1 00:00:00,040 --> 00:00:06,080 The biggest thing is to have a story and know your data because 2 00:00:06,480 --> 00:00:08,119 you could go invest tons of money in this. 3 00:00:08,119 --> 00:00:11,760 And if your data is a swampy, you're going to have a swamp. 4 00:00:13,000 --> 00:00:18,040 When I say know your data, clean data, marshalled data. 5 00:00:18,040 --> 00:00:22,320 And I know that sounds like a very, a very pipe dream, but get 6 00:00:22,320 --> 00:00:24,640 your identity data right first. What does that mean? 7 00:00:25,200 --> 00:00:28,320 So how many companies onboard people without doing 8 00:00:28,520 --> 00:00:30,960 verification or proofing in the workforce? 9 00:00:31,160 --> 00:00:35,360 A lot. They take HTM systems work for 10 00:00:35,360 --> 00:00:36,680 it. Like, yeah, I approve the person 11 00:00:36,680 --> 00:00:39,800 they faxed me over the I nines and the the thought license 12 00:00:39,800 --> 00:00:44,760 thing, manual entry. I mean, let's face it, it's out. 13 00:00:44,760 --> 00:00:47,480 It's out. It's public knowledge that there 14 00:00:47,480 --> 00:00:52,160 are some countries that are coming after domestically and 15 00:00:52,160 --> 00:00:54,120 they're faking. They're faking documents. 16 00:00:54,400 --> 00:00:56,800 Jenna, I is a thing. It's very easy to fake stuff 17 00:00:56,800 --> 00:00:59,520 now, right? So getting that right at the 18 00:00:59,560 --> 00:01:02,800 entry point makes everything else clean and simple. 19 00:01:03,040 --> 00:01:05,560 But if you get it wrong at the entry point, you create a 20 00:01:05,560 --> 00:01:08,120 fractured web of just distributed nonsensory. 21 00:01:08,280 --> 00:01:11,960 And yes, you can trademark that word and use it royalty free. 22 00:01:11,960 --> 00:01:15,800 But you want to create line segments like you want to have 23 00:01:15,800 --> 00:01:21,840 event data, event action. But if you have is, is this 24 00:01:21,840 --> 00:01:23,720 Jeff? I don't know. 25 00:01:24,640 --> 00:01:27,480 But if you give Jeff the wrong entitlement, security risk, if 26 00:01:27,480 --> 00:01:31,960 you give, if you onboard Jeff twice now I have 18 accounts to 27 00:01:31,960 --> 00:01:35,520 worry about South, in a way, if you get your data right, you can 28 00:01:35,520 --> 00:01:39,680 decrease your spend across the board on Pam, IGA systems, 29 00:01:40,000 --> 00:01:41,520 account management. You might you won't have account 30 00:01:41,520 --> 00:01:43,080 drift. You won't have account sprawl, 31 00:01:43,160 --> 00:01:45,480 real sprawl. All those are real problems. 32 00:01:46,000 --> 00:01:49,880 They always start at the base foundation of your data. 33 00:01:49,880 --> 00:01:59,280 Like know your data. This is identity at the center 34 00:01:59,960 --> 00:02:03,080 if it has anything to do with IAM. 35 00:02:03,080 --> 00:02:09,639 This is the go to podcast now your hosts Jim McDonald and Jeff 36 00:02:09,639 --> 00:02:17,360 Steadman. Welcome to the Identity of the 37 00:02:17,360 --> 00:02:18,560 Center podcast. I'm Jeff. 38 00:02:18,560 --> 00:02:21,920 And hey, you're not Jim. Who are you, stranger? 39 00:02:22,520 --> 00:02:25,960 Not Jim. No, you're Sean Odell, your 40 00:02:25,960 --> 00:02:28,920 identity guy at Disney. You're going to be my Co host 41 00:02:28,920 --> 00:02:30,520 today. Jim is on assignment as we'd 42 00:02:30,520 --> 00:02:31,880 like to stay in the press business. 