1
00:00:00,040 --> 00:00:04,040
I created the Non human identity
management group on LinkedIn 

2
00:00:04,640 --> 00:00:08,760
back in May last year. 
I've been very surprised that 

3
00:00:09,080 --> 00:00:14,040
we're now close to 2000 members.
A lot of people in the industry,

4
00:00:14,040 --> 00:00:17,080
consultants, a lot of 
practitioners, pretty much the 

5
00:00:17,080 --> 00:00:19,880
who's who's now in them in that 
group. 

6
00:00:20,320 --> 00:00:23,760
And we've started to post a lot 
of content there. 

7
00:00:24,160 --> 00:00:27,000
But then I realized that's not 
really going to work. 

8
00:00:27,000 --> 00:00:30,920
Whilst you'll be able to 
disseminate kind of news, what's

9
00:00:30,920 --> 00:00:33,040
going on in the industry, if 
someone wants to learn, they're 

10
00:00:33,040 --> 00:00:36,600
not going to go through a feed 
of hundreds of NHI posts from me

11
00:00:36,600 --> 00:00:39,280
and others in the industry. 
And then I thought, look, let's 

12
00:00:39,280 --> 00:00:43,800
create a portal. 
And that's when NHIM g.org was 

13
00:00:43,800 --> 00:00:47,320
formed. 
And my mission was purely at the

14
00:00:47,320 --> 00:00:50,880
time, all about education, 
evangelizing. 

15
00:00:50,880 --> 00:00:54,160
I was in a job and this was kind
of a side hobby, a bit like what

16
00:00:54,160 --> 00:00:58,440
you guys do at Idec. 
And it just sort of flourished 

17
00:00:58,440 --> 00:01:00,560
from there. 
I wrote more white papers, more 

18
00:01:00,560 --> 00:01:06,440
content, and there was a lot of 
good, you know, feedback. 

19
00:01:06,880 --> 00:01:09,320
I started talking to sort of 
folks in the market to say, 

20
00:01:09,320 --> 00:01:12,080
would you like to kind of share 
content as well? 

21
00:01:12,480 --> 00:01:15,960
And then that's really what I've
been doing for the last 12 

22
00:01:15,960 --> 00:01:20,760
months and since January decided
to go into this venture full 

23
00:01:20,760 --> 00:01:23,120
time and the mission hasn't 
changed. 

24
00:01:23,120 --> 00:01:26,560
It's to educate, evangelize. 
It's the kind of help the 

25
00:01:26,560 --> 00:01:29,960
industry come together. 
And I guess along the way, 

26
00:01:30,120 --> 00:01:33,880
someone, one of the vendors kind
of just, and maybe a LinkedIn 

27
00:01:33,880 --> 00:01:37,880
post was said to me kind of 
verbally, Mr. Nhi. 

28
00:01:38,360 --> 00:01:43,960
And I started using the name and
it's now now stuck with me 

29
00:01:43,960 --> 00:01:46,440
unfortunately. 
But maybe it's a bit better than

30
00:01:46,440 --> 00:01:50,120
Mr. Sox. 
Yeah, Mr. Stocks kind of kind of

31
00:01:50,120 --> 00:01:52,960
sounds like a Quentin Tarantino 
character for Mike Reservoir 

32
00:01:52,960 --> 00:01:56,640
Dogs or something like that. 
Or cat, a cat name. 

33
00:01:57,080 --> 00:02:00,280
Yeah, that's true spoiler right.
If you're watching a video, I've

34
00:02:00,280 --> 00:02:02,760
got a couple DJ cats in 
Amsterdam behind me. 

35
00:02:02,760 --> 00:02:04,520
So if you're if you're not 
watching a video, you're missing

36
00:02:04,520 --> 00:02:14,000
out that that glorious scene. 
This is identity at the center 

37
00:02:14,840 --> 00:02:17,840
if it has anything to do with 
IAM. 

38
00:02:17,840 --> 00:02:24,400
This is the go to podcast now 
your hosts Jim McDonald and Jeff

39
00:02:24,400 --> 00:02:32,080
Steadman. 
Welcome to the Identity at the 

40
00:02:32,080 --> 00:02:33,840
Center podcast. 
I'm Jeff, and that's Jim. 

41
00:02:33,840 --> 00:02:36,080
Hey, Jim. 
Hey, Jeff, how are you? 

42
00:02:36,600 --> 00:02:39,280
Oh, not so bad yourself. 
Doing great. 

43
00:02:39,320 --> 00:02:43,280
I feel like we're living in this
weird time work kind of thing. 

44
00:02:43,520 --> 00:02:45,600
We're recording before 
Identverse. 

45
00:02:45,600 --> 00:02:49,560
It's going to be dropped after 
Identverse, but I want to talk 

46
00:02:49,560 --> 00:02:51,600
about Identverse. 
I mean, we're going to be doing 

47
00:02:51,600 --> 00:02:54,040
the identity squabble game while
we're there. 

48
00:02:54,040 --> 00:02:57,880
I guess technically it's in the 
past, but hopefully we'll be 

49
00:02:57,880 --> 00:03:01,280
able to drop it as an episode. 
It's going to happen in the NHI 

50
00:03:01,480 --> 00:03:05,760
Pavilion at the Expo Hall. 
Really excited about what we're 

51
00:03:05,760 --> 00:03:08,840
doing at Identverse. 
Yeah, it's a very cool thing. 

52
00:03:08,840 --> 00:03:12,000
I I'll be honest, I'm a little 
bit nervous on how this will 

53
00:03:12,000 --> 00:03:14,240
come off. 
I dentist squabble as we're kind

54
00:03:14,240 --> 00:03:16,800
of calling it. 
It is an extension of the Fido 

55
00:03:16,800 --> 00:03:19,600
feud that we did at the 
Authenticate conference last 

56
00:03:19,600 --> 00:03:21,840
year. 
But we are doing it all on our 

57
00:03:21,840 --> 00:03:24,240
own basically, right? 
No help. 

58
00:03:24,240 --> 00:03:26,600
We don't have like an AV team. 
It's going to be me setting up a

59
00:03:26,600 --> 00:03:29,760
bunch of cameras and me figure 
out how to try to mic it up. 

60
00:03:29,760 --> 00:03:33,720
So, you know, we are a couple 
days away from that and 

61
00:03:33,720 --> 00:03:37,560
hopefully by the time people 
hear this, it turned out well. 

62
00:03:37,560 --> 00:03:39,760
I hope people, you know, are 
entertained. 

63
00:03:39,760 --> 00:03:42,080
You may not learn anything, but 
I hope they're entertained as we

64
00:03:42,080 --> 00:03:43,000
go through that. 
So. 

65
00:03:43,520 --> 00:03:46,200
Yeah, I'm going to. 
I'm going to give my thank you 

66
00:03:46,200 --> 00:03:50,360
in advance to the CRA for I 
mean, look, we're doing so much 

67
00:03:50,360 --> 00:03:52,360
there. 
You and I are each hosting a 

68
00:03:52,360 --> 00:03:58,280
panel and we're going to be 
recording a bunch of podcasts 

69
00:03:58,280 --> 00:04:02,320
and have an opportunity in the 
actual hall to meet people, give

70
00:04:02,320 --> 00:04:04,960
out stickers. 
I'm excited for the whole thing.

71
00:04:05,600 --> 00:04:07,640
Yeah, definitely been a great 
experience. 

72
00:04:07,640 --> 00:04:09,600
Shout out to Shirley for for 
helping us out with this. 

73
00:04:09,600 --> 00:04:12,720
So if you see Shirley roaming 
the halls from CRA, give her an 

74
00:04:12,720 --> 00:04:14,600
identity at the center. 
Fist bump of gratitude. 

75
00:04:14,600 --> 00:04:15,920
How about that and just a fist 
bump. 

76
00:04:15,920 --> 00:04:20,800
Don't do anything else. 
Yeah, no, just fist, not fist to

77
00:04:20,800 --> 00:04:26,040
any other part of poor Shirley. 
I think the other thing that 

78
00:04:26,040 --> 00:04:29,040
would be great is like if people
got to meet us, people got to 

79
00:04:29,280 --> 00:04:34,240
and are listening to the show, 
go out, give us a a review on 

80
00:04:34,360 --> 00:04:38,640
whatever podcast platform you 
listen or give us a thumbs up 

81
00:04:38,640 --> 00:04:42,520
and subscribe on YouTube. 
It definitely helps get the word

82
00:04:42,520 --> 00:04:46,000
out because I mean, the podcast 
has grown significantly over the

83
00:04:46,000 --> 00:04:48,960
last six years and it's grown 
organically, right? 

84
00:04:48,960 --> 00:04:52,240
We don't run any ads. 
It's people telling people about

85
00:04:52,240 --> 00:04:57,520
the podcast, people liking the 
podcast or giving us five star 

86
00:04:57,520 --> 00:05:01,840
reviews and kind of like working
it up in terms of the algorithm,

87
00:05:02,800 --> 00:05:04,520
yeah. 
No advertising. 

88
00:05:04,520 --> 00:05:06,600
The only advertising is what I 
see behind you, all the 

89
00:05:06,600 --> 00:05:09,600
different plaques that you've 
taken from, you know, the, the 

90
00:05:09,600 --> 00:05:12,520
different cocks we've been at. 
But definitely very cool. 

91
00:05:12,520 --> 00:05:15,080
And we are going to hit a couple
milestones this year. 

92
00:05:15,080 --> 00:05:17,720
We're going to be celebrating 6 
years, I think pretty close by 

93
00:05:17,720 --> 00:05:20,880
the time this one comes out. 
And you know, I'm going to 

94
00:05:20,880 --> 00:05:23,560
preview we're, we're probably 
going to hit 1,000,000 downloads

95
00:05:23,840 --> 00:05:27,920
sometime later this year. 
So pretty pretty crazy. 

96
00:05:28,720 --> 00:05:30,840
Yeah, there's big, there's big 
numbers. 

97
00:05:30,840 --> 00:05:33,720
They keep coming. 
They keep coming quicker than I 

98
00:05:33,720 --> 00:05:37,200
expected them to come. 
So but that's, that's not a 

99
00:05:37,200 --> 00:05:39,400
credit to me and you, Jeff. 
That's credit to all the people 

100
00:05:39,400 --> 00:05:43,520
who listen. 
And I think the practitioners 

101
00:05:43,520 --> 00:05:47,160
out there who you know, let us 
know all the time that you know 

102
00:05:47,160 --> 00:05:52,080
how they feel about the content.
99% positive this. 

103
00:05:52,120 --> 00:05:54,040
That's a shout out and a credit 
to them. 

104
00:05:54,640 --> 00:05:57,520
Yeah, we like doing it and like 
the conversations we're able to 

105
00:05:57,520 --> 00:05:59,120
have. 
And, you know, that's that 

106
00:05:59,120 --> 00:06:01,360
what's that's what leads us to 
the conversation we're having 

107
00:06:01,360 --> 00:06:03,880
today, you know, especially like
around, you know, NHI, which is,

108
00:06:03,920 --> 00:06:06,160
you know, so hot right now if I 
want to steal something from 

109
00:06:06,160 --> 00:06:08,680
Zoolander. 
But why don't we pivot into our 

110
00:06:08,680 --> 00:06:12,560
conversation here with Mr. NHI 
himself, Lylett Choda. 

111
00:06:12,560 --> 00:06:16,800
He's the founder and CEO of the 
Non Human Identity Management 

112
00:06:16,800 --> 00:06:18,480
Group. 
Welcome, Lylett. 

113
00:06:19,120 --> 00:06:22,200
Thanks Jeff and Jim for inviting
me to your identity of the 

114
00:06:22,200 --> 00:06:25,320
Center podcast. 
Real pleasure to be here and 

115
00:06:25,320 --> 00:06:29,400
talk all about NHIS non human 
identities or some will say 

116
00:06:29,400 --> 00:06:32,760
machine or workload identities 
whichever camp you're in. 

117
00:06:33,840 --> 00:06:35,680
Yeah, we're going to get totally
into that. 

118
00:06:35,680 --> 00:06:37,640
I want to start though, with 
your background, because this is

119
00:06:37,640 --> 00:06:40,920
tradition around here is the the
identity origin stories for the 

120
00:06:40,920 --> 00:06:43,240
people in the space. 
So tell us a little bit about 

121
00:06:43,240 --> 00:06:45,600
your identity background. 
How did you get into this? 

122
00:06:45,600 --> 00:06:48,760
Is it something that you chose 
or did identity choose you? 

123
00:06:49,640 --> 00:06:54,120
It's probably the the latter. 
So I started my career 30 years 

124
00:06:54,120 --> 00:06:59,080
ago in investment banking, came 
out of university straight into 

125
00:06:59,080 --> 00:07:01,600
Morgan Stanley, was there for 18
years. 

126
00:07:02,360 --> 00:07:05,600
I moved into sort of the 
equities division running order 

127
00:07:05,600 --> 00:07:08,680
management systems. 
And I guess that was my first 

128
00:07:08,680 --> 00:07:14,440
exposure to sort of regulatory 
audit and sort of identity when 

129
00:07:14,440 --> 00:07:20,000
the infamous Sarbanes-Oxley Sox 
Act came and we had to make sure

130
00:07:20,000 --> 00:07:22,960
our systems were Sox compliant, 
I was the only one in my 

131
00:07:22,960 --> 00:07:26,840
equities division that really 
took the Sox control seriously. 

