1 00:00:10,080 --> 00:00:11,680 Welcome to the Identity at Center podcast. 2 00:00:11,680 --> 00:00:13,040 I'm Jeff, and that's Jim. Hey, Jim. 3 00:00:13,200 --> 00:00:15,120 Hey, Jeff, how are you? Not so bad yourself. 4 00:00:15,200 --> 00:00:18,520 Fantastic Authenticate 2025. Here we are. 5 00:00:18,840 --> 00:00:22,240 We got a great guest to start things off today, so why don't 6 00:00:22,240 --> 00:00:24,320 we jump right into it? Yeah, we've got a sponsored 7 00:00:24,320 --> 00:00:27,480 episode today, so we're joined by Bo Yan Simic from Hyper. 8 00:00:27,480 --> 00:00:30,600 We're going to get to him in a second, but if you find out more 9 00:00:30,600 --> 00:00:34,240 about what they got going on, you can go to hyper.com/I DAC. 10 00:00:34,240 --> 00:00:39,160 That's HY pr.com/I DAC and just make it clear, right? 11 00:00:39,160 --> 00:00:41,640 This is a sponsored episode. We do these from time to time to 12 00:00:41,880 --> 00:00:44,360 have really smart people come on, tell us about sort of what 13 00:00:44,360 --> 00:00:45,920 they're doing in the space and learn more about it. 14 00:00:45,920 --> 00:00:47,400 But yeah, let's jump right into it. 15 00:00:47,400 --> 00:00:49,640 So welcome to the show, Buen. Thanks for having me guys. 16 00:00:50,120 --> 00:00:51,280 Yeah, so here we are. Authenticate. 17 00:00:51,280 --> 00:00:53,360 You got the lovely pass key background, right? 18 00:00:53,360 --> 00:00:55,040 We sacrificed that for our guests. 19 00:00:55,040 --> 00:00:56,280 Want to make sure that you look good. 20 00:00:56,280 --> 00:00:58,440 Tell us a little bit about your background. 21 00:00:58,440 --> 00:01:00,040 So I think it's the first time we've had an opportunity to 22 00:01:00,040 --> 00:01:02,240 actually meet and talk. I feel like we've been on phone 23 00:01:02,240 --> 00:01:05,680 calls probably in the past, but how did you get into the world 24 00:01:05,680 --> 00:01:08,880 of identity? Did they choose you or did you 25 00:01:08,880 --> 00:01:12,360 choose? I, you know, I stumbled into it. 26 00:01:13,400 --> 00:01:14,960 I started out as a software engineer. 27 00:01:15,320 --> 00:01:18,400 That's why I went to school for and I was a mediocre software 28 00:01:18,400 --> 00:01:22,640 engineer at best, I would say. But I wrote a piece of software 29 00:01:22,640 --> 00:01:26,160 once for a large client in Cincinnati, OH, I will not say 30 00:01:26,160 --> 00:01:28,200 who. And three months later, that 31 00:01:28,200 --> 00:01:31,680 product got breached. And so that was my first foray 32 00:01:31,680 --> 00:01:33,760 into cybersecurity. And then once I got into 33 00:01:33,760 --> 00:01:38,200 cybersecurity, I grew my career there and it progressed well. 34 00:01:38,240 --> 00:01:41,360 And I was running a security team at a financial institution 35 00:01:41,360 --> 00:01:46,280 in New York City. And I was like, why is every bad 36 00:01:46,280 --> 00:01:49,000 thing that happens here due to an identity related thing? 37 00:01:49,400 --> 00:01:53,480 And so I, I figured, you know, I should jump head first into 38 00:01:53,480 --> 00:01:54,960 that. So when we had an opportunity to 39 00:01:54,960 --> 00:01:59,720 start this company, that's, that was my first official foray into 40 00:01:59,720 --> 00:02:04,320 identity and the vast complexity that it entails. 41 00:02:04,760 --> 00:02:07,440 And so it's been a amazing journey over the last 10-11 42 00:02:07,440 --> 00:02:09,840 years and I'm looking forward to sharing it more with you all. 43 00:02:10,360 --> 00:02:14,040 So for those not familiar with hyper, what is like the 30 to 44 00:02:14,040 --> 00:02:17,680 62nd elevator pitch when someone says, hey, so hyper, what's that 45 00:02:17,680 --> 00:02:18,680 about? Yeah. 46 00:02:18,680 --> 00:02:23,000 Look, we believe that users want fast, consistent and secure 47 00:02:23,200 --> 00:02:26,960 identity controls, right? Not relevant to what specific 48 00:02:26,960 --> 00:02:29,680 identity provider they have or whatever else. 49 00:02:29,680 --> 00:02:33,040 People just want fast, secure, consistent authentication, 50 00:02:33,040 --> 00:02:37,800 identity verification, baseline security controls that any user 51 00:02:37,800 --> 00:02:42,280 can understand and implement at scale and rule #1 is it's got to 52 00:02:42,280 --> 00:02:45,000 work. And so we excel at that. 53 00:02:45,080 --> 00:02:49,200 And so we typically really focus on complementing our customers 54 00:02:49,200 --> 00:02:52,720 existing identity investments and solutions to get that best 55 00:02:52,720 --> 00:02:56,360 in breed set of controls from an identity verification and 56 00:02:56,360 --> 00:02:58,920 authentication perspective. So that's a good first rule. 57 00:02:58,920 --> 00:03:02,080 It has to work. That's rule #1 and like, look, 58 00:03:02,080 --> 00:03:04,400 many people in Identity kind of really learned that lesson way 59 00:03:04,400 --> 00:03:07,960 too late, where identity it the reason why it's so hard or one 60 00:03:07,960 --> 00:03:11,560 of the many reasons identity is so hard is because it has to 61 00:03:11,560 --> 00:03:14,240 work all the time. And if especially the 62 00:03:14,240 --> 00:03:16,720 authentication system, if it's not working, your customers 63 00:03:16,720 --> 00:03:18,920 aren't working. And that is such a key component 64 00:03:18,920 --> 00:03:21,200 to any product, so. Tell me about the name of the 65 00:03:21,200 --> 00:03:23,200 company. It's suspiciously devoid of 66 00:03:23,200 --> 00:03:27,560 vowels, so yeah. Lot of lot of consonants. 67 00:03:27,760 --> 00:03:29,840 And it's not because I'm Eastern European. 68 00:03:31,000 --> 00:03:35,600 It is because there is a there's a 80s book by Neil Stephenson 69 00:03:35,600 --> 00:03:37,920 called Stone crash may have heard about it. 70 00:03:38,960 --> 00:03:42,720 And in that book there is a thing called a hyper card. 71 00:03:43,400 --> 00:03:47,000 And it's this thing that contains a significant amount of 72 00:03:47,000 --> 00:03:52,000 knowledge or data information. And I'm a fan of that book. 73 00:03:52,000 --> 00:03:53,520 My Co founder is a fan of that book. 74 00:03:53,520 --> 00:03:56,440 So that's how we got here today. That's a cool little Easter egg 75 00:03:56,440 --> 00:03:59,080 I love, like hiding out. Very cool Easter egg. 76 00:03:59,840 --> 00:04:02,920 So we're here at Authenticate 2025 and you guys have a booth 77 00:04:02,920 --> 00:04:04,280 out there. What's been sort of like the 78 00:04:04,280 --> 00:04:05,800 buzz? Like what's the feeling like? 79 00:04:05,800 --> 00:04:09,520 What is the sort of, you know, the word on the street so. 80 00:04:10,080 --> 00:04:12,360 It's interesting, you know everybody, everybody that comes 81 00:04:12,360 --> 00:04:15,560 to authenticate is laser focused on pass keys which we have here. 82 00:04:16,279 --> 00:04:18,760 Everybody really wants to understand how do they deploy 83 00:04:18,760 --> 00:04:22,680 this stuff at scale Every I think for the most part, most 84 00:04:22,680 --> 00:04:25,600 organizations now are like on the pass key train. 85 00:04:25,920 --> 00:04:28,080 They're just trying to figure out like, how do I go fast? 86 00:04:28,960 --> 00:04:31,960 And so many of these companies, to use the train analogy, are 87 00:04:31,960 --> 00:04:34,600 still kind of like in the, you know, shoveling coal into the 88 00:04:34,920 --> 00:04:38,240 steam engine type of thing. And they want the bullet train. 89 00:04:38,240 --> 00:04:40,680 So people are here trying to figure out what is the best way 90 00:04:40,680 --> 00:04:45,040 to do that and in in a way that's as low risk as possible 91 00:04:45,040 --> 00:04:48,600 to their careers. And then the second thing is 92 00:04:49,040 --> 00:04:53,760 agentic AI is, is sweeping a lot of board level conversations 93 00:04:53,760 --> 00:04:57,360 right now. And so there's a lot of smart 94 00:04:57,360 --> 00:05:01,120 people here trying to figure out how do we securely authenticate 95 00:05:01,120 --> 00:05:04,720 these agents and these things and what roles do passkey and 96 00:05:04,720 --> 00:05:06,600 decentralized credentials play into that? 97 00:05:07,200 --> 00:05:09,320 Because I think we all know that, you know, agents should 98 00:05:09,320 --> 00:05:13,320 not be using passwords. Yeah, there's a lot of major 99 00:05:13,320 --> 00:05:14,800 themes going on in this conference. 100 00:05:14,800 --> 00:05:18,400 One of them is continuous identity, doing things in a 101 00:05:18,400 --> 00:05:22,040 continuous manner. And when we got prepared for 102 00:05:22,120 --> 00:05:25,480 this show, you and I were talking about like let's educate 103 00:05:25,480 --> 00:05:29,280 people on something that is a big trend in the industry and 104 00:05:29,280 --> 00:05:32,720 you talked about know your employee, that's the big trend, 105 00:05:32,880 --> 00:05:34,920 but also doing it in a continuous manner. 106 00:05:34,920 --> 00:05:37,920 So you're already on this trend. Can you talk a little bit about 107 00:05:38,080 --> 00:05:40,160 what that's all about? Yeah. 108 00:05:40,160 --> 00:05:44,680 Look, the reality is since the pandemic, pretty much every 109 00:05:44,680 --> 00:05:48,960 organization has a significant chunk of their workforce that is 110 00:05:48,960 --> 00:05:51,480 remote. And that's just a reality that's 111 00:05:51,480 --> 00:05:53,000 not going to change anytime soon. 112 00:05:53,520 --> 00:05:55,440 There's the big banks of the world that are now saying you 113 00:05:55,440 --> 00:05:58,360 have to come in five days a week, but most of those people 114 00:05:58,360 --> 00:06:00,800 just show up in the morning, tap their badge and then go home. 115 00:06:01,960 --> 00:06:04,240 So they're still remoted. So, yeah. 116 00:06:05,160 --> 00:06:08,840 So, so it's becoming increasingly important to 117 00:06:08,840 --> 00:06:12,480 continuously verify individuals and, and this this is 118 00:06:12,480 --> 00:06:14,920 particularly important on the enterprise side where you have 119 00:06:15,240 --> 00:06:17,600 so many different personas working at any given 120 00:06:17,600 --> 00:06:19,680 organization. So if you have a 10,000 person 121 00:06:19,680 --> 00:06:23,200 company, you got a couple thousand contractors, you have, 122 00:06:23,200 --> 00:06:25,840 you know, 3 or 4000 people who work remote, you have 123 00:06:25,840 --> 00:06:29,320 individuals who are frontline workers and you have to figure 124 00:06:29,320 --> 00:06:32,240 out like, what is the identity story across all those personas? 