1 00:00:09,700 --> 00:00:13,000 You're listening to the identity of the center podcast, this is 2 00:00:13,000 --> 00:00:15,600 the show that talks about identity and access management 3 00:00:15,700 --> 00:00:18,600 and making sure you know who has access to what let's get 4 00:00:18,600 --> 00:00:26,600 started. Welcome to the identity of the 5 00:00:26,600 --> 00:00:28,700 sender podcast I'm Jeff and that's Jim. 6 00:00:28,700 --> 00:00:33,000 Hey Jim hey Jeff, how are you? Oh, not so bad yourself, I'm 7 00:00:33,000 --> 00:00:34,300 doing good. And I've been having some 8 00:00:34,300 --> 00:00:38,100 thoughts, you know, in our last episode kind of me. 9 00:00:38,100 --> 00:00:41,900 We're talking about is 2023 the year, the password dies. 10 00:00:42,300 --> 00:00:45,900 And that I think I made a comment something, like well 11 00:00:45,900 --> 00:00:51,100 maybe we should say is this, the decade that pastors died and I 12 00:00:51,108 --> 00:00:55,400 got the thinking about it. It's like, yeah, this cast 13 00:00:56,200 --> 00:01:01,000 really you know covers the gamut of identity management identity 14 00:01:01,000 --> 00:01:05,500 access management and I also think we have to be careful when 15 00:01:05,500 --> 00:01:07,900 we talk about things because when I made a statement like 16 00:01:07,900 --> 00:01:12,500 that it's almost like giving permission or it's okay to let 17 00:01:12,500 --> 00:01:18,800 the password kind of devolve and I started to think about okay if 18 00:01:18,800 --> 00:01:22,200 a breach occurs because the password password is kind of 19 00:01:22,200 --> 00:01:26,200 pointed to as the reason why Your company's on the front page 20 00:01:26,200 --> 00:01:30,200 of the New York Times, whose fault, is that going to be? 21 00:01:30,800 --> 00:01:35,400 And I kind of thought about it. From the perspective of, you 22 00:01:35,400 --> 00:01:39,300 know, this is always kind of been one of my feelings, whether 23 00:01:39,300 --> 00:01:45,200 it was in it or in information security and you're talking to 24 00:01:45,200 --> 00:01:49,500 leadership and you're trying to get funds allocated to do 25 00:01:49,500 --> 00:01:51,800 something right to kill the password, is going to cost some 26 00:01:51,800 --> 00:01:53,600 money. You're gonna have to implement 27 00:01:53,600 --> 00:01:56,700 some technology to To get rid of the password or you're going to 28 00:01:56,708 --> 00:02:00,000 have to have a project at least to get rid of the password. 29 00:02:00,300 --> 00:02:03,800 And so you're going to have to communicate to business 30 00:02:03,800 --> 00:02:05,800 leadership of why they should take some money. 31 00:02:05,800 --> 00:02:08,699 And instead of returning it to shareholders, they should spend 32 00:02:08,699 --> 00:02:14,900 it on password list technology. And I think at the very least, 33 00:02:15,400 --> 00:02:20,900 we've got to make them understand why the password has 34 00:02:20,900 --> 00:02:24,600 to go away and it's, you know, it's at the center of so many of 35 00:02:24,608 --> 00:02:28,600 these These breaches as becoming more, and more of a, of a part 36 00:02:28,600 --> 00:02:30,900 of that kind of threat landscape. 37 00:02:31,100 --> 00:02:34,500 You look at some of the, the breaches that have taken place 38 00:02:34,800 --> 00:02:39,000 over the past year and the passwords were at the center of 39 00:02:39,000 --> 00:02:41,600 those. And so, you know, kind of the 40 00:02:41,600 --> 00:02:45,500 perspective that I'm coming back with is just, you know, I think 41 00:02:45,500 --> 00:02:48,800 I oversaw from by saying I'll we, you know, just a decade. 42 00:02:48,800 --> 00:02:51,900 The password guys, maybe that is what truly happens. 43 00:02:52,200 --> 00:02:57,100 But as I am practitioners. It's our responsibility to 44 00:02:57,100 --> 00:03:01,800 communicate up to our leadership, to make them 45 00:03:01,800 --> 00:03:04,300 understand why. This is something that should 46 00:03:04,300 --> 00:03:07,400 happen. Now, happened this year happen, 47 00:03:07,400 --> 00:03:10,700 as soon as possible and why it's worth the investment for your 48 00:03:10,700 --> 00:03:13,900 thoughts. I have, I have a few thoughts, 49 00:03:14,200 --> 00:03:15,900 alright? So, the first thing is, I think 50 00:03:15,900 --> 00:03:20,300 it's realistic to say that this is the decade, rather than 51 00:03:20,300 --> 00:03:23,800 trying to try to shoehorn in a seismic change. 52 00:03:23,800 --> 00:03:25,800 Like this, I mean, what we're talking about is password, 53 00:03:25,800 --> 00:03:28,000 right? It is literally the only lock 54 00:03:28,400 --> 00:03:32,100 on, I don't know, 90% of the resources that are out there. 55 00:03:32,100 --> 00:03:34,600 It's usually just an ID and password may be. 56 00:03:34,600 --> 00:03:37,700 That you have some areas that do MFA or have some other fancy 57 00:03:37,700 --> 00:03:40,500 types of authentication. But you're talking about 58 00:03:40,500 --> 00:03:44,200 changing the way. Authentication is done for 59 00:03:44,800 --> 00:03:47,600 billions upon billions of different things that are out 60 00:03:47,600 --> 00:03:49,000 there. That is not something that 61 00:03:49,000 --> 00:03:52,100 changes within a year, two years, five years even, and then 62 00:03:52,100 --> 00:03:55,000 you marry that up against, you know, Enterprises and budget 63 00:03:55,000 --> 00:03:57,700 cycles and how long it takes to get things done. 64 00:03:58,300 --> 00:04:00,800 I mean, you think about anybody who's been trying to get like 65 00:04:00,800 --> 00:04:04,100 IGA or privileged access management tools into their into 66 00:04:04,100 --> 00:04:06,600 their environment. If you're any sort of decent 67 00:04:06,600 --> 00:04:09,200 size of organization, it usually takes even just a couple years 68 00:04:09,700 --> 00:04:11,800 to get to the point where it's like okay yeah, we're ready to 69 00:04:11,800 --> 00:04:14,500 make the That and then even those are a couple years out and 70 00:04:14,500 --> 00:04:16,600 you're talking about changing, literally, the way people 71 00:04:16,600 --> 00:04:20,200 operate. It's like that. 72 00:04:20,200 --> 00:04:22,300 I think it's a decade-long transition. 73 00:04:22,300 --> 00:04:25,600 It's like, you know, going from internal combustion, two v's. 74 00:04:25,600 --> 00:04:29,400 It's taken decades to get their steam engine to, you know, other 75 00:04:29,400 --> 00:04:33,300 things, right? These are seismic shifts in the 76 00:04:33,300 --> 00:04:35,600 identity space and you're talking about literally. 77 00:04:35,600 --> 00:04:40,200 The one thing that is probably the most prevalent security 78 00:04:40,200 --> 00:04:43,000 option in the world. A password. 79 00:04:43,000 --> 00:04:46,100 It's going to take time to change, all right, but I need 80 00:04:46,100 --> 00:04:48,500 time to be the right. Like it may not even be the 81 00:04:48,500 --> 00:04:50,300 right solution to go to password list. 82 00:04:50,800 --> 00:04:54,100 I mean, Martin kind of brought up Mainframe in the last, our 83 00:04:54,100 --> 00:04:56,900 last episode, we've been trying to kill the Mainframe for 50 or 84 00:04:56,907 --> 00:04:58,700 60 years. It seems like they're still 85 00:04:58,700 --> 00:05:02,700 around and they're in hot demand because you know that Lisa skill 86 00:05:02,700 --> 00:05:04,600 set for it because it is so rare. 87 00:05:05,600 --> 00:05:09,900 Password was to me is a arrow in the quiver of identity. 88 00:05:09,900 --> 00:05:13,300 It does not mean it needs to be the only solution for an 89 00:05:13,300 --> 00:05:16,000 organization. We talk about risk and like okay 90 00:05:16,000 --> 00:05:19,100 well if we're going to show, you know, the the secret sauce for 91 00:05:19,100 --> 00:05:20,600 how we make Kentucky Fried Chicken. 92 00:05:20,600 --> 00:05:22,900 Of course, you probably want to have a little bit more than that 93 00:05:22,900 --> 00:05:25,600 a password probably you know the recipe needs to be under lock 94 00:05:25,600 --> 00:05:28,900 and key but if it's the menu to go you know to go to your 95 00:05:28,900 --> 00:05:32,300 cafeteria who cares, right. Maybe a password alone is good 96 00:05:32,300 --> 00:05:33,600 enough. Maybe I'm just not even having a 97 00:05:33,608 --> 00:05:37,100 passwords line so I think Be a risk based discussion around it. 98 00:05:37,400 --> 00:05:40,300 I just from a realistic standpoint I just I think I 99 00:05:40,300 --> 00:05:43,700 think we're talking like a decade transition to really even 100 00:05:43,700 --> 00:05:46,500 see it make make an impact or make waves. 101 00:05:46,500 --> 00:05:48,700 We're like that's the way the majority of people are 102 00:05:48,700 --> 00:05:50,300 authenticated. He is there some sort of 103 00:05:50,300 --> 00:05:52,300 password was approach. I just don't think it will 104 00:05:52,300 --> 00:05:55,400 happen as quick as we want to. I think what has to happen 105 00:05:55,500 --> 00:05:58,600 unfortunately. Is you have to have that 106 00:05:58,900 --> 00:06:07,100 catastrophic event, That shows that passwords are at the level 107 00:06:07,100 --> 00:06:11,200 of like, covid there at the level of 9/11 throughout the 108 00:06:11,200 --> 00:06:16,600 level of World War Two, that you say, this is life-altering. 