1 00:00:04,880 --> 00:00:11,200 This is identity at the center. Welcome to the Identity at the 2 00:00:11,200 --> 00:00:12,920 Center podcast. I'm Jeff, and that's Jim. 3 00:00:12,920 --> 00:00:15,080 Hey, Jim. Hey, Jeff, how are you? 4 00:00:15,520 --> 00:00:18,040 I am fantastic. How are you? 5 00:00:18,920 --> 00:00:23,280 I'm doing good, but guess what? I got an awesome for you today. 6 00:00:23,640 --> 00:00:25,600 I got something for you. I mean, you didn't ask me why I 7 00:00:25,600 --> 00:00:28,720 was fantastic that it. I normally say not so bad, but I 8 00:00:28,720 --> 00:00:30,400 was kind of hoping you'd ask why I'm fantastic. 9 00:00:30,880 --> 00:00:32,840 Why are you? Why is it fantastic, Jeff? 10 00:00:33,640 --> 00:00:37,000 Well, I have a major announcement to make regarding 11 00:00:37,000 --> 00:00:40,400 this podcast and you're going to be here with me as I do this 12 00:00:40,400 --> 00:00:42,600 live. You can see my mouse and I am 13 00:00:42,600 --> 00:00:45,880 clicking. What did I just do, Jim? 14 00:00:46,960 --> 00:00:48,960 Did you change the color in your background? 15 00:00:49,520 --> 00:00:52,520 Nope, that's. I mean I do, but not this time. 16 00:00:54,360 --> 00:00:58,120 I don't know what you did that was a million subscribers. 17 00:00:58,720 --> 00:01:00,840 I wish a million subscribers, but you're very close. 18 00:01:00,840 --> 00:01:03,440 We just crossed 1,000,000 downloads for the podcast. 19 00:01:03,440 --> 00:01:07,000 So I just posted to LinkedIn that we are officially crossed 20 00:01:07,000 --> 00:01:09,520 over into a million download territory. 21 00:01:09,520 --> 00:01:12,200 So big shout out to everyone who supported us along the way. 22 00:01:13,360 --> 00:01:15,800 Very humbling, very exciting. Never would have thought this, 23 00:01:15,800 --> 00:01:18,880 you know, 6 plus years ago when we started this, but yeah, here 24 00:01:18,880 --> 00:01:20,960 we are. Yeah, man, you're going to get 25 00:01:20,960 --> 00:01:24,120 the raw emotions. I can't believe that we. 26 00:01:24,200 --> 00:01:27,440 I mean, I knew it was coming, but man, it's really hit me. 27 00:01:27,440 --> 00:01:31,240 I, I just want to say thank you to everybody who supported us 28 00:01:31,240 --> 00:01:34,640 along the way, All of our sponsors, all of our listeners, 29 00:01:34,760 --> 00:01:37,920 hardcore listeners, people who just pick it up for a few 30 00:01:37,920 --> 00:01:40,600 episodes. I mean, we appreciate it all. 31 00:01:41,480 --> 00:01:45,880 Yeah, super cool, monumental and yeah, I guess on for the next 32 00:01:45,880 --> 00:01:48,400 million. But you know, I guess a plea for 33 00:01:48,400 --> 00:01:50,480 those out there, if you haven't checked us out or you're not 34 00:01:50,480 --> 00:01:52,440 subscribed, you just kind of listen to one off check us, you 35 00:01:52,440 --> 00:01:54,280 know, subscribe, hit that like button. 36 00:01:54,600 --> 00:01:57,400 It is, you know, get us on YouTube or Spotify or Apple or 37 00:01:57,400 --> 00:02:00,400 wherever you want to do it. But that definitely helps kind 38 00:02:00,400 --> 00:02:02,160 of, you know, show that we've got people out there. 39 00:02:02,160 --> 00:02:04,720 But a million downloads? That is absolutely crazy for an 40 00:02:04,720 --> 00:02:09,280 identity and access management podcast with 0 advertising, all 41 00:02:09,280 --> 00:02:13,000 word of mouth and that's it. Yeah, The funny thing is, like 42 00:02:13,000 --> 00:02:15,080 it probably. How many years did it take to 43 00:02:15,520 --> 00:02:18,160 reach 100,000? It's a failure. 44 00:02:18,160 --> 00:02:23,520 It's just picked up steam over the last couple years and so, 45 00:02:23,640 --> 00:02:27,080 you know, all of our friends, but our friends over at IT Pro, 46 00:02:28,400 --> 00:02:32,080 you know, being the official podcast of IT Pro, it certainly 47 00:02:32,080 --> 00:02:35,120 didn't hurt. No, it's, it's super cool. 48 00:02:35,120 --> 00:02:38,400 And you know what, birds of a feather flock together or, or 49 00:02:38,400 --> 00:02:41,360 something like that. But yeah, super cool. 50 00:02:41,360 --> 00:02:43,600 So I just want to take a moment. I was, I'm going to steal the 51 00:02:43,600 --> 00:02:45,560 banter from you. I figured and said, hey, I've 52 00:02:45,560 --> 00:02:47,600 got something, you know, hit me up first. 53 00:02:49,720 --> 00:02:51,360 Yeah, I mean you. You. 54 00:02:51,600 --> 00:02:53,520 I'm glad you did. I'm glad you did. 55 00:02:53,800 --> 00:02:56,880 So now on to our normal broadcasting. 56 00:02:57,280 --> 00:03:00,120 Regular schedule broadcast. We've got a bunch of different 57 00:03:00,120 --> 00:03:01,640 events. I just told you before I hit 58 00:03:01,640 --> 00:03:05,440 record that I'm on the road like every week starting next week 59 00:03:05,440 --> 00:03:08,200 through October for a bunch of different things between like my 60 00:03:08,200 --> 00:03:11,080 real job, you know, consulting day job and then the podcast. 61 00:03:11,600 --> 00:03:14,720 But we've got cybersecurity summits taking place in Chicago 62 00:03:14,720 --> 00:03:17,040 and Philadelphia. Those are both in September. 63 00:03:17,040 --> 00:03:20,720 I will be at both of those. We've got discount code CSS25 64 00:03:20,720 --> 00:03:24,840 dash, IDAC free pass share it would love, I'd love to see a 65 00:03:24,840 --> 00:03:26,880 bunch of people in Chicago and Philadelphia. 66 00:03:26,880 --> 00:03:29,240 I know more, I know way more people in Chicago than I do in 67 00:03:29,240 --> 00:03:31,200 Philadelphia. But it'll be cool to meet up 68 00:03:31,200 --> 00:03:33,960 with people in bulk locations, so people will check that out. 69 00:03:35,160 --> 00:03:38,640 The new one that we just kind of figured out this week is 70 00:03:38,640 --> 00:03:43,240 Authenticate 2025. So we are coming back again and 71 00:03:43,240 --> 00:03:45,840 we have some exciting things planned with Megan and Adrian 72 00:03:45,840 --> 00:03:49,000 and Andrew and crew for this next year. 73 00:03:49,000 --> 00:03:51,080 So we have a discount code for that one as well. 74 00:03:51,520 --> 00:03:53,240 That one is in October and that's the one that's in 75 00:03:53,240 --> 00:03:55,160 Carlsbad, CA, one of my favorite conferences. 76 00:03:55,160 --> 00:03:59,240 But if you enter the code IDAC 2025, you get 20% off. 77 00:03:59,320 --> 00:04:00,920 So I'll have that in our show notes. 78 00:04:01,680 --> 00:04:02,960 We actually have all these in our show notes. 79 00:04:03,080 --> 00:04:05,520 We'll check out. So another conference that's in 80 00:04:05,520 --> 00:04:08,200 October and then we've got yeah, go ahead. 81 00:04:09,040 --> 00:04:12,000 Well, what I was going to say is like authenticate some people 82 00:04:12,000 --> 00:04:16,680 might think to themselves like, oh, that's a little intimidating 83 00:04:16,680 --> 00:04:20,360 or that's not in my lane. Or they might be looking at some 84 00:04:20,360 --> 00:04:23,120 of the other conferences that you mentioned that are, you 85 00:04:23,120 --> 00:04:26,880 know, big umbrella cyber and thinking, well, my lane is 86 00:04:26,880 --> 00:04:29,400 identity. I'd be intimidated to go to 87 00:04:29,400 --> 00:04:32,480 those conferences. But I think what you see as a 88 00:04:32,480 --> 00:04:37,000 trend in this identity industry is that the tent is expanding, 89 00:04:37,200 --> 00:04:40,880 the umbrella is expanding, and you need to know cyber, you need 90 00:04:40,880 --> 00:04:43,720 to plug into it. You should be opening your mind 91 00:04:43,720 --> 00:04:47,160 to what's going on with Fido and Pass keys and just the 92 00:04:47,160 --> 00:04:50,240 pastoralist revolution because that's where everything is 93 00:04:50,240 --> 00:04:54,320 heading. So even if you think, well, this 94 00:04:54,320 --> 00:04:57,040 hasn't been in my lane, First off, they're fantastic 95 00:04:57,040 --> 00:05:01,320 conferences. And 2nd off, like you should be 96 00:05:01,320 --> 00:05:03,080 learning things that are outside of your lane. 97 00:05:03,080 --> 00:05:06,160 That's how you're going to become the better practitioner 98 00:05:06,160 --> 00:05:11,280 of tomorrow, yeah. A a good identity professional 99 00:05:11,280 --> 00:05:13,520 is well-rounded. They don't know just identity. 100 00:05:13,520 --> 00:05:16,280 They're able to talk through other parts of security to 101 00:05:16,280 --> 00:05:18,240 understand how those parts contribute to identity. 102 00:05:18,240 --> 00:05:20,280 So yeah, even though some of these might be, you know, 103 00:05:20,280 --> 00:05:22,120 cybersecurity conferences, guess what? 104 00:05:22,120 --> 00:05:23,320 Identity is part of cybersecurity. 105 00:05:23,560 --> 00:05:25,400 So you're probably going to learn something or be able to 106 00:05:25,400 --> 00:05:27,840 share ideas or, or things like that with kind of, you know, 107 00:05:27,840 --> 00:05:30,360 other folks, but definitely encourage people to come out and 108 00:05:30,360 --> 00:05:33,440 check it out. So, yeah, so we've got, let's 109 00:05:33,440 --> 00:05:36,200 see, cybersecurity summits. We've got the Authenticate 110 00:05:36,200 --> 00:05:39,800 conference, then we've got the Identiverse Washington DC event 111 00:05:39,800 --> 00:05:42,280 coming up in November. Of course, we have a discount 112 00:05:42,280 --> 00:05:46,840 code for that one as well. IDV 2, five dash, IDAC 25 gets 113 00:05:46,840 --> 00:05:48,720 you some percentage off. I forgot to write it down, but 114 00:05:48,720 --> 00:05:53,800 it is our on our website, 25, I'm going to guess 25, but you 115 00:05:53,800 --> 00:05:55,440 never know, it could be the year, who knows. 116 00:05:56,640 --> 00:06:00,000 And then after that, we've got the Gartner conference, the IAM 117 00:06:00,000 --> 00:06:03,960 Summit in Texas in December and we'll have a discount code for 118 00:06:03,960 --> 00:06:06,640 that coming in October. So be on the lookout for that. 119 00:06:06,640 --> 00:06:10,400 Again, everything will be on our our web page, IDC podcast.com. 120 00:06:10,400 --> 00:06:12,480 Just Scroll down on that main page and you'll see everything 121 00:06:12,480 --> 00:06:14,520 that we've that we've currently got active. 122 00:06:14,520 --> 00:06:16,440 So hopefully people are able to take advantage of that. 123 00:06:16,600 --> 00:06:19,240 Definitely supports the show, shows that we can bring people 124 00:06:19,240 --> 00:06:21,760 to the conference and and have some fun with it too. 125 00:06:22,800 --> 00:06:25,560 Absolutely. You know, and, and Speaking of 126 00:06:25,560 --> 00:06:29,120 which, This is why conferences are especially important. 127 00:06:29,120 --> 00:06:32,120 Like you've always said, the best part is the hallway 128 00:06:32,120 --> 00:06:36,600 conversations and the people you get to bump into and the people 129 00:06:36,600 --> 00:06:38,720 that you meet for the first time. 130 00:06:38,720 --> 00:06:42,080 Our guest today is somebody we met for the first time at a 131 00:06:42,080 --> 00:06:45,720 conference this year, and he's somebody that he's got some 132 00:06:45,840 --> 00:06:50,600 really big ideas in the identity space, and that's why you and I 133 00:06:50,600 --> 00:06:54,240 were both so excited to get him on to the show today. 134 00:06:55,240 --> 00:06:56,560 Yeah. Let's go ahead and introduce our 135 00:06:56,560 --> 00:06:58,080 guest. His name is Anthony Viggiano. 136 00:06:58,080 --> 00:06:59,880 He's one of the iron weeders in our space. 137 00:07:00,160 --> 00:07:01,800 He's a member of the Identity Underground. 138 00:07:02,040 --> 00:07:06,680 He's a member of ID Pro. I met him at Identibeer at the 139 00:07:06,680 --> 00:07:08,960 Identiverse Conference in Vegas earlier this year. 140 00:07:09,360 --> 00:07:11,400 And yeah, welcome to the show, Anthony. 141 00:07:12,000 --> 00:07:14,880 Hey, thanks, Jeff. Jim, this is really an honor to 142 00:07:14,880 --> 00:07:18,000 be on your podcast talking about my one of my passions, identity 143 00:07:18,000 --> 00:07:20,240 and access management. Really thank you. 144 00:07:20,240 --> 00:07:23,160 And also want to thank the broader industry, the identity 145 00:07:23,160 --> 00:07:24,480 and access management industry. Yeah. 146 00:07:24,560 --> 00:07:27,280 You know, go into these conferences, you show up, you're 147 00:07:27,280 --> 00:07:29,360 like, OK, am I going to be able to contribute? 