43 00:02:31,880 --> 00:02:34,680 So he's got the the night off. You and I are going to record 44 00:02:34,680 --> 00:02:37,000 something here. So I'm going to have to swear 45 00:02:37,000 --> 00:02:39,880 you in because we're going to have to make sure that this is 46 00:02:39,880 --> 00:02:41,240 official. So I'm going to have you repeat 47 00:02:41,240 --> 00:02:44,200 after me, Sean. I state your name. 48 00:02:44,960 --> 00:02:49,160 State my name Sean Odell. Of my own free will, I'm here on 49 00:02:49,160 --> 00:02:52,880 the Identity Center Podcast. Of my own free will am here on 50 00:02:52,880 --> 00:02:54,320 the identity. Center Podcast. 51 00:02:54,880 --> 00:02:58,200 The views expressed here are my own and do not necessarily 52 00:02:58,200 --> 00:03:02,040 reflect that of my employer. The views expressed here on my 53 00:03:02,040 --> 00:03:04,560 own and do not necessarily reflect that of my employer. 54 00:03:05,440 --> 00:03:06,760 You got it. It's official. 55 00:03:06,760 --> 00:03:09,720 Welcome to the Identity Center Podcast, Sean again. 56 00:03:10,920 --> 00:03:14,040 Good to be back on again. So it's been about a year since 57 00:03:14,040 --> 00:03:15,720 you were here with us. You know, we're just talking 58 00:03:15,720 --> 00:03:17,920 here. Record Button one year and one 59 00:03:17,920 --> 00:03:20,160 day since our last episode went live. 60 00:03:20,680 --> 00:03:23,320 And I'm not going to make you relive your origin story. 61 00:03:23,480 --> 00:03:25,760 I'll point people back to episode 255. 62 00:03:25,800 --> 00:03:28,120 That was back in January to 2024. 63 00:03:28,120 --> 00:03:31,120 This is going to be episode I think 328. 64 00:03:31,680 --> 00:03:33,280 So we've been rolling along here. 65 00:03:33,320 --> 00:03:36,880 I guess give me a little bit of update before we get along. 66 00:03:36,880 --> 00:03:38,800 Anything new in your world that you want to share? 67 00:03:40,680 --> 00:03:43,440 I have AI know I have two kids versus 1. 68 00:03:43,520 --> 00:03:49,080 So I have a Kelly Ray named after, you know, Ray because 69 00:03:50,240 --> 00:03:55,560 something is Luke named after obviously Luke Skywalker new 70 00:03:55,560 --> 00:03:58,520 stuff at work, but just more responsibility doing more doing 71 00:03:58,520 --> 00:04:00,440 more cool stuff. But other than that, I mean 72 00:04:01,520 --> 00:04:04,160 taking more of the role in the industry, working more closely 73 00:04:04,160 --> 00:04:10,000 with the likes of like Atoll, Toshiba, Inglazer, doors opening 74 00:04:10,000 --> 00:04:13,720 a lot First off and O&OIDF. So I'm I'm pretty excited about 75 00:04:13,720 --> 00:04:15,600 it, honestly. And it's like why we're talking 76 00:04:15,600 --> 00:04:19,079 to you about this exact topic is because things are starting to 77 00:04:19,079 --> 00:04:20,640 all meld together. So I thought this would be a 78 00:04:20,640 --> 00:04:23,760 good topic to to bring to the, the, the greater population of 79 00:04:23,760 --> 00:04:26,320 people. So a lot of is changing, but 80 00:04:26,320 --> 00:04:29,680 it's for a lot of good stuff. Well, I'm glad to have you back. 81 00:04:29,680 --> 00:04:32,680 You and I have actually kept in touch since that last episode 82 00:04:32,680 --> 00:04:35,360 and I've gone back and forth with texts and messages and a 83 00:04:35,360 --> 00:04:39,760 bunch of different stuff. I will say I'm going to give you 84 00:04:39,760 --> 