109 00:06:16,600 --> 00:06:24,100 We need to change this now and there's no excuse for it and 110 00:06:24,100 --> 00:06:28,800 maybe it's not maybe, maybe if devolving away from the password 111 00:06:28,800 --> 00:06:34,600 is going to be fine. Or maybe some kind of attack 112 00:06:34,700 --> 00:06:39,200 happens based on the password. That's just social catastrophic 113 00:06:39,200 --> 00:06:44,100 that you know it makes everyone realizes the reason I used to 114 00:06:44,100 --> 00:06:47,400 covid as an example, think about it they everything shut down. 115 00:06:47,400 --> 00:06:52,200 Now all these companies have to scramble to enable remote 116 00:06:52,200 --> 00:06:57,100 Workforce had to scramble to you know, adopt MFA. 117 00:06:57,100 --> 00:07:02,700 And it happened, it happened Maybe people had their hair on 118 00:07:02,700 --> 00:07:05,100 fire and had to loot work. A lot of weekends to make it 119 00:07:05,100 --> 00:07:08,900 happen but it did happen and it was because of this like 120 00:07:08,900 --> 00:07:12,900 catastrophic event taking place, and I don't know if that's what 121 00:07:12,900 --> 00:07:15,900 it's going to take to get the password list but kind of seems 122 00:07:15,900 --> 00:07:17,300 like it to me. Yeah. 123 00:07:17,300 --> 00:07:20,200 I mean, I get the point on the covid thing but I also see other 124 00:07:20,200 --> 00:07:24,300 catastrophic events that keep occurring ransomware and other 125 00:07:24,300 --> 00:07:28,400 things that they just keep happening and sure that one 126 00:07:28,400 --> 00:07:31,000 company changes, maybe, or maybe there's a couple When the 127 00:07:31,000 --> 00:07:34,600 industry that changes, I don't know. 128 00:07:34,600 --> 00:07:36,800 I mean, I'm not gonna even try and say that I had the answer, 129 00:07:36,800 --> 00:07:42,000 but I just feel like it is going to be a slow transition and it 130 00:07:42,000 --> 00:07:47,500 will be driven by budgets more so than like an event that were 131 00:07:47,500 --> 00:07:50,300 to take place. The events might be more 132 00:07:50,400 --> 00:07:53,300 Tactical for a specific organization but I still think 133 00:07:53,300 --> 00:07:57,500 the like the industry and business at large will slowly 134 00:07:57,500 --> 00:08:01,200 transition over over 2. So that concept You know in the 135 00:08:01,200 --> 00:08:04,400 future, okay? So let me write this up by going 136 00:08:04,400 --> 00:08:07,700 back to my original point is that we as the I am 137 00:08:07,700 --> 00:08:11,000 practitioners know where our risk lies within the 138 00:08:11,008 --> 00:08:15,500 organization, we understand what the potential impact of somebody 139 00:08:15,500 --> 00:08:20,000 getting hold of credentials based on the password breach. 140 00:08:20,700 --> 00:08:24,100 And we need to be educating up the chain. 141 00:08:24,300 --> 00:08:28,100 So people understand that I can make the I could make the 142 00:08:28,100 --> 00:08:31,900 decision about the investment. With all the information. 143 00:08:32,200 --> 00:08:34,000 Make sure that the leadership understands. 144 00:08:34,000 --> 00:08:38,500 Here's our risk, here's the cost to address the risk and then 145 00:08:38,700 --> 00:08:43,000 they can make the decision as the leaders of that business. 146 00:08:43,900 --> 00:08:45,300 I'll even get that. That's my. 147 00:08:45,300 --> 00:08:47,400 That's kind of the end of my point. 148 00:08:47,900 --> 00:08:50,000 Yeah, I mean, everything's gonna be a risk based decision. 149 00:08:50,600 --> 00:08:53,100 So you know money is not unlimited. 150 00:08:53,100 --> 00:08:55,100 Resources aren't limited time people, Etc. 151 00:08:55,100 --> 00:08:58,500 So you've got to pick and choose the battles, you know, this will 152 00:08:58,500 --> 00:09:00,600 be a line item somewhere to say, okay. 153 00:09:00,800 --> 00:09:02,700 Do we want to do? We want to dress password lists 154 00:09:02,700 --> 00:09:05,800 or do we want to? I don't know, you know, 155 00:09:05,800 --> 00:09:10,700 implements a multi-cloud, you know, security strategy or will 156 00:09:10,700 --> 00:09:13,800 it be identity governance or will it be, you know, XYZ, 157 00:09:13,800 --> 00:09:16,800 right? This is where the cisos get. 158 00:09:16,800 --> 00:09:20,100 Get paid, the big bucks and they sit on the hot chairs to to try 159 00:09:20,100 --> 00:09:22,600 and balance all those risks. Because if everything's on fire, 160 00:09:22,600 --> 00:09:25,000 nothing's on fire. You have to try to prioritize 161 00:09:25,000 --> 00:09:28,200 some of that work. So I'm with you II, wish I 162 00:09:28,200 --> 00:09:29,700 would, I wish it would happen faster. 163 00:09:29,700 --> 00:09:33,500 I think most in the space wish it would happen faster because 164 00:09:33,600 --> 00:09:36,800 the idea is to become more secure but also, you know, it's 165 00:09:36,800 --> 00:09:39,500 much more user-friendly. Who doesn't want that? 166 00:09:39,500 --> 00:09:41,100 I think everyone wants it. They can real. 167 00:09:41,300 --> 00:09:44,200 You know, the the realistic output though is it comes down 168 00:09:44,200 --> 00:09:46,200 to money and time and those things aren't limited. 169 00:09:46,200 --> 00:09:47,800 So you had to kind of pick and choose battles. 170 00:09:48,100 --> 00:09:51,400 What do you think about the upcoming conferences that are on 171 00:09:51,400 --> 00:09:54,800 those on the docket? We got Gardner I am Summit in 172 00:09:54,800 --> 00:10:00,000 March, I Denver's in May and the European identity and Cloud. 173 00:10:00,800 --> 00:10:04,500 In may, as well as the Cooper Nicole conference that we talked 174 00:10:04,500 --> 00:10:08,300 about in the last episode. Yeah, some Heavy Hitters there. 175 00:10:08,900 --> 00:10:11,900 I mean, I'm going to be biased as of right now because of 176 00:10:11,900 --> 00:10:15,300 Gartner inviting us to come actually come to the conference 177 00:10:15,300 --> 00:10:18,400 and bring our podcast up onto the stage, which is very 178 00:10:18,400 --> 00:10:21,100 exciting news for us. So if you haven't heard Jim and 179 00:10:21,100 --> 00:10:22,700 I are actually going to be at Gartner's. 180 00:10:22,700 --> 00:10:25,100 I am Summit in March in Grapevine, Texas. 181 00:10:25,800 --> 00:10:30,600 We will have some sort of session on a stage with garbage. 182 00:10:30,700 --> 00:10:34,100 Our analysts and put them on the hot seat, maybe we still kind of 183 00:10:34,100 --> 00:10:36,800 figure out what that show is going to look like, but the idea 184 00:10:36,800 --> 00:10:40,100 is to bring so the flavor of this podcast and this discussion 185 00:10:40,100 --> 00:10:43,600 format and and you know have a good time with it. 186 00:10:43,600 --> 00:10:45,900 So looking forward to that. So I'm going to be biased and 187 00:10:45,900 --> 00:10:48,300 say that right now, but obviously done a versus a great 188 00:10:48,300 --> 00:10:50,700 conference. We know that European identity 189 00:10:50,700 --> 00:10:54,300 Cloud conference in May and Berlin is also great one too, 190 00:10:55,500 --> 00:10:56,900 but it's not from personal experience. 191 00:10:56,900 --> 00:10:57,900 We don't know. Not for present. 192 00:10:57,900 --> 00:11:00,400 I have not been out there yet, but I am trying to figure out 193 00:11:00,400 --> 00:11:04,100 how We can make that happen at some point, either this year, or 194 00:11:04,100 --> 00:11:07,300 in the future. Yeah, I wanted to mention, you 195 00:11:07,300 --> 00:11:11,100 know, what you said about them, having us as speakers that 196 00:11:11,100 --> 00:11:15,000 Gardener or facilitating a session to me that such a 197 00:11:15,000 --> 00:11:18,000 fantastic opportunity. But it also put my personal 198 00:11:18,000 --> 00:11:21,600 stamp of endorsement on that conference even if we weren't 199 00:11:21,900 --> 00:11:25,300 doing this session is such a fantastic conference to learn 200 00:11:25,300 --> 00:11:30,300 and to interact with your peers. Speaking of interacting with 201 00:11:30,300 --> 00:11:33,900 peers, There's one thing I want to do Jeff is put together some 202 00:11:33,900 --> 00:11:38,800 kind of meet up or something like that around the community, 203 00:11:38,800 --> 00:11:41,100 that I think we're building here with the identity at the center 204 00:11:41,100 --> 00:11:45,300 conference, our podcast to, you know, maybe get everybody 205 00:11:45,300 --> 00:11:48,400 together, you know, for breakfast or something, just 206 00:11:48,400 --> 00:11:51,900 meeting the breakfast Hall and, you know, take a table or to 207 00:11:51,900 --> 00:11:54,800 push them together and, you know, just get to know some of 208 00:11:54,808 --> 00:11:56,700 the people who listen to the podcast. 