1 00:00:09,700 --> 00:00:13,000 You're listening to the identity of the center podcast, this is 2 00:00:13,000 --> 00:00:15,600 the show that talks about identity and access management 3 00:00:15,700 --> 00:00:18,600 and making sure you know who has access to what let's get 4 00:00:18,600 --> 00:00:26,100 started. Welcome to the identity of the 5 00:00:26,100 --> 00:00:28,100 sender podcast I'm Jeff and that's Jim. 6 00:00:28,100 --> 00:00:32,200 Hey Jim hey Jeff, how are you? Oh, not so bad yourself doing 7 00:00:32,200 --> 00:00:34,900 great man. And we might get some background 8 00:00:34,900 --> 00:00:39,000 noise because we've decided to record on Wednesday this week. 9 00:00:39,800 --> 00:00:42,800 The landscapers are here and they are mowing and I've heard 10 00:00:42,800 --> 00:00:47,000 them a few times but we'll keep our fingers crossed sounds okay 11 00:00:47,000 --> 00:00:48,900 to me but we'll see what it looks like in the 12 00:00:49,000 --> 00:00:52,000 post-production world and of course you've got landscapers. 13 00:00:52,000 --> 00:00:55,500 I actually have a guy in my yard with a chainsaw cutting down Ted 14 00:00:55,500 --> 00:00:58,000 trees. So, hopefully that would impact 15 00:00:58,000 --> 00:01:00,700 us too much but those are first world problems as far as I'm 16 00:01:00,700 --> 00:01:02,400 concerned, right? Yeah. 17 00:01:02,400 --> 00:01:05,099 And actually, for our banter this week, I wanted to bring up 18 00:01:05,099 --> 00:01:09,000 a non first world problem. So I've been listening to course 19 00:01:09,000 --> 00:01:12,100 the risky business podcast. I was to do it pretty much every 20 00:01:12,100 --> 00:01:17,100 week and this week, they were talking about kind of 21 00:01:17,100 --> 00:01:22,100 Microsoft's moves relative to the word Ukraine, which is that 22 00:01:22,100 --> 00:01:26,100 they've taken the stance that they Are not going to issue 23 00:01:26,100 --> 00:01:33,200 patches to their software for Russia and you know the debate 24 00:01:33,200 --> 00:01:36,000 goes something like they think it's a really bad idea for a 25 00:01:36,008 --> 00:01:38,800 couple of reasons. One is because there are a lot 26 00:01:38,800 --> 00:01:43,600 of, you know, noncombatant organizations in Russia that 27 00:01:43,600 --> 00:01:47,800 depend on their operating system for example, hospitals or 28 00:01:47,900 --> 00:01:52,400 orphanages or whatever. And so if hackers are able to 29 00:01:52,400 --> 00:01:54,600 break into the systems, they caused a lot of problems. 30 00:01:55,100 --> 00:02:01,000 And you know nobody wants to see hospitals and orphanages or even 31 00:02:01,000 --> 00:02:05,200 just you know innocent bystanders get hurt by this and 32 00:02:05,200 --> 00:02:08,400 then issue. Number two is that they send the 33 00:02:08,400 --> 00:02:11,300 signal out to the rest of the world. 34 00:02:11,300 --> 00:02:14,600 That hey, if you're a company, if your country ends up on The 35 00:02:14,600 --> 00:02:19,200 Blacklist, we're not going to patch your software and that's 36 00:02:19,200 --> 00:02:21,700 going to make companies think twice about using their 37 00:02:21,700 --> 00:02:23,400 software. What are your thoughts? 38 00:02:24,700 --> 00:02:28,000 Yeah, I I feel like we talked about this a while back. 39 00:02:28,000 --> 00:02:32,100 I just don't know how effective this sort of approach is because 40 00:02:32,800 --> 00:02:35,500 how do I mean how they block it? Like, okay, if you're like, what 41 00:02:35,600 --> 00:02:37,900 I have a Russian IP address. You just can't get patches. 42 00:02:37,900 --> 00:02:41,200 Okay, well, I'll just go to a VPN and change my I can watch 43 00:02:41,200 --> 00:02:42,700 Netflix anywhere I want in the world. 44 00:02:42,700 --> 00:02:44,300 Like, how's that going to like actually work. 45 00:02:44,700 --> 00:02:47,900 I think you're totally right. It's not a it's not a smart 46 00:02:47,900 --> 00:02:49,800 munition. I think it's a shotgun approach 47 00:02:49,800 --> 00:02:53,200 and you're hurting just as many people as you might be helping. 48 00:02:53,200 --> 00:02:56,400 I get the intention behind it. Don't know how effective it is 49 00:02:57,000 --> 00:03:00,200 but I'm not going to claim to be an expert on, you know the the 50 00:03:00,200 --> 00:03:03,000 efficacy of patching and and things like that. 51 00:03:03,000 --> 00:03:07,200 Just I'm skeptical of how effective it is but I did see I 52 00:03:07,200 --> 00:03:10,300 think Ukraine awarded Microsoft some sort of like Freedom at all 53 00:03:10,300 --> 00:03:13,800 or something like that. So yeah I support the intention. 54 00:03:13,800 --> 00:03:15,900 I just don't know how effective it actually is in the real 55 00:03:15,900 --> 00:03:18,400 world. Yeah I just it kind of feels 56 00:03:18,400 --> 00:03:22,900 like it's not incredibly well thought out, you know, I think 57 00:03:22,900 --> 00:03:27,400 that like you said, the Action is right, but I kind of fall in 58 00:03:27,400 --> 00:03:29,600 the side of where the risky business guys. 59 00:03:29,600 --> 00:03:34,100 Are you know relative to the potential downside of the 60 00:03:34,108 --> 00:03:36,200 potential Fallout of such a move. 61 00:03:37,500 --> 00:03:41,300 You know, it's just the The Squeeze won't be worth the 62 00:03:41,300 --> 00:03:43,900 juice. Yeah, it's always that balance. 63 00:03:43,900 --> 00:03:45,800 Right? Is that is the benefit worth it 64 00:03:45,800 --> 00:03:48,900 or not. I mean, I'm not going to claim 65 00:03:48,900 --> 00:03:51,900 to know everything, some guessing Microsoft thinks that 66 00:03:51,900 --> 00:03:55,400 it is for some reason. Maybe it's Even the technical 67 00:03:55,400 --> 00:03:56,900 reason, it could just be a PR reason. 68 00:03:56,900 --> 00:04:00,500 I hate, I hate to be, you know, - down that route, but it could 69 00:04:00,500 --> 00:04:03,800 just be a were, you know, throwing our support behind it 70 00:04:03,800 --> 00:04:05,600 in the way that they think is the best way to do it. 71 00:04:05,600 --> 00:04:09,600 I don't know. Not my jam, not my, not my pig, 72 00:04:09,600 --> 00:04:13,400 not my farm about that. Yeah, I'm with you on that. 73 00:04:14,300 --> 00:04:18,700 So what do you been up to this week moving? 74 00:04:18,800 --> 00:04:22,200 So still getting set up finally have like my office or set up 75 00:04:22,200 --> 00:04:24,400 some no longer and like a makeshift couch. 76 00:04:24,700 --> 00:04:26,100 Got one of these fancy standing desk. 77 00:04:26,100 --> 00:04:27,900 So we're trying this one standing up, which is kind of 78 00:04:27,900 --> 00:04:31,400 cool and interesting, but yeah, things are going well, no bear. 79 00:04:31,400 --> 00:04:34,600 Sightings this week not since the last one our first couple 80 00:04:34,600 --> 00:04:37,100 days here. So, so far so good. 81 00:04:37,100 --> 00:04:39,200 And like I said, I got a guy with the chainsaw side, cutting 82 00:04:39,200 --> 00:04:42,100 down a cutting down trees. Yeah. 83 00:04:42,100 --> 00:04:47,400 So this episode is going live on July 11th at which point I will 84 00:04:47,400 --> 00:04:51,900 be unemployed. Mmm, we will be in between 85 00:04:51,900 --> 00:04:55,100 physician. So I'm rain on the economy, a 86 00:04:55,100 --> 00:04:57,500 drain on the economy. Well I you know I wouldn't go 87 00:04:57,500 --> 00:05:03,600 that far but I will be leaving my current posts and coming to 88 00:05:03,600 --> 00:05:07,500 work again with you and that going to get the party back 89 00:05:07,500 --> 00:05:09,300 together. Very exciting. 90 00:05:09,600 --> 00:05:10,900 I'm sure. We'll be talking about it more 91 00:05:10,900 --> 00:05:14,600 in the future. Yes, the their relationship 92 00:05:14,600 --> 00:05:17,200 continues as it's been successful for the last Almost 93 00:05:17,200 --> 00:05:20,900 decade at this point and yeah, exciting things in store. 94 00:05:20,900 --> 00:05:24,400 So super happy, super excited. That things are are working out 95 00:05:24,400 --> 00:05:26,200 the way they way. They are so far, I don't want to 96 00:05:26,200 --> 00:05:29,400 jinx anything. But yes, we'll have some some, 97 00:05:30,200 --> 00:05:33,200 some new things coming up and the band is definitely sticking 98 00:05:33,200 --> 00:05:35,300 together and I think we'll have some more opportunities and to 99 00:05:35,300 --> 00:05:38,600 do some cool stuff, including potentially recording at Gartner 100 00:05:38,600 --> 00:05:41,200 in a few weeks. So if you're going to be at 101 00:05:41,400 --> 00:05:45,700 Gartner ping gym or I, the plan is for us to both be there, and 102 00:05:45,900 --> 00:05:47,700 I think we're going to try to figure out, maybe how to do some 103 00:05:47,700 --> 00:05:52,700 recordings on site, maybe get some guests, get some comments 104 00:05:52,700 --> 00:05:54,800 feedback for maybe attendees things like that. 105 00:05:55,000 --> 00:05:56,900 Haven't quite figured out all the logistics on it yet. 106 00:05:56,900 --> 00:05:59,400 But that is certainly the intention so that'll be cool and 107 00:05:59,407 --> 00:06:03,000 exciting because you and I were talking before we hit record 108 00:06:03,000 --> 00:06:04,900 here. I can't read the last time I saw 109 00:06:04,900 --> 00:06:06,100 you. I think it's been closed. 