're looking at their road map and saying, OK, well, how do 846 00:44:50,240 --> 00:44:52,080 I prioritize this? Yeah. 847 00:44:52,480 --> 00:44:56,320 I, well, I think one thing that nobody wants to hear that 848 00:44:56,320 --> 00:44:59,640 everybody intuitively knows is that there aren't going to be 849 00:44:59,640 --> 00:45:03,400 foundational elements. So your executive team might be 850 00:45:03,400 --> 00:45:08,960 saying we need RBAC because they heard about RBAC in somewhere 851 00:45:08,960 --> 00:45:10,440 that the. Identity at the Center podcast. 852 00:45:11,000 --> 00:45:13,360 They've been listening to the Identity Center podcast, and 853 00:45:13,360 --> 00:45:16,800 we're sure that RBAC is going to solve all the problems. 854 00:45:17,120 --> 00:45:20,920 But you don't even have an IGA system in place. 855 00:45:22,520 --> 00:45:24,720 You, you know, there's a dependency. 856 00:45:24,720 --> 00:45:27,800 You got to get it in place. You got to start bringing in the 857 00:45:27,800 --> 00:45:30,880 identities in the accounts and entitlements and start making 858 00:45:30,880 --> 00:45:32,680 sense of it. Just turn on our back. 859 00:45:32,680 --> 00:45:34,920 That's just how it works. Just turn on the everybody push 860 00:45:34,920 --> 00:45:35,760 the our back button. It's. 861 00:45:35,760 --> 00:45:37,280 Super easy. It's why everybody does it. 862 00:45:38,800 --> 00:45:42,560 We're trying, yeah. So I mean, so there's 863 00:45:42,560 --> 00:45:49,160 foundational dependencies. I think another priority that I 864 00:45:49,160 --> 00:45:51,960 think I alluded to a little bit earlier, which is like if you 865 00:45:51,960 --> 00:45:56,360 had a a breach or if you've had an audit finding those things 866 00:45:56,360 --> 00:45:59,120 are going to automatically. I mean this is probably obvious, 867 00:45:59,120 --> 00:46:02,120 but those things are going to rise to the top and drive your 868 00:46:02,120 --> 00:46:05,920 priority if. I can tell you first hand if you 869 00:46:05,920 --> 00:46:08,680 get an audit finding and you're in charge of writing the 870 00:46:08,680 --> 00:46:11,520 management response and you've got the support to say, OK, 871 00:46:11,520 --> 00:46:12,960 yeah, we're going to do something about this and involve 872 00:46:12,960 --> 00:46:15,320 some sort of technology. I don't know how many times, you 873 00:46:15,320 --> 00:46:17,280 know, I've written something that's like, OK, we're going to 874 00:46:17,280 --> 00:46:20,720 address this via the implementation of XYZ 875 00:46:20,720 --> 00:46:25,680 methodology and technology by X date, which puts a lot of 876 00:46:25,680 --> 00:46:28,000 pressure on your organization to get. 877 00:46:28,000 --> 00:46:29,720 Something to the next state then, right? 878 00:46:29,880 --> 00:46:30,760 Yeah, exactly. I. 879 00:46:32,320 --> 00:46:35,200 Think there's probably some other obvious ones. 880 00:46:35,200 --> 00:46:39,680 The one that like jumps out of my mind is if you're not using 881 00:46:39,680 --> 00:46:42,240 multi factor authentication or password list. 882 00:46:42,240 --> 00:46:44,320 But let's just say you don't even have multi factor 883 00:46:44,320 --> 00:46:48,320 authentication like that's. Stop listening and go do that 884 00:46:48,320 --> 00:46:49,680 right now. Come back, we'll be here. 885 00:46:50,480 --> 00:46:52,080 Go turn on your MFA like right now. 886 00:46:52,240 --> 00:46:56,280 Don't tell anybody you listen to the podcast until you have it in 887 00:46:56,280 --> 00:46:59,840 place. No, that's, you know, that's 888 00:46:59,840 --> 00:47:01,520 obviously got to move right to the top. 889 00:47:01,520 --> 00:47:05,720 So as you're prioritizing things, I think where you get 890 00:47:05,720 --> 00:47:09,040 the, you know, the low hanging, I don't think we'll call it low 891 00:47:09,040 --> 00:47:12,120 hanging free because sometimes it's very difficult to implement 892 00:47:12,400 --> 00:47:15,240 and the implementation will cause a little bit of heartburn. 893 00:47:15,600 --> 00:47:19,920 These people don't like change and it inconveniences people, 894 00:47:19,920 --> 00:47:22,960 And if they don't kind of understand the value of the 895 00:47:22,960 --> 00:47:26,000 security that it's bringing is just the extra headache. 