209 00:11:57,100 --> 00:11:58,800 Wow, you're optimistic pushing a couple days ago. 210 00:11:58,800 --> 00:12:00,800 I'm thinking like, maybe like two or three people might Out 211 00:12:00,800 --> 00:12:03,900 for that. Well, I guess what that remains 212 00:12:03,900 --> 00:12:05,800 to be seen by prove me wrong please. 213 00:12:05,800 --> 00:12:09,200 I'll be great. Yeah no I mean if folks are 214 00:12:09,200 --> 00:12:11,700 thinking about going to the conference or surely going to 215 00:12:11,700 --> 00:12:18,300 conference reach out to Jeff and or myself on LinkedIn we love to 216 00:12:18,300 --> 00:12:20,200 arrange something, some kind of meet up. 217 00:12:20,900 --> 00:12:24,600 Yeah it's cool to have just conversations like just, you 218 00:12:24,608 --> 00:12:26,200 know, we're humans just like everyone else. 219 00:12:26,200 --> 00:12:29,000 And I think I think one of the things we'd like to do is 220 00:12:29,000 --> 00:12:30,500 probably tap into our listening audience. 221 00:12:30,600 --> 00:12:33,300 Audience and try to get some good questions that we can ask 222 00:12:33,300 --> 00:12:36,000 the gardener folks. Well, we're on stage and maybe 223 00:12:36,000 --> 00:12:37,300 put a little bit on the hot seat. 224 00:12:37,300 --> 00:12:40,900 So I know we've been kind of been gracious, graciously given 225 00:12:40,900 --> 00:12:45,200 some leeway on where and where, where and what we can go to, so 226 00:12:45,200 --> 00:12:46,500 maybe we'll tap the audience for that. 227 00:12:46,500 --> 00:12:48,600 So if you've got ideas or you've got burning questions, you'd 228 00:12:48,600 --> 00:12:51,500 like to ask the Gartner analyst under the Jim and Jim and I and 229 00:12:51,500 --> 00:12:55,900 Linkedin and we will pull that into our aren't to our quiver of 230 00:12:55,900 --> 00:12:58,900 questions that we may pull out at the event itself. 231 00:13:00,700 --> 00:13:03,500 We should probably get to what we're actually going to talk 232 00:13:03,500 --> 00:13:07,000 about today. I know Jim, you read recently an 233 00:13:07,000 --> 00:13:11,000 article on the awesome eyes website and we've invited the 234 00:13:11,000 --> 00:13:13,900 author of that article. His name is Gabe avner, he's a 235 00:13:13,908 --> 00:13:15,600 director of content and awesome eyes. 236 00:13:15,700 --> 00:13:19,400 He wrote this blog post around called 2022. 237 00:13:19,500 --> 00:13:22,300 Is the year that identity fully merged with security a 238 00:13:22,300 --> 00:13:24,900 retrospective. It's a very long title but 239 00:13:24,900 --> 00:13:26,600 welcome to the show game. Hey guys! 240 00:13:26,800 --> 00:13:29,300 How's it going? It's going great, we're into the 241 00:13:29,300 --> 00:13:31,100 new year, we've got new. Codes. 242 00:13:31,200 --> 00:13:33,200 And I think one of the things that we like to find out the 243 00:13:33,200 --> 00:13:35,600 first time we have folks on the show is really kind of learn 244 00:13:35,600 --> 00:13:37,600 about their identity background and you've got a little of an 245 00:13:37,600 --> 00:13:39,400 interesting one because I don't think you started here, but 246 00:13:39,400 --> 00:13:41,500 maybe you can kind of share with the folks were listening. 247 00:13:41,900 --> 00:13:44,400 How did you get into the identity space? 248 00:13:44,400 --> 00:13:47,800 Is it something that that you chose or did it end up choosing 249 00:13:47,800 --> 00:13:50,300 you? So I'd say I definitely chose 250 00:13:50,300 --> 00:13:54,400 it. My background comes from 251 00:13:55,100 --> 00:13:58,000 geopolitical analysis, as a security consultant intelligence 252 00:13:58,000 --> 00:14:01,500 analyst guy. And then Transition from there 253 00:14:01,500 --> 00:14:04,200 into journalism. And like, all good journalist, I 254 00:14:04,200 --> 00:14:07,800 end up getting laid off because things closed down, because 255 00:14:07,800 --> 00:14:10,200 there's, no, there's no real good money in it. 256 00:14:12,000 --> 00:14:15,100 And at that point, I transitioned over to startups. 257 00:14:15,100 --> 00:14:17,700 And my first startup was actually in a knapsack. 258 00:14:19,900 --> 00:14:24,300 So, it was a company that dealt with open source security, and 259 00:14:25,000 --> 00:14:28,400 that was totally new to me. And it was exciting because a 260 00:14:28,408 --> 00:14:32,100 certain large credit. Agency had just gotten and 261 00:14:32,100 --> 00:14:33,600 themselves in some hot water at the time. 262 00:14:34,000 --> 00:14:38,400 So those players right about? And eventually when I moved on 263 00:14:38,400 --> 00:14:41,300 from there, I wanted to find something that was a little more 264 00:14:41,400 --> 00:14:45,300 deal with human issues and for me, identity is kind of that 265 00:14:46,100 --> 00:14:52,100 really fascinating cross between You know, if the technical 266 00:14:52,100 --> 00:14:54,100 management problem and the one hand, but it's also just 267 00:14:54,100 --> 00:14:58,500 managing people and letting people work, you know, it's very 268 00:14:58,500 --> 00:15:01,400 much just you know, there's a front-end back-end side of it 269 00:15:01,400 --> 00:15:05,900 but just how do you let people be productive while still 270 00:15:05,900 --> 00:15:10,300 maintaining security? And I think also I got into it 271 00:15:10,300 --> 00:15:13,100 at a very interesting time when things started to change our 272 00:15:13,100 --> 00:15:14,400 Villa B. You start to see kind of this 273 00:15:14,400 --> 00:15:19,300 more I grow up, you know Colonial pipeline had happened 274 00:15:19,400 --> 00:15:20,600 around the time that I got into it. 275 00:15:21,500 --> 00:15:23,800 And I'll solar winds which I'm sure we'll get into at some 276 00:15:23,800 --> 00:15:27,800 point. And those were interesting days 277 00:15:27,800 --> 00:15:30,500 and I was kind of like when I was trying to decide is this 278 00:15:30,500 --> 00:15:33,100 this kind of next Direction I want to get into and there's 279 00:15:33,100 --> 00:15:35,500 just too much going on. So between kind of the news 280 00:15:35,500 --> 00:15:39,000 value and Justice, as a writer to be able to write about those 281 00:15:39,000 --> 00:15:42,300 things. Identity was was the place to be 282 00:15:43,500 --> 00:15:46,600 You talk about the human side of identity and I think I think 283 00:15:46,600 --> 00:15:48,000 that's something that doesn't get enough. 284 00:15:48,200 --> 00:15:51,700 I do airtime is yeah, we always talk about like tools and 285 00:15:51,700 --> 00:15:54,400 Technologies and you know, standards and all those things 286 00:15:54,400 --> 00:15:56,900 are really important by the end of the day. 287 00:15:56,900 --> 00:15:59,100 It's the human that actually has to use all this stuff and 288 00:15:59,100 --> 00:16:00,500 interact. And we talked, you know, Jim and 289 00:16:00,500 --> 00:16:02,900 I just had a, you know, back and forth on password list. 290 00:16:03,200 --> 00:16:06,000 We're talking about the way humans interact with things, and 291 00:16:06,000 --> 00:16:08,800 I think it's interesting to bring more of those viewpoints 292 00:16:08,800 --> 00:16:12,400 in because if, if something's not usable, it's not going to be 293 00:16:12,400 --> 00:16:14,300 successful. Or it's gonna have a really hard 294 00:16:14,300 --> 00:16:16,600 time being successful. It's going to have kind of Brute 295 00:16:16,600 --> 00:16:19,400 Force so I'm glad you bring that perspective to, you know, to the 296 00:16:19,400 --> 00:16:22,200 conversation. Yeah, you know I think Security 297 00:16:22,200 --> 00:16:25,100 in general is always a question of, you know, usability versus 298 00:16:25,100 --> 00:16:30,300 how secure is it like if people can't use it, they're not going 299 00:16:30,300 --> 00:16:35,100 to, they're not going to use it. And then all, you know, all the 300 00:16:35,400 --> 00:16:37,700 best for your products and practices can just go out the 301 00:16:37,700 --> 00:16:42,000 window because they're not using it for years. 302 00:16:42,000 --> 00:16:44,900 I worked with journalists In the field doing, you know, kind of 303 00:16:45,100 --> 00:16:48,200 their secure either often Iraq to Syria, they're protesting the 304 00:16:48,208 --> 00:16:52,400 state's everywhere and you can be providing the best security 305 00:16:52,400 --> 00:16:54,500 background for them, you know, and support. 306 00:16:54,700 --> 00:16:56,900 But if they don't want to talk to you, if you're making system 307 00:16:56,900 --> 00:17:00,100 to sold so difficult for them to interact with their just going 308 00:17:00,100 --> 00:17:04,400 to ignore you, right? So you always have to find in my 309 00:17:04,400 --> 00:17:09,599 opinion like a way to make it super easy for the users to 310 00:17:10,200 --> 00:17:13,700 actually want to use while making sure you Oxygen, your job 311 00:17:13,700 --> 00:17:15,700 as a security person. So that's that's where 312 00:17:15,700 --> 00:17:18,400 identities for me. It just all seems you know if 313 00:17:18,400 --> 00:17:21,900 you feel like I got into identity kind of post pandemic, 314 00:17:21,900 --> 00:17:25,500 it was kind of like towards the end pandemic where everything or 315 00:17:25,500 --> 00:17:28,300 have you know jump to Cloud. So like everything was already 316 00:17:28,300 --> 00:17:30,200 identity identity identity credentials. 