132
00:07:27,360 --> 00:07:30,200
And ever since then, I was 
tagged in those days with a 

133
00:07:30,200 --> 00:07:34,920
different nickname, Mr. Sox. 
And ever since then, sort of for

134
00:07:34,920 --> 00:07:40,560
the last 25 years, anything that
was his regulatory order, you 

135
00:07:40,560 --> 00:07:45,200
know, compliance, operational 
risk, you know, I was involved 

136
00:07:45,200 --> 00:07:47,040
in. 
So I've run a number of large 

137
00:07:47,680 --> 00:07:52,480
feds and other large regulatory 
programmes for, for, for various

138
00:07:52,480 --> 00:07:57,240
investment banks and then slowly
went more and more into the 

139
00:07:57,240 --> 00:08:02,640
identity space doing human 
regulatory programmes, Pam and 

140
00:08:02,640 --> 00:08:07,040
I've done a number of NHI 
programmes along the way as 

141
00:08:07,040 --> 00:08:09,600
well. 
And when I did SOCKS 25 years 

142
00:08:09,600 --> 00:08:12,840
ago, that was actually my first 
time I actually had to deal with

143
00:08:12,840 --> 00:08:16,800
Nhis or in those days we would 
call them technical accounts or 

144
00:08:17,040 --> 00:08:19,800
service accounts. 
So it's a little bit of my 

145
00:08:19,800 --> 00:08:24,560
background in terms of my 
identity journey until I became,

146
00:08:24,840 --> 00:08:28,320
I guess, Mr. NHI. 
So how did you, how were you 

147
00:08:28,320 --> 00:08:31,840
awarded that title of Mr. NHI? 
Is this a, you know, something 

148
00:08:31,840 --> 00:08:34,000
that somebody gave you? 
You know, is it something that 

149
00:08:34,000 --> 00:08:35,520
you've kind of adopted as a 
moniker? 

150
00:08:35,520 --> 00:08:38,280
Tell me about that. 
Yeah. 

151
00:08:38,280 --> 00:08:43,919
So about a just a year and a 
half ago I decided one weekend 

152
00:08:43,919 --> 00:08:48,600
to write a white paper on how to
manage non human identity risks.

153
00:08:48,600 --> 00:08:52,600
I was just running in the middle
of a very large regulatory 

154
00:08:52,600 --> 00:08:58,240
program at a large investment 
bank fixing the NHI issues. 

155
00:08:58,760 --> 00:09:02,160
And I thought, look, it might be
worth writing some insights on 

156
00:09:02,160 --> 00:09:06,440
what we did, the challenges. 
And I probably said on LinkedIn,

157
00:09:06,440 --> 00:09:10,800
I wasn't really a big LinkedIn 
follower or contributor. 

158
00:09:11,560 --> 00:09:15,520
And what surprised me was within
a few weeks, you know, I was 

159
00:09:15,520 --> 00:09:19,800
getting pings from some pretty 
big industry heavyweights. 

160
00:09:20,120 --> 00:09:26,000
I'll drop a name, for example, 
you know, head COVID said 

161
00:09:26,000 --> 00:09:29,600
Silverthorpe pinged and said, 
love your white paper. 

162
00:09:29,840 --> 00:09:33,400
Let's chat. 
And after writing that white 

163
00:09:33,400 --> 00:09:36,320
paper, kind of a lot of doors 
started to open. 

164
00:09:36,320 --> 00:09:39,600
I started to talk to a lot of 
folks in the industry and I 

165
00:09:39,600 --> 00:09:43,280
realized what was going on. 
There'd been a huge growth in 

166
00:09:43,800 --> 00:09:47,680
startups and a lot of discussion
around the non human identity 

167
00:09:47,680 --> 00:09:51,680
problem. 
And I then started to realise, 

168
00:09:51,680 --> 00:09:56,200
well look, if you're a customer 
you want to learn about the 

169
00:09:56,200 --> 00:10:00,760
problem, where do you go to 
understand about the risks, the 

170
00:10:00,760 --> 00:10:03,040
challenges, where'd you get 
guidance and advice? 

171
00:10:03,680 --> 00:10:08,240
And really there was nothing in 
the industry about just over a 

172
00:10:08,240 --> 00:10:11,200
year ago. 
And again, just one weekend I 

173
00:10:11,200 --> 00:10:15,920
thought, look, why don't I start
and create like Anhi community. 

174
00:10:15,920 --> 00:10:19,440
So I created the non human 
identity management group on 

175
00:10:19,440 --> 00:10:24,720
LinkedIn back in May last year. 
And I've been very surprised 

176
00:10:24,720 --> 00:10:28,000
that we're now close to 2000 
members. 

177
00:10:28,520 --> 00:10:31,320
A lot of people in the industry,
consultants, a lot of 

178
00:10:31,320 --> 00:10:35,480
practitioners, pretty much the 
who's who's now in them in that 

179
00:10:35,480 --> 00:10:38,840
group. 
And we started to post a lot of 

180
00:10:38,840 --> 00:10:42,240
content there. 
But then I realized that's not 

181
00:10:42,240 --> 00:10:44,400
really going to work. 
Whilst you'll be able to 

182
00:10:44,400 --> 00:10:48,120
disseminate kind of news, what's
going on in the industry, if 

183
00:10:48,120 --> 00:10:50,200
someone wants to learn, they're 
not going to go through a feed 

184
00:10:50,200 --> 00:10:54,360
of hundreds of NHI posts from me
and others in the industry. 

185
00:10:54,360 --> 00:10:56,440
And then I thought, look, let's 
create a portal. 

186
00:10:56,840 --> 00:11:00,560
And that's where NHIM g.org was 
formed. 

187
00:11:00,920 --> 00:11:05,520
And my mission was purely, at 
the time, all about education, 

188
00:11:05,960 --> 00:11:08,920
evangelizing. 
I was in a job and this was kind

189
00:11:08,920 --> 00:11:11,920
of a side hobby, a bit like what
you guys do at IDAC. 

190
00:11:12,440 --> 00:11:14,960
And it just sort of flourished 
from there. 

191
00:11:14,960 --> 00:11:20,120
I wrote more white papers, more 
content, and there was a lot of 

192
00:11:20,120 --> 00:11:24,160
good, you know, feedback. 
I started talking to sort of 

193
00:11:24,160 --> 00:11:26,720
folks in the market to say, 
would you like to kind of share 

194
00:11:27,160 --> 00:11:30,160
content as well. 
And then that's really what I've

195
00:11:30,160 --> 00:11:34,960
been doing for the last 12 
months and since January decided

196
00:11:34,960 --> 00:11:38,680
to go into this venture full 
time and the mission hasn't 

197
00:11:38,680 --> 00:11:41,000
changed. 
It's to educate, evangelize. 

198
00:11:41,360 --> 00:11:43,960
It's the kind of help the 
industry come together. 

199
00:11:44,840 --> 00:11:48,120
And I guess along the way, 
someone in one of the vendors 

200
00:11:48,120 --> 00:11:51,720
kind of just in maybe a LinkedIn
post was said to me kind of 

201
00:11:51,720 --> 00:11:58,240
verbally, Mr. Nhi, and I started
using the name and it's now now 

202
00:11:58,240 --> 00:12:02,480
stuck with me, unfortunately, 
But maybe it's a bit better than

203
00:12:02,480 --> 00:12:06,520
Mr. Sox. 
Yeah, Mr. Sox kind of sounds 

204
00:12:06,520 --> 00:12:09,000
like a Quentin Tarantino 
character for Mike Reservoir 

205
00:12:09,000 --> 00:12:12,680
Dogs or something like that. 
Or cat, a cat name. 

206
00:12:13,120 --> 00:12:16,320
Yeah, that's true spoiler right.
If you're watching a video, I've

207
00:12:16,320 --> 00:12:18,800
got a couple DJ cats in 
Amsterdam behind me. 

208
00:12:18,800 --> 00:12:20,560
So if you're if you're not 
watching a video, you're missing

209
00:12:20,560 --> 00:12:24,320
out that that glorious scene. 
But let me talk a little bit 

210
00:12:24,320 --> 00:12:27,640
here with you about NHI, which 
is why we're here. 

211
00:12:28,720 --> 00:12:31,240
I know we want to get probably a
definition from you of what is 

212
00:12:31,240 --> 00:12:32,880
NHI. 
But before I get to that, it 

213
00:12:32,880 --> 00:12:36,920
seems like NHI is kind of having
a moment right now, kind of like

214
00:12:36,920 --> 00:12:39,800
identity at large is having a 
moment as like, hey, there's a 

215
00:12:39,800 --> 00:12:42,080
spotlight identity and people 
are trying to take notice of it 

216
00:12:42,080 --> 00:12:43,320
even though we've been here for 
years. 

217
00:12:43,320 --> 00:12:45,280
And I would argue the same thing
for NHI. 

218
00:12:45,280 --> 00:12:49,480
But why do you think NHI is such
a, a big deal right now? 

219
00:12:49,480 --> 00:12:51,960
Because it seems like every 
conference that we've gone to 

220
00:12:51,960 --> 00:12:55,360
over the last six months to 12 
months has really started to put

221
00:12:55,360 --> 00:12:58,400
more focus on NHI. 
And I'm curious, you know, if 

222
00:12:58,400 --> 00:13:01,320
you see the same thing and and 
if so, why do you think that is?

223
00:13:02,080 --> 00:13:05,040
Well, there's only one answer. 
It's because of me and our group

224
00:13:05,080 --> 00:13:07,720
and all the noise. 
No, that's not true. 

225
00:13:09,680 --> 00:13:13,200
Look, I, I think, you know, I do
get asked this question a lot 

226
00:13:13,200 --> 00:13:17,320
about why now when you talked 
about identify earlier where our

227
00:13:17,320 --> 00:13:20,920
groups are actually going to be 
hosting a big NHL workshop next 

228
00:13:20,920 --> 00:13:23,600
Tuesday and the pavilion you 
refer to we're hosting. 

229
00:13:23,600 --> 00:13:25,040
So it's going to be great to 
have you there. 

230
00:13:26,200 --> 00:13:31,080
Look, I think what's changed is 
the last four or five years 

231
00:13:31,080 --> 00:13:33,840
where, you know, this was always
a problem, right? 

232
00:13:33,840 --> 00:13:36,920
As I said, I was dealing with 
this 25 years ago as part of Sox

233
00:13:36,920 --> 00:13:41,960
controls to cycle NHI passwords 
and in those days, but before it

234
00:13:41,960 --> 00:13:44,920
was all about an internal issue,
right? 

235
00:13:44,920 --> 00:13:48,040
But with kind of the hyper 
fragmentation that we've now got

236
00:13:48,040 --> 00:13:52,240
in the environment with you 
know, the multi cloud kind of 

237
00:13:52,240 --> 00:13:56,960
environment, SAS integrations, 
containerization, micro 

238
00:13:56,960 --> 00:14:00,640
services, you know, API based 
interfaces. 

239
00:14:01,000 --> 00:14:04,000
And I guess now, you know, more 
growth we're going to see with 

240
00:14:04,040 --> 00:14:07,360
Gen. 
AII guess all these kind of non 

241
00:14:07,360 --> 00:14:11,480
human identities, they're much 
more easy to compromise and 

242
00:14:11,480 --> 00:14:14,520
discover. 
There's a great start by a 

243
00:14:15,680 --> 00:14:20,440
company that produced a report 
in 24 saying that there were 

244
00:14:20,440 --> 00:14:24,640
24,000,000 secrets found in 
public GitHub repos. 

245
00:14:25,880 --> 00:14:31,680
So look, people have not 
implemented good controls around

246
00:14:32,080 --> 00:14:36,920
managing NHIS or secrets. 
They're all over the place. 

247
00:14:37,200 --> 00:14:39,320
You know, we've got generally 
very weak controls around 

248
00:14:39,320 --> 00:14:43,720
managing the NHIS. 
So we're seeing, you know, a lot

249
00:14:43,720 --> 00:14:46,840
of issues, breaches that are 
occurring. 

250
00:14:47,360 --> 00:14:52,240
That group recently published a 
52 breach report to celebrate 

251
00:14:52,240 --> 00:14:54,160
our 52 weeks since we were 
formed. 

252
00:14:54,680 --> 00:14:58,080
And we're seeing breaches now 
occurring on a weekly basis 

253
00:14:58,480 --> 00:15:02,200
where threat actors are 
discovering these credentials in

254
00:15:02,760 --> 00:15:07,960
repos, API keys, tokens. 
And it's an easy way to get in, 

255
00:15:07,960 --> 00:15:09,760
right? 
They don't longer need to, you 

256
00:15:09,760 --> 00:15:12,240
know, kind of compromise a 
human's credentials. 

257
00:15:12,760 --> 00:15:15,720
They just can get access to 
these NHI identities. 

258
00:15:15,720 --> 00:15:18,640
And you're in, right? 
And given, you know, 

259
00:15:18,720 --> 00:15:23,680
environments are so distributed 
with cloud and SAS, we're much 

260
00:15:23,680 --> 00:15:26,760
more significantly exposed than 
we were, you know, many years 

261
00:15:26,760 --> 00:15:29,200
ago. 
So I think just the explosion 

262
00:15:29,200 --> 00:15:32,640
and you know, and the micro 
fragmentation that we've had in 

263
00:15:32,640 --> 00:15:37,360
the environment has just now 
caused this this huge problem. 

264
00:15:38,480 --> 00:15:44,160
Lalit, so feels like you come to
this with from the practitioner 

265
00:15:44,160 --> 00:15:47,600
perspective, and that's a big 
reason why Jeff and I wanted to 

266
00:15:47,600 --> 00:15:52,040
have you on this podcast because
we've got a lot of folks who 

267
00:15:52,040 --> 00:15:54,280
come on with kind of the vendor 
perspective. 