110 00:06:06,300 --> 00:06:08,500 It's been at least three years, I think, maybe at this point 111 00:06:08,500 --> 00:06:11,200 other than you being a window on the screen, I was going to say, 112 00:06:11,400 --> 00:06:12,800 How do you know it's really me? How do you know? 113 00:06:12,800 --> 00:06:16,300 It's not a deep fake of me. Somebody's don't get over my 114 00:06:16,300 --> 00:06:19,900 identity and is projecting out as me. 115 00:06:19,900 --> 00:06:22,600 They gave recently, I think it's pretty clear. 116 00:06:22,600 --> 00:06:26,800 It is me is that you know who would come up with this kind of 117 00:06:26,800 --> 00:06:31,100 content other than me your mind works in mysterious ways. 118 00:06:31,100 --> 00:06:33,000 That is for sure. But yeah, I don't know. 119 00:06:33,000 --> 00:06:35,900 For fact, but this is actually a should we just get into that 120 00:06:35,900 --> 00:06:37,300 article? Because I think this, I think 121 00:06:37,300 --> 00:06:40,200 you sent this to me and this is I'm glad that when you think of 122 00:06:40,200 --> 00:06:44,300 deep fakes, you think of me Me, I don't know if I should be, you 123 00:06:44,300 --> 00:06:48,700 know, honored or impressed or what about it, but there was an 124 00:06:48,700 --> 00:06:52,300 article, I think it was from dark reading that talk through 125 00:06:52,700 --> 00:06:56,000 basically criminals using deep fake videos to interview for 126 00:06:56,000 --> 00:06:58,900 remote work. And this is something that you 127 00:06:58,900 --> 00:07:01,900 and I talked about maybe a year at least more. 128 00:07:01,900 --> 00:07:05,500 Go at this point where it was just first coming out and kind 129 00:07:05,500 --> 00:07:07,500 of becoming easier for people to use. 130 00:07:07,500 --> 00:07:11,100 And I'm curious when you read this article, what were your 131 00:07:11,100 --> 00:07:14,100 what? Thoughts around it like initial 132 00:07:14,100 --> 00:07:18,100 thought was oh Jeff is going to love this but correct thought. 133 00:07:18,100 --> 00:07:24,100 Yes yeah so correct thought I guess my initial thought was you 134 00:07:24,100 --> 00:07:32,000 know I look if you're going to kind of be cutting edge to use 135 00:07:32,000 --> 00:07:36,900 technology like deep fake, why would you use it to get a job? 136 00:07:38,200 --> 00:07:42,100 It seems to be like getting a job as his Probably not that 137 00:07:42,100 --> 00:07:48,000 hard but I think that the, you know, we're using the Deep fake 138 00:07:48,300 --> 00:07:52,800 would make the most sense has trying to be verified credential 139 00:07:54,900 --> 00:07:57,300 system. So in other words trying to deep 140 00:07:57,300 --> 00:08:01,100 fake and show a Passport and get access to somebody's identity 141 00:08:01,300 --> 00:08:06,900 online to launch some kind of some kind of hack. 142 00:08:08,200 --> 00:08:13,500 I guess I my my initial impact was I didn't see this as the use 143 00:08:13,500 --> 00:08:17,200 case you'd want to really use the Deep fake for. 144 00:08:18,100 --> 00:08:20,800 Ya know, I'm more about the memes and trying to get our guy 145 00:08:20,800 --> 00:08:25,300 Fletcher into various compromising pitch situations of 146 00:08:25,300 --> 00:08:28,400 not the real variety. But this is, this is actually 147 00:08:28,400 --> 00:08:30,200 pretty close. So what I was thinking is sort 148 00:08:30,200 --> 00:08:32,700 of like a threat is definitely the identity identity 149 00:08:32,700 --> 00:08:37,299 verification component. Especially so there's a couple 150 00:08:37,299 --> 00:08:37,799 things. Right? 151 00:08:37,799 --> 00:08:40,000 So deep fakes and impressive technology. 152 00:08:40,000 --> 00:08:43,299 We've seen it in movies, we've seen it in. 153 00:08:43,299 --> 00:08:45,500 So you know, I'm sure people have scrolling through Instagram 154 00:08:45,500 --> 00:08:50,800 and talking all their stuff. But the technology is at a point 155 00:08:50,800 --> 00:08:56,100 now where it is relatively easy to use that. 156 00:08:56,100 --> 00:08:58,900 Now it becomes to start to be a problem for identity 157 00:08:58,900 --> 00:09:02,200 verification, especially in a remote Workforce environment 158 00:09:02,200 --> 00:09:05,100 where I am looking at you on a screen right now in our 159 00:09:05,100 --> 00:09:08,100 conferencing, you know, podcasting sort of Moment here. 160 00:09:08,900 --> 00:09:12,400 I am assuming it's you I'm pretty confident that it is. 161 00:09:12,400 --> 00:09:17,500 Am I 100% know 99% but as these Technologies become more 162 00:09:17,500 --> 00:09:21,100 prevalent if you're sitting in an interview, for example, and I 163 00:09:21,100 --> 00:09:23,100 know that this has been a challenge for certain areas of 164 00:09:23,108 --> 00:09:26,500 the world, where, you know, the one person shows up for an 165 00:09:26,500 --> 00:09:30,400 interview and is not the person that applied for the role and 166 00:09:30,400 --> 00:09:33,100 sometimes it could be for, you know, a relative but nine 167 00:09:33,100 --> 00:09:35,000 reason, it could be. The person is very skilled 168 00:09:35,000 --> 00:09:37,400 technically but just has a hard time. 169 00:09:37,600 --> 00:09:40,000 Interviewing for whatever reason and they hire somebody to 170 00:09:40,000 --> 00:09:43,700 basically be their public face. But the real work is getting 171 00:09:43,700 --> 00:09:45,900 done behind the scenes to someone, maybe isn't good on the 172 00:09:45,900 --> 00:09:48,500 interviewing side. I think we've probably all heard 173 00:09:48,500 --> 00:09:50,300 stories that are kind of similar to that. 174 00:09:50,600 --> 00:09:52,800 Now I've got a situation where criminals might be leveraging it 175 00:09:52,800 --> 00:09:56,500 for any number of reasons. You know, the lazy person to me 176 00:09:56,500 --> 00:10:00,200 says okay well great, I'm going to get hired and you know, get 177 00:10:00,200 --> 00:10:02,600 get get a job in a company and who knows? 178 00:10:02,600 --> 00:10:03,600 They might give me access something. 179 00:10:03,600 --> 00:10:05,900 They might pay me for two, three, four weeks and never 180 00:10:05,900 --> 00:10:09,400 actually do any real work. And in the meantime, I wasn't 181 00:10:09,400 --> 00:10:11,900 ever a kind of a real person anyway, so be may be tough to 182 00:10:11,900 --> 00:10:13,900 track down. So I think there's a variety of 183 00:10:13,900 --> 00:10:16,500 different options. None of them are good. 184 00:10:16,600 --> 00:10:21,900 Unfortunately, in this case, but I hate to throw out the 185 00:10:21,900 --> 00:10:26,900 technology because I do see the benefit for entertainment, you 186 00:10:26,900 --> 00:10:31,600 know, even as a accessibility tool, maybe for some people who 187 00:10:31,800 --> 00:10:35,900 who require those sorts of Technologies, but it is 188 00:10:35,900 --> 00:10:36,900 certainly something to be aware of. 189 00:10:36,900 --> 00:10:40,200 I think this is And also the we asked, I think I remember asking 190 00:10:40,200 --> 00:10:44,400 Mike angle this of one Cosmos a while back is from this 191 00:10:44,400 --> 00:10:47,300 identity, verification, a remote standpoint and things like 192 00:10:47,300 --> 00:10:51,800 liveness checks, how do you know that's not a deep fake and yeah, 193 00:10:51,800 --> 00:10:53,400 I think yeah, I do remember his exact answer it. 194 00:10:53,400 --> 00:10:55,600 I think. I think they felt it was a they 195 00:10:55,600 --> 00:10:58,100 had a pretty good solution in place, you know, for that I know 196 00:10:58,100 --> 00:11:02,000 Adobe for example has spent time and money on kind of developing 197 00:11:02,000 --> 00:11:05,500 tools to kind of help to detect that, but when you're doing 198 00:11:05,500 --> 00:11:09,600 remote conversations like this, This you may not have the visual 199 00:11:09,600 --> 00:11:13,200 Fidelity that you can rely on to really kind of inspect 200 00:11:13,200 --> 00:11:17,600 pixel-by-pixel to see if Shadows are cast in the right way or you 201 00:11:17,608 --> 00:11:19,200 know, whatever it may be. I think it's I think it's very 202 00:11:19,200 --> 00:11:21,900 interesting, it's obviously something that that I find 203 00:11:21,900 --> 00:11:24,900 personally, interesting as well. And I think of the bad things 204 00:11:24,900 --> 00:11:28,100 can happen with it, but I'll hope to think that there will be 205 00:11:28,100 --> 00:11:30,400 some good use cases out of it. To like I said, I gotta get, I 206 00:11:30,400 --> 00:11:34,400 gotta get the memes going for my guy Fletcher, you know, I think 207 00:11:34,400 --> 00:11:39,400 the the You know, thinking back to my Kangol conversation, my 208 00:11:39,400 --> 00:11:43,200 takeaway was we just try and stay one step ahead of the bad 209 00:11:43,200 --> 00:11:46,400 guys, right? I mean, that's probably all you 210 00:11:46,400 --> 00:11:49,300 can do. I think if you take a historical 211 00:11:49,300 --> 00:11:54,700 perspective, 120 years ago they invented the electric light 212 00:11:54,700 --> 00:11:56,900 bulb, Tom says invented the electric light. 