125 00:06:32,240 --> 00:06:35,400 And that's not always easy. So being able to continuously 126 00:06:35,400 --> 00:06:39,200 verify people both from a credential and authentication 127 00:06:39,200 --> 00:06:42,480 perspective as well as an identity verification 128 00:06:42,480 --> 00:06:45,760 perspective is critical because we've seen recently a lot of 129 00:06:45,760 --> 00:06:49,720 instances where individuals are outsourcing their jobs. 130 00:06:49,880 --> 00:06:53,120 So if you're if you're, if you go on Reddit, there's a over 131 00:06:53,120 --> 00:06:56,440 employed subreddit, right where people are like talking about 132 00:06:56,440 --> 00:06:58,760 how they're juggling 345 different jobs at a time. 133 00:06:59,160 --> 00:07:02,600 There's also now nation state efforts like with North Korea, 134 00:07:03,120 --> 00:07:08,440 where they have entire groups organized and basically set up 135 00:07:08,440 --> 00:07:12,520 to do jobs on behalf of US employees. 136 00:07:13,000 --> 00:07:16,120 And so every, I think people have read the article of that 137 00:07:16,120 --> 00:07:18,000 Lady. I think it was in Tennessee or 138 00:07:18,320 --> 00:07:22,760 Arizona somewhere where she had like 40 corporate issued laptops 139 00:07:22,760 --> 00:07:25,920 in her house and you know, people are remoting into those 140 00:07:25,920 --> 00:07:29,320 laptops and doing the jobs. I just don't have the litz for 141 00:07:29,320 --> 00:07:33,040 to do something like that myself, but I'm I'm sure it's 142 00:07:33,040 --> 00:07:36,280 happening. So what are companies doing 143 00:07:36,280 --> 00:07:38,080 about this today? How are they solving this 144 00:07:38,080 --> 00:07:39,160 problem? You mentioned? 145 00:07:39,360 --> 00:07:41,520 It got hot at the beginning of the pandemic. 146 00:07:41,520 --> 00:07:44,240 I remember was like we're all patting ourselves on the back 147 00:07:44,240 --> 00:07:48,280 like, hey, in six, six weeks everybody got multi factor 148 00:07:48,280 --> 00:07:51,840 authentication up and running. Is that what they're doing? 149 00:07:51,840 --> 00:07:54,400 Is that was that the last chapter of that book? 150 00:07:54,920 --> 00:07:58,360 Well, it was like. You know, typically before the 151 00:07:58,360 --> 00:08:01,360 pandemic, it was like you get a job at a company, you, you start 152 00:08:01,360 --> 00:08:04,480 on day one, you get verified, you get issued an MFA credential 153 00:08:05,360 --> 00:08:08,200 and then that's it. Like that MFA credential is you 154 00:08:08,200 --> 00:08:10,600 for the rest of your career there, right? 155 00:08:10,600 --> 00:08:15,520 And so that's no longer the, the feasible way of doing identity 156 00:08:15,520 --> 00:08:17,280 security at the employee level anymore. 157 00:08:17,280 --> 00:08:20,480 Now you have to be able to continuously verify people to 158 00:08:20,480 --> 00:08:23,400 make sure the person sitting behind that laptop is the person 159 00:08:23,400 --> 00:08:25,240 who's supposed to be sitting behind that laptop. 160 00:08:25,240 --> 00:08:28,520 And the person who has access to the MFA credential is the right 161 00:08:28,520 --> 00:08:31,480 person who should have access to the MFA credential, right? 162 00:08:31,480 --> 00:08:34,400 There's so many instances now of individuals like sharing their 163 00:08:34,400 --> 00:08:38,760 MFA with others, right, or issuing new MFA credentials to 164 00:08:38,760 --> 00:08:41,679 them. And so this concept of you, you 165 00:08:41,679 --> 00:08:45,600 have like a seesaw type of thing where you have, you have to have 166 00:08:45,600 --> 00:08:48,400 a strong MFA credential. I think that's what Passkey's 167 00:08:48,400 --> 00:08:50,960 and the Fight Alliance have been working really hard towards and 168 00:08:50,960 --> 00:08:54,320 vendors like us to make sure that that thing is not fishable 169 00:08:54,320 --> 00:08:57,160 and all that, all that. But then you also have to make 170 00:08:57,160 --> 00:08:59,320 sure that that credential is being used by the right person 171 00:08:59,320 --> 00:09:01,200 at all times. So that's where the identity 172 00:09:01,200 --> 00:09:04,200 verification piece is, is similarly important. 173 00:09:04,760 --> 00:09:07,240 And so now what we're seeing companies starting to do is 174 00:09:07,440 --> 00:09:10,600 things like, hey, if you're a contractor or a remote employee 175 00:09:10,600 --> 00:09:13,960 at our company, you have to go through identity verification, 176 00:09:14,440 --> 00:09:16,920 you know, at certain increments every three months, six months, 177 00:09:16,920 --> 00:09:19,760 or maybe if the level of risk justifies it. 178 00:09:19,760 --> 00:09:23,400 And, and this is the exciting part for me because we're 179 00:09:23,400 --> 00:09:26,640 finally starting to see the convergence of identity and 180 00:09:26,640 --> 00:09:30,520 security. You know, when we started hyper 181 00:09:30,520 --> 00:09:34,640 10 years ago, I would ask the identity teams, like where do 182 00:09:34,640 --> 00:09:38,480 you report into? And only about 10% of the time 183 00:09:38,480 --> 00:09:40,160 would they say they're reporting to security. 184 00:09:40,680 --> 00:09:43,680 Now it's like more than half the time, so it's really fascinating 185 00:09:43,680 --> 00:09:46,080 to see how that's evolving. Yeah, I mean, definitely want to 186 00:09:46,080 --> 00:09:49,920 jump into that. One of the things that comes to 187 00:09:49,920 --> 00:09:53,200 mind is this kind of saying that's become popular, which is 188 00:09:53,400 --> 00:09:55,760 hackers don't break in, they log in. 189 00:09:55,960 --> 00:09:57,840 But it's so true when you're talking about something like 190 00:09:57,840 --> 00:10:02,040 this, right? And you know, I also think of 191 00:10:02,040 --> 00:10:05,520 the scatter spider example that happened recently where it's 192 00:10:05,520 --> 00:10:08,880 like the same old stuff. Call the help desk and social 193 00:10:08,880 --> 00:10:12,440 engineer your way in. I mean, is that why this kind of 194 00:10:12,440 --> 00:10:16,640 this old paradigm is failing? Yeah, it's so dirt simple too. 195 00:10:16,640 --> 00:10:20,000 You know, one couple of the big casinos had breaches related to 196 00:10:20,000 --> 00:10:23,480 Scatter Spider recently, and I had an opportunity to listen to 197 00:10:23,480 --> 00:10:26,240 one of those phone calls. It was nothing sophisticated, 198 00:10:26,240 --> 00:10:27,640 right? It's like, hey, this is Bill. 199 00:10:27,640 --> 00:10:30,640 I can't log in and help me out here, you know, and, and the 200 00:10:30,640 --> 00:10:33,880 hackers don't have to be extremely smart, right? 201 00:10:33,880 --> 00:10:35,960 The, the way that they do these things is pretty simple. 202 00:10:35,960 --> 00:10:39,200 So they call up the help desk. They say, hey, it's Jeff, I 203 00:10:39,200 --> 00:10:41,320 forgot my password or I'm locked out. 204 00:10:42,040 --> 00:10:45,920 And they say, OK, Jeff, what's your manager's name and the date 205 00:10:45,920 --> 00:10:48,840 that you started? And the hackers like, ah, damn, 206 00:10:48,840 --> 00:10:51,280 I don't know. So they hang up, then they call 207 00:10:51,280 --> 00:10:53,440 up Jeff and they'll hey, Jeff, this is your IT team. 208 00:10:53,440 --> 00:10:55,960 We're just doing a routine audit of your security questions. 209 00:10:55,960 --> 00:10:58,280 Can you confirm with me the date that you started in your 210 00:10:58,280 --> 00:11:00,440 manager's name? You're like, sure, here you go. 211 00:11:00,760 --> 00:11:03,520 Hang up, call up the help desk, answer the questions, get access 212 00:11:03,520 --> 00:11:05,160 to the account. That is the level of 213 00:11:05,160 --> 00:11:08,680 sophistication here. It is not some zero day Stuxnet 214 00:11:09,080 --> 00:11:12,760 like crazy thing here. Like this is like a teenager can 215 00:11:12,760 --> 00:11:14,560 execute it. And but what's changed in the 216 00:11:14,560 --> 00:11:16,520 last couple of years in particular, these attacks are 217 00:11:16,520 --> 00:11:19,160 scalable at a level like never heard before. 218 00:11:19,160 --> 00:11:22,160 So I was talking to a chief security officer of a large 219 00:11:22,160 --> 00:11:26,320 Japanese bank and he said I never had to worry about social 220 00:11:26,320 --> 00:11:31,040 engineering and scattered spider at my help desk because most 221 00:11:31,040 --> 00:11:35,200 hackers speak Chinese, English, Russian, they don't speak 222 00:11:35,200 --> 00:11:38,160 Japanese. It's like, but now with with AI, 223 00:11:39,080 --> 00:11:41,480 they speak fluent Japanese and my help desk can't tell the 224 00:11:41,480 --> 00:11:45,000 difference. So all these companies that are 225 00:11:45,000 --> 00:11:48,520 in Latin America, certain countries in Asia, Europe, where 226 00:11:48,920 --> 00:11:51,760 hackers typically don't speak those languages because it 227 00:11:51,760 --> 00:11:55,240 wasn't necessarily profitable. Now it's open season. 228 00:11:55,560 --> 00:11:58,920 It's crazy. It's like the hack is 229 00:11:59,040 --> 00:12:03,520 fundamentally simple. The answer, though, is you 230 00:12:03,560 --> 00:12:05,520 better throw some technology at it, right? 