268
00:15:54,280 --> 00:15:59,800
And you know, this is, and no 
way to disparage what they do. 

269
00:15:59,800 --> 00:16:01,920
They're out there building 
solutions, right? 

270
00:16:02,240 --> 00:16:06,000
But overall we're I, we're 
hoping to get out of this 

271
00:16:06,000 --> 00:16:10,080
conversation as kind of a 
framework for the practitioner 

272
00:16:10,400 --> 00:16:15,720
to wrap their brain around this 
NHI problem and how they can 

273
00:16:15,720 --> 00:16:18,600
solve it, right? 
Where do they use their existing

274
00:16:18,600 --> 00:16:24,000
tool sets like IGA privilege, 
access management, single sign 

275
00:16:24,000 --> 00:16:28,080
on? 
Where do they need new tooling 

276
00:16:28,080 --> 00:16:32,720
or new approaches? 
And I'm going to start you with 

277
00:16:32,720 --> 00:16:37,480
a really simple question because
I, I kind of feel like we need 

278
00:16:37,480 --> 00:16:41,160
to define NHI and you made a 
statement earlier. 

279
00:16:41,160 --> 00:16:43,240
Some people might call it 
machine identities. 

280
00:16:44,120 --> 00:16:49,480
Is that, is that what it is? 
Is NHI equal machine identity? 

281
00:16:50,800 --> 00:16:54,520
Yeah, look, there is still a lot
of debate in the industry around

282
00:16:54,560 --> 00:17:00,840
what's the the official term for
this, this topic we're covering.

283
00:17:00,840 --> 00:17:04,640
Obviously you know, which camp 
I'm in, which is the non human 

284
00:17:04,640 --> 00:17:06,680
identity camp. 
You know, I guess our friends 

285
00:17:06,680 --> 00:17:10,560
are gonna, you know, talk about 
machine identity is kind of the 

286
00:17:10,720 --> 00:17:14,119
descent of the universe. 
And then under there they talk 

287
00:17:14,119 --> 00:17:18,400
about, you know, where workloads
and devices, where we started 

288
00:17:18,400 --> 00:17:22,480
non human and then talk about 
workloading devices under that. 

289
00:17:23,480 --> 00:17:27,760
Look, I think it's going to take
a while for things to settle on 

290
00:17:27,760 --> 00:17:30,600
what you know will be the common
term. 

291
00:17:30,600 --> 00:17:33,680
I think hopefully what may 
happen is that these become 

292
00:17:34,160 --> 00:17:38,080
interchangeable terms. 
You can to me non human machine 

293
00:17:38,080 --> 00:17:41,160
workload, it's all really the 
same thing. 

294
00:17:41,160 --> 00:17:44,880
And I think they can in some 
respects be used somewhat 

295
00:17:44,880 --> 00:17:47,680
interchangeably. 
But I guess to your question, 

296
00:17:47,680 --> 00:17:50,200
Jim, you know, what is a non 
human identity? 

297
00:17:50,200 --> 00:17:54,120
Look, it's a digital identity or
a credential that represents, 

298
00:17:54,280 --> 00:17:57,240
you know, a machine, an 
application, some automated 

299
00:17:57,240 --> 00:18:01,640
process or a service that's used
within your IT infrastructure 

300
00:18:01,640 --> 00:18:04,240
stack. 
And these non human identities 

301
00:18:04,240 --> 00:18:08,280
allow those machines and 
software workloads to securely 

302
00:18:08,280 --> 00:18:12,760
authenticate, you know, operate 
and perform tasks automatically,

303
00:18:12,760 --> 00:18:16,240
including kind of, you know, 
authenticating to other 

304
00:18:16,240 --> 00:18:19,440
machines, processes and services
without any kind of human 

305
00:18:19,960 --> 00:18:21,720
interaction. 
So that these are the 

306
00:18:22,120 --> 00:18:26,080
identities, the accounts they 
used to run all software, you 

307
00:18:26,080 --> 00:18:29,720
know, all around the world, you 
know, including IoT devices and 

308
00:18:30,320 --> 00:18:33,320
other devices, you know, in an 
automated way, right. 

309
00:18:33,320 --> 00:18:35,240
So it's what runs everything we 
do. 

310
00:18:36,360 --> 00:18:39,760
So they are pretty important 
from an identity standpoint. 

311
00:18:40,720 --> 00:18:45,920
So if you were back at Morgan 
Stanley or your advice for a 

312
00:18:45,920 --> 00:18:49,480
practitioner out there, right, 
they get stuck in a long 

313
00:18:49,480 --> 00:18:55,720
elevator ride with the CIO and 
he happened to hear about these 

314
00:18:55,720 --> 00:18:59,640
non human identities and like, 
hey, I'm in the elevator with 

315
00:18:59,640 --> 00:19:05,640
the identity guru. 
I'm going to ask Lala, what are 

316
00:19:05,640 --> 00:19:07,600
we doing about non human 
identities? 

317
00:19:07,760 --> 00:19:10,640
What's the right answer if 
you're a practitioner? 

318
00:19:10,640 --> 00:19:12,840
Like, how do you even think 
about that question? 

319
00:19:13,840 --> 00:19:16,640
Look, it's the we could talk for
hours on this. 

320
00:19:17,440 --> 00:19:21,160
Doing an elevator pitch on NHIS.
It's quite challenging. 

321
00:19:22,520 --> 00:19:26,360
You know, when we started an NHI
program at a more recent 

322
00:19:26,360 --> 00:19:30,880
investment bank, my CSO said to 
me that why can't we fix this in

323
00:19:31,200 --> 00:19:34,800
a year? 
And we then had an incident that

324
00:19:34,800 --> 00:19:38,040
occurred a little bit later, 
which I can talk about if we've 

325
00:19:38,040 --> 00:19:44,560
got time. 
But look, the real fundamental 

326
00:19:44,640 --> 00:19:51,000
issues at the moment with NHIS 
is there's so many of them out 

327
00:19:51,000 --> 00:19:54,600
there, right, that the stats 
that will quote NHIS are number 

328
00:19:54,600 --> 00:20:00,720
human identities 25 to 50 X. 
Some will even quote 100X and 

329
00:20:00,720 --> 00:20:03,280
these numbers will go up, you 
know, significantly more as 

330
00:20:03,280 --> 00:20:07,680
we've got identic AI coming in. 
But generally non human 

331
00:20:07,680 --> 00:20:11,960
identities are unmanaged, right?
They have very weak controls. 

332
00:20:12,400 --> 00:20:14,800
They're kind of the forgotten 
problem chart. 

333
00:20:14,800 --> 00:20:18,360
You know everyone focused on 
human controls and Pam and 

334
00:20:18,360 --> 00:20:23,320
protecting your barriers but 
managing non human identities 

335
00:20:23,320 --> 00:20:25,080
and the secrets that are 
associated with them. 

336
00:20:26,000 --> 00:20:29,440
Were typically not, you know, 
always an afterthought. 

337
00:20:29,920 --> 00:20:33,600
You know, focus was on just 
delivering software as quickly 

338
00:20:33,600 --> 00:20:36,800
as you can and security was an 
afterthought. 

339
00:20:37,240 --> 00:20:39,040
So you have a lot of issues, 
right? 

340
00:20:39,040 --> 00:20:42,880
With secret sprawl, you have a 
lot of weak control. 

341
00:20:42,880 --> 00:20:46,360
So look, some of the issues 
you're going to get with NHIS, 

342
00:20:46,400 --> 00:20:49,840
they're easy to discover. 
You'll find them hard coded in 

343
00:20:49,840 --> 00:20:53,200
source code repositories, 
Confluence, SharePoint, Slack 

344
00:20:53,200 --> 00:20:58,280
channels, you know, 
understanding how many you have,

345
00:20:58,920 --> 00:21:00,720
right. 
There have never really been any

346
00:21:00,880 --> 00:21:07,360
ways to kind of fully manage and
inventory, you know, NHIS that's

347
00:21:07,360 --> 00:21:09,560
very hard to do. 
You know, a lot of these 

348
00:21:09,560 --> 00:21:13,360
accounts are static in nature 
and that's kind of the core 

349
00:21:13,440 --> 00:21:17,520
issue with kind of NHIS. 
Whilst we can talk about what we

350
00:21:17,520 --> 00:21:20,560
can do more strategically and 
zero trust maybe later in the 

351
00:21:20,560 --> 00:21:24,960
discussion, the vast majority of
NHI stays static, right? 

352
00:21:24,960 --> 00:21:28,920
So they've been created, They 
have in most cases no ownership.

353
00:21:30,000 --> 00:21:32,880
They may have been created 1020,
thirty years ago. 

354
00:21:32,880 --> 00:21:35,800
People don't know what they are.
Are they still used? 

355
00:21:36,160 --> 00:21:40,880
We've worked to organizations 
where 5060% of the accounts that

356
00:21:40,880 --> 00:21:43,240
we've uncovered have not been 
used. 

357
00:21:43,720 --> 00:21:46,360
And clearly that increases the 
surface area of risk. 

358
00:21:46,960 --> 00:21:49,880
You know, you have humans that 
are using these accounts and 

359
00:21:49,880 --> 00:21:53,000
bypassing controls. 
We saw that when we turned on 

360
00:21:53,000 --> 00:21:57,320
Pam controls at a, at a bank, 
they said, look, we don't like 

361
00:21:57,320 --> 00:22:01,200
the Pam Corolla controls. 
So they started using NHIS as a 

362
00:22:01,200 --> 00:22:04,160
way to bypass, you know, entry 
to, to production. 

363
00:22:04,760 --> 00:22:07,120
You know, NHIS typically, right,
because they're running your 

364
00:22:07,120 --> 00:22:09,600
crown jewel apps, they're going 
to have high privileges. 

365
00:22:09,960 --> 00:22:13,240
So again, these are targets for 
both internal and external 

366
00:22:13,240 --> 00:22:16,040
threat actors. 
And there's many other issues 

367
00:22:16,040 --> 00:22:18,360
that you have, you know, with 
with NHI. 

368
00:22:18,360 --> 00:22:22,640
So unfortunately, you know, 
they've always had these issues.

369
00:22:22,640 --> 00:22:25,120
And now with all the hyper 
fragmentation that we've talked 

370
00:22:25,120 --> 00:22:29,280
about, the problems just kind of
exploded exponentially. 

371
00:22:30,320 --> 00:22:32,640
So look, it's a huge elephant in
the room. 

372
00:22:32,840 --> 00:22:36,800
I would say it's probably one of
the toughest challenges you'll 

373
00:22:36,800 --> 00:22:40,960
face in your career in terms of 
solving much, much complex than 

374
00:22:40,960 --> 00:22:44,480
solving kind of the human 
identity problem, which is much 

375
00:22:44,480 --> 00:22:47,960
more mature. 
And a lot of the tool sets to a 

376
00:22:47,960 --> 00:22:51,640
point you made earlier just 
aren't fit for purpose or at 

377
00:22:51,640 --> 00:22:54,520
least the traditional tool sets.
And we can talk about that if we

378
00:22:54,520 --> 00:22:58,400
want to dig deeper to to meet 
the requirements around sort of 

379
00:22:58,400 --> 00:23:02,360
NHI life cycle processes. 
OK. 

380
00:23:02,640 --> 00:23:04,080
I think we're on the 1st floor 
now. 

381
00:23:04,080 --> 00:23:07,120
They've come all the way down on
that elevator ride. 

382
00:23:08,760 --> 00:23:14,280
I kind of feel like the original
NHIS, at least that I dealt 

383
00:23:14,280 --> 00:23:16,320
with, were service accounts, 
right? 

384
00:23:16,320 --> 00:23:19,560
So you had these service 
accounts and I, I kind of feel 

385
00:23:19,560 --> 00:23:26,800
like the life cycle is not 
probably managed all that well 

386
00:23:27,160 --> 00:23:31,120
in a lot of organizations, But 
you know, privileged access 

387
00:23:31,120 --> 00:23:36,160
management can do a good job of 
discovering and rotating 

388
00:23:36,160 --> 00:23:39,920
passwords. 
It still doesn't have MFA, but 

389
00:23:40,800 --> 00:23:43,200
you know, privileged access 
management probably knocks out 

390
00:23:43,200 --> 00:23:44,480
some. 
We could probably use the 

391
00:23:44,480 --> 00:23:48,960
governance processes in IGA to a
certain extent. 

392
00:23:48,960 --> 00:23:51,720
I know there are some tools out 
there, but service accounts 

393
00:23:51,720 --> 00:23:53,560
isn't the whole ball game, 
right? 

394
00:23:53,880 --> 00:23:58,160
And and what you pointed out 
with like GitHub repos, you 

395
00:23:58,160 --> 00:24:02,200
could probably scan them and 
find these things like you could

396
00:24:02,200 --> 00:24:07,800
put controls around them with 
existing tools or maybe adding 

397
00:24:07,800 --> 00:24:11,320
to your portfolio some. 
But I kind of feel like we're 

398
00:24:11,400 --> 00:24:15,720
entering or we've entered this 
era now where there's this new 

399
00:24:15,720 --> 00:24:23,560
crop of non human identities, 
whether they are device specific

400
00:24:23,880 --> 00:24:27,880
or they are more or less like 
these ephemeral identities that 

401
00:24:27,880 --> 00:24:32,440
get created with like and 
infrastructure as a service type

402
00:24:32,440 --> 00:24:37,440
platform where it's not going to
create the identities to roll 

403
00:24:37,440 --> 00:24:41,080
out the cloud infrastructure 
that it needs and then 

404
00:24:41,520 --> 00:24:43,720
potentially deactivate those 
identities. 