148 00:07:29,360 --> 00:07:31,440 Am I going to meet anybody? What's it going to be like? 149 00:07:31,960 --> 00:07:35,360 And all the conferences that I've been to RSA, you know, 150 00:07:35,360 --> 00:07:38,960 Identiverse, people want to meet, people want to talk, 151 00:07:38,960 --> 00:07:41,680 people want to share their own passions about what they do and 152 00:07:41,680 --> 00:07:43,640 they want to build relationships. 153 00:07:43,960 --> 00:07:46,280 And then best of all, what I found out is people want to 154 00:07:46,280 --> 00:07:48,360 help. I've been on the hunt for my 155 00:07:48,360 --> 00:07:50,640 next identity actors, management, leadership role. 156 00:07:50,840 --> 00:07:53,200 And everybody that I talked to, when I kind of mentioned that 157 00:07:53,200 --> 00:07:55,280 they're like, oh, I know of an opportunity or I know this 158 00:07:55,280 --> 00:07:57,840 company is doing something and people have been getting me 159 00:07:57,840 --> 00:07:59,840 connected. I've been applying to roles and 160 00:07:59,840 --> 00:08:02,240 I'd, I would reach out to my network and I'd say, hey, do you 161 00:08:02,240 --> 00:08:04,320 know anybody at this company? And they say, yeah, let me shoot 162 00:08:04,320 --> 00:08:08,400 the hired manager an e-mail. I'm so thankful to to Jim, you, 163 00:08:08,560 --> 00:08:12,120 you, Jim and Jeff for for helping out with that And and 164 00:08:12,120 --> 00:08:13,760 just the community more in general. 165 00:08:13,760 --> 00:08:15,200 And I just wanted to say thank you. 166 00:08:15,440 --> 00:08:19,960 But also at Identi Beer, thanks to my wife, because if it wasn't 167 00:08:19,960 --> 00:08:22,200 for her, I don't think we we would have met because I 168 00:08:22,200 --> 00:08:25,520 probably would have shown up. Who here loves going to these 169 00:08:25,520 --> 00:08:28,600 big open, you know, social events where you don't know 170 00:08:28,600 --> 00:08:31,080 anybody? And when I'm walking towards 171 00:08:31,080 --> 00:08:33,200 those events and I hear everybody talking, I'm going up 172 00:08:33,200 --> 00:08:35,400 the stairs like my feet feel like lead. 173 00:08:35,400 --> 00:08:37,000 I don't want to climb that next step. 174 00:08:37,000 --> 00:08:39,120 I'm like thinking to myself, man, all I have to do is go back 175 00:08:39,120 --> 00:08:41,360 to my hotel room. I can watch a movie, I go watch 176 00:08:41,360 --> 00:08:43,200 2 movies. I can go to bed early. 177 00:08:43,640 --> 00:08:46,440 Anything is better than, you know, walking into a social 178 00:08:46,440 --> 00:08:49,360 event. But she came to Vegas with us. 179 00:08:49,640 --> 00:08:51,400 She was there. She was like, no, let's go do 180 00:08:51,400 --> 00:08:53,440 it. And she supported me and helped 181 00:08:53,440 --> 00:08:55,560 me. And she helped, you know, start 182 00:08:55,560 --> 00:08:57,320 the conversations. And she's a kindergarten 183 00:08:57,320 --> 00:09:00,160 teacher, so she is just as good at talking with her little 184 00:09:00,160 --> 00:09:01,960 kindergarten students. Oh, you got a new toy at 185 00:09:01,960 --> 00:09:03,200 McDonald's? That's amazing. 186 00:09:03,520 --> 00:09:05,600 Or, oh, you're AC. So for a large company, that's 187 00:09:05,600 --> 00:09:06,640 amazing. Tell me more. 188 00:09:06,960 --> 00:09:09,040 And she could just hold the conversation with anybody. 189 00:09:09,040 --> 00:09:10,600 But she makes me feel like I can do anything. 190 00:09:10,600 --> 00:09:11,960 And so I just really appreciate her. 191 00:09:11,960 --> 00:09:13,840 I'd be in there with me. Yeah, that's super cool. 192 00:09:13,960 --> 00:09:16,360 I remember meeting her and we were, I, I think I asked her 193 00:09:16,360 --> 00:09:18,160 more questions about kindergarten than I asked you 194 00:09:18,760 --> 00:09:20,880 like stuff. But the whole point was to, you 195 00:09:20,880 --> 00:09:22,400 know, get to know each other and stuff like that. 196 00:09:22,400 --> 00:09:25,400 But yeah, super cool. And look, that's a great part of 197 00:09:25,400 --> 00:09:28,560 identity, right, Is it's a big tent as sort of, you know, Jim 198 00:09:28,560 --> 00:09:31,280 mentioned earlier in previous episode, as well as there's a 199 00:09:31,280 --> 00:09:32,960 lot going on, a lot of really good people. 200 00:09:32,960 --> 00:09:35,240 And that is one of the strengths of the identity community at 201 00:09:35,240 --> 00:09:36,960 large. You get groups like Identity 202 00:09:36,960 --> 00:09:40,560 Underground, you get groups like Identity ID Pro, right, for 203 00:09:40,560 --> 00:09:43,600 example. Like that's just cool, man. 204 00:09:43,640 --> 00:09:47,120 I mean, no other articulate way to put it other than just it's 205 00:09:47,120 --> 00:09:50,200 super cool. So let's talk a little bit about 206 00:09:50,200 --> 00:09:52,160 that journey into identity. You've been kind of doing this 207 00:09:52,160 --> 00:09:54,960 for a while now. Tell us, how did you get to the 208 00:09:54,960 --> 00:09:56,720 identity space? Is it something that you chose 209 00:09:56,720 --> 00:09:58,440 or did it choose you? Yeah. 210 00:09:58,440 --> 00:10:01,480 So it's 2019 and it was a little bit of both. 211 00:10:01,480 --> 00:10:04,160 So we, the company I was a part of just acquired another large 212 00:10:04,160 --> 00:10:06,160 organization. We were combining and there was 213 00:10:06,160 --> 00:10:09,240 org changes and my managers were moving to a new team and nobody 214 00:10:09,240 --> 00:10:11,760 really knew what was going on. And so somehow I had this 215 00:10:11,760 --> 00:10:14,560 opportunity where where I was asked, what do you want to do? 216 00:10:14,560 --> 00:10:17,320 Where do you want to go? And I said, I want to go with my 217 00:10:17,320 --> 00:10:18,800 manager. I really liked what he did. 218 00:10:18,800 --> 00:10:20,400 He was very supportive of my career. 219 00:10:20,400 --> 00:10:22,680 And I said, I choose choose this role. 220 00:10:23,240 --> 00:10:26,160 Little did I know that that meant identity and access 221 00:10:26,160 --> 00:10:28,240 management. And so it was the very first 222 00:10:28,240 --> 00:10:32,160 week my, one of our auditors sat me in his office and said, we 223 00:10:32,200 --> 00:10:33,920 haven't been able to do these access reviews. 224 00:10:34,280 --> 00:10:36,680 And you've got two months before our next audit. 225 00:10:36,880 --> 00:10:39,240 Here's what you've got to do. And, you know, try to explain 226 00:10:39,240 --> 00:10:41,200 what an access review was. And, and all these things. 227 00:10:41,200 --> 00:10:44,200 All I remember is I have no idea what you're talking about, but 228 00:10:44,200 --> 00:10:45,800 we'll figure it out. And we did. 229 00:10:45,840 --> 00:10:48,360 And, and I'm happy to kind of share, you know, that that 230 00:10:48,360 --> 00:10:51,600 journey and, and how do you be successful at the identity 231 00:10:51,600 --> 00:10:53,520 governance and, and different things like that? 232 00:10:53,800 --> 00:10:56,960 But, but I chose it and, and even if I knew what I was 233 00:10:56,960 --> 00:10:58,920 getting into, I think I still would have chosen it because 234 00:10:58,920 --> 00:11:00,360 it's been an awesome last six years. 235 00:11:02,160 --> 00:11:03,880 That's super cool. I mean, there's so much that 236 00:11:03,880 --> 00:11:08,520 that kind of happens in this space, in your time in identity. 237 00:11:08,920 --> 00:11:11,120 What's something that you see is like a real fundamental 238 00:11:11,120 --> 00:11:13,680 challenge today that you know, all of us are facing in our 239 00:11:13,680 --> 00:11:17,360 different roles? Data, I think data is one of the 240 00:11:17,360 --> 00:11:20,600 biggest challenges because if you don't have the data, let's 241 00:11:20,600 --> 00:11:24,320 say for example in whatever IGA platform that you're using, how 242 00:11:24,320 --> 00:11:26,680 can you perform the controls? That you need to perform. 243 00:11:27,160 --> 00:11:29,480 If you need to run an access review, but you don't know who 244 00:11:29,480 --> 00:11:31,520 has access to what, you can't run an access review. 245 00:11:31,880 --> 00:11:34,760 If you have the access review and you send it out to their 246 00:11:34,760 --> 00:11:37,880 managers, but the descriptions aren't that great, we're hardly 247 00:11:37,880 --> 00:11:40,160 going to know whether or not they should say keep a revoke. 248 00:11:41,000 --> 00:11:43,000 And, and so I think that's the biggest challenge. 249 00:11:43,000 --> 00:11:45,400 And then how do you solve that challenge is, is through data 250 00:11:45,400 --> 00:11:48,560 integration and being able to get those applications the 251 00:11:48,560 --> 00:11:51,480 source of truth that who has access to what into your 252 00:11:51,480 --> 00:11:53,160 platforms. And, and same thing with 253 00:11:53,160 --> 00:11:55,400 privileged access management. If you've got that automated 254 00:11:55,400 --> 00:11:57,720 rotation, then it works. Then then you're getting the 255 00:11:57,720 --> 00:11:59,800 value there. But if those passwords aren't 256 00:11:59,800 --> 00:12:02,480 being automatically rotated, then the, you know, the 257 00:12:02,480 --> 00:12:05,160 privileged access management, the, the value isn't there as 258 00:12:05,160 --> 00:12:06,800 much. So it's that data integration, 259 00:12:06,800 --> 00:12:09,680 the application integration, I think that's a building block 260 00:12:09,680 --> 00:12:12,480 that's going to continue to be very important. 261 00:12:13,960 --> 00:12:18,720 Such an interesting answer. I think it's, it's a very 262 00:12:18,880 --> 00:12:21,760 receptive answer. It's obviously somebody who's 263 00:12:21,760 --> 00:12:24,200 tackled the these challenges in the real world. 264 00:12:24,360 --> 00:12:26,680 I'll tell you what, Anthony, I thought you were going to say 265 00:12:26,920 --> 00:12:30,880 non human identities because where I met you first was that 266 00:12:30,920 --> 00:12:35,560 Identiverse in the NHI workshop NHR standing for non human 267 00:12:35,560 --> 00:12:37,920 identities. And it was a full day workshop. 268 00:12:37,920 --> 00:12:43,200 I mean the the topic is white hot right now and I'd love to 269 00:12:43,200 --> 00:12:47,080 hear your insight on why you think it's so hot at the moment. 270 00:12:47,920 --> 00:12:50,240 Sure. Yeah, I think, I think it's hot 271 00:12:50,240 --> 00:12:54,240 right now at the moment because it's been a problem for a very 272 00:12:54,240 --> 00:12:56,600 long time. The the surface accounts, as we 273 00:12:56,600 --> 00:12:59,720 used to call them, have been been around for 1020 years. 274 00:13:00,040 --> 00:13:03,480 So it's not a new problem. But what's making it more 275 00:13:03,480 --> 00:13:08,080 urgent, as I think we all know of AI is you've got the same 276 00:13:08,080 --> 00:13:11,200 problem then now you're going to plant on top of that, you know, 277 00:13:11,200 --> 00:13:16,040 these this new technology, you can't solve the AI problem, the 278 00:13:16,040 --> 00:13:18,800 agentic AI problem with the way we do things today. 279 00:13:18,960 --> 00:13:21,280 So I think the questions that we're trying to answer and what 280 00:13:21,280 --> 00:13:25,720 we talked about at that panel was one, how do you build a new 281 00:13:25,720 --> 00:13:27,480 foundation? How do you kind of clean up the 282 00:13:27,480 --> 00:13:30,040 problems that you have now? And then how do you start fresh 283 00:13:30,040 --> 00:13:33,040 so you can build on top of that for the new technologies and 284 00:13:33,040 --> 00:13:34,520 capabilities that are coming down the road? 285 00:13:35,720 --> 00:13:38,720 Yeah, I mean, agentic AI definite plays into it. 286 00:13:39,120 --> 00:13:43,640 I kind of feel like this they used to happen so to me and like 287 00:13:43,640 --> 00:13:47,120 you had enterprise IT where you had the service accounts and the 288 00:13:47,120 --> 00:13:50,920 application accounts. Then you opened up cloud and 289 00:13:50,920 --> 00:13:56,120 platform and it's like it bursts on this scene with a whole bunch 290 00:13:56,120 --> 00:13:59,160 more non human identities workloads. 291 00:13:59,560 --> 00:14:02,400 And now AI is going to be the next frontier. 292 00:14:02,760 --> 00:14:06,880 I feel like 1. I feel like practitioners have 293 00:14:06,880 --> 00:14:11,080 struggled to say, how do I solve this with my existing tool set? 294 00:14:11,280 --> 00:14:13,640 Or do I need to go out and buy something new? 295 00:14:14,720 --> 00:14:17,520 I mean, that's a whole thing that organizations are 296 00:14:17,520 --> 00:14:19,520 struggling through right now. I mean, do you have a 297 00:14:19,520 --> 00:14:21,400 perspective on that? Yeah. 298 00:14:21,600 --> 00:14:25,920 So I think first you can solve the problem or at least get a 299 00:14:25,920 --> 00:14:29,600 solid start without new tools. So I think, I think anybody can 300 00:14:29,600 --> 00:14:32,240 start any big large enterprise can start right now with the 301 00:14:32,240 --> 00:14:34,960 tools that you have. If you want to automate and kind 302 00:14:34,960 --> 00:14:37,320 of streamline those capabilities and really make it more 303 00:14:37,320 --> 00:14:39,560 scalable, then you're probably going to want to invest in some 304 00:14:39,560 --> 00:14:41,600 tools. But start start fresh. 