231 00:12:05,520 --> 00:12:09,160 It's not just, oh, we're going to change our help desk process. 232 00:12:09,280 --> 00:12:11,280 You do need some technology behind it. 233 00:12:11,400 --> 00:12:13,840 But I think there's also, it's not just that, you know, the 234 00:12:13,840 --> 00:12:16,760 defenders are throwing technology at it, the offenders, 235 00:12:16,760 --> 00:12:20,360 the attackers are also throwing technology. 236 00:12:20,360 --> 00:12:23,400 So the the language one is interesting because, you know, 237 00:12:23,560 --> 00:12:26,240 it used to be the, you know, Nigerian Prince with the poor 238 00:12:26,240 --> 00:12:29,040 word e-mail. Now it's a well crafted AI 239 00:12:29,280 --> 00:12:31,400 generated thing. There's things for voice. 240 00:12:31,400 --> 00:12:34,520 Now there's even things for voice that will remove an accent 241 00:12:34,560 --> 00:12:37,800 from somebody. So, you know, if I have, you 242 00:12:37,800 --> 00:12:41,680 know, a thick accent in one language, I can in real time 243 00:12:41,960 --> 00:12:44,560 speak my normal cadence, you know, whatever language I'm 244 00:12:44,560 --> 00:12:49,240 speaking and have it be in real time translated into the 245 00:12:49,240 --> 00:12:51,400 appropriate language and get rid of all that. 246 00:12:52,680 --> 00:12:55,280 I posted videos on link to me speaking Japanese. 247 00:12:55,360 --> 00:12:58,760 I don't speak Japanese, and I send it to my friends who are 248 00:12:58,760 --> 00:13:01,680 Japanese and they're like, yeah, you sound like you're from here. 249 00:13:02,240 --> 00:13:02,800 Perfect. Yeah. 250 00:13:03,320 --> 00:13:05,160 Maybe that's a spoiler we can put in here and like, just make 251 00:13:05,160 --> 00:13:08,880 this entire thing in Japanese, right? 252 00:13:08,880 --> 00:13:11,800 Yes. OK, so who's on the hope when 253 00:13:11,800 --> 00:13:16,240 something like this happens? I mean, in other words, it seems 254 00:13:16,360 --> 00:13:19,800 like it's more than just an informational security problem, 255 00:13:19,800 --> 00:13:22,320 right? Yeah, it's fascinating. 256 00:13:22,320 --> 00:13:26,800 You know, like so if we break it down into a couple of areas, if 257 00:13:26,800 --> 00:13:30,680 somebody bypasses MFA, it's typically the security teams 258 00:13:30,680 --> 00:13:32,720 problem, right? But if somebody calls up the 259 00:13:32,720 --> 00:13:37,520 help desk and tricks them into issuing a new credential, oh, 260 00:13:37,520 --> 00:13:39,720 all of a sudden that's it's problem, right? 261 00:13:39,720 --> 00:13:44,880 And then if a company interviews an individual and then the 262 00:13:44,880 --> 00:13:47,640 person who shows up and is on board and on the first day is 263 00:13:47,640 --> 00:13:50,480 not the person they interviewed for some reason, that's HR's 264 00:13:50,480 --> 00:13:52,600 problem. So there is this like finger 265 00:13:52,600 --> 00:13:56,440 pointing, not just in terms of who has to deal with it, but who 266 00:13:56,440 --> 00:14:00,400 has to pay to fix it. And so this is where identity is 267 00:14:00,880 --> 00:14:04,800 more complicated than ever because now you have to have the 268 00:14:04,800 --> 00:14:08,200 ability to reach across the aisle and really work with other 269 00:14:08,200 --> 00:14:10,960 key stakeholders within your organization to drive this 270 00:14:10,960 --> 00:14:13,560 change more than ever. And that's always been the 271 00:14:13,560 --> 00:14:15,440 hardest part of identity. And that's that's why I like 272 00:14:15,440 --> 00:14:17,400 seesos are so scared of identity. 273 00:14:17,920 --> 00:14:20,920 Like everybody talks about zero trust and the like, the five 274 00:14:20,920 --> 00:14:24,440 pillars of zero trust. But like, conveniently, all the 275 00:14:24,440 --> 00:14:27,720 seesos tend to like, ignore the identity one as much as they 276 00:14:27,720 --> 00:14:31,360 possibly can until the, you know, until it hits them where 277 00:14:31,360 --> 00:14:33,160 it hurts. Well, identity at the center. 278 00:14:33,160 --> 00:14:36,080 Hello. The, the pay thing is 279 00:14:36,080 --> 00:14:39,840 interesting angle because at the end of the day, the company 280 00:14:39,840 --> 00:14:41,560 pays. And so you don't want to be in a 281 00:14:41,560 --> 00:14:43,840 position where it's like, well, who's paying for the security, 282 00:14:43,840 --> 00:14:44,920 right? Is it HR? 283 00:14:44,920 --> 00:14:47,680 Is it, IT, is it, IT security is a compliance thing. 284 00:14:48,160 --> 00:14:50,400 At the end of the day, someone's paying and guess what? 285 00:14:50,400 --> 00:14:51,440 It's going to be the macro company. 286 00:14:51,440 --> 00:14:54,480 So how do you, how do you articulate that with people that 287 00:14:54,480 --> 00:14:56,680 are out there saying, well, it's not my problem, That's your 288 00:14:56,680 --> 00:14:58,720 problem? No, no, it's our problem. 289 00:14:58,720 --> 00:15:01,560 We need to fix this issue. Yeah, it's really all about 290 00:15:01,560 --> 00:15:08,280 making sure that inside inside teams can find creative ways to 291 00:15:08,400 --> 00:15:11,080 get the project prioritized and paid for, right. 292 00:15:11,080 --> 00:15:13,640 And so sometimes they're charging it back to security or 293 00:15:13,640 --> 00:15:16,400 to the business. Other times they have to have a 294 00:15:16,400 --> 00:15:18,400 broader leadership level discussion. 295 00:15:19,560 --> 00:15:23,080 But everything ultimately comes down to the business value. 296 00:15:23,240 --> 00:15:27,160 And like, how can us doing this make sure that we better 297 00:15:27,160 --> 00:15:29,320 differentiate ourselves from our competitors? 298 00:15:29,320 --> 00:15:31,280 Doesn't matter what your industry is, right? 299 00:15:31,280 --> 00:15:33,800 If you're a bank, you're in the, you're in the business of trust. 300 00:15:35,000 --> 00:15:38,080 If an article comes out and, and you know, you hired somebody 301 00:15:38,080 --> 00:15:41,560 from North Korea, like that's a problem for you, even if it 302 00:15:41,560 --> 00:15:45,560 didn't have any material impact on your, on your business, it's 303 00:15:45,560 --> 00:15:49,160 a trust issue. So I think being able to 304 00:15:49,280 --> 00:15:52,600 socialize it and position it in such a way that like, hey, this 305 00:15:52,600 --> 00:15:54,840 is going to help our business and we need to work together 306 00:15:54,840 --> 00:15:58,040 here is, is key. And, and just being very 307 00:15:58,040 --> 00:16:02,160 transparent here, Like when I talk to an identity team, one of 308 00:16:02,160 --> 00:16:06,760 the first things I ask is how long have you been here and what 309 00:16:06,760 --> 00:16:09,760 other change management have you been able to drive across the 310 00:16:09,760 --> 00:16:13,680 organization in that time? Because if they don't have good 311 00:16:13,680 --> 00:16:16,920 answers for that, like we know that we're going to really have 312 00:16:16,920 --> 00:16:18,960 to work with them to help them drive that change. 313 00:16:20,040 --> 00:16:23,280 So we know our primary listener is the identity practitioner. 314 00:16:23,280 --> 00:16:26,160 Obviously, identity at the center is not a generalized 315 00:16:26,160 --> 00:16:28,480 topic, right? We want to make this as 316 00:16:28,480 --> 00:16:32,480 educational as possible. So what is the right solution? 317 00:16:32,480 --> 00:16:35,960 What should identity practitioners be doing to 318 00:16:35,960 --> 00:16:38,960 getting it to get ahead of this for their organization? 319 00:16:39,840 --> 00:16:42,240 I think you have to think about it in two ways. 320 00:16:42,240 --> 00:16:45,960 One is getting it prioritized and budgeted is the number one 321 00:16:45,960 --> 00:16:47,520 thing, right? So being able to speak the 322 00:16:47,520 --> 00:16:50,240 language of the business and put it in that context. 323 00:16:51,240 --> 00:16:53,600 And then 2 is understanding what it's going to take to 324 00:16:53,600 --> 00:16:56,000 operationalize it quickly, right? 325 00:16:56,000 --> 00:17:01,120 So what we try to help our customers with is technology is 326 00:17:01,120 --> 00:17:04,400 usually the easier part. It's the people part that's more 327 00:17:04,400 --> 00:17:07,040 difficult. And so whenever we work with a 328 00:17:07,040 --> 00:17:10,359 customer, for example, like we put together an entire change 329 00:17:10,359 --> 00:17:14,599 management program for our product so that they can use to 330 00:17:14,599 --> 00:17:16,839 implement it. I'll give you a really silly 331 00:17:16,839 --> 00:17:18,680 example. So like we were deploying Pass 332 00:17:18,680 --> 00:17:21,240 for list with a large company that has like 50,000 employees 333 00:17:21,240 --> 00:17:27,520 across 40 countries and they got to like 33,000 employees in 334 00:17:27,520 --> 00:17:30,440 three months. It was amazing. 335 00:17:30,440 --> 00:17:34,200 But what they did was they spent as much money on the internal 336 00:17:34,200 --> 00:17:36,560 marketing campaign as they did the technology. 337 00:17:37,640 --> 00:17:41,560 So in any region, the 1st 100 people who signed up for 338 00:17:41,560 --> 00:17:44,760 passwords got a T-shirt that says I'm passwords, right? 339 00:17:44,760 --> 00:17:49,720 Or they got like a little Lego kit or or something that was 340 00:17:49,720 --> 00:17:52,600 branded to their organization that they could use to show off. 341 00:17:53,080 --> 00:17:55,800 And that internal marketing is every bit as important as the 342 00:17:55,800 --> 00:17:58,200 technology. Yeah, it reminds me of Jeff, 343 00:17:58,200 --> 00:18:00,560 your story right where you were rolling out. 344 00:18:00,560 --> 00:18:03,360 This was back in the day, self-service password reset. 