405
00:24:43,720 --> 00:24:46,960
But you have to have your arms 
around it to some extent, right?

406
00:24:47,200 --> 00:24:49,320
And maybe it's not just those 
things. 

407
00:24:49,360 --> 00:24:56,200
I mean, you just take in, take 
the whole cloud into scope and 

408
00:24:56,480 --> 00:24:59,240
man, there's just tons of 
identities there. 

409
00:24:59,240 --> 00:25:03,920
And I wouldn't think that the 
traditional privilege access 

410
00:25:03,920 --> 00:25:08,200
management tooling is going to 
do a good job at that. 

411
00:25:08,200 --> 00:25:15,680
So one thing, So OK, so that's 
one thing, which is that I think

412
00:25:15,680 --> 00:25:18,600
there's all these new types of 
identities. 

413
00:25:19,440 --> 00:25:22,920
The other thing is, and this is 
what I've always kind of said, 

414
00:25:22,920 --> 00:25:28,040
would it be nice if we manage 
non human identities the same 

415
00:25:28,040 --> 00:25:32,040
way we manage humans, which is 
we have some source of record 

416
00:25:32,040 --> 00:25:35,720
like an HR system or something. 
That's where you start by 

417
00:25:35,720 --> 00:25:40,720
creating the identity there and 
then it gets provisioned, you 

418
00:25:40,720 --> 00:25:44,000
know, through automation, 
ideally to the point where you 

419
00:25:44,000 --> 00:25:46,200
wanted it. 
It can be checked on, the 

420
00:25:46,200 --> 00:25:49,440
password could be rotated. 
You no longer need it. 

421
00:25:49,440 --> 00:25:52,240
You're the source of record. 
Shut it off and it shuts it off 

422
00:25:52,240 --> 00:25:55,480
anywhere that's being used. 
But it's not really like that, 

423
00:25:55,480 --> 00:25:59,280
right? 
I mean, people spin up a server,

424
00:26:00,720 --> 00:26:04,600
they either manually or by 
automation create accounts to go

425
00:26:04,600 --> 00:26:08,600
and do those things, server or 
database or whatever they're 

426
00:26:08,600 --> 00:26:12,920
spinning up. 
So the approach to managing 

427
00:26:12,920 --> 00:26:18,640
these non human identities is 
not like linear where you start 

428
00:26:18,640 --> 00:26:23,320
the process here point A and 
then the end of end of life is 

429
00:26:23,640 --> 00:26:27,280
point Z. 
It's you're finding these things

430
00:26:27,520 --> 00:26:33,800
and then you have to wrap them 
up in layers of security 

431
00:26:33,800 --> 00:26:37,480
management so that they are more
secure. 

432
00:26:37,480 --> 00:26:41,760
And I don't think it goes from 
like not secure at all to 100% 

433
00:26:41,760 --> 00:26:45,120
secure. 
But to me, that's the the big 

434
00:26:45,120 --> 00:26:48,280
thing is that, hey, there's 
these new identities and they 

435
00:26:48,280 --> 00:26:53,800
are not easily managed and the 
tools you have today don't do a 

436
00:26:53,800 --> 00:26:57,000
good job of managing them. 
And that to me, that's like why 

437
00:26:57,000 --> 00:27:00,640
it's hot. 
It's like all of a sudden we're 

438
00:27:00,640 --> 00:27:04,880
inundated with all these places 
that are now creating identities

439
00:27:04,880 --> 00:27:09,960
and none of the tools that we 
have traditionally do a great 

440
00:27:09,960 --> 00:27:12,240
job at managing them. 
Did I get that right? 

441
00:27:13,040 --> 00:27:15,200
Yeah. 
Look, I think you've summarized 

442
00:27:15,200 --> 00:27:18,160
that very, very well. 
Look, even if you look at the 

443
00:27:18,160 --> 00:27:22,000
human space where you've got all
the cloud tools that are out 

444
00:27:22,000 --> 00:27:25,560
there, right, that have come 
along because sort of, you know,

445
00:27:26,120 --> 00:27:29,600
move beyond sort of the 
traditional IGA and Pam even for

446
00:27:29,600 --> 00:27:34,120
just kind of the human use case,
but with kind of non human 

447
00:27:34,120 --> 00:27:36,560
identities. 
You know, there isn't a single 

448
00:27:36,560 --> 00:27:39,720
source of truth like you might 
have with human identities. 

449
00:27:40,160 --> 00:27:42,280
You know, there's going to be 
many places where they get 

450
00:27:42,400 --> 00:27:46,440
provisioned, you know, in the 
cloud on your, you know, on Prem

451
00:27:46,440 --> 00:27:49,520
environment, you can have a lot 
of local accounts, maybe on 

452
00:27:49,520 --> 00:27:53,080
legacy databases, Active 
Directory, you're going to have 

453
00:27:53,080 --> 00:27:57,000
many, you know, ID PS Right. 
So there's going to be like, you

454
00:27:57,000 --> 00:27:59,920
know, 10s of places where a 
typical organization is going to

455
00:27:59,920 --> 00:28:03,200
have these NHIS kind of 
provisioned. 

456
00:28:03,680 --> 00:28:05,880
But generally they get 
provisioned. 

457
00:28:05,960 --> 00:28:10,240
You know, they typically come if
they're static with some keys 

458
00:28:10,240 --> 00:28:13,240
and passwords. 
They get shared around, you 

459
00:28:13,240 --> 00:28:16,040
know, maybe in an e-mail or in 
some other communication 

460
00:28:16,440 --> 00:28:18,800
channel, in a ticket to the 
requester. 

461
00:28:19,880 --> 00:28:22,320
So there you go. 
You know, problem one already, 

462
00:28:22,320 --> 00:28:24,360
right? 
The credentials are known by 

463
00:28:24,360 --> 00:28:27,120
humans. 
And then they'll, you know, 

464
00:28:27,120 --> 00:28:29,680
they'll take the easy route. 
They'll just put them into 

465
00:28:30,080 --> 00:28:32,560
source code, hard code, the 
credentials. 

466
00:28:32,880 --> 00:28:35,800
So you've got all the challenges
around, you know, vaulting, 

467
00:28:36,160 --> 00:28:40,320
removing hard coded credentials.
Look, so yes, a Pam solution can

468
00:28:40,320 --> 00:28:43,920
help with some of that, but a 
Pam solution isn't really going 

469
00:28:43,920 --> 00:28:46,280
to solve your whole inventory 
problem. 

470
00:28:46,280 --> 00:28:50,840
And discovering all these 
identities that are out there, 

471
00:28:52,040 --> 00:28:54,960
you know, once you've discovered
them, you need to understand 

472
00:28:54,960 --> 00:28:58,960
who's the owner, what's the 
level of permissions, how broad 

473
00:28:58,960 --> 00:29:02,560
is the access right? 
And classify them, you know, and

474
00:29:02,560 --> 00:29:05,680
then you can start doing things 
like posture management, you 

475
00:29:05,680 --> 00:29:09,120
know, have they got excessive 
permissions, misconfigurations, 

476
00:29:09,560 --> 00:29:11,960
what's inactive, you know, 
what's shared. 

477
00:29:12,440 --> 00:29:16,640
And clearly, you know, with, you
know, the growth in cloud, the 

478
00:29:16,640 --> 00:29:20,520
number of privileges that you 
can get in the cloud, just kind 

479
00:29:20,520 --> 00:29:23,600
of a crazy rather 10s of 
thousands of difference of 

480
00:29:23,600 --> 00:29:26,920
combinations. 
So people take the easy path out

481
00:29:26,920 --> 00:29:28,920
and say, look, rather than 
following least privileged 

482
00:29:28,920 --> 00:29:32,200
principles, let's just go with, 
you know, an Uber kind of 

483
00:29:32,200 --> 00:29:34,640
privilege. 
So you see a lot of, I think the

484
00:29:34,640 --> 00:29:38,400
clouds kind of encouraged kind 
of more excessive privileges to,

485
00:29:38,400 --> 00:29:41,520
to these identities. 
So you've got, you know, them 

486
00:29:41,520 --> 00:29:43,000
all out there. 
And you, you talked about 

487
00:29:43,000 --> 00:29:45,120
scanning. 
You know, that's another area 

488
00:29:45,120 --> 00:29:48,120
that traditional tools would not
have done right is to scan and 

489
00:29:48,120 --> 00:29:52,440
look for these credentials in 
source code, in repos and other 

490
00:29:52,480 --> 00:29:55,920
places. 
And then, you know, the big task

491
00:29:55,920 --> 00:29:58,160
is once you've found all the 
things, yes, you can do some 

492
00:29:58,160 --> 00:30:01,920
hygiene, some clean up, but 
you're then going to secure the,

493
00:30:01,920 --> 00:30:04,800
the, the secrets if they're hard
coded. 

494
00:30:05,240 --> 00:30:09,480
You know, had a previous org 
that I wrapped up last year, you

495
00:30:09,480 --> 00:30:13,960
know, we had to secure over 
100,000 NHIS that we were 

496
00:30:15,160 --> 00:30:18,440
uncovered in source code. 
And our initial scan that we did

497
00:30:18,440 --> 00:30:23,520
found over a million potential 
hard coded secrets passwords. 

498
00:30:24,200 --> 00:30:27,160
So you can see the size of the 
problem and then to make those 

499
00:30:27,160 --> 00:30:31,240
changes, move those credentials 
into a vault, you know, the 

500
00:30:31,240 --> 00:30:34,400
amount of changes you need to 
make to your code to remove 

501
00:30:34,400 --> 00:30:37,000
those credentials, the 
operational risk. 

502
00:30:37,480 --> 00:30:41,160
And then you talk to him about 
cycling right and rotating these

503
00:30:41,160 --> 00:30:45,760
credentials 1 is securing them. 
But reality is people still know

504
00:30:45,760 --> 00:30:49,040
the, the, the, the passwords, 
the secrets. 

505
00:30:49,440 --> 00:30:53,000
And as people leave, you know, 
and then with Cloud API keys, 

506
00:30:53,560 --> 00:30:56,280
you know, you can take that 
information with you, right, to 

507
00:30:56,280 --> 00:31:00,000
another organization or 
compromise those accounts, you 

508
00:31:00,000 --> 00:31:02,080
know, even if you've left an 
organization. 

509
00:31:02,400 --> 00:31:05,080
So rotation becomes something 
that you need to do. 

510
00:31:05,560 --> 00:31:07,880
And whenever there's a breach, 
right, the first thing is rotate

511
00:31:07,880 --> 00:31:11,640
your keys. 
But again, you know how those 

512
00:31:11,640 --> 00:31:15,240
credentials used in many places 
in your code, How do you know 

513
00:31:15,240 --> 00:31:18,680
when you rotate? 
You know that all the code, you 

514
00:31:18,680 --> 00:31:23,440
know, is using the same, you 
know, vault solution to source 

515
00:31:23,440 --> 00:31:24,960
their password. 
If you miss one of those 

516
00:31:24,960 --> 00:31:29,040
dependencies out, you could end 
up causing operational impact. 

517
00:31:29,040 --> 00:31:32,240
And we've seen that so much have
many orbs where you didn't 

518
00:31:32,240 --> 00:31:35,680
realize a credential was, you 
know, used. 

519
00:31:36,000 --> 00:31:39,520
You missed a piece of code or 
you found, oh, some other app 

520
00:31:39,720 --> 00:31:42,600
you've given the credential to, 
you know, like to another team 

521
00:31:42,920 --> 00:31:44,440
that needed to connect to your 
database. 

522
00:31:44,440 --> 00:31:47,560
You give them the password and 
they're using it as well. 

523
00:31:48,000 --> 00:31:51,520
So there's a lot of legacy 
that's been created and that's 

524
00:31:51,520 --> 00:31:55,960
why a traditional IGA or a Pam 
tool is not going to solve these

525
00:31:55,960 --> 00:31:58,000
problems. 
That's why you've got a new crop

526
00:31:58,000 --> 00:32:02,560
of pure NHI products that have 
come into the market. 

527
00:32:03,040 --> 00:32:05,840
And then also now we're seeing a
lot of movement with the 

528
00:32:05,840 --> 00:32:09,720
traditional IGA and Pam players 
that are now investing 

529
00:32:09,720 --> 00:32:14,080
significant sums to build, you 
know, NHI capabilities. 

530
00:32:14,080 --> 00:32:20,360
So it's definitely the existing 
tool sets just could not support

531
00:32:20,360 --> 00:32:23,040
these use cases. 
It's much, much more complex 

532
00:32:23,600 --> 00:32:27,320
then what we talk about for 
humans, you know, and then 

533
00:32:27,320 --> 00:32:30,400
you've got to think about 
monitoring, you know, if someone

534
00:32:30,400 --> 00:32:36,080
inappropriately using your, your
NHIS coming from some unknown IP

535
00:32:36,080 --> 00:32:37,920
addresses that are human using 
them. 

536
00:32:38,640 --> 00:32:40,720
And then they are already being 
compromised. 

537
00:32:41,600 --> 00:32:44,160
And then you get into the, you 
know, what's the target state, 

538
00:32:44,160 --> 00:32:47,800
right, which is kind of 
ephemeral just in time zero 

539
00:32:47,800 --> 00:32:50,800
trust. 
You know, our previous org, we 

540
00:32:50,800 --> 00:32:52,760
also implemented prevent 
controls. 