317 00:17:30,900 --> 00:17:34,700 So for me it's just a fantastic time to get into it and now 318 00:17:34,700 --> 00:17:38,000 you're with awesome eyes for folks who aren't familiar. 319 00:17:38,000 --> 00:17:42,200 We've had gal disk and on from awesome eyes was episode 98 back 320 00:17:42,200 --> 00:17:44,200 in. Of 21. 321 00:17:44,200 --> 00:17:47,100 So it's been a couple years a year and a half or so for those 322 00:17:47,100 --> 00:17:49,600 not familiar with awesome eyes. What's the you know? 323 00:17:49,600 --> 00:17:54,200 30 seconds 60 second elevator ride sort of commercial for what 324 00:17:54,200 --> 00:17:58,900 you guys do. So awesome eyes is a identity 325 00:17:58,900 --> 00:18:02,600 threat detection and response platform so this is still a new 326 00:18:02,600 --> 00:18:04,400 term. The Gartner is developing. 327 00:18:05,000 --> 00:18:07,300 They have some interesting papers out there that you can 328 00:18:07,300 --> 00:18:10,600 check out and get their perspective on it but it's 329 00:18:10,600 --> 00:18:15,300 basically the idea of that You know, everybody knows that you 330 00:18:15,300 --> 00:18:17,200 haven't, you needed, endpoint security, and the network 331 00:18:17,200 --> 00:18:18,600 security, and the cloud security. 332 00:18:19,000 --> 00:18:24,000 And now identity is at the center of security and it's time 333 00:18:24,000 --> 00:18:26,900 for organization to actually have this the solutions that 334 00:18:26,900 --> 00:18:30,500 they need or to have the visibility and control the see, 335 00:18:30,500 --> 00:18:32,900 you know who's using, what who has access to what's, how are 336 00:18:32,900 --> 00:18:37,800 they using that access? But also, how are their systems 337 00:18:37,800 --> 00:18:39,700 being protected from active threats? 338 00:18:39,900 --> 00:18:42,400 So it's not just a my doing pasture management. 339 00:18:42,400 --> 00:18:46,300 It's a It s suspicious activity. Do I have a way to respond to it 340 00:18:46,300 --> 00:18:49,400 as part of like you know the rest of my security stack and 341 00:18:49,400 --> 00:18:51,200 the workflow? Like does it go to my splint, 342 00:18:51,200 --> 00:18:53,500 does it go to my whatever itsm I'm using? 343 00:18:54,900 --> 00:18:57,500 And optimize is going to help give you that visibility in the 344 00:18:57,500 --> 00:19:01,500 control and the context across all the different Cloud systems 345 00:19:01,500 --> 00:19:04,900 that you're using and on-prem to be able to figure out how to do 346 00:19:04,900 --> 00:19:07,200 it. Gabe, let's, let's switch topics 347 00:19:07,200 --> 00:19:09,200 a little bit. Talk about that blog. 348 00:19:09,200 --> 00:19:13,000 And I want to know is this title click bait or is it is? 349 00:19:13,100 --> 00:19:17,500 Is it something real? So you called it 2022 is the 350 00:19:17,500 --> 00:19:21,800 year that identity fully merged with security retrospective. 351 00:19:21,800 --> 00:19:25,300 So as I click bait or is there actually something special about 352 00:19:25,300 --> 00:19:31,500 20 22 that, that was the reason that you wrote this article. 353 00:19:31,900 --> 00:19:36,100 So I try to never do clickbait first off because I'm bad at it. 354 00:19:37,300 --> 00:19:39,400 We could we could teach you. That's what we're all about 355 00:19:39,400 --> 00:19:45,500 here. No, I just I've tried and tried 356 00:19:45,500 --> 00:19:48,200 to do to get better quickly because it's good for four Clips 357 00:19:48,200 --> 00:19:51,900 but I'm just bad at it. I did always want to use the 358 00:19:51,900 --> 00:19:55,900 word a retrospective in a title so that one was like a little 359 00:19:55,900 --> 00:20:01,100 bit of just wanting to do that but I think 2022 was actually a 360 00:20:01,100 --> 00:20:04,100 very interesting year because kind of The Facts of the field 361 00:20:04,100 --> 00:20:10,200 changed. I think you look at 2020 when 362 00:20:10,400 --> 00:20:15,200 the solar wind attack happened and and it's Colonial pipeline 363 00:20:15,200 --> 00:20:23,700 that year 2021, you started to have large identity-based 364 00:20:23,800 --> 00:20:27,200 incidents going on. In 2021. 365 00:20:27,600 --> 00:20:33,400 But at the time it was still stayed actors. 366 00:20:33,700 --> 00:20:35,500 He was big enough. You know that there's always 367 00:20:35,500 --> 00:20:39,900 this this issue and security of I'm going to get by because I'm 368 00:20:39,900 --> 00:20:42,400 obscure like nobody knows me well enough, I'm not going to be 369 00:20:42,400 --> 00:20:46,600 an interesting enough targets to be worth putting these you know, 370 00:20:46,800 --> 00:20:53,800 practices in or having these tools in place and The 371 00:20:53,800 --> 00:20:59,100 solarwinds attack was you know, reportedly nobelium apt as in 372 00:20:59,100 --> 00:21:06,500 29, which is Russian hackers. Basically you know it was a very 373 00:21:06,500 --> 00:21:09,300 skilled team and so a lot of organizations said, oh wow, that 374 00:21:09,300 --> 00:21:11,600 was a big thing but they were very selective. 375 00:21:11,700 --> 00:21:13,900 It was a front from a hacker perspective, is actually super 376 00:21:13,900 --> 00:21:15,600 interesting in the way that they went. 377 00:21:16,400 --> 00:21:20,300 You know, they had access to Basically everybody, you know, 378 00:21:20,800 --> 00:21:23,100 government organizations University is your large 379 00:21:23,100 --> 00:21:25,400 companies but they were very selective about who they 380 00:21:25,400 --> 00:21:28,800 actually use that access to the front that they got from the 381 00:21:28,800 --> 00:21:31,000 supply chain to actually go and breach. 382 00:21:31,300 --> 00:21:35,000 But me, 2021, you can still kind of say, I'm not really going to 383 00:21:35,000 --> 00:21:38,000 be likely to be a Target, because it's only going to be 384 00:21:38,000 --> 00:21:41,800 the Super Elite hacking teams and going after strategic 385 00:21:41,800 --> 00:21:46,200 targets. And that's not me, even if it 386 00:21:46,200 --> 00:21:48,400 was, people were still going to say, you know, that's not me. 387 00:21:49,600 --> 00:21:55,100 20:22 was the year of lapses and that's, you know, there was 388 00:21:55,100 --> 00:21:57,900 there wasn't a lot of kind of joking about like is 20 is 389 00:21:57,900 --> 00:22:00,700 lapses, kind of the democratization of identity 390 00:22:00,700 --> 00:22:04,100 hacking because all of their hacks have basically kind of 391 00:22:04,100 --> 00:22:08,600 been not super technical from like a, you know, they're not 392 00:22:09,200 --> 00:22:12,600 going through and finding, you know, 02 bones, like they're 393 00:22:12,600 --> 00:22:17,000 they're going in and like the they're sending, you know. 394 00:22:17,000 --> 00:22:21,200 They're, they're like SMS by They're doing things to trick 395 00:22:21,200 --> 00:22:25,800 the human element and they're explaining the identity part of 396 00:22:25,808 --> 00:22:31,800 the, the threat surface. So 2022 for me was the year 397 00:22:31,800 --> 00:22:33,400 that's organization organization. 398 00:22:33,400 --> 00:22:38,500 Start to understand it's not enough to kind of hope to skate 399 00:22:38,500 --> 00:22:42,400 by by, you know, not being a big enough Target script kiddies 400 00:22:42,400 --> 00:22:45,900 basically, canals, Target me with a little bit of software, 401 00:22:45,900 --> 00:22:48,500 you need to maybe pick up my MFA. 402 00:22:48,600 --> 00:22:52,400 So they can annoy the hell out of my people. 403 00:22:52,400 --> 00:22:55,500 And so they they just click approve and it's going to work 404 00:22:55,500 --> 00:22:57,100 for them. So maybe I need to start taking 405 00:22:57,100 --> 00:23:02,000 some more seriously. And I think that, you know, as 406 00:23:02,000 --> 00:23:06,000 identity folks yourselves you've seen over the years and identity 407 00:23:06,400 --> 00:23:09,800 started off, you know, there's always a security element to it 408 00:23:10,100 --> 00:23:14,300 but it was very much kind of an ith are kind of, you know, side 409 00:23:14,300 --> 00:23:18,300 of that the house right there was, I mean, you had to make 410 00:23:18,300 --> 00:23:21,800 sure you getting the right. You know, provisioning to the 411 00:23:21,800 --> 00:23:25,300 right people, but I don't think it was fully taken as a, as a 412 00:23:25,300 --> 00:23:28,600 security discipline. I think that now that is, you 413 00:23:28,600 --> 00:23:34,000 know, been proven by not just kind of the elite level of 414 00:23:34,000 --> 00:23:38,600 hacking teams to you, nobody, but also by anybody who wants to 415 00:23:38,600 --> 00:23:43,200 try, you know, identities. Now evolved into the kind of 416 00:23:44,200 --> 00:23:48,200 Like I hate the militarization of cyber stuff but like it's 417 00:23:48,200 --> 00:23:51,600 kind of the next next you know mud pit where everybody's going 418 00:23:51,600 --> 00:23:55,300 to sling it out, you know. So it's Battlefield is the mud 419 00:23:55,300 --> 00:23:57,600 pit. It's a place where people are 420 00:23:58,000 --> 00:24:00,900 need to, you know, actually start to take seriously. 