896 00:47:26,400 --> 00:47:28,040 Oh yeah, that would. You call it important. 897 00:47:28,040 --> 00:47:30,600 Hanging fruit, maybe? Important hanging fruit there 898 00:47:30,600 --> 00:47:36,360 you go but it it's got to be done and then I think you know 899 00:47:36,360 --> 00:47:39,880 your privilege access you've got to be mindful of that you you 900 00:47:39,880 --> 00:47:44,400 need to have kind of the basics for privilege access in place. 901 00:47:44,880 --> 00:47:49,960 You can't, you know, have your most key administrative accounts 902 00:47:49,960 --> 00:47:53,360 get compromised. So go ahead and put. 903 00:47:53,480 --> 00:47:56,880 And we talk about like those best practices and leading 904 00:47:56,880 --> 00:47:59,800 practices, if you will, all the time on this podcast. 905 00:47:59,800 --> 00:48:02,040 So you have to kind of educate yourself on that. 906 00:48:02,920 --> 00:48:07,200 And it's not always, everybody's not always in agreement, but you 907 00:48:07,200 --> 00:48:10,200 don't want to have like you don't want to be overexposed. 908 00:48:10,240 --> 00:48:13,720 So I'd say those are probably things that are going to jump to 909 00:48:13,720 --> 00:48:17,040 the top of the priority list. Yeah, take a risk based approach 910 00:48:17,040 --> 00:48:17,800 to it, right? It's OK. 911 00:48:17,800 --> 00:48:20,760 Where is our biggest risk? What can we solve quickly? 912 00:48:20,760 --> 00:48:24,200 What are precursor steps or dependencies that get to solving 913 00:48:24,200 --> 00:48:26,080 another part of risk or whatever it may be? 914 00:48:26,080 --> 00:48:28,640 But yeah, I totally agree with you. 915 00:48:30,320 --> 00:48:33,800 We usually wrap this up with communication, right? 916 00:48:34,120 --> 00:48:37,120 It doesn't do any good to develop a strategy and a road 917 00:48:37,120 --> 00:48:42,160 map and have it sit somewhere on someone's cloud drive or if 918 00:48:42,160 --> 00:48:44,520 they're old school printed out and on their desk. 919 00:48:45,080 --> 00:48:47,760 You have to communicate this as other people. 920 00:48:47,800 --> 00:48:51,080 And that's typically where we would have a conversation with 921 00:48:51,640 --> 00:48:54,640 whoever needs to hear the message, you know, to say, hey, 922 00:48:55,000 --> 00:48:57,720 here's what our strategy is. Here's the way that we're 923 00:48:57,720 --> 00:48:59,440 approaching some of the issues that we heard. 924 00:49:00,120 --> 00:49:04,080 Here's how we're how we've planned to address these. 925 00:49:04,320 --> 00:49:07,480 Does this make sense? Are we all on the same page? 926 00:49:07,520 --> 00:49:10,160 You do that first, right? And then you take that message 927 00:49:10,160 --> 00:49:11,880 to a broader audience. Maybe it's an executive 928 00:49:11,880 --> 00:49:14,400 audience. What are some of the other 929 00:49:14,400 --> 00:49:21,040 reasons why we communicate the way we do around the strategy, 930 00:49:21,040 --> 00:49:21,960 around the road map? Yeah. 931 00:49:22,920 --> 00:49:26,440 I I mean, I think the biggest thing is on, you know, 932 00:49:26,440 --> 00:49:32,920 finalizing getting buy in. Ideally, even as consultants, we 933 00:49:32,920 --> 00:49:36,840 don't want to just create a deliverable that's like, hey, 934 00:49:36,840 --> 00:49:39,880 here's what we would do if we were you go have fun. 935 00:49:40,320 --> 00:49:44,000 We want our clients to be able to take that strategy and say 936 00:49:44,000 --> 00:49:47,280 this is our strategy. So our expectation when we go 937 00:49:47,280 --> 00:49:52,040 into kind of that executive presentation is we're presenting 938 00:49:52,160 --> 00:49:56,360 along with the kind of the key contacts that we've had from our 939 00:49:56,360 --> 00:49:59,120 clients to say, yeah, here's your strategy. 940 00:49:59,440 --> 00:50:00,720 It's not the Jim and Jeff. Strategy. 941 00:50:00,800 --> 00:50:02,720 Here's our strategy, your strategy, right? 942 00:50:02,760 --> 00:50:04,840 Yeah, yeah. Your strategy, our strategy, 943 00:50:04,840 --> 00:50:08,840 however you want to look at it. And so I think that's an 944 00:50:08,840 --> 00:50:11,560 important. And a lot of times what you'll 945 00:50:11,560 --> 00:50:17,560 hear CIOs or Cisos say is OK, what's next? 946 00:50:17,560 --> 00:50:20,400 What do we have to do? I'm by you. 947 00:50:20,400 --> 00:50:21,000 It's. A while. 