213 00:11:56,900 --> 00:12:00,500 Bulb does not have 120 years ago, you know, a little more 214 00:12:00,500 --> 00:12:05,100 than a lifetime ago. Now, look at things or even 215 00:12:05,100 --> 00:12:06,600 typing, this deep fake conversation. 216 00:12:06,800 --> 00:12:11,400 And so what can happen? 20, 40, 50 years down the road. 217 00:12:11,400 --> 00:12:16,400 It's just like, I don't think we can even predict yeah. 218 00:12:16,400 --> 00:12:18,600 Who knows? Maybe we'll become deep fake 219 00:12:18,600 --> 00:12:22,000 individuals ourselves and instead of streaming our stupid 220 00:12:22,000 --> 00:12:24,400 faces, maybe we just go to a fully cartoon format. 221 00:12:24,700 --> 00:12:26,500 Yeah. And that becomes a Persona. 222 00:12:26,900 --> 00:12:28,300 What's the band? Gorillaz? 223 00:12:28,300 --> 00:12:31,300 I think was kind of revolutionary in that spot where 224 00:12:31,500 --> 00:12:35,100 it's a real band, but there are public Persona was basically 225 00:12:35,200 --> 00:12:37,700 cartoon monkey. Keys are gorillas. 226 00:12:38,000 --> 00:12:40,600 And that was sort of like how they portrayed themselves, the 227 00:12:40,600 --> 00:12:43,900 world, until they kind of came out later on and show their real 228 00:12:43,900 --> 00:12:44,900 faces. But I thought that was 229 00:12:44,900 --> 00:12:49,800 interesting instead of Buddy care about me, I like some of 230 00:12:49,800 --> 00:12:53,000 their songs. The other thing I think to is 231 00:12:53,000 --> 00:12:57,700 like what happens if someone does a deep fake of, you know, a 232 00:12:57,700 --> 00:13:02,700 CEO and then calls into somebody and says, hey do this, and it's 233 00:13:02,800 --> 00:13:04,700 convincing enough. Where somebody does it, right? 234 00:13:04,700 --> 00:13:08,200 Which we have heard stories of people calling Again and doing 235 00:13:08,200 --> 00:13:11,500 voice deep fakes and voicemails and things like that where 236 00:13:11,500 --> 00:13:15,300 things have gone awry. But I think now as we get to 237 00:13:15,300 --> 00:13:18,400 more of a distributed remote Workforce, you may not ever 238 00:13:18,400 --> 00:13:22,100 actually see the person that you've been emailing and what 239 00:13:22,100 --> 00:13:24,500 happens if you get socially engineer and all of a sudden, 240 00:13:24,500 --> 00:13:28,400 you know, a deep fake person comes on tells you to do 241 00:13:28,400 --> 00:13:30,200 something and you trust it. I think it opens up a lot of 242 00:13:30,200 --> 00:13:31,600 avenues. You got to be careful from that 243 00:13:31,600 --> 00:13:35,100 social engineering aspect because as you and I know, 244 00:13:35,100 --> 00:13:39,300 social engineering continues to be the scourge of data breach 245 00:13:40,200 --> 00:13:42,700 Guardians, all over the place. Yeah, that's a great point 246 00:13:42,700 --> 00:13:44,900 though. Just one, one more thought on 247 00:13:44,900 --> 00:13:49,300 the D fake is that makes identity and access management 248 00:13:49,600 --> 00:13:52,800 verifying credentials although much more important that. 249 00:13:53,100 --> 00:13:55,800 All right. Now I have a CEO in front of me 250 00:13:55,800 --> 00:14:01,300 telling me to do something. Can I be sure that it's m as not 251 00:14:01,300 --> 00:14:05,800 just that it looks like him. Sounds like him just like, I got 252 00:14:05,800 --> 00:14:08,000 an email, looks like something he would have written. 253 00:14:08,300 --> 00:14:11,300 It's got the letterhead must be from the CEO. 254 00:14:11,800 --> 00:14:15,600 It goes back to the next thing that were leading into is just 255 00:14:15,600 --> 00:14:20,300 social engineering and it's still one of the main ways that 256 00:14:21,800 --> 00:14:26,300 Credentials are being stolen. Yep, I think you want to talk 257 00:14:26,300 --> 00:14:29,000 about our data breach of the week? 258 00:14:29,500 --> 00:14:33,000 Yeah, sure. So it's Marriott and I think 259 00:14:33,000 --> 00:14:38,000 we'll have a link to an article in the show notes, if anybody 260 00:14:38,000 --> 00:14:42,000 were to read up on it. But it was, I think, within the 261 00:14:42,000 --> 00:14:50,000 past week, where an employee at the Baltimore Airport, Marriott 262 00:14:50,000 --> 00:14:53,700 Hotel was Shuns you're into giving away their credentials. 263 00:14:53,700 --> 00:14:57,500 Now the article is not clear on whether or not the employee had 264 00:14:57,500 --> 00:14:59,600 the data on their on their device. 265 00:14:59,600 --> 00:15:03,600 I'm assuming not assuming that they were connected back into 266 00:15:03,800 --> 00:15:08,700 the network and that, you know, the hacker was able to leverage 267 00:15:08,700 --> 00:15:13,800 some kind of pathway through that endpoint device back into 268 00:15:13,800 --> 00:15:16,600 the network. The sounds like they got 20 269 00:15:16,600 --> 00:15:22,500 Gigabytes worth of pii data now, I think Marriott saying that 270 00:15:22,500 --> 00:15:27,500 hey, it wasn't that all that was reported by, you know, I think 271 00:15:27,500 --> 00:15:30,100 the hackers leaked out that, hey, we got all this credit card 272 00:15:30,100 --> 00:15:34,800 information, things like that, but according to the article 273 00:15:34,800 --> 00:15:38,100 Marriott's, like, denying that it was, you know, that that 274 00:15:38,100 --> 00:15:41,200 level of data, but is kind of concerning, because I think 275 00:15:41,200 --> 00:15:45,500 they've kind of run into this scenario several times, where 276 00:15:45,500 --> 00:15:48,700 it's like the social engineering, I think, you know, 277 00:15:48,900 --> 00:15:52,300 My biggest takeaway or, you know, it's not even just to take 278 00:15:52,300 --> 00:16:00,000 away is just kind of a, you know, confirming in my mind what 279 00:16:00,000 --> 00:16:05,400 is often the case which is that the a lot of folks in the it 280 00:16:05,400 --> 00:16:10,100 space think that okay, you know, you can't get through if we're 281 00:16:10,100 --> 00:16:14,700 doing MFA and we're doing one credential per person, you log 282 00:16:14,700 --> 00:16:17,800 in and assist employees and we have good deep furbishing 283 00:16:17,800 --> 00:16:20,600 processes. We feel good to person. 284 00:16:21,200 --> 00:16:24,400 Has gone through the right Jax. However, I think we're social 285 00:16:24,400 --> 00:16:27,800 engineering, we had Roger Grimes on even with him if a you could 286 00:16:27,800 --> 00:16:31,500 be social engineer to out of a multi-factor credential. 287 00:16:31,900 --> 00:16:35,800 Now, once you get into the network, are your network 288 00:16:36,600 --> 00:16:40,300 conditions designed in such a way, like, as your trust, kind 289 00:16:40,300 --> 00:16:44,200 of way that you're going to be limited in terms of your 290 00:16:44,200 --> 00:16:47,400 movement. In terms of, you know what you 291 00:16:47,400 --> 00:16:48,700 can access. You can't change. 292 00:16:48,800 --> 00:16:52,300 Credentials now that you're through the door and that you're 293 00:16:52,300 --> 00:16:56,900 not depending on the fact that okay, people who are on this 294 00:16:56,900 --> 00:16:59,500 side of the far, all we trust people on that side of the 295 00:16:59,508 --> 00:17:03,400 firewall we don't trust. I think that's the you know at 296 00:17:03,400 --> 00:17:06,200 the most basic level, what's your trust is all about 297 00:17:06,200 --> 00:17:10,400 targeting which is that traditional mentality that we 298 00:17:10,400 --> 00:17:13,700 have a firewall and inside the firewall. 299 00:17:14,500 --> 00:17:17,900 It's a higher level of trust. Zero, trust says, it doesn't 300 00:17:17,900 --> 00:17:20,000 matter inside. Her outside the firewall. 