305 00:14:41,600 --> 00:14:44,400 And and that is really just your old good old fashioned Excel 306 00:14:44,400 --> 00:14:47,800 spreadsheet is you run reports out of your source of truth, 307 00:14:48,080 --> 00:14:50,520 which is, you know, can be Active Directory, it can be your 308 00:14:50,520 --> 00:14:53,240 windows machines, it can be, you know, the the Linux machines 309 00:14:53,240 --> 00:14:55,560 anywhere where those non human identities live. 310 00:14:56,240 --> 00:15:00,480 Run those reports, discover what exists, figure out what they 311 00:15:00,480 --> 00:15:03,440 have access to. Are they administrative accounts 312 00:15:03,440 --> 00:15:06,560 on these servers or do they have just really basic access to to, 313 00:15:06,560 --> 00:15:09,680 you know, run, you know, run a report on a daily basis or 314 00:15:09,680 --> 00:15:11,720 something because, you know, there's all, all kinds of 315 00:15:11,720 --> 00:15:15,560 different use cases. Prioritize them and then figure 316 00:15:15,560 --> 00:15:18,400 out, OK, what ones do we still need and which ones we do? 317 00:15:18,400 --> 00:15:20,080 We not. And there's a lot of manual work 318 00:15:20,080 --> 00:15:22,600 that goes in into play there. It's now you've got the data. 319 00:15:22,600 --> 00:15:25,040 You let's say you have 50,000 non human identities. 320 00:15:25,240 --> 00:15:26,600 Well, now we got to figure out who owns them. 321 00:15:26,600 --> 00:15:27,720 We got to figure out what they do. 322 00:15:27,720 --> 00:15:29,400 We got to figure out if they're still used. 323 00:15:29,680 --> 00:15:32,440 And that's, you know, that's a huge thing is I'd, I would bet a 324 00:15:32,440 --> 00:15:35,000 lot of those accounts that you're going to discover aren't 325 00:15:35,000 --> 00:15:38,080 even used anymore. And wouldn't it be great to 326 00:15:38,120 --> 00:15:40,960 eliminate those and reduce your attack surface instead of just 327 00:15:40,960 --> 00:15:43,880 letting them sit around saying, I'm a little nervous to 328 00:15:43,880 --> 00:15:45,320 terminate them because I don't know what they do. 329 00:15:45,320 --> 00:15:48,480 And I don't want to, you know, break, break a system. 330 00:15:48,480 --> 00:15:50,200 So, you know, there's a real balance there. 331 00:15:50,200 --> 00:15:53,240 But that's how I need an example of what you can do now without 332 00:15:53,240 --> 00:15:55,920 any new technology. It's a pretty pragmatic 333 00:15:55,920 --> 00:15:58,160 approach. I think if I was to summarize 334 00:15:58,160 --> 00:16:02,160 it, because I was thinking this as you're going, yeah, don't let 335 00:16:02,160 --> 00:16:05,640 the don't let perfection be the enemy of better, right? 336 00:16:05,640 --> 00:16:08,000 Like if you can get better, if you can solve. 337 00:16:08,680 --> 00:16:11,800 And I think the other elements, like we've been talking about 338 00:16:11,800 --> 00:16:14,760 this in the beginning for so long, it's like having a good 339 00:16:14,760 --> 00:16:19,120 inventory, having good visibility and that data 340 00:16:19,520 --> 00:16:23,760 element, like do you understand what these accounts, where the 341 00:16:23,760 --> 00:16:26,600 accounts are? And then what do they do? 342 00:16:26,600 --> 00:16:29,240 And some people get mad because they use the term accounts, but 343 00:16:29,560 --> 00:16:34,320 I don't really care. But here, So here's a question. 344 00:16:34,320 --> 00:16:39,440 So just I will say you read the most memorable statement from my 345 00:16:39,440 --> 00:16:44,640 perspective in like dinner verse 2025, which is you said access 346 00:16:44,640 --> 00:16:50,360 reviews are security theater. And I was like, holy cow, who 347 00:16:50,360 --> 00:16:54,000 goes to an identity conference, goes on stage and says that that 348 00:16:54,000 --> 00:16:58,720 takes some guts. But I, I kind of wonder, like, 349 00:16:58,800 --> 00:17:02,520 OK, you know, we have all this data now we know what is going 350 00:17:02,560 --> 00:17:05,040 on with the data. Don't you have to involve the 351 00:17:05,040 --> 00:17:07,560 user? So what is your perspective in 352 00:17:07,560 --> 00:17:11,560 terms of access reviews and what's their security theater? 353 00:17:12,040 --> 00:17:13,800 Yeah, No, thanks. I do believe that. 354 00:17:13,839 --> 00:17:18,200 Yeah, at scale, at large organizations, it's going to be 355 00:17:18,200 --> 00:17:20,839 more theatre than it is actually reducing risk. 356 00:17:20,839 --> 00:17:22,640 And yeah, you know, I kind of say that to get a little bit of 357 00:17:22,640 --> 00:17:23,720 attention and looks like it worked. 358 00:17:23,720 --> 00:17:25,240 So thanks for pointing that out, Jim. 359 00:17:25,640 --> 00:17:27,800 But, but let me explain that to your point. 360 00:17:27,800 --> 00:17:31,240 Let me unpack that a little bit. So just think about how much a 361 00:17:31,240 --> 00:17:33,880 company spends on performing an access review. 362 00:17:34,080 --> 00:17:36,720 Let's just say, you know, they have a team maybe cost 363 00:17:36,720 --> 00:17:38,840 $2,000,000 per year for that team to run. 364 00:17:38,880 --> 00:17:40,280 That just focuses on access reviews. 365 00:17:40,280 --> 00:17:44,880 OK, so 2,000,000 per year. And then you've got, let's say 366 00:17:44,880 --> 00:17:47,080 for, you know, an organization with 100,000 users, you've got 367 00:17:47,080 --> 00:17:51,880 10 1000 managers now that on a quarterly basis have to go into 368 00:17:51,960 --> 00:17:53,400 and perform these access reviews. 369 00:17:53,760 --> 00:17:55,280 So let's just say it takes them an hour. 370 00:17:55,640 --> 00:17:57,560 You know what, what's the value of somebody's time? 371 00:17:58,000 --> 00:18:01,760 Multiply that by by 10,000 four times per year. 372 00:18:02,320 --> 00:18:06,120 That's millions of dollars per year than an organization is 373 00:18:06,120 --> 00:18:08,560 spending on performing exact these access reviews. 374 00:18:08,960 --> 00:18:12,280 And so that's, that's the, you know, that's the the cost 375 00:18:12,280 --> 00:18:13,880 aspect. Now let's look at the return 376 00:18:13,880 --> 00:18:17,920 aspect. So if you don't have all that, 377 00:18:17,920 --> 00:18:20,040 you know, life cycle management, all that and stuff that we 378 00:18:20,040 --> 00:18:23,920 talked about a minute ago in terms of not great descriptions, 379 00:18:23,920 --> 00:18:25,440 you don't really know what this access does. 380 00:18:25,840 --> 00:18:28,400 How many managers are going to take the risk and say, yeah, I 381 00:18:28,400 --> 00:18:30,520 don't think he needs us anymore. So let me just revoke it. 382 00:18:30,800 --> 00:18:32,880 Well, then your, your team doesn't can't do their job 383 00:18:32,880 --> 00:18:35,680 anymore. So often times, and you can just 384 00:18:35,680 --> 00:18:38,760 look at your data, you know, what is the revoke rate for your 385 00:18:38,760 --> 00:18:42,040 access reviews? Is it just a couple percent per 386 00:18:42,080 --> 00:18:43,840 per cycle? So you've got a, you know, 387 00:18:43,840 --> 00:18:46,560 3,000,000 lines and and only, you know, a few, you know, a 388 00:18:46,560 --> 00:18:48,920 couple percent points of that was revoked. 389 00:18:49,320 --> 00:18:53,040 Is that really providing the risk reduction that you're 390 00:18:53,040 --> 00:18:55,160 looking for? Maybe it should be 10%, maybe 391 00:18:55,160 --> 00:18:57,320 should be 20%. I don't really know what that 392 00:18:57,320 --> 00:18:59,480 that threshold should be, but I know it's probably not one or 393 00:18:59,480 --> 00:19:02,120 2%. So that's where, you know, I say 394 00:19:02,120 --> 00:19:05,280 take a look, is the investment, is the money that you're putting 395 00:19:05,280 --> 00:19:08,480 into these access reviews, is it giving you the return, the risk 396 00:19:08,480 --> 00:19:09,720 reduction that you're looking for? 397 00:19:09,920 --> 00:19:11,840 Now, on the other side, we can't forget about audit and 398 00:19:11,840 --> 00:19:13,320 compliance. That is important. 399 00:19:13,600 --> 00:19:15,320 Yes, we want to make the investment. 400 00:19:15,320 --> 00:19:18,280 We need to be compliant. We need to pack, pass our access 401 00:19:18,280 --> 00:19:20,840 reviews, our audits. And so that's an important 402 00:19:20,840 --> 00:19:22,480 thing. So I would never say, oh, forget 403 00:19:22,480 --> 00:19:24,600 it, you know, don't do it. We don't need to do it anymore. 404 00:19:25,320 --> 00:19:29,320 But in terms of risk reduction, yeah, if we think these access 405 00:19:29,320 --> 00:19:33,440 reviews are truly reducing risk in some cases, I I would double 406 00:19:33,440 --> 00:19:37,240 check that. Yeah, Sante, you're, you're 407 00:19:37,240 --> 00:19:40,600 targeting the the whole idea behind it. 408 00:19:40,600 --> 00:19:43,120 It's the how's it actually approached? 409 00:19:43,120 --> 00:19:46,440 How's it actually done? Is it being done in an effective 410 00:19:46,440 --> 00:19:50,040 way? So given that I think you are in 411 00:19:50,040 --> 00:19:54,560 favor of identity governance and, and by the way, I'm just 412 00:19:54,560 --> 00:19:57,400 calling, I'm, I'm linking identity governance and access 413 00:19:57,400 --> 00:19:59,040 reviews. They are kind of linked. 414 00:19:59,200 --> 00:20:00,800 For. Sure, but it's not like the 415 00:20:00,800 --> 00:20:02,480 whole thing about identity coverage. 416 00:20:02,840 --> 00:20:04,320 Where do you take identity governance? 417 00:20:04,320 --> 00:20:06,240 How do you make it more effective? 418 00:20:06,520 --> 00:20:08,920 Fair. Yes, I love identity governance. 419 00:20:08,920 --> 00:20:12,000 That was really the focus of of my job and why I'm so passionate 420 00:20:12,000 --> 00:20:15,280 about the access reviews. So one, let me let's kind of 421 00:20:15,280 --> 00:20:18,160 like think about a, a whole new approach to access reviews. 422 00:20:18,160 --> 00:20:21,400 Again, not saying we stop what we're doing, but if we want to 423 00:20:21,400 --> 00:20:26,480 reduce risk, who is better to to know what access I need to do my 424 00:20:26,480 --> 00:20:30,920 job than me? Nobody I know when I need to do 425 00:20:30,920 --> 00:20:33,080 my job. And yes, maybe, maybe again, the 426 00:20:33,080 --> 00:20:35,480 descriptions aren't as great and different things, but I'm going 427 00:20:35,480 --> 00:20:37,920 to know more than my manager's going to know in terms of most 428 00:20:37,920 --> 00:20:41,480 in most cases what I need. So how do we one do a 429 00:20:41,480 --> 00:20:45,120 self-service access review? Doesn't have to be audited, 430 00:20:45,120 --> 00:20:49,520 doesn't have to, you know, be an artificial control, but then 431 00:20:49,520 --> 00:20:54,120 incentivize these employees to actually reduce the, the, the, 432 00:20:54,240 --> 00:20:56,080 the entitlements because then it'll be the same thing. 433 00:20:56,080 --> 00:20:57,120 We'll just rubber stamp everything. 434 00:20:57,120 --> 00:20:58,360 So you got to provide that incentive. 435 00:20:58,360 --> 00:21:01,840 And this was an idea of one of the, my team members on my team. 436 00:21:01,840 --> 00:21:03,640 She thought, you know, we were like talking about it. 437 00:21:03,640 --> 00:21:06,040 And she's like, oh, well, you know, get them to do it, give 438 00:21:06,040 --> 00:21:08,320 them an incentive. So you've got points, you know, 439 00:21:08,320 --> 00:21:10,080 some companies have these, you know, points systems. 440 00:21:10,080 --> 00:21:13,160 Give them 10 points for entitlement that they revoke 441 00:21:13,160 --> 00:21:14,720 her. If you could do cash, do cash, 442 00:21:14,720 --> 00:21:18,360 $5 for every entitlement and I bet you're going to have people 443 00:21:18,360 --> 00:21:20,480 that have been at the company a long, a long time that can go 444 00:21:20,480 --> 00:21:24,560 out and buy a brand new TV just by eliminating some of these 445 00:21:24,880 --> 00:21:29,880 these entitlements and now you are truly reducing the attack 446 00:21:29,880 --> 00:21:32,640 surface. So if one of those accounts gets 447 00:21:32,640 --> 00:21:36,360 fished, that attacker has less access than they would have 448 00:21:36,680 --> 00:21:38,000 before you had did that exercise. 