00:04:44,280 credit because you have the coolest background of, I think 85 00:04:44,280 --> 00:04:45,320 any of the guests that we've had. 86 00:04:45,640 --> 00:04:48,840 I know a lot of people like mine, but yours is next level 87 00:04:48,840 --> 00:04:51,600 with all the Star Wars stuff. Give me a quick tour because it 88 00:04:51,600 --> 00:04:55,640 looks like over your left shoulder is maybe some 89 00:04:55,640 --> 00:04:59,560 lightsabers, and then you've got some figurines and statues and 90 00:04:59,560 --> 00:05:02,440 things like that. So I have these are the dark 91 00:05:02,440 --> 00:05:04,200 side sabers over here you can't see. 92 00:05:04,200 --> 00:05:06,680 But in my office there's the light sides over there. 93 00:05:06,680 --> 00:05:13,320 Then I have like a Mando closet and I have an Armory, but top 94 00:05:13,320 --> 00:05:17,000 shelf is just more like statues of you can't see about. 95 00:05:17,120 --> 00:05:19,400 Oh, I'm going to wiggle my camera if you're OK with that. 96 00:05:19,840 --> 00:05:24,240 Sure, there's like Ahsoka and Ray and Ahsoka, but then the the 97 00:05:24,240 --> 00:05:27,920 middle one is more of like my my clone wars army. 98 00:05:27,920 --> 00:05:29,640 Then that's like the the traditional Jedi. 99 00:05:29,640 --> 00:05:34,680 And the bottom shelf is the the dark side, but can't go that low 100 00:05:34,800 --> 00:05:36,600 because I mean, unless you're OK with this. 101 00:05:36,600 --> 00:05:38,880 So let's see how it turns out. But there's the dark side stuff. 102 00:05:38,880 --> 00:05:40,920 You have the royal guard and more stuff. 103 00:05:40,920 --> 00:05:45,120 But I've always wanted to and since I was a kid, like love 104 00:05:45,120 --> 00:05:47,440 collecting. I have all, all the old, old 105 00:05:47,440 --> 00:05:51,040 toys. But I have a very, very 106 00:05:51,080 --> 00:05:52,760 forgiving wife who allows me to do this. 107 00:05:52,760 --> 00:05:55,720 So I love having it. It's just, it's my thing. 108 00:05:55,880 --> 00:05:59,720 It's it's my advice. You know, it's, it's pretty cool 109 00:05:59,720 --> 00:06:02,240 and definitely forgiving. A partner is always helpful with 110 00:06:02,240 --> 00:06:04,000 that. I also hear some younglings or 111 00:06:04,160 --> 00:06:06,240 padawans rolling around the background. 112 00:06:06,240 --> 00:06:09,360 So they're they've started their training early, I assume. 113 00:06:10,240 --> 00:06:14,880 They have they're earning their both their IAM certificates and 114 00:06:14,880 --> 00:06:17,960 their their paddle one training certificates at the same time 115 00:06:17,960 --> 00:06:21,040 so. Sounds pretty happy about that 116 00:06:21,040 --> 00:06:25,320 one too. The last time we were met in 117 00:06:25,320 --> 00:06:28,840 person, I guess would have been probably in the fall and you and 118 00:06:28,840 --> 00:06:30,600 I were at Identiverse. And are you going to be at 119 00:06:30,600 --> 00:06:32,600 Identiverse again this year? Yep. 120 00:06:33,480 --> 00:06:35,920 OK. And I assume you're going to 121 00:06:35,920 --> 00:06:38,320 probably be looking to get on the schedule, do some things. 