541
00:32:52,760 --> 00:32:55,880
When you check in your code, 
we're actually looking runtime 

542
00:32:55,880 --> 00:33:00,040
to see, have you checked in an 
API key or a password to an NHI 

543
00:33:00,040 --> 00:33:02,720
credential? 
And we actually block the check 

544
00:33:02,720 --> 00:33:04,800
it. 
So if you look at the overall 

545
00:33:04,800 --> 00:33:07,920
life cycle, we've published one 
of these on our portal. 

546
00:33:08,560 --> 00:33:13,040
It's a huge, huge problem to 
solve if you want to try and 

547
00:33:13,040 --> 00:33:16,040
tackle the whole thing 
holistically from a life cycle 

548
00:33:16,040 --> 00:33:18,280
standpoint. 
So from an organizational 

549
00:33:18,280 --> 00:33:22,560
standpoint, I think you're going
to take a balance, which is try 

550
00:33:22,560 --> 00:33:24,480
and do some things more 
strategically. 

551
00:33:24,720 --> 00:33:29,560
You know, do kind of dynamic 
ephemeral secrets with your 

552
00:33:29,560 --> 00:33:31,880
workloads. 
You know, more of a zero trust 

553
00:33:31,880 --> 00:33:35,680
model, maybe with your Genentech
staff or your grand duels as you

554
00:33:35,680 --> 00:33:38,320
re engineer. 
But you've also got to deal with

555
00:33:38,320 --> 00:33:41,920
your existing kind of state 
that's out there, which is 

556
00:33:41,920 --> 00:33:44,880
static in nature, and you've got
to get that under control. 

557
00:33:44,880 --> 00:33:47,240
So you're going to have to 
always think of a hybrid 

558
00:33:47,240 --> 00:33:50,720
approach to dealing with the NHI
problem, you know, a lot of 

559
00:33:50,720 --> 00:33:55,200
legacy and figure out how you 
kind of strategically kind of 

560
00:33:55,200 --> 00:33:57,240
stop the bleeding, you know, 
over time as well. 

561
00:33:58,360 --> 00:34:00,640
So listening to a couple of 
points. 

562
00:34:01,680 --> 00:34:03,880
It certainly did, but it opens 
up some questions for me because

563
00:34:03,880 --> 00:34:06,440
I'm listening to the two of you 
talk here and now I'm wondering,

564
00:34:07,360 --> 00:34:11,280
you know, whose fault is this? 
Where does the blame lie? 

565
00:34:11,280 --> 00:34:14,639
Because I feel like this is 
where privileged access 

566
00:34:14,639 --> 00:34:18,000
management was supposed to have 
been the solution for this. 

567
00:34:18,000 --> 00:34:20,920
We've been sold this bill of 
goods by Pam vendors for decades

568
00:34:20,920 --> 00:34:24,440
that hey, this is where you go 
to manage your non human 

569
00:34:24,440 --> 00:34:25,719
identities. 
We didn't call it that. 

570
00:34:25,719 --> 00:34:28,159
We called IT service accounts. 
We called it keys, right, All 

571
00:34:28,159 --> 00:34:31,840
that kind of stuff. 
But listening to the two of you 

572
00:34:31,840 --> 00:34:35,159
makes me feel like, OK, well, 
OK, what do you mean? 

573
00:34:35,159 --> 00:34:37,440
I thought Pam was supposed to do
that and it's not doing it. 

574
00:34:37,440 --> 00:34:40,040
And that has opened up the door 
for these new vendors to come in

575
00:34:40,040 --> 00:34:45,239
and specialize in this version 
of Pam 2 point O or three-point 

576
00:34:45,239 --> 00:34:46,360
O or whatever you want to call 
it. 

577
00:34:46,360 --> 00:34:50,280
But I almost have a feeling of a
little bit of remorse here. 

578
00:34:50,280 --> 00:34:53,040
It's like, all right, well, Pam 
was supposed to do this. 

579
00:34:53,199 --> 00:34:55,560
Why isn't it doing it? 
And I don't know if that's a 

580
00:34:55,560 --> 00:34:58,720
fair assessment based on the 
conversation so far or just kind

581
00:34:58,720 --> 00:35:01,080
of my my experience with Pam 
solutions, but I'm curious. 

582
00:35:01,080 --> 00:35:03,840
I'll like to see. 
Look, I think it's different. 

583
00:35:04,880 --> 00:35:07,000
Sorry to interrupt. 
No, please go ahead. 

584
00:35:07,360 --> 00:35:14,200
Look, I think, well, if I if you
asked me did was Pam designed to

585
00:35:14,200 --> 00:35:20,040
solve NHI, I would say partly. 
Like my background in dealing 

586
00:35:20,040 --> 00:35:24,240
with Pam was really driven from 
kind of a human standpoint where

587
00:35:24,240 --> 00:35:28,240
you had like core admin 
accounts, ROU accounts, service 

588
00:35:28,240 --> 00:35:32,240
accounts, right, that I needed 
to operate, you know, your your 

589
00:35:32,240 --> 00:35:36,200
infrastructure, your software, 
you know, So the definition we 

590
00:35:36,640 --> 00:35:43,720
gave on NHIS, but usually the 
Pam element there was around 

591
00:35:43,720 --> 00:35:47,480
humans and controlling people 
that needed to elevate their 

592
00:35:47,480 --> 00:35:52,440
privileges, right to impersonate
pseudo become that account, you 

593
00:35:52,440 --> 00:35:55,800
know, to maybe deploy the 
software or maybe when there's a

594
00:35:55,800 --> 00:35:59,600
support issue, go in and, you 
know, become that account so 

595
00:35:59,600 --> 00:36:01,640
they could then deal with 
support issues. 

596
00:36:02,720 --> 00:36:06,880
So yes, it was there to protect 
kind of your keys to your 

597
00:36:06,880 --> 00:36:09,800
Kingdom, like your most 
privileged accounts. 

598
00:36:10,160 --> 00:36:13,560
But I think non human identities
are much, much poorer than just 

599
00:36:13,760 --> 00:36:16,280
Pam, right. 
I think you know, like, you 

600
00:36:16,280 --> 00:36:18,920
know, if an application's got an
account that it uses to connect 

601
00:36:18,920 --> 00:36:22,400
to a database, is that a 
privileged account that's really

602
00:36:22,400 --> 00:36:26,800
just an account that that 
process needs to operate and 

603
00:36:26,800 --> 00:36:32,000
communicate with other services.
Yes, it has privileges, but is 

604
00:36:32,000 --> 00:36:35,440
it a privileged account like in 
the traditional Pam sense? 

605
00:36:35,440 --> 00:36:39,560
I'm not sure it is. 
But yes, the the the the idea of

606
00:36:39,560 --> 00:36:44,600
what Pam tools did, you could 
argue could cater for some of 

607
00:36:44,600 --> 00:36:46,720
the life cycle processes for an 
NHI. 

608
00:36:47,160 --> 00:36:51,520
But you know, again, like take a
vote like Hashi, all they do is 

609
00:36:52,040 --> 00:36:54,320
capture the secrets, right? 
They don't deal with the life 

610
00:36:54,320 --> 00:36:57,040
cycle processes. 
They don't natively deal with 

611
00:36:57,040 --> 00:37:01,240
cycling or scanning or inventory
or ownership. 

612
00:37:02,280 --> 00:37:06,000
So many of these existing tool 
sets only deal with a really 

613
00:37:06,000 --> 00:37:10,280
small part of the overall life 
cycle of Nhis. 

614
00:37:11,680 --> 00:37:14,400
Yeah. 
And I think that's go ahead, 

615
00:37:14,400 --> 00:37:15,400
Jeff. 
I say. 

616
00:37:15,400 --> 00:37:19,920
So I think the the important 
distinction here then is the 

617
00:37:19,920 --> 00:37:24,040
first word of Pam privileged, 
Does privilege connotate non 

618
00:37:24,040 --> 00:37:26,440
human identity? 
And then does non human identity

619
00:37:27,000 --> 00:37:28,880
equate to privileged? 
Right. 

620
00:37:28,880 --> 00:37:31,120
I think that's kind of what I 
got from your answer was not 

621
00:37:31,120 --> 00:37:35,960
every, not everything is equal. 
You can have a non privileged 

622
00:37:35,960 --> 00:37:39,840
non human identity. 
I'm kind of thinking about what 

623
00:37:39,840 --> 00:37:41,840
maybe you can give me an example
of what that might look like. 

624
00:37:41,840 --> 00:37:44,440
Because if I think of non human 
identity, I'm thinking of 

625
00:37:45,040 --> 00:37:46,680
something that's sitting behind 
the scenes. 

626
00:37:46,680 --> 00:37:49,360
It's a service account, it's a 
script, it's an API. 

627
00:37:49,360 --> 00:37:53,160
It's, you know, some sort of 
thing that is accessing a data 

628
00:37:53,160 --> 00:37:56,320
or a resource. 
And you know, I guess maybe it's

629
00:37:56,320 --> 00:37:59,440
like what the cafeteria menu or 
or something like that. 

630
00:37:59,440 --> 00:38:03,240
I don't know what would be an 
example of a non human identity 

631
00:38:03,240 --> 00:38:08,160
that is not privileged. 
Well, I think every non human 

632
00:38:08,160 --> 00:38:12,800
identity will have privileges, 
you know, permissions, you know,

633
00:38:12,800 --> 00:38:16,440
to whatever identity it needs to
operate. 

634
00:38:17,680 --> 00:38:21,040
But I guess the privilege when I
when I think of the Pam, it's 

635
00:38:21,040 --> 00:38:24,200
really, you know, where you're 
trying to elevate and you know, 

636
00:38:24,400 --> 00:38:28,440
get sort of higher privileges 
and what you had today as a 

637
00:38:28,440 --> 00:38:33,320
human right to perform some 
elevated role from your basic 

638
00:38:33,320 --> 00:38:35,560
credentials as you know, a human
identity. 

639
00:38:36,040 --> 00:38:40,600
So I, my always view of Pam was 
around how you elevated, you 

640
00:38:40,600 --> 00:38:45,000
know, the human use case to, to,
to, to get access to those non 

641
00:38:45,000 --> 00:38:50,200
human identities versus Pam 
being the, the, the thing that 

642
00:38:50,320 --> 00:38:53,240
managed everything, every NHI 
that's out there. 

643
00:38:53,600 --> 00:38:56,840
I'm not sure I've quite answered
your question. 

644
00:38:57,440 --> 00:39:00,560
Well, I like how this I like how
this conversation is going, 

645
00:39:00,560 --> 00:39:06,360
because I think we've as least 
privileged people as identity 

646
00:39:06,360 --> 00:39:11,520
people, lifers, if you will, we 
want everything to be done 

647
00:39:11,560 --> 00:39:17,040
great, But we know that the 
reality is that we have to take 

648
00:39:17,040 --> 00:39:18,920
some kind of a risk based 
approach. 

649
00:39:19,320 --> 00:39:21,680
And so it's all about setting 
priorities. 

650
00:39:22,200 --> 00:39:25,400
I was going to ask the question 
a more, you know, from the 

651
00:39:25,400 --> 00:39:29,760
beginning, like a huge elephant.
I mean, when you talk about non 

652
00:39:29,760 --> 00:39:34,320
human identities and you talk 
about the the pure scale, even 

653
00:39:34,320 --> 00:39:37,920
in like a small to mid sized 
organization, we talk about a 

654
00:39:37,920 --> 00:39:40,520
large enterprise. 
You could be talking about 

655
00:39:40,520 --> 00:39:43,880
literally millions of 
identities. 

656
00:39:45,200 --> 00:39:47,000
How do you wrap your arms around
that? 

657
00:39:47,000 --> 00:39:50,760
Where do you start? 
And I think it's got to be based

658
00:39:50,760 --> 00:39:54,640
on risk you got to look for. 
And so when we talk about 

659
00:39:54,640 --> 00:39:57,720
privilege, I mean, of course, 
like every account has some 

660
00:39:57,720 --> 00:40:02,040
privileges, but we've got to go 
for those ones where it's like, 

661
00:40:02,120 --> 00:40:05,560
oh, that's. 
That's one or maybe it's the 

662
00:40:05,560 --> 00:40:09,760
type of an account where like, 
hey, if these got compromised in

663
00:40:10,600 --> 00:40:15,160
our Active Directory, what? 
And like, I'm sure there's some 

664
00:40:15,160 --> 00:40:18,720
people out there scoffing at the
Active Directory, but normally 

665
00:40:18,720 --> 00:40:22,480
when companies get completely 
ransomware and completely shut 

666
00:40:22,480 --> 00:40:26,840
down, it's because the hackers 
got the Active Directory. 

667
00:40:27,040 --> 00:40:30,360
They have control of the Active 
Directory and they can basically

668
00:40:30,360 --> 00:40:33,800
turn off your business and make 
it so you, you know, your e-mail

669
00:40:33,800 --> 00:40:37,880
doesn't work, People can't log 
into their laptops, can't get to

670
00:40:37,880 --> 00:40:40,200
their files. 
I'm sorry, that's lights out. 

671
00:40:40,560 --> 00:40:45,040
And so whether or not you like 
Active Directory, hear me out. 

672
00:40:46,440 --> 00:40:50,600
Those kind of accounts have got 
to be like at the, the top of 

673
00:40:50,600 --> 00:40:53,080
your pecking order. 
And then I think it would be 

674
00:40:53,600 --> 00:40:57,920
applications that are, you know,
the quarter of your business. 

675
00:40:58,360 --> 00:41:03,040
So do you agree that like that's
how you go about prioritizing? 

