1 00:00:00,040 --> 00:00:05,240 One of the things that I've started talking about is I this 2 00:00:05,240 --> 00:00:08,720 may be me tilting in a windmill. I think we need to put some in 3 00:00:08,720 --> 00:00:13,640 classic relational database terms, standardized views so 4 00:00:13,640 --> 00:00:16,640 that everyone, whether it's a third party product or home 5 00:00:16,640 --> 00:00:19,360 grown, can implement these views such that for a core set of 6 00:00:19,360 --> 00:00:23,040 objects, maybe user and entitlement and system, I can 7 00:00:23,040 --> 00:00:25,880 get data out no matter what the back end is, no matter whether 8 00:00:25,880 --> 00:00:28,360 it's third party provided or it's first party provided. 9 00:00:29,040 --> 00:00:33,560 Because that can reduce the cost of switching between vendors. 10 00:00:33,960 --> 00:00:38,480 It can reduce the ability to the challenge to do bake offs 11 00:00:38,480 --> 00:00:41,320 between technologies. It can facilitate people 12 00:00:41,320 --> 00:00:44,440 bringing their own models or buying models to look at this 13 00:00:44,440 --> 00:00:46,440 data to find interesting things about them. 14 00:00:46,960 --> 00:00:50,600 So I'm, I'm a little bit on this, what I'm lovingly calling 15 00:00:50,600 --> 00:00:54,480 Oids open IAM data schema, those of you who've been around for a 16 00:00:54,480 --> 00:00:57,280 long time. And OID is an object identifier 17 00:00:57,520 --> 00:01:02,440 famous in Ldapland. And this came from a realization 18 00:01:02,440 --> 00:01:06,720 that the last time we really as an industry standardized data 19 00:01:06,720 --> 00:01:10,480 objects at rest was like inet org person and Edu person. 20 00:01:11,280 --> 00:01:13,400 And so with love in my heart, I'm like, you know what, let's 21 00:01:13,400 --> 00:01:17,000 do a throwback name here. But I'm kicking that 22 00:01:17,000 --> 00:01:20,240 conversation off with a bunch of folks and I'm getting a lot of 23 00:01:20,240 --> 00:01:23,280 feedback and I'll it's really interesting seeing the questions 24 00:01:23,600 --> 00:01:27,640 and the challenges to it. But that's like in my To Do List 25 00:01:27,640 --> 00:01:30,840 to the next couple of months. And then we'll see where it 26 00:01:30,840 --> 00:01:32,360 leads. It may all just crash and burn, 27 00:01:32,920 --> 00:01:37,480 but someone may take like a ember of the remnants of it and 28 00:01:37,480 --> 00:01:39,400 go use it to start a fire and that'll be great. 29 00:01:39,400 --> 00:01:41,560 So let's let's hope that happens. 30 00:01:46,840 --> 00:01:51,960 This is identity at the center if it has anything to do with 31 00:01:52,000 --> 00:01:56,600 IAM. This is the go to podcast now 32 00:01:56,600 --> 00:02:00,480 your hosts Jim McDonald and Jeff Steadman. 33 00:02:06,520 --> 00:02:08,199 Welcome to the Identity at the Center podcast. 34 00:02:08,199 --> 00:02:09,720 I'm Jeff, and that's Jim. Hey, Jim. 35 00:02:10,400 --> 00:02:13,280 Hey, Jeff, how are you? Oh, not so bad yourself. 36 00:02:14,240 --> 00:02:17,440 Doing good, but it's been a hectic couple of days. 37 00:02:17,640 --> 00:02:21,080 I mean, you know, 2025 is going to be a fantastic year for the 38 00:02:21,080 --> 00:02:23,760 podcast. We've got some great sponsor 39 00:02:23,760 --> 00:02:26,760 spotlight episodes. We've got our our series talking 40 00:02:26,760 --> 00:02:31,280 about the tie between different infosec areas or cybersecurity 41 00:02:31,280 --> 00:02:35,480 areas and digital identity. And then we've just got a a lot 42 00:02:35,480 --> 00:02:39,040 of fantastic guests lined up. So I'd build out the schedule 43 00:02:39,240 --> 00:02:41,480 pretty much all the way through April at this point. 44 00:02:41,760 --> 00:02:44,520 And already is shot to hell, right? 45 00:02:44,520 --> 00:02:48,120 Different, different folks have kind of said, hey, I'm not ready 46 00:02:48,120 --> 00:02:51,400 to do the podcast. So I've got 2 openings within 47 00:02:51,400 --> 00:02:55,200 the next couple of weeks and I'm working my tail off to try to 48 00:02:55,200 --> 00:02:57,960 fill those openings. We might have to do the Jim and 49 00:02:57,960 --> 00:03:00,000 Jeff episodes. I like those. 50 00:03:00,000 --> 00:03:02,240 Those are easy. Those are easy to schedule. 51 00:03:02,720 --> 00:03:04,960 It's just you and I. We can actually disagree on a 52 00:03:04,960 --> 00:03:08,280 bunch of stuff for like an hour, so I'm OK with that. 53 00:03:08,920 --> 00:03:12,680 Yeah, I'm OK with it as well. But I think one of the one of 54 00:03:12,680 --> 00:03:17,160 our secret recipe ingredients has been bringing in great 55 00:03:17,160 --> 00:03:20,000 guests who bring different perspectives that we do. 56 00:03:21,040 --> 00:03:24,320 Obviously you and I disagree on certain things, but I can pretty 57 00:03:24,320 --> 00:03:26,960 much predict what those things are going to be. 58 00:03:27,200 --> 00:03:29,800 I like bringing in somebody new to disagree with things. 59 00:03:31,040 --> 00:03:33,560 Yeah, and I. Always had on the OR someone 60 00:03:33,560 --> 00:03:35,440 we've had on the show like 10 times. 61 00:03:35,440 --> 00:03:38,640 That's also great. Yeah, I mean, look, we have, we 62 00:03:38,640 --> 00:03:40,520 have a tight knit community here in the identity space. 63 00:03:40,520 --> 00:03:42,600 So obviously, you know, if you're listening to this, you've 64 00:03:42,600 --> 00:03:44,200 already seen the scripture, you know who's going to be on. 65 00:03:44,960 --> 00:03:49,200 But yeah, I mean, look, we have so many people. 66 00:03:49,200 --> 00:03:51,800 I love talking to new people. I love talking to people who are 67 00:03:51,800 --> 00:03:54,240 out there in the real world doing, you know, I call it real 68 00:03:54,240 --> 00:03:57,560 identity things, right? There's so much we can learn, 69 00:03:57,560 --> 00:03:59,320 you know, from each other. And even if we don't have all 70 00:03:59,320 --> 00:04:01,240 the answers, like let's get it out there, maybe someone else 71 00:04:01,240 --> 00:04:03,280 does or maybe someone else is struggling with those problems. 72 00:04:03,280 --> 00:04:07,680 So if you're if you're, I'll put a I'll put a thing out there. 73 00:04:07,920 --> 00:04:10,080 If you're interested in being a guest on the show, don't 74 00:04:10,080 --> 00:04:12,320 hesitate to reach out. We're very friendly. 75 00:04:12,880 --> 00:04:14,760 You know, it's a safe place, right? 76 00:04:14,760 --> 00:04:15,640 We'll take care. Yeah. 77 00:04:16,760 --> 00:04:18,000 And we just like to have conversations. 78 00:04:18,000 --> 00:04:19,320 That's all it is. I think a lot of people maybe 79 00:04:19,320 --> 00:04:21,200 get intimidated, like, oh, it's a podcast. 80 00:04:21,200 --> 00:04:23,080 Like, OK, So what? It's just microphone. 81 00:04:23,080 --> 00:04:26,120 And after about 30 seconds of talking into it, you, you 82 00:04:26,120 --> 00:04:28,320 totally forget about it. And it's just, you know, us 83 00:04:28,320 --> 00:04:30,560 talking here on the web. Yeah. 84 00:04:31,320 --> 00:04:35,280 What I also like to do is to get folks like our guest today who 85 00:04:35,280 --> 00:04:38,280 is a thought leader. But I've kind of decided in my 86 00:04:38,280 --> 00:04:41,600 mind, you have to be told by somebody else that you're a 87 00:04:41,600 --> 00:04:44,080 thought leader. You can't declare, hey, I'm a 88 00:04:44,080 --> 00:04:47,160 thought leader. I'm a thought leader in this 89 00:04:47,160 --> 00:04:49,720 space. I know people who do declare, 90 00:04:49,720 --> 00:04:54,680 make that declaration, and Oh yeah, you know, sure, we all 91 00:04:54,680 --> 00:04:55,400 have. A warning. 92 00:04:56,120 --> 00:04:59,160 Listen to a warning if you If you have that on your LinkedIn 93 00:04:59,160 --> 00:05:01,160 website, go delete it immediately. 94 00:05:01,440 --> 00:05:03,680 Well, I think there's a whole subreddit called LinkedIn 95 00:05:03,680 --> 00:05:07,840 Lunatics that is all about just the crazy LinkedIn stuff that 96 00:05:07,840 --> 00:05:10,480 people post. And there's some good ones on 97 00:05:10,480 --> 00:05:12,680 there. And thankfully I haven't seen 98 00:05:12,680 --> 00:05:14,600 myself mentioned. I, you know, I don't know if I 99 00:05:14,600 --> 00:05:17,400 would consider it a badge of honor or not to be somewhere 100 00:05:17,400 --> 00:05:20,040 listed in LinkedIn Lunatics, but there are, there are definitely 101 00:05:20,040 --> 00:05:25,000 some, some lunatics that have opinions, just put it that way. 102 00:05:25,600 --> 00:05:28,720 Yeah, absolutely. I have to go out to check out my 103 00:05:28,720 --> 00:05:30,880 own LinkedIn, make sure I didn't call myself a thought leader. 104 00:05:31,680 --> 00:05:33,800 Maybe I nominated you and I posted something you did. 105 00:05:35,000 --> 00:05:37,200 What were you doing on their site to begin with? 106 00:05:38,840 --> 00:05:42,200 We keep teasing them, but let's take a minute to talk about 107 00:05:42,320 --> 00:05:44,400 discounts. It's never too soon to save some 108 00:05:44,400 --> 00:05:49,080 money and we're excited for this discount because this is our 109 00:05:49,080 --> 00:05:51,880 first time actually going to this conference. 110 00:05:51,880 --> 00:05:55,680 It's the European Identity and Cloud Conference 2025. 111 00:05:55,680 --> 00:05:57,920 It's May 6th to the 9th in Berlin, Germany. 112 00:05:58,480 --> 00:06:01,680 That's put in by the fine folks over at Commuter Cole and they 113 00:06:01,680 --> 00:06:04,720 have partnered with us to give a discount code to all you fine 114 00:06:04,720 --> 00:06:06,200 folks listening or watching here. 115 00:06:06,640 --> 00:06:13,000 If you use the code ID AC25M KOI know it rolls right off the 116 00:06:13,000 --> 00:06:14,040 tongue. Don't worry, it'll be in the 117 00:06:14,040 --> 00:06:15,960 show notes and if I can remember, I'll put it on the 118 00:06:15,960 --> 00:06:18,960 graphic down here. That'll get you 25% off the 119 00:06:18,960 --> 00:06:21,160 registration. And Jim, you and I for the first 120 00:06:21,160 --> 00:06:25,640 time are planning on being out there, will be, I'm sure, trying 121 00:06:25,640 --> 00:06:27,200 to figure out how to do some podcasts maybe. 122 00:06:27,200 --> 00:06:29,680 But I'm excited. It's the first time I'll be in 123 00:06:29,680 --> 00:06:33,280 Berlin, second time technically in Germany. 124 00:06:33,280 --> 00:06:36,560 I was in the Frankfurt Airport for about 6 hours, my way to 125 00:06:36,560 --> 00:06:40,240 India. So I'm excited to go to Berlin. 126 00:06:40,240 --> 00:06:42,800 And then I think maybe I'll take some time off after that 127 00:06:42,800 --> 00:06:45,200 conference and maybe try to explore other parts of Europe 128 00:06:45,200 --> 00:06:47,640 that I have not yet seen. What do you think, Jim? 129 00:06:48,160 --> 00:06:51,280 Well, I'm going to go the week before, I'm definitely going to 130 00:06:51,280 --> 00:06:54,520 Oslo because that's where my, I already booked the flight. 131 00:06:54,520 --> 00:06:57,160 So I'm going to Oslo. Where I go from there, I'm not 132 00:06:57,160 --> 00:07:01,720 sure yet, but what I want to do is identify her in a few 133 00:07:01,720 --> 00:07:04,760 different cities. I'm thinking, you know, stick to 134 00:07:04,760 --> 00:07:08,920 the Scandinavia region and meet as many of our listeners as 135 00:07:08,920 --> 00:07:11,800 possible. So as the details of those 136 00:07:11,800 --> 00:07:15,440 things start to formulate what cities I want to go to, things 137 00:07:15,440 --> 00:07:19,440 like that, I'll be announcing that here. 138 00:07:19,720 --> 00:07:22,680 Also, like you mentioned what podcasting we're going to be 139 00:07:22,680 --> 00:07:26,480 doing and maybe getting involved with sessions, things like that, 140 00:07:27,560 --> 00:07:29,120 we'll be announcing that here as well. 141 00:07:29,360 --> 00:07:33,760 But definitely grateful already to the folks over at Cooper Coal 142 00:07:33,760 --> 00:07:37,720 for collaborating with us and making this discount available. 143 00:07:38,400 --> 00:07:42,160 I can say that we will not be upended with the bitter discount 144 00:07:42,160 --> 00:07:44,560 code. So use ours, get out there, 145 00:07:44,560 --> 00:07:49,240 register early while they still have the most attractive level 146 00:07:49,240 --> 00:07:51,200 pricing. It only goes off from here. 147 00:07:52,000 --> 00:07:54,080 Yeah, show support for the show, which is always appreciated. 148 00:07:54,080 --> 00:07:56,360 And we're going to have Martin coming around here and I think 149 00:07:56,360 --> 00:07:58,800 it's next week or the week after, but he's coming up here 150 00:07:58,880 --> 00:08:00,960 pretty soon on the show. So we'll hear from more from him 151 00:08:01,520 --> 00:08:04,160 and maybe some about what's planned for the conference 152 00:08:04,160 --> 00:08:05,480 itself. So I'm looking forward to it. 153 00:08:05,720 --> 00:08:09,600 First time in Germany and yeah, let's do it man. 154 00:08:10,280 --> 00:08:12,280 Yeah, man. All right, why don't we get to 155 00:08:12,280 --> 00:08:15,360 our guests? This is his 9th appearance on 156 00:08:15,360 --> 00:08:18,320 the show and we were talking before we hit record here. 157 00:08:18,360 --> 00:08:20,440 You know, what do you get for being, you know, on the show, 158 00:08:20,560 --> 00:08:22,560 you know, 9 times. And Jimmy, you're in charge of 159 00:08:22,880 --> 00:08:26,920 guest swag and I think jackets, you know, SNL does 5 time, 5 160 00:08:26,920 --> 00:08:28,760 timer jackets. So we're up until like 9 timers. 161 00:08:28,760 --> 00:08:29,960 Think. Andrew Shikiar is another one 162 00:08:29,960 --> 00:08:32,600 who's been under a bunch of times, but this is his ninth 163 00:08:32,600 --> 00:08:34,919 time. He's the founder and president 164 00:08:34,919 --> 00:08:36,960 of Weave Identity. He's one of the founders of the 165 00:08:36,960 --> 00:08:38,919 Digital Identity Advancement Foundation. 