345 00:18:03,400 --> 00:18:05,400 Yeah, which we would never do that to. 346 00:18:05,400 --> 00:18:08,160 Any right? Yeah, give away an iPad. 347 00:18:08,400 --> 00:18:10,600 Give away an iPad. Right, $400.00 that we spent on 348 00:18:10,600 --> 00:18:15,240 iPad drove way more like self-service enrollments and I I 349 00:18:15,240 --> 00:18:17,360 like the idea of making it like exclusive, right. 350 00:18:17,360 --> 00:18:20,520 So maybe it's like a living time offer, like the first 100 get 351 00:18:20,520 --> 00:18:23,000 something and when that thing is gone, it's gone. 352 00:18:23,000 --> 00:18:26,120 So you create like artificial demand, right for the thing. 353 00:18:26,120 --> 00:18:28,240 Now the thing has to be cool. I don't know if a T-shirt would 354 00:18:28,240 --> 00:18:31,800 get for me, boy, I'm sorry, but you know, a Lego or something 355 00:18:31,800 --> 00:18:34,280 that's like, you know, very unique would be very cool. 356 00:18:35,440 --> 00:18:37,720 Yeah, what this customer did, they, they gave the country 357 00:18:37,720 --> 00:18:39,360 manager because they were in 40 countries. 358 00:18:39,360 --> 00:18:43,000 They gave the country manager an iPad or a drone if it when they 359 00:18:43,000 --> 00:18:46,640 got to like 90% adoption and you'd be shocked. 360 00:18:46,640 --> 00:18:48,160 Like what? Highly paid executives are 361 00:18:48,160 --> 00:18:49,720 willing to do it for an iPad or a drone. 362 00:18:50,600 --> 00:18:52,480 Yeah. Well, and The thing is, it's 363 00:18:52,480 --> 00:18:55,720 like you're spending a lot of money when you roll out any 364 00:18:55,720 --> 00:19:00,200 technology to 50,000 people. So that incremental spent on a 365 00:19:00,200 --> 00:19:05,280 few iPads and a few Lego boxes like it's well worth the money. 366 00:19:05,800 --> 00:19:06,840 Yeah. What we've done is we've 367 00:19:06,840 --> 00:19:10,520 actually like packaged that into a solution essentially, right. 368 00:19:10,520 --> 00:19:15,600 So we, we provide all the, all the marketing content for you, 369 00:19:15,600 --> 00:19:16,800 right? So you don't have to think about 370 00:19:16,800 --> 00:19:18,080 it. We're just like, here you go. 371 00:19:18,200 --> 00:19:20,760 Here's what it could look like. Just let us know which of these 372 00:19:20,760 --> 00:19:23,120 things would resonate with your workforce the most. 373 00:19:23,760 --> 00:19:26,080 And so therefore like just meeting the customer where they 374 00:19:26,080 --> 00:19:28,520 are is is critical how? Many of your customers take you 375 00:19:28,520 --> 00:19:31,000 up on that like is that part of part of the deal? 376 00:19:31,000 --> 00:19:34,120 Say, hey, we were getting a hyper in and here's the plan for 377 00:19:34,120 --> 00:19:36,000 roll out? Like do they take that and kind 378 00:19:36,000 --> 00:19:38,360 of run with it? I'm sure they probably tweak it 379 00:19:38,360 --> 00:19:40,560 a little bit to some degree to fit their organization, but. 380 00:19:40,600 --> 00:19:42,880 I mean, we're pretty. Involved as part of that. 381 00:19:43,000 --> 00:19:45,800 We're pretty adamant about it because that's the, that's the 382 00:19:45,800 --> 00:19:47,600 main way that we can get success. 383 00:19:47,600 --> 00:19:50,920 Like look, the last, the last thing we ever want to be is 384 00:19:50,920 --> 00:19:53,640 shelfware for any customer. And there's way too many 385 00:19:53,640 --> 00:19:56,840 security solutions out there that companies will buy and they 386 00:19:56,840 --> 00:19:59,280 just sit there and they never get implemented, right? 387 00:19:59,280 --> 00:20:01,840 So how do you get an identity product implemented? 388 00:20:01,840 --> 00:20:03,520 You get people excited about it, right? 389 00:20:03,520 --> 00:20:06,600 And like when we first started this company, we're like, it's 390 00:20:06,600 --> 00:20:08,720 pastoralists, Everybody's going to want to use it. 391 00:20:09,440 --> 00:20:11,520 It's a no brainer. But that's not the case. 392 00:20:11,520 --> 00:20:14,080 The fact is, people don't like change, even if it's a positive 393 00:20:14,080 --> 00:20:16,280 change. And so you have to drive that 394 00:20:16,280 --> 00:20:18,520 change some other way. Yeah, that's a great point. 395 00:20:18,760 --> 00:20:22,160 So I think the other thing is like identity practitioners are 396 00:20:22,160 --> 00:20:25,800 kind of wired to bring people together. 397 00:20:25,880 --> 00:20:28,680 I mean it's one of them few technology I think in the 398 00:20:28,680 --> 00:20:32,120 enterprise where it's like you touch so much of the business 399 00:20:32,400 --> 00:20:35,520 even if even though you're doing like IT security. 400 00:20:36,360 --> 00:20:40,480 So my question is what advice would you give for the practice? 401 00:20:40,480 --> 00:20:43,600 Like who do they need to be reaching out to and building 402 00:20:43,600 --> 00:20:47,400 these alliances and kind of what is the message that they take 403 00:20:47,400 --> 00:20:50,480 along, I mean, leveraging that framework that you talked about? 404 00:20:51,280 --> 00:20:54,040 Yeah, in terms of the internal stakeholders building alignment 405 00:20:54,040 --> 00:20:57,080 there, that's key. So if you look at the typical 406 00:20:57,080 --> 00:21:02,360 enterprise, right, do you have, you have the HR team who's who's 407 00:21:02,360 --> 00:21:04,880 involved in the onboarding process, you typically have a 408 00:21:04,880 --> 00:21:10,560 digital workplace folks, right? These are individuals who manage 409 00:21:10,560 --> 00:21:14,120 things like, you know, the Windows 11 upgrade and stuff 410 00:21:14,120 --> 00:21:16,360 like that, right? And, and they, they also tend to 411 00:21:16,360 --> 00:21:20,880 have a stranglehold on what goes on the endpoint, right? 412 00:21:20,880 --> 00:21:25,320 And then you have obviously the, the executive level team where 413 00:21:25,320 --> 00:21:28,800 if somebody complaints about a change management thing, they're 414 00:21:28,800 --> 00:21:32,520 the first ones who are going to, you know, go to the CIO or the 415 00:21:32,520 --> 00:21:35,560 CEO and say, like, what the Hell's the identity team doing? 416 00:21:35,560 --> 00:21:38,320 Like my, my users hate this, right? 417 00:21:39,280 --> 00:21:44,400 And then and then you have the help desk, right, Because if 418 00:21:44,400 --> 00:21:46,360 people have trouble with that technology, they're going to 419 00:21:46,360 --> 00:21:47,760 pick up the phone and call the help desk. 420 00:21:47,760 --> 00:21:50,800 If the help desk is not fully prepared to handle that request, 421 00:21:51,640 --> 00:21:54,480 that's going to come your way really fast and it's not going 422 00:21:54,480 --> 00:21:56,880 to be pretty. So building that consensus 423 00:21:56,880 --> 00:22:01,000 within your organization of the individuals that you know are 424 00:22:01,000 --> 00:22:04,520 going to need to be a part of this and starting early, like 425 00:22:04,520 --> 00:22:08,000 especially, you know, some of these teams, they have, you 426 00:22:08,000 --> 00:22:09,600 know, three month change windows. 427 00:22:10,520 --> 00:22:12,960 So if you want to get something done in the next 6 months, if 428 00:22:12,960 --> 00:22:15,320 you're not talking to them six months ahead, like it's not 429 00:22:15,320 --> 00:22:17,520 going to happen or giving them the heads up. 430 00:22:18,480 --> 00:22:21,240 So I think building that consensus early and, and often 431 00:22:21,240 --> 00:22:23,040 is, is key. And you can't just show up at 432 00:22:23,040 --> 00:22:25,000 the last minute say like, hey, can you do this for me? 433 00:22:25,000 --> 00:22:28,200 Like that's not how it works. You know, Jeff and I, during our 434 00:22:28,200 --> 00:22:31,880 day job, we worked with the clients implementing identity 435 00:22:31,880 --> 00:22:33,920 solutions. I think one of the things that 436 00:22:33,920 --> 00:22:37,400 we've seen for a long time is still around today is identity 437 00:22:37,400 --> 00:22:40,160 sprawl. And So what did you get from 438 00:22:40,160 --> 00:22:41,200 you? Like kind of. 439 00:22:41,200 --> 00:22:44,240 What does that mean to you and why is that a problem? 440 00:22:44,520 --> 00:22:48,040 This is one of my pet peeves of the identity industry is like 441 00:22:48,040 --> 00:22:52,440 when when I talk to identity teams, they tend to tell me 442 00:22:52,440 --> 00:22:56,000 like, we are working on foundational things right now. 443 00:22:56,440 --> 00:22:59,400 And so we're going to take our five ID PS and we're going to 444 00:22:59,400 --> 00:23:02,360 consolidate it into one. And then everything is going to 445 00:23:02,360 --> 00:23:04,680 be great. And then what happens? 446 00:23:04,680 --> 00:23:08,440 They get 20% of the way there and then they acquire another 447 00:23:08,440 --> 00:23:12,880 company that has three more ID PS and then they're like, oh, 448 00:23:13,080 --> 00:23:14,600 now we got to start all over again. 449 00:23:14,600 --> 00:23:16,880 So then then they start planning and so on and so forth. 450 00:23:17,680 --> 00:23:21,160 So the reality is consolidating everything into a single 451 00:23:21,160 --> 00:23:26,120 identity source is a fallacy. Like it is it, it's possible in 452 00:23:26,120 --> 00:23:29,360 smaller companies that don't change very much. 453 00:23:29,720 --> 00:23:31,640 But guess what, if you're a smaller company, don't don't 454 00:23:31,640 --> 00:23:33,240 change very much, you're not going to become a bigger 455 00:23:33,240 --> 00:23:34,360 company. All right. 456 00:23:34,360 --> 00:23:39,240 So you, you really have to think about how do you implement these 457 00:23:39,240 --> 00:23:43,000 baseline security controls that are key to stop phishing and 458 00:23:43,000 --> 00:23:47,000 social engineering across that identity landscape, right? 