301 00:17:20,099 --> 00:17:23,400 The trust level is Euro. We don't trust you because 302 00:17:23,400 --> 00:17:26,599 you're on the inside, you need to be able to present the 303 00:17:26,599 --> 00:17:29,800 credentials for the system. Now, the reason I bring all that 304 00:17:29,800 --> 00:17:33,700 up, is that a front desk worker at one of the property 305 00:17:33,700 --> 00:17:37,400 locations, their credentials should not be able to get 20 306 00:17:37,400 --> 00:17:40,500 Gigabytes of data? So I'm assuming that unless the 307 00:17:40,500 --> 00:17:45,100 system that had that data was extremely flawed that they 308 00:17:45,300 --> 00:17:48,600 elevated to another credential that. 309 00:17:48,800 --> 00:17:51,600 Also, cause for concern, but we don't know all that. 310 00:17:51,600 --> 00:17:54,500 We're just, you know, there's obviously like an article 311 00:17:54,500 --> 00:17:57,700 that's, you know, a couple paragraphs long, it doesn't give 312 00:17:57,700 --> 00:18:01,400 all the the anatomy of the breach but you know, that's 313 00:18:01,400 --> 00:18:03,800 that's what we kind of know at this point. 314 00:18:04,300 --> 00:18:06,800 That's a little white on details but at the end of the day, 315 00:18:06,900 --> 00:18:10,800 social engineering strikes, again the unhappy path, right? 316 00:18:10,800 --> 00:18:13,300 I think of maybe people looking for access to things. 317 00:18:14,200 --> 00:18:16,600 It sounds like, you know, you know, they had them if they 318 00:18:16,600 --> 00:18:19,700 wouldn't matter in this case someone got tricked into doing 319 00:18:19,700 --> 00:18:20,500 it. And I think this is where the 320 00:18:20,500 --> 00:18:24,100 education component comes in. I think we still see reports. 321 00:18:24,100 --> 00:18:27,200 So we said I've seen that still show that, you know, awareness 322 00:18:27,200 --> 00:18:30,400 and and security education is still, you know, dollar for 323 00:18:30,400 --> 00:18:33,000 dollar the best spend, especially for scenarios like 324 00:18:33,000 --> 00:18:36,100 this. The challenge is, how do you 325 00:18:36,100 --> 00:18:37,900 make sure that you're targeting the right people? 326 00:18:38,200 --> 00:18:40,400 It's easy enough to say, okay, yeah, we'll never fall for 327 00:18:40,400 --> 00:18:43,100 fishing. And then the one time that you 328 00:18:43,100 --> 00:18:46,200 fall for it is the At time so you can continue we have to 329 00:18:46,200 --> 00:18:49,300 reinforce and you know Rogers quoted on this in this article 330 00:18:49,300 --> 00:18:51,100 from Silicon angle and we'll definitely link in the show 331 00:18:51,100 --> 00:18:53,400 notes but he points out a good thing. 332 00:18:53,400 --> 00:18:56,600 Here is the continual reinforcement of that message. 333 00:18:57,300 --> 00:18:59,800 Always be alert for it. You start to develop sort of 334 00:18:59,800 --> 00:19:02,100 that mindset and that and that awareness. 335 00:19:02,700 --> 00:19:08,900 But yeah, as a Marriott bon voyage person, I find it 336 00:19:08,900 --> 00:19:12,500 disappointing again, I think I saw an articles elsewhere that 337 00:19:12,800 --> 00:19:15,000 this is the seventh time that They've had a date incident 338 00:19:15,000 --> 00:19:17,200 since like 2010. So, you know, if you're 339 00:19:17,200 --> 00:19:20,500 averaging one every other year, that's probably not a great 340 00:19:21,200 --> 00:19:24,100 stat, that you're probably want to be proud of hopefully things 341 00:19:24,100 --> 00:19:27,300 get better, but I would assume they're a pretty big Target, 342 00:19:27,400 --> 00:19:29,000 right? I think one of the last acts 343 00:19:29,000 --> 00:19:34,200 also had was linked back to China and some Espionage going 344 00:19:34,200 --> 00:19:37,600 on there as well. So all the more reason to try 345 00:19:37,600 --> 00:19:42,200 and close as many doors as you can and certainly start to look 346 00:19:42,200 --> 00:19:44,800 at potential e zero trust. But also Save your analytics 347 00:19:44,800 --> 00:19:47,000 right? 20, gigs of data, you know, 348 00:19:47,300 --> 00:19:49,900 exiting your network should have trip, all kinds of alarms 349 00:19:50,100 --> 00:19:52,700 accessing that number, you know, that that much data should also, 350 00:19:52,800 --> 00:19:54,900 you know, trip up some things as well to try and be more 351 00:19:54,900 --> 00:19:58,000 proactive about it. The subtly right? 352 00:19:58,000 --> 00:20:01,700 Those are all great points. I think in their defenses, 353 00:20:01,700 --> 00:20:04,800 they've got a global customer base. 354 00:20:06,100 --> 00:20:11,200 They are the biggest hotel chain in the world, I love Marriott. 355 00:20:11,700 --> 00:20:17,600 I mean, I went to to book. A hotel for an upcoming trip and 356 00:20:17,600 --> 00:20:21,300 it was in San Francisco and like the number of boutique hotels 357 00:20:21,300 --> 00:20:25,100 that came back that are now under the the Marriott umbrella 358 00:20:25,100 --> 00:20:30,600 really impressive. But I think with having a global 359 00:20:30,600 --> 00:20:36,500 customer base, you've got so many different challenges in 360 00:20:36,500 --> 00:20:42,500 terms of the requirements for data privacy and really what 361 00:20:42,500 --> 00:20:46,700 level Factor authentication is feasible. 362 00:20:46,800 --> 00:20:51,900 I mean, the use cases that you pretty much anybody in the world 363 00:20:52,300 --> 00:20:54,800 could become a member. They may have a smartphone, they 364 00:20:54,800 --> 00:20:58,000 may not have a smartphone, you want them to become a member. 365 00:20:58,400 --> 00:21:00,100 I mean that's that's your whole business, right? 366 00:21:00,100 --> 00:21:04,300 Your you want everyone to be a customer at least, you know, I 367 00:21:04,300 --> 00:21:07,000 think now we're thinking, like, B to C and that scenario for a 368 00:21:07,000 --> 00:21:11,200 PHA, you know, how does that Maffei work differently between 369 00:21:11,200 --> 00:21:14,500 b2c B2B bde. This is actually IE a 370 00:21:14,500 --> 00:21:17,400 conversation that I started earlier today, with my new 371 00:21:17,400 --> 00:21:21,000 friend, Nick, we're kind of talking about, you know, what's 372 00:21:21,000 --> 00:21:24,800 the difference between customer MFA versus what, I'll call 373 00:21:24,800 --> 00:21:28,900 Workforce MFA, and I'll lump be to be within that Workforce 374 00:21:28,900 --> 00:21:31,100 environment as well because typically, they might be an 375 00:21:31,100 --> 00:21:34,200 extension of your Workforce, or maybe like a supplier or 376 00:21:34,200 --> 00:21:36,900 something like that, but it brought, it was interesting 377 00:21:36,900 --> 00:21:40,200 conversation because I think that at face value, it's like, 378 00:21:40,200 --> 00:21:44,300 oh, it's just MFA but as you and I know anybody probably Neck 379 00:21:44,300 --> 00:21:47,900 deep in a sanitation, they are very different beasts and very 380 00:21:47,900 --> 00:21:50,800 different use cases and very different user experiences that 381 00:21:50,800 --> 00:21:53,500 come unto it. And I guess maybe this is world 382 00:21:53,500 --> 00:21:56,800 will kind of take them in conversation for today is what 383 00:21:56,800 --> 00:21:59,700 is the difference between customer MFA versus Workforce 384 00:21:59,700 --> 00:22:03,900 MFA from your perspective? Which you think is harder to do? 385 00:22:08,100 --> 00:22:12,400 You know, I think one of the hardest things to do is MFA is 386 00:22:12,400 --> 00:22:14,300 to get the user experience, right? 387 00:22:14,700 --> 00:22:19,900 And I kind of feel like the user experience on the customer side 388 00:22:21,600 --> 00:22:24,800 is a little bit more difficult. You've got to get a more 389 00:22:24,800 --> 00:22:29,100 tailored and what it ends up doing is requiring you to scale 390 00:22:29,100 --> 00:22:34,200 back having a complex process. So you compromise strength for 391 00:22:34,200 --> 00:22:39,100 usability On the employee side, I think it tends are the 392 00:22:39,100 --> 00:22:42,600 workforce outages, a tends to be less that way. 393 00:22:42,600 --> 00:22:49,500 So for example and I think this this conversation has so many 394 00:22:49,500 --> 00:22:54,500 chemicals but from a technology perspective, most MFA technology 395 00:22:54,500 --> 00:22:57,500 that works for the workforce will also work for the customer. 396 00:22:57,700 --> 00:23:03,700 So one example is SMS, tax for one-time password, a time-based 397 00:23:03,700 --> 00:23:08,300 one-time password, and you get Sent to your phone and you see 398 00:23:08,300 --> 00:23:11,500 that in so many different customers scenarios because they 399 00:23:11,500 --> 00:23:15,900 have the person's phone number on file and sending him. 400 00:23:15,900 --> 00:23:19,700 A text is pretty much Universal, it's will work whether you have 401 00:23:19,700 --> 00:23:24,400 a flip phone or you have a smartphone However, I think on 402 00:23:24,400 --> 00:23:28,500 the employee side, having worked with so many customers, I rarely 403 00:23:28,500 --> 00:23:33,600 see anybody depended on SMS time-based one-time password. 