166 00:08:39,559 --> 00:08:43,480 He's one of your team members from Team Identifriends at Fido 167 00:08:43,480 --> 00:08:46,000 Feud at the Authenticate Conference earlier this or I 168 00:08:46,000 --> 00:08:48,600 should say late last year, he is Ian Glazer. 169 00:08:48,600 --> 00:08:51,840 Welcome back to the show, Ian. Hey guys, thanks for having me. 170 00:08:52,360 --> 00:08:55,240 It's good to see you. So I got to start right off with 171 00:08:56,200 --> 00:09:00,120 what was your impression of Fido feud and how that thing kind of 172 00:09:00,120 --> 00:09:04,440 all came together and and when can we do it again is kind of 173 00:09:04,440 --> 00:09:07,440 what I'm thinking already. But tell me what your your your 174 00:09:07,440 --> 00:09:09,720 perspective was as a team member on that? 175 00:09:09,960 --> 00:09:14,320 As a team member, I was not prepared for the level of 176 00:09:14,320 --> 00:09:19,120 competitive energy coming from the other team, people who will 177 00:09:19,120 --> 00:09:22,840 remain nameless, who may be parts of organizations. 178 00:09:22,920 --> 00:09:23,480 Yeah. Megan. 179 00:09:25,160 --> 00:09:27,680 Wow. Lot, lot of competitive spirit. 180 00:09:27,680 --> 00:09:32,320 Let's say I feel like the tequila came out too late. 181 00:09:32,560 --> 00:09:34,520 I feel like that would have helped earlier. 182 00:09:34,880 --> 00:09:39,000 And I was dumbfounded by how poor my answers were across the 183 00:09:39,000 --> 00:09:41,160 board. Like I was a boat anchor of 184 00:09:41,200 --> 00:09:43,480 answering questions. Like absolutely useless. 185 00:09:43,480 --> 00:09:46,720 So yeah. But it's super fun and I hope 186 00:09:46,720 --> 00:09:47,760 you guys bring it to more places. 187 00:09:48,240 --> 00:09:51,040 Yeah, I would love to figure out how to get to more conferences. 188 00:09:51,040 --> 00:09:53,760 I think we're already talking about the next iteration for the 189 00:09:53,760 --> 00:09:55,840 Authenticate conference, you know, later this year. 190 00:09:56,280 --> 00:09:58,720 And again, it'll be in Carlsbad, so stay tuned for that one. 191 00:09:59,640 --> 00:10:04,600 I was, so I helped come up with the questions and they were sent 192 00:10:04,600 --> 00:10:07,520 out by the Authenticate team to all the Authenticate attendees. 193 00:10:07,520 --> 00:10:09,080 And we got a bunch of responses back. 194 00:10:09,560 --> 00:10:14,840 And there were some responses that clearly had, you know, 195 00:10:14,840 --> 00:10:18,280 leanings one way or the other, either politically or whatever 196 00:10:18,280 --> 00:10:21,600 that I had to censor. But I was surprised at some of 197 00:10:21,600 --> 00:10:25,000 the answers that came out there. And you know, the the most 198 00:10:25,000 --> 00:10:27,280 popular answers. I think if you watch look, if 199 00:10:27,280 --> 00:10:28,440 you watch the episode, it's on YouTube. 200 00:10:28,440 --> 00:10:30,400 Just search Fido feuds on our. Channel and you should. 201 00:10:30,440 --> 00:10:31,680 You should and. You should, because it's really 202 00:10:31,680 --> 00:10:33,280 one of the best times I've ever had at a conference. 203 00:10:33,280 --> 00:10:37,680 I had so much fun hosting it, but the answers were not at all 204 00:10:37,680 --> 00:10:41,000 what I expected from the identity community at large. 205 00:10:41,000 --> 00:10:43,240 So I'm hopeful that we can make it bigger and better next time. 206 00:10:43,240 --> 00:10:45,400 But I just had such a blast with it and you. 207 00:10:45,400 --> 00:10:48,080 Know, you know, I just have a thought which is ID Pro is 208 00:10:48,080 --> 00:10:50,720 releasing their skill survey questionnaire. 209 00:10:50,720 --> 00:10:54,960 It's just going out now. I wonder if there's like an Idoc 210 00:10:54,960 --> 00:10:58,520 ID pro team up here where we can take the questions from last 211 00:10:58,520 --> 00:11:02,800 year's identity feud and actually fold some of that stuff 212 00:11:02,800 --> 00:11:05,760 into the skill survey. Like we should, we should talk 213 00:11:05,760 --> 00:11:07,040 about this with Heather and Andy. 214 00:11:07,040 --> 00:11:09,920 Like that would be super cool. See, like just as an interesting 215 00:11:09,920 --> 00:11:15,240 sort of interlude, like, huh, here's some like kind of simple 216 00:11:15,240 --> 00:11:19,480 questions in theory, in theory simple questions and wow, wildly 217 00:11:19,480 --> 00:11:21,400 different answers. So like that could be fun. 218 00:11:21,880 --> 00:11:23,880 I think I'd be up for that. Heather or Andy, if you guys are 219 00:11:23,880 --> 00:11:26,080 listening, hit me up. Let's figure out how to do it. 220 00:11:27,200 --> 00:11:30,080 I look, we can make it fun. I think that's one of the fun 221 00:11:30,080 --> 00:11:32,960 things about stuff like, yeah, this space is just when you 222 00:11:32,960 --> 00:11:35,560 think you have it figured out some some question like this 223 00:11:35,560 --> 00:11:37,400 comes up and it's like, whoa, I. Didn't even think about. 224 00:11:37,400 --> 00:11:39,280 That Where did that come from? For sure. 225 00:11:40,320 --> 00:11:41,960 Let's talk a little bit more about some of the stuff that's 226 00:11:41,960 --> 00:11:44,080 been going on. I guess let's let's talk about 227 00:11:44,080 --> 00:11:46,600 2024, kind of recap it here. I know you're at a lot of 228 00:11:46,600 --> 00:11:49,080 different conferences, but how did 2024 go over all? 229 00:11:49,080 --> 00:11:51,680 What do you think? Did you have any, any big sort 230 00:11:51,680 --> 00:11:56,240 of identity epiphanies or I don't know, things like that? 231 00:11:56,680 --> 00:12:01,840 It was it was a blur of a year. Like I still haven't recovered 232 00:12:01,840 --> 00:12:03,280 in my sense of time from COVID, right? 233 00:12:03,280 --> 00:12:06,360 I don't know about you guys, but like, yeah, that's still like 234 00:12:06,440 --> 00:12:13,040 mushy and I feel like a lot of a lot of velocity in a lot of 235 00:12:13,040 --> 00:12:15,680 different directions. I'm just not, I still don't 236 00:12:15,680 --> 00:12:17,760 quite understand what's going on in the market. 237 00:12:18,000 --> 00:12:21,320 But like highlights for me, the shared signals framework 238 00:12:21,320 --> 00:12:23,320 interrupts. I didn't catch the one in 239 00:12:23,320 --> 00:12:26,400 London. I did catch the one at Gartner 240 00:12:26,400 --> 00:12:29,960 in in Dallas in December. Adeniverse, there was some stuff 241 00:12:29,960 --> 00:12:31,520 there too. It was like, that's really great 242 00:12:31,520 --> 00:12:35,880 to see the, the, the real push. I think right now between SSF 243 00:12:35,880 --> 00:12:38,280 and Cape and Risk, that's super cool. 244 00:12:40,520 --> 00:12:42,480 What else? I think there's a lot of new 245 00:12:42,480 --> 00:12:44,200 energy. There's a lot of new players. 246 00:12:44,680 --> 00:12:47,320 I keep learning about companies like literally every day. 247 00:12:47,320 --> 00:12:50,560 It feels like it's like how many people can, you know, come into 248 00:12:50,560 --> 00:12:54,520 this market and come at it with like like a real genuine energy 249 00:12:54,520 --> 00:12:56,960 to like do something different. And I think that's that's 250 00:12:56,960 --> 00:12:58,920 healthy and that's really good for the market. 251 00:13:01,120 --> 00:13:04,880 It was good as my first full year on my own, like full 252 00:13:04,880 --> 00:13:10,040 calendar year as you know, just a A1 man show to see the kinds 253 00:13:10,040 --> 00:13:11,800 of companies that are out there, what they're doing, be able to 254 00:13:11,800 --> 00:13:14,640 help where I could be able to just see trends. 255 00:13:14,640 --> 00:13:18,240 So like it's it was a good year, but man, it went fast. 256 00:13:18,880 --> 00:13:21,080 Yeah, time flies, I think when you're having fun, which 257 00:13:21,160 --> 00:13:24,200 hopefully that's what's taking taking place more often than 258 00:13:24,200 --> 00:13:25,200 not. Yeah, for sure. 259 00:13:25,680 --> 00:13:27,800 What conferences are you planning on hitting this year 260 00:13:27,800 --> 00:13:31,040 will we see at EIC? So I'll definitely be at EIC. 261 00:13:31,320 --> 00:13:32,640 This year's a little bit different for me. 262 00:13:32,640 --> 00:13:36,160 So I think I'm going to do for sure EIC. 263 00:13:36,240 --> 00:13:38,800 Haven't been to RSA in a long time, so I'm going to go back 264 00:13:38,800 --> 00:13:40,400 there. I've never done blackout. 265 00:13:40,400 --> 00:13:43,560 I'm going to check that out. I've done that a couple times. 266 00:13:44,160 --> 00:13:47,920 I'm probable, let's say for maybe the Gartner conferences 267 00:13:47,920 --> 00:13:50,800 this year, but there's one that's not going to be on my 268 00:13:50,800 --> 00:13:52,720 list and that's Identiverse this year. 269 00:13:52,960 --> 00:13:53,960 Man. Well. 270 00:13:53,960 --> 00:13:57,520 Look, I feel like I can miss a CIS slash identiverse once every 271 00:13:57,520 --> 00:14:00,120 10 years. This is like certain time at 272 00:14:00,120 --> 00:14:01,840 20th. It's my 20th anniversary. 273 00:14:01,840 --> 00:14:04,680 We're going hiking like see you like. 274 00:14:04,680 --> 00:14:07,520 So we'll I'll be on a trail somewhere when when the 275 00:14:07,520 --> 00:14:09,880 conference going on, which it bums me out, but I'm still going 276 00:14:09,880 --> 00:14:12,560 to do all of my content committee review work, which I 277 00:14:12,560 --> 00:14:15,840 need to go do before Andy and Nishant beat me up. 278 00:14:16,640 --> 00:14:20,120 And you know, that's the kind of the first half of the year. 279 00:14:20,120 --> 00:14:21,880 And then I'm not sure really the second-half. 280 00:14:22,640 --> 00:14:24,680 It's been a long time since I've been to an IWI really should 281 00:14:24,680 --> 00:14:30,040 change that. And I am Jim, you just triggered 282 00:14:30,040 --> 00:14:32,160 this thought. I'm going to be at one of the 283 00:14:32,160 --> 00:14:35,160 Identity beers and in fact, I'm going to be at the Identity beer 284 00:14:35,280 --> 00:14:37,880 next week in London. Now, I know this show won't air 285 00:14:37,880 --> 00:14:42,600 until probably after that. So if you're hearing this now, 286 00:14:42,600 --> 00:14:45,400 then you've already had a beer with me in London because 287 00:14:45,400 --> 00:14:47,120 obviously you would go to Identity Beer in London. 288 00:14:47,440 --> 00:14:49,760 Or you're about to. So I think, I think this is 289 00:14:49,800 --> 00:14:52,160 going to go out on the next Monday. 290 00:14:52,160 --> 00:14:53,600 So it'll be the 13th. Yeah. 291 00:14:53,600 --> 00:14:56,720 All right, so then you have two days now that you're hearing 292 00:14:56,720 --> 00:14:59,080 this. In three days time in Thursday, 293 00:14:59,400 --> 00:15:02,440 I'll be at the identity here. And I'm I'm really excited just 294 00:15:02,440 --> 00:15:05,240 to see some people that I know and I haven't seen in a while. 295 00:15:05,240 --> 00:15:07,960 But more importantly, like see a whole new group of people. 296 00:15:07,960 --> 00:15:10,960 I have no idea who they are and just meet them and, and 297 00:15:10,960 --> 00:15:14,360 understand what they're up to. And, and I will be coming right 298 00:15:14,360 --> 00:15:16,600 off the plane. So I am going to fall asleep in 299 00:15:16,600 --> 00:15:17,800 a pint. It'll be great. 300 00:15:18,040 --> 00:15:20,400 I'm sure it'll be photos, but I'm really excited for it. 301 00:15:20,400 --> 00:15:23,320 Like it's, it's about, you know, another opportunity to, to meet 302 00:15:23,320 --> 00:15:24,680 more of the community, which is going to be great. 303 00:15:25,240 --> 00:15:28,080 Sounds like a lot of fun. Now your conference schedule is 304 00:15:28,080 --> 00:15:30,520 pretty busy and you know you've been to these for a long time as 305 00:15:30,520 --> 00:15:34,040 you've mentioned. What's something that I guess 306 00:15:34,280 --> 00:15:37,800 your assessment of the scene today, how do you see IM 307 00:15:37,800 --> 00:15:40,120 conferences? And have you noticed any 308 00:15:40,120 --> 00:15:42,520 evolution maybe within the last couple years? 309 00:15:42,520 --> 00:15:45,200 Is it, I feel like, you know, a couple years ago it was all 310 00:15:45,200 --> 00:15:48,440 right, everything is zero trust. And then it was maybe before 311 00:15:48,440 --> 00:15:50,640 that it was everything was blockchain and then it was, you 312 00:15:50,640 --> 00:15:53,680 know, AI is kind of like the thing right now, like we see 313 00:15:53,680 --> 00:15:55,320 these waves coming through. But I'm curious kind of like 314 00:15:55,320 --> 00:15:59,720 what's your assessment of where I am conferences at large are 315 00:15:59,720 --> 00:16:03,480 kind of at right now? So I think my take is not so 316 00:16:03,480 --> 00:16:06,040 much thematic in terms of like what you know, conferences are 317 00:16:06,040 --> 00:16:07,360 sort of choosing as their themes. 318 00:16:07,360 --> 00:16:12,280 I think it's more about a little bit more meta, which is I think 319 00:16:12,280 --> 00:16:15,800 that last year certainly was more evidence to the fact that 320 00:16:15,800 --> 00:16:17,760 identity based is becoming more and more mainstream. 321 00:16:18,160 --> 00:16:22,080 It's a mainstream concern for more parts of the enterprise and 322 00:16:22,080 --> 00:16:24,040 certainly within the security organization. 323 00:16:25,160 --> 00:16:27,520 And so one of the things we're seeing is that people that are 324 00:16:27,520 --> 00:16:29,680 coming to conferences are first timers. 