459 00:23:47,000 --> 00:23:49,560 And so that also gives you flexibility because now if you 460 00:23:49,560 --> 00:23:53,400 acquire another IDP for whatever reason or some line of business 461 00:23:53,400 --> 00:23:56,720 decides to go rogue and just deploy another IDP because they 462 00:23:56,720 --> 00:23:58,480 feel like it. Do that. 463 00:23:58,480 --> 00:24:00,800 Come on. You can bring it into the fold 464 00:24:00,800 --> 00:24:04,040 from an authentication experience really quickly. 465 00:24:04,520 --> 00:24:07,280 And what that then provides you is if your authentication 466 00:24:07,280 --> 00:24:09,880 experience is consistent across your identities. 467 00:24:10,600 --> 00:24:14,000 Then if you do want to consolidate ID PS down the road 468 00:24:14,000 --> 00:24:17,080 for whatever reason and you want to simplify that, it becomes 469 00:24:17,080 --> 00:24:20,760 more of a back office function than something that is affecting 470 00:24:20,760 --> 00:24:22,640 the end user on a day-to-day basis. 471 00:24:23,240 --> 00:24:25,680 Is that what you're touching on earlier in the podcast to talk 472 00:24:25,680 --> 00:24:29,480 about leveraging these existing tools, which I think is 473 00:24:29,480 --> 00:24:32,800 something that every practitioner wants to do, right? 474 00:24:32,800 --> 00:24:35,680 We spent this money, we put these tools in place. 475 00:24:35,880 --> 00:24:38,920 We don't want to just have to RIP them out every five years. 476 00:24:39,160 --> 00:24:41,960 Is that where you're getting at, or was there something deeper? 477 00:24:42,320 --> 00:24:44,560 That's exactly it. And then there's an additional 478 00:24:44,560 --> 00:24:47,800 part of it, right, which is, you know, I talked to, I talked to 479 00:24:47,800 --> 00:24:50,960 identity and security teams. And sometimes they'll say, if I 480 00:24:50,960 --> 00:24:53,160 could take the worst authentication experience in my 481 00:24:53,160 --> 00:24:56,200 company and just make it consistent across all my users, 482 00:24:56,200 --> 00:24:59,720 it will be way better than what we have now because the 483 00:24:59,720 --> 00:25:03,400 consistency is so important. And then 2 is being able to 484 00:25:03,400 --> 00:25:07,240 leverage existing investments. So you know what, if you're an 485 00:25:07,240 --> 00:25:10,120 identity practitioner inside your company, you know what 486 00:25:10,120 --> 00:25:11,800 security people really like to hear? 487 00:25:12,240 --> 00:25:13,400 They like it when you go to them. 488 00:25:13,400 --> 00:25:16,440 You say, hey, you guys just spent millions of dollars on 489 00:25:16,440 --> 00:25:19,520 crowd strike. This identity thing I'm doing 490 00:25:19,520 --> 00:25:22,000 over here can talk to crowd strike really well. 491 00:25:22,720 --> 00:25:25,000 And I can actually take the data from the tool that you just 492 00:25:25,000 --> 00:25:27,280 spent a lot of money and put your career on the line 493 00:25:27,280 --> 00:25:30,920 investing in and I can get you more value from it. 494 00:25:32,680 --> 00:25:35,440 That's the language that security teams speak and that's 495 00:25:35,440 --> 00:25:37,800 what they like to hear. Instead of coming in and saying, 496 00:25:39,000 --> 00:25:41,000 here's what we're going to do and here's how it's going to 497 00:25:41,000 --> 00:25:43,560 impose this change management and here's like what you have to 498 00:25:43,560 --> 00:25:45,240 do in order to make my project work. 499 00:25:45,560 --> 00:25:46,640 All right, So it's a give and take. 500 00:25:47,160 --> 00:25:49,640 Some may flip that. I think a lot of people it 501 00:25:49,640 --> 00:25:51,800 resonates right to say, OK, let's get the most accountable 502 00:25:51,800 --> 00:25:55,760 tools we have, but at some point those tools are not good enough 503 00:25:55,760 --> 00:25:59,040 anymore. How, how do you know when that 504 00:25:59,040 --> 00:26:01,040 is the case? Like when is it time to move on 505 00:26:01,040 --> 00:26:06,600 and say, OK, we got X number of years out of this thing and it's 506 00:26:06,600 --> 00:26:08,560 time to move on? Like how do you have that 507 00:26:08,560 --> 00:26:10,760 conversation? How do you recognize that? 508 00:26:11,400 --> 00:26:14,120 That's a really good question. And I think it's, it's a tough 509 00:26:14,120 --> 00:26:18,720 one because often times individuals have built their 510 00:26:18,720 --> 00:26:21,840 careers around specific tools, right? 511 00:26:21,840 --> 00:26:24,840 You go on LinkedIn and the first line on somebody's LinkedIn 512 00:26:24,840 --> 00:26:28,520 profile is I'm a sail point. So and so, right? 513 00:26:28,520 --> 00:26:30,640 And it's like, wow, that's your career, right? 514 00:26:30,640 --> 00:26:33,280 And, and I think that's a mistake. 515 00:26:33,280 --> 00:26:36,040 I think, you know, most sophisticated identity and 516 00:26:36,040 --> 00:26:40,400 security teams, they have programs that protect them from 517 00:26:40,640 --> 00:26:45,040 being beholden to a specific vendor, right? 518 00:26:45,040 --> 00:26:48,040 And, and those are the teams that I've seen be most mature. 519 00:26:48,040 --> 00:26:50,560 So I think anytime you onboard A vendor, you have to think about 520 00:26:50,560 --> 00:26:54,640 the exit plan for that vendor. And it's that exit plan a month, 521 00:26:54,680 --> 00:26:59,040 a year or three years because depending on what you have, it 522 00:26:59,040 --> 00:27:01,840 could be really, really long. Like most financial institutions 523 00:27:01,840 --> 00:27:05,960 still run on Rack F, you're not moving off of that anytime soon. 524 00:27:06,720 --> 00:27:09,440 So I think for identity especially, it's the same 525 00:27:09,440 --> 00:27:12,480 because identity is, is the perimeter, as we like to say. 526 00:27:12,720 --> 00:27:14,600 And so it's something that people interact with. 527 00:27:14,600 --> 00:27:17,040 So I think if you have an existing vendor, you need to 528 00:27:17,040 --> 00:27:19,400 have an exit plan for that vendor if you don't put one 529 00:27:19,400 --> 00:27:24,560 together. And two is like any vendor 530 00:27:24,560 --> 00:27:29,840 relationship is, is key and it's about trust at the end of the 531 00:27:29,840 --> 00:27:31,280 day. So do they say that? 532 00:27:31,440 --> 00:27:34,160 Do they do the thing that they say they're going to do if they 533 00:27:34,160 --> 00:27:36,120 say they're going to have a specific feature that you 534 00:27:36,120 --> 00:27:39,200 requested in three months or six months and they don't deliver 535 00:27:39,200 --> 00:27:42,360 for two years, like writings on the wall there that like the 536 00:27:42,360 --> 00:27:44,880 thing that they're doing, the thing that you need is not their 537 00:27:44,880 --> 00:27:47,160 priority. And you should think about that 538 00:27:48,280 --> 00:27:52,200 at the same time, like how resilient are your vendors? 539 00:27:52,200 --> 00:27:57,280 Third party risk is probably the biggest area of risk of growth 540 00:27:57,400 --> 00:28:01,880 in in the industry right now where, you know, most vendors 541 00:28:01,880 --> 00:28:05,080 don't have the security that the bank that's buying that vendor 542 00:28:05,080 --> 00:28:07,120 does, right? So how do you make sure that 543 00:28:07,520 --> 00:28:10,120 your vendors have the third party risk controls in place 544 00:28:10,120 --> 00:28:12,800 that they need to? Otherwise if they're not taking 545 00:28:12,800 --> 00:28:15,920 it seriously like it's not, it's a non starter. 546 00:28:16,800 --> 00:28:19,800 We talked a little bit earlier about identity verification. 547 00:28:19,800 --> 00:28:22,920 I feel like this is one of the areas that from a technology 548 00:28:22,920 --> 00:28:27,000 perspective is the most different from 5-10 years ago 549 00:28:27,000 --> 00:28:31,160 where it's now document based verification technology tools. 550 00:28:32,720 --> 00:28:37,880 I want to get to how, how prevalent should they be or will 551 00:28:37,880 --> 00:28:41,040 they be in the enterprise? But before that, I just wanted 552 00:28:41,040 --> 00:28:44,480 to give a recognition that you know, we're at the authenticate 553 00:28:44,480 --> 00:28:47,760 conference and obviously it's like pass keys are the number 554 00:28:47,760 --> 00:28:50,400 one thing. But you wonder, OK, where's 555 00:28:50,440 --> 00:28:53,280 Fido? The Fido standards going to take 556 00:28:53,280 --> 00:28:57,080 things in the future of Fido Alliance going to take things in 557 00:28:57,080 --> 00:29:00,760 the future. And we had Nishant, their CTO, 558 00:29:00,760 --> 00:29:03,960 on a few episodes ago and he talked about identity 559 00:29:03,960 --> 00:29:06,600 verification. It's like having a verified 560 00:29:06,600 --> 00:29:10,560 identity and then doing authentication in a strong way. 561 00:29:10,560 --> 00:29:13,080 It's like now you're talking about the Holy Grail. 562 00:29:13,680 --> 00:29:16,560 Yeah, look to tackle that. Like if you look at most 563 00:29:16,560 --> 00:29:19,640 enterprises right now, identity verification means kDa. 564 00:29:20,200 --> 00:29:22,480 This is what Street did you grow up on and what's your manager's 565 00:29:22,480 --> 00:29:25,320 name? And I think we all know that 566 00:29:25,320 --> 00:29:28,480 that's not acceptable anymore right now on the consumer side 567 00:29:28,480 --> 00:29:33,000 of things, identity verification has been much more mature 568 00:29:33,000 --> 00:29:36,360 recently, especially since the pandemic started, where if 569 00:29:36,360 --> 00:29:38,600 you're signing up for an Uber account or something now or a 570 00:29:38,600 --> 00:29:41,960 Lime scooter app, like you have to scan your driver's license or 571 00:29:41,960 --> 00:29:45,320 a document, right? And so the issue is the 572 00:29:45,320 --> 00:29:47,760 documented verification piece for identity verification 573 00:29:47,760 --> 00:29:50,280 doesn't really translate as much to the workforce. 