122 00:06:38,320 --> 00:06:40,360 I know this stuff haven't announced yet, but you know, I'm 123 00:06:40,360 --> 00:06:43,160 sure it'll be a fun. So people who missed it last 124 00:06:43,160 --> 00:06:46,640 time you were nice enough to ask me to host a panel around shared 125 00:06:46,640 --> 00:06:50,360 signals framework and Cape and I thought it went real well. 126 00:06:50,360 --> 00:06:52,560 We have we had a full room. I think a lot of good questions 127 00:06:52,560 --> 00:06:55,800 come out of it so. Yeah, it, it was, it was enough 128 00:06:55,800 --> 00:07:00,000 to wear the Q&A, the Q&A format that that we did like you, you 129 00:07:00,000 --> 00:07:02,560 asked, you asked great seating questions, but then it just took 130 00:07:02,560 --> 00:07:06,920 off and you know, shirts didn't you know, the shirts didn't, 131 00:07:07,640 --> 00:07:10,600 didn't hurt either. But I think the format went very 132 00:07:10,600 --> 00:07:12,240 well. I submitted for another panel. 133 00:07:12,240 --> 00:07:16,680 So if it, if it gets picked up, you know who I'm going to call 134 00:07:16,680 --> 00:07:18,400 to come moderate. So I, I can't wait. 135 00:07:18,400 --> 00:07:21,560 So we'll see if it gets if it gets picked up, but hopefully so 136 00:07:21,560 --> 00:07:23,080 well. I'm happy to do it. 137 00:07:23,080 --> 00:07:24,840 So you let me know and I'll be there for you. 138 00:07:24,840 --> 00:07:28,560 I'm going to actually going to be at EIC for the first time 139 00:07:28,560 --> 00:07:31,440 2025 in Berlin. Have you been to EIC before? 140 00:07:31,440 --> 00:07:35,640 European Identity and Cloud Conference now a card to travel 141 00:07:35,640 --> 00:07:37,640 across. The the big ocean when you have 142 00:07:38,480 --> 00:07:40,160 a three month old right now, can't, can't we do that? 143 00:07:40,440 --> 00:07:42,320 Yeah, I can see that. It's also expensive too. 144 00:07:42,320 --> 00:07:44,040 So yeah, we're figuring that one out. 145 00:07:44,040 --> 00:07:46,760 But Jim and I are planning on being out there, give people a 146 00:07:46,760 --> 00:07:47,760 heads up. It's like, hey, we're going to 147 00:07:47,760 --> 00:07:49,400 be out there in May. We've got a discount code. 148 00:07:49,400 --> 00:07:53,520 So if you're going to be at EIC 2025, it's May 6th to the 9th in 149 00:07:53,520 --> 00:07:55,360 Berlin. I've mentioned some previous 150 00:07:55,360 --> 00:07:57,640 podcast, my first time going to Berlin, so I'm very excited for 151 00:07:57,640 --> 00:07:59,360 that. And I'm probably going to hit 152 00:07:59,360 --> 00:08:02,400 Europe at large around. They're not sure yet what I'm 153 00:08:02,400 --> 00:08:05,720 going to be doing, but I know that like Amsterdam is on the 154 00:08:05,720 --> 00:08:09,560 table, maybe Denmark, somewhere in that area, maybe somewhere 155 00:08:09,560 --> 00:08:11,480 like Munich. So still figure it out. 156 00:08:11,480 --> 00:08:13,640 But you can show support for the show. 157 00:08:13,640 --> 00:08:15,400 If you want to register, we've got discount code. 158 00:08:15,400 --> 00:08:17,400 It'll be on our website right on the homepage. 159 00:08:17,720 --> 00:08:21,800 It'll also be in the show notes. But if you use the code ID AC25 160 00:08:21,960 --> 00:08:26,520 MKO, that gets you 25% off. So be sure to use our discount, 161 00:08:26,680 --> 00:08:29,680 take advantage of free savings, doesn't cost you anything and 162 00:08:29,680 --> 00:08:31,440 just show support for the podcast here. 163 00:08:31,440 --> 00:08:33,000 So I appreciate that if you guys. 164 00:08:33,000 --> 00:08:34,880 I know you're AI, know you're a foodie. 165 00:08:35,360 --> 00:08:41,000 I am Europe unmatched. The food is amazing there. 