421 00:24:01,200 --> 00:24:05,000 And I think if you look at some of the conference's, a lot more 422 00:24:05,100 --> 00:24:07,000 kind of traditional security people are showing up to the 423 00:24:07,000 --> 00:24:09,700 conferences and a lot more have more questions to their identity 424 00:24:09,700 --> 00:24:13,100 people. So they're waking up and 425 00:24:13,100 --> 00:24:16,400 wondering. How do I get the identity? 426 00:24:16,400 --> 00:24:19,900 You know the data from the identity side so I'll give you 427 00:24:19,908 --> 00:24:24,800 like an example. If there's an attack and they 428 00:24:24,800 --> 00:24:29,500 realized that that certain files were accessed the way that 429 00:24:29,500 --> 00:24:31,400 they're going to be able to understand. 430 00:24:31,400 --> 00:24:34,900 You know what happened there. It's not just going to be by 431 00:24:34,900 --> 00:24:37,400 looking Network logs it's going to be what did this identity 432 00:24:37,700 --> 00:24:40,400 have access to? So I know that they had access 433 00:24:40,400 --> 00:24:43,100 to this one file. What else do they have access 434 00:24:43,100 --> 00:24:45,100 to? And that's, that's like you some 435 00:24:45,100 --> 00:24:46,200 questions. We hear from a lot of security 436 00:24:46,200 --> 00:24:50,300 people. And yeah, I think 2022 is was 437 00:24:50,300 --> 00:24:52,700 the year that they realize they have to stamp start seeing these 438 00:24:52,700 --> 00:24:56,600 capabilities up and identity as part of that stock. 439 00:24:56,600 --> 00:25:00,400 Now, You brought up a couple points there that that I find 440 00:25:00,400 --> 00:25:03,200 interesting. I think you described early on 441 00:25:03,500 --> 00:25:07,400 the types of attacks right nation-state actors and sort of 442 00:25:07,900 --> 00:25:12,800 these very targeted attacks which is certainly one style. 443 00:25:12,900 --> 00:25:15,700 Then you have got the I do I call them you know targets of 444 00:25:15,700 --> 00:25:18,000 opportunity which is really weird the ransomware kind of 445 00:25:18,008 --> 00:25:20,300 comes in. It's not a smart Weapon It's 446 00:25:20,300 --> 00:25:21,900 just hey who's going to click on this thing? 447 00:25:21,900 --> 00:25:23,900 And let me get into their system and all right. 448 00:25:23,900 --> 00:25:27,200 Get money on them and I think that's what causes two. 449 00:25:27,300 --> 00:25:31,900 Current styles of prevention and mitigation and sort of awareness 450 00:25:31,900 --> 00:25:36,800 around it is if if you are the target of a nation state actor, 451 00:25:36,800 --> 00:25:40,800 you they're going to try to figure out you are the target. 452 00:25:40,800 --> 00:25:43,200 Like they are going to do everything they can to get into 453 00:25:43,200 --> 00:25:47,300 your system and odds are eventually, they will find a 454 00:25:47,300 --> 00:25:50,600 weakness somewhere and get in which is a totally different 455 00:25:50,608 --> 00:25:56,400 mitigation response versus a general ransomware attack, where 456 00:25:56,400 --> 00:25:59,800 it is, you know, kind of Spray and pray or shotgun style or, 457 00:26:00,100 --> 00:26:03,700 you know, whatever it may be, where they're, you know, you 458 00:26:03,700 --> 00:26:06,300 have some, some mitigations you can do about it is probably 459 00:26:06,300 --> 00:26:09,600 little bit easier. I would think to try to defend 460 00:26:09,600 --> 00:26:11,900 against because it is the human element. 461 00:26:11,900 --> 00:26:14,000 Don't click on things, you shouldn't click on, you know, 462 00:26:14,000 --> 00:26:17,400 watch the URLs, watch for the spam attacks, right? 463 00:26:17,400 --> 00:26:19,200 Things like that fishing fishing, right? 464 00:26:19,200 --> 00:26:23,200 All that stuff, but they're still certainly a limit to what 465 00:26:23,200 --> 00:26:26,000 can be real. You know, what can be effective 466 00:26:26,000 --> 00:26:29,300 from a mitigation And point. So I think you've got these two 467 00:26:29,300 --> 00:26:32,700 different styles of attacks and I guess, you know, obviously 468 00:26:32,700 --> 00:26:37,400 identity is important to both, but where do you see things 469 00:26:37,400 --> 00:26:39,000 going? I mean, I don't see either of 470 00:26:39,000 --> 00:26:43,800 them going away, but are we just becoming more jaded to? 471 00:26:43,800 --> 00:26:44,900 Yeah, of course, there's hacking. 472 00:26:44,900 --> 00:26:47,800 Everyone's hacking each other. So what are we going to do about 473 00:26:47,800 --> 00:26:49,700 it? Or are there specific things 474 00:26:49,700 --> 00:26:52,900 that you see as a point to as a trend to say, you know, I'm 475 00:26:52,900 --> 00:26:55,900 seeing more of this maybe in our own, you know, research or the 476 00:26:55,900 --> 00:26:57,900 things that the awesome eyes. Join together. 477 00:26:58,000 --> 00:26:59,100 So there's like a ton of stuff there. 478 00:26:59,100 --> 00:27:02,700 So, where do I see things going? Start with. 479 00:27:02,700 --> 00:27:07,300 I think I see things going to attackers focusing more actually 480 00:27:07,300 --> 00:27:12,000 on the identity systems and any management providers and other 481 00:27:12,400 --> 00:27:17,200 identity infrastructure. The past, you know, lapses 482 00:27:17,200 --> 00:27:20,000 itself. When after a very well-known 483 00:27:20,100 --> 00:27:27,300 identity provider and the was also recently targeted And had 484 00:27:27,300 --> 00:27:33,100 their source code stolen. I think that you know you're 485 00:27:33,100 --> 00:27:37,600 seeing more and more attacks going after the infrastructure 486 00:27:37,600 --> 00:27:39,600 because they realize that if they're able to pop the 487 00:27:39,600 --> 00:27:42,500 infrastructure they can hit everything else is Downstream 488 00:27:42,500 --> 00:27:44,600 from there. So I think, you know, in the 489 00:27:44,600 --> 00:27:47,400 same way that you know, solarwinds was was targeted 490 00:27:47,400 --> 00:27:50,500 because it was a perfect supply chain spots. 491 00:27:51,600 --> 00:27:53,300 It's a breach. You're going to start to see 492 00:27:53,300 --> 00:27:56,100 that happening. Also more through the identities 493 00:27:56,300 --> 00:27:59,400 Space. I have I agree and disagree with 494 00:27:59,400 --> 00:28:02,800 what you're saying before. I think, of course we're jaded. 495 00:28:03,700 --> 00:28:05,600 I'm not that security. If you're not Jaden security 496 00:28:05,600 --> 00:28:07,400 gonna burn out, we all real fast. 497 00:28:10,400 --> 00:28:16,700 I think that you can when you look in state actors versus 498 00:28:16,700 --> 00:28:20,900 criminal or you know, just general malicious, it's some 499 00:28:20,900 --> 00:28:24,100 dudes job to show up every day from 9:00 to 5:00 and try and 500 00:28:24,100 --> 00:28:27,600 hack their target. They don't care about Oh, I like 501 00:28:27,600 --> 00:28:32,400 that's that's their job, you know, and they'll keep going 502 00:28:32,400 --> 00:28:37,700 till they hit something but it doesn't necessarily mean that 503 00:28:38,000 --> 00:28:41,400 they're going to achieve all their goals and I think that you 504 00:28:41,400 --> 00:28:45,000 know, if we're assuming breach which is kind of how we deal 505 00:28:45,000 --> 00:28:48,900 with, you know, and the post post post post post mortem of 506 00:28:48,900 --> 00:28:51,200 the you know of the perimeter being dead. 507 00:28:52,000 --> 00:28:55,200 I think that we have to assume that somebody's already, you 508 00:28:55,200 --> 00:28:56,700 know, if you're interesting enough To them. 509 00:28:56,900 --> 00:28:59,700 They already have something inside of you inside of, you 510 00:28:59,700 --> 00:29:02,700 know, whatever perimeter because there is still a perimeter but 511 00:29:02,700 --> 00:29:06,500 it's just it's changed from get to that later. 512 00:29:07,700 --> 00:29:09,100 The question is, how are you mitigating? 513 00:29:09,100 --> 00:29:11,600 How are you keeping them away from kind of the really 514 00:29:11,600 --> 00:29:15,400 important things? So I don't think it's a binary, 515 00:29:16,200 --> 00:29:17,900 you know, they're a nation state actor. 516 00:29:17,900 --> 00:29:19,300 So therefore, I'm gonna get popped. 517 00:29:20,100 --> 00:29:23,500 I think that we can be a little more optimistic than that. 518 00:29:24,300 --> 00:29:27,100 I think though that when you talking about the criminal 519 00:29:27,100 --> 00:29:29,600 groups, what's the problem with that? 520 00:29:29,600 --> 00:29:32,800 I mean there's only X number of X nation state. 