948 00:50:21,000 --> 00:50:23,160 Show me the math, right? Where'd you come up with this? 949 00:50:23,560 --> 00:50:26,000 You need to know your subject matter and you need to be able 950 00:50:26,000 --> 00:50:28,960 to go back to what you've already done in a previous 951 00:50:28,960 --> 00:50:30,160 phase, right? When you work through the 952 00:50:30,160 --> 00:50:32,880 assessment and you said, OK, here's what we heard. 953 00:50:32,880 --> 00:50:34,800 Is that correct? Right. 954 00:50:34,800 --> 00:50:36,360 Sometimes those conversations come up. 955 00:50:36,360 --> 00:50:39,880 So I think if you're talking with your CSO or CIO or whoever, 956 00:50:39,880 --> 00:50:42,200 when you're presenting this strategy, think about those 957 00:50:42,200 --> 00:50:44,760 sorts of things. Anticipate the questions that 958 00:50:45,200 --> 00:50:48,120 you think that they might ask and what's important to them. 959 00:50:48,480 --> 00:50:51,240 Again, this is an area where you might know your organization or 960 00:50:51,240 --> 00:50:54,200 that person the best. Try to get ahead of it and and 961 00:50:54,200 --> 00:50:56,440 think about what they would be interested in too. 962 00:50:57,280 --> 00:51:01,960 Yeah, I'd say also don't make that the last thing you do after 963 00:51:01,960 --> 00:51:04,640 you have that presentation and the project is done. 964 00:51:04,920 --> 00:51:07,480 Keep going, keep presenting it. Present it, we're done, 965 00:51:07,480 --> 00:51:11,120 everybody's in agreement with the strategy and magically 966 00:51:11,120 --> 00:51:12,520 things will just happen behind the scenes. 967 00:51:12,880 --> 00:51:15,280 Right. No, yeah, keep keep presenting 968 00:51:15,280 --> 00:51:20,160 that, keep keep telling the story to whoever will listen and 969 00:51:20,160 --> 00:51:23,720 keep working on, you know, I think funding is probably the 970 00:51:24,280 --> 00:51:27,800 the biggest thing that holds folks up from moving forward 971 00:51:27,800 --> 00:51:30,480 this strategy. So do the things that are 972 00:51:30,480 --> 00:51:35,120 necessary to get that funding, even if it's maybe not in year 973 00:51:35,120 --> 00:51:36,880 one. Everything you hope to get, get 974 00:51:36,880 --> 00:51:39,280 some of it, get the most important things done. 975 00:51:39,560 --> 00:51:41,960 Adjust your road map. That's the thing with the 976 00:51:41,960 --> 00:51:45,080 strategy of road map also is that it should be a living 977 00:51:45,080 --> 00:51:47,640 breathing document, especially the road map part. 978 00:51:48,360 --> 00:51:49,840 You're going to get some of it done. 979 00:51:50,280 --> 00:51:52,720 You're not going to get all of it done as it was originally 980 00:51:52,720 --> 00:51:54,880 forecast out. So re forecast. 981 00:51:55,640 --> 00:51:56,920 Yeah, you're going to want to revisit it. 982 00:51:57,000 --> 00:51:58,400 Things will change and that's fine. 983 00:51:58,800 --> 00:51:59,920 I think most people recognize that. 984 00:51:59,920 --> 00:52:03,560 In fact, you probably should build into your road map a 985 00:52:04,160 --> 00:52:06,120 refresh. Maybe it's a year, maybe it's 986 00:52:06,120 --> 00:52:09,000 every two years or whatever it may be because things will have 987 00:52:09,000 --> 00:52:10,760 changed, practice will change, the business will change, 988 00:52:10,760 --> 00:52:12,600 etcetera. People might have changed, you 989 00:52:12,600 --> 00:52:16,080 know, those sorts of things. So I think it's important to 990 00:52:16,080 --> 00:52:19,280 make sure you keep communicating as well, just because, you know, 991 00:52:19,280 --> 00:52:23,560 if there's there's nothing that hurts my hurts my heart, or then 992 00:52:23,560 --> 00:52:26,160 you and I, you know, work with a great client, having a lot of 993 00:52:26,160 --> 00:52:28,880 good times and we've developed this rock solid strategy. 