574 00:29:50,720 --> 00:29:53,320 Like you need more flexibility because you have employees all 575 00:29:53,320 --> 00:29:55,560 over the world. You have employees who don't 576 00:29:55,560 --> 00:29:58,240 have driver's licenses, you know, or, or things like that, 577 00:29:58,240 --> 00:30:02,080 where they can reliably use that as a source of proving 578 00:30:02,080 --> 00:30:05,440 themselves. Additionally, in order to prove 579 00:30:05,440 --> 00:30:08,640 somebody's identity. Well, if you look at the average 580 00:30:08,640 --> 00:30:11,360 enterprise where the where's that person's information 581 00:30:11,360 --> 00:30:14,680 actually stored that you need to verify, some of it is in work 582 00:30:14,680 --> 00:30:17,240 day, they're human Capital Management system, some of it is 583 00:30:17,240 --> 00:30:19,320 in their ID. PS Right. 584 00:30:19,320 --> 00:30:24,080 Some of it is in their, their, their HR and healthcare systems. 585 00:30:24,480 --> 00:30:26,360 So when you're proving an employee's identity, you have to 586 00:30:26,360 --> 00:30:28,840 be able to go into all those things, pull it down and then 587 00:30:28,840 --> 00:30:30,360 use that information to verify them. 588 00:30:31,120 --> 00:30:34,640 So you have to have a lot more flexibility and orchestration in 589 00:30:34,640 --> 00:30:36,840 the way that you're verifying employees identities. 590 00:30:36,920 --> 00:30:39,560 And that's where we've really seen a good product market fit 591 00:30:40,600 --> 00:30:45,000 to the point where now our our customers are regularly 592 00:30:45,000 --> 00:30:49,320 verifying employees at scale. Yeah, seems like there's a 593 00:30:49,320 --> 00:30:52,760 certain level of friction involved with verification. 594 00:30:53,040 --> 00:30:55,680 I think in some of these cases, absolutely necessary. 595 00:30:55,680 --> 00:31:00,920 But you know, I feel like in the enterprise the ability to insert 596 00:31:00,920 --> 00:31:04,400 friction into the process would be a lot higher, but it seems 597 00:31:04,400 --> 00:31:06,680 like there is a resistance there. 598 00:31:06,680 --> 00:31:11,080 What what's your philosophy in terms of like inserting friction 599 00:31:11,080 --> 00:31:14,240 into the process? Look on on the employee side, at 600 00:31:14,240 --> 00:31:16,240 least here in the United States, it's a little bit simpler, 601 00:31:16,240 --> 00:31:17,600 right? It's like you're a net will 602 00:31:17,600 --> 00:31:18,880 employee and we give you a paycheck. 603 00:31:18,880 --> 00:31:22,040 So you need to do it like that's, that's the mentality of 604 00:31:22,040 --> 00:31:23,480 a lot of companies. But when you look at 605 00:31:23,480 --> 00:31:27,360 international organizations, it, it varies and you also have to 606 00:31:27,360 --> 00:31:30,880 have different levels of control for different personas within 607 00:31:30,880 --> 00:31:33,600 the organization, right. So my employee who works in a 608 00:31:33,600 --> 00:31:36,520 factory who logs into stuff twice a year to download their 609 00:31:36,520 --> 00:31:40,040 W2, like do I need to put them through the same process as I 610 00:31:40,040 --> 00:31:43,560 would my system engineer who you know has access to our AWS 611 00:31:43,600 --> 00:31:44,880 infrastructure? No. 612 00:31:45,160 --> 00:31:48,080 So that flexibility is is really important to have. 613 00:31:49,360 --> 00:31:52,320 And then working with this is where identity is working with 614 00:31:52,320 --> 00:31:56,280 the legal department to really help them have an understanding 615 00:31:56,280 --> 00:31:59,680 of these processes is important because if you are doing 616 00:31:59,680 --> 00:32:04,040 something like a biometric match or a document scan as part of 617 00:32:04,040 --> 00:32:08,520 that verification process, your employee, your, your more 618 00:32:08,520 --> 00:32:12,960 privacy conscious employees will write a letter to HR or to legal 619 00:32:12,960 --> 00:32:17,000 and say, WTF is this? And they need to have a prepared 620 00:32:17,000 --> 00:32:20,160 set of answers, right? Or, or tackle those upfront. 621 00:32:20,920 --> 00:32:24,560 And so this is where another reason that identity has to work 622 00:32:24,560 --> 00:32:28,240 with internal stakeholders more. OK, so I'm going to cross my 623 00:32:28,360 --> 00:32:31,080 barns here and put my jaded Cecil hat on. 624 00:32:31,520 --> 00:32:35,440 What is it about Hyper that makes you guys unique in this 625 00:32:35,440 --> 00:32:37,080 space? Right, Because there's so many 626 00:32:37,080 --> 00:32:39,520 different identity tools, there's a lot of overlap. 627 00:32:39,640 --> 00:32:41,120 I'm sure you've got competitors out there. 628 00:32:41,680 --> 00:32:43,880 What is it that you think that makes Hyper special? 629 00:32:44,960 --> 00:32:47,560 So what makes Hyper a little bit different from most identity 630 00:32:47,560 --> 00:32:51,520 companies is we started out as a security company and and we 631 00:32:51,520 --> 00:32:55,960 started as a security company 11 years ago when there were very, 632 00:32:55,960 --> 00:32:59,560 very few or none identity focused security companies, 633 00:33:00,360 --> 00:33:01,880 right. So we started out in that 634 00:33:01,880 --> 00:33:05,080 landscape from the get go. So what, what does that mean? 635 00:33:05,920 --> 00:33:09,160 That means that we built resiliency trust controls into 636 00:33:09,160 --> 00:33:12,040 the product from the get go. We built scale into the product 637 00:33:12,040 --> 00:33:14,440 from the get go. We understood that if hyper is 638 00:33:14,440 --> 00:33:16,720 not working, our customers aren't working, right? 639 00:33:16,720 --> 00:33:20,240 And then we're really focused on the areas where there were 640 00:33:20,240 --> 00:33:22,920 massive security gaps. So one of the first things we 641 00:33:22,920 --> 00:33:26,240 implemented was what we call desktop MFA, right? 642 00:33:26,240 --> 00:33:29,120 As we realized most companies don't have MFA when they're 643 00:33:29,120 --> 00:33:32,000 logging into their endpoints. Let's build that, let's provide 644 00:33:32,000 --> 00:33:34,800 that to the security teams and many banks purchase that and, 645 00:33:34,800 --> 00:33:38,200 and use it today. The other thing that we did was, 646 00:33:38,200 --> 00:33:40,800 which was very differentiating was we built our identity 647 00:33:40,800 --> 00:33:45,640 verification capability focus for the workforce, right? 648 00:33:45,640 --> 00:33:48,400 So we noticed we, we were talking to, this was like 5 649 00:33:48,400 --> 00:33:50,280 years ago, we were talking to some of the Swiss banks. 650 00:33:51,840 --> 00:33:53,760 We're like, what do you do if somebody forgets a password? 651 00:33:53,760 --> 00:33:57,840 And they had the system where you could go to any two people 652 00:33:57,840 --> 00:34:01,720 in your company and they could request a part of your password 653 00:34:01,720 --> 00:34:06,680 for you. And then they can give you, you 654 00:34:06,680 --> 00:34:08,560 know, your password and in those multiple parts. 655 00:34:08,560 --> 00:34:11,000 And it's all tracked through an accountability system. 656 00:34:11,880 --> 00:34:16,239 So we built a vouching system into our identity verification 657 00:34:16,239 --> 00:34:19,280 product where other people you work with would vouch for you 658 00:34:19,280 --> 00:34:21,920 over a video chat and then you could automatically be issued a 659 00:34:21,920 --> 00:34:26,040 new credential, right. So we took these best practices 660 00:34:26,040 --> 00:34:29,400 that were being implemented ad hoc or manually in the real 661 00:34:29,400 --> 00:34:32,040 world at some of the most sophisticated organizations and 662 00:34:32,040 --> 00:34:35,600 brought them to every business. And so we're not an IDP as a 663 00:34:35,600 --> 00:34:39,000 company, we don't try to be. We think that is a well 664 00:34:39,000 --> 00:34:42,960 commoditized space. We really try to fit into our 665 00:34:43,120 --> 00:34:46,159 our customers existing ecosystems and bring them best 666 00:34:46,159 --> 00:34:49,360 in breed controls such as password list, identity 667 00:34:49,360 --> 00:34:52,080 verification for their employees, orchestration between 668 00:34:52,320 --> 00:34:55,199 their security tools and their identity tools that they 669 00:34:55,199 --> 00:34:57,960 typically don't have so they can fill those key gaps. 670 00:34:58,800 --> 00:35:00,120 So what's it take to set this up then? 671 00:35:00,120 --> 00:35:03,000 Is this let's say I've got a primary IDP already right? 672 00:35:03,000 --> 00:35:05,480 Microsoft Ping, Octa, etcetera, right? 673 00:35:05,960 --> 00:35:10,320 What does it take for me as AI am administrator to set up 674 00:35:10,600 --> 00:35:13,320 Hyper? You log in, you choose which 675 00:35:13,320 --> 00:35:16,680 identity tools you have. So you choose Octa, Antra, Ping, 676 00:35:17,480 --> 00:35:20,600 and you provide authentication credentials to those. 677 00:35:20,600 --> 00:35:23,680 AP is and then we pulled it, pull it all in, and then we 678 00:35:23,680 --> 00:35:25,680 enable these capabilities for users. 679 00:35:25,680 --> 00:35:29,440 So if you're like an Octa or Entre customer, you can have 680 00:35:29,440 --> 00:35:31,520 users up and running with Hyper in 15 minutes. 681 00:35:32,440 --> 00:35:36,520 That's pretty fast. How do people measure success 682 00:35:36,520 --> 00:35:38,280 with this? So it's kind of one of those 683 00:35:38,280 --> 00:35:39,720 things like, OK, why logged in, great. 684 00:35:39,720 --> 00:35:43,480 Like that's the expected result. What is a way that your 685 00:35:43,480 --> 00:35:46,760 customers have found to measure to say, OK, yeah, we are getting 686 00:35:46,760 --> 00:35:48,720 what we're paying for from hyper? 687 00:35:49,320 --> 00:35:51,600 Yeah, we helped them track with. So we have this identity 688 00:35:51,600 --> 00:35:56,000 assurance score essentially within our product where you can 689 00:35:56,000 --> 00:35:59,640 see the value you're getting from it in real time, right. 