325 00:16:30,400 --> 00:16:33,560 Four of those conferences, Identiverse, you know, Andy 326 00:16:33,560 --> 00:16:36,440 always asks like who's, you know, first time is this to 327 00:16:36,440 --> 00:16:38,840 Identiverse. Half the room raises their hand. 328 00:16:39,720 --> 00:16:43,640 And I would posit that a third to half the people that raised 329 00:16:43,640 --> 00:16:45,800 their hand for that question are new to identity. 330 00:16:46,400 --> 00:16:48,320 Same basic thing happened at Gartner. 331 00:16:48,320 --> 00:16:51,440 I am in Dallas in December. So we're seeing a lot of new 332 00:16:51,440 --> 00:16:55,800 faces and we're seeing a lot of new beginning practitioners, 333 00:16:56,520 --> 00:16:58,480 people that have done their career in security in other 334 00:16:58,480 --> 00:16:59,800 places are now coming to identity. 335 00:17:00,360 --> 00:17:04,800 And I think that's really great. One of the side effects is that 336 00:17:04,800 --> 00:17:07,119 we're gonna, I think we've already seen this and it will 337 00:17:07,119 --> 00:17:11,200 continue to happen. Most conferences are needing to 338 00:17:11,200 --> 00:17:16,480 Orient to those people, right? And so there's a lot that can be 339 00:17:16,480 --> 00:17:21,079 taught and yet still to we can get better at teaching it about 340 00:17:21,079 --> 00:17:23,200 identity and there's always emergent topics. 341 00:17:23,240 --> 00:17:26,079 That's important. I think one of the side effects 342 00:17:26,079 --> 00:17:32,880 is that it's going to get harder for conferences to put more 343 00:17:32,880 --> 00:17:37,080 content on that's longer and more technical. 344 00:17:37,560 --> 00:17:40,600 I have a feeling just because of who's going to be there that 345 00:17:40,600 --> 00:17:43,120 we're going to see a kind of different optimization for 346 00:17:43,120 --> 00:17:46,560 content in the majority, like in the sort of, let's say, 347 00:17:46,560 --> 00:17:51,000 mainstage identity conferences. It'll be interesting to see 348 00:17:51,000 --> 00:17:54,800 where some of the, the longer term, the more difficult, the 349 00:17:54,800 --> 00:17:56,760 more challenging identity problems continue to be 350 00:17:56,760 --> 00:17:58,800 discussed. Obviously, IOW is one of those 351 00:17:58,800 --> 00:18:03,160 kinds of places Eici think does a good job in this. 352 00:18:03,160 --> 00:18:06,120 I think Authenticate is starting to find its legs and its voice 353 00:18:06,120 --> 00:18:08,280 in this regard, but it'll be interesting to see that 354 00:18:08,280 --> 00:18:11,400 emergence of conferences that are tending towards the more 355 00:18:11,400 --> 00:18:15,320 mainstream identity topics and practitioners and then places 356 00:18:15,320 --> 00:18:17,560 where people can have the harder conversations. 357 00:18:17,840 --> 00:18:21,440 The, the more in depth, the more I would say nuanced 358 00:18:21,440 --> 00:18:24,000 conversations about like you've got a three to five year problem 359 00:18:24,000 --> 00:18:27,400 over millions of identities. What does that start to look? 360 00:18:27,400 --> 00:18:28,720 Where do those conversations happen? 361 00:18:28,720 --> 00:18:31,040 Who's participating and how do we how do we foster more of 362 00:18:31,040 --> 00:18:34,920 that? Yeah, there's a lot of good 363 00:18:34,920 --> 00:18:37,600 thoughts. I, I wanted to echo something 364 00:18:37,600 --> 00:18:42,240 you said earlier when you talked about 2024 with all the, the new 365 00:18:42,240 --> 00:18:46,040 vendors that you're seeing and the really there was a ton of 366 00:18:46,040 --> 00:18:48,600 innovation. And when I talked to other 367 00:18:48,600 --> 00:18:52,440 practitioners, they talk about things like this massive amount 368 00:18:52,440 --> 00:18:57,000 of identity data that they want to be able to use to automate 369 00:18:57,120 --> 00:18:59,520 provision tasks. So you go back to the nuts and 370 00:18:59,520 --> 00:19:03,600 bolts, but do it in a, a way that leverages this data that 371 00:19:03,600 --> 00:19:05,920 they have. And you're starting to see 372 00:19:05,920 --> 00:19:09,800 solutions that actually are things that put them in control 373 00:19:09,800 --> 00:19:11,520 and give them the ability to do that. 374 00:19:11,520 --> 00:19:17,000 So I kind of get the sense that those are the companies that 375 00:19:17,000 --> 00:19:19,800 could shape the future. We've seen it happen a couple of 376 00:19:19,800 --> 00:19:24,880 times within the last 20 years where incumbents, I don't know 377 00:19:24,880 --> 00:19:28,600 if they get fat, slow and lazy or, or what the case is, right? 378 00:19:28,600 --> 00:19:33,920 Maybe that's a little too harsh, but young, hungry companies come 379 00:19:33,920 --> 00:19:37,000 and eat their lunch. And I wonder if we're in the 380 00:19:37,000 --> 00:19:41,600 reflection point for that again. I think 2024 was good evidence 381 00:19:41,600 --> 00:19:47,040 that we are seeing on one hand a return to the best of platform 382 00:19:47,040 --> 00:19:51,080 days that we saw an identity. We've seen it two other times. 1 383 00:19:51,080 --> 00:19:54,680 was basically CA and IBM and a little bit of BMC. 384 00:19:54,680 --> 00:19:58,560 It was like who's got the most complete essentially suite of 385 00:19:58,560 --> 00:20:02,520 identity. We saw it again and that well 386 00:20:02,680 --> 00:20:06,000 that was a moment in time. We saw it again with Oracle and 387 00:20:06,000 --> 00:20:08,520 Son. Now we're seeing it again and 388 00:20:08,520 --> 00:20:14,840 it's Octa sale point. Ping maybe Cyber Ark Entra like 389 00:20:15,320 --> 00:20:18,160 and we have these best of sort of sweet platform type things. 390 00:20:18,680 --> 00:20:21,960 But at the same time, every time we saw one of those movements 391 00:20:21,960 --> 00:20:26,280 towards a best of suite or best of platform, we also saw a huge 392 00:20:26,280 --> 00:20:31,080 influx of new identity vendors coming out with novel ways to 393 00:20:31,080 --> 00:20:37,080 approach problems or augmenting some of those more traditional 394 00:20:37,080 --> 00:20:39,840 suites to give them more innovative features without 395 00:20:39,840 --> 00:20:42,520 replacing them entirely. A Better Together kind of 396 00:20:42,520 --> 00:20:45,320 strategy. And I think that's what's going 397 00:20:45,320 --> 00:20:51,360 to continue in 2025 is this kind of tension towards some 398 00:20:51,360 --> 00:20:54,440 incumbent vendors that are getting super, super large from 399 00:20:54,440 --> 00:20:58,520 a sort of footprint inside of IAM customer base as well and a 400 00:20:58,520 --> 00:21:02,800 bunch of new folks coming in and saying yes, but they're missing 401 00:21:02,800 --> 00:21:06,320 a bunch of things. We can't claim that we're going 402 00:21:06,320 --> 00:21:10,720 to displace your 10 year old sail point installation or what 403 00:21:10,720 --> 00:21:12,880 have you. But what we can do is add these 404 00:21:12,880 --> 00:21:15,160 capabilities to it. That's going to help reduce your 405 00:21:15,160 --> 00:21:18,360 burden, make you more efficient, get you better integrated with 406 00:21:18,360 --> 00:21:20,840 security, what have you. I think there's a whole influx 407 00:21:20,840 --> 00:21:22,480 of that's going to happen in 2025. 408 00:21:22,480 --> 00:21:25,000 We'll start to see that in the market shortly. 409 00:21:28,360 --> 00:21:31,240 So I wanted to talk about something that you published 410 00:21:31,240 --> 00:21:35,800 last year, which to me, I, I loved it because it's like, I'm 411 00:21:35,800 --> 00:21:38,800 going to, nobody asked for this. I'm just going to put it out 412 00:21:38,800 --> 00:21:41,040 there. It's kind of a, a mini series 413 00:21:41,040 --> 00:21:42,800 blog. You broke it up into a few 414 00:21:42,800 --> 00:21:46,800 different parts, but the idea was you're kind of laying out 415 00:21:46,800 --> 00:21:51,520 that the argument that modern identity architectures need to 416 00:21:51,520 --> 00:21:54,640 be or are different. You kind of talked about almost 417 00:21:54,640 --> 00:21:58,000 what I would call a reference architecture or some of the 418 00:21:58,000 --> 00:22:02,440 major themes that, that make up this modern identity 419 00:22:02,440 --> 00:22:06,200 architecture. Originally, I think it was 4 420 00:22:06,200 --> 00:22:09,560 principles or 4 layers, if you will. 421 00:22:09,840 --> 00:22:14,160 I think you're evolving it, which just goes to show, I mean, 422 00:22:14,160 --> 00:22:16,320 to me, that's, that's what it should be, right? 423 00:22:16,320 --> 00:22:18,920 Otherwise it's just, it's going to be thrown out there and die 424 00:22:18,920 --> 00:22:21,480 on the vine. You're evolving it, but kind of 425 00:22:21,480 --> 00:22:23,960 the five principles that I've heard you talk about anyway, 426 00:22:24,320 --> 00:22:29,680 policy, data, orchestration, execution and events. 427 00:22:30,720 --> 00:22:32,840 Did I describe that right? I mean is that? 428 00:22:33,240 --> 00:22:35,720 Yeah. Let me paint the picture, which 429 00:22:35,720 --> 00:22:42,400 is that I, I last year had two things I realized. 1 is that the 430 00:22:42,400 --> 00:22:46,040 names of the markets that we have with an identity don't make 431 00:22:46,040 --> 00:22:48,880 any sense anymore, right? Case in point, access 432 00:22:48,880 --> 00:22:52,680 management. Is access management single sign 433 00:22:52,680 --> 00:22:55,840 on? Is it authorization? 434 00:22:56,760 --> 00:22:59,640 Isn't it the teams that field the tickets from service now 435 00:22:59,640 --> 00:23:01,920 that then go build people's accounts? 436 00:23:01,920 --> 00:23:05,320 Isn't that managing access? Like what the heck does the do 437 00:23:05,320 --> 00:23:07,000 these words mean? And access management is not the 438 00:23:07,000 --> 00:23:09,960 only one where you're like, I don't understand what's in this 439 00:23:09,960 --> 00:23:11,680 bucket. Like I don't understand what the 440 00:23:11,680 --> 00:23:13,640 feature boundaries are of these markets anymore. 441 00:23:13,640 --> 00:23:15,960 It's super, super blurry. Part 1. 442 00:23:15,960 --> 00:23:27,040 Part 2 is I don't know where the IAM market is going per SE, but 443 00:23:27,040 --> 00:23:31,200 I'm starting to see sort of evidence that there's a foot 444 00:23:31,200 --> 00:23:39,600 race going on towards some form of a enhanced data tier. 445 00:23:39,720 --> 00:23:43,240 We can talk a little bit more about that informed by more 446 00:23:43,240 --> 00:23:47,040 robust and contextual policy, powered by real time events. 447 00:23:48,040 --> 00:23:54,080 And that, by the way, does not fit neatly into the identity 448 00:23:54,080 --> 00:23:56,400 security bucket or any damn bucket, right? 449 00:23:56,520 --> 00:23:58,000 So I'm like, OK, I've had enough of this. 450 00:23:58,480 --> 00:24:02,000 I'm going to write everything out of my head that I've got 451 00:24:02,000 --> 00:24:05,240 swirling around because what I think I'm seeing is an emergent 452 00:24:05,240 --> 00:24:10,080 architecture for what we should be heading towards that 453 00:24:10,120 --> 00:24:13,120 acknowledges the realities of an identity team. 454 00:24:13,160 --> 00:24:16,920 And one of those realities is you don't replace major 455 00:24:16,920 --> 00:24:18,720 constituents in your architecture very often. 456 00:24:19,360 --> 00:24:22,000 Once a decade you change out your IDP, Once a decade you 457 00:24:22,000 --> 00:24:27,040 change out your IGA. And if you've got different 458 00:24:27,040 --> 00:24:29,400 kinds of needs that the business is bringing to you, like case in 459 00:24:29,400 --> 00:24:33,040 point, you need fappy support. Your IDP may not have that. 460 00:24:33,680 --> 00:24:35,200 Are you going to throw out that IDP? 461 00:24:35,240 --> 00:24:39,480 Heck no, because it's doing SSO for like a gazillion things plus 462 00:24:39,480 --> 00:24:42,680 all your O auth brokering. What you might do is augment it 463 00:24:43,080 --> 00:24:44,680 with a specialized solution that has it. 464 00:24:45,120 --> 00:24:47,600 Well, all of a sudden now you find yourself that's an identity 465 00:24:47,600 --> 00:24:51,120 fabric. How the hell is this all going 466 00:24:51,120 --> 00:24:54,040 to work together? And so I started just writing 467 00:24:54,040 --> 00:24:59,160 like just getting it all out. And I thought it was going to be 468 00:24:59,160 --> 00:25:02,800 a short piece. That was a lie I told myself. 469 00:25:03,120 --> 00:25:07,520 And so one of the things that's in there is a notional reference 470 00:25:07,520 --> 00:25:10,120 architecture and it talks about those five components that you 471 00:25:10,120 --> 00:25:15,280 mentioned and describes the interplay between them as this 472 00:25:15,280 --> 00:25:17,920 is what I think, this is where I think we're headed from an 473 00:25:17,920 --> 00:25:21,640 architectural perspective. At least you write the documents 474 00:25:21,640 --> 00:25:26,480 or the blogs for. I just needed to get it out of 475 00:25:26,480 --> 00:25:30,000 my head right And for. You right, Ian, It's kind of 476 00:25:30,000 --> 00:25:35,040 like thinking out loud. A lot of look, I am. 477 00:25:36,440 --> 00:25:38,600 I've found in my career that I've only smarted in the 478 00:25:38,600 --> 00:25:42,600 presence of other people. Like I need other people to 479 00:25:42,600 --> 00:25:48,280 critique and push back and comment on and nudge to actually 480 00:25:48,280 --> 00:25:50,600 produce anything. And so I was like, look, I'm 481 00:25:50,600 --> 00:25:53,480 going to get this crap out there and then people are going to 482 00:25:53,480 --> 00:25:56,280 beat it up and then someone's going to pick up a piece of this 483 00:25:56,280 --> 00:25:58,200 thing and run with it. And it's going to be, it's going 484 00:25:58,200 --> 00:26:00,640 to be better. Like, let's just do that. 485 00:26:01,120 --> 00:26:04,400 So in some regards, yes, I wrote it for architects, I wrote it 486 00:26:04,400 --> 00:26:07,200 for product managers also, like I always sort of write for 487 00:26:07,200 --> 00:26:09,920 myself in that regard of like, hey, like how should I be 488 00:26:09,920 --> 00:26:12,320 thinking about the next three years of where I want to take my 489 00:26:12,320 --> 00:26:13,840 product? If I'm a product owner or 490 00:26:13,840 --> 00:26:16,480 product manager? And if I'm in large enterprise, 491 00:26:16,480 --> 00:26:19,000 like same thing. Like I've got a whole bunch of 492 00:26:19,000 --> 00:26:21,360 piece parts. How the heck is this all going 493 00:26:21,360 --> 00:26:24,920 to work together? And how am I going to be, how is 494 00:26:24,920 --> 00:26:27,080 that architecture going to be stressed in the coming years? 