676
00:41:03,240 --> 00:41:09,800
And I'm, I'm assume whether you 
agree or disagree, how do you 

677
00:41:09,800 --> 00:41:15,160
then choose your technology 
stack to solve that? 

678
00:41:15,160 --> 00:41:21,120
Because to your point earlier 
about Hashi, great, great vault 

679
00:41:21,240 --> 00:41:25,640
technology and maybe that, you 
know, you say I'm going to take 

680
00:41:25,640 --> 00:41:28,760
on risk #1 and that's what I 
need. 

681
00:41:29,400 --> 00:41:33,120
But then you can't be doing that
evaluation each time you go. 

682
00:41:33,120 --> 00:41:38,760
Like what is your technology 
approach to make sure that you 

683
00:41:38,760 --> 00:41:43,080
have the right number and the 
right strategic alignment of 

684
00:41:43,080 --> 00:41:48,120
technologies in your portfolio 
so that you can manage your NHI 

685
00:41:48,280 --> 00:41:50,440
problem? 
Hey, look, it's a great 

686
00:41:50,440 --> 00:41:52,720
question. 
I get to ask this a lot and I 

687
00:41:52,720 --> 00:41:57,240
recently talked about this at 
AIC and next week I'll be doing 

688
00:41:57,240 --> 00:42:01,560
a seminar talk at Identiverse, A
practitioner's guide to NHIS. 

689
00:42:02,120 --> 00:42:07,480
So look, when I ran my last NHI 
programme at a large investment 

690
00:42:07,480 --> 00:42:11,520
bank, you know, we took took 
step back first and took a 

691
00:42:11,520 --> 00:42:15,160
holistic approach and clearly 
our mantra was you're going to 

692
00:42:15,160 --> 00:42:17,880
take your risk based approach. 
You can't tackle the elephant in

693
00:42:17,880 --> 00:42:20,520
the room. 
So some of the things Jim you've

694
00:42:20,520 --> 00:42:23,640
talked about you have to look at
where are your clearly your 

695
00:42:23,640 --> 00:42:26,280
highest risks. 
So you have to go after your 

696
00:42:26,280 --> 00:42:28,800
most privileged, you know, 
accounts like your admin 

697
00:42:28,800 --> 00:42:32,840
accounts, your domain 
controllers, you know, etcetera,

698
00:42:33,200 --> 00:42:36,800
your root accounts on servers, 
databases. 

699
00:42:38,080 --> 00:42:40,080
And you know, the other thing 
you're going to need to do is 

700
00:42:40,080 --> 00:42:44,360
look at what controls you have 
around those accounts per 

701
00:42:44,360 --> 00:42:47,800
platform. 
Now, you may have interactive 

702
00:42:47,800 --> 00:42:51,400
logins enabled on your Windows 
service accounts, which we all 

703
00:42:51,400 --> 00:42:53,560
know is really, really bad, 
right? 

704
00:42:54,000 --> 00:42:58,360
So you can then interactively 
get in and start to become that 

705
00:42:58,360 --> 00:42:59,800
account, sort of. 
There's lots. 

706
00:42:59,800 --> 00:43:03,640
You do first need to understand 
what your control maturity looks

707
00:43:03,640 --> 00:43:04,920
like. 
You know, where do you have 

708
00:43:04,920 --> 00:43:09,480
strong controls or processes? 
And maybe you know, your Linux 

709
00:43:09,480 --> 00:43:12,240
state might be very well secure 
because you don't have 

710
00:43:12,240 --> 00:43:15,160
interactive logins. 
No one knows the password for 

711
00:43:15,160 --> 00:43:18,040
any of the counts, but your 
Windows ADS, right, where 

712
00:43:18,040 --> 00:43:20,840
everybody knows the passwords 
and never cycled and they're 

713
00:43:20,840 --> 00:43:23,080
interactive, right? 
So you know, you need to 

714
00:43:23,080 --> 00:43:27,240
understand kind of your control 
levels across your tech stack. 

715
00:43:27,640 --> 00:43:31,080
You clearly need to go for your 
highest risk accounts, right? 

716
00:43:31,360 --> 00:43:34,280
You need to look at things like 
lateral movement, right? 

717
00:43:34,280 --> 00:43:37,040
Because typically folks will 
first find some non prod 

718
00:43:37,040 --> 00:43:39,320
environment and then laterally 
move. 

719
00:43:39,680 --> 00:43:42,120
You know, we see a lot of 
service accounts that don't have

720
00:43:42,120 --> 00:43:46,480
environment segregation and that
applies to any NHIS where the 

721
00:43:46,480 --> 00:43:49,800
same account has access to prod 
and non prod. 

722
00:43:50,600 --> 00:43:52,880
So once you're in, you can 
laterally move. 

723
00:43:53,760 --> 00:43:57,720
So you really need to understand
all your controls and then come 

724
00:43:57,720 --> 00:44:00,680
up with more of a holistic 
approach of how you're going to,

725
00:44:01,160 --> 00:44:04,160
you know, go for, you know, the 
areas that have got the biggest 

726
00:44:04,160 --> 00:44:07,520
risk exposures. 
Like at a previous org, we felt 

727
00:44:07,520 --> 00:44:10,840
the database estate was our 
biggest risk, right? 

728
00:44:10,840 --> 00:44:13,760
Because you can't turn off 
interactive logins there. 

729
00:44:14,120 --> 00:44:16,440
As long as you know the 
credential, the password, you 

730
00:44:16,440 --> 00:44:20,280
can log in and you know, you 
know, you can do anything once 

731
00:44:20,280 --> 00:44:22,520
you're once you're in. 
And then there's a lack of 

732
00:44:22,680 --> 00:44:26,760
monitoring of what you're doing.
The other thing I think is 

733
00:44:26,760 --> 00:44:30,080
really important that people 
forget is you've got to really 

734
00:44:30,240 --> 00:44:32,960
look at this top town from a 
management standpoint. 

735
00:44:33,360 --> 00:44:37,760
Look at kind of your policies, 
your standards, your controls, 

736
00:44:38,200 --> 00:44:41,720
and make sure you educate folks.
And look, you may not have all 

737
00:44:41,720 --> 00:44:44,960
the best tech stack out there. 
You may not even have a vault, 

738
00:44:44,960 --> 00:44:47,600
you may not have scanning in 
place, but you need to let 

739
00:44:47,600 --> 00:44:51,200
people know. 
Look, security first development

740
00:44:51,200 --> 00:44:53,320
is the way to go, right? 
They have SEC OPS. 

741
00:44:53,720 --> 00:44:57,560
And while some of the automation
through your CICD pipelines and 

742
00:44:57,560 --> 00:45:01,040
integration to your vaults and 
other controls may come over 

743
00:45:01,040 --> 00:45:04,040
time, they need to know that 
this stuff is unacceptable, 

744
00:45:04,040 --> 00:45:06,240
right? 
So we're checking in hard coded 

745
00:45:06,240 --> 00:45:10,200
credentials into source code. 
And you know, they need to 

746
00:45:10,200 --> 00:45:13,040
realise that our previous org, 
you know, we basically said to 

747
00:45:13,040 --> 00:45:17,360
folks, if you continue to repeat
the mistakes of the past, you 

748
00:45:17,360 --> 00:45:20,640
know, you will be disciplined 
and even, you know, lose your 

749
00:45:20,640 --> 00:45:23,840
job. 
So we had those things top down.

750
00:45:23,840 --> 00:45:27,080
Education training is really, 
really important. 

751
00:45:27,080 --> 00:45:29,720
And then it's about defining 
controls. 

752
00:45:29,720 --> 00:45:32,080
Like what is the bar that people
need to adhere to? 

753
00:45:32,840 --> 00:45:36,640
You know, it was shocking. 
At a previous org, there was no 

754
00:45:36,640 --> 00:45:39,080
requirement to cycle passwords 
for NHIS. 

755
00:45:39,080 --> 00:45:42,440
As long as the password was 15 
characters in length and 

756
00:45:42,440 --> 00:45:45,440
complex, that was it. 
No requirement to cycle. 

757
00:45:45,960 --> 00:45:48,680
And a regulator comes in and 
says, do you cycle passwords? 

758
00:45:48,680 --> 00:45:53,000
No bang, huge regulatory point. 
So you have to start with the 

759
00:45:53,000 --> 00:45:56,000
basics and to a point, Jim, you 
made earlier, a lot of the 

760
00:45:56,000 --> 00:46:01,880
controls are very similar from a
human standpoint as well around,

761
00:46:02,120 --> 00:46:04,680
you know, the life cycle 
processes, what is the way you 

762
00:46:04,680 --> 00:46:06,760
provision? 
How do you deal with the 

763
00:46:06,800 --> 00:46:10,800
provisioning? 
So always focus on the basics. 

764
00:46:10,800 --> 00:46:14,720
Make sure you've got the basic 
control processes in place and 

765
00:46:14,720 --> 00:46:19,200
then people process technology. 
Continue to mature out your 

766
00:46:19,200 --> 00:46:22,800
processes and then continue to 
mature out your tech stack. 

767
00:46:22,800 --> 00:46:25,280
And it may mean then you buy a 
solution and it may mean you 

768
00:46:25,280 --> 00:46:30,000
supplement your existing IGA 
products and Pam products or do 

769
00:46:30,000 --> 00:46:32,960
something in the middle, right? 
It really depends where you are 

770
00:46:32,960 --> 00:46:36,680
in your organization and the 
complexity of your environment. 

771
00:46:38,280 --> 00:46:40,680
So, you know, I think with 
anything, it's just start with 

772
00:46:40,680 --> 00:46:43,120
the basics first, right? 
The fundamentals. 

773
00:46:44,240 --> 00:46:46,680
I love the idea of the basics 
because it gets overlooked so 

774
00:46:46,680 --> 00:46:48,560
often. 
And it's, you know, the 

775
00:46:48,560 --> 00:46:51,120
fundamentals need to be there. 
You want to build on a solid 

776
00:46:51,120 --> 00:46:53,920
foundation. 
And if you skip that step, 

777
00:46:53,920 --> 00:46:56,200
you're probably going to have a 
bad time down the road. 

778
00:46:56,560 --> 00:46:58,640
And you can't just buy a product
and say, well, this is going to 

779
00:46:58,640 --> 00:47:01,280
solve my problems. 
You know, there's a lot of, you 

780
00:47:01,280 --> 00:47:03,920
know, governance and the people 
in the process that go along 

781
00:47:03,920 --> 00:47:06,280
with that to actually address 
the issue. 

782
00:47:07,200 --> 00:47:08,440
I mean, I'll give you a great 
example. 

783
00:47:08,440 --> 00:47:10,120
Hashi, right? 
We used some of the previous 

784
00:47:10,120 --> 00:47:13,520
organization. 
Yes, you can put passwords into 

785
00:47:13,520 --> 00:47:17,320
a vault for service account and 
any other kind of NHIS, right? 

786
00:47:17,320 --> 00:47:20,200
But if you don't think about 
when you onboard that to the 

787
00:47:20,200 --> 00:47:23,440
vault, if you don't set up the 
right metadata, what is the 

788
00:47:23,440 --> 00:47:25,920
account name? 
Where is it used? 

789
00:47:25,920 --> 00:47:29,360
What database or server is it 
used on? 

790
00:47:29,720 --> 00:47:31,920
If you don't provide that 
metadata, I mean just Chuck in 

791
00:47:31,920 --> 00:47:36,760
the password and give it A tag 
like password 1, password 2 when

792
00:47:36,760 --> 00:47:38,240
you don't need to move on to 
cycling. 

793
00:47:38,240 --> 00:47:41,720
Oh, I've got something in a 
vault, you know, I know the 

794
00:47:41,720 --> 00:47:44,760
password, but I've got no idea 
what it is that it's actually a 

795
00:47:44,760 --> 00:47:47,760
database account on server XYZ, 
right? 

796
00:47:47,760 --> 00:47:50,920
So again, you've really got to 
plan this stuff end to end. 

797
00:47:50,920 --> 00:47:53,560
And maybe some of this stuff is 
basic. 

798
00:47:53,560 --> 00:47:56,680
You think you would do that, but
you won't believe the number of 

799
00:47:56,760 --> 00:48:00,000
groups that have just chucked 
stuff into a vault without 

800
00:48:00,160 --> 00:48:02,840
having proper metadata when it's
really burnt them, you know, 

801
00:48:03,000 --> 00:48:05,640
later on. 
So you really need to think 

802
00:48:05,640 --> 00:48:08,840
about this from a strategy and 
architecture standpoint and 

803
00:48:08,840 --> 00:48:13,680
design your whole solution 
around NHIS end to end is is 

804
00:48:13,680 --> 00:48:17,080
what we would recommend. 
So why don't I ask you a little 

805
00:48:17,080 --> 00:48:20,280
bit of a deep question and then 
we'll end on a lighter note to 

806
00:48:20,280 --> 00:48:21,720
kind of get us out of the deep 
water. 

807
00:48:22,280 --> 00:48:26,080
And here's my deep question. 
Is there anything that scares 

808
00:48:26,080 --> 00:48:29,840
you about NHI? 
Look everything excuse me about 

809
00:48:29,840 --> 00:48:31,640
NHI. 
That's why anything that doesn't

810
00:48:31,640 --> 00:48:32,040
I'm. 
Doing. 

811
00:48:32,040 --> 00:48:33,240
How about that? 
Maybe that's a better way to do 

812
00:48:33,240 --> 00:48:39,200
it. 
Look, but the problem that 

813
00:48:39,200 --> 00:48:42,840
scares me is, you know, the fact
that this problem has been there

814
00:48:42,840 --> 00:48:46,880
for 2530 years, ever since 
computers existed. 