404 00:23:35,100 --> 00:23:40,500 When you do see it, it's usually as an option, Bjorn option C. 405 00:23:40,700 --> 00:23:46,100 And I will point out that hacking that that kind of 406 00:23:46,100 --> 00:23:51,000 scenario is usually based on the unhappy path. 407 00:23:51,000 --> 00:23:54,700 So it's oh my Other applications not working. 408 00:23:54,700 --> 00:23:56,600 Okay, then we'll just send you an SMS. 409 00:23:56,600 --> 00:23:59,200 Oh, I don't have that I just changed my phone number. 410 00:23:59,200 --> 00:24:03,600 Okay well just log in with the secret questions and I was like 411 00:24:03,600 --> 00:24:06,700 okay yeah I've got the secret questions because they got 412 00:24:06,700 --> 00:24:10,300 dumped with you know this big data breach a happen somewhere 413 00:24:11,700 --> 00:24:16,500 but yeah that's that. So what's harder to do? 414 00:24:17,100 --> 00:24:19,600 I don't know that once necessarily harder than the 415 00:24:19,600 --> 00:24:23,700 other except that I think that if you're saying which One's 416 00:24:23,700 --> 00:24:27,600 hard to do in a very secure way. I think customers harder to do 417 00:24:27,600 --> 00:24:31,300 in a very secure way. Yeah, I can see that. 418 00:24:31,300 --> 00:24:33,500 I mean just the sheer footprint, right? 419 00:24:33,500 --> 00:24:37,700 Number of clusters, you might have the variety of devices that 420 00:24:37,700 --> 00:24:39,300 might be out there. And I think that's why we see 421 00:24:39,300 --> 00:24:43,000 SMS continue to be leveraged, even though it's not, you know, 422 00:24:43,000 --> 00:24:45,300 even recommended at this point keep using, it's still better 423 00:24:45,300 --> 00:24:47,500 than nothing. So you see that as sort of like 424 00:24:47,500 --> 00:24:51,100 the fallback plan, sometimes I only know the primary for, for 425 00:24:51,100 --> 00:24:56,900 some organizations, I guess I see them as equally difficult, 426 00:24:56,900 --> 00:24:59,300 but for different reasons the customer side, definitely the 427 00:24:59,308 --> 00:25:00,100 user. Variants. 428 00:25:00,100 --> 00:25:03,800 But I feel like for the customer side, you can narrow down the 429 00:25:03,800 --> 00:25:07,000 paths. Pretty pretty specifically. 430 00:25:07,100 --> 00:25:09,900 We're going to do SMS. We're going to do, email magic 431 00:25:09,900 --> 00:25:12,900 link. We're going to do, only push 432 00:25:12,900 --> 00:25:15,800 notification through our own branded app that you need to 433 00:25:15,800 --> 00:25:17,800 download from the store, right? Something like that. 434 00:25:18,800 --> 00:25:22,900 And I feel like still traditionally organizations are 435 00:25:22,900 --> 00:25:26,400 willing to spend the money on customers on security, on 436 00:25:26,400 --> 00:25:29,800 usability, on the user experience versus Is the 437 00:25:29,800 --> 00:25:33,000 workforce where sometimes they'll put up with a less than 438 00:25:33,000 --> 00:25:36,400 great experience because I well it's just our Workforce. 439 00:25:36,400 --> 00:25:38,600 We don't really care. Yeah. 440 00:25:38,600 --> 00:25:42,100 But their experience which I don't think is correct way to 441 00:25:42,100 --> 00:25:45,400 approach it and I think on the workforce side you get into 442 00:25:45,400 --> 00:25:48,200 really interesting and very specific use cases. 443 00:25:48,200 --> 00:25:53,300 Where, how do you deliver MFA to a variety of personas on the 444 00:25:53,308 --> 00:25:54,800 workforce side? Sure. 445 00:25:54,800 --> 00:25:56,800 There's going to be your, you know, will come cut, your strip, 446 00:25:56,800 --> 00:25:59,500 your typical office worker who might have a smartphone it. 447 00:25:59,700 --> 00:26:02,400 Is it but what happens if you are working with somebody who 448 00:26:02,400 --> 00:26:05,800 works in like a clean room environment or a shop floor or 449 00:26:05,800 --> 00:26:07,700 someplace? Where they can't bring a 450 00:26:07,708 --> 00:26:11,000 physical device in with them? What how are you going to 451 00:26:11,000 --> 00:26:14,600 deliver to them a multi-factor? You know device. 452 00:26:14,600 --> 00:26:16,500 They can't carry. Phone can't carry a token. 453 00:26:17,200 --> 00:26:19,200 Is there a phone call that they get maybe? 454 00:26:19,200 --> 00:26:21,200 And they have to do voice verification? 455 00:26:21,200 --> 00:26:23,500 Is that a retina scan, a fingerprint? 456 00:26:23,600 --> 00:26:25,400 You know. I think you get into some really 457 00:26:25,400 --> 00:26:28,100 interesting use cases on the workforce side that you really 458 00:26:28,700 --> 00:26:32,100 don't need to Account for is often on the customer side. 459 00:26:33,000 --> 00:26:35,800 And so, I think it depends, which is a great Consulting 460 00:26:35,800 --> 00:26:36,900 answer. Let's see. 461 00:26:37,300 --> 00:26:41,900 Which one's harder, but I feel like work force can be harder 462 00:26:42,300 --> 00:26:45,500 depending on how complex, your authentication scenarios look 463 00:26:45,500 --> 00:26:46,800 like. Do you need to count for 464 00:26:46,800 --> 00:26:49,600 something like that. If you have a pretty basic 465 00:26:49,600 --> 00:26:53,000 Workforce, it's just hey, we're all logging into Microsoft and 466 00:26:53,000 --> 00:26:55,800 we want to turn on, you know, MFA through Microsoft, that's 467 00:26:55,800 --> 00:26:58,500 probably pretty easy. It's always the details and 468 00:26:58,500 --> 00:27:02,300 those like Edge used Is that trip up a lot of organizations? 469 00:27:02,300 --> 00:27:06,000 And then they start developing and itís like back doors, but 470 00:27:06,000 --> 00:27:10,900 maybe back doors but alternative exception paths, that might be 471 00:27:10,900 --> 00:27:14,100 easier to exploit than just having a standard process that 472 00:27:14,100 --> 00:27:16,800 all of our users. Go through all of our customers 473 00:27:16,800 --> 00:27:19,400 do this. Maybe not all your employees do. 474 00:27:21,700 --> 00:27:26,300 I think if your paint with a broad brush to generally 475 00:27:26,300 --> 00:27:32,700 speaking, the customer side scale is way greater than the 476 00:27:32,700 --> 00:27:33,700 workforce. I'd say. 477 00:27:33,700 --> 00:27:36,100 Alright, I mean there are certainly companies with 478 00:27:36,100 --> 00:27:39,500 enormous workforces and there are certainly companies where 479 00:27:39,800 --> 00:27:42,100 their customer footprint is relatively small. 480 00:27:42,100 --> 00:27:46,800 But let's assume customers into millions Workforce in the 481 00:27:46,800 --> 00:27:52,100 thousands It makes it very difficult to use. 482 00:27:52,100 --> 00:27:55,500 Some of the stronger Technologies for MFA like 483 00:27:56,000 --> 00:27:58,800 authenticator applications. You're one of those scenarios 484 00:27:58,800 --> 00:28:02,800 where I run to personally a few times is where you change 485 00:28:02,800 --> 00:28:06,600 devices. So even if you're going from one 486 00:28:06,600 --> 00:28:10,100 iPhone to the next generation iPhone, you back up the iPhone 487 00:28:10,100 --> 00:28:12,400 restored. The new iPhone, it doesn't bring 488 00:28:12,400 --> 00:28:15,100 over the authenticator app information, you have to 489 00:28:15,100 --> 00:28:20,500 re-register the but the device and if you do that before You do 490 00:28:20,500 --> 00:28:23,000 that and you get rid of the old phone or yard, he wiped the old 491 00:28:23,000 --> 00:28:25,500 phone, you go to access the applications. 492 00:28:25,500 --> 00:28:28,000 Like oh so now what I do. Okay. 493 00:28:28,000 --> 00:28:31,500 Maybe they have a backup path but if there isn't a backup 494 00:28:31,500 --> 00:28:34,800 path, what do you do? I think from a customer, I am 495 00:28:34,800 --> 00:28:36,700 perspective. You'd have to think through that 496 00:28:36,700 --> 00:28:39,500 whole scenario. And do you want to put your 497 00:28:39,500 --> 00:28:43,600 customers through the headache of having call Help Desk? 498 00:28:43,800 --> 00:28:47,100 Well, if it's a banking scenario, or it, always comes 499 00:28:47,100 --> 00:28:49,700 down to the risk. What your answer is going to be 500 00:28:50,200 --> 00:28:53,400 And probably you have to ask yourself a question is like, 501 00:28:53,400 --> 00:28:56,000 it's my customer going to go through this or they going to 502 00:28:56,000 --> 00:29:00,000 abandon doing business with me. And so, if your level of 503 00:29:00,000 --> 00:29:06,100 affiliation is not so strong, I think at the most that point you 504 00:29:06,100 --> 00:29:11,000 can do is like an SMS or an email, so that the challenges 505 00:29:11,000 --> 00:29:14,800 you might not be implementing the level of security that you 506 00:29:14,800 --> 00:29:17,900 want to implement, because we already know there's a lot of 507 00:29:17,900 --> 00:29:19,600 weaknesses in a lot of ways around. 