449 00:21:39,840 --> 00:21:43,360 This idea of gamification is something that I've, I've been 450 00:21:43,360 --> 00:21:45,080 a, a fan of for a very long time. 451 00:21:45,080 --> 00:21:47,840 I remember when I was first rolling out self-service 452 00:21:47,840 --> 00:21:52,400 password reset a few decades ago at this point, and we were not 453 00:21:52,400 --> 00:21:55,240 getting the, you know, the, the number of enrollments and 454 00:21:55,240 --> 00:21:57,680 registrations that we wanted. It was kind of languishing 455 00:21:57,680 --> 00:22:00,760 despite us doing, you know, communications and emails and 456 00:22:00,760 --> 00:22:01,880 stuff like that. And this would have been like 457 00:22:01,880 --> 00:22:05,440 late 2000s, I would say. And so I don't remember who came 458 00:22:05,440 --> 00:22:08,040 up with it, but you know, we had a team and it was like, all 459 00:22:08,040 --> 00:22:11,400 right, let's give away an iPad. So this is when iPads first came 460 00:22:11,400 --> 00:22:13,000 out. Yeah, I think at that point 461 00:22:13,000 --> 00:22:14,800 there were $400.00 or whatever it was, right? 462 00:22:15,360 --> 00:22:17,880 So I was like, all right, let's give away an iPad and anybody 463 00:22:17,880 --> 00:22:21,600 who is registered in our self-service password system 464 00:22:21,960 --> 00:22:25,520 basically has an entry in the system and would be raveled off. 465 00:22:26,160 --> 00:22:29,360 And we went from something like 30% enrollment and we gave it 466 00:22:29,360 --> 00:22:31,800 1/4 just to kind of get the message out there and get people 467 00:22:31,800 --> 00:22:33,920 rolling. And by the end of a 1/4, we had 468 00:22:33,920 --> 00:22:38,200 gotten up over like 90% enrollments just for $400.00 469 00:22:38,200 --> 00:22:40,840 iPad. The best money that we spent in 470 00:22:40,840 --> 00:22:44,920 $1,000,000 IAM program was a $400.00 iPad to drive awareness 471 00:22:44,920 --> 00:22:47,160 and incentivize people to like to do it. 472 00:22:48,200 --> 00:22:50,040 So yeah, you're totally right. You know, there's lots of points 473 00:22:50,040 --> 00:22:52,080 system stuff like that. I mean, my mom used to give us 474 00:22:52,080 --> 00:22:53,680 points when we're growing up. I don't know when I'm going to 475 00:22:53,680 --> 00:22:56,240 be able to cash those in, but I must have a zillion points at 476 00:22:56,240 --> 00:22:59,320 this point. Jeff forgot to mention that and 477 00:22:59,320 --> 00:23:01,320 it's a great iPad. He still has it. 478 00:23:03,640 --> 00:23:07,320 If you know me, you know that I, I, I I enjoy the finer things in 479 00:23:07,320 --> 00:23:10,760 life and tend to rotate my equipment on a yearly basis. 480 00:23:10,760 --> 00:23:13,000 But I think. And I know you and I know you 481 00:23:13,000 --> 00:23:16,400 wouldn't do that and take the the integrity out of it. 482 00:23:18,160 --> 00:23:19,840 I was actually wondering, Anthony. 483 00:23:19,840 --> 00:23:24,800 So let's stay in this identity governance lane and one of the 484 00:23:24,800 --> 00:23:28,200 other areas that gets talked about in terms of being ripe for 485 00:23:28,560 --> 00:23:30,480 revolution. And by the way, I love your 486 00:23:30,480 --> 00:23:33,880 idea. Not only on the giveaway, but 487 00:23:34,120 --> 00:23:37,280 having people or the gingification, but having people 488 00:23:37,640 --> 00:23:42,680 do their own reviews. And it kind of like flies in the 489 00:23:42,680 --> 00:23:47,360 face of or it, it's like a revolutionary idea and like why 490 00:23:47,360 --> 00:23:49,960 can't we have kind of these big ideas? 491 00:23:51,040 --> 00:23:54,680 The industry's having a big idea right now, which is that maybe 492 00:23:54,680 --> 00:23:57,400 RBAC isn't all it's cracked up to be. 493 00:23:57,720 --> 00:24:01,080 And I'm wondering, where do you stand on our back? 494 00:24:01,760 --> 00:24:04,680 Yeah, No, I, I definitely have some thoughts on that before we 495 00:24:04,680 --> 00:24:06,960 go there though. And if I can go back to access 496 00:24:06,960 --> 00:24:09,000 reviews because I want to share a little bit more about how do 497 00:24:09,000 --> 00:24:10,640 we make access reviews successful? 498 00:24:10,920 --> 00:24:13,680 Because yes, maybe they're a little bit of theater and and 499 00:24:13,680 --> 00:24:15,880 maybe we have some other approaches that we can kind of 500 00:24:16,400 --> 00:24:19,920 take care of reducing risk other ways, but still got to do an 501 00:24:19,920 --> 00:24:21,400 access review. How do you make a successful 502 00:24:21,400 --> 00:24:23,760 and, and early in the days when and I was kind of talking about 503 00:24:23,760 --> 00:24:27,800 my first experience, we really struggled and one people weren't 504 00:24:27,800 --> 00:24:30,280 even completing the reviews is, you know, you go in, you send 505 00:24:30,280 --> 00:24:34,040 out the emails, you get what, 70% response, 50% response. 506 00:24:34,240 --> 00:24:37,640 So if you're struggling with that, your is a really fun trick 507 00:24:37,640 --> 00:24:40,360 that we learned and is it's people's human nature when you 508 00:24:40,360 --> 00:24:44,840 give them a due date to wait until that due date to take the 509 00:24:44,840 --> 00:24:47,000 action. So we would send the e-mail, 510 00:24:47,000 --> 00:24:49,680 we'd say you've got 30 days to perform this access review. 511 00:24:49,840 --> 00:24:51,760 We'd give them the 30 days and then guess what? 512 00:24:51,760 --> 00:24:54,120 How many people do you think completed those access reviews 513 00:24:54,160 --> 00:24:57,440 in those 30 days? Very few people, they waited and 514 00:24:57,440 --> 00:25:00,200 then you got to the deadline and then oops, I ran out of time. 515 00:25:00,200 --> 00:25:01,920 I got other priorities, not going to do it. 516 00:25:01,920 --> 00:25:04,040 And then you know, and it was a little bit messy. 517 00:25:04,360 --> 00:25:08,360 So our approach was a couple of different things #1 as soon as 518 00:25:08,360 --> 00:25:12,040 possible, no deadline, do not give people a deadline when it's 519 00:25:12,040 --> 00:25:14,240 urgent. And it's important is say this 520 00:25:14,240 --> 00:25:15,640 has to be done as soon as possible. 521 00:25:15,760 --> 00:25:18,560 And then we'd set, we drill them with e-mail, we do three 522 00:25:18,560 --> 00:25:21,840 different emails every other day and they would get those, those, 523 00:25:21,840 --> 00:25:24,360 those emails. So it within one week. 524 00:25:24,360 --> 00:25:27,480 Now we went from, you know, not great response in 30 days to now 525 00:25:28,160 --> 00:25:31,000 90% responsiveness within the first one week. 526 00:25:31,760 --> 00:25:33,600 So that was a huge, huge transition. 527 00:25:33,720 --> 00:25:35,640 And then number 2 is on the second week. 528 00:25:35,640 --> 00:25:38,800 That's when we start escalating and we'll copy people's manager. 529 00:25:39,000 --> 00:25:41,480 And now the manager will say, oh, OK, yeah, maybe, you know, 530 00:25:41,480 --> 00:25:43,640 the person's out of the office. Maybe they, you know, really are 531 00:25:43,640 --> 00:25:45,200 doing it for their priorities, you know, whatever. 532 00:25:45,200 --> 00:25:46,600 It doesn't matter what what the issue is. 533 00:25:46,600 --> 00:25:49,480 And now the managers out motivate their their team 534 00:25:49,480 --> 00:25:50,920 members. But it's, you know, tiny subset. 535 00:25:50,920 --> 00:25:54,160 It's 10% of of of the total population. 536 00:25:54,160 --> 00:25:57,240 And then by the time we get to that 10 day mark, we're at 99%. 537 00:25:57,240 --> 00:25:58,960 And then, yeah, you know, we're just going to, you know, 538 00:25:58,960 --> 00:26:01,600 message, direct message people, you know, figure out people are 539 00:26:01,800 --> 00:26:04,280 reassigned, different things like that, get that last 1%. 540 00:26:04,600 --> 00:26:06,280 But that was that was a big thing for us. 541 00:26:06,360 --> 00:26:09,440 And then really improving the communications is giving them 542 00:26:09,440 --> 00:26:11,640 the right information. So, you know, instead of getting 543 00:26:11,640 --> 00:26:14,360 this kind of cryptic e-mail, I get all the instructions. 544 00:26:14,360 --> 00:26:16,840 I get one click, boom, I'm in and I see the instructions in 545 00:26:16,840 --> 00:26:18,920 the e-mail. Very simple to understand. 546 00:26:18,920 --> 00:26:20,880 Do that communication to leadership. 547 00:26:21,120 --> 00:26:24,280 So now they can get reports on a daily basis to say to track, you 548 00:26:24,280 --> 00:26:27,040 know, their team, you know, by leader who you know, who on my 549 00:26:27,040 --> 00:26:29,360 team is getting it done and who's not getting it done. 550 00:26:29,600 --> 00:26:33,760 They're really just data key performance indicators and 551 00:26:33,760 --> 00:26:38,360 communication was was what made it made our transitions from not 552 00:26:38,360 --> 00:26:41,840 so successful access reviews to very successful access reviews. 553 00:26:42,440 --> 00:26:43,600 All right. Now, Jim, to get to your 554 00:26:43,600 --> 00:26:45,200 question on role based access controls. 555 00:26:45,200 --> 00:26:47,240 Let me button there for a second though, because please, Jeff, 556 00:26:47,400 --> 00:26:50,800 one of the things that I think a lot of people struggle with is 557 00:26:51,080 --> 00:26:52,960 access reviews and getting a response. 558 00:26:53,480 --> 00:26:57,360 So I, I have to imagine, you know, myself included, we've all 559 00:26:57,360 --> 00:27:01,000 tried sending a bunch of emails and saying do this and then they 560 00:27:01,000 --> 00:27:04,080 don't do it or they rubber stamp it and it's like not an 561 00:27:04,080 --> 00:27:05,960 effective, you know, it's security theatre at that point. 562 00:27:05,960 --> 00:27:10,120 Kind of to your point, right, how you have to have some sort 563 00:27:10,120 --> 00:27:15,720 of carrot and, or stick or maybe both for that e-mail to be taken 564 00:27:15,720 --> 00:27:18,920 seriously. What is some tips or guidance 565 00:27:18,920 --> 00:27:21,680 to, you know, to get that? Because I think a lot of people 566 00:27:21,680 --> 00:27:23,600 struggle with this. You know, myself included when I 567 00:27:23,600 --> 00:27:26,200 was doing this was like, I can send as many emails as I want, 568 00:27:26,360 --> 00:27:29,440 but short of me walking over their desk, getting them in a 569 00:27:29,440 --> 00:27:31,400 headlock and make them sit at their computer and make a 570 00:27:31,400 --> 00:27:35,080 decision, yeah, people just don't do it. 571 00:27:35,640 --> 00:27:38,000 Or they find other reasons or excuses not to do it. 572 00:27:38,000 --> 00:27:41,520 Or worse, they rubber stand it. Which is a real problem, yeah, 573 00:27:41,640 --> 00:27:43,840 yeah, I've done all those things minus the head headlock. 574 00:27:43,920 --> 00:27:45,480 So. But I thought that would be just 575 00:27:45,480 --> 00:27:48,280 as effective, aggressive. Negotiations is what I will tell 576 00:27:48,280 --> 00:27:49,280 you about. That's better. 577 00:27:50,800 --> 00:27:54,560 Yeah. So the for us, it was making the 578 00:27:54,840 --> 00:27:59,520 the e-mail very clear, helping people understand what's in it 579 00:27:59,520 --> 00:28:03,280 for me or why is this important and kind of building that on the 580 00:28:03,280 --> 00:28:07,200 culture. So we made it very clear you are 581 00:28:07,200 --> 00:28:11,280 responsible for the enterprise's security, you are responsible 582 00:28:11,280 --> 00:28:13,640 for the enterprise's audit and compliance. 583 00:28:14,000 --> 00:28:17,800 And here's how you can help. And then so we communicate that. 584 00:28:17,800 --> 00:28:21,320 And then we just try to really communicate how we hear people 585 00:28:21,520 --> 00:28:24,080 like, yes, we know this is not the greatest experience. 