994 00:52:28,880 --> 00:52:31,040 Yeah, makes sense. Everybody's gung ho coming out 995 00:52:31,040 --> 00:52:33,800 of the, you know, executive meeting that we presented to 996 00:52:33,800 --> 00:52:37,080 with them. And then it sits, it sits, it 997 00:52:37,080 --> 00:52:39,400 sits. 3 months go by, 6 months go by. 998 00:52:40,080 --> 00:52:43,280 All that work that you did, things might have changed and 999 00:52:43,280 --> 00:52:44,600 now you've kind of got to go back. 1000 00:52:44,600 --> 00:52:46,880 Maybe maybe parts of the strategy are still good. 1001 00:52:47,240 --> 00:52:49,400 Maybe all of it's good. Maybe all of it's thrown out the 1002 00:52:49,400 --> 00:52:53,840 window because you waited too long or the will to move 1003 00:52:53,840 --> 00:52:57,120 forward. Inertia is very powerful and you 1004 00:52:57,120 --> 00:52:59,320 need to find ways to keep momentum. 1005 00:52:59,480 --> 00:53:04,080 So the transition point from talking about it, you've 1006 00:53:04,080 --> 00:53:06,240 developed a strategy, you've talk, talk, talk. 1007 00:53:06,240 --> 00:53:07,880 You've communicated it. Great. 1008 00:53:08,080 --> 00:53:09,720 When do we start actually doing things? 1009 00:53:09,840 --> 00:53:12,760 It's that, it's that in between part, they've got to make sure 1010 00:53:12,760 --> 00:53:15,520 that you keep momentum going, keep pushing forward. 1011 00:53:16,480 --> 00:53:21,520 That's one of the things I I like to do is front end a road 1012 00:53:21,520 --> 00:53:25,840 map with projects that don't cost money spent outside. 1013 00:53:25,840 --> 00:53:30,280 So it's like the day after you present the strategy and get the 1014 00:53:30,280 --> 00:53:34,000 standing ovation or the week after you can start some project 1015 00:53:34,000 --> 00:53:38,600 to, you know, refresh the policies or start a cleanup of 1016 00:53:38,960 --> 00:53:43,240 your Active Directory groups and accounts and start doing things 1017 00:53:43,240 --> 00:53:47,480 with the resources that you have, with the dollars that you 1018 00:53:47,480 --> 00:53:50,480 don't have, you know, in other words, like without spending any 1019 00:53:50,480 --> 00:53:55,840 money because that way you can start to build a build some 1020 00:53:55,840 --> 00:53:57,880 momentum. If you clean up your Active 1021 00:53:57,880 --> 00:54:01,320 Directory, even if you never do anything else, it won't be for 1022 00:54:01,320 --> 00:54:03,240 naughty. Yeah. 1023 00:54:04,520 --> 00:54:07,000 And that's it. That's how we develop a strategy 1024 00:54:07,000 --> 00:54:08,480 and robot. Super easy, right Jim? 1025 00:54:09,240 --> 00:54:10,680 Anybody can do it. It doesn't. 1026 00:54:10,680 --> 00:54:13,320 I don't think it takes. I think it takes experience and 1027 00:54:13,320 --> 00:54:15,240 understanding kind of the methodology goes behind it and 1028 00:54:15,240 --> 00:54:18,440 be able to ask questions. But I think anybody can kind of 1029 00:54:18,440 --> 00:54:21,400 take this approach, sit down with their organization and 1030 00:54:21,400 --> 00:54:23,920 maybe it goes faster, maybe it goes slower depending on, you 1031 00:54:23,920 --> 00:54:27,040 know, the conversations. But I don't think that this 1032 00:54:27,040 --> 00:54:29,240 should be rocket science. I don't think they're a secret 1033 00:54:29,240 --> 00:54:33,000 sauce in developing a strategy. Everybody needs it. 1034 00:54:33,040 --> 00:54:35,480 How you do it the you know, the little tips and tricks you might 1035 00:54:35,480 --> 00:54:38,160 know Sure that kind of comes with experience and, you know, 1036 00:54:38,160 --> 00:54:40,400 maybe work in a different, you know, folks are on the. 1037 00:54:40,400 --> 00:54:42,640 Way if it was rocket science, you and I wouldn't be doing. 1038 00:54:44,120 --> 00:54:47,200 That this is, this is true. But I like doing it, you know, 1039 00:54:47,200 --> 00:54:51,360 it's, it's one of the most entertaining things for me is to 1040 00:54:51,360 --> 00:54:54,920 sit in a room with a bunch of people and talk and say, OK, 1041 00:54:54,920 --> 00:54:56,200 tell me about that. Why do you do it that way? 1042 00:54:56,200 --> 00:54:57,560 Because I learn something every time. 1043 00:54:57,920 --> 00:55:02,080 No corporation or organization or anything that I've worked 1044 00:55:02,080 --> 00:55:03,960 with ever does things exactly the same. 1045 00:55:04,000 --> 00:55:07,760 There's always just this enough difference to be like, OK, 1046 00:55:07,760 --> 00:55:10,480 that's interesting. I see what you're doing there 1047 00:55:10,480 --> 00:55:13,320 and Maima's like, oh, OK, well, you know, maybe I bring my 1048 00:55:13,320 --> 00:55:15,360 experience to the table just like you do or others to say, 1049 00:55:15,360 --> 00:55:16,800 oh, well, have you thought about this? 1050 00:55:17,280 --> 00:55:20,200 Sometimes it's that outside perspective that helps. 