815
00:48:46,880 --> 00:48:50,040
And we haven't really moved the 
needle that much, right? 

816
00:48:50,280 --> 00:48:54,000
And it's only really been in the
last few years where some of the

817
00:48:54,000 --> 00:48:58,040
vendors and the focus from 
everyone has been in the space. 

818
00:48:58,600 --> 00:49:02,200
And yes, there's vendors that 
deal with governance and posture

819
00:49:02,200 --> 00:49:05,120
management. 
How do we deal with kind of zero

820
00:49:05,120 --> 00:49:09,520
trust based architectures? 
You know, there's a lot of good 

821
00:49:09,520 --> 00:49:15,080
standards, spy, spy whimsy that 
are coming, right, that are 

822
00:49:15,080 --> 00:49:19,000
helping define how you can build
kind of scalable workload 

823
00:49:19,000 --> 00:49:22,560
dynamic based kind of 
architectures for managing your 

824
00:49:22,560 --> 00:49:26,120
workloads and follow zero trust 
principles. 

825
00:49:26,120 --> 00:49:28,400
But all that stuff is still not 
baked. 

826
00:49:29,320 --> 00:49:32,000
But I think the one thing that's
really scary, right, is kind of 

827
00:49:32,880 --> 00:49:35,040
obviously you're probably going 
to guess what I'm going to say 

828
00:49:35,040 --> 00:49:40,160
like a gentic AI and, and the 
ramifications for NHIS, given 

829
00:49:40,160 --> 00:49:43,320
that they're so weakly managed 
already, right? 

830
00:49:43,320 --> 00:49:46,880
So if you continue to use the 
same processes for your gentic 

831
00:49:46,880 --> 00:49:49,520
AI, they're probably going to be
even more privileged, right, 

832
00:49:49,520 --> 00:49:53,840
than regular Nhis that are used.
And as they become 

833
00:49:53,840 --> 00:49:58,480
interconnected and can elevate 
their privileges dynamically, if

834
00:49:58,480 --> 00:50:02,080
you don't apply, you know, sort 
of strong zero trust privileges 

835
00:50:02,080 --> 00:50:06,280
around that, it's scary what 
could happen, right, with people

836
00:50:06,280 --> 00:50:09,680
compromising AI agents, which 
obviously under the covers using

837
00:50:09,680 --> 00:50:12,000
NHIS. 
So I think we've got a long way 

838
00:50:12,000 --> 00:50:15,920
to go that the agentic AI stuff 
is just moving so fast. 

839
00:50:16,360 --> 00:50:19,040
But I just don't think at the 
moment we've got the right 

840
00:50:19,040 --> 00:50:23,800
controls and solutions to solve 
NHIS fundamentally anywhere at 

841
00:50:23,800 --> 00:50:27,800
the moment, let alone, you know,
the fast moving pace of agentic 

842
00:50:27,800 --> 00:50:30,120
AI. 
So that probably the thing that 

843
00:50:30,160 --> 00:50:33,600
worries me the most and probably
is the most hotly discussed 

844
00:50:33,600 --> 00:50:37,400
topic at the moment in the kind 
of agentic AI and NHI space. 

845
00:50:38,200 --> 00:50:40,480
I mean, I can see a, a, you 
know, a scenario say, well, we 

846
00:50:40,480 --> 00:50:44,280
just built an agentic AI product
to solve our agentic AI product.

847
00:50:44,480 --> 00:50:48,080
OK, so you know, we're in this, 
you know, dog chasing its tail 

848
00:50:48,080 --> 00:50:49,080
type of scenario. 
I don't know. 

849
00:50:49,080 --> 00:50:52,720
All right, let's shift to a 
little bit wider note because I 

850
00:50:52,720 --> 00:50:56,320
know that's if for people who 
aren't watching this on YouTube,

851
00:50:56,600 --> 00:51:01,120
you have a very impressive vinyl
collection behind you of I don't

852
00:51:01,120 --> 00:51:03,760
know how many thousands of 
records you might have. 

853
00:51:03,760 --> 00:51:06,840
First of all, let's talk there. 
How many, how much do you have 

854
00:51:06,840 --> 00:51:08,000
behind you? 
Let's start there. 

855
00:51:09,440 --> 00:51:12,200
I guess I've been collecting 
vinyls since I was a student at 

856
00:51:12,200 --> 00:51:14,320
university, so that's over 30 
years. 

857
00:51:14,320 --> 00:51:15,760
So you can probably guess my age
now. 

858
00:51:16,200 --> 00:51:18,360
But yeah, I've probably got 
somewhere in the region of about

859
00:51:18,360 --> 00:51:23,080
2000 kind of LP's, 12 inch 
records. 

860
00:51:23,720 --> 00:51:28,400
So it's been a lifelong ambition
to grow my collection. 

861
00:51:29,440 --> 00:51:34,680
It's all soul, swing, sort of 
hip hop, R&B. 

862
00:51:35,240 --> 00:51:43,120
The genres mainly in the sort of
70s, eighties, 90s kind of is 

863
00:51:43,400 --> 00:51:45,120
where most of my collection 
comes from. 

864
00:51:46,040 --> 00:51:48,240
I feel like vinyl's having a 
little bit of a resurgence here 

865
00:51:48,240 --> 00:51:51,280
the last, you know, few years, 
but it seems like it kind of 

866
00:51:51,280 --> 00:51:54,760
went away when C DS and, you 
know, the laser discs I think 

867
00:51:54,760 --> 00:51:57,760
were were part of that as well. 
But was there a lull in that 

868
00:51:57,760 --> 00:51:59,960
collection where it's like, man,
it's just getting harder to 

869
00:51:59,960 --> 00:52:04,160
find, you know, modern artists 
putting out their content on 

870
00:52:04,160 --> 00:52:07,920
that format of vinyl? 
Yeah, good question. 

871
00:52:07,920 --> 00:52:10,400
I've not really been buying a 
lot of newer stuff. 

872
00:52:10,400 --> 00:52:14,920
It's mainly in that sort of 70s 
to 90s kind of era. 

873
00:52:16,400 --> 00:52:21,320
I did probably stop buying stuff
for quite a few years as I was 

874
00:52:21,320 --> 00:52:25,320
working in investment banking. 
But then as kind of the last few

875
00:52:25,320 --> 00:52:30,760
years, I started to grow my 
collection again and bought a 

876
00:52:30,760 --> 00:52:34,280
lot from, you know, the 
collectors on eBay. 

877
00:52:34,280 --> 00:52:39,680
And there's a great story where 
I ordered a batch of albums from

878
00:52:39,680 --> 00:52:41,480
someone that I got to know very 
well. 

879
00:52:42,760 --> 00:52:45,680
And I was just going through 
them cleaning some of the 

880
00:52:45,680 --> 00:52:51,720
records, record cleaner and out 
popped out about 150 lbs in 

881
00:52:51,840 --> 00:52:59,200
very, very old British notes. 
So I went told the guy that I 

882
00:52:59,200 --> 00:53:02,840
purchased them, that I found 
this money in his in one of his 

883
00:53:02,880 --> 00:53:06,040
record sleeves. 
I went to the bank, got the 

884
00:53:06,040 --> 00:53:09,000
money converted because it was 
not legal tender anymore and 

885
00:53:09,000 --> 00:53:12,600
send the money back to him. 
So maybe tells you a little bit 

886
00:53:12,600 --> 00:53:16,560
about me that what I'm like if 
I'm in that kind of dilemma that

887
00:53:16,560 --> 00:53:18,960
I would definitely give the 
money back to the the rightful 

888
00:53:18,960 --> 00:53:21,240
owner. 
But that was a big shock to find

889
00:53:21,280 --> 00:53:22,760
money. 
And apparently he does quite a 

890
00:53:22,760 --> 00:53:26,800
lot hides money in his. 
He has 10,000 plus record 

891
00:53:26,800 --> 00:53:28,840
collection. 
So you might start buying more 

892
00:53:28,840 --> 00:53:31,520
albums from him and then any 
more money in all the secret 

893
00:53:31,520 --> 00:53:32,880
stashes. 
Now, yeah, I guess I probably 

894
00:53:32,880 --> 00:53:35,080
need to go through my 2000 now 
and see if there's any more I 

895
00:53:35,080 --> 00:53:37,760
can find in there. 
You never know, there might be a

896
00:53:37,760 --> 00:53:41,640
few more looking out there. 
So of that 2000, I'm going to 

897
00:53:41,640 --> 00:53:44,600
ask you to pick your first what,
what's the one that you remember

898
00:53:44,600 --> 00:53:48,960
first getting? 
What's your best album or record

899
00:53:48,960 --> 00:53:51,160
or vinyl, I guess? 
And then what's your favorite 

900
00:53:51,160 --> 00:53:54,480
one out of that set? 
Yeah, I'm not sure I can 

901
00:53:54,480 --> 00:53:59,160
remember my the first one, but 
it would probably be something 

902
00:53:59,160 --> 00:54:04,760
like Luther Vandross, Freddie 
Jackson, Marvin Gaye, probably 

903
00:54:04,760 --> 00:54:08,160
something in that kind of sort 
of era. 

904
00:54:10,240 --> 00:54:15,680
I think in terms of like kind of
my most cherished kind of 

905
00:54:15,680 --> 00:54:22,000
favorite album for 12 inch is 
probably from a British band 

906
00:54:22,000 --> 00:54:29,480
called Loose Ends. 
Have a lot of great records out 

907
00:54:29,480 --> 00:54:32,400
there. 
And I had the fortune to sort of

908
00:54:32,400 --> 00:54:40,080
see them play in a bar a couple 
of years ago and a big fanatic 

909
00:54:40,080 --> 00:54:43,600
of their music. 
I took all my kind of albums, 

910
00:54:43,600 --> 00:54:47,000
LP's with me and I was waving 
them around on the dance floor. 

911
00:54:47,000 --> 00:54:51,520
And then at the end of the night
the bands, I said look, come and

912
00:54:51,520 --> 00:54:55,400
join us. 
And then they signed all my my 

913
00:54:55,400 --> 00:54:57,600
albums, both on the outside and 
the inside. 

914
00:54:57,600 --> 00:55:02,000
So that was a real special 
moment for me. 

915
00:55:03,280 --> 00:55:06,200
So what was the other question 
you've asked her? 

916
00:55:06,280 --> 00:55:08,880
Is there a best 1? 
And I guess maybe best not the 

917
00:55:08,880 --> 00:55:10,520
same as favorite bike? 
Do you have something that's 

918
00:55:10,520 --> 00:55:15,440
like, oh this is a real find in 
in the space of vinyl? 

919
00:55:15,440 --> 00:55:17,360
I don't know if it's something 
rare maybe or something has a 

920
00:55:17,360 --> 00:55:19,400
lot of value other than 
sentimental. 

921
00:55:20,760 --> 00:55:26,920
There was one tune by a singer 
called Tammy Payne, and she 

922
00:55:26,920 --> 00:55:31,440
sings a song called Free that 
probably very few people have 

923
00:55:31,440 --> 00:55:36,000
heard, but it's just one of 
those classic sort of soul 

924
00:55:36,560 --> 00:55:39,160
songs. 
That first time I heard it, I 

925
00:55:39,160 --> 00:55:42,440
just felt I've got to have this 
and it's always been in my top 

926
00:55:42,440 --> 00:55:46,280
five. 
And it took me a year to sort of

927
00:55:46,280 --> 00:55:49,840
source this when I was at 
university and as a kind of poor

928
00:55:49,840 --> 00:55:54,600
student, I think I paid about 
3040 lbs for it, which was a lot

929
00:55:54,600 --> 00:55:59,680
of money in in those days for 
just one record, but it was from

930
00:55:59,680 --> 00:56:03,560
a specialist kind of reseller. 
And then a few weeks later, I'm 

931
00:56:03,560 --> 00:56:08,200
rumbling through a sort of a 
record shop and I found another 

932
00:56:08,440 --> 00:56:12,200
copy of this same thing that I 
paid 3040 lbs for. 

933
00:56:12,200 --> 00:56:14,880
And it was on for like 50 P or a
pound. 

934
00:56:15,360 --> 00:56:19,080
So I was guided that, you know, 
just in a week I played over the

935
00:56:19,080 --> 00:56:22,000
odds. 
But you know, but that's the one

936
00:56:22,000 --> 00:56:24,840
I probably cherish the most 
because it was the one I wanted 

937
00:56:24,840 --> 00:56:27,280
to to get for a very, very long 
time. 

938
00:56:27,280 --> 00:56:31,360
And it took me ages to find. 
But then I found two quick 

939
00:56:31,360 --> 00:56:33,680
succession. 
So you have one for playing and 

940
00:56:33,680 --> 00:56:36,400
then one for like display or you
know, keeping, right? 

941
00:56:38,440 --> 00:56:40,200
Jim, I want to pay it over to 
you. 

942
00:56:40,400 --> 00:56:45,760
What is your first, best and 
favorite album? 

943
00:56:45,840 --> 00:56:47,800
I guess I'm not sure I know. 
I'm pretty sure you don't click 

944
00:56:47,800 --> 00:56:50,160
vinyl, but give me a first, best
and favorite. 

945
00:56:51,560 --> 00:56:56,640
So I'm going to mention three 
and interestingly none of them 

946
00:56:56,640 --> 00:57:00,240
were vinyl. 
So the first one was 8 tracks. 