586 00:28:24,080 --> 00:28:25,880 We hear you. Here's the changes that we make 587 00:28:26,120 --> 00:28:29,840 or hey, we have bi weekly or twice per week lunch and learns 588 00:28:30,080 --> 00:28:32,440 where you get this e-mail. And if you don't understand what 589 00:28:32,440 --> 00:28:35,400 you're doing, click this Webex at this time and boom, you'll 590 00:28:35,400 --> 00:28:37,600 join and you'll we'll help you. We'll walk you through it. 591 00:28:37,880 --> 00:28:42,320 So it's really more support, more hands on approach where 592 00:28:42,320 --> 00:28:45,280 people can come for the help. So they're not just kind of 593 00:28:46,400 --> 00:28:48,360 frustrated where they're going in, they're trying to figure it 594 00:28:48,360 --> 00:28:50,240 out, can't figure it out and don't know what to do. 595 00:28:50,440 --> 00:28:53,160 And then now to your point, it's you have to go track them down. 596 00:28:53,640 --> 00:28:56,400 We're giving them the avenue, the communication, the channel 597 00:28:56,400 --> 00:29:00,280 to come find us and remake it easy, easier and easier for them 598 00:29:00,280 --> 00:29:01,800 to find us. But then to, you know, more 599 00:29:01,800 --> 00:29:04,680 importantly, just to be able to get it done on on the first try. 600 00:29:04,920 --> 00:29:08,600 For example, investing a lot in improving our descriptions. 601 00:29:08,880 --> 00:29:10,800 And that's time intensive. You have to go to the 602 00:29:10,800 --> 00:29:13,200 application team, you have to ask them what it does. 603 00:29:13,200 --> 00:29:15,320 You say, no, that's not a great description. 604 00:29:15,320 --> 00:29:17,360 Let's make it a little bit more user friendly. 605 00:29:17,600 --> 00:29:20,040 Doing all those things that that takes time, but that really pays 606 00:29:20,040 --> 00:29:22,560 dividends because now as a manager, you see, Oh yeah, I 607 00:29:22,560 --> 00:29:24,840 know what this does. Easy, easy decision. 608 00:29:24,840 --> 00:29:27,680 Yes or no versus I have no idea what this does. 609 00:29:27,840 --> 00:29:32,680 Rubber stamp. So now my RBAC question. 610 00:29:32,960 --> 00:29:34,480 OK, yeah, let's let's get to RBAC. 611 00:29:35,480 --> 00:29:39,640 So RBAC very just like a lot of governance is complex. 612 00:29:40,280 --> 00:29:43,320 And when you start small and you're like, Oh yeah, this 613 00:29:43,320 --> 00:29:44,880 should be simple. Let's let's do this. 614 00:29:44,880 --> 00:29:47,480 Let's you know, for example, give anybody the ability to 615 00:29:47,480 --> 00:29:50,280 request a role. Sounds like it won't be a big 616 00:29:50,280 --> 00:29:52,680 deal. But then a few years later 617 00:29:52,760 --> 00:29:58,640 you've got 15,000 rolls and some of those roles have the same 618 00:29:58,640 --> 00:30:01,080 entitlements, some of those roles have only one or two 619 00:30:01,080 --> 00:30:04,200 entitlements and you've just got a mess on your hands that the 620 00:30:04,200 --> 00:30:06,400 people that requested them are long gone. 621 00:30:06,680 --> 00:30:09,440 So it's a life cycle management problem there. 622 00:30:09,440 --> 00:30:11,400 And, and, and that's not scalable. 623 00:30:11,400 --> 00:30:15,680 So opening it up like that and kind of letting it be just no 624 00:30:15,680 --> 00:30:18,080 standards, you know, no, you know, anybody can do what they 625 00:30:18,080 --> 00:30:19,880 want. That's not going to work. 626 00:30:20,000 --> 00:30:21,840 And, and we, you know, discovered that the hard way. 627 00:30:21,840 --> 00:30:24,320 So what can you do instead if you want to do roles? 628 00:30:24,320 --> 00:30:26,800 Because you know, the question is, what's the value of roles? 629 00:30:26,800 --> 00:30:30,320 Well, going to access reviews, if I could review, you know, 5 630 00:30:30,320 --> 00:30:33,400 roles versus 100 individual entitlements, that's going to be 631 00:30:33,400 --> 00:30:35,200 a lot quicker. So there's value there. 632 00:30:35,200 --> 00:30:38,240 And if I'm being on boarded and I only need to request a couple 633 00:30:38,240 --> 00:30:40,720 different roles and instead of, you know, again, hundreds of 634 00:30:40,720 --> 00:30:43,400 entitlements, there's value there, you know, that the person 635 00:30:43,400 --> 00:30:46,840 can do their job much quicker. So there is definitely value in 636 00:30:46,840 --> 00:30:51,000 roles, but now we want to choose, OK, how do we simplify 637 00:30:51,000 --> 00:30:54,520 it and choosing just a good structure and it could be 638 00:30:54,520 --> 00:30:56,320 anything. For example, you could choose 639 00:30:56,320 --> 00:30:58,240 the structure at the senior leadership level. 640 00:30:58,240 --> 00:31:00,520 You probably don't want to get down to the individual manager 641 00:31:00,520 --> 00:31:02,480 level because you know, if it's a large enterprise, again, 642 00:31:02,480 --> 00:31:03,720 you're going to have the same problem. 643 00:31:03,920 --> 00:31:06,120 But maybe at the senior leadership level, OK, the senior 644 00:31:06,120 --> 00:31:08,520 leader for all his team gets, gets this role. 645 00:31:08,520 --> 00:31:11,240 And yes, it's not going to be everything for everyone, but it 646 00:31:11,240 --> 00:31:13,560 might solve some basic problems. Or you could do it at the 647 00:31:13,560 --> 00:31:15,040 project level. This is going to be a three-year 648 00:31:15,040 --> 00:31:16,920 project. This is everything in the 649 00:31:16,920 --> 00:31:19,840 project that you need the, you know, different shared folders 650 00:31:19,840 --> 00:31:22,200 and such. Anybody who joins that project, 651 00:31:22,200 --> 00:31:24,120 it's the role and, and that's pretty simple. 652 00:31:24,120 --> 00:31:25,520 Or you could do it at the application level. 653 00:31:25,720 --> 00:31:28,040 Instead of having to request 5 different entitlements or global 654 00:31:28,040 --> 00:31:30,920 groups for an application. You're this job, you need to do 655 00:31:30,920 --> 00:31:33,360 this function, you get the, you know, get this role. 656 00:31:33,360 --> 00:31:37,480 And, and so that is how I would recommend implementing it and 657 00:31:37,480 --> 00:31:41,000 keeping it much more simple and laid back and not trying to give 658 00:31:41,000 --> 00:31:43,440 everybody everything they need. Just enrolls. 659 00:31:43,440 --> 00:31:46,040 You're going to have to still go outside of roles, but if you can 660 00:31:46,040 --> 00:31:49,000 kind of do the mass and then ROLS, I think you can find the 661 00:31:49,000 --> 00:31:53,480 nice balance of value there. Yeah, it seems like you're 662 00:31:53,560 --> 00:31:56,360 you're applying like a pragmatism to it as well, which 663 00:31:56,360 --> 00:31:59,280 is why I love having practitioners on the show, 664 00:31:59,280 --> 00:32:04,200 because it's taking the theory and then taking the reality and 665 00:32:04,200 --> 00:32:06,880 mushing them together and figuring out what works. 666 00:32:07,320 --> 00:32:11,600 But I mean there, there are advances in the technology and 667 00:32:11,600 --> 00:32:15,360 when those advances come along, I think it's our job to kind of 668 00:32:15,360 --> 00:32:17,800 consider them and how can we work them in. 669 00:32:17,920 --> 00:32:20,560 What do you think of kind of some of the newer approaches 670 00:32:20,560 --> 00:32:25,920 like P back and not really new, but a back like where, how do 671 00:32:25,920 --> 00:32:29,240 you fit those into an enterprise identity governance program? 672 00:32:29,560 --> 00:32:31,520 Yeah, I think, I think you could, you could kind of pick 673 00:32:31,520 --> 00:32:34,040 and choose which approach you want to take or you can kind of 674 00:32:34,040 --> 00:32:36,360 do a hybrid model. Yeah, that attribute based 675 00:32:36,360 --> 00:32:37,960 access control. I really like that. 676 00:32:38,000 --> 00:32:40,120 And I think some of the new identity governance tools are 677 00:32:40,120 --> 00:32:43,480 trying to build on that and, and I think that has a lot of 678 00:32:43,480 --> 00:32:45,680 potential. And you know, the use case there 679 00:32:45,680 --> 00:32:49,840 is based on all the attributes that I come into a company with 680 00:32:49,920 --> 00:32:55,720 location, team manager, job title, all kinds of different 681 00:32:55,720 --> 00:32:58,160 attributes. Based on those attributes, I'm 682 00:32:58,160 --> 00:33:01,120 going to automatically get the access that I need to do my job. 683 00:33:01,320 --> 00:33:06,080 Now here's the question, just like RBAC that requires rules. 684 00:33:06,160 --> 00:33:10,920 So who is going to manage the rules that that automates that 685 00:33:10,920 --> 00:33:13,600 those settings and and who's going to be responsible for 686 00:33:13,600 --> 00:33:16,240 that? So I think at scale, again, if 687 00:33:16,240 --> 00:33:18,280 you, if you try to, you know, complicate it and just say, Oh 688 00:33:18,280 --> 00:33:19,760 yeah, everybody's going to get everything they need 689 00:33:19,760 --> 00:33:23,560 automatically everywhere. Don't know if that's going to be 690 00:33:23,560 --> 00:33:25,840 scalable or if you're going to be able to implement that and 691 00:33:25,840 --> 00:33:29,000 maintain the life cycle of that on a large enterprise. 692 00:33:29,000 --> 00:33:30,640 So I think you'll kind of see similar issues. 693 00:33:31,840 --> 00:33:34,280 So I am on record as not being a fan of RBAC. 694 00:33:34,280 --> 00:33:36,800 I think it's a big quagmire that a lot of companies struggle 695 00:33:36,800 --> 00:33:39,520 with. I am a big fan however, of 696 00:33:39,520 --> 00:33:42,560 attribute based and policy based because I feel like those are 697 00:33:42,560 --> 00:33:46,800 easier to start with. But it goes back to almost the 698 00:33:46,800 --> 00:33:48,440 first topic you talked about, which was data. 699 00:33:48,920 --> 00:33:51,360 You have to have good data to do any of this, but it is 700 00:33:51,360 --> 00:33:54,440 especially important for attribute and policy based 701 00:33:54,440 --> 00:33:57,440 access controls which rely on data to make those decisions. 702 00:33:57,440 --> 00:33:59,800 So what happens if I don't have data? 703 00:33:59,800 --> 00:34:03,880 Am I stuck or can I use at least what I have and and hope that 704 00:34:03,880 --> 00:34:06,080 it's good? Like where would you start if 705 00:34:06,080 --> 00:34:08,520 you were just joining an organization and you're like, 706 00:34:08,520 --> 00:34:12,239 OK, how do we, how do we fix authorizations and try to get 707 00:34:12,239 --> 00:34:14,400 them managed from a, from a life cycle standpoint? 708 00:34:15,120 --> 00:34:18,719 Yeah, no, it starts with the data and and you know, 709 00:34:18,719 --> 00:34:21,000 integration and understanding the data. 710 00:34:21,040 --> 00:34:24,199 So let's start with provisioning as an example. 711 00:34:24,199 --> 00:34:26,400 You can use that should be based, you can use RBAC. 712 00:34:27,199 --> 00:34:30,719 But if those applications aren't fully integrated and you have 713 00:34:30,719 --> 00:34:34,360 people, humans that are getting a ticket from your request 714 00:34:34,360 --> 00:34:37,280 system and then you're waiting 10 days and then that person 715 00:34:37,280 --> 00:34:40,000 gets the ticket and then they go and they provision that access. 716 00:34:40,679 --> 00:34:42,360 There's going to be problems. They're going to maybe 717 00:34:42,360 --> 00:34:44,719 accidentally, you know, provision the wrong thing, you 718 00:34:44,719 --> 00:34:46,639 know, the baby, they'll forget, they'll miss the ticket. 719 00:34:46,639 --> 00:34:48,440 Maybe when somebody's terminated, that ticket won't 720 00:34:48,440 --> 00:34:50,360 get processed in time. And now you've got, you know, 721 00:34:50,360 --> 00:34:53,120 access that that is, is there for too long. 722 00:34:53,800 --> 00:34:56,080 We need to integrate those applications and we need to get 723 00:34:56,080 --> 00:34:59,040 those data that that automate that provisioning and that 724 00:34:59,040 --> 00:35:01,040 termination process. And then Jeff, that kind of gets 725 00:35:01,040 --> 00:35:03,200 to your, your question on where do we start? 726 00:35:03,200 --> 00:35:06,040 Well, now if you have all these provisioners that no longer need 727 00:35:06,040 --> 00:35:09,040 to do provisioning, now you've got a army of people that can go 728 00:35:09,040 --> 00:35:12,080 after the data. And I think that's where we can 729 00:35:12,080 --> 00:35:16,440 kind of make that transition is 1 integrate systems so that 730 00:35:16,440 --> 00:35:21,880 we're getting the data feeds #2 leverage those people to improve 731 00:35:21,880 --> 00:35:26,120 the quality of that data. And then now you've got the, the 732 00:35:26,120 --> 00:35:28,440 two things that you need in place, the automation and 733 00:35:28,440 --> 00:35:31,720 integration and the data quality to implement any of these rules 734 00:35:31,720 --> 00:35:34,800 that you want to implement, whether it's a back R back, you 735 00:35:34,800 --> 00:35:38,240 know, authorization, just in time authorization, all kinds of 736 00:35:38,240 --> 00:35:41,040 different capabilities that rely on the data and automation. 