166 00:08:41,320 --> 00:08:44,080 I'm looking forward to the food. I think that's the one thing 167 00:08:44,080 --> 00:08:49,400 that is is always unique when you go somewhere new and if 168 00:08:49,400 --> 00:08:50,880 there's local or regional type stuff. 169 00:08:50,880 --> 00:08:54,000 And we actually had Martin Cooper on here last couple weeks 170 00:08:54,000 --> 00:08:54,920 ago, I think it was at this point. 171 00:08:55,000 --> 00:08:56,280 And so I asked him some questions about that. 172 00:08:56,280 --> 00:08:58,760 So if you've got food suggestions, hit me up on 173 00:08:58,760 --> 00:09:00,960 LinkedIn, especially in the Berlin area, because I'll be 174 00:09:00,960 --> 00:09:04,040 looking for stuff to do while I'm there for that, that EIC 175 00:09:04,040 --> 00:09:05,800 week. So yes, thank you for bringing 176 00:09:05,800 --> 00:09:08,800 that up. I had some of the best carbonara 177 00:09:09,320 --> 00:09:11,600 in Berlin, really, which is on me. 178 00:09:11,600 --> 00:09:14,440 I don't even understand how. But then I went to Italy and had 179 00:09:14,440 --> 00:09:18,880 like, oh, just kiss like. Yeah, stand that. 180 00:09:18,960 --> 00:09:21,880 You know, hold my jacket here while I make you real Carbonara. 181 00:09:23,480 --> 00:09:26,400 I introduced you as an identity guy at Disney. 182 00:09:26,440 --> 00:09:28,440 Help me understand what an identity guy does. 183 00:09:28,440 --> 00:09:30,760 Maybe just kind of level set and kind of provide some context 184 00:09:30,760 --> 00:09:36,920 around sort of your background. So I my official title is Senior 185 00:09:36,920 --> 00:09:40,720 Staff Security Engineer for consumer and workforce. 186 00:09:40,760 --> 00:09:43,920 I am because identity and security should should be 187 00:09:43,920 --> 00:09:46,400 planted into into one domain. I think most companies are. 188 00:09:46,400 --> 00:09:49,240 Most companies are going that way anyways. 189 00:09:50,120 --> 00:09:52,560 I, I do, I traverse the consumer. 190 00:09:52,760 --> 00:09:56,040 I am domain at Disney. I work a lot with a lot of you 191 00:09:56,040 --> 00:09:58,920 may know him, Chuck Mortimer, you know, you did a lot, a lot 192 00:09:58,920 --> 00:10:01,760 of stuff with Oauth and on the workforce side. 193 00:10:01,760 --> 00:10:05,600 I every global brand you can think of at Disney, I have my 194 00:10:05,600 --> 00:10:09,880 hands in the pie of I am pick the pick the flavor of domain 195 00:10:09,880 --> 00:10:13,880 you want to talk about provisioning, LCMSSOO, factor 196 00:10:13,880 --> 00:10:18,080 management, all of it's there. So my scope is a global, so I 197 00:10:18,080 --> 00:10:21,120 don't really have like fix this one use case. 198 00:10:21,120 --> 00:10:25,560 It's more like here's this problem for 100,000 people go 199 00:10:25,560 --> 00:10:27,280 after it. So it's it's a lot of fun. 200 00:10:27,280 --> 00:10:33,760 Yeah, every day is different. Learning a lot that identity is 201 00:10:33,760 --> 00:10:36,240 the lifeblood of the business and it all starts there. 202 00:10:36,720 --> 00:10:40,320 It's very it's a very identity is intertwined in almost 203 00:10:40,320 --> 00:10:41,760 everything you do at at a company. 204 00:10:41,760 --> 00:10:45,960 So it's very tangential and it's also important to not get wrong. 205 00:10:47,440 --> 00:10:50,280 Yeah, kind of I would say it's at the center, right. 