495 00:26:27,080 --> 00:26:29,240 And what should I, what should I think about as I keep going 496 00:26:29,240 --> 00:26:31,240 forward? So I didn't write it for a 497 00:26:31,240 --> 00:26:33,480 single persona. I wrote it for people that were 498 00:26:33,480 --> 00:26:38,040 just genuinely curious and could find something in there that 499 00:26:38,040 --> 00:26:39,600 they could use. Maybe not the whole thing, 500 00:26:39,680 --> 00:26:42,160 that's fine, I just wanted to get some ideas out there. 501 00:26:42,880 --> 00:26:47,720 Yeah, I I think that you hit the nail on the head in turn like 502 00:26:47,720 --> 00:26:50,520 you used a great example, what is access management. 503 00:26:50,720 --> 00:26:54,000 But as you think about what we have been doing for a living for 504 00:26:54,000 --> 00:26:57,720 the last 20 plus years, it's identity and access management 505 00:26:57,720 --> 00:27:01,120 on now you, how do you even define that? 506 00:27:01,360 --> 00:27:04,240 People? You say what is access 507 00:27:04,240 --> 00:27:08,040 management? But I, I think that's, that is 508 00:27:08,160 --> 00:27:14,000 the under pinning or the under churn of what we're doing here, 509 00:27:14,000 --> 00:27:17,840 which is these definitions are constantly changing the identity 510 00:27:17,840 --> 00:27:19,800 access management, that's digital identity. 511 00:27:20,120 --> 00:27:22,520 What is it now? It's an identity security. 512 00:27:23,480 --> 00:27:26,960 Is that just a buzz term or is that actually something real? 513 00:27:28,280 --> 00:27:29,440 And that's not a question for you. 514 00:27:29,440 --> 00:27:32,240 I'm just, yeah, I'm just talking out loud. 515 00:27:34,000 --> 00:27:37,880 So, so Jim, my reaction to that was like, let's focus on the 516 00:27:37,880 --> 00:27:41,600 outcomes that the things that I have can have, right? 517 00:27:41,600 --> 00:27:43,920 So like I've got these pieces of things in my identity 518 00:27:43,920 --> 00:27:46,440 infrastructure, What outcomes can I achieve with them? 519 00:27:46,440 --> 00:27:49,400 And I I've been trying to drive to like focus on the outcomes 520 00:27:49,400 --> 00:27:51,720 that you want the architecture to have or your infrastructure 521 00:27:51,720 --> 00:27:53,920 to have. And then let's, we can give 522 00:27:53,920 --> 00:27:56,360 those things names or not, it doesn't matter. 523 00:27:56,600 --> 00:27:59,520 And if you're using a tool in kind of a funny way, but it, it 524 00:27:59,520 --> 00:28:01,480 scratches the itch, it reaches that outcome. 525 00:28:01,840 --> 00:28:05,400 Who's to say that's wrong? Like I'm, I think we got to get 526 00:28:05,400 --> 00:28:08,760 away from some of those sort of strictly bucketed market 527 00:28:08,760 --> 00:28:11,320 terminology and start thinking about like, what do we need to 528 00:28:11,320 --> 00:28:13,640 get done? What is the most efficient way 529 00:28:13,640 --> 00:28:16,920 for me this organization, given the constraints we have, to get 530 00:28:16,920 --> 00:28:20,000 that done, get that achieved? Well, let's not forget the most 531 00:28:20,000 --> 00:28:22,440 important thing here. It needs to have another acronym 532 00:28:23,240 --> 00:28:24,920 and it needs to conflict with something else within the 533 00:28:24,920 --> 00:28:28,560 identity space. I'm not a barbarian, of course. 534 00:28:28,600 --> 00:28:31,200 We need something that's utterly confusing and, you know, 535 00:28:31,200 --> 00:28:35,000 conflicting, of course. It's got to have, yeah, it's got 536 00:28:35,000 --> 00:28:38,760 to be catchy so that everybody can say now there's more modern 537 00:28:38,760 --> 00:28:43,080 identity architecture. To be fair, Dave Birch said. 538 00:28:43,080 --> 00:28:44,920 I should have called the architecture dope. 539 00:28:45,960 --> 00:28:49,240 I'm like, yeah, but that's like the 80s calling and like that. 540 00:28:49,240 --> 00:28:51,960 I have like control essay nightmares when you start doing 541 00:28:51,960 --> 00:28:53,760 that. And so like, I don't think 542 00:28:53,760 --> 00:28:56,040 that's super cool, but. Everything's just a cycle, Ian. 543 00:28:56,040 --> 00:28:58,360 It's dope. And then you have belt the bell 544 00:28:58,360 --> 00:29:00,280 bottom principle, right? We have to figure out how that 545 00:29:00,280 --> 00:29:01,840 works. And I am, Yeah. 546 00:29:01,840 --> 00:29:04,680 And then classic rock like Nirvana, which, oh, that makes 547 00:29:04,680 --> 00:29:07,880 me feel old. Yeah, exactly. 548 00:29:07,880 --> 00:29:10,640 That'll be cool. And it's by the time you're 549 00:29:10,640 --> 00:29:12,640 like, oh, turn, turn the music down. 550 00:29:12,880 --> 00:29:16,280 That's when it'll be cool again. I think we can agree classic 551 00:29:16,280 --> 00:29:21,120 rock is music from the 70s. Everything else is not classic 552 00:29:21,120 --> 00:29:23,000 rock. I agree with that. 553 00:29:23,320 --> 00:29:24,880 I'm with you. That's that's a platform. 554 00:29:24,880 --> 00:29:27,960 But here's the thing. I mean, the 70s are like a 555 00:29:27,960 --> 00:29:31,040 billion years ago and it's like me in the 70s are like Oh my 556 00:29:31,040 --> 00:29:35,280 God, like Glenn Miller is the classic rock of like my 557 00:29:35,280 --> 00:29:38,000 grandparents generation. Like oh God, what does this mean 558 00:29:38,000 --> 00:29:42,440 for me anyway? We went, we went way off with 559 00:29:42,440 --> 00:29:45,200 that one. Sorry. 560 00:29:45,760 --> 00:29:50,600 What's these five elements? Are they layers of this like a 561 00:29:50,600 --> 00:29:53,520 reference architecture? Or is there just too much 562 00:29:53,600 --> 00:29:58,200 blurring to call it layers? I refer to them as layers and 563 00:29:58,200 --> 00:30:01,280 you know I sort of start with policy is the first one like 564 00:30:01,720 --> 00:30:04,520 it's the backdrop, right. We are awash in our enterprises 565 00:30:04,520 --> 00:30:09,280 and policy, both sort of business rules but also the 566 00:30:09,280 --> 00:30:11,840 technical ones. And we know the well and 567 00:30:11,840 --> 00:30:14,360 identity, right there are provisioning policies, who's 568 00:30:14,360 --> 00:30:16,840 supposed to get what you know, what are the attributes we need 569 00:30:16,840 --> 00:30:19,640 to set like it's the configurations in our SSO tools 570 00:30:19,640 --> 00:30:23,680 like we recognize those things. But one of the realizations I 571 00:30:23,680 --> 00:30:29,200 had was traditionally speaking, our identity products only could 572 00:30:29,200 --> 00:30:34,840 describe policies and knew about data that they could interact 573 00:30:34,840 --> 00:30:36,240 with through their execution layer. 574 00:30:36,800 --> 00:30:39,560 So if I was a provisioning product, the data I knew about 575 00:30:39,840 --> 00:30:42,600 which things that I had a connector for and I could write 576 00:30:42,600 --> 00:30:47,280 policies about those things. In the modern era, I want to 577 00:30:47,280 --> 00:30:51,080 describe a policy that says, well before you go accessing 578 00:30:51,080 --> 00:30:55,360 production Azure instance, there's got to be a ServiceNow 579 00:30:55,360 --> 00:30:59,960 ticket open in your name referencing the specific Azure 580 00:31:00,000 --> 00:31:01,600 account that we need to go talk to. 581 00:31:02,120 --> 00:31:04,920 You need to be coming from a managed product or a managed 582 00:31:04,920 --> 00:31:07,520 laptop. It needs to be fully patched. 583 00:31:07,800 --> 00:31:12,520 And then if all those things are true and we're not in the last 584 00:31:12,520 --> 00:31:17,080 days of the quarter, then get this ephemeral role that I want 585 00:31:17,080 --> 00:31:19,480 to assign to your access and let the IDP do that. 586 00:31:19,680 --> 00:31:21,400 And then it will go away when things are done. 587 00:31:22,480 --> 00:31:25,160 That's not the kind of policy you could write in a traditional 588 00:31:25,160 --> 00:31:28,080 system. It is 100% however, the kind of 589 00:31:28,080 --> 00:31:32,000 policy that if you step away from the technology, what people 590 00:31:32,000 --> 00:31:35,360 want to have as outcomes, what they want to put in place in 591 00:31:35,360 --> 00:31:38,240 their enterprises. But they got a jury rig it 592 00:31:38,240 --> 00:31:42,440 between 5 different technologies that don't talk like this only 593 00:31:42,440 --> 00:31:45,080 gets worse when you realize, well, how many components are in 594 00:31:45,080 --> 00:31:48,000 my identity architecture, like in my infrastructure, how do I 595 00:31:48,000 --> 00:31:51,160 coordinate that stuff? So policy is The thing is the 596 00:31:51,160 --> 00:31:54,080 backdrop, right? That is the that pervasive layer 597 00:31:54,080 --> 00:32:00,160 and it will be tiered. And I know that's a hard topic 598 00:32:00,160 --> 00:32:02,920 in and of itself. And I don't want to make light 599 00:32:02,920 --> 00:32:05,840 of it because the more I talk to people at large enterprise, 600 00:32:05,840 --> 00:32:09,680 they're saying I, as an identity team, want to describe a set of 601 00:32:09,680 --> 00:32:11,880 guard rails. The people that are actually 602 00:32:11,880 --> 00:32:15,000 doing the identity work in terms of implementing systems that 603 00:32:15,000 --> 00:32:17,320 consume identity services, they're at the edge. 604 00:32:17,360 --> 00:32:19,400 They've got their own rules because they're closest to the 605 00:32:19,400 --> 00:32:21,600 application. How do I make this coherent? 606 00:32:21,600 --> 00:32:24,440 How do I link these things? I don't have good answers to 607 00:32:24,440 --> 00:32:30,400 that yet, but I acknowledge that like this is still a place that 608 00:32:30,400 --> 00:32:32,080 we can do better. And I think it's actually an 609 00:32:32,080 --> 00:32:34,880 interesting opportunity legitimately for AI. 610 00:32:35,200 --> 00:32:38,360 I'm just not sure how yet. Like the oh, create a policy 611 00:32:38,360 --> 00:32:39,600 from natural language blah blah blah. 612 00:32:39,600 --> 00:32:42,200 That's boring. I mean like real interesting use 613 00:32:42,200 --> 00:32:43,960 of AII, just haven't seen it yet. 614 00:32:45,120 --> 00:32:48,040 Well, I think that's like what you just described is like 615 00:32:48,040 --> 00:32:50,440 Nirvana, right? It's a whole bunch of like if, 616 00:32:50,440 --> 00:32:54,160 then statements and that forms your policy of when you're 617 00:32:54,160 --> 00:32:56,960 allowed to do things. And I look, I say it's all due 618 00:32:56,960 --> 00:32:58,280 respect. I love it. 619 00:32:58,800 --> 00:33:04,400 I just don't see it happening anytime soon for even half of 620 00:33:04,800 --> 00:33:06,160 the organizations out there with I am stuff. 621 00:33:06,160 --> 00:33:10,000 Because it takes so long for organizations to invest in 622 00:33:10,000 --> 00:33:13,240 technology, they're going to need probably a couple different 623 00:33:13,240 --> 00:33:15,960 tools to do that. They're going to need good data, 624 00:33:16,040 --> 00:33:17,560 right to do sort of things like that. 625 00:33:18,200 --> 00:33:22,200 And you know, for every cutting edge Google, Microsoft, Apple, 626 00:33:22,840 --> 00:33:26,520 TikTok, PayPal, right, whoever it may be who is really cutting 627 00:33:26,520 --> 00:33:30,640 edge of I am, there are 100 a thousand times more companies 628 00:33:30,640 --> 00:33:34,920 who are still getting a fax to get somebody on boarded. 629 00:33:35,680 --> 00:33:37,840 Right. I mean, it's, it's, it's, it 630 00:33:37,840 --> 00:33:41,960 sounds cool, it sounds neat. And then I get so I feel like 631 00:33:41,960 --> 00:33:46,280 pessimistic about like, well, that's, that's 1015 years ago 632 00:33:46,280 --> 00:33:50,200 realistically for, you know, most companies to aspire to 633 00:33:50,200 --> 00:33:53,920 that, if they even get that far. Help me talk to you about the 634 00:33:53,920 --> 00:33:55,760 ledge because I love the idea of it. 635 00:33:56,120 --> 00:33:57,760 I just don't see it happening anytime soon. 636 00:33:58,040 --> 00:34:00,680 So I think there's two things that might give you hope to 637 00:34:00,760 --> 00:34:02,400 carry on. Like I didn't realize that we're 638 00:34:02,400 --> 00:34:04,840 doing this as like it's the Wonderful Life edition of. 639 00:34:07,280 --> 00:34:11,000 I am therapy with Ian. So so two things to consider. 1 640 00:34:11,000 --> 00:34:18,800 is standards help us build a better identity fabric and allow 641 00:34:18,800 --> 00:34:20,360 for orchestration between components. 