690 00:35:59,640 --> 00:36:02,440 So we, we can show you like, here's how many of your 691 00:36:02,440 --> 00:36:05,320 authentications that people are doing today are fishing 692 00:36:05,320 --> 00:36:07,560 resistant and here's how many are vulnerable to fishing. 693 00:36:07,960 --> 00:36:10,680 Here's how much money you're saving on credential resets 694 00:36:10,680 --> 00:36:12,760 because people are no longer calling to help desk. 695 00:36:13,720 --> 00:36:16,840 Here's how much money you're saving in productivity because 696 00:36:16,840 --> 00:36:19,840 your employees aren't locked out because they typed in a password 697 00:36:19,840 --> 00:36:21,320 wrong too many times that morning. 698 00:36:22,040 --> 00:36:25,280 So having these hard metrics that people can like share with 699 00:36:25,280 --> 00:36:29,400 their broader business is key because that's how ultimately 700 00:36:29,400 --> 00:36:32,960 they justified the investment. And look, we, we like to start 701 00:36:32,960 --> 00:36:36,560 with our customers smaller, sort of like let us prove our value 702 00:36:36,560 --> 00:36:38,000 to you and then we'll grow together. 703 00:36:39,640 --> 00:36:43,800 So you mentioned a few things to me that I just jotting notes 704 00:36:43,800 --> 00:36:47,320 down as we were preparing and one that jumped off the page to 705 00:36:47,320 --> 00:36:50,360 me was never leave use of Stranded. 706 00:36:50,640 --> 00:36:53,000 I thought that was so cool. What does it mean? 707 00:36:54,160 --> 00:36:56,160 So picture this. You're on vacation with your 708 00:36:56,160 --> 00:37:01,600 family, right? And you lose your phone and your 709 00:37:01,600 --> 00:37:06,240 phone has your MFA on it. And you know, you're, you're, 710 00:37:07,040 --> 00:37:10,920 you really need to take care of an e-mail or send some report. 711 00:37:10,920 --> 00:37:13,560 And you're like, oh, man, I can't get in. 712 00:37:14,440 --> 00:37:17,120 So you don't have your phone. You know, you have your laptop, 713 00:37:17,120 --> 00:37:19,040 but you need MFA to access things. 714 00:37:19,800 --> 00:37:21,280 What do you do? Right? 715 00:37:21,280 --> 00:37:26,720 And so call up the help desk and you say, hey, I know, I know, we 716 00:37:26,720 --> 00:37:29,160 have corporate issued phones, but you know, my wife has her 717 00:37:29,160 --> 00:37:31,400 phone. Can I get the MFA on her phone? 718 00:37:31,760 --> 00:37:35,880 No, you can't do that. And so employees have to go 719 00:37:35,880 --> 00:37:38,920 through so many hoops to prove that they are who they say they 720 00:37:38,920 --> 00:37:40,320 are. And lots of times they don't 721 00:37:40,320 --> 00:37:42,600 have the things available to them to prove that. 722 00:37:43,600 --> 00:37:48,400 So what we built is a orchestration layer for identity 723 00:37:48,400 --> 00:37:53,360 verification, where in the worst case you can always get through, 724 00:37:54,840 --> 00:37:56,800 right. So if you don't have your phone 725 00:37:56,800 --> 00:37:59,080 number and you can't do OTP, that's OK. 726 00:37:59,080 --> 00:38:01,800 You can do something else. If you're in the wrong, if 727 00:38:01,800 --> 00:38:05,000 you're, if you're not in the right location, it's OK, you can 728 00:38:05,000 --> 00:38:07,040 do something else. If you can't scan your driver's 729 00:38:07,040 --> 00:38:09,840 license, that's fine. Maybe you lost your maybe like 730 00:38:10,160 --> 00:38:12,080 my phone has my driver's license on the back of it. 731 00:38:12,080 --> 00:38:17,520 If I lose my phone, it's over. So then what can you do you? 732 00:38:17,520 --> 00:38:21,040 Well, we can put you, we can use any browser at any hotel kiosk 733 00:38:21,040 --> 00:38:23,720 to put you on a video chat with your manager or somebody you 734 00:38:23,720 --> 00:38:26,480 work with who can vouch for you, right? 735 00:38:26,480 --> 00:38:30,000 And so always having a way for an employee to get through and 736 00:38:30,000 --> 00:38:33,960 never leaving them stranded is so key because us identity 737 00:38:33,960 --> 00:38:36,560 people, we love to get hung up on the edge cases. 738 00:38:37,240 --> 00:38:40,320 And so being able to always have a way through is so important. 739 00:38:40,320 --> 00:38:42,200 But it's not going to work this 1% of the time. 740 00:38:42,240 --> 00:38:43,920 So we got to hold everything up. Come on. 741 00:38:44,600 --> 00:38:47,080 Football. And that tags along with the 742 00:38:47,080 --> 00:38:51,480 next one that I took note of which was talked about it being 743 00:38:51,760 --> 00:38:55,360 authentication being a Tier 0 capability. 744 00:38:55,360 --> 00:38:58,640 In other words, it how many nines do you have has to be up 745 00:38:58,960 --> 00:39:00,640 all the time. All the nines. 746 00:39:00,680 --> 00:39:03,280 And people stranded. You can't have it work. 747 00:39:03,280 --> 00:39:06,160 Well, everything except Sunday night at 2:00 in the morning. 748 00:39:06,920 --> 00:39:08,480 It's just got to work. Yeah. 749 00:39:08,760 --> 00:39:11,760 And that's that's where the resiliency piece comes into play 750 00:39:11,760 --> 00:39:14,680 so much, right. It's like, does this thing work 751 00:39:14,680 --> 00:39:19,320 across multiple regions, multiple multiple availability 752 00:39:19,320 --> 00:39:21,160 zones? How does it fall back? 753 00:39:21,160 --> 00:39:25,120 You know, like the word disaster recovery in most companies or 754 00:39:25,120 --> 00:39:27,560 most vendors is a tabletop exercise at best. 755 00:39:28,360 --> 00:39:30,840 And so how do you actually practice what you preach? 756 00:39:31,000 --> 00:39:33,760 And and that part is so key and being able to prove that at 757 00:39:33,760 --> 00:39:38,280 scale is important. So like many of the top banks in 758 00:39:38,280 --> 00:39:41,720 the country use us and, and they have hundreds of thousands of 759 00:39:41,720 --> 00:39:44,000 employees. And so if we're not working, 760 00:39:44,000 --> 00:39:47,320 they're not approving loans, they're not, you know, opening 761 00:39:47,320 --> 00:39:49,600 checking accounts, they're not doing anything. 762 00:39:49,760 --> 00:39:52,600 And that that has a fundamental impact on our economy. 763 00:39:52,600 --> 00:39:56,800 And so step number one is making sure that you're at peace with 764 00:39:56,800 --> 00:40:00,000 that, and that's the reality. And two is making sure it's part 765 00:40:00,000 --> 00:40:01,600 of your road map. And three is making sure that 766 00:40:01,600 --> 00:40:05,240 every employee truly understands the criticality of them. 767 00:40:05,960 --> 00:40:08,000 So I've been having a lot of conversations with my day job 768 00:40:08,000 --> 00:40:14,480 about resiliency and Dr. plans and where does I am fit into Dr. 769 00:40:14,480 --> 00:40:15,840 plans? Because I think most, most 770 00:40:15,840 --> 00:40:18,880 larger companies will have like ADR plan, but what happens if 771 00:40:18,880 --> 00:40:21,600 their IDP goes down? I don't know if a lot of a lot 772 00:40:21,600 --> 00:40:23,520 of companies have really thought about like their identity 773 00:40:23,520 --> 00:40:26,280 infrastructure as being that critical. 774 00:40:26,280 --> 00:40:31,560 And so yes, it has to be up. Are you seeing more of a push to 775 00:40:31,560 --> 00:40:35,760 make sure that identity is part of that Dr. strategy, that plan, 776 00:40:35,760 --> 00:40:38,400 whatever may be where, if something does go down, here is 777 00:40:38,400 --> 00:40:39,440 how we're going to recover from it. 778 00:40:40,120 --> 00:40:41,760 Absolutely. And that's where a lot of 779 00:40:41,760 --> 00:40:45,960 companies realize that they have gaps because your your ecosystem 780 00:40:45,960 --> 00:40:48,720 is only the chain is only as strong as its weakest link, 781 00:40:49,240 --> 00:40:53,040 right? And when companies do Dr. plans 782 00:40:53,040 --> 00:40:56,000 and they execute those, they realize what the weak links in 783 00:40:56,000 --> 00:40:57,920 their environment is. They're like, oh, shoot, we have 784 00:40:57,920 --> 00:40:59,920 MFA. But for these key accounts, like 785 00:40:59,920 --> 00:41:01,400 you, turns out you can bypass it. 786 00:41:02,440 --> 00:41:06,480 And so, you know, like actually doing the exercise and finding 787 00:41:06,840 --> 00:41:11,120 compensation methods that are still secure to address those 788 00:41:11,120 --> 00:41:14,160 is, is key. And, and it's something that's, 789 00:41:14,560 --> 00:41:17,240 yeah, it really started out in financial services as being a 790 00:41:17,240 --> 00:41:21,200 key control, but now it's starting to get into critical 791 00:41:21,200 --> 00:41:24,640 infrastructure and, and energy and, and a much broader set of 792 00:41:24,640 --> 00:41:27,040 verticals. So this is not a really 793 00:41:27,040 --> 00:41:29,240 fascinating conversation. Then we'll start to wrap things 794 00:41:29,240 --> 00:41:31,560 up. But there was a note on our 795 00:41:31,560 --> 00:41:33,760 notes here as we were getting set up as I, I think it's the 796 00:41:33,760 --> 00:41:35,680 first time we've had this on the show. 797 00:41:36,160 --> 00:41:38,920 There's a note that says that you're a competitive boxer in 798 00:41:38,920 --> 00:41:40,960 the past. So I definitely have to get into 799 00:41:40,960 --> 00:41:44,160 this. Keyword was it was £50 ago. 800 00:41:45,320 --> 00:41:47,520 So how long ago was this? What was it like? 801 00:41:47,520 --> 00:41:50,840 I think taking me into the mind of a competitive boxer because 802 00:41:50,840 --> 00:41:52,720 this is the first time I think we've had had that on the show. 803 00:41:54,120 --> 00:41:59,000 Yeah, I went to AI, went to a party in high school and and I 804 00:41:59,000 --> 00:42:01,120 ran it, you know, I'm, I'm, I'm a tall guy. 805 00:42:01,120 --> 00:42:04,080 I'm 6 foot 5. So I, I saw another guy that was 806 00:42:04,080 --> 00:42:07,440 taller than me and we immediately start talking and he 807 00:42:07,440 --> 00:42:10,840 told me it was a boxer. And so I, he invited me to join 808 00:42:10,840 --> 00:42:12,200 this gym. So in high school I joined this 809 00:42:12,200 --> 00:42:16,160 gym and I started boxing after that competitively and in 810 00:42:16,160 --> 00:42:22,760 college I was decent. And, and the thing about boxing 811 00:42:22,760 --> 00:42:27,000 is you have to, you have to get to a point where you truly 812 00:42:27,000 --> 00:42:29,280 believe in yourself when you're doing something, because when 813 00:42:29,280 --> 00:42:32,440 you get in the ring with somebody, like you look around 814 00:42:32,440 --> 00:42:34,440 you and there's nobody there to help you, right? 