206 00:10:50,280 --> 00:10:53,040 We call the podcast for that that reason and I don't know 207 00:10:53,080 --> 00:10:53,640 about you. I did. 208 00:10:53,720 --> 00:10:55,560 Not say that out loud, but it is at the center. 209 00:10:55,560 --> 00:10:58,560 You're correct, yes. Cha Ching that trademark you 210 00:10:58,560 --> 00:10:59,960 have to give me a nickel every time you say it. 211 00:11:01,640 --> 00:11:04,920 I, I have seen at least, you know, from my clients in my day 212 00:11:04,920 --> 00:11:06,960 job and things like that and other people I've talked to 213 00:11:06,960 --> 00:11:09,520 where it seems like at Denny's having a little bit of a moment 214 00:11:09,520 --> 00:11:14,400 here where the recognition I think is starting to get to what 215 00:11:14,400 --> 00:11:16,680 I would call the appropriate levels even within an 216 00:11:16,680 --> 00:11:19,600 organization, say, oh, this is, this is something we can't skimp 217 00:11:19,600 --> 00:11:21,880 on or wait on. We've got to get it right. 218 00:11:21,880 --> 00:11:23,200 And it could be for any number of reasons, right? 219 00:11:23,200 --> 00:11:25,760 It could be security, it could be appliance or risk type 220 00:11:25,760 --> 00:11:27,920 things, or it could even just be, hey, you know, we, we need a 221 00:11:27,920 --> 00:11:30,360 better user experience for our customers, right? 222 00:11:30,360 --> 00:11:33,200 Things like that. Do you see that same sort of 223 00:11:33,200 --> 00:11:36,080 trends in your travels and discussions with other folks in 224 00:11:36,080 --> 00:11:37,080 the space? I. 225 00:11:37,120 --> 00:11:40,720 Do I used to always think consumer identity got all the 226 00:11:40,720 --> 00:11:42,960 bang for the buck, all the money because of the user experience, 227 00:11:42,960 --> 00:11:46,120 But it's, it's traversing into workforce. 228 00:11:46,120 --> 00:11:49,360 A lot of the stuff that you're seeing like in the, in the 229 00:11:49,360 --> 00:11:52,600 consumer world, you have like consumer data platforms. 230 00:11:52,600 --> 00:11:55,760 You want to know the 360 view, you want to have the 360° view 231 00:11:55,760 --> 00:11:58,440 of your customer to know how you upsell market, cross market, 232 00:11:58,760 --> 00:12:01,880 make money, right? Same concept in workforce. 233 00:12:01,880 --> 00:12:04,200 You want to know what your workers doing, why they're doing 234 00:12:04,200 --> 00:12:05,480 it. How's it more efficient? 235 00:12:05,480 --> 00:12:09,080 Like if you can drive down login times 10X, that's efficiency. 236 00:12:09,080 --> 00:12:11,360 If you login less, you can be more productive. 237 00:12:11,360 --> 00:12:14,320 And you know, everyone's talking about AI now you're going to 238 00:12:14,320 --> 00:12:16,920 want, you have to know what a worker's doing because if you 239 00:12:16,920 --> 00:12:21,800 start offloading work to a, to a bot, get to understand, is it 240 00:12:21,800 --> 00:12:24,000 ethical for that bot to do what that, what that person's doing? 241 00:12:24,000 --> 00:12:25,400 But AI is a different conversation. 242 00:12:25,400 --> 00:12:28,680 Not why not, not why we're here. But I do, I do see it very much 243 00:12:28,680 --> 00:12:32,400 so. And across many travels I had 244 00:12:32,400 --> 00:12:34,160 with a lot of friends who work in different companies, they're 245 00:12:34,160 --> 00:12:35,680 seeing the same thing. They they really are. 246 00:12:36,640 --> 00:12:39,840 So the last time you were here, we talked about some new, at 247 00:12:39,840 --> 00:12:42,840 least to me at the time, a year ago, we talked about shared 248 00:12:42,840 --> 00:12:47,080 signals framework, SSF and continuous access evaluation 249 00:12:47,080 --> 00:12:48,080 protocol. I got it right. 