521 00:29:32,800 --> 00:29:35,500 Actors who have good, hack and resources. 522 00:29:36,900 --> 00:29:40,600 There's an exponential number of criminal Crews who think they 523 00:29:40,600 --> 00:29:44,500 can make a quick buck. So I think that the more were 524 00:29:44,500 --> 00:29:48,600 able to frustrate them by, you know, maybe getting rid of 525 00:29:48,608 --> 00:29:51,100 passwords may be doing other things that are just kind of low 526 00:29:51,100 --> 00:29:53,600 hanging fruits to make their jobs harder. 527 00:29:54,600 --> 00:29:58,300 The more we can maybe encourage them to go look elsewhere. 528 00:29:58,700 --> 00:30:03,400 When it comes to, you know, Finding Target because criminals 529 00:30:03,400 --> 00:30:07,000 do care about Roi. They don't care about how they 530 00:30:07,000 --> 00:30:08,200 get to you, or how they make money. 531 00:30:08,200 --> 00:30:12,800 They just want to make money so I gave them. 532 00:30:13,000 --> 00:30:17,400 Yeah, I wanted to kind of well first, I wanted to make a 533 00:30:17,400 --> 00:30:21,000 comment because I think you did a real good job about, you know, 534 00:30:21,300 --> 00:30:25,100 not pointing out. The victims, whether they are, 535 00:30:25,600 --> 00:30:30,000 you know, vendors or not, picking on the victims naming 536 00:30:30,000 --> 00:30:32,600 names, and things like that. Because to me, it's kind of 537 00:30:32,600 --> 00:30:38,000 like, you know, a lot of these breaches that are happening, 538 00:30:39,600 --> 00:30:47,000 there's a victim and then there's, you know, a group that 539 00:30:47,000 --> 00:30:51,900 is hacking that my destroying their businesses or destroying 540 00:30:51,900 --> 00:30:54,600 their brand and there's Real people that work there and 541 00:30:54,600 --> 00:31:00,500 there's real victims of these crimes and I also think that a 542 00:31:00,500 --> 00:31:04,200 lot of times when you just keep saying the names of the victims 543 00:31:04,200 --> 00:31:07,900 over and over again, it almost is like becomes people start to 544 00:31:07,900 --> 00:31:11,000 take out it's their fault, they didn't do a good job of securing 545 00:31:11,000 --> 00:31:13,000 things. And a lot of times when you 546 00:31:13,000 --> 00:31:17,700 dissect these hacks It's a lot of things almost everybody's 547 00:31:17,700 --> 00:31:21,800 doing the relying on third parties, for you know, whether 548 00:31:21,800 --> 00:31:26,400 it's customer support or whatever or if they were storing 549 00:31:26,400 --> 00:31:29,300 credentials in the cloud. Okay. 550 00:31:29,800 --> 00:31:32,200 Yo, can you really look at yourself in the mirror and say, 551 00:31:32,200 --> 00:31:34,800 hey I don't do that, I would never be stupid enough to do 552 00:31:34,800 --> 00:31:37,300 something like that. I've worked in enough large 553 00:31:37,300 --> 00:31:41,900 companies where even the top technical Architects don't have 554 00:31:41,900 --> 00:31:44,800 that visibility across the entire company. 555 00:31:45,200 --> 00:31:50,100 And so I think it's a good practice for us and we followed 556 00:31:50,100 --> 00:31:52,500 on the podcast here because you can go and find out who the 557 00:31:52,500 --> 00:31:57,500 victims are over and over again, but not to name and shame them. 558 00:31:57,500 --> 00:32:00,200 So I, you know, I just want to tip my hat to you on that. 559 00:32:00,200 --> 00:32:04,100 They I noticed that you really work hard to avoid that. 560 00:32:04,100 --> 00:32:08,100 The second thing that I wanted to say is, you know, going back 561 00:32:08,100 --> 00:32:12,000 to the question about your blog is you know, really pointing out 562 00:32:12,000 --> 00:32:17,800 2022 is kind of the year. Identity became the, the center 563 00:32:17,800 --> 00:32:21,300 of the infosec world. And look, we have a podcast 564 00:32:21,300 --> 00:32:23,100 called identity at the center, right? 565 00:32:23,100 --> 00:32:27,600 So we've been thinking about this for longer than the three 566 00:32:27,600 --> 00:32:31,400 and a half years that we've been doing this podcast. 567 00:32:31,400 --> 00:32:38,100 However, I do think there's kind of a point where, you know, it's 568 00:32:38,100 --> 00:32:43,300 like a Tipping Point and maybe 20 22, was the year of the 569 00:32:43,300 --> 00:32:45,800 Tipping Point where it's like, Like enough. 570 00:32:45,800 --> 00:32:50,600 People are now buying into this that is is now truth identity is 571 00:32:50,600 --> 00:32:52,700 at the center of information security. 572 00:32:53,100 --> 00:32:54,700 Wait hold on a second. Jim I'd like to I'm going to 573 00:32:54,700 --> 00:32:56,900 make that sound bite. I'd any of the center is a 574 00:32:56,900 --> 00:32:58,000 truth. There we go. 575 00:32:58,000 --> 00:33:00,300 Cut it print it. Sorry. 576 00:33:00,300 --> 00:33:03,900 Good ready sure it's ready for publication Billboards. 577 00:33:04,800 --> 00:33:09,100 No I mean by on your first point by The Graces you know go us 578 00:33:10,000 --> 00:33:14,200 when it comes to hacking it's just a matter of how bad is it 579 00:33:14,300 --> 00:33:19,000 if The dive of RSS feed of come from breaches dotnet and it's 580 00:33:19,000 --> 00:33:22,600 just a constant constant constant flow of, you know, this 581 00:33:22,600 --> 00:33:25,300 hospital or that the University or this. 582 00:33:25,500 --> 00:33:29,600 Somebody heard this. Like, I think some government 583 00:33:29,600 --> 00:33:33,300 office at on La yesterday. Got the ransom, we're just, it's 584 00:33:33,300 --> 00:33:40,300 a constant flow. So I mean, hacks happen and in 585 00:33:40,300 --> 00:33:44,200 organizations. Especially the larger, they are 586 00:33:44,200 --> 00:33:45,800 the worst, they handle things, you know? 587 00:33:46,200 --> 00:33:50,600 I'm just even the most basic of security things like patch. 588 00:33:50,600 --> 00:33:52,300 Everybody's always saying patch patch patch. 589 00:33:52,600 --> 00:33:54,300 How often does something happened to cousin from somebody 590 00:33:54,300 --> 00:33:57,900 didn't patch because it's hard, get doing things, a hundred 591 00:33:57,900 --> 00:34:00,800 percent, right is just it's impossible at the end difficult 592 00:34:00,800 --> 00:34:05,400 to impossible. So it's even if somebody didn't 593 00:34:05,400 --> 00:34:08,000 do what they're supposed to nobody's doing what they're 594 00:34:08,000 --> 00:34:11,199 supposed to. Well, yeah, I think the to the 595 00:34:11,199 --> 00:34:13,800 next point that I wanted to bring up, I think this is point, 596 00:34:13,800 --> 00:34:19,100 which is unless you're to unplug, there's really no way to 597 00:34:19,100 --> 00:34:23,699 eliminate 100% the risk. You tackle the topic called 598 00:34:23,699 --> 00:34:26,900 identity and access its risk, and this points back to the 599 00:34:26,900 --> 00:34:28,600 conversation. Jeff and I were having earlier 600 00:34:28,600 --> 00:34:32,800 around aiders these risks out there. 601 00:34:32,800 --> 00:34:36,800 We understand them as I am practitioners, we need to boil 602 00:34:36,800 --> 00:34:38,300 them up. To the people who make decisions 603 00:34:38,308 --> 00:34:43,400 about Where the money goes but we have to explain to them the 604 00:34:43,400 --> 00:34:46,199 risk. To me the risk is, you know, the 605 00:34:46,199 --> 00:34:50,600 likelihood of an event and the impact of the event and there's 606 00:34:51,500 --> 00:34:55,400 different ways to mitigate that. Usually they have a price tag 607 00:34:55,400 --> 00:34:59,600 Associated through them and you have to choose we all make 608 00:34:59,600 --> 00:35:03,000 choices in life, right? About what risks were going to 609 00:35:03,000 --> 00:35:05,500 accept object? I ride a motorcycle. 610 00:35:05,700 --> 00:35:07,800 That's risky. Ready to participate. 611 00:35:08,000 --> 00:35:10,700 In fact, a lot of people You'll think I'm stupid. 612 00:35:11,300 --> 00:35:14,500 Okay, but it's a risk. I choose to take righto. 613 00:35:14,500 --> 00:35:19,400 In fact, I pay for that risk. A lot of money for that risk but 614 00:35:19,700 --> 00:35:23,000 you get the point. So I'm wondering, you know, what 615 00:35:23,000 --> 00:35:26,800 was that about for you? So from my perspective, what 616 00:35:26,800 --> 00:35:29,700 people need to understand is that you with with no risk, 617 00:35:29,700 --> 00:35:33,400 there's no reward every bit of access that you're granting is a 618 00:35:33,400 --> 00:35:38,300 risk. And That's just part of doing 619 00:35:38,300 --> 00:35:39,600 business. You know, if you're going to, if 620 00:35:39,600 --> 00:35:42,400 you're going to open somebody up an email, open up, you give them 621 00:35:42,400 --> 00:35:44,500 access to the resources. They need to do their job. 622 00:35:46,300 --> 00:35:48,400 That's a more than acceptable risk. 623 00:35:48,500 --> 00:35:51,500 You just have to be able to work into your threat model of. 624 00:35:51,500 --> 00:35:57,800 Is this, you know, juice worth the squeeze. and I think that, 625 00:35:59,400 --> 00:36:03,500 Organizations are starting to really understand that identity. 