947
00:57:00,560 --> 00:57:06,360
And so get this, I don't know if
you remember, but in the 80s, 

948
00:57:06,440 --> 00:57:11,800
early 80s to put in magazines, 
Columbia Records would put these

949
00:57:11,800 --> 00:57:17,280
inserts where you can tape a 
penny to It was like a postcard 

950
00:57:18,160 --> 00:57:22,200
and mark off a bunch of albums 
that you wanted and you get them

951
00:57:22,200 --> 00:57:24,600
in a track format or vinyl 
format. 

952
00:57:24,920 --> 00:57:29,040
So I ordered like, I forget it. 
I think it was like 6 for a 

953
00:57:29,040 --> 00:57:30,920
penny. 
I thought, look, this the best 

954
00:57:30,920 --> 00:57:34,640
bargain ever. 
I was like 6 years old and I got

955
00:57:35,400 --> 00:57:38,640
Devo. 
You remember that song Whip it? 

956
00:57:39,640 --> 00:57:46,760
I got Michael Jackson, Thriller,
and I got Led Zeppelin 4, 

957
00:57:47,200 --> 00:57:50,680
Stairway to Heaven and I loved 
it. 

958
00:57:50,680 --> 00:57:54,840
My mom was not happy because 
then she had to buy like 5 more 

959
00:57:54,840 --> 00:57:59,200
albums at full price, which I 
think was like $30.00 an album. 

960
00:57:59,560 --> 00:58:02,040
So anyway, yeah that was a funny
story. 

961
00:58:02,280 --> 00:58:07,240
So that's first I think best I'm
going to say. 

962
00:58:07,240 --> 00:58:13,320
So I had, you know, I was into 
hip hop music before they even 

963
00:58:13,320 --> 00:58:17,720
called it hip hop music. 
It was Beastie Boys licensed to 

964
00:58:17,720 --> 00:58:21,520
ILL on cassette. 
I played that thing and flipped 

965
00:58:21,520 --> 00:58:26,240
over my tape deck so many times 
that all of the ink on it was 

966
00:58:26,240 --> 00:58:28,680
worn off. 
So I mean, it must have played 

967
00:58:28,680 --> 00:58:32,000
that so many times. 
I think eventually the cassette 

968
00:58:32,000 --> 00:58:34,480
player ate the tape. 
Remember, that used to happen, 

969
00:58:34,840 --> 00:58:40,400
like, get garbled up. 
And then as far as favorite, I 

970
00:58:40,400 --> 00:58:43,360
think I'm going to go to my 
college days on CD. 

971
00:58:43,880 --> 00:58:49,600
I'm going to pick Pearl Jam 10 
because I must have played that 

972
00:58:49,600 --> 00:58:53,840
a million times. 
And that was such like an anthem

973
00:58:54,080 --> 00:58:57,800
of that grunge era. 
And I've loved music ever since.

974
00:58:57,800 --> 00:59:01,040
And I've had other things. 
But those three events stick out

975
00:59:01,040 --> 00:59:03,480
in my mind as first, best, 
favorite. 

976
00:59:04,200 --> 00:59:08,840
Jeff, your turn. 
Well, those are good ones and, 

977
00:59:08,840 --> 00:59:12,720
and I got into music probably 
much later than both of you. 

978
00:59:12,720 --> 00:59:17,520
I don't think I got my first 
album until I was probably 

979
00:59:17,920 --> 00:59:20,720
either senior in high school or 
just out of high school. 

980
00:59:20,720 --> 00:59:24,960
I just, it wasn't a thing that I
did, but I very remember, very 

981
00:59:24,960 --> 00:59:27,640
much remember getting CDs. 
That's how I started. 

982
00:59:27,680 --> 00:59:29,960
I I mean, I had cassettes and 
stuff like that, but it was all 

983
00:59:29,960 --> 00:59:32,240
just like, you know, you'd tape 
it off the radio, you know, that

984
00:59:32,240 --> 00:59:34,840
kind of thing. 
But the first C DS I bought were

985
00:59:34,840 --> 00:59:37,120
two. 
It was Offspring, the smash 

986
00:59:37,120 --> 00:59:39,560
album and Green Day's Dookie 
album. 

987
00:59:40,000 --> 00:59:42,480
Those are the first two things 
that I ever bought. 

988
00:59:43,120 --> 00:59:45,640
So that's the first. 
Let's see. 

989
00:59:45,640 --> 00:59:53,400
The best is probably a box set 
from Metallica called Live Blank

990
00:59:53,680 --> 00:59:57,120
Binge and Purge. 
And they had a double CD of a, 

991
00:59:57,120 --> 00:59:59,520
of a live show that they did. 
I think it was in Mexico. 

992
00:59:59,560 --> 01:00:01,320
It had a video performance. 
Yeah. 

993
01:00:01,880 --> 01:00:03,280
Just a great, just a great 
thing. 

994
01:00:03,280 --> 01:00:05,160
But it was like a full box set 
and it had like a, you know, 

995
01:00:05,240 --> 01:00:08,240
chest or whatever. 
And I don't know if I 

996
01:00:08,240 --> 01:00:10,920
necessarily have a favorite 
album. 

997
01:00:11,360 --> 01:00:13,680
I feel like there's so many good
ones out there. 

998
01:00:14,000 --> 01:00:19,760
And my listening patterns have 
changed into more of a hunt and 

999
01:00:19,760 --> 01:00:22,000
Peck. 
You know, pick one song from 

1000
01:00:22,000 --> 01:00:24,840
this artist and then go to this 
other song from another artist. 

1001
01:00:25,800 --> 01:00:27,440
There's a lot of really good 
albums. 

1002
01:00:27,440 --> 01:00:29,760
But you know, maybe it's 
actually, you know, maybe I'm 

1003
01:00:29,760 --> 01:00:33,360
going to go with Korn. 
I love the Untouchables album. 

1004
01:00:33,360 --> 01:00:37,160
I think it's fantastic. 
So I'm going to I'm going to go 

1005
01:00:37,160 --> 01:00:39,520
with that as my final answer. 
Jim Korn. 

1006
01:00:39,800 --> 01:00:42,480
You are a hard rocker, man. 
I got to give you that. 

1007
01:00:42,480 --> 01:00:46,640
Give that to your three choices.
We're all basically heavy metal.

1008
01:00:47,280 --> 01:00:49,480
It was a choice between, you 
know, rock. 

1009
01:00:49,760 --> 01:00:51,600
There's some electronic albums I
like too. 

1010
01:00:51,600 --> 01:00:55,520
But yeah, I just remember 
playing the Untouchables album 

1011
01:00:55,520 --> 01:00:57,920
over and over and over and over 
again in the car. 

1012
01:00:58,920 --> 01:01:02,160
And, you know, that was on my, I
think at the time I had like one

1013
01:01:02,160 --> 01:01:04,680
of those CD discman things, 
right, that you'd have in your 

1014
01:01:04,680 --> 01:01:08,240
car and use the cassette tape 
adapter to get it into your 

1015
01:01:08,240 --> 01:01:10,720
stereo and, you know, all that 
good stuff. 

1016
01:01:10,720 --> 01:01:13,120
But I don't know allow it does 
does any of the stuff. 

1017
01:01:13,320 --> 01:01:16,720
Just a final joke. 
Yeah, Yeah, I was just about to 

1018
01:01:16,720 --> 01:01:19,920
say those are a set of non human
identities that I don't 

1019
01:01:19,920 --> 01:01:22,240
recognize and have not 
discovered. 

1020
01:01:23,600 --> 01:01:28,080
You could argue, you could argue
that all those things, vinyl, CD

1021
01:01:28,080 --> 01:01:30,880
are all potentially non human 
identities as well. 

1022
01:01:32,200 --> 01:01:33,840
Identity, right? 
They won't have a code. 

1023
01:01:33,840 --> 01:01:36,440
So. 
We got to hit stop and record a 

1024
01:01:36,440 --> 01:01:39,400
new one where we argue about 
that for the next half hour. 

1025
01:01:41,080 --> 01:01:42,880
But we want to establish 
provenance, right? 

1026
01:01:42,880 --> 01:01:44,120
It's like also the same thing 
too. 

1027
01:01:44,120 --> 01:01:46,480
It's like, what is the the 
provenance of this album? 

1028
01:01:46,800 --> 01:01:48,800
Is it legit? 
Is it, I mean, at some point 

1029
01:01:48,800 --> 01:01:52,120
it's going to be is this AI or 
is this X band right doing the 

1030
01:01:52,120 --> 01:01:54,360
real thing? 
So that'll be interesting when 

1031
01:01:54,360 --> 01:01:57,080
we start talking about non human
identities for non human 

1032
01:01:57,080 --> 01:02:02,320
identities. 
All right, this has been in just

1033
01:02:02,320 --> 01:02:03,520
a fascinating conversation. 
All that. 

1034
01:02:03,520 --> 01:02:05,240
I'm glad you were able to get 
you onto the show. 

1035
01:02:05,560 --> 01:02:07,920
I feel like kind of finally this
happened. 

1036
01:02:07,920 --> 01:02:09,840
So that's great. 
I'm looking forward to seeing 

1037
01:02:09,840 --> 01:02:12,840
you on Identiverse next week. 
And for the time, people of 

1038
01:02:12,840 --> 01:02:14,880
times listen this, you know, 
your workshop will have been 

1039
01:02:14,880 --> 01:02:16,720
overdone have been done at that 
point. 

1040
01:02:16,720 --> 01:02:19,480
So would encourage people to go 
check out the Identiverse. 

1041
01:02:19,480 --> 01:02:20,680
I think things are going to be 
recorded. 

1042
01:02:20,680 --> 01:02:22,560
I'm not sure if your workshop is
going to be well let. 

1043
01:02:22,560 --> 01:02:24,120
Do you know if that's if that's 
the case? 

1044
01:02:25,200 --> 01:02:31,120
Yeah, workshop will be recorded,
but the pavilion sessions won't.

1045
01:02:31,120 --> 01:02:37,240
But yeah, I'm looking forward to
seeing you both there with some 

1046
01:02:37,240 --> 01:02:39,520
crazy things that you're going 
to do at the Pavilion and 

1047
01:02:40,200 --> 01:02:43,040
looking forward to spending some
time with you next week. 

1048
01:02:44,280 --> 01:02:45,320
Yeah, that's going to be a lot 
of fun. 

1049
01:02:45,320 --> 01:02:47,120
So we'll go ahead and wrap it up
for this week. 

1050
01:02:47,200 --> 01:02:50,760
I'll have links in our show 
notes to while it's a LinkedIn 

1051
01:02:50,760 --> 01:02:53,680
page, as well as the non human 
identity management group and 

1052
01:02:53,680 --> 01:02:56,960
HIM g.org. 
You go check out there For more 

1053
01:02:56,960 --> 01:02:58,560
information, which has a lot of 
good content. 

1054
01:02:58,560 --> 01:03:00,720
So, you know, hats off to you 
for a while for really kind of 

1055
01:03:00,720 --> 01:03:05,120
spearheading this and and taking
the mantle of of Mr. Nhi. 

1056
01:03:05,200 --> 01:03:08,360
So I'm not sure what the next 
step is past Mr. Would it be? 

1057
01:03:08,360 --> 01:03:11,640
Do we just go to different 
languages like Senor NHI? 

1058
01:03:11,880 --> 01:03:14,480
Do we go to like professor or 
doctor like have you? 

1059
01:03:14,600 --> 01:03:17,040
Do you have a graduation 
strategy for Mr. NHI? 

1060
01:03:17,440 --> 01:03:21,080
Someone's already started to 
call me the father of NHI and 

1061
01:03:21,080 --> 01:03:24,480
then the Godfather of NHI, so 
maybe that's the natural 

1062
01:03:24,640 --> 01:03:26,560
evolution. 
Godfather sounds nice. 

1063
01:03:26,560 --> 01:03:30,280
I meant to ask, when you were in
Germany, were you hair NHI? 

1064
01:03:31,280 --> 01:03:33,040
No, that didn't come up, 
thankfully. 

1065
01:03:33,040 --> 01:03:37,200
All right, next time. 
Well, thank you so much for 

1066
01:03:37,200 --> 01:03:40,360
being with us here and yeah, 
spending your time and, and 

1067
01:03:40,360 --> 01:03:42,000
helping us understand the space 
a little bit more. 

1068
01:03:42,000 --> 01:03:43,720
We'll go ahead and wrap for this
week. 

1069
01:03:44,000 --> 01:03:46,520
You can find us on the web, IDC,
podcast.com. 

1070
01:03:46,720 --> 01:03:48,640
Do all the things that Jim asked
you to do earlier in the 

1071
01:03:48,800 --> 01:03:51,280
episode, like subscribe, share 
with your friends, share with 

1072
01:03:51,280 --> 01:03:53,640
your enemies, share with your 
agentic AII don't care. 

1073
01:03:53,960 --> 01:03:56,080
As long as people listen, that's
all that matters. 

1074
01:03:56,440 --> 01:03:59,600
So with that, thanks for 
watching and or listening and 

1075
01:03:59,600 --> 01:04:01,120
we'll talk with you all in the 
next one. 

1076
01:04:04,000 --> 01:04:06,960
You've been listening to 
Identity at the Center. 

1077
01:04:07,280 --> 01:04:11,400
We hope you've enjoyed the show.
Make sure to like, rate and 

1078
01:04:11,400 --> 01:04:15,040
review, and we'll be back soon. 
But in the meantime, hit the 

1079
01:04:15,040 --> 01:04:18,440
website at 
identity@thecenter.com. 

1080
01:04:19,040 --> 01:04:23,160
See you next time on Identity at
the Center.