508 00:29:19,800 --> 00:29:23,800 And SMS and email, especially if you're dealing with people who'd 509 00:29:23,800 --> 00:29:27,800 be like a Target like, you know, politicians or human rights 510 00:29:27,800 --> 00:29:32,800 activists or celebrities things like that, they use their 511 00:29:32,800 --> 00:29:35,000 customers of different places as well, right? 512 00:29:35,000 --> 00:29:39,300 And people love to get their accounts, you know, thinking on 513 00:29:39,300 --> 00:29:42,600 the employee side I think putting those strong controls in 514 00:29:42,800 --> 00:29:46,200 is very reasonable and not even to say like we don't care about 515 00:29:46,200 --> 00:29:49,700 the user experience, but if you get to the end and you go get 516 00:29:49,800 --> 00:29:53,900 New device and you have to call the help desk because you didn't 517 00:29:53,900 --> 00:29:56,800 do things in the order you should have done them or for 518 00:29:56,800 --> 00:30:00,100 whatever reason. You're still talking thousands 519 00:30:00,100 --> 00:30:04,500 instead of millions and it's more feasible and plus you're 520 00:30:04,500 --> 00:30:07,800 paying those individuals. So there's some level of 521 00:30:07,800 --> 00:30:10,800 expectation that either something that comes along with 522 00:30:10,800 --> 00:30:13,600 that. Yeah. 523 00:30:15,900 --> 00:30:21,200 I think about it from blast radius to if a customer account, 524 00:30:21,200 --> 00:30:24,000 gets breached, what can they actually do with the customer 525 00:30:24,000 --> 00:30:27,200 information? One person's, probably not going 526 00:30:27,200 --> 00:30:28,900 to have a good time or maybe a family. 527 00:30:29,000 --> 00:30:30,500 Right there might be associated with that. 528 00:30:31,200 --> 00:30:35,400 If a employee account where to get breached, I think the blast 529 00:30:35,400 --> 00:30:37,900 radius tends to be larger in that case. 530 00:30:38,000 --> 00:30:41,100 The damage might be more significant relatively speaking. 531 00:30:42,300 --> 00:30:44,400 Now, if it's the wrong person, the customer side that could 532 00:30:44,400 --> 00:30:47,500 have. Traffic, you know, you know, 533 00:30:47,500 --> 00:30:50,300 issues as well. But where is the most damage 534 00:30:50,300 --> 00:30:53,100 going to get done? Is it because one customer 535 00:30:53,100 --> 00:30:56,900 didn't set up MFA in their account or that one customer got 536 00:30:56,900 --> 00:31:01,400 breached or because one employee got reached, I see the ladder 537 00:31:01,400 --> 00:31:04,600 because we're seeing it on, you know, a customer counts or 538 00:31:05,100 --> 00:31:07,100 employee counts, getting breached and then getting access 539 00:31:07,100 --> 00:31:11,100 to other sorts of data within the environment and a locked, I 540 00:31:11,108 --> 00:31:13,200 had struggled with it earlier this year with one of their 541 00:31:13,200 --> 00:31:17,500 msps. No had yeah, they got octave 542 00:31:17,500 --> 00:31:19,300 itself, didn't get breach but the MSP did. 543 00:31:20,000 --> 00:31:22,800 Yeah, that bead. So the blast radius to me plays 544 00:31:22,800 --> 00:31:26,300 a lot into this to say, okay. Well what's if the goal is to 545 00:31:26,300 --> 00:31:30,400 provide security It's obviously important to make sure that the 546 00:31:30,400 --> 00:31:33,300 customer data is safe. But if a customer gets breached, 547 00:31:33,300 --> 00:31:36,000 its One customer. If the employee gets breached, 548 00:31:36,000 --> 00:31:38,100 it could be multiple customers as we saw here. 549 00:31:38,300 --> 00:31:42,100 Potentially with whatever happened with Marriott that's 550 00:31:42,100 --> 00:31:45,400 why I think I lean towards they're probably the same from a 551 00:31:45,408 --> 00:31:48,700 difficulty standpoint but for different reasons based on a 552 00:31:48,708 --> 00:31:51,200 different types of complexity. If it's yeah it's a couple 553 00:31:51,200 --> 00:31:54,100 hundred people on the Enterprise side, maybe in the workforce you 554 00:31:54,100 --> 00:31:56,000 know. Maybe it is less of a concern or 555 00:31:56,000 --> 00:31:59,700 maybe the type of business that you do just It's as much of a 556 00:31:59,700 --> 00:32:01,600 target, maybe you're more The ransomware Target. 557 00:32:01,600 --> 00:32:05,700 Just for, you know, getting a few bucks out of you versus 558 00:32:05,700 --> 00:32:09,800 maybe something that's more, targeted Espionage or you know 559 00:32:09,900 --> 00:32:12,700 in a case of War trying to bring down you know different services 560 00:32:12,700 --> 00:32:15,100 or whatever. Maybe I think that blast radius 561 00:32:15,100 --> 00:32:18,100 has to play into the decision as well. 562 00:32:19,300 --> 00:32:20,800 Do you want to lose customers? No. 563 00:32:21,600 --> 00:32:24,800 Do you want your company to go underground and lose everything? 564 00:32:25,000 --> 00:32:26,900 Because the proper was security wasn't a place. 565 00:32:27,400 --> 00:32:29,200 I think that's equally as important to maybe even more 566 00:32:29,200 --> 00:32:31,300 important in some scenarios. Yeah. 567 00:32:31,900 --> 00:32:35,900 Well I think that we're in a scenario where what's the 568 00:32:35,900 --> 00:32:38,000 difference between the two? I think. 569 00:32:38,000 --> 00:32:41,500 Technically speaking, the Technologies work. 570 00:32:42,700 --> 00:32:46,500 The saying are the the same sets of Technologies can be used for 571 00:32:46,500 --> 00:32:50,500 either scenario, but some of the masses, an SMS is an SMS or a 572 00:32:50,500 --> 00:32:52,600 magic link is the same or a push notification. 573 00:32:52,700 --> 00:32:56,000 They're all the same, they work the same, right? 574 00:32:56,300 --> 00:33:00,800 And you know what I mean? Sometimes I really like the SMS. 575 00:33:01,200 --> 00:33:03,000 You know. If it's something that you know 576 00:33:03,000 --> 00:33:06,500 my LinkedIn account for example, I need to access it. 577 00:33:07,800 --> 00:33:11,300 Do I think that SMS is the strongest form of MFA. 578 00:33:11,900 --> 00:33:19,200 E naught, but I think that using SMS MFA is appropriate for the 579 00:33:19,200 --> 00:33:25,400 level of risk involved with logging in to LinkedIn and 580 00:33:25,400 --> 00:33:27,100 that's what I like. You're inviting people to try 581 00:33:27,100 --> 00:33:31,600 and man-in-the-middle you and take over the Jimmy Mac. 582 00:33:31,600 --> 00:33:35,400 I am LinkedIn profile. Maybe this is where defects get 583 00:33:35,400 --> 00:33:39,400 started all of our millions of listeners who are out there. 584 00:33:39,400 --> 00:33:41,800 Like oh yeah, you're gonna challenge me. 585 00:33:41,800 --> 00:33:43,100 Yeah. Well you only need a small 586 00:33:43,100 --> 00:33:46,400 percentage angry at you and then bad things happened. 587 00:33:46,400 --> 00:33:47,800 That's true. That's true. 588 00:33:47,800 --> 00:33:52,600 But, you know, one thing I feel like I need to bring this up but 589 00:33:52,600 --> 00:33:57,600 it's so cool. Like how on iOS devices now when 590 00:33:57,600 --> 00:34:01,900 you get an SMS one-time password whether you're in a native app 591 00:34:01,900 --> 00:34:05,900 or in a browser-based application, if you have the 592 00:34:05,900 --> 00:34:11,900 focus on the, you know, where you enter your SMS code kind, Of 593 00:34:11,908 --> 00:34:14,300 pops up and you just push the button and you're you're right 594 00:34:14,300 --> 00:34:16,699 in. I mean it's a great time saver. 595 00:34:17,100 --> 00:34:20,800 Yeah, I'm happy Google and apple have figured that part out, I'll 596 00:34:20,800 --> 00:34:24,800 be much happier when the Fido standards get put in place and 597 00:34:24,800 --> 00:34:28,000 we start to see passkeys just live there and it just becomes, 598 00:34:28,000 --> 00:34:30,900 you know, look at your phone to authenticate or press the finger 599 00:34:30,900 --> 00:34:33,400 print button or whatever. Maybe even, that'll become a 600 00:34:33,408 --> 00:34:35,400 whole lot easier. But, yeah. 601 00:34:35,400 --> 00:34:38,600 So it's those little, it's those little Time Savers that make the 602 00:34:38,600 --> 00:34:40,500 difference. I think, on the usability side, 603 00:34:41,199 --> 00:34:44,400 there's nobody Likes having to put in a second password because 604 00:34:44,400 --> 00:34:46,800 that's really what we're talking about is that SMS is just 605 00:34:46,800 --> 00:34:50,199 another password. So the easier that you can get 606 00:34:50,199 --> 00:34:54,100 it into the right field and make it secure the better. 