815 00:42:34,440 --> 00:42:38,840 So you have to be very confident in yourself to execute on your 816 00:42:38,840 --> 00:42:42,120 plan. And as Mike Tyson says, you 817 00:42:42,120 --> 00:42:44,560 know, everybody has a plan until they get punched in the face. 818 00:42:44,880 --> 00:42:47,440 And running a startup, you get punched in the face a lot. 819 00:42:49,040 --> 00:42:51,720 So how many fights like professionally in the 820 00:42:51,720 --> 00:42:53,600 competitive circuit and what was your record? 821 00:42:54,120 --> 00:43:03,200 I think I had like 18 fights. I think I won 12 of them and I 822 00:43:03,200 --> 00:43:06,760 was a super heavyweight and super heavyweight is anything 823 00:43:06,760 --> 00:43:11,760 over 195 lbs. And so I was like in the low 2 824 00:43:11,760 --> 00:43:16,040 hundreds at that time. And it's fascinating because as 825 00:43:16,040 --> 00:43:19,320 a super heavyweight, anything over 195 lbs is a category. 826 00:43:19,320 --> 00:43:23,880 So as a 200 LB guy, you're fighting somebody who's £300 and 827 00:43:23,920 --> 00:43:28,040 so you have to be very, very fluid in the way that you 828 00:43:28,040 --> 00:43:31,480 approach things. So it's a it's a good skill to 829 00:43:31,480 --> 00:43:33,400 have. So how much of a difference does 830 00:43:33,400 --> 00:43:37,320 that 100 lbs make in in that sort of snare? 831 00:43:37,320 --> 00:43:39,200 Right? So you're 200, someone else's 832 00:43:39,200 --> 00:43:42,520 300. Is that 100 extra pounds of pure 833 00:43:42,520 --> 00:43:45,080 muscle or is it, you know what? What? 834 00:43:45,080 --> 00:43:47,120 Butter, butter, butter bean? What was the guy's name, right? 835 00:43:47,120 --> 00:43:48,920 Like I said, like that, right? Like, you know, maybe that 836 00:43:48,920 --> 00:43:51,360 heavier set. Yeah, I boxed this guy that was 837 00:43:51,360 --> 00:43:55,560 like over 300 lbs and he was a NFL, He was a linebacker, right? 838 00:43:55,560 --> 00:43:58,720 So his his NFL career wasn't going the way he thought it 839 00:43:58,720 --> 00:44:00,960 would. So he was like, I'll try boxing. 840 00:44:01,240 --> 00:44:03,880 And the good news is like he doesn't have the stamina, but if 841 00:44:03,880 --> 00:44:06,600 you get hit, like I remember blocking a punch from this guy 842 00:44:07,000 --> 00:44:08,360 and thinking like, I didn't block it. 843 00:44:09,920 --> 00:44:14,880 So because it was so powerful. And, and so for for me, I think 844 00:44:16,320 --> 00:44:17,760 it depends. Like, you know, the bigger guys 845 00:44:17,760 --> 00:44:19,880 don't have as much energy. So if you can survive the first 846 00:44:19,880 --> 00:44:22,280 two rounds, like you're good to go, but you got to survive. 847 00:44:23,040 --> 00:44:26,320 Yeah, done. I mean, it's a workout, right? 848 00:44:26,320 --> 00:44:27,560 Just to get out there for a couple months. 849 00:44:27,560 --> 00:44:30,240 I remember I used to do Taekwondo for a long time ago 850 00:44:30,240 --> 00:44:33,640 and I would, you know, do some light competitive stuff and man, 851 00:44:33,640 --> 00:44:35,800 you'd be gassed after just a couple of rounds, you know? 852 00:44:35,920 --> 00:44:39,320 The hardest part of boxing or any sport like that is, is I 853 00:44:39,320 --> 00:44:40,680 forget. I don't know what the technical 854 00:44:40,680 --> 00:44:44,000 term for it, but my coach called it like being able to see 855 00:44:44,000 --> 00:44:46,920 punches coming. And so this whole concept of 856 00:44:46,920 --> 00:44:50,200 when somebody's trying to hit you in the face, like not 857 00:44:50,200 --> 00:44:53,560 freaking out or not holding your breath when that happens because 858 00:44:53,560 --> 00:44:56,240 when you hold your breath, your muscles get tired really fast. 859 00:44:57,080 --> 00:45:00,200 So seeing punches coming at your face and being able to breathe 860 00:45:00,200 --> 00:45:02,560 through that process is the trick. 861 00:45:02,560 --> 00:45:03,200 I. Mean. 862 00:45:03,200 --> 00:45:05,440 That's like a physiological response rising. 863 00:45:05,600 --> 00:45:06,760 Oh, here it comes. You're tensing up. 864 00:45:06,920 --> 00:45:08,680 It's like being in a car, you know, a car accident. 865 00:45:08,760 --> 00:45:12,960 Yeah, they talked about how like people who are drunk and they're 866 00:45:12,960 --> 00:45:15,000 in a car accident, they don't break as many bones. 867 00:45:15,600 --> 00:45:16,680 Because they're relaxed. Yeah. 868 00:45:17,800 --> 00:45:22,040 So all right, last question. What is the hardest that you've 869 00:45:22,040 --> 00:45:24,880 ever been hit? Like, do you remember something 870 00:45:24,880 --> 00:45:27,040 that stood out like, oh, my God. Like you mentioned the block 871 00:45:27,200 --> 00:45:28,560 where you thought you didn't block it. 872 00:45:28,960 --> 00:45:30,000 Like is there something like that? 873 00:45:30,040 --> 00:45:32,800 So one thing I was, I was an average boxer, but the one thing 874 00:45:32,800 --> 00:45:34,800 I was very proud of is I never been knocked out. 875 00:45:36,760 --> 00:45:40,320 In eight years of boxing I never got knocked out, so the closest 876 00:45:40,320 --> 00:45:41,160 I've got we'll. Try now. 877 00:45:41,160 --> 00:45:43,240 Folks who are listening don't want to have to go ahead and 878 00:45:43,240 --> 00:45:44,160 say. OK, let's do this. 879 00:45:44,240 --> 00:45:48,040 The closest I've gotten is I got it was I was fighting this guy 880 00:45:48,040 --> 00:45:54,040 who's who's boxing for the Navy and I don't remember actually 881 00:45:54,040 --> 00:45:56,480 being hit. So he hit me in my temple and I 882 00:45:56,480 --> 00:46:01,920 dropped down to 1 knee and I got the stand EA count and I came 883 00:46:01,920 --> 00:46:03,720 back. But I don't remember it actually 884 00:46:03,720 --> 00:46:06,040 happening. I just remember my coach being 885 00:46:06,040 --> 00:46:09,360 like, yeah, you got knocked down on and but you didn't like fall 886 00:46:09,360 --> 00:46:11,640 over so. You're just like, stunned, I 887 00:46:11,680 --> 00:46:12,920 guess. I mean, yeah, if I. 888 00:46:12,920 --> 00:46:18,000 Finish the fight. So you're also married with 889 00:46:18,000 --> 00:46:20,720 kids. So was the boxing career. 890 00:46:21,360 --> 00:46:26,480 Was there overlap? Because I know that most wives 891 00:46:26,480 --> 00:46:29,600 would be like done done. This is not happening. 892 00:46:29,760 --> 00:46:33,480 Go be ACEO of a technology company if you want. 893 00:46:34,080 --> 00:46:37,440 Yeah, look, I, I realized a while ago that I was not cut out 894 00:46:37,440 --> 00:46:39,640 to be a professional boxer for the long term. 895 00:46:39,840 --> 00:46:43,640 And, you know, I, I knew it because like I, I'd already had 896 00:46:43,640 --> 00:46:46,720 a career in software development and a degree in computer science 897 00:46:46,720 --> 00:46:49,120 and a job after college and I was still trying to box. 898 00:46:49,120 --> 00:46:52,320 And I was just like, I'm just not in the right headspace for 899 00:46:52,320 --> 00:46:54,120 this. And so I had to. 900 00:46:54,560 --> 00:46:57,400 Plus I got plus my boss got tired of me showing up to 901 00:46:57,400 --> 00:46:59,240 meetings with my face all busted up. 902 00:47:03,960 --> 00:47:06,640 That was great. Well, well, thanks for being 903 00:47:06,640 --> 00:47:08,600 here spending the time with us today. 904 00:47:08,920 --> 00:47:12,080 That story at the end was probably worth the price of 905 00:47:12,080 --> 00:47:15,280 admission. I'd encourage everybody to go 906 00:47:15,280 --> 00:47:22,280 out to the website hyper.com. That's hypr.com/IDC. 907 00:47:22,480 --> 00:47:26,120 There can be some unique stuff out there, so make sure you hit 908 00:47:26,120 --> 00:47:30,040 that URL specifically and anything else. 909 00:47:30,040 --> 00:47:31,600 Jeff No. Man, you were here taking it 910 00:47:31,600 --> 00:47:32,200 away. It was great. 911 00:47:32,200 --> 00:47:34,960 You mentioned the website idacpodcast.com. 912 00:47:35,760 --> 00:47:39,080 And our YouTube channel idacpodcast.tv. 913 00:47:39,080 --> 00:47:41,120 Yeah, like and subscribe and that helps us get great guests 914 00:47:41,120 --> 00:47:43,120 like Bohans. So thanks for being here, being 915 00:47:43,120 --> 00:47:45,680 part of this and we'll go and wrap it up for this week. 916 00:47:45,800 --> 00:47:46,760 Thanks. For having me. 917 00:47:46,800 --> 00:47:48,520 Yeah, thanks for being part of this. 918 00:47:48,760 --> 00:47:51,120 Thanks for watching and or listening and we'll talk with 919 00:47:51,120 --> 00:47:55,760 y'all on the next one. You've been listening to 920 00:47:55,800 --> 00:47:59,720 Identity at the Center. We hope you've enjoyed the show. 921 00:47:59,880 --> 00:48:04,000 Make sure to like, rate and review, and we'll be back soon. 922 00:48:04,280 --> 00:48:06,520 But in the meantime, hit the website at 923 00:48:06,520 --> 00:48:12,880 identity@thecenter.com. See you next time on Identity at 924 00:48:12,880 --> 00:48:13,800 the Center.