642 00:34:21,239 --> 00:34:25,600 And I think that's really important Things like shared 643 00:34:25,600 --> 00:34:28,920 signals is one of those things that I think is really, really 644 00:34:28,920 --> 00:34:32,320 important to help us here. Both respond more dynamically 645 00:34:33,040 --> 00:34:36,280 closer to the incident, closer to whatever that that that 646 00:34:36,719 --> 00:34:44,560 decision making moment is. And that that allows us to put 647 00:34:44,560 --> 00:34:46,960 smaller components into our identity architecture without 648 00:34:46,960 --> 00:34:52,239 upsetting the apple cart, right? So if you're, if you've got a 649 00:34:52,239 --> 00:34:56,840 lot of sort of tech inertia because of whether it's on Prem 650 00:34:56,840 --> 00:34:59,080 legacy that, you know, you want to migrate, but that's a five 651 00:34:59,080 --> 00:35:01,040 year project and that's what we're doing and we're going to 652 00:35:01,040 --> 00:35:04,160 go knock it down. Or you've just got sort of basic 653 00:35:05,200 --> 00:35:09,120 components to begin with. You still have an opportunity to 654 00:35:09,120 --> 00:35:14,360 add fit for purpose components, essentially capabilities. 655 00:35:15,000 --> 00:35:20,520 I still think that's true. What you might lack is the 656 00:35:20,520 --> 00:35:23,040 staffing to be able to operate it. 657 00:35:23,920 --> 00:35:29,120 What you might lack is a seat at the table that says, hey, 658 00:35:29,160 --> 00:35:33,040 security, You've got a bunch of requirements here that you keep 659 00:35:33,040 --> 00:35:37,400 pushing on application teams. Like for example, they've got to 660 00:35:37,400 --> 00:35:42,560 be coming from, you know, I want a full ZTNA type situation and I 661 00:35:42,560 --> 00:35:45,600 want this MFA. You, you, you're doing all these 662 00:35:45,600 --> 00:35:50,160 things, but all of those controls are disjoint and 663 00:35:50,160 --> 00:35:54,280 they're not actually been sort of laid out together because 664 00:35:54,280 --> 00:35:56,560 they have to really run in parallel in a lot of ways. 665 00:35:57,840 --> 00:36:01,200 And I think this is, this is an opportunity for, to me, what I 666 00:36:01,200 --> 00:36:04,280 think what Gartner would call identity first security. 667 00:36:04,280 --> 00:36:06,800 They really hate the identity security term. 668 00:36:07,080 --> 00:36:09,800 It's really entertaining to watch them kind of go off on 669 00:36:09,800 --> 00:36:15,640 that of just the, how do we make our security controls and our 670 00:36:15,640 --> 00:36:18,360 identity controls first and foremost in that sort of set of 671 00:36:18,360 --> 00:36:21,920 security controls and orchestrate that to happen one 672 00:36:21,920 --> 00:36:26,800 side. The other side of it is, but one 673 00:36:26,800 --> 00:36:29,800 of the trends we're seeing is that people are building data 674 00:36:29,800 --> 00:36:34,680 tiers that are considering more than just one flavour of data, 675 00:36:34,680 --> 00:36:37,120 right? Used to be my IGA tool had admin 676 00:36:37,120 --> 00:36:39,960 time data. What could I write a connector 677 00:36:39,960 --> 00:36:42,720 for? Pull data back, provision back 678 00:36:42,720 --> 00:36:45,680 out again, right? And our access management tool 679 00:36:45,680 --> 00:36:47,560 knew about systems it was connected to. 680 00:36:47,560 --> 00:36:49,280 And who attempted to create a session? 681 00:36:49,280 --> 00:36:51,800 Did we create that session? When did we log that person out? 682 00:36:52,600 --> 00:36:54,480 Never. The two shall meet, right? 683 00:36:54,480 --> 00:36:58,240 Like totally silo data. Now we're starting to see people 684 00:36:58,240 --> 00:37:00,560 say, let's bring those sets of data together, let's bring those 685 00:37:00,560 --> 00:37:06,560 things together and then be able to have signal information. 686 00:37:06,560 --> 00:37:11,120 So say shared shared signals framework from things like our 687 00:37:11,120 --> 00:37:16,640 EDR starting to facilitate this thing where now you've actually 688 00:37:16,640 --> 00:37:19,320 got the data you can reason against, even if you're writing 689 00:37:19,320 --> 00:37:22,320 basic policies. The thing that I struggle with 690 00:37:22,520 --> 00:37:25,800 is it is bananas. If you look at someone's 691 00:37:25,800 --> 00:37:28,920 identity architecture, each component in their architecture, 692 00:37:29,240 --> 00:37:33,600 their IGA, their Pam, their SSO, who knows what else they've got 693 00:37:33,600 --> 00:37:35,800 in there. They're specialized MFA, each 694 00:37:35,800 --> 00:37:37,320 one of them has their own data repository. 695 00:37:37,880 --> 00:37:41,840 I guarantee you that like 20 to 30% of the data in each one of 696 00:37:41,840 --> 00:37:45,800 those things is duplicated with one other component, if not all 697 00:37:45,800 --> 00:37:48,320 of them. How on earth are we supposed to 698 00:37:48,320 --> 00:37:51,200 operate this monster if we're not all reading from the same 699 00:37:51,200 --> 00:37:54,280 page? And so one of the tenants I say 700 00:37:54,280 --> 00:37:59,160 in modern I am is a unified data tier that everything in the 701 00:37:59,160 --> 00:38:04,800 fabric can pull from and use at least as a system of record and 702 00:38:04,800 --> 00:38:08,120 bring proper data management practitioners to this 703 00:38:08,120 --> 00:38:12,280 conversation as opposed to us I am people being like, cool, I 704 00:38:12,280 --> 00:38:13,960 know what I'm doing down here in the data tier. 705 00:38:14,040 --> 00:38:16,000 You don't. You just don't, right? 706 00:38:16,320 --> 00:38:19,280 Data governance is a real thing. Let's bring those practitioners 707 00:38:19,280 --> 00:38:22,360 into this story. All right, let me try to swing 708 00:38:22,360 --> 00:38:24,200 it back to the positive side because you sparked a couple 709 00:38:24,200 --> 00:38:27,840 thoughts in my head. And one is, is there a catch up 710 00:38:27,840 --> 00:38:32,400 point here or a level skip or whatever we want to call it 711 00:38:32,400 --> 00:38:37,800 where we say, OK, yeah, maybe we missed the boat on IGA, you 712 00:38:37,800 --> 00:38:41,680 know, over the last 10 years. But if we adopt this mindset, 713 00:38:41,680 --> 00:38:43,920 this modern architecture, this modern identity kind of 714 00:38:43,920 --> 00:38:47,080 thinking, is there an opportunity for organizations 715 00:38:47,080 --> 00:38:50,240 who maybe missed that boat to skip ahead to, hey, you know 716 00:38:50,240 --> 00:38:52,200 what, we've got some new tools that are coming out. 717 00:38:52,200 --> 00:38:53,560 We're better at our data. Maybe we're more 718 00:38:53,560 --> 00:38:56,320 organizationally sound when it comes to, you know, how we 719 00:38:56,320 --> 00:38:57,560 collect that kind of stuff and store it. 720 00:38:58,160 --> 00:39:00,560 Maybe I don't need all those other components that at that 721 00:39:00,560 --> 00:39:02,160 point might be considered more legacy. 722 00:39:02,400 --> 00:39:03,400 Is there an opportunity for that? 723 00:39:03,960 --> 00:39:07,320 I think there is an opportunity. I think it's around taking the 724 00:39:07,320 --> 00:39:13,000 heart where you can, where is most impactful 0 standing 725 00:39:13,000 --> 00:39:15,200 privilege. Leave aside the plumbing, leave 726 00:39:15,200 --> 00:39:17,360 aside all the things that I actually talked about in in 727 00:39:17,360 --> 00:39:23,040 those blog pieces and focus on where do we have the opportunity 728 00:39:23,040 --> 00:39:28,120 to use ephemeral access? And can we describe what the 729 00:39:28,120 --> 00:39:30,720 appropriate access is for a certain job function? 730 00:39:30,720 --> 00:39:33,840 So a production instance, break glass scenario. 731 00:39:34,080 --> 00:39:35,840 What do developers need in stage? 732 00:39:35,840 --> 00:39:40,440 What do they need in test and where systems and increasingly 733 00:39:40,440 --> 00:39:43,640 especially our cloud ones, do facilitate ephemeral access. 734 00:39:43,640 --> 00:39:46,160 So you get something assigned at the beginning of your session 735 00:39:46,160 --> 00:39:48,480 and when that session's over, it goes away. 736 00:39:49,640 --> 00:39:57,040 Holding tight to that as a goal I think will have sort of knock 737 00:39:57,040 --> 00:40:00,200 on effects of like, OK, cool, I can do that in these 738 00:40:00,200 --> 00:40:03,680 environments. Now, how do I better describe 739 00:40:03,760 --> 00:40:06,840 the rules of the game here? Where should my control points 740 00:40:06,840 --> 00:40:08,240 be? I think it leads to better 741 00:40:08,240 --> 00:40:14,160 conversations in places that don't facilitate ZSP as easily 742 00:40:14,160 --> 00:40:17,960 or efemoral axis as easily. That's places to then take a 743 00:40:17,960 --> 00:40:22,160 really sharp eye and look at it and say, is this the place where 744 00:40:22,160 --> 00:40:27,480 we need to do more role engineering, more QA, Rs, what 745 00:40:27,480 --> 00:40:30,960 have you And really like focus the scope of where we're doing 746 00:40:30,960 --> 00:40:35,240 more heavyweight traditional I am and start to find pieces 747 00:40:35,800 --> 00:40:39,400 critical, critical systems, cloud systems, what have you to 748 00:40:39,400 --> 00:40:43,120 actually try to bite off some of the ZSP concepts and start to 749 00:40:43,120 --> 00:40:46,680 develop those that muscle there. And I think there really is an 750 00:40:46,680 --> 00:40:50,440 opportunity for kind of a catch up there because we're now 751 00:40:50,440 --> 00:40:53,360 increasingly finding high impact systems that do facilitate it. 752 00:40:53,800 --> 00:40:56,240 That means you don't have to bring all the tools of the last 753 00:40:56,240 --> 00:40:58,560 decade to bear. You actually can do this 754 00:40:58,560 --> 00:41:01,320 differently. Lighter weight, easier to audit, 755 00:41:01,600 --> 00:41:05,320 more effective. I can see where you broke this 756 00:41:05,600 --> 00:41:09,520 into multiple blogs for instance, than just one blog and 757 00:41:09,520 --> 00:41:12,800 layout. I'm threatening to glue them all 758 00:41:12,800 --> 00:41:15,480 back together and make like an e-book that I don't know I'll 759 00:41:15,480 --> 00:41:16,720 print out for my mom or something. 760 00:41:16,720 --> 00:41:20,560 I'm not sure what I'm doing. So you talked about policy. 761 00:41:20,560 --> 00:41:23,440 I had a bunch of follow up questions, but I think we should 762 00:41:23,440 --> 00:41:29,840 keep pace when it's the data talked about data lake earlier I 763 00:41:29,840 --> 00:41:33,960 even had just a foundational question of like, OK, what is 764 00:41:33,960 --> 00:41:36,080 identity data? You actually started a whole 765 00:41:36,080 --> 00:41:39,240 piece around what is identity data? 766 00:41:41,200 --> 00:41:45,840 I have always kind of felt like there's the black and the white 767 00:41:45,840 --> 00:41:47,640 and then there's the Gray in between. 768 00:41:47,760 --> 00:41:52,840 There's information like transactions that Ian did on 769 00:41:52,840 --> 00:41:55,400 Amazon, those are not identity data. 770 00:41:55,720 --> 00:42:00,240 There's Ian's credentials to log into Amazon, that's identity 771 00:42:00,240 --> 00:42:02,000 data. Then there's a whole bunch of 772 00:42:02,000 --> 00:42:06,840 stuff in between like billing address and other things that 773 00:42:07,600 --> 00:42:11,600 maybe they're application specific, but they could 774 00:42:11,600 --> 00:42:15,520 contribute to, oh, you know, Ian lives in this part of the world 775 00:42:15,520 --> 00:42:17,720 and things like that. We can make some identity 776 00:42:17,720 --> 00:42:23,240 decision based on it. What I'm finding as I talked to 777 00:42:23,280 --> 00:42:28,240 more identity practitioners is that they want to solve their 778 00:42:28,240 --> 00:42:35,280 business specific identity and access issues with data that 779 00:42:35,280 --> 00:42:38,920 matters to them. You know, if they're, you know, 780 00:42:38,920 --> 00:42:42,600 say in the insurance industry or something like that, maybe 781 00:42:42,600 --> 00:42:46,680 there's some data elements that come from other systems that 782 00:42:46,800 --> 00:42:48,840 they can make access decisions on. 783 00:42:50,040 --> 00:42:54,920 Do you see that's, I kind of feel like that is enabling that 784 00:42:54,920 --> 00:43:01,160 type of approach is something that technology vendors are 785 00:43:01,160 --> 00:43:03,960 starting to say, all right, well, there's all these 786 00:43:03,960 --> 00:43:07,880 different use cases that are specific to not only industry, 787 00:43:07,920 --> 00:43:11,040 but specific to clients. We're not going to try to solve 788 00:43:11,040 --> 00:43:12,600 them all. We're going to give you the 789 00:43:12,600 --> 00:43:15,720 platform to build it from. And it's not only maybe it's not 790 00:43:15,720 --> 00:43:20,480 even like a technology or product thing to solve. 791 00:43:20,480 --> 00:43:24,680 Maybe it's, you know, it's just building a platform. 792 00:43:24,680 --> 00:43:28,960 So I, I guess like turning all that into a question is what 793 00:43:28,960 --> 00:43:30,720 were you talking about with what were you? 794 00:43:30,880 --> 00:43:34,400 Thinking what the what? The heck were you thinking? 795 00:43:35,000 --> 00:43:38,960 So, so two things. One is I wrote about this not in 796 00:43:38,960 --> 00:43:43,440 the same series, but a post which is a probably bad idea, 797 00:43:44,000 --> 00:43:46,080 which talks about workforce identity data platforms. 798 00:43:46,160 --> 00:43:48,520 Get that in a SEC in the consumer world. 799 00:43:49,000 --> 00:43:50,760 And I'm not talking about consumer, I am just, I'm talking 800 00:43:50,760 --> 00:43:54,400 about in the consumer world you have data platforms called 801 00:43:54,400 --> 00:43:58,880 customer data platforms, CDPS. It's its own market and it 802 00:43:58,880 --> 00:44:02,680 consumes all manner of data, everything from click stream 803 00:44:02,680 --> 00:44:09,240 analytics on websites to e-mail open statistics to self provided 804 00:44:09,720 --> 00:44:11,560 preference information. You know, I'm into these 805 00:44:11,560 --> 00:44:13,240 colours, these styles, what have you. 806 00:44:13,800 --> 00:44:20,600 All of that goes into ACDP and arguably all of that then is 807 00:44:20,600 --> 00:44:23,960 used to build better customer journeys and experiences. 