250 00:12:48,240 --> 00:12:50,480 Tape is how we pronounce it. CAEP. 251 00:12:50,880 --> 00:12:53,720 I want to take a stab at sort of summarizing it real quick and 252 00:12:53,720 --> 00:12:54,720 then you can tell me if I got it right. 253 00:12:54,720 --> 00:12:56,600 Because they feel this is an area that people are still kind 254 00:12:56,600 --> 00:12:59,240 of trying to get their heads around and, and understand. 255 00:12:59,240 --> 00:13:02,120 But I see this as potentially a next wave that we're going to 256 00:13:02,120 --> 00:13:04,040 see here. And I am, but let me start with 257 00:13:04,040 --> 00:13:06,880 SSF. It's basically a standardized 258 00:13:06,880 --> 00:13:10,720 messaging system that allows different security platforms to 259 00:13:10,720 --> 00:13:12,800 share threat information in real time. 260 00:13:12,800 --> 00:13:14,720 And I guess maybe not necessarily threat information, 261 00:13:14,720 --> 00:13:16,800 but share information in real time. 262 00:13:17,440 --> 00:13:20,320 Stated stated a little bit a little bit differently. 263 00:13:20,720 --> 00:13:22,680 It doesn't have to be a security platform or you just do 264 00:13:22,680 --> 00:13:26,880 platforms, but you're you're you're you're spot on and I. 265 00:13:26,880 --> 00:13:29,960 Guess what, it is it similar to what we feel like? 266 00:13:29,960 --> 00:13:32,440 Think of maybe like a service bus or a messaging bus. 267 00:13:34,040 --> 00:13:36,200 The messaging bus is how you orchestrate it. 268 00:13:36,480 --> 00:13:39,320 The framework is how you talk the same language because like 269 00:13:39,320 --> 00:13:40,960 to get to 0 trust people gotta talk. 270 00:13:41,400 --> 00:13:43,840 So if you speak Japanese and I speak English, I gotta 271 00:13:43,840 --> 00:13:45,880 translate, right? But as long as you speak the 272 00:13:45,880 --> 00:13:49,320 same framework, it works out. So if I, if you're company A and 273 00:13:49,320 --> 00:13:52,440 I'm, and I'm company BI, send you these three things and these 274 00:13:52,440 --> 00:13:54,760 three things together, you know, oh, these things map. 275 00:13:54,760 --> 00:13:57,600 So we're, we're good to go. So the messaging bus is more 276 00:13:57,600 --> 00:14:00,040 about how you orchestrate it. The framework is more about how 277 00:14:00,040 --> 00:14:04,280 you talk the same OK. And then Cape or continuous 278 00:14:04,280 --> 00:14:08,960 access evaluation profile is basically leveraging SSFI. 279 00:14:08,960 --> 00:14:09,880 Got the thumbs up. Thank you. 280 00:14:10,240 --> 00:14:14,440 To continuously monitor user access, user sessions, things 281 00:14:14,440 --> 00:14:17,160 like that. And then because it's an event, 282 00:14:17,400 --> 00:14:20,360 you're able to do maybe more dynamic things like, you know, 283 00:14:20,480 --> 00:14:24,840 access controls or just sharing that, hey, this particular thing 284 00:14:24,840 --> 00:14:29,880 happened and you share that on using SSF, other things can pick 285 00:14:29,880 --> 00:14:32,360 up on that and do what they want with it or not, right? 