607 00:34:54,900 --> 00:34:57,900 You know I'm sure there are people figuring out you know how 608 00:34:57,900 --> 00:35:01,700 to scrape that information from the message app on your phone 609 00:35:01,700 --> 00:35:07,500 and do man in the middle I think especially on Google or Android 610 00:35:07,700 --> 00:35:09,800 you know there's tons of messaging apps that's not the 611 00:35:09,800 --> 00:35:13,200 same messaging app for everybody and Some of those you give 612 00:35:13,200 --> 00:35:15,700 permissions that they can see your clipboard, they could see 613 00:35:15,707 --> 00:35:18,700 everything you type. You know how secure is that? 614 00:35:18,700 --> 00:35:20,100 I don't know. You really you're putting a lot 615 00:35:20,100 --> 00:35:23,800 of trust into whatever messaging app you're using to not read 616 00:35:23,800 --> 00:35:27,000 every single thing. You're typing into it and store 617 00:35:27,000 --> 00:35:28,800 it somewhere. We're be able to capture it and 618 00:35:28,800 --> 00:35:30,900 send it elsewhere, so think there's good and bad that comes 619 00:35:30,900 --> 00:35:33,300 along with it. I like the idea of it. 620 00:35:33,500 --> 00:35:38,700 I have a little more trust and Apple's implementation of it but 621 00:35:40,100 --> 00:35:43,800 Yeah, it's everything has a risk and reward to it. 622 00:35:43,800 --> 00:35:48,300 Well, you brought up there with the Fido possibility. 623 00:35:48,300 --> 00:35:51,300 I wonder how that would work when switching an iOS device 624 00:35:51,300 --> 00:35:55,900 because are those keys going to transfer when you get the new 625 00:35:55,900 --> 00:36:00,800 one, or you're going to have to re register your device. 626 00:36:00,800 --> 00:36:04,200 I'm assuming it's you, imagine high clouds can be a big part of 627 00:36:04,200 --> 00:36:07,400 this because that's how iCloud the key chain works right now 628 00:36:07,600 --> 00:36:11,400 between Mac OS, Mac OS, IOS and iPad OS. 629 00:36:12,000 --> 00:36:15,400 The iCloud portion is really sinking things behind the scenes 630 00:36:15,400 --> 00:36:17,700 and even if you use something like the Microsoft authenticator 631 00:36:17,700 --> 00:36:22,700 on iOS, you can still back up your Microsoft, authenticator 632 00:36:22,800 --> 00:36:27,000 keys to your iCloud account. You go to your new device log in 633 00:36:27,000 --> 00:36:31,200 with your Microsoft account and then restore from iCloud your 634 00:36:31,600 --> 00:36:33,600 keys. So I think, I think there's all 635 00:36:34,000 --> 00:36:36,800 these. Are you sure that I don't quote 636 00:36:36,800 --> 00:36:38,100 me but I feel ready. Sure. 637 00:36:38,600 --> 00:36:42,000 Because I change devices all the I'm and I rarely have to 638 00:36:42,000 --> 00:36:46,800 register new apps within my authenticator, so I don't use 639 00:36:46,800 --> 00:36:49,100 Microsoft for everything. I use authy for some things as 640 00:36:49,100 --> 00:36:52,000 well. So somewhere there is a sink and 641 00:36:52,000 --> 00:36:56,100 a decryption is taking place that takes all of my you know 642 00:36:56,400 --> 00:36:59,300 one time password generators through my through my 643 00:36:59,300 --> 00:37:02,100 authenticator app and is putting them on my new device. 644 00:37:02,600 --> 00:37:05,900 I'm not going out re-registering like 50 new apps, every time I 645 00:37:05,908 --> 00:37:08,300 get a new phone, otherwise would stop getting new phones. 646 00:37:08,300 --> 00:37:11,700 I don't want to do that. No, but I saw, I recently got a 647 00:37:11,707 --> 00:37:14,300 new phone with my previous employer. 648 00:37:14,700 --> 00:37:20,400 And there are Microsoft shop and install in tune to create like 649 00:37:20,400 --> 00:37:25,200 a, you know, basically. Yeah, it is stalls and Emi in. 650 00:37:25,200 --> 00:37:27,000 Tune, doesn't he definitely throws a wrench into it 651 00:37:27,000 --> 00:37:29,500 sometimes. Yeah, yeah. 652 00:37:29,500 --> 00:37:32,900 Somehow is creating some kind of encrypted package using the keys 653 00:37:32,900 --> 00:37:36,400 on your phone. So if you have that, I think it 654 00:37:36,400 --> 00:37:40,800 makes it much more difficult to kind of take your Rich tration 655 00:37:40,800 --> 00:37:44,800 from before and uses some of the gifted just start over. 656 00:37:45,700 --> 00:37:48,000 Yeah that's why I think the the workforce I could be more tricky 657 00:37:48,200 --> 00:37:51,000 if I'm a consumer you generally don't see that problem as often 658 00:37:51,100 --> 00:37:54,900 because they're allowing you to move those you know one time 659 00:37:54,900 --> 00:37:57,400 password generator is between devices. 660 00:37:57,900 --> 00:38:00,800 If you hassle I get in tune or an other MDM platform. 661 00:38:00,800 --> 00:38:02,900 There's probably more controls around it by policy. 662 00:38:03,200 --> 00:38:04,800 That is blocking you from doing that. 663 00:38:04,900 --> 00:38:07,000 You need to put a new certificate on which invalidates 664 00:38:07,000 --> 00:38:10,200 maybe, you know, the previous tokens that were Using you have 665 00:38:10,200 --> 00:38:12,100 to set it up again. That is definitely something 666 00:38:12,100 --> 00:38:15,100 that I have seen experience is painful when it happens, it's 667 00:38:15,100 --> 00:38:19,200 always happens at the worst time but I can see that scenario and, 668 00:38:19,200 --> 00:38:22,000 you know, maybe this, maybe this tips it for some people say 669 00:38:22,000 --> 00:38:23,900 yeah, Workforce might be harder because of that type of 670 00:38:23,908 --> 00:38:26,600 scenario, whereas on the consumer side, you maybe don't 671 00:38:26,600 --> 00:38:30,400 have that level of control or the device. 672 00:38:31,100 --> 00:38:33,400 So therefore you have to be a little bit more open with it and 673 00:38:33,400 --> 00:38:35,500 just by that nature, makes it may be a little bit easier to 674 00:38:35,500 --> 00:38:40,100 deploy. Yeah. well, I think the other 675 00:38:40,500 --> 00:38:43,600 thought that crossed my mind as you're talking about different 676 00:38:43,600 --> 00:38:48,000 scenarios with Workforce being more difficult is I think you're 677 00:38:48,000 --> 00:38:52,000 going in posture of all of your security tools, how close you 678 00:38:52,000 --> 00:38:56,300 are too, kind of a zero trust world because if somebody does 679 00:38:56,600 --> 00:39:01,100 kind of slip through the cracks of MFA, you know, are they now 680 00:39:01,100 --> 00:39:05,500 in they can just run wild or have you established kind of the 681 00:39:05,500 --> 00:39:09,700 entry into the network that's going to Segment and limit their 682 00:39:09,700 --> 00:39:13,900 access around the network. So I think there's that element 683 00:39:13,900 --> 00:39:17,300 kind of plays into how much risk you're talking about. 684 00:39:17,700 --> 00:39:18,400 Oh yeah. For sure. 685 00:39:18,500 --> 00:39:21,500 I mean, how many times do we? You know, your people are 686 00:39:21,500 --> 00:39:23,100 listening right? When they when they log on to 687 00:39:23,100 --> 00:39:25,500 their company VPN. Can you get anywhere in the 688 00:39:25,500 --> 00:39:29,600 network or basically, in any any rule from routing perspective or 689 00:39:29,600 --> 00:39:31,800 are you limited, right? That's one of the first steps 690 00:39:31,800 --> 00:39:35,400 from a zero trust perspective, is making sure that you can only 691 00:39:35,400 --> 00:39:38,500 get to the resources you can and you know you and We need to see 692 00:39:38,500 --> 00:39:41,000 lots of lots of companies. They have vpns that are wide 693 00:39:41,000 --> 00:39:42,300 open. Hey, what's your IV p on your 694 00:39:42,300 --> 00:39:44,600 trusted? You can go anywhere, do anything 695 00:39:44,600 --> 00:39:48,000 you want. And think if you got a shot, 696 00:39:48,000 --> 00:39:51,100 what you want to do, that's that's still so much the case. 697 00:39:51,100 --> 00:39:54,800 I mean, I work with so many organizations and that's exactly 698 00:39:54,800 --> 00:39:57,400 where they are. If you get on the VPN, you have 699 00:39:57,400 --> 00:40:01,100 full access and it's hard. It's hard to do it. 700 00:40:01,100 --> 00:40:02,500 Maybe you're basically how about Riri. 701 00:40:02,500 --> 00:40:06,000 You know re-architecting your IP space within an organization. 702 00:40:06,800 --> 00:40:10,300 If you're a small enough If maybe it's not as difficult, but 703 00:40:10,300 --> 00:40:13,100 if you're a relative Argosy organization or you have a 704 00:40:13,100 --> 00:40:15,800 pretty complex environment, maybe have to do segregation 705 00:40:15,800 --> 00:40:20,000 between, I don't know, like, you know, manufacturing lines and 706 00:40:20,000 --> 00:40:24,300 scada devices, or power company, or bank or whatever it may be. 707 00:40:24,300 --> 00:40:27,600 And you haven't like figure that out or architected it in 708 00:40:27,600 --> 00:40:29,500 advance. That's a lot of work. 709 00:40:31,600 --> 00:40:35,400 You have a, it's we should be doing it, right? 