626 00:36:03,700 --> 00:36:05,500 Again, comes back to the to the to the Billboards. 627 00:36:05,500 --> 00:36:09,100 We need to put start putting out is at the center of, how do you 628 00:36:09,700 --> 00:36:14,400 provision access? Its that key, it's no longer. 629 00:36:14,900 --> 00:36:16,900 Am I at the office? It's no longer. 630 00:36:16,900 --> 00:36:20,800 You know what endpoint in my login on to, it's about who you 631 00:36:20,800 --> 00:36:24,600 know, who am I? And all acts as kind of revolves 632 00:36:24,600 --> 00:36:28,500 around that. So if you're not basing your 633 00:36:29,600 --> 00:36:32,700 Risk assessments around identity and access. 634 00:36:33,300 --> 00:36:36,100 Then what are you basing? It on now, I mean, it's just 635 00:36:36,100 --> 00:36:41,300 kind of so so essential to I kind of feel like again kind of 636 00:36:41,900 --> 00:36:46,600 I feel pretty strongly that executives are the ones who are 637 00:36:46,700 --> 00:36:48,300 there. Some group that makes its 638 00:36:48,300 --> 00:36:52,200 decision around? What we're going to invest in if 639 00:36:52,200 --> 00:36:58,700 they don't understand the risk. Other words, the likelihood the 640 00:36:58,700 --> 00:37:00,900 impact. But you know, they everything 641 00:37:00,900 --> 00:37:04,000 that leads up to it, then it just becomes another acronym, we 642 00:37:04,000 --> 00:37:08,200 need ite Dr. And it's going to be a million and a half. 643 00:37:08,500 --> 00:37:13,700 Like, okay, that's too much. Well, that might be exactly what 644 00:37:13,700 --> 00:37:18,300 they need to cut their risk. But unless they understand what, 645 00:37:18,300 --> 00:37:21,100 I, what I get for that. And they also have to realize 646 00:37:21,100 --> 00:37:25,100 that that's not a insurance policy. 647 00:37:25,100 --> 00:37:27,500 In other words, like, We do end up getting hacked. 648 00:37:27,500 --> 00:37:30,000 We get all of our money back like there's right. 649 00:37:30,000 --> 00:37:33,200 It's not a guarantee. So, anyway, that that's my 650 00:37:33,200 --> 00:37:37,400 thought on it as a risk. I did want to touch on one other 651 00:37:37,400 --> 00:37:41,100 thing that you had in the blog. Which is, you know you talk 652 00:37:41,100 --> 00:37:44,200 about identity is the new security perimeter. 653 00:37:44,800 --> 00:37:47,500 To me, the sounds like zero trois. 654 00:37:47,500 --> 00:37:51,500 I wonder, should we say zero trust By Any Other Name. 655 00:37:51,800 --> 00:37:56,700 Is this Gabe's spin on zero? Trust What is that? 656 00:37:56,700 --> 00:37:59,600 What you're talking about here essentially is like the whole 657 00:37:59,600 --> 00:38:04,600 zero trust piece. Yes, short answer. 658 00:38:04,600 --> 00:38:08,900 Yes. I think that, you know, to go 659 00:38:08,900 --> 00:38:11,100 back to what I said before. When you assume reach, you 660 00:38:11,100 --> 00:38:15,700 assume that, you know, whoever is trying to attack, you is 661 00:38:15,700 --> 00:38:19,800 already inside, you know, that there's no more castles and mode 662 00:38:19,800 --> 00:38:25,800 stands and big walls. We live in modern cities inside 663 00:38:25,800 --> 00:38:26,600 of me. Turn City. 664 00:38:26,600 --> 00:38:29,600 You know that there's no more Good Guys inside bad guys 665 00:38:29,600 --> 00:38:33,900 outside. You have to understand who every 666 00:38:33,900 --> 00:38:37,600 person is that your you have inside your city as much as you 667 00:38:37,607 --> 00:38:40,500 can and, and live with that risk. 668 00:38:42,100 --> 00:38:45,400 So zero trust. I mean again an overused 669 00:38:45,400 --> 00:38:49,600 marketing term at this point but it's still a good idea, you 670 00:38:49,600 --> 00:38:52,200 know, the concepts like least privilege. 671 00:38:52,200 --> 00:38:55,900 I mean they're good ideas. Yeah, that's the unfortunate 672 00:38:55,900 --> 00:38:57,900 part. Is that it's kind of been like, 673 00:38:57,900 --> 00:38:59,700 oh, that's just a marketing term low. 674 00:39:00,600 --> 00:39:04,100 So it's probably one of the most important fundamental concepts 675 00:39:04,100 --> 00:39:08,300 that have saved information security in the past 10-15 676 00:39:08,300 --> 00:39:10,600 years, you know? Well it's a it's a great concept 677 00:39:10,800 --> 00:39:13,000 like it. It makes sense but it's like 678 00:39:13,000 --> 00:39:14,500 anything else, right? It gets. 679 00:39:14,800 --> 00:39:17,000 Obfuscated in overused by everything, right? 680 00:39:17,000 --> 00:39:18,400 Everything is zero trust. Now. 681 00:39:18,900 --> 00:39:25,200 Really come on. Well, yeah, I mean it's It's a 682 00:39:25,207 --> 00:39:28,100 problem because as soon as one person, you know, what was the 683 00:39:28,100 --> 00:39:32,400 c-suite starts understand? This is what it's you know is 684 00:39:33,500 --> 00:39:36,000 something I need it soon. As you have you know executive 685 00:39:36,000 --> 00:39:38,800 orders from the web, the White House saying you need to take a 686 00:39:38,808 --> 00:39:40,700 zero just to you know architecture approach. 687 00:39:41,500 --> 00:39:43,700 Then everything's going to comes here at rest. 688 00:39:44,400 --> 00:39:50,100 But what I like about zero trust is it's it's an acceptance of 689 00:39:50,100 --> 00:39:54,700 risk. It's acceptance of, I have these 690 00:39:54,700 --> 00:39:56,700 risks in my environment, my environments. 691 00:39:58,200 --> 00:40:02,400 So, any ideas that I have of, you know, everything has to be 692 00:40:02,400 --> 00:40:04,700 100% safe. Everything's given to be 100% 693 00:40:04,700 --> 00:40:07,600 anything. Go out the window, it's all 694 00:40:07,600 --> 00:40:10,400 about. How do I mitigate risk, how do I 695 00:40:10,700 --> 00:40:16,000 let my people continue to operate and then me as a 696 00:40:16,008 --> 00:40:20,700 security team, Put all the efforts that we can and place at 697 00:40:20,700 --> 00:40:23,100 the end of their possible to minimize that risk. 698 00:40:23,800 --> 00:40:28,400 And and that means, you know, doing a lot of dynamic analysis, 699 00:40:28,400 --> 00:40:33,400 kind of activity, from behind the scenes, trying to lower 700 00:40:33,400 --> 00:40:35,700 friction as much as possible with through a lot of 701 00:40:35,700 --> 00:40:37,800 Technologies. But also I think that there's a 702 00:40:37,808 --> 00:40:40,800 cultural aspect of getting people used to the idea of, 703 00:40:40,800 --> 00:40:42,500 okay? I'm going to have to, you know, 704 00:40:42,600 --> 00:40:46,700 take my phone to do a facial recognition, like a facial Faith 705 00:40:46,700 --> 00:40:51,400 ID in order to To get into my my password manager or it's new, 706 00:40:51,400 --> 00:40:54,100 its authenticate into to Microsoft or whatever it is, you 707 00:40:54,100 --> 00:40:57,300 know. I think that all those things 708 00:40:57,300 --> 00:41:02,300 are part of creating a more secure culture, you know, at the 709 00:41:02,600 --> 00:41:07,100 at work but it's I don't want people to be so annoyed with, 710 00:41:07,100 --> 00:41:09,000 you know, the marketing term that they forget. 711 00:41:09,000 --> 00:41:10,900 You know that they throw the baby out with the bathwater. 712 00:41:11,400 --> 00:41:12,400 I think that's a real good point. 713 00:41:12,600 --> 00:41:15,000 Yeah. Like it is I think it sounds to 714 00:41:15,008 --> 00:41:17,400 me like we're all big Believers in zero trust and I think there 715 00:41:17,408 --> 00:41:18,500 are a lot of people. Rightly. 716 00:41:18,500 --> 00:41:21,300 So I think it is. You're totally right on. 717 00:41:21,300 --> 00:41:23,200 Their right. Is, the term has been overused 718 00:41:23,200 --> 00:41:26,400 and it has been applied to every single product out there in the 719 00:41:26,400 --> 00:41:28,600 security space to jump on top of it. 720 00:41:29,000 --> 00:41:31,500 But that doesn't mean that it's not a sound strategy. 721 00:41:32,500 --> 00:41:34,800 Well, it's not a product, they're exactly. 722 00:41:34,800 --> 00:41:37,900 And I think that front part that people, yeah, that's right. 723 00:41:37,900 --> 00:41:41,900 Is there is no 10 trust product. It is a combination of several 724 00:41:41,900 --> 00:41:46,400 security Concepts and strategies pulled together is very 725 00:41:46,400 --> 00:41:49,200 effective when it is pulled. Together as a group, right? 726 00:41:49,200 --> 00:41:51,100 For so I mean there's some vendor and I'll pick on a 727 00:41:51,100 --> 00:41:52,700 vendor. Just anybody out there, right? 728 00:41:52,700 --> 00:41:56,800 To say that, oh, we are the zero trust thing, okay, you're not 729 00:41:56,800 --> 00:42:01,000 the thing, you're a thing in the zero, trust ecosystem, right? 