808 00:44:24,840 --> 00:44:31,240 And so if you are on a major e-commerce site, you are very 809 00:44:31,240 --> 00:44:33,600 much have information that is now in ACDP somewhere. 810 00:44:34,760 --> 00:44:38,000 The credential that you used to log in, let's say it's a social 811 00:44:38,000 --> 00:44:39,640 credential, that's also interesting. 812 00:44:39,640 --> 00:44:44,320 So in my mind, I've always had the attitude of the data that is 813 00:44:44,320 --> 00:44:48,800 associated to you, the consumer. CDPS are designed to do these 814 00:44:48,800 --> 00:44:51,240 things from a data management perspective and then the ability 815 00:44:51,240 --> 00:44:54,120 to reason across it and make decisions across it and then 816 00:44:54,120 --> 00:44:57,440 affect changing it. How you authenticate to This 817 00:44:57,440 --> 00:45:02,000 site is a thin wedge of that information that an identity 818 00:45:02,000 --> 00:45:05,320 team is responsible for, but they should be the data 819 00:45:05,320 --> 00:45:08,760 custodians for the entire CDP. They don't own the CRM like that 820 00:45:08,760 --> 00:45:10,360 would be crazy to think about that. 821 00:45:10,400 --> 00:45:13,680 But the notion of ACDP that takes all these different kinds 822 00:45:13,680 --> 00:45:17,360 of data in terms of different velocities of data, structures 823 00:45:17,360 --> 00:45:19,680 of data, and puts them together so that you can actually build a 824 00:45:19,680 --> 00:45:21,520 better customer experience. That's really cool. 825 00:45:22,600 --> 00:45:24,600 So when I took that idea, I was like, what if we did that for 826 00:45:24,600 --> 00:45:27,440 workforce? This is a horrible idea. 827 00:45:27,440 --> 00:45:29,960 And I kept going through like how horrible of an idea is. 828 00:45:29,960 --> 00:45:32,840 Like I'm going to throw what training classes you've got in 829 00:45:32,840 --> 00:45:38,080 there and I'm going to throw your your 360 surveys. 830 00:45:38,080 --> 00:45:40,160 Like I'm gonna throw everything in that pot. 831 00:45:40,480 --> 00:45:42,640 And not dinner. I'm sorry if I'm interrupting, 832 00:45:43,160 --> 00:45:46,720 but are you talking about like taking copies of the training 833 00:45:46,720 --> 00:45:49,760 data and throwing it in your lake or you're just pointing to 834 00:45:49,760 --> 00:45:50,920 it? Well, so here's the beautiful 835 00:45:50,920 --> 00:45:53,960 thing is that, and This is why we need more data management 836 00:45:54,240 --> 00:45:57,520 professionals in conversations about any practitioners is that 837 00:45:58,280 --> 00:46:00,600 things like lake house architectures can do reference 838 00:46:00,600 --> 00:46:03,160 without copy for massive data sets. 839 00:46:03,160 --> 00:46:06,560 Like I didn't really learn this until I was at Salesforce for a 840 00:46:06,560 --> 00:46:09,400 couple of years and looking at how they're building their CDP 841 00:46:09,400 --> 00:46:13,720 and the ability to do 0 copy. But on the, you know, petabytes 842 00:46:13,720 --> 00:46:16,920 of data, you're like, holy crap, like blew my mind. 843 00:46:16,920 --> 00:46:20,000 I got my start as an Oracle sales engineer. 844 00:46:20,000 --> 00:46:23,480 Like good old relational tables and Oracle seven man, the world 845 00:46:23,480 --> 00:46:27,120 is a really different place. And if you're listening to this 846 00:46:27,120 --> 00:46:29,920 and you take one thing from this is go find your data management 847 00:46:29,920 --> 00:46:32,360 practitioners because they're fascinating and the things they 848 00:46:32,360 --> 00:46:34,760 can do are fascinating. So I think it's reference, not 849 00:46:34,760 --> 00:46:38,200 copy, but you may copy for a variety of reasons. 850 00:46:38,240 --> 00:46:42,520 One of which guys, you know, this, how much in the, the 851 00:46:42,520 --> 00:46:45,280 customers that you have and the work that you do is dealing with 852 00:46:45,280 --> 00:46:49,560 data quality issues and you find those data quality issues and 853 00:46:49,560 --> 00:46:51,920 what are you left to do? Go to the upstream system and be 854 00:46:51,920 --> 00:46:56,080 like, Hey, can you change this? Cause your use of like street is 855 00:46:56,080 --> 00:46:58,960 just all baffled and weird and it's causing all sorts of 856 00:46:58,960 --> 00:47:02,000 problems that that's not a conversation that often goes 857 00:47:02,000 --> 00:47:03,880 well. So it's left to the identity 858 00:47:03,880 --> 00:47:06,480 team while they're marshalling data to fix these things. 859 00:47:06,880 --> 00:47:09,040 So there's actually some legitimate reason why you do 860 00:47:09,040 --> 00:47:11,480 want to copy some of this stuff so you can improve its data 861 00:47:11,480 --> 00:47:17,960 quality. And so long way around, very 862 00:47:17,960 --> 00:47:24,200 long way around, I think there is an opportunity to bring 863 00:47:24,200 --> 00:47:26,800 together a variety of different kinds of information, whether 864 00:47:26,800 --> 00:47:29,480 it's copy or reference, that's the data management team's 865 00:47:29,480 --> 00:47:32,920 decision. But whether that is workforce 866 00:47:32,920 --> 00:47:35,240 and workforce related training information, those kinds of 867 00:47:35,240 --> 00:47:39,480 things, plus why don't we bring in other kinds of information? 868 00:47:39,480 --> 00:47:41,000 And that leads to the conversation of like, should 869 00:47:41,000 --> 00:47:43,200 this thing be its own? Should it be its own identity 870 00:47:43,200 --> 00:47:45,440 like, or is it part of your security data? 871 00:47:45,440 --> 00:47:49,080 Like closer to things like IP intelligence, other threat 872 00:47:49,080 --> 00:47:52,800 information, zero trust, telemetry, things like that. 873 00:47:53,000 --> 00:47:55,480 And now identity has its components in there that it can 874 00:47:55,480 --> 00:47:57,640 reason across. I don't. 875 00:47:57,800 --> 00:48:00,760 Know that's going to be. Some of it's going to be log 876 00:48:00,760 --> 00:48:05,240 data, some of it's going to be resident in some system for 877 00:48:05,240 --> 00:48:06,720 sure. Some of it's going to be third 878 00:48:06,720 --> 00:48:10,000 party data that you can only write you only get through an 879 00:48:10,000 --> 00:48:13,440 API. Yeah, all of those things. 880 00:48:13,520 --> 00:48:16,400 And, and this is the important part, I've talked to 881 00:48:16,400 --> 00:48:18,920 organizations who have built these things either inside of 882 00:48:18,920 --> 00:48:20,600 their security data lakes or on their own. 883 00:48:22,680 --> 00:48:26,880 They are a rare breed of organization, right to, you 884 00:48:26,880 --> 00:48:29,880 know, the person who's like, I'm barely holding it down as it is. 885 00:48:29,880 --> 00:48:31,680 I'm not building a data lake for this identity type. 886 00:48:31,680 --> 00:48:33,560 Are you kidding? I think what we're going to see, 887 00:48:33,560 --> 00:48:36,320 and the market is showing us this, is that vendors are coming 888 00:48:36,320 --> 00:48:38,680 now and saying we can at least combine different kinds of 889 00:48:38,680 --> 00:48:42,400 identity data, admin time data, runtime data, event time data, 890 00:48:42,840 --> 00:48:47,200 and give you a better wider view of the playing field, the 891 00:48:47,200 --> 00:48:49,280 ability to affect controls better. 892 00:48:49,600 --> 00:48:51,800 So I think there's this democratization going on. 893 00:48:51,800 --> 00:48:54,560 And yeah, some set of companies are going to go out there and 894 00:48:54,560 --> 00:48:58,080 build these things. We're starting to see vendors 895 00:48:58,080 --> 00:49:00,920 here saying we're doing that for you, but no one's going to buy 896 00:49:00,920 --> 00:49:02,560 that. No one is buying one of these 897 00:49:02,560 --> 00:49:04,360 things. What they're buying is I need to 898 00:49:04,360 --> 00:49:07,280 be better about my IGA practices. 899 00:49:07,280 --> 00:49:09,440 I need to be better about my standing access. 900 00:49:09,720 --> 00:49:12,560 Oh, by the way, the thing that's powering it is this really cool 901 00:49:12,560 --> 00:49:14,960 data tier. Don't worry about it right now. 902 00:49:15,440 --> 00:49:18,000 In a couple years, you'll be ready to start doing other 903 00:49:18,000 --> 00:49:19,440 things with that. That's the hope I have for the 904 00:49:19,440 --> 00:49:24,080 market. So the third layer was 905 00:49:24,080 --> 00:49:28,440 orchestration and you know, it's, it's kind of funny because 906 00:49:28,440 --> 00:49:34,600 I was reading through this, I kept thinking back to Strata 907 00:49:35,160 --> 00:49:38,040 Strata's, a company that does a lot of what you're talking 908 00:49:38,040 --> 00:49:42,520 about, like policy, orchestration and other types of 909 00:49:42,520 --> 00:49:45,160 orchestration. I, I do think a lot of these 910 00:49:45,160 --> 00:49:48,680 terms is kind of funny because I think policy could be these 911 00:49:48,680 --> 00:49:52,600 technical policies or they could be your infosec policy. 912 00:49:52,600 --> 00:49:57,240 Data could be the not when you talk about who has access to 913 00:49:57,240 --> 00:50:00,880 what, it's the, what the data is, the what that you have 914 00:50:00,880 --> 00:50:02,760 access to. But there's also this whole 915 00:50:03,000 --> 00:50:07,400 identity data concept. Orchestration could be the 916 00:50:07,560 --> 00:50:11,320 orchestration of, you know, these identity systems and you 917 00:50:11,320 --> 00:50:14,040 have legacy identity systems, you have modern identity 918 00:50:14,040 --> 00:50:16,000 systems. How do you hook them all up so 919 00:50:16,000 --> 00:50:20,600 you can achieve full integration without just wiping out 920 00:50:20,600 --> 00:50:23,480 everything every time you want to do something new? 921 00:50:23,920 --> 00:50:27,160 But it also could be orchestration of work flows. 922 00:50:27,360 --> 00:50:30,600 But you're talking about, I think more the first type that I 923 00:50:30,600 --> 00:50:35,480 talked about, right, which is orchestrating modern and legacy 924 00:50:35,640 --> 00:50:38,480 identity systems. I would think about it this way 925 00:50:38,480 --> 00:50:43,280 is so you've got this data tier, you then need to evaluate and 926 00:50:43,280 --> 00:50:46,840 take action based on either changes in it or discoveries in 927 00:50:46,840 --> 00:50:50,160 that information. And so you, that could be 928 00:50:50,160 --> 00:50:56,760 everything from a classic provisioning policy to AITSM 929 00:50:56,760 --> 00:51:02,360 ticket ticket, classic workflow ticket flow could also be a hey, 930 00:51:03,320 --> 00:51:07,680 I'm the IDP, we are using XYZMFA provider. 931 00:51:07,680 --> 00:51:10,360 I need you to go actually challenge this user, right? 932 00:51:10,360 --> 00:51:12,560 So I think there's a different, lots of different kinds of 933 00:51:12,560 --> 00:51:14,640 orchestration. It doesn't need to be massively 934 00:51:14,640 --> 00:51:17,360 complex. It can be, but I actually think 935 00:51:17,360 --> 00:51:20,760 a lot of it is just the basics of how do I evaluate policy 936 00:51:20,760 --> 00:51:23,840 based on some changes in information and data? 937 00:51:24,200 --> 00:51:27,600 And then what do I need to go tell to go do something like 938 00:51:27,600 --> 00:51:31,320 what's my execution layer that I want to go reach out to and 939 00:51:31,760 --> 00:51:33,680 nudge it along to take an action? 940 00:51:34,200 --> 00:51:35,960 So it can start very, very simple. 941 00:51:35,960 --> 00:51:38,080 Most people have these things in their IGH tools. 942 00:51:38,160 --> 00:51:39,360 In fact, I would argue they all do. 943 00:51:39,920 --> 00:51:42,320 But you even have it in your ID PS in your Pam systems. 944 00:51:43,320 --> 00:51:46,360 That's just an acknowledgement that the real value in a lot of 945 00:51:46,360 --> 00:51:48,520 our systems comes from that orchestration layer. 946 00:51:48,720 --> 00:51:52,080 As complicated or as simplistic as it is, that's the thing that 947 00:51:52,080 --> 00:51:53,120 really is doing the heavy lifting. 948 00:51:54,920 --> 00:52:01,480 So you have OK, we went policy data orchestration executioned. 949 00:52:01,800 --> 00:52:08,200 I think the execution is kind of the these domains of identity. 950 00:52:08,240 --> 00:52:11,880 I am technologies. It's the single signal platform, 951 00:52:11,880 --> 00:52:14,280 it's the IGA PAN. Is that right? 952 00:52:14,320 --> 00:52:17,480 Not quite, but it's close. Think of it as the execution 953 00:52:17,480 --> 00:52:20,320 layer is the interface between your IAM architecture and the 954 00:52:20,320 --> 00:52:22,680 applications that you actually want to go manage access with 955 00:52:22,680 --> 00:52:25,680 it. And so that is your provisioning 956 00:52:25,680 --> 00:52:29,760 connector lives in the execution layer, your SSO configuration 957 00:52:29,760 --> 00:52:33,720 effectively like the brokerage of a SAML flow that's an 958 00:52:33,720 --> 00:52:37,600 execution layer example we used to pay for stuff in that layer 959 00:52:38,240 --> 00:52:40,920 like we used to buy connectors. Like that's crazy to me. 960 00:52:40,920 --> 00:52:42,520 Like the execution layer should be free. 961 00:52:42,520 --> 00:52:48,320 And increasingly, as you have integration platforms as a 962 00:52:48,320 --> 00:52:52,880 service, that's not quite the right the abbreviation, but 963 00:52:53,040 --> 00:52:55,120 essentially there's whole businesses out there. 964 00:52:55,120 --> 00:52:58,320 They're like, we can basically give you a unified API service 965 00:52:58,320 --> 00:52:59,680 over everything you got out there. 966 00:52:59,840 --> 00:53:03,640 So I can trigger create user or an update record anywhere you 967 00:53:03,640 --> 00:53:05,360 want. That's not fun. 968 00:53:05,400 --> 00:53:07,920 Like that's not a the IAM business anymore. 