1051 00:55:20,640 --> 00:55:23,080 I hate to say it. Sometimes it's the, you know, 1052 00:55:23,080 --> 00:55:26,600 quote UN quote experts that you hired to come in and say the 1053 00:55:26,600 --> 00:55:28,640 exact same thing that you've been telling the organization. 1054 00:55:28,640 --> 00:55:31,480 But for whatever reason, the only move forward when they have 1055 00:55:31,480 --> 00:55:32,760 consultants come in and tell them that. 1056 00:55:33,000 --> 00:55:36,160 I hate to say that's, that's one handle, that's one angle. 1057 00:55:36,160 --> 00:55:38,320 Another angle is sometimes it's more effective. 1058 00:55:38,320 --> 00:55:42,000 Just sit in the room and not say anything and let have the 1059 00:55:42,000 --> 00:55:43,960 consultants come in and conduct the meeting. 1060 00:55:43,960 --> 00:55:50,760 And you, you're either one of the group or you're able to stay 1061 00:55:50,760 --> 00:55:53,680 completely silent. Because if like if you're doing 1062 00:55:53,680 --> 00:55:55,880 all the questioning, people are starting to wonder, OK, what's 1063 00:55:55,880 --> 00:55:57,520 your agenda? What are you trying to push 1064 00:55:57,520 --> 00:56:00,640 here? Or are you just kind of getting 1065 00:56:01,000 --> 00:56:04,520 trying to get the answers that you've been looking for? 1066 00:56:06,240 --> 00:56:07,280 Yeah, We'll have ulterior motive. 1067 00:56:07,280 --> 00:56:09,600 Give us a little bit of insulation between that 1068 00:56:09,600 --> 00:56:11,600 sometimes, yeah. Totally. 1069 00:56:12,000 --> 00:56:15,240 Yep. OK, what else? 1070 00:56:15,240 --> 00:56:18,840 Or should we wrap it up? Five years, man. 1071 00:56:18,840 --> 00:56:23,480 See if you got to like put the episode one and episode what is 1072 00:56:23,480 --> 00:56:26,360 this 292? 292, I think it'll be, yeah. 1073 00:56:27,240 --> 00:56:29,520 Yeah, that's a. Little inside baseball for us. 1074 00:56:29,520 --> 00:56:35,600 I used to say what episode we were on, and then we started 1075 00:56:35,600 --> 00:56:38,200 recording things sometimes out of order, or something would 1076 00:56:38,200 --> 00:56:41,120 happen and we'd have to release and it would cause me a lot of 1077 00:56:41,120 --> 00:56:44,600 problems when I'd say, oh, it's this episode, I'd say it and 1078 00:56:44,600 --> 00:56:45,960 then I'd have to call it something else. 1079 00:56:46,520 --> 00:56:50,640 So I have not said what episode we are unless we're very sure, 1080 00:56:50,640 --> 00:56:53,680 like, yeah, this is going out Monday, right? 1081 00:56:54,040 --> 00:56:56,400 Or or something like that. Well, this one doesn't go out 1082 00:56:56,400 --> 00:56:57,880 Monday. I don't know what's going on 1083 00:56:57,880 --> 00:57:00,200 Monday. It's going to be this one, I'll 1084 00:57:00,200 --> 00:57:05,560 tell you that right now. So why don't we wrap up with, I 1085 00:57:05,560 --> 00:57:09,600 don't know, the funniest or most interesting behind the scenes 1086 00:57:09,600 --> 00:57:12,920 thing that has happened on the podcast so far? 1087 00:57:13,320 --> 00:57:15,600 I'm not. I'm thinking of hundreds and 1088 00:57:15,600 --> 00:57:17,600 dozens, but like, what do you have for that topic? 1089 00:57:18,040 --> 00:57:19,680 Yeah. So what I have for the topic is 1090 00:57:19,680 --> 00:57:21,720 more of like an inside baseball thing. 1091 00:57:22,320 --> 00:57:24,320 And I'm going to joke on you a little bit. 1092 00:57:24,680 --> 00:57:28,800 So if someone saw our show notes, every show note, we have 1093 00:57:28,800 --> 00:57:32,080 preparation. And my little note that I made 1094 00:57:32,080 --> 00:57:36,200 to myself, I was going to say Jeff's 13 point checklist. 1095 00:57:36,560 --> 00:57:39,000 And actually looking at it now, there's a 15 point. 