737 00:35:41,880 --> 00:35:43,360 Now you've got that that problem solved. 738 00:35:44,840 --> 00:35:50,440 So when are you done with roles? Can you be done with roles or 739 00:35:50,680 --> 00:35:54,640 when do you call it done? Is it 80% of my access is a role 740 00:35:54,640 --> 00:35:56,960 or an attribute based bundle or some sort? 741 00:35:57,320 --> 00:36:00,760 Is it 50% 'cause I'll give you my my hot take is I don't think 742 00:36:00,760 --> 00:36:03,600 you're ever done and I don't know if 100% is actually 743 00:36:03,600 --> 00:36:05,360 realistic. Right, Yeah. 744 00:36:05,360 --> 00:36:08,600 And I think you can apply that same thought process to just 745 00:36:08,600 --> 00:36:13,160 about any identity governance approach is you are never going 746 00:36:13,160 --> 00:36:16,080 to be done 'cause as long as there's people coming in and out 747 00:36:16,080 --> 00:36:19,560 of your company and you've got new owners for non human 748 00:36:19,560 --> 00:36:23,080 identities or for roles or for entitlements, you've got new 749 00:36:23,080 --> 00:36:26,200 applications coming in. It is never going to be done. 750 00:36:26,200 --> 00:36:28,760 You're always going to be making changes. 751 00:36:28,760 --> 00:36:32,560 So that's why having the foundation of a life cycle 752 00:36:32,560 --> 00:36:36,360 process, a system in place that's going to manage all of 753 00:36:36,360 --> 00:36:39,560 your identity assets, everything this, you know, very similar 754 00:36:39,560 --> 00:36:43,920 process for all of these things where it's easy for if I leave 755 00:36:43,920 --> 00:36:46,600 the company who who's going to, you know, take ownership of 756 00:36:46,600 --> 00:36:48,280 that? All that stuff is very easy, 757 00:36:48,280 --> 00:36:50,400 very well communicated, automated. 758 00:36:50,720 --> 00:36:52,440 So yeah, Jeff, you're right, it's never done. 759 00:36:52,440 --> 00:36:55,760 You're always going to be changing things and but you can 760 00:36:55,760 --> 00:36:57,480 build life cycle and process that. 761 00:36:57,480 --> 00:37:00,040 That can really simplify it. You know, I've seen the term 762 00:37:00,040 --> 00:37:02,960 roles choose to mean so many different things at different 763 00:37:02,960 --> 00:37:08,640 organizations all the way from, you know, very vendor specific 764 00:37:08,640 --> 00:37:12,840 definitions to just talk about director groups, you call them 765 00:37:12,840 --> 00:37:17,280 roles or applications calling their specific entitlements 766 00:37:17,280 --> 00:37:19,880 roles. So I think that's one of the 767 00:37:19,880 --> 00:37:24,720 things that as an industry, you know, we that term gets turned 768 00:37:24,720 --> 00:37:26,360 around to me in so many different things. 769 00:37:26,880 --> 00:37:31,680 But one of the, the things that, what I found a lot is that a lot 770 00:37:31,680 --> 00:37:36,280 of organizations strive to get to 1 roll per person. 771 00:37:36,520 --> 00:37:39,920 And then essentially what you wind up having is if you have 772 00:37:40,520 --> 00:37:43,800 2500 employees, you have 2500 rolls. 773 00:37:44,320 --> 00:37:46,600 It's like, what's the point? No point. 774 00:37:47,360 --> 00:37:50,280 There's no point, right? But we have roles. 775 00:37:51,200 --> 00:37:52,400 Right, yes. So there you go. 776 00:37:52,600 --> 00:37:54,120 We we have roles and we're like access. 777 00:37:54,120 --> 00:37:55,720 Reviews. We could say we got it. 778 00:37:57,080 --> 00:37:59,520 So I want to kind of string along this part of the 779 00:37:59,520 --> 00:38:02,240 conversation and get into more of the authoritative source 780 00:38:02,240 --> 00:38:04,560 things because they think this is kind of important for 781 00:38:04,560 --> 00:38:06,920 anything that we're going to do around authorizations and life 782 00:38:06,920 --> 00:38:10,560 cycle is how do we know where the data is coming from? 783 00:38:10,600 --> 00:38:13,960 What is the authoritative source for humans? 784 00:38:14,400 --> 00:38:15,920 And then when you talk about humans or we talk about 785 00:38:15,920 --> 00:38:18,960 employees or we talking about non employees like contractors 786 00:38:18,960 --> 00:38:20,160 or vendors. Or. 787 00:38:20,560 --> 00:38:24,000 Customers or patients or XYZ, right? 788 00:38:24,000 --> 00:38:25,440 There's a whole bunch of personas out there. 789 00:38:26,800 --> 00:38:30,080 I think generally speaking most companies do a pretty good job 790 00:38:30,080 --> 00:38:34,600 of managing their people. We're still a lot stumble, but I 791 00:38:34,600 --> 00:38:38,400 think it is getting better is the non employees of an 792 00:38:38,400 --> 00:38:42,520 organization typically are not as well managed. 793 00:38:42,520 --> 00:38:44,720 They may not be in the same system, they may not be in a 794 00:38:44,720 --> 00:38:47,520 system at all. They might just live in an ad 795 00:38:47,520 --> 00:38:49,280 hoc spreadsheet. I've kind of seen it all at this 796 00:38:49,280 --> 00:38:51,640 point. Where do you come down on this? 797 00:38:51,880 --> 00:38:54,240 This one of the holy wars we've had for a very long time, 798 00:38:54,240 --> 00:38:56,920 especially in the IGA world, is what is the authoritative source 799 00:38:56,920 --> 00:39:00,840 for all of our humans? Should it be the HR platform? 800 00:39:01,200 --> 00:39:03,000 Should it be a a neutral platform? 801 00:39:03,000 --> 00:39:05,160 Should it be like maybe the identity government's system? 802 00:39:05,160 --> 00:39:07,840 Maybe that's the source? Like where do you fall into sort 803 00:39:07,840 --> 00:39:11,560 of that human versus or sorry, not human employee versus non 804 00:39:11,560 --> 00:39:13,560 employee? And then the extension of that 805 00:39:13,560 --> 00:39:16,360 question obviously gets into, OK, so now we've got non human 806 00:39:16,360 --> 00:39:19,520 identities. Where do we source those from? 807 00:39:20,080 --> 00:39:22,760 Yeah, yeah, a couple, couple layers there. 808 00:39:23,280 --> 00:39:26,960 First, that is important because you know, employees, you know, 809 00:39:26,960 --> 00:39:30,240 most companies are going to vet the people, the identity 810 00:39:30,240 --> 00:39:32,120 proofing themselves and they probably have a really good 811 00:39:32,120 --> 00:39:36,320 system And so they can rely on I'm hiring Jim McDonald and, and 812 00:39:36,320 --> 00:39:39,240 I know that when you're comes comes to contractors, often 813 00:39:39,240 --> 00:39:42,400 times we're relying on third parties to do that background 814 00:39:42,400 --> 00:39:46,000 check and that vetting. And haven't we seen a growth in 815 00:39:46,000 --> 00:39:49,640 laptop farms where we've got people from North Korea that are 816 00:39:49,640 --> 00:39:53,880 actually getting jobs in U.S. companies and their laptops are, 817 00:39:53,880 --> 00:39:57,160 are somewhere physically in the US, but the person is actually 818 00:39:57,160 --> 00:39:58,840 not who we, we think that they are. 819 00:39:59,000 --> 00:40:01,920 That's happening in real life. And so that is, that's a real 820 00:40:01,920 --> 00:40:04,880 scary thing because now, now they have access and, and 821 00:40:04,880 --> 00:40:06,200 they're acting like a normal employee. 822 00:40:06,200 --> 00:40:10,000 It's really hard to detect. After that, So yes, So what your 823 00:40:10,000 --> 00:40:12,240 question is very important because of that as one one 824 00:40:12,240 --> 00:40:16,480 example as an attack factor. So in my opinion, I like one 825 00:40:16,480 --> 00:40:20,200 source for all of people and you know, some sort of like a work 826 00:40:20,200 --> 00:40:22,320 day platform or, you know, whatever kind of platform that 827 00:40:22,320 --> 00:40:24,880 you want to use. And you can have different 828 00:40:24,920 --> 00:40:26,640 points of entry though, for example. 829 00:40:26,640 --> 00:40:28,800 So you know, for work day, you've got, you know, you can 830 00:40:28,800 --> 00:40:32,440 have your employees coming in and then for contractors, you 831 00:40:32,440 --> 00:40:34,840 can have them coming in through requested through a completely 832 00:40:34,840 --> 00:40:37,920 different platform, but they're going to live in in the same 833 00:40:37,920 --> 00:40:42,200 source of truth and and that will get fed into your identity 834 00:40:42,200 --> 00:40:43,920 governance platform with different attributes. 835 00:40:43,920 --> 00:40:45,600 So you can kind of tell, tell the difference. 836 00:40:46,120 --> 00:40:48,280 And then I want to build on that when it comes to, you know, we 837 00:40:48,280 --> 00:40:52,280 talked about source of truth. Applications are your source of 838 00:40:52,280 --> 00:40:55,560 truth when it comes to who has access to what, Because now 839 00:40:55,560 --> 00:40:57,880 that's important because if you know, you need to make a 840 00:40:57,880 --> 00:41:00,680 decision, well, who has access to this application or who has 841 00:41:00,680 --> 00:41:03,240 administrative access, you know, the only way you're going to 842 00:41:03,240 --> 00:41:06,360 know who has the risky access, you know, where the, you know, 843 00:41:06,360 --> 00:41:09,000 you want to make that investment of what you want to protect, the 844 00:41:09,000 --> 00:41:11,360 access you want to protect and the people and the accounts that 845 00:41:11,360 --> 00:41:13,400 you want to protect is you need to know what they have access 846 00:41:13,400 --> 00:41:15,880 to. So that starts with the source 847 00:41:15,880 --> 00:41:18,200 of truth, which is the application or Active Directory 848 00:41:18,200 --> 00:41:21,000 or the servers. And then I kind of 849 00:41:21,000 --> 00:41:22,960 differentiate, maybe we could use different terms, the 850 00:41:22,960 --> 00:41:26,760 authoritative source, which is really where you aggregate all 851 00:41:26,760 --> 00:41:28,840 that information. And I want my identity 852 00:41:28,840 --> 00:41:32,160 governance platform to be an authoritative source. 853 00:41:32,760 --> 00:41:35,440 And in order for that to happen, that means I need to have good 854 00:41:35,520 --> 00:41:38,120 data feeds, good integration in into there. 855 00:41:38,120 --> 00:41:39,640 And I'll just give you one example. 856 00:41:40,080 --> 00:41:43,960 What what we've done is a lot of you know, like is the first 857 00:41:43,960 --> 00:41:46,440 thing you want is you want integration, you want automation 858 00:41:46,440 --> 00:41:47,880 there. But if you can't do that, or 859 00:41:47,880 --> 00:41:51,320 maybe you can't do that right away, is you can build an ETL, 860 00:41:51,320 --> 00:41:55,520 which is basically you get a flat file from the source of 861 00:41:55,520 --> 00:41:58,880 truth, the application. It's it's a, a standard format. 862 00:41:58,880 --> 00:42:01,880 It follows a template and then it gets dropped in some sort of 863 00:42:01,880 --> 00:42:03,880 shared location. And then your identity 864 00:42:03,880 --> 00:42:07,680 governance tool consumes that data, that standardized data. 865 00:42:08,280 --> 00:42:10,040 And now you've got that. And let's say you do that on a 866 00:42:10,040 --> 00:42:13,520 weekly basis, that's almost as good as an automated feed. 867 00:42:13,720 --> 00:42:16,520 So those are some, some things, some solutions where, OK, I 868 00:42:16,520 --> 00:42:18,440 can't build out integration because I got this legacy 869 00:42:18,440 --> 00:42:21,480 platform, but you still can build some level of integration. 870 00:42:21,600 --> 00:42:24,480 And now you've got your authoritative sources talking to 871 00:42:24,720 --> 00:42:27,920 your, your sources of truth talking to your authoritative 872 00:42:27,920 --> 00:42:29,480 sources. And you have everything on that 873 00:42:29,480 --> 00:42:31,000 one, one identity governance platform. 874 00:42:32,320 --> 00:42:34,040 So I'm glad you made that distinction between source of 875 00:42:34,040 --> 00:42:37,040 truth and authoritative source, because I think that is very 876 00:42:37,040 --> 00:42:40,480 important to highlight here. Data comes from sources. 877 00:42:41,200 --> 00:42:43,640 The collation of that data and the aggregation and the 878 00:42:43,840 --> 00:42:46,040 correlation of that data is where your authoritative source 879 00:42:46,040 --> 00:42:47,880 lives. So maybe that is the IJ 880 00:42:47,880 --> 00:42:49,840 platform, for example, maybe it's a privileged access 881 00:42:49,840 --> 00:42:51,920 management platform for like non human identities, right? 