969 00:53:07,920 --> 00:53:09,480 Like you shouldn't be paying for that. 970 00:53:09,840 --> 00:53:12,400 But it's where identity, the orchestration meets the real 971 00:53:12,400 --> 00:53:14,080 world. That's where the rubber hits the 972 00:53:14,080 --> 00:53:15,960 road. OK. 973 00:53:17,760 --> 00:53:20,560 The last one that you had, and I don't think this was part of the 974 00:53:20,560 --> 00:53:23,560 original framework of layers was events. 975 00:53:24,120 --> 00:53:27,000 And I think you kind of tease us a little bit in the beginning 976 00:53:27,000 --> 00:53:31,400 talking about how we're moving toward more of a real time event 977 00:53:31,720 --> 00:53:35,960 type of environment, so recognizing things as they're 978 00:53:35,960 --> 00:53:40,000 happening and some of those things are going to be attacks, 979 00:53:40,000 --> 00:53:42,560 right? Well yes, and think about it 980 00:53:42,560 --> 00:53:44,560 this way. Identity systems traditionally 981 00:53:44,560 --> 00:53:50,840 have is a piano with about 5 keys, join, move, leave, log in 982 00:53:50,840 --> 00:53:53,080 or verify, log out. But no one ever plays the log 983 00:53:53,080 --> 00:53:56,600 out key like that never happens. So we have 4 * 4 notes that we 984 00:53:56,600 --> 00:53:58,560 can play. We are not going to be the most 985 00:53:58,560 --> 00:54:01,360 popular keyboardist in the town, right? 986 00:54:02,600 --> 00:54:06,200 Our ability to affect controls was significantly limited by the 987 00:54:06,200 --> 00:54:10,600 events that we could actually instrument join, move, leave, 988 00:54:10,760 --> 00:54:16,120 log in or verify event time. Identity totally changes that 989 00:54:16,120 --> 00:54:20,160 because now what we can say is look, an application out there 990 00:54:20,480 --> 00:54:25,960 says, hey, I have my own inbuilt transactional fraud system built 991 00:54:25,960 --> 00:54:29,000 into me and I just terminated a user session because it was 992 00:54:29,000 --> 00:54:32,920 super weird. Basically shared signals 993 00:54:32,920 --> 00:54:35,520 framework is Twitter for apps. It's like, hey, I'm just going 994 00:54:35,520 --> 00:54:37,960 to shout into the void. I did a thing. 995 00:54:37,960 --> 00:54:40,640 I terminated this session for this data subject because that 996 00:54:40,640 --> 00:54:42,640 was weird. I don't know what's going on. 997 00:54:43,040 --> 00:54:45,440 Maybe someone out there wants to take an action about that, but I 998 00:54:45,440 --> 00:54:48,200 don't have to know about it. I, as the application don't have 999 00:54:48,200 --> 00:54:50,600 to know about who my IDP is or my IGA system. 1000 00:54:50,800 --> 00:54:53,560 I simply say I terminated a session because of broad. 1001 00:54:54,680 --> 00:54:57,720 Now I can pull that information in and say, oh, now what do I 1002 00:54:57,720 --> 00:54:59,200 want to do if I see these kinds of things? 1003 00:54:59,920 --> 00:55:02,400 Let's go find the data subject. Let's go tell the IDP, terminate 1004 00:55:02,400 --> 00:55:06,120 all their sessions. Meanwhile, let's go change maybe 1005 00:55:06,120 --> 00:55:08,080 more dynamically. There is zero trust from a 1006 00:55:08,080 --> 00:55:10,160 network perspective. Let's sequester them. 1007 00:55:10,240 --> 00:55:13,640 Let's do these other things like it gives us this opportunity to 1008 00:55:13,640 --> 00:55:17,400 bring our controls to bear in more places than just join, 1009 00:55:17,400 --> 00:55:20,080 movely verify. That's hugely important. 1010 00:55:20,880 --> 00:55:23,320 I mean, more than that, I think it's an opportunity to be almost 1011 00:55:23,320 --> 00:55:28,160 creative with events and what are things that we can do with, 1012 00:55:28,200 --> 00:55:29,800 you know, the data that we have available to us? 1013 00:55:29,800 --> 00:55:32,040 What what are things we haven't thought of or maybe couldn't do 1014 00:55:32,040 --> 00:55:33,560 before, right? I think this is a real 1015 00:55:33,560 --> 00:55:36,880 opportunity to say, hey, you know, this, this shouting into 1016 00:55:36,880 --> 00:55:39,880 the void thing is great. What if you had a very specific 1017 00:55:40,120 --> 00:55:42,560 app or function or whatever it is that's looking for this very 1018 00:55:42,560 --> 00:55:45,480 specific thing. It's available now. 1019 00:55:45,480 --> 00:55:46,160 It is. Yes. 1020 00:55:46,240 --> 00:55:49,880 And the other side, it is the things that generate signals. 1021 00:55:49,880 --> 00:55:53,320 Now, if you're the kind of organization that has data 1022 00:55:53,320 --> 00:55:56,240 scientists on board and AI scientists, you can actually 1023 00:55:56,240 --> 00:55:58,040 start to build models that look at this data tier and be like, 1024 00:55:58,320 --> 00:56:00,600 hey, I know something weird. I'm going to emit a signal. 1025 00:56:00,600 --> 00:56:02,440 And now we can take action on that immediately. 1026 00:56:02,440 --> 00:56:06,400 Versus I'm waiting for my HR purse, HR trigger to add a new 1027 00:56:06,400 --> 00:56:09,680 user to the system. Like it's, it's really 1028 00:56:09,680 --> 00:56:11,160 interesting what these things open up. 1029 00:56:11,280 --> 00:56:13,640 By the way, I feel like we're late to the game, right? 1030 00:56:13,640 --> 00:56:17,560 Security has had much more dynamic sets of controls, not 1031 00:56:17,560 --> 00:56:20,360 limited to I only do something when the user boots their 1032 00:56:20,360 --> 00:56:23,360 laptop, right? Welcome to the party identity. 1033 00:56:23,400 --> 00:56:26,440 Like now we can actually work in concert with security controls 1034 00:56:26,640 --> 00:56:28,880 because we can act on the same cadence, we can act with the 1035 00:56:28,880 --> 00:56:31,720 same velocity they do. That's hugely important. 1036 00:56:33,120 --> 00:56:36,480 Yeah, I kind of feel like that's the the idea that we're going 1037 00:56:36,480 --> 00:56:39,440 for with identity security. It's just hard to put a 1038 00:56:39,440 --> 00:56:41,800 definition around identity security abuse. 1039 00:56:42,360 --> 00:56:44,480 Anytime you're talking about identity, it gets into 1040 00:56:44,480 --> 00:56:46,400 something. Oh yeah, that's identity 1041 00:56:46,400 --> 00:56:49,920 security. So. 1042 00:56:49,920 --> 00:56:53,400 So Ian, with this framework, where do you take it from here? 1043 00:56:53,560 --> 00:56:58,360 I mean, are you going to continue to evangelize this or 1044 00:56:58,880 --> 00:57:01,880 are you looking for the community to kind of start to 1045 00:57:01,880 --> 00:57:05,280 pick it up? And you've done so many things, 1046 00:57:05,280 --> 00:57:08,240 by the way, like you started a lot of organizations. 1047 00:57:08,240 --> 00:57:10,560 Like did you just give me the what have you done for us lately 1048 00:57:10,560 --> 00:57:11,760 question? I just want to check. 1049 00:57:12,280 --> 00:57:14,400 I didn't want it to sound that way, but. 1050 00:57:14,400 --> 00:57:17,120 Ian, you're doing way too much. You're giving us stuff we're not 1051 00:57:17,120 --> 00:57:18,160 asking for, man. Come on. 1052 00:57:20,040 --> 00:57:24,040 So, oh God. All right, we'll get it back on 1053 00:57:24,040 --> 00:57:26,600 rails. All right, so here's what I want 1054 00:57:26,600 --> 00:57:27,920 to do. Like I, I do want to keep 1055 00:57:27,920 --> 00:57:29,840 talking about this. Like next week I'm going to go 1056 00:57:29,840 --> 00:57:32,480 visit an enterprise and talk unpack some of these thoughts a 1057 00:57:32,480 --> 00:57:34,920 little bit more. This is a absolutely leading 1058 00:57:34,920 --> 00:57:37,560 edge organization in terms of identity and more. 1059 00:57:37,560 --> 00:57:41,200 It's about conversations of just like this is how I'm thinking 1060 00:57:41,200 --> 00:57:42,480 about it. How are you thinking about it? 1061 00:57:42,480 --> 00:57:44,760 Like it's just going to refine my own thinking. 1062 00:57:44,760 --> 00:57:46,800 I think it's really beneficial. Maybe I can help them too. 1063 00:57:46,800 --> 00:57:50,360 I really hope so. One of the things that I want to 1064 00:57:50,360 --> 00:57:53,200 do from this is I'm really enamored with this data tier 1065 00:57:53,200 --> 00:57:54,960 thing. And the more I talk to people 1066 00:57:54,960 --> 00:57:58,480 that have done it and it brought real data practitioners into the 1067 00:57:58,480 --> 00:58:03,280 story and why they're doing it. Like it's fascinating to me. 1068 00:58:05,000 --> 00:58:10,400 And one of the things that I've started talking about is I, this 1069 00:58:10,400 --> 00:58:13,920 may be me tilting in a windmill. I think we need to put some in 1070 00:58:13,920 --> 00:58:18,800 classic relational database terms, standardized views so 1071 00:58:18,800 --> 00:58:21,800 that everyone, whether it's a third party product or home 1072 00:58:21,800 --> 00:58:24,520 grown, can implement these views such that for a core set of 1073 00:58:24,520 --> 00:58:28,240 objects, maybe user and entitlement and system, I can 1074 00:58:28,240 --> 00:58:31,040 get data out no matter what the back end is, no matter whether 1075 00:58:31,040 --> 00:58:33,520 it's third party provided or it's first party provided. 1076 00:58:34,200 --> 00:58:38,760 Because that can reduce the cost of switching between vendors. 1077 00:58:39,240 --> 00:58:43,640 It can reduce the ability to the challenge to do bake offs 1078 00:58:43,640 --> 00:58:46,520 between technologies. It can facilitate people 1079 00:58:46,520 --> 00:58:49,640 bringing their own models or buying models to look at this 1080 00:58:49,640 --> 00:58:51,640 data to find interesting things about them. 1081 00:58:52,160 --> 00:58:55,760 So I'm, I'm a little bit on this, what I'm lovingly calling 1082 00:58:55,760 --> 00:58:59,680 Oids open IAM data schema, those of you who've been around for a 1083 00:58:59,680 --> 00:59:02,480 long time. And OID is an object identifier 1084 00:59:02,720 --> 00:59:07,600 famous in Ldapland. And this came from a realization 1085 00:59:07,600 --> 00:59:11,920 that the last time we really as an industry standardized data 1086 00:59:11,920 --> 00:59:15,680 objects at rest was like inet org person and Edu person. 1087 00:59:16,480 --> 00:59:18,600 And so with love in my heart, I'm like, you know what, let's 1088 00:59:18,600 --> 00:59:22,160 do a throwback name here. But I'm kicking that 1089 00:59:22,160 --> 00:59:25,400 conversation off with a bunch of folks and I'm getting a lot of 1090 00:59:25,400 --> 00:59:28,440 feedback and I'll it's really interesting seeing the questions 1091 00:59:28,760 --> 00:59:32,800 and the challenges to it. But that's like in my To Do List 1092 00:59:32,800 --> 00:59:36,000 to the next couple of months. And then we'll see where it 1093 00:59:36,000 --> 00:59:37,520 leads. It may all just crash and burn, 1094 00:59:38,040 --> 00:59:42,600 but someone may take like a ember of the remnants of it and 1095 00:59:42,600 --> 00:59:44,560 go use it to start a fire and that'll be great. 1096 00:59:44,560 --> 00:59:46,720 So let's let's hope that happens. 1097 00:59:47,920 --> 00:59:51,280 Yeah, I'm, I'm thinking Oids and now I, I'm thinking about the 1098 00:59:51,320 --> 00:59:53,160 old, I think it was Domino's Pizza, the Noid. 1099 00:59:53,200 --> 00:59:55,480 Do you remember? That, yeah, void the Noid, Yeah, 1100 00:59:55,760 --> 00:59:57,480 so I did. I did think about that. 1101 00:59:57,480 --> 00:59:59,400 We're all of similar age on that one. 1102 00:59:59,640 --> 01:00:03,240 I'll let you explain it to the listeners what the Noid was and 1103 01:00:03,400 --> 01:00:06,680 put that in the show links like the Wikipedia article for Noid. 1104 01:00:07,840 --> 01:00:10,120 The 80s were a weird time for commercials. 1105 01:00:10,120 --> 01:00:13,120 They just put it that way. Yeah. 1106 01:00:14,920 --> 01:00:16,720 I look, there's so much to unpack here. 1107 01:00:16,720 --> 01:00:18,600 And here's what I would recommend is like we're grabbing 1108 01:00:18,600 --> 01:00:21,600 our show notes, the, the link to the articles that you that 1109 01:00:21,600 --> 01:00:25,360 you've written here. I would read those definitely. 1110 01:00:25,600 --> 01:00:27,880 And then I would listen to this or maybe vice versa, depending 1111 01:00:27,880 --> 01:00:30,440 which, whichever one comes first, because I think there's a 1112 01:00:30,440 --> 01:00:32,280 lot to impact here. And I love the discussion that 1113 01:00:32,280 --> 01:00:35,000 you started and I and I think you've turned some of this as 1114 01:00:35,000 --> 01:00:37,960 well into some talks maybe given like Identiverse, maybe it was 1115 01:00:37,960 --> 01:00:41,560 Gartner, I can't remember which one where you've started to kind 1116 01:00:41,560 --> 01:00:43,800 of posit this. And I love this idea of theory 1117 01:00:43,800 --> 01:00:46,800 crafting, right. Hey, here's some ideas we have 1118 01:00:47,440 --> 01:00:49,160 to solve some of the problems that we're seeing. 1119 01:00:49,160 --> 01:00:51,720 What do we think Many has a better than one. 1120 01:00:51,720 --> 01:00:53,680 So I would definitely encourage people to to check it out. 1121 01:00:54,360 --> 01:00:56,560 I also want to ask about one thing I noticed on your LinkedIn 1122 01:00:56,560 --> 01:00:59,360 when I was, you know, doing some cyber stalking of you before you 1123 01:00:59,360 --> 01:01:03,200 joined the show. You recently became a faculty 1124 01:01:03,200 --> 01:01:05,760 member for IONS. Yep, the Irons Institute. 1125 01:01:05,960 --> 01:01:07,000 Yeah. So tell me about this. 1126 01:01:07,000 --> 01:01:08,400 First of all, not everyone may be familiar. 1127 01:01:08,400 --> 01:01:10,440 What is irons and then what are you teaching? 