1096 00:57:39,120 --> 00:57:42,600 Checklist. And it's like all of our guests, 1097 00:57:42,600 --> 00:57:44,840 they come on and we're like, OK, silence your phone. 1098 00:57:44,840 --> 00:57:47,360 Oh, yeah, make sure you have headphones that make sure you 1099 00:57:47,360 --> 00:57:50,040 have something to drink, not in a crinkly bottle. 1100 00:57:50,280 --> 00:57:51,800 Breathe up. You're too close to the 1101 00:57:51,800 --> 00:57:53,200 microphone. Oh, move back from the 1102 00:57:53,200 --> 00:57:55,000 microphone. And then they it's like, don't 1103 00:57:55,000 --> 00:58:00,400 move. They're like usually do it to 1104 00:58:00,400 --> 00:58:01,680 me. Product man. 1105 00:58:01,680 --> 00:58:04,080 Yeah, well, don't. Don't move too close to the 1106 00:58:04,080 --> 00:58:05,720 microphone. Now I just sit there and gay 1107 00:58:05,720 --> 00:58:07,840 always like I see this happening to other people. 1108 00:58:07,840 --> 00:58:10,040 I'm like you say I shouldn't see thinking of personally. 1109 00:58:10,040 --> 00:58:12,280 All those times had nothing to do with me. 1110 00:58:12,600 --> 00:58:16,880 Has to do with you and your desire to put out the perfect 1111 00:58:17,360 --> 00:58:19,720 quality. I have a maniacal focus on 1112 00:58:19,720 --> 00:58:21,880 quality and I want this to sound good. 1113 00:58:21,880 --> 00:58:25,320 I want it to look good. It hurts my soul when either of 1114 00:58:25,320 --> 00:58:29,360 those things doesn't happen and I want to be able to enjoy my 1115 00:58:29,360 --> 00:58:31,160 life outside of this. I mean, I spend a lot of time on 1116 00:58:31,160 --> 00:58:32,720 it. So the more I can do upfront and 1117 00:58:32,720 --> 00:58:36,560 look, people come on the show. We want them to be comfortable. 1118 00:58:36,840 --> 00:58:38,840 We want them to present well, right. 1119 00:58:38,920 --> 00:58:41,640 Nobody wants to come on and be like, oh, that guy, you know, 1120 00:58:41,640 --> 00:58:44,560 sounded like crap and, you know, really didn't make a good 1121 00:58:44,560 --> 00:58:48,760 impression. My job as the producer is to 1122 00:58:48,760 --> 00:58:52,280 make sure that people show their best, whether it's audio or 1123 00:58:52,280 --> 00:58:56,320 video, whatever. We yes, I have a 15 list, 15 1124 00:58:56,320 --> 00:59:00,640 points on this list and they are rare for a reason because just 1125 00:59:00,640 --> 00:59:03,640 like the the the label on your shampoo says don't drink it, 1126 00:59:03,640 --> 00:59:07,680 somebody drank it at some point. So yeah, silence all your. 1127 00:59:07,720 --> 00:59:11,360 There's meaning for all of them. Like #13 if you're on the Mac, 1128 00:59:11,360 --> 00:59:13,680 turn off camera emoji. That's a new one. 1129 00:59:13,840 --> 00:59:16,200 Yeah, don't do this on a Mac because you'll get the little 1130 00:59:16,200 --> 00:59:18,160 thumbs up emoji and I don't want to see that on the camera. 1131 00:59:18,160 --> 00:59:21,280 I just had that happen on my phone on a FaceTime call the 1132 00:59:21,280 --> 00:59:23,200 other day. So it's a real thing. 1133 00:59:24,320 --> 00:59:26,720 But here's what happens. It's like you start telling the 1134 00:59:26,720 --> 00:59:29,960 guests and they're like smiling. And then you get about halfway 1135 00:59:29,960 --> 00:59:31,840 through and they're like, I'm not going to remember all these 1136 00:59:31,880 --> 00:59:34,160 things. How much does it remember all 1137 00:59:34,160 --> 00:59:36,560 these things? Yeah, I mean, it's just, hey, 1138 00:59:36,600 --> 00:59:40,040 think about it, right, The way you're on camera and, you know, 1139 00:59:40,040 --> 00:59:43,120 or audio, Look, we want this to sound good. 1140 00:59:43,520 --> 00:59:45,640 I can do a lot of stuff behind the scenes to fix things. 