710 00:40:35,400 --> 00:40:41,000 I mean, think about it, like, all right, so I was on the 711 00:40:41,000 --> 00:40:47,100 network engineering side early in my it career, and each office 712 00:40:47,200 --> 00:40:53,100 had IP segments, you know, like this IP range for this office 713 00:40:53,100 --> 00:40:57,600 and that IP range for that office and really, you should at 714 00:40:57,600 --> 00:41:01,500 the most be able to access kind. The office that you go to but 715 00:41:01,500 --> 00:41:05,300 really you should be accessing any endpoint devices or printing 716 00:41:05,300 --> 00:41:07,600 to any printers when you could VPN. 717 00:41:07,800 --> 00:41:12,100 Or if you do it should be kind of the exception case or maybe 718 00:41:12,100 --> 00:41:15,700 basing it on DNS, rather than IP addresses, you should be 719 00:41:15,700 --> 00:41:19,200 accessing applications that are in data centers. 720 00:41:19,500 --> 00:41:23,400 Ideally you get to the point where you're saying, you can 721 00:41:23,400 --> 00:41:26,400 only access these IP addresses in these ports. 722 00:41:27,400 --> 00:41:32,500 Anything beyond that just seems like it's it's not good enough 723 00:41:32,700 --> 00:41:37,900 and you see like in other areas of it where an information 724 00:41:37,900 --> 00:41:42,000 security where we've made so much progress, but we still in 725 00:41:42,000 --> 00:41:45,700 math. I say let me know if it's I'm 726 00:41:45,700 --> 00:41:49,400 just over generalizing your but I see the lot where there's just 727 00:41:49,400 --> 00:41:51,900 very little control when somebody's on the VPN they've 728 00:41:51,900 --> 00:41:54,500 been authenticated. Might have good authentication 729 00:41:54,500 --> 00:41:57,700 controls but once they're in, they're in, If I think I'm the 730 00:41:57,707 --> 00:41:59,700 different least, I think that's the difference. 731 00:41:59,700 --> 00:42:04,800 I think it is, I think local networks generally are in a 732 00:42:04,808 --> 00:42:07,400 better shape, but when it came to VPN, it was just, hey, we 733 00:42:07,400 --> 00:42:10,200 need to get access to everybody. And maybe the pandemic 734 00:42:10,400 --> 00:42:13,000 accelerated that for people who weren't ready for it and they 735 00:42:13,000 --> 00:42:16,900 had to put something in place and they didn't have the time to 736 00:42:16,900 --> 00:42:20,100 architect, the VPN eyepiece, to make sure that they were the way 737 00:42:20,100 --> 00:42:22,400 they were supposed to be. So, should they be doing it? 738 00:42:22,400 --> 00:42:25,900 Yes, I Hope they've started. If they haven't already, you're 739 00:42:25,900 --> 00:42:28,900 probably buying the This, but I think that's the difference, 740 00:42:28,900 --> 00:42:32,000 right? Is the VPN angle of it is. 741 00:42:32,000 --> 00:42:35,100 You're coming in, any any? And if that's what gets breach, 742 00:42:35,100 --> 00:42:38,200 and now you have a remote laptop that's been lost or somehow 743 00:42:38,200 --> 00:42:41,000 compromised. That's an endpoint that has any 744 00:42:41,000 --> 00:42:43,500 any access to your network? That's bad times. 745 00:42:44,700 --> 00:42:48,400 Totally agree. Well, Jeff, we can go on all day 746 00:42:48,400 --> 00:42:52,600 with different topics, but I do have to kind of wrap your yep. 747 00:42:52,700 --> 00:42:55,500 Let's go ahead and wrap it up here before we go. 748 00:42:55,500 --> 00:42:58,300 Today is the 11th. It's national state. 749 00:42:58,600 --> 00:43:01,100 Fair, food day. What's your poison? 750 00:43:01,700 --> 00:43:04,200 I'm going to let you answer first because I think we're 751 00:43:04,200 --> 00:43:07,200 going to answer the same thing and I've got a good, I've got a 752 00:43:07,200 --> 00:43:10,600 good number of answers. I could feel with, I mean I'll 753 00:43:10,600 --> 00:43:13,500 eat most things. I think you know the Irish you 754 00:43:13,500 --> 00:43:15,600 haven't been to Exotic when it comes to state fairs. 755 00:43:15,600 --> 00:43:19,100 Like I've never had a Fried Twinkie or a Snickers bar or 756 00:43:19,100 --> 00:43:21,400 anything like that, but I do enjoy. 757 00:43:21,700 --> 00:43:24,100 We're talked about this before, we started as a funnel cake. 758 00:43:24,100 --> 00:43:25,800 I was like, yeah, that's that's that's my jam. 759 00:43:25,800 --> 00:43:28,800 That's my wife's Jam to, we try to get at least one per year, 760 00:43:29,800 --> 00:43:33,300 you know, in to us. But that's that's that's that's 761 00:43:33,300 --> 00:43:35,300 where I'm going to go with. So it's a little cake. 762 00:43:35,300 --> 00:43:38,100 Do you put it like dealing a lot of powdered sugar? 763 00:43:39,200 --> 00:43:43,200 I like Define a lot because it's amount of the be covered. 764 00:43:43,600 --> 00:43:46,400 No. It's like yeah, you should know. 765 00:43:46,700 --> 00:43:50,800 It should be an appropriate amount of powder sugar. 766 00:43:50,800 --> 00:43:53,100 It should not be a mountain that you can stick your finger 767 00:43:53,100 --> 00:43:56,900 through and not hit any funnel cake if that makes sense. 768 00:43:57,700 --> 00:44:00,800 Well, there's also like sometimes I've seen them where 769 00:44:01,200 --> 00:44:04,600 people get the funnel cake powdered sugar and then like 770 00:44:04,600 --> 00:44:06,300 chakra tell, what may be your something on it? 771 00:44:06,300 --> 00:44:07,500 Yeah. Or caramel. 772 00:44:07,900 --> 00:44:09,000 Yeah. What do you do? 773 00:44:10,200 --> 00:44:13,100 I'm a plane. I like I like the funnel cake. 774 00:44:13,100 --> 00:44:15,600 The the way it was meant to be just some powdered sugar. 775 00:44:17,300 --> 00:44:20,900 But I you know certainly willing to allow others if they wanted 776 00:44:20,900 --> 00:44:24,000 to desecrate their funnel cake with various sauces or dips. 777 00:44:24,500 --> 00:44:26,500 Yeah. So I mean that is definitely 778 00:44:26,500 --> 00:44:31,400 like funnel cake is If anybody's listening it happen, hasn't had 779 00:44:31,400 --> 00:44:34,500 funnel cake. You need to try it unless you're 780 00:44:34,500 --> 00:44:37,600 diabetic kidney to try it. It's wonderful. 781 00:44:38,300 --> 00:44:41,700 I too, like, the fried Oreos and I will get them once in a while. 782 00:44:41,700 --> 00:44:45,200 I'm not a junk food kind of sir, but they are pretty good, and 783 00:44:45,200 --> 00:44:47,900 the front twinkies and fried Snickers bars. 784 00:44:49,300 --> 00:44:52,200 I don't really hang out in the south of the u.s. now. 785 00:44:52,200 --> 00:44:56,100 So, you know, you have to have to get your carnival on. 786 00:44:56,800 --> 00:45:00,000 This will be and yet another excuse for my ever expanding 787 00:45:00,100 --> 00:45:02,900 waistline. So all right we'll go ahead and 788 00:45:02,900 --> 00:45:05,800 leave it there for this week. Appreciate everyone for 789 00:45:05,800 --> 00:45:08,100 listening. You know. 790 00:45:08,100 --> 00:45:10,600 One of the things that we like to do is you know, have 791 00:45:10,600 --> 00:45:12,700 conversations like this. If you got topics that are out 792 00:45:12,700 --> 00:45:14,500 there, feel free to hit us up on LinkedIn. 793 00:45:14,500 --> 00:45:16,400 You're going to be a gardener hit us up on LinkedIn. 794 00:45:16,500 --> 00:45:18,200 We'd love to this pump, you know. 795 00:45:18,400 --> 00:45:20,100 Maybe figure out if there's something that we can, you know, 796 00:45:20,100 --> 00:45:22,200 get guests on the show and kind of talked with that, I love 797 00:45:22,200 --> 00:45:24,800 hearing stories from people are out in the field, so definitely 798 00:45:24,800 --> 00:45:28,200 don't hesitate to Ping Jimmer eye on LinkedIn for that. 799 00:45:28,200 --> 00:45:31,900 Sort of thing. You can catch Us online on the 800 00:45:31,900 --> 00:45:34,500 web. I'd any of the center.com, we're 801 00:45:34,500 --> 00:45:38,800 on Twitter and idac podcast, I'm finally getting my office back 802 00:45:38,800 --> 00:45:42,100 in order and getting schedules you know back in order. 803 00:45:42,100 --> 00:45:45,600 So I'm sure the live stream will come back at some point, but we 804 00:45:45,600 --> 00:45:48,700 still have those out there on YouTube a tidy, a seedot As a 805 00:45:48,700 --> 00:45:50,900 shortcut. So I'll hopefully people will 806 00:45:50,900 --> 00:45:53,600 check those out and with that, we'll go ahead and leave it for 807 00:45:53,600 --> 00:45:55,700 this week. Preciate everyone, Jim thanks 808 00:45:55,700 --> 00:45:58,300 for your time. Thank you all for listening and 809 00:45:58,300 --> 00:45:59,900 we'll talk with everyone in the next one. 810 00:46:03,900 --> 00:46:06,900 Thanks for listening to the identity at the center podcast. 811 00:46:06,900 --> 00:46:09,300 If you like what you heard, don't forget to subscribe and 812 00:46:09,300 --> 00:46:12,400 visit us on the web and identity at the center.com.