882 00:42:51,920 --> 00:42:55,080 Things like that. What I find happened quite a bit 883 00:42:55,080 --> 00:43:00,760 is that IT solves the problem on their own without involving the 884 00:43:00,760 --> 00:43:06,120 business or having the business be accountable for non employee 885 00:43:06,120 --> 00:43:08,200 identity. It's well, it's left up to the 886 00:43:08,200 --> 00:43:09,560 managers and they kind of figure it out. 887 00:43:09,560 --> 00:43:11,960 And we all know managers are great at doing you know what 888 00:43:11,960 --> 00:43:14,040 they've been asked because they do access certification so well. 889 00:43:14,720 --> 00:43:17,560 So. You know what happens when there 890 00:43:17,560 --> 00:43:21,320 isn't a process and IT has to kind of figure it out And maybe 891 00:43:21,320 --> 00:43:24,480 if the IM team kind of has to figure it out and all of a 892 00:43:24,480 --> 00:43:30,320 sudden IT or the IM team or some combination in there owns the 893 00:43:30,320 --> 00:43:34,440 population of non employees, what happens in that scenario? 894 00:43:34,440 --> 00:43:35,880 How do we get back on track for that? 895 00:43:36,600 --> 00:43:39,640 Sure. So what I've kind of learned or 896 00:43:39,800 --> 00:43:41,680 the approach I like to take is centralization. 897 00:43:42,320 --> 00:43:44,800 So when you have fragmentation for pretty much, I wouldn't say 898 00:43:44,800 --> 00:43:47,640 any system, but for, you know, let's say governance, identity 899 00:43:47,640 --> 00:43:51,120 governance is you've got different teams doing different 900 00:43:51,120 --> 00:43:56,040 things or nothing at all. So I would rather centralized a 901 00:43:56,040 --> 00:43:59,960 system and a life cycle and say I'm going to be in charge of 902 00:43:59,960 --> 00:44:03,480 this life cycle and this process, but here is your 903 00:44:03,480 --> 00:44:06,360 responsibility. And then kind of distribute that 904 00:44:06,360 --> 00:44:09,600 out to the business, to our technology partners and make it 905 00:44:09,600 --> 00:44:12,520 super easy. So for example, non human 906 00:44:12,520 --> 00:44:14,920 identity management, life cycle management, I'm going to say 907 00:44:14,920 --> 00:44:17,480 this is the source of truth. They're going to live in our 908 00:44:17,480 --> 00:44:19,960 identity governance tool. Maybe they live in our Pam tool 909 00:44:20,440 --> 00:44:22,440 and everything's going to be in there. 910 00:44:22,640 --> 00:44:23,960 And here's how you get it in there. 911 00:44:23,960 --> 00:44:27,160 Here's how you register it. And then you're going to 912 00:44:27,160 --> 00:44:29,200 maintain that. So every year you're going to 913 00:44:29,200 --> 00:44:31,120 change the password, you're going to make sure it's 914 00:44:31,120 --> 00:44:33,680 automatically rotated in, in the privileged access management 915 00:44:33,680 --> 00:44:36,800 tool. It's going to have a, a 916 00:44:36,960 --> 00:44:39,760 compliant password, not just, you know, password 123 or you 917 00:44:39,760 --> 00:44:40,800 know, different things like that. 918 00:44:41,320 --> 00:44:43,160 And but that's going to be centrally managed. 919 00:44:43,320 --> 00:44:44,920 And then we're going to distribute that and we're going 920 00:44:44,920 --> 00:44:47,080 to know who owns it and we're going to communicate to them and 921 00:44:47,080 --> 00:44:50,200 say, here's your responsibility and we're going to simplify 922 00:44:50,200 --> 00:44:52,360 that. That's the other aspect of it is 923 00:44:52,400 --> 00:44:55,760 if it takes me a month to create a new non human identity for the 924 00:44:55,760 --> 00:44:58,600 application that I was supposed to stand up two weeks ago and I 925 00:44:58,600 --> 00:45:00,800 can't because I don't have my account yet, who do you think is 926 00:45:00,800 --> 00:45:02,480 going to want to go through that process again? 927 00:45:02,760 --> 00:45:04,560 They're going to the next application, they stand up, 928 00:45:04,560 --> 00:45:06,320 they're going to say, well, I got a surface account that 929 00:45:06,320 --> 00:45:08,160 works. I'm just going to use that all 930 00:45:08,160 --> 00:45:10,320 over again. And it's used over again and 931 00:45:10,320 --> 00:45:12,640 over and over. And now you need to reset that 932 00:45:12,640 --> 00:45:15,080 password because it was compromised or you, you know, 933 00:45:15,080 --> 00:45:18,400 want to keep it rotated and now nobody knows knows where it 934 00:45:18,400 --> 00:45:19,440 lives. So Jeff, to answer your 935 00:45:19,440 --> 00:45:23,880 question, centralized system process and management and then 936 00:45:23,880 --> 00:45:28,200 very clear communication to the owners with a life cycle 937 00:45:28,200 --> 00:45:30,280 management. And then great communication to 938 00:45:30,280 --> 00:45:32,600 leaders saying you own these accounts. 939 00:45:33,040 --> 00:45:35,520 You're the accounts that are in compliance under your ownership. 940 00:45:35,520 --> 00:45:36,640 And here's the ones that are not. 941 00:45:36,880 --> 00:45:40,280 And we're communicating to your teams 9060 thirty days out when 942 00:45:40,280 --> 00:45:42,600 the password needs to be rotated or when something needs to 943 00:45:42,600 --> 00:45:44,560 change. And here's how easy we're making 944 00:45:44,560 --> 00:45:46,560 it for you to follow the standards. 945 00:45:48,120 --> 00:45:51,320 Yeah, I wanted to ask you a question about, you know, what 946 00:45:51,320 --> 00:45:55,320 is your advice to practitioners to future proof their identity 947 00:45:55,320 --> 00:45:57,120 program. And I don't think you can future 948 00:45:57,120 --> 00:46:00,120 proof it, but I think you can approach it with the framework. 949 00:46:00,480 --> 00:46:05,800 So we brought up, you know, how enterprise IT was done in the 950 00:46:05,800 --> 00:46:10,240 past and, and we brought in the cloud and became like a big 951 00:46:11,000 --> 00:46:15,080 issue for identity people because I did see this trend 952 00:46:15,080 --> 00:46:18,160 coming in a lot of cases and didn't prepare for it and said, 953 00:46:18,200 --> 00:46:20,720 I'm going to continue doing what I'm doing. 954 00:46:21,200 --> 00:46:24,000 And then this thing came along and became half of the 955 00:46:24,000 --> 00:46:26,480 enterprise. The next thing you can see 956 00:46:26,480 --> 00:46:31,040 coming is AI. Like if you're not thinking 957 00:46:31,040 --> 00:46:32,840 through these problems and seeing where the industry's 958 00:46:32,840 --> 00:46:35,200 going, it's going to sneak up on you. 959 00:46:36,760 --> 00:46:40,560 So for me, like it's it's almost like I'm destroying my own 960 00:46:40,560 --> 00:46:42,400 question. I don't think there is a way to 961 00:46:42,400 --> 00:46:44,560 future prove it. But what kind of tips do you 962 00:46:44,560 --> 00:46:46,960 have for your fellow practitioners in terms of 963 00:46:47,400 --> 00:46:50,000 building a program that doesn't get blindsided? 964 00:46:50,920 --> 00:46:53,040 Yeah, that's really hard. I mean, that's finding the 965 00:46:53,040 --> 00:46:57,280 balance between managing your technical debt, which is, you 966 00:46:57,280 --> 00:46:59,040 know, those passwords that you're, those accounts that you 967 00:46:59,040 --> 00:47:01,160 don't know who owns the passwords aren't rotated, you 968 00:47:01,160 --> 00:47:04,400 know, the, the large attack surface and being able to do, to 969 00:47:04,400 --> 00:47:06,600 do the new technology. Because yes, if we're, you know, 970 00:47:06,600 --> 00:47:09,080 a company and you're not looking at AI right now, you're probably 971 00:47:09,080 --> 00:47:11,200 going to get left behind. But at the same time, if you're 972 00:47:11,200 --> 00:47:14,920 not also investing and cleaning up and managing the life cycle 973 00:47:14,920 --> 00:47:17,200 and, and reducing the technical debt, then by the time you're 974 00:47:17,200 --> 00:47:20,280 ready to implement AI, are you going to be able to, because it 975 00:47:20,280 --> 00:47:22,680 doesn't have the data it needs to do its job or, or different 976 00:47:22,680 --> 00:47:24,880 things like that? Somebody, Jim, it's going to be 977 00:47:24,880 --> 00:47:27,440 hard, but I think we try to have to, you know, make a balanced 978 00:47:27,440 --> 00:47:30,320 approach and try to do both. Well, no one always said 979 00:47:30,320 --> 00:47:31,720 identity and access manager was easy. 980 00:47:31,720 --> 00:47:34,440 That's why we've all been doing it for decades at this point. 981 00:47:35,640 --> 00:47:37,600 So I want to kind of wrap up the conversation here. 982 00:47:37,600 --> 00:47:40,760 I and I have a professional Segway I talked to earlier about 983 00:47:40,760 --> 00:47:44,040 climbing the mountain to 1,000,000 downloads. 984 00:47:44,360 --> 00:47:47,120 And so I want to come down that mountain on a mountain bike. 985 00:47:47,200 --> 00:47:48,960 I know that you are a mountain biker. 986 00:47:49,000 --> 00:47:51,960 I have never been, but I live in an area where it's very popular, 987 00:47:51,960 --> 00:47:55,400 Asheville, NC area. So lots of trails, lots of stuff 988 00:47:55,400 --> 00:47:58,200 to do that. I think the last time I rode a 989 00:47:58,200 --> 00:48:04,800 bike was probably 10 years ago. So I could probably test out 990 00:48:04,800 --> 00:48:07,240 that, you know, that theory that you never forget how to ride a 991 00:48:07,240 --> 00:48:08,800 bike, and that would probably be pretty ridiculous. 992 00:48:08,800 --> 00:48:11,360 But how often? I mean, I know you're a mountain 993 00:48:11,360 --> 00:48:12,680 bike. How often do you go? 994 00:48:12,760 --> 00:48:15,880 Tell me about this. And for a newbie like me, how do 995 00:48:15,920 --> 00:48:17,680 I get started? Sure. 996 00:48:18,000 --> 00:48:21,720 Well, I see mountain biking as kind of a metaphor to life. 997 00:48:22,440 --> 00:48:26,440 You're, you feel like you're going uphill most of the time 998 00:48:27,160 --> 00:48:30,600 and it's hard and it's a slog and sometimes you don't feel 999 00:48:30,600 --> 00:48:31,560 like you're ever going to get there. 1000 00:48:31,720 --> 00:48:34,800 But then you get to the flat where even better the downhill 1001 00:48:35,120 --> 00:48:37,880 and you just get into this flow state and you're just having the 1002 00:48:37,880 --> 00:48:40,680 time of your life. And so that's, that's one of the 1003 00:48:40,680 --> 00:48:43,160 things I love about mountain biking, but even more is 1004 00:48:43,320 --> 00:48:46,280 teaching youth mountain biking. My son who's 15, he mountain 1005 00:48:46,280 --> 00:48:48,960 bikes. My daughter who's 11, she 1006 00:48:48,960 --> 00:48:52,280 mountain bikes and she just did a race and got third place up in 1007 00:48:52,280 --> 00:48:56,960 Vermont this past weekend. And it's just, it really brings 1008 00:48:56,960 --> 00:49:00,480 a tear to my eye to watch these little kids doing just that, 1009 00:49:00,480 --> 00:49:02,760 climbing up these hills, sometimes having to get off 1010 00:49:02,760 --> 00:49:05,880 their bike and pushed up the hill, but doing it because they 1011 00:49:05,880 --> 00:49:08,880 want to, doing it because they know they'll they'll make it up 1012 00:49:08,920 --> 00:49:12,000 and doing it because it's fun. And and I want to instill that, 1013 00:49:12,000 --> 00:49:14,040 you know, that kind of thing in in the kids lives. 1014 00:49:14,440 --> 00:49:15,840 And so so I'm passionate about that. 1015 00:49:16,000 --> 00:49:18,080 But how do you get into it? Yeah, I think Jeff, just hop on 1016 00:49:18,080 --> 00:49:21,840 that bike, find some easy trails and I can I can send you some 1017 00:49:21,960 --> 00:49:24,480 some links to to those. But yeah, start on the road and 1018 00:49:24,480 --> 00:49:27,120 just really have a good time. I'll tell you the E bikes they 1019 00:49:27,120 --> 00:49:29,000 make these days are pretty awesome. 1020 00:49:29,080 --> 00:49:32,360 I haven't tried 1 yet, but I think they make mountain biking 1021 00:49:32,360 --> 00:49:34,960 more accessible to anybody who wants to try it. 1022 00:49:35,280 --> 00:49:38,280 And it definitely makes going uphill even easier. 1023 00:49:38,280 --> 00:49:41,080 So that's that's the life I want to live where it's like I'm I'm 1024 00:49:41,080 --> 00:49:43,400 on AE bike all the time and and going up hills no problem. 