1141 00:59:45,640 --> 00:59:51,200 And I have done a lot of really butchering episodes to try and 1142 00:59:51,240 --> 00:59:53,520 save bad audio. That's really one of the things 1143 00:59:53,520 --> 00:59:56,120 that that comes up, you know, inside, you know, here's here's 1144 00:59:56,120 --> 01:00:01,200 my thing for for this episode. My teleprompter went dark and I 1145 01:00:01,200 --> 01:00:05,000 lost connection despite the, I don't know, thousands of dollars 1146 01:00:05,000 --> 01:00:07,760 that I've spent to put together a rig that is extremely 1147 01:00:07,760 --> 01:00:10,760 resilient. So during the middle of this 1148 01:00:10,760 --> 01:00:13,080 episode, I'm in the middle of talking and all of a sudden 1149 01:00:13,800 --> 01:00:15,760 things just crash. I don't know what it is. 1150 01:00:16,360 --> 01:00:18,520 That's going to be my weekend after I edit this episode is 1151 01:00:18,520 --> 01:00:20,360 trying to figure out what the heck happened and trying to 1152 01:00:20,360 --> 01:00:22,200 figure out a way. Is there a piece of technology 1153 01:00:22,200 --> 01:00:26,120 or something that I need update? But stuff like that drives me 1154 01:00:26,120 --> 01:00:30,080 absolutely crazy. Well, you, you know, I do is 1155 01:00:30,080 --> 01:00:35,600 look back on episode 291 and the little segment intro if you look 1156 01:00:35,600 --> 01:00:39,520 on YouTube was me talking and my monitor went black and I'm like, 1157 01:00:40,480 --> 01:00:43,480 and and it must not have affected my camera because. 1158 01:00:43,880 --> 01:00:44,760 Yeah, we. Could see you. 1159 01:00:45,240 --> 01:00:47,720 On camera, Yeah, yeah, yeah. That was our intro. 1160 01:00:47,840 --> 01:00:49,200 You know, it's your, it's on YouTube. 1161 01:00:49,200 --> 01:00:50,920 It's also in the audio. It's the same thing. 1162 01:00:50,920 --> 01:00:52,600 It's just one has video and the other one doesn't. 1163 01:00:52,960 --> 01:00:56,680 But yeah, like I, I don't think, I think it's fair to say most of 1164 01:00:56,680 --> 01:00:59,520 the technical issues are usually on your side, Jim. 1165 01:01:00,240 --> 01:01:04,400 It's pretty rare for me to. Thousands on your rig and I've 1166 01:01:04,400 --> 01:01:08,520 spent nothing. Yes, but it shows, right? 1167 01:01:08,520 --> 01:01:10,960 Even no matter how much you spend, there's always something 1168 01:01:10,960 --> 01:01:11,920 that could pop up. So. 1169 01:01:12,480 --> 01:01:15,080 But yeah, that was kind of fun. I think there's a lot of little 1170 01:01:15,080 --> 01:01:18,240 things like that where it's like, OK, you know, how am I 1171 01:01:18,240 --> 01:01:22,480 going to rescue this episode? Really bad audio or connection 1172 01:01:22,480 --> 01:01:25,560 or uploads or downloads, incomplete stuff like that. 1173 01:01:25,560 --> 01:01:27,680 That's kind of a lot of things that kind of happens, you know, 1174 01:01:27,840 --> 01:01:31,080 behind the scenes for me as. I think we've also done a good 1175 01:01:31,080 --> 01:01:32,520 job. We never name names. 1176 01:01:32,520 --> 01:01:34,000 We never embarrass people, right? 1177 01:01:34,000 --> 01:01:36,040 Because like, even when I brought up bad network 1178 01:01:36,040 --> 01:01:39,320 connections, I was thinking of specific episodes, like kind of 1179 01:01:39,320 --> 01:01:42,840 like name names, people I see at conferences all the time. 1180 01:01:43,120 --> 01:01:46,200 But no way would I ever do that. I love our, It's not about that. 1181 01:01:46,240 --> 01:01:50,120 It's, it's really either the, it's, it's, it's what keeps it 1182 01:01:50,120 --> 01:01:52,000 fresh, right? You and I have conversational 1183 01:01:52,000 --> 01:01:55,120 time and there's always something that goes, I mean, 1184 01:01:55,120 --> 01:01:57,960 we've had a really bad just technology streak for like the 1185 01:01:57,960 --> 01:02:00,920 last, I don't know, four weeks, 5 weeks, six weeks now. 1186 01:02:01,560 --> 01:02:06,640 And anytime I travel and have to be on a hotel, you just never 1187 01:02:06,640 --> 01:02:10,120 know with hotel Wi-Fi. And you know, we just try to 1188 01:02:10,120 --> 01:02:12,360 make it work, but there's lots of variables. 1189 01:02:12,440 --> 01:02:14,960 But the technical stuff, as usual, it bugs me and it's like, 1190 01:02:14,960 --> 01:02:16,520 all right, how am I going to fix this? 1191 01:02:17,400 --> 01:02:19,880 And there's times where like, I'll text you Jim and like, it's 1192 01:02:19,880 --> 01:02:21,840 like, here's what I'm dealing with. 1193 01:02:21,880 --> 01:02:24,800 Let me I'm going to have to see what I can do to like fix this. 1194 01:02:24,800 --> 01:02:26,360 And you know, I've gotten better over the years. 