730 00:42:01,400 --> 00:42:03,400 Security is all about Stacks anyway, right? 731 00:42:03,900 --> 00:42:08,300 It's the other layers, exactly. And and zero trust is, is, you 732 00:42:08,300 --> 00:42:10,700 know, and whatever product you have are going to help you do 733 00:42:10,700 --> 00:42:14,700 zero, trust better, you know, you can easier MFA, you need 734 00:42:14,700 --> 00:42:18,200 your itd. Are you need all the Things that 735 00:42:18,200 --> 00:42:20,600 you're going to help you do that but no one product is going to 736 00:42:20,607 --> 00:42:22,100 do is going to be that. It's going to be about. 737 00:42:22,100 --> 00:42:24,900 How does your organization actually implements those tools 738 00:42:24,900 --> 00:42:29,200 and actually work with your Workforce to use it correctly? 739 00:42:29,300 --> 00:42:30,800 Like how do you, how do you, how do you actually empowering 740 00:42:30,800 --> 00:42:34,000 people to do security better? Yeah, I know. 741 00:42:34,000 --> 00:42:36,200 We're in shorten the Scion time and I want to make sure I leave 742 00:42:36,200 --> 00:42:38,200 enough time to ask a Brazilian jiu-jitsu question. 743 00:42:38,200 --> 00:42:41,800 If I can, we're going to end on a lighter note. 744 00:42:41,900 --> 00:42:45,100 And one of the things that we were talking about is we're sort 745 00:42:45,100 --> 00:42:47,000 of getting prepped. As you mentioned, that you 746 00:42:47,000 --> 00:42:49,900 study. Jujitsu and I'm not super 747 00:42:49,900 --> 00:42:51,900 familiar with it. I took Taekwondo very long time 748 00:42:51,900 --> 00:42:53,500 ago. I don't think Jim is taken any 749 00:42:53,500 --> 00:42:57,800 martial arts other than maybe some sort of like word kung fu 750 00:42:57,800 --> 00:43:02,100 for developing presentations or strategies things like that. 751 00:43:02,500 --> 00:43:05,800 What is something? What is something that people 752 00:43:05,800 --> 00:43:08,400 need to know about? Brazilian jiu-jitsu that you 753 00:43:08,400 --> 00:43:11,900 don't think is well known. There's all kinds of good means 754 00:43:11,900 --> 00:43:16,100 going around about about Brazilian jiu-jitsu at the the 755 00:43:16,100 --> 00:43:17,700 gentle art of folding people's clothes. 756 00:43:17,900 --> 00:43:19,200 As with that, but I'm still in it. 757 00:43:19,500 --> 00:43:20,700 I love that play. Really? 758 00:43:21,100 --> 00:43:26,300 Yeah, the the memes on BJJ go deep. 759 00:43:26,700 --> 00:43:30,100 I think that the thing that I always like to tell people who 760 00:43:30,100 --> 00:43:31,700 are getting to it and we actually have a couple guys on 761 00:43:31,700 --> 00:43:34,300 the office to do it. And and also just in my group we 762 00:43:34,300 --> 00:43:39,100 have a lot of security people to kind of a side note. 763 00:43:39,600 --> 00:43:43,900 I think that the big thing is kind of embrace the suck and 764 00:43:43,900 --> 00:43:46,600 embrace being bad at something for a long time. 765 00:43:47,600 --> 00:43:51,600 Race. Somebody really just just 766 00:43:52,100 --> 00:43:55,800 switching the hell out of you and and hurting you for a while 767 00:43:56,300 --> 00:43:59,500 until you learn because at some point you're going to get 768 00:43:59,500 --> 00:44:01,100 better. So I've been doing this now for 769 00:44:01,100 --> 00:44:05,500 11 years or so before that I was a bad Thai boxer and before that 770 00:44:05,500 --> 00:44:08,600 was a bad wrestler but you know it's like anything that you if 771 00:44:08,600 --> 00:44:11,500 you get used to the idea of sometimes, you can have some 772 00:44:11,500 --> 00:44:15,000 good days and some bad days you're going to have some days. 773 00:44:15,000 --> 00:44:18,100 We just, you know, give you six months with Nothing goes right? 774 00:44:19,400 --> 00:44:22,800 But eventually you learn and I think that that's kind of 775 00:44:23,400 --> 00:44:26,600 something know about that and it's a good, you know, as a 776 00:44:26,607 --> 00:44:31,100 parent as as other you know. It's a good way to a good way to 777 00:44:31,100 --> 00:44:34,900 is to approach life something. I think that so if you if you 778 00:44:34,900 --> 00:44:38,900 take that that idea and you go into Jiu-Jitsu with that 779 00:44:38,900 --> 00:44:42,400 approach, you're gonna have a much better time and I'm going 780 00:44:42,400 --> 00:44:45,000 to last longer. So I'm going to take take this 781 00:44:45,000 --> 00:44:46,600 recording and I'm going to chop it up. 782 00:44:46,600 --> 00:44:49,800 So that it says Says basically, you know, Gabe is saying use 783 00:44:49,800 --> 00:44:52,300 Brazilian jiu-jitsu as a parent on your kids. 784 00:44:52,900 --> 00:45:00,100 So I do I do and my, my young child loves to give me an arm 785 00:45:00,100 --> 00:45:02,100 bar as and hates it when I give him. 786 00:45:02,100 --> 00:45:08,500 He'll hooks. So you know, it's It's hard to 787 00:45:08,500 --> 00:45:12,300 do, it wasn't like holiday tradition, armbars and heel 788 00:45:12,300 --> 00:45:15,500 hooks all around the around the Festivus Pole or something. 789 00:45:15,600 --> 00:45:18,300 Well, I can't use too small to actually get a proper heel hook 790 00:45:18,300 --> 00:45:21,900 on it. So it's I'm working on it. 791 00:45:22,000 --> 00:45:24,900 A friend of mine came up with jiu-jitsu for on babies. 792 00:45:25,300 --> 00:45:27,600 Okay. You know, it's especially when 793 00:45:27,600 --> 00:45:30,600 you're changing diapers to go to control the hips very important. 794 00:45:32,300 --> 00:45:34,100 I think that's gonna be a whole library of other episode. 795 00:45:34,100 --> 00:45:36,700 It will need to get into it. I know right time Jim. 796 00:45:36,700 --> 00:45:39,700 What are your thoughts on? On Brazilian jiu-jitsu or BJJ 797 00:45:40,300 --> 00:45:42,500 something, you know, you taking risks, man, you ride a 798 00:45:42,508 --> 00:45:44,400 motorcycle. Yeah, I do. 799 00:45:44,400 --> 00:45:47,600 I do bad boy. What what, what what kind of 800 00:45:47,600 --> 00:45:52,000 motorcycle, it's a Kawasaki Falcon. 801 00:45:52,800 --> 00:45:55,600 Okay. Yeah, it's not super expensive 802 00:45:55,600 --> 00:45:58,800 but I did make it sound. Like I spend a lot of money on 803 00:45:58,800 --> 00:46:02,300 it, but I spend some money on it Insurance. 804 00:46:02,300 --> 00:46:04,500 Exactly. And getting not actually as good 805 00:46:04,500 --> 00:46:08,800 on gas to. Yeah, as far, Is BJ. 806 00:46:08,800 --> 00:46:12,800 I don't have any tips for anybody because they've done it. 807 00:46:13,000 --> 00:46:17,100 Never done any martial arts but I've watched a lot of Bruce Lee, 808 00:46:17,500 --> 00:46:22,700 you know, Kung Fu movies and I would say that my tip from 809 00:46:22,700 --> 00:46:26,400 watching those movies is you don't have to speak perfect 810 00:46:26,400 --> 00:46:30,800 English to speak, perfect. English, you know, your mouth 811 00:46:30,800 --> 00:46:34,500 just moves and then the words come out and they are crystal 812 00:46:34,500 --> 00:46:39,400 clear, kind of like a podcast. All right, let's go ahead and 813 00:46:39,400 --> 00:46:42,900 leave it there for this week. Gave thank you so much for being 814 00:46:42,900 --> 00:46:44,800 with us on the show. Today, I'm going to have a link 815 00:46:44,800 --> 00:46:48,000 pleasure, LinkedIn profile on our show notes along with the 816 00:46:48,000 --> 00:46:50,700 article and the awesome eyes. So people could learn more about 817 00:46:50,700 --> 00:46:54,300 what you guys do over there. So feel free to connect with 818 00:46:54,300 --> 00:46:55,900 Gabe. If you've got questions, agree 819 00:46:55,900 --> 00:46:57,800 disagree. I'm sure he's happy to engage. 820 00:46:57,800 --> 00:46:59,400 I'll just throw you out to the will always like that. 821 00:46:59,400 --> 00:47:00,700 Always, always bring it. Bring it. 822 00:47:00,700 --> 00:47:02,700 Bring it. So we'll go ahead and leave it 823 00:47:02,707 --> 00:47:05,200 there for this week. You can follow us on the web 824 00:47:05,200 --> 00:47:09,200 where at idac podcast.com. Mom, we're on Twitter at. 825 00:47:09,200 --> 00:47:13,200 Idac podcast, we started a mastodon account over, the 826 00:47:13,200 --> 00:47:18,600 winter break at idac podcast at infosec exchange which is a 827 00:47:18,600 --> 00:47:21,400 total mouthful we did is we did a bitly link for that. 828 00:47:21,400 --> 00:47:22,600 Yeah. No kidding, right. 829 00:47:23,200 --> 00:47:25,900 That is be like better somehow. I'm not sure how though. 830 00:47:26,800 --> 00:47:28,900 But anyway, we're going to go ahead and leave it there for 831 00:47:28,900 --> 00:47:31,300 this week. Thanks everyone for listening 832 00:47:31,600 --> 00:47:33,800 and we'll talk with everyone in the next one. 833 00:47:38,300 --> 00:47:41,100 Thanks for listening to the identity at the center podcast. 834 00:47:41,200 --> 00:47:43,600 If you like what you heard, don't forget to subscribe and 835 00:47:43,600 --> 00:47:46,300 visit us on the web and identity at the center.com.