1128 01:01:10,680 --> 01:01:13,160 Yes, faculty is an interesting word too. 1129 01:01:13,480 --> 01:01:16,520 So Irons Institute has been around for for quite some time 1130 01:01:16,520 --> 01:01:20,440 and I knew it as a place where really kick ass security 1131 01:01:20,440 --> 01:01:25,280 practitioners would teach classes, could do consulting 1132 01:01:25,280 --> 01:01:27,120 engagements, could actually just engage directly with an 1133 01:01:27,120 --> 01:01:32,960 enterprise to answer a question. And a while ago a friend of mine 1134 01:01:33,000 --> 01:01:37,480 who's one of those absolute kick ass security folk was like, Hey, 1135 01:01:37,920 --> 01:01:39,560 you should totally become a faculty member. 1136 01:01:39,560 --> 01:01:41,800 Let me do the intro. And I went through the 1137 01:01:41,800 --> 01:01:46,800 evaluation process and I got to say it's the opportunity to do 1138 01:01:46,800 --> 01:01:50,000 calls with enterprise customers who are having challenges and 1139 01:01:50,000 --> 01:01:51,800 just be able to see if I can help. 1140 01:01:52,440 --> 01:01:55,000 It kind of brought me back to my Burton days and like, I love it. 1141 01:01:55,000 --> 01:01:58,000 It's like a way just to kind of play stump the chump. 1142 01:01:58,000 --> 01:02:01,400 Like they've got a rando question, which I love doing and 1143 01:02:01,400 --> 01:02:04,280 like seeing if I can help. But also it was just destiny 1144 01:02:04,280 --> 01:02:06,600 because it's literally my institute, so obviously I have 1145 01:02:06,600 --> 01:02:08,440 to be a member of it. So, you know, there's that. 1146 01:02:09,600 --> 01:02:11,480 That's actually a pretty good segue. 1147 01:02:11,520 --> 01:02:13,960 You just kind of kind of say, hey, this is this is my thing. 1148 01:02:14,160 --> 01:02:16,440 Yeah, take it over now. Yeah, I'm not charging you for 1149 01:02:16,440 --> 01:02:17,440 likeness fees. It's cool. 1150 01:02:18,000 --> 01:02:20,080 I like the idea of the whole stump to chump, you know, trying 1151 01:02:20,080 --> 01:02:23,760 to trick the professioner, you know, ask the questions and 1152 01:02:23,760 --> 01:02:24,920 hopefully, you know, there's answers. 1153 01:02:24,920 --> 01:02:26,320 If there's not, let's figure it out together. 1154 01:02:26,320 --> 01:02:28,120 I think those are the I think those are the one you learn the 1155 01:02:28,120 --> 01:02:29,520 most. It's like, OK, yeah, I don't 1156 01:02:29,520 --> 01:02:30,800 know about that. I mean, let me go look at that 1157 01:02:30,800 --> 01:02:33,840 because I feel like whether you've been in in any industry 1158 01:02:33,840 --> 01:02:36,960 or any topic, right, there's always something new to learn. 1159 01:02:36,960 --> 01:02:40,080 And I know Jim, you're very fond of saying sharpening the saw. 1160 01:02:40,400 --> 01:02:42,440 So there's. If you want to learn something, 1161 01:02:42,440 --> 01:02:45,280 teach it. Yeah, If you want to be really 1162 01:02:45,280 --> 01:02:48,600 know something, put yourself in a position to teach someone else 1163 01:02:48,600 --> 01:02:50,560 about it, and then you'll know whether you know it or not. 1164 01:02:51,520 --> 01:02:54,160 So I gave a in as sparks my my member from today. 1165 01:02:54,160 --> 01:02:58,200 I actually gave a class today to a bunch of auditors on IM1O1, 1166 01:02:58,800 --> 01:03:00,800 right. What should auditors be looking 1167 01:03:00,800 --> 01:03:04,960 at from an editing perspective? So sorry for the IM teams who 1168 01:03:04,960 --> 01:03:06,480 are now dealing with smarter auditors. 1169 01:03:06,600 --> 01:03:11,760 You know, there are people too, but the idea was like, hey, you 1170 01:03:11,760 --> 01:03:14,160 know what, let's level set here. What is that we're doing? 1171 01:03:14,160 --> 01:03:16,200 And I, and it give me an opportunity to get on soapboxes 1172 01:03:16,200 --> 01:03:19,200 like, Hey, auditors, stop telling your organizations to 1173 01:03:19,200 --> 01:03:20,560 change your password every 90 days. 1174 01:03:20,640 --> 01:03:24,560 Like that's, that's old guidance from like 5-10 years or seven 1175 01:03:24,560 --> 01:03:26,000 years ago. Now probably some of that area, 1176 01:03:26,520 --> 01:03:28,120 you know, time to get with it, man. 1177 01:03:28,640 --> 01:03:31,040 You know, so it gives me an opportunity to maybe do a little 1178 01:03:31,040 --> 01:03:33,440 influencing on some of the areas that I think, you know, 1179 01:03:33,440 --> 01:03:36,240 organizationally things do, but I, I enjoy doing that kind of 1180 01:03:36,240 --> 01:03:37,880 stuff. You know, I'm, look, I'm not a 1181 01:03:37,880 --> 01:03:41,320 technical expert in deep and everything, but I know certain 1182 01:03:41,320 --> 01:03:43,320 things and I do enjoy the teaching aspect of it. 1183 01:03:43,320 --> 01:03:46,360 I think you've got the opportunity to share knowledge 1184 01:03:46,360 --> 01:03:48,960 and you know, maybe we do with this podcast or other things. 1185 01:03:49,400 --> 01:03:54,640 Go for it, it's great. All right, I have AI have a 1186 01:03:54,640 --> 01:03:56,120 lighter note question. Uh oh. 1187 01:03:56,760 --> 01:03:59,520 If you could teach anything, doesn't have to be identity 1188 01:03:59,520 --> 01:04:04,400 related, what would you teach? Does this have to be something 1189 01:04:04,400 --> 01:04:07,200 that I know today or I could learn and then teach it? 1190 01:04:07,400 --> 01:04:08,720 Oh, you know what? That's a good spin. 1191 01:04:10,800 --> 01:04:15,600 Either one, that's fine. So I, I would love to teach 1192 01:04:16,440 --> 01:04:20,000 music theory. I don't know really the first 1193 01:04:20,000 --> 01:04:21,960 thing about it. I mean, I played an instrument 1194 01:04:22,440 --> 01:04:24,280 junior high in high school and what have you. 1195 01:04:24,280 --> 01:04:29,520 But I'd I'd love to teach as it Wood Forest me to learn about 1196 01:04:29,520 --> 01:04:34,040 music theory and like how the construction of music comes 1197 01:04:34,040 --> 01:04:36,640 about and what are the sort of basic tenants for it. 1198 01:04:37,480 --> 01:04:43,720 If it's something I do know, I don't really know much. 1199 01:04:45,080 --> 01:04:46,480 I don't know. I think you want to fall back on 1200 01:04:46,480 --> 01:04:48,760 the like, let's just go with the I'm going to learn musically and 1201 01:04:48,760 --> 01:04:50,360 I'm going to teach it. I like that. 1202 01:04:50,400 --> 01:04:51,840 Oh, that's good, Jim. What would you teach if you 1203 01:04:51,840 --> 01:04:54,440 could teach anything? So I've been able to think about 1204 01:04:54,440 --> 01:04:56,840 this question for about an hour because you. 1205 01:04:57,200 --> 01:04:59,400 I spoke on I spoke on all of this at the last minute here. 1206 01:04:59,880 --> 01:05:01,840 Yeah. And so I originally thought 1207 01:05:01,840 --> 01:05:04,960 like, oh, you can't just go and say identity and access 1208 01:05:04,960 --> 01:05:07,640 management vendor developing identity strategy, that's going 1209 01:05:07,640 --> 01:05:10,240 to be way too boring. But then I started thinking 1210 01:05:10,240 --> 01:05:14,800 about my hobbies and what would I teach, What would I take of my 1211 01:05:14,800 --> 01:05:16,960 hobbies and turn into a college course? 1212 01:05:17,240 --> 01:05:19,520 And I thought, no, that would ruin my hobby. 1213 01:05:19,760 --> 01:05:22,960 I'd much rather just work a little bit longer and keep my 1214 01:05:22,960 --> 01:05:27,080 hobbies, you know, pure. So I'm going to go with identity 1215 01:05:27,080 --> 01:05:29,400 and access management. Oh, that is such a blame. 1216 01:05:29,480 --> 01:05:33,480 And I was expecting something baseball, or anyway, I thought 1217 01:05:33,480 --> 01:05:35,880 of money laundering, you know, something that's a little more 1218 01:05:35,880 --> 01:05:38,200 interesting. Those two hobbies I don't want 1219 01:05:38,200 --> 01:05:42,160 to ruin. OK, well, all right, let's see. 1220 01:05:42,480 --> 01:05:45,040 You know, you got me. I was originally going to go 1221 01:05:45,040 --> 01:05:48,760 down a video game track, but I wish I could teach people to 1222 01:05:48,760 --> 01:05:51,920 play guitar because I have this guitar that has been sitting in 1223 01:05:51,920 --> 01:05:55,760 the corner of my office for a couple years now, and I can't do 1224 01:05:55,760 --> 01:05:58,400 a darn thing with it. I have. 1225 01:05:58,400 --> 01:06:01,400 Now, to be fair, I have not really invested the time into it 1226 01:06:01,440 --> 01:06:02,800 and I'm always looking for shortcuts. 1227 01:06:02,800 --> 01:06:06,960 But I wish I could teach guitar because that would mean that I 1228 01:06:06,960 --> 01:06:08,800 know how to play the guitar. Yeah. 1229 01:06:09,640 --> 01:06:12,120 So there you go. You got me on the music theory 1230 01:06:12,120 --> 01:06:14,160 one because I, I, you know, I, I do like music. 1231 01:06:14,480 --> 01:06:18,000 I, I have no musical talent whatsoever other than the Jingle 1232 01:06:18,000 --> 01:06:20,440 for this show. That is about as creative as 1233 01:06:20,440 --> 01:06:22,480 I've gotten. Pretty like that. 1234 01:06:23,120 --> 01:06:24,200 But I do listen to a lot of music. 1235 01:06:24,200 --> 01:06:26,560 I challenge myself to try to listen to something new every 1236 01:06:26,560 --> 01:06:28,480 week. So I'm constantly kind of 1237 01:06:28,480 --> 01:06:31,480 evaluating and OK, I like that. I don't like that, so I don't 1238 01:06:31,480 --> 01:06:32,920 become one. Of those people, like, can you 1239 01:06:32,920 --> 01:06:34,880 put what you listened to last week in the show notes to this 1240 01:06:34,880 --> 01:06:35,920 one? Because like, I'm always looking 1241 01:06:35,920 --> 01:06:38,080 for new stuff. I mean, there's so much, man. 1242 01:06:38,560 --> 01:06:41,880 I'll tell you what I have gotten into recently and kind of 1243 01:06:41,880 --> 01:06:45,400 recently. It's not new I would say but the 1244 01:06:45,400 --> 01:06:51,040 orb and massive attack so. The. 90s. 80s, nineties, yeah. 1245 01:06:51,040 --> 01:06:55,440 Electronic music a little more casual and chill so you know if 1246 01:06:55,440 --> 01:06:58,320 you're looking for good listens, go back and listen that stuff 1247 01:06:58,760 --> 01:06:59,840 it's. Not a lot of work. 1248 01:07:00,200 --> 01:07:03,880 I mean, some of those songs have so many different layers to them 1249 01:07:04,160 --> 01:07:07,000 that I'm constantly picking up. Oh, I never heard that before. 1250 01:07:07,560 --> 01:07:11,120 And so I'm constantly. Orbs Perpetual Dawn isn't their 1251 01:07:11,120 --> 01:07:13,200 sort of their famous track. It is. 1252 01:07:13,200 --> 01:07:15,320 And they I think they just re released a new version, actually 1253 01:07:15,320 --> 01:07:17,480 a new video just hit YouTube of all places. 1254 01:07:17,600 --> 01:07:20,680 And yeah, so there's there's a lot to discover there. 1255 01:07:21,640 --> 01:07:23,640 And I think, you know, I don't want to be one of those people 1256 01:07:23,640 --> 01:07:27,040 where I'm like, you know, 60 or 70 and I stopped listening to 1257 01:07:27,040 --> 01:07:31,200 music after a 90s grunge, you know, so I want to like learn 1258 01:07:31,200 --> 01:07:33,840 new stuff. So I'm with you, all right. 1259 01:07:33,840 --> 01:07:36,080 We've been talking for an hour and 5 minutes. 1260 01:07:36,080 --> 01:07:39,120 It always goes by so quickly with you, Ian, So I appreciate 1261 01:07:39,120 --> 01:07:41,600 it. By the way, I want to say 1 1262 01:07:41,600 --> 01:07:43,920 noted thing. Jeff teaching a class about 1263 01:07:43,920 --> 01:07:46,400 identity and access management would not be boring. 1264 01:07:46,640 --> 01:07:49,480 This is a fantastic topic. We just talked about it for an 1265 01:07:49,480 --> 01:07:50,680 hour. Was it boring? 1266 01:07:51,040 --> 01:07:56,640 It's only podcasts that are boring that are about I am all 1267 01:07:56,640 --> 01:07:58,240 right, all those leaving on high note. 1268 01:07:58,240 --> 01:08:01,240 We'll Costanza this thing. Ian, thank you so much for 1269 01:08:01,240 --> 01:08:02,760 joining us. Jim, as always, thanks for your 1270 01:08:02,760 --> 01:08:04,240 time. I will have links in our show 1271 01:08:04,240 --> 01:08:06,080 notes to pretty much everything we've talked about. 1272 01:08:06,080 --> 01:08:08,000 Go read the stuff that Ian has been posting. 1273 01:08:08,000 --> 01:08:09,440 Really, it's kind of thought provoking stuff. 1274 01:08:10,000 --> 01:08:13,800 And this is how these conversations and these thoughts 1275 01:08:13,840 --> 01:08:17,760 are what leads to what's next and what you'll see in products 1276 01:08:17,760 --> 01:08:20,319 and services and eventually those things trickle into 1277 01:08:20,319 --> 01:08:22,840 organizations. So I would definitely recommend 1278 01:08:22,840 --> 01:08:25,080 that and I did find the link for the avoid the Noid. 1279 01:08:25,080 --> 01:08:27,439 So you'll see a Wikipedia article for that as well. 1280 01:08:27,920 --> 01:08:30,319 So with that, we'll go ahead and leave it for this week. 1281 01:08:30,479 --> 01:08:34,479 You can find us on the web, IDC, podcast.com, visit Ian's 1282 01:08:34,479 --> 01:08:37,279 website, weaveidentity.com. Even though it won't let me 1283 01:08:37,279 --> 01:08:40,439 access it, go ahead. I'm sure other people will not 1284 01:08:40,439 --> 01:08:41,479 have the same problem that I have. 1285 01:08:43,120 --> 01:08:46,080 All right, Thanks everyone for watching and or listening and 1286 01:08:46,080 --> 01:08:47,520 we'll talk with you all in the next one. 1287 01:08:49,920 --> 01:08:52,840 You've been listening to Identity at the Center. 1288 01:08:53,160 --> 01:08:57,240 We hope you've enjoyed the show. Make sure to like, rate and 1289 01:08:57,240 --> 01:09:00,880 review, and we'll be back soon. But in the meantime, hit the 1290 01:09:00,880 --> 01:09:04,279 website at identity@thecenter.com. 1291 01:09:04,880 --> 01:09:09,000 See you next time on Identity at the Center.