1195 01:02:26,360 --> 01:02:29,120 I think our earlier episodes, you know, from an audio quality 1196 01:02:29,200 --> 01:02:33,680 suck compared to now, But that's that's kind of behind the 1197 01:02:33,680 --> 01:02:35,360 scenes. If you're watching this episode, 1198 01:02:35,360 --> 01:02:38,800 you're listening to this, just know that at some point during 1199 01:02:38,800 --> 01:02:43,640 this episode earlier, obviously my thing crashed. 1200 01:02:44,080 --> 01:02:46,480 And if you spot the edit, let me know. 1201 01:02:48,000 --> 01:02:50,600 I'll try to hide it as best as I can make it, you know, probably 1202 01:02:50,600 --> 01:02:52,600 easier to spot on video maybe versus the audio. 1203 01:02:52,600 --> 01:02:56,640 But you know, we had technical difficulty and I will, I will be 1204 01:02:56,640 --> 01:02:59,200 addressing that with my 4K capture card. 1205 01:02:59,360 --> 01:03:02,120 I think is the culprit, you know, after this. 1206 01:03:04,000 --> 01:03:07,240 Well, if I had anything to say before you take us out, it would 1207 01:03:07,240 --> 01:03:10,160 just be thank you to our listeners, people who've been 1208 01:03:10,160 --> 01:03:14,880 listening for five years or five episodes. 1209 01:03:15,360 --> 01:03:20,400 I mean that we wouldn't do this without our watchers, our 1210 01:03:20,400 --> 01:03:24,000 listeners. And we keep trying to make this 1211 01:03:24,000 --> 01:03:30,120 thing better for you all because it means so much to us, like 1212 01:03:30,400 --> 01:03:33,960 Jeff said, where people come up and actually know who we are and 1213 01:03:34,360 --> 01:03:37,480 listen to the podcast or just connect to us on LinkedIn. 1214 01:03:38,080 --> 01:03:41,440 It's it's why we do it. It's why we've been able to like 1215 01:03:41,800 --> 01:03:44,840 do this for five years. And I think, look, we've 1216 01:03:44,840 --> 01:03:48,720 recorded a lot of episodes on like Saturdays and Sunday nights 1217 01:03:48,720 --> 01:03:52,440 to get them out on Monday. And you, you have the all the 1218 01:03:52,440 --> 01:03:56,280 humans work after that to like, you know, do all the editing. 1219 01:03:57,800 --> 01:03:59,720 It's a lot of work, but it's worth it. 1220 01:04:00,600 --> 01:04:02,400 I don't think we've ever questioned whether or not it's 1221 01:04:02,400 --> 01:04:04,280 worth it. Yeah, no. 1222 01:04:04,280 --> 01:04:07,560 It's a labor of love and definitely thank you to 1223 01:04:07,560 --> 01:04:10,120 everybody who supported the show, listeners, people who come 1224 01:04:10,120 --> 01:04:12,600 up, you know, even sponsors who are now getting involved with 1225 01:04:12,600 --> 01:04:14,360 stuff. Yeah, definitely. 1226 01:04:15,520 --> 01:04:17,400 Thank you. You know, hit that like and 1227 01:04:17,400 --> 01:04:18,600 subscribe button. Keep sharing it. 1228 01:04:18,600 --> 01:04:21,680 We'll keep doing it. And yeah, happy five year 1229 01:04:21,680 --> 01:04:24,880 birthday to us, Jim. Let's see what else. 1230 01:04:24,880 --> 01:04:28,040 I think that's it. We're on the web, IDC 1231 01:04:28,040 --> 01:04:32,200 podcast.com. We're on YouTube, youtube.com 1232 01:04:32,200 --> 01:04:35,480 slash at IDC podcast, which just seems kind of weird, but that's 1233 01:04:35,480 --> 01:04:39,320 what the URL is. Mastodon IDAC podcast at infosec 1234 01:04:39,320 --> 01:04:41,040 dot exchange. Jim mentioned it. 1235 01:04:41,040 --> 01:04:44,080 Connectors on LinkedIn have lots of people reach out with, you 1236 01:04:44,080 --> 01:04:47,920 know, ideas for shows, ideas for guests, feedback, what you like, 1237 01:04:47,920 --> 01:04:50,480 don't like. We read it all and we take into 1238 01:04:50,480 --> 01:04:51,920 consideration as we move things forward. 1239 01:04:51,960 --> 01:04:56,240 So here's to another five years. And with that, we'll talk with 1240 01:04:56,240 --> 01:05:01,440 everyone in the next one. You've been listening to 1241 01:05:01,440 --> 01:05:05,360 Identity at the Center. We hope you've enjoyed the show. 1242 01:05:05,520 --> 01:05:09,680 Make sure to like, rate and review, and we'll be back soon. 1243 01:05:09,920 --> 01:05:12,200 But in the meantime, hit the website at 1244 01:05:12,200 --> 01:05:18,520 identity@thecenter.com. See you next time on Identity at 1245 01:05:18,520 --> 01:05:19,480 the Center.