1025 00:49:44,080 --> 00:49:46,280 OK, so you stole my next question because I was going to 1026 00:49:46,280 --> 00:49:49,000 ask if using an E bike is cheating because then I'm then 1027 00:49:49,000 --> 00:49:50,560 I'm all in. If I can use an E bike. 1028 00:49:50,960 --> 00:49:54,040 That sounds a little more recreational, you know, for me 1029 00:49:54,520 --> 00:49:56,600 is there. OK so let's say I want to get an 1030 00:49:56,600 --> 00:49:59,760 E bike. Like how much easier is it to 1031 00:49:59,760 --> 00:50:01,520 use an E bike versus like a normal bike? 1032 00:50:01,800 --> 00:50:03,240 Yeah. Is it I think still easier? 1033 00:50:03,680 --> 00:50:05,520 Yeah. It's, I think the, the great 1034 00:50:05,520 --> 00:50:06,720 thing is the technology's pretty good. 1035 00:50:06,720 --> 00:50:09,040 So it doesn't feel that much different in terms of just the, 1036 00:50:09,040 --> 00:50:11,440 the riding dynamics because they're still pretty light. 1037 00:50:11,440 --> 00:50:14,040 Yeah, maybe they weigh, you know, an extra £20, but that's 1038 00:50:14,040 --> 00:50:15,640 not going to make too much of a difference. 1039 00:50:15,640 --> 00:50:18,160 So the riding experience is going to be about the same. 1040 00:50:18,320 --> 00:50:20,480 But it's, it's really the going at pills and maybe if you're 1041 00:50:20,480 --> 00:50:23,520 riding with a group trying to keep up that that's where, where 1042 00:50:23,520 --> 00:50:25,320 it really helps. And I think it's worth it, 1043 00:50:25,320 --> 00:50:28,240 especially if you're you're new or you really want to to try 1044 00:50:28,320 --> 00:50:30,200 right out. I I love the idea of E bikes. 1045 00:50:30,960 --> 00:50:33,960 I have to imagine they're probably split out as a separate 1046 00:50:33,960 --> 00:50:37,080 like class of bike or something. When you're doing races right, 1047 00:50:37,080 --> 00:50:39,240 it's E bikes only versus no E bikes. 1048 00:50:39,240 --> 00:50:40,960 Yes, they do. They do. 1049 00:50:41,080 --> 00:50:43,120 And those those E bikes go pretty quick. 1050 00:50:43,120 --> 00:50:44,920 They they shave a few minutes off every lap. 1051 00:50:44,960 --> 00:50:47,120 I was just looking at that for that for the recent race. 1052 00:50:47,120 --> 00:50:48,960 I was like, oh, how much faster did they go than me? 1053 00:50:49,440 --> 00:50:51,920 They went a lot faster. I can absolutely do that because 1054 00:50:51,920 --> 00:50:54,280 I was in Amsterdam over the summer break for while we were 1055 00:50:54,280 --> 00:50:58,360 at EICI spent the week there and there were bikes plenty, which I 1056 00:50:58,360 --> 00:51:00,120 thought was very cool. And then I, and then there was a 1057 00:51:00,120 --> 00:51:03,680 few people on E bikes and boy, were they moving on some of 1058 00:51:03,680 --> 00:51:05,840 those streets and some of the park pass that that we were kind 1059 00:51:05,840 --> 00:51:08,240 of traversing and it seemed a lot easier to me. 1060 00:51:08,240 --> 00:51:09,360 And so I was kind of a fan of that. 1061 00:51:09,400 --> 00:51:12,040 I think so I have actually thought about getting an E bike 1062 00:51:12,320 --> 00:51:18,680 because I, I, I do enjoy biking. I just don't have like the, I 1063 00:51:18,680 --> 00:51:22,120 don't know the, the, the, the gumption to get out there and, 1064 00:51:22,480 --> 00:51:25,200 you know, get my Huffy Sigma out, which is the, you know, the 1065 00:51:25,200 --> 00:51:27,880 bike that I grew up on with electron sort of, you know, 1066 00:51:27,880 --> 00:51:29,360 covers, you know, stuff like that. 1067 00:51:30,440 --> 00:51:33,120 But E bikes interest me, Jim. Have you ever have you ever 1068 00:51:33,120 --> 00:51:36,200 ridden on an E bike, Jim? Never on an E bike, no. 1069 00:51:36,520 --> 00:51:40,120 I mean that is about the speed that I'm at now though. 1070 00:51:41,000 --> 00:51:46,240 I used to trail run and everybody's like, who has not 1071 00:51:46,240 --> 00:51:49,520 into running is like, why would you do that to yourself? 1072 00:51:49,680 --> 00:51:52,280 But what they don't realize is once you get into a level of 1073 00:51:52,280 --> 00:51:56,000 fitness where it doesn't hurt, your heart's not pumping out of 1074 00:51:56,000 --> 00:51:58,120 your chest. You're, you know, maybe you're 1075 00:51:58,120 --> 00:51:59,760 breathing heavy, but you're used to it. 1076 00:51:59,760 --> 00:52:04,840 So it's not that bad. It's a great way to, you know, 1077 00:52:05,840 --> 00:52:09,480 it's, it's almost like like meditating while you're running. 1078 00:52:10,240 --> 00:52:13,680 But I was going to say I did give mountain biking a chance 1079 00:52:14,280 --> 00:52:17,640 when I was like college age and I really liked it. 1080 00:52:17,640 --> 00:52:20,520 But here's my tip for anybody. If you think you can go to 1081 00:52:20,520 --> 00:52:25,560 Walmart and buy what looks like a mountain bike for $99.00 and 1082 00:52:25,560 --> 00:52:28,320 ride that, you're going to be sorry. 1083 00:52:28,640 --> 00:52:31,600 And here's what I mean. So I had one of those bikes 1084 00:52:31,600 --> 00:52:34,760 since I won, I didn't have any money and I wanted to do this 1085 00:52:34,760 --> 00:52:37,280 thing. And so there was like a flight 1086 00:52:37,280 --> 00:52:41,440 of steps that it's obviously not in the mountain, but it was on 1087 00:52:41,440 --> 00:52:45,480 the campus and I rode down the flight of steps and it bent my 1088 00:52:45,480 --> 00:52:47,760 rims and became like Oval shaped. 1089 00:52:48,200 --> 00:52:51,000 And I'm like, what the heck is going on here? 1090 00:52:51,280 --> 00:52:56,120 So now I can see why somebody would pay $400.00 per rim 1091 00:52:56,560 --> 00:53:00,280 because if you don't, the last thing you want to do is like go 1092 00:53:00,280 --> 00:53:03,240 up all the way up the mountain, start going down and then you 1093 00:53:03,240 --> 00:53:05,520 can't ride down. You got to carry your bike out. 1094 00:53:05,880 --> 00:53:10,760 And I had a friend who said, and she said if you ain't hiking, 1095 00:53:10,800 --> 00:53:14,400 you ain't biking. So that was when Anthony was 1096 00:53:14,400 --> 00:53:15,800 talking about carrying that bike out. 1097 00:53:15,800 --> 00:53:18,360 And that's what I was thinking with the E bike. 1098 00:53:18,640 --> 00:53:22,200 I'm wondering, are those things like 10 times heavier than a 1099 00:53:22,200 --> 00:53:24,200 regular mountain bike? It's not too bad. 1100 00:53:25,040 --> 00:53:26,000 They're not too bad. OK. 1101 00:53:26,160 --> 00:53:29,120 So maybe you can carry those? Yeah, if you need to, but 1102 00:53:29,120 --> 00:53:32,520 they'll they'll push you up just about any, any angle that's not 1103 00:53:32,520 --> 00:53:33,280 and the heavy. Part is what? 1104 00:53:33,280 --> 00:53:34,560 The battery probably, right? Yeah. 1105 00:53:34,560 --> 00:53:38,080 Is the battery the heavest part? Yep, OK, I I. 1106 00:53:39,120 --> 00:53:40,800 I've toyed with it. I have to explore it. 1107 00:53:40,920 --> 00:53:43,960 I think it's super interesting. I've thought about, well, maybe 1108 00:53:43,960 --> 00:53:45,560 E bike. Well, I don't just get like a, 1109 00:53:45,720 --> 00:53:48,040 you know, electric motorcycle or something like that, which is 1110 00:53:48,040 --> 00:53:50,240 probably the next step. Jim, I know you used to have a 1111 00:53:50,240 --> 00:53:51,120 bike. Do you sell a bike? 1112 00:53:52,280 --> 00:53:54,720 Motorcycle, No. I sold it when I moved because I 1113 00:53:54,720 --> 00:53:56,320 did want to move it across country. 1114 00:53:56,320 --> 00:54:00,480 But Denise has a Harley and I'm going to get something. 1115 00:54:00,480 --> 00:54:02,640 It won't be a Harley, it'll probably be an Indian. 1116 00:54:03,360 --> 00:54:06,120 I think there's a really sharp looking or I might get something 1117 00:54:06,120 --> 00:54:10,480 custom or something electric. I really haven't decided yet. 1118 00:54:10,920 --> 00:54:12,920 I would be very impressed if you got an electric bike. 1119 00:54:12,920 --> 00:54:15,800 That would frankly shock me, but I think it would be super cool. 1120 00:54:16,240 --> 00:54:18,880 I think it would be cool, Yeah. No, I mean, why not? 1121 00:54:19,080 --> 00:54:21,920 I mean, I drive electric cars and they're super fast and super 1122 00:54:21,920 --> 00:54:23,320 quick and I that's what I like about them. 1123 00:54:23,440 --> 00:54:26,200 I can't imagine an electric motorcycle I would instantly be 1124 00:54:26,200 --> 00:54:27,680 in the hospital just by looking at it. 1125 00:54:28,400 --> 00:54:31,440 I bought electric dirt bikes for my kids when they were real 1126 00:54:31,440 --> 00:54:34,360 little and they used to just zoom around the house. 1127 00:54:34,920 --> 00:54:38,240 And the thing was, they're cheap and they broke all the times. 1128 00:54:38,400 --> 00:54:40,440 But that wasn't because they were electric. 1129 00:54:40,440 --> 00:54:44,360 That was because they're cheap. OK, well, shout out to any E 1130 00:54:44,360 --> 00:54:45,840 bike makers. If you want to sponsor an 1131 00:54:45,840 --> 00:54:49,640 episode, come on, we'll make an exception for Yeah, for for non 1132 00:54:49,640 --> 00:54:50,960 identity sponsors and stuff like that. 1133 00:54:50,960 --> 00:54:52,600 I'll, I'll, I'll take an E bike. That's fine. 1134 00:54:53,440 --> 00:54:55,760 Absolutely. All right, Anthony, it's been a 1135 00:54:55,760 --> 00:54:57,120 great catching up with you again. 1136 00:54:57,120 --> 00:54:58,360 It was great meeting you at Identifer. 1137 00:54:58,360 --> 00:55:00,920 Say hello to your wife and hopefully she's got this new 1138 00:55:00,920 --> 00:55:03,120 school year probably coming up here in the next few weeks, if 1139 00:55:03,160 --> 00:55:04,400 she doesn't start already. Yeah. 1140 00:55:05,200 --> 00:55:07,040 And hopefully we'll see you at some of these conferences coming 1141 00:55:07,040 --> 00:55:10,000 up and we'll see you in the ID pro channels and I'm sure 1142 00:55:10,000 --> 00:55:11,800 Identity Underground and all that kind of stuff. 1143 00:55:11,800 --> 00:55:13,880 But yeah, thank you for spending time with us. 1144 00:55:14,640 --> 00:55:18,480 I'll have you get our show notes for your LinkedIn profile so 1145 00:55:18,480 --> 00:55:21,600 people can reach out and either ping you with IM questions or 1146 00:55:21,600 --> 00:55:23,440 mountain biking or whatever. Yeah. 1147 00:55:24,240 --> 00:55:26,760 No, to my earlier point, I really want to support the 1148 00:55:26,760 --> 00:55:28,360 community. So please reach out if there's 1149 00:55:28,360 --> 00:55:29,680 anything you think I can help out with. 1150 00:55:29,720 --> 00:55:32,520 I, I want to help. So, so, so reach out and also 1151 00:55:32,520 --> 00:55:35,720 shout out to my, my team. A lot of the stuff that I talked 1152 00:55:35,720 --> 00:55:38,680 about, they're the ones who are in the trenches doing the work 1153 00:55:38,680 --> 00:55:41,920 and have all the ideas that kind of got us to where, where we had 1154 00:55:42,160 --> 00:55:43,920 the last six years. I just want to say thanks to 1155 00:55:43,920 --> 00:55:45,880 them and all their hard work because they're they're doing 1156 00:55:45,880 --> 00:55:48,960 the hard part. I am heroes left and right all 1157 00:55:48,960 --> 00:55:51,680 over the place. But the one thing I will caution 1158 00:55:51,680 --> 00:55:54,480 is heroism is not a strategy. I had a call last night with 1159 00:55:54,480 --> 00:55:57,040 some folks. Heroism is great, but it is not 1160 00:55:57,040 --> 00:55:59,040 a strategy. So shout out to all that I am 1161 00:55:59,040 --> 00:56:01,640 heroes out there, you know, with the sheer force of will making 1162 00:56:01,640 --> 00:56:04,600 their organizations work. So with that, we'll go and close 1163 00:56:04,600 --> 00:56:06,200 out for this week. Find us on the web, 1164 00:56:06,200 --> 00:56:09,200 idacpodcast.com. Congrats, Jim, to you and me for 1165 00:56:09,200 --> 00:56:11,520 a million downloads. Here's to the next million. 1166 00:56:12,240 --> 00:56:15,280 Like subscribe, share with a friend, share with an enemy. 1167 00:56:15,280 --> 00:56:17,320 I don't care as long as people are liking and subscribing, 1168 00:56:17,320 --> 00:56:19,920 that's all matters. And we'll go ahead and leave it 1169 00:56:19,920 --> 00:56:22,120 for this week. Thanks everyone for watching and 1170 00:56:22,120 --> 00:56:24,480 or listening and we'll talk with you all in the next one. 1171 00:56:26,840 --> 00:56:29,920 You've been listening to Identity at the Center. 1172 00:56:30,280 --> 00:56:34,360 We hope you've enjoyed the show. Make sure to like, rate and 1173 00:56:34,360 --> 00:56:38,000 review, and we'll be back soon. But in the meantime, hit the 1174 00:56:38,000 --> 00:56:41,400 website at identity@thecenter.com. 1175 00:56:42,000 --> 00:56:46,120 See you next time on Identity at the Center.