286 00:14:33,560 --> 00:14:36,800 Spot on. Very session based, very very 287 00:14:36,800 --> 00:14:39,560 user heavy. You it is. 288 00:14:39,560 --> 00:14:41,280 It is a a layer on the framework. 289 00:14:41,280 --> 00:14:43,240 You're correct. Cape can be done with more than 290 00:14:43,240 --> 00:14:44,720 just users though. It's identities. 291 00:14:44,720 --> 00:14:49,880 So you can do different things like groups of people like or or 292 00:14:49,880 --> 00:14:51,280 units. You can do people, you can do IP 293 00:14:51,280 --> 00:14:53,040 addresses, you can even do machines if you wanted to. 294 00:14:54,080 --> 00:14:57,040 Not there yet, but you are spot on about it. 295 00:14:57,120 --> 00:14:59,680 You are absolutely correct. So Jim and I had this 296 00:14:59,680 --> 00:15:01,720 conversation a little bit. I'm going to throw something out 297 00:15:01,720 --> 00:15:03,880 there that we we haven't really had a chance to talk about, but 298 00:15:04,320 --> 00:15:11,880 is can non humans have an identity or is identity reserved 299 00:15:11,880 --> 00:15:15,280 for humans going to? Channel my inner Dean here. 300 00:15:17,800 --> 00:15:22,360 Non humans can have an identity, but not every non human identity 301 00:15:22,360 --> 00:15:24,480 should be backed by a carbon based identity. 302 00:15:25,200 --> 00:15:26,680 I like that description actually. 303 00:15:26,680 --> 00:15:28,760 That's pretty good because I, I feel like there's a delineation 304 00:15:28,760 --> 00:15:34,440 between identity and account or whatever thing you want to call 305 00:15:34,480 --> 00:15:37,680 the access vehicle of how you're going to get to something. 306 00:15:37,680 --> 00:15:39,840 That's the way I look at it. OK, we're going to stop there 307 00:15:39,840 --> 00:15:42,200 because I'm, I'm winning now because that means you're, you 308 00:15:42,200 --> 00:15:46,600 agree with me and not Jim. So sorry, Jim, I. 309 00:15:46,640 --> 00:15:48,120 Am Jim. I'm acting as. 310 00:15:49,840 --> 00:15:52,760 The other thing that I've noticed is Interop events seem 311 00:15:52,760 --> 00:15:57,280 to be picking up for SSF and and I guess maybe Cape by extension 312 00:15:57,280 --> 00:15:59,040 is part of that. There was one at the Gartner 313 00:15:59,040 --> 00:16:02,680 conference late last year that I know like Mike Kaiser was, was a 314 00:16:02,680 --> 00:16:07,240 part of. And I guess tell me about these 315 00:16:07,240 --> 00:16:11,440 interop events like what are these things and help other 316 00:16:11,440 --> 00:16:15,560 people, normal people understand what what value they provide to 317 00:16:16,200 --> 00:16:18,360 framework developments like like SSF and Cape? 318 00:16:19,400 --> 00:16:21,600 So the interoperability events happened at Gartner. 319 00:16:21,600 --> 00:16:23,440 I mean that they're huge. There's one happening in London 320 00:16:23,440 --> 00:16:25,240 as well. The last one was it was at 321 00:16:25,240 --> 00:16:32,800 Dallas, huge turn out. I mean it was magnanimous here. 322 00:16:32,800 --> 00:16:36,560 So Mike Kaiser was there from Sail Point Otto Toshi Begwale, 323 00:16:36,960 --> 00:16:40,560 the the godfather of Cape, he works for, he works for signal 324 00:16:40,560 --> 00:16:44,840 ease. He was there, he was blown away 325 00:16:44,840 --> 00:16:47,280 by how many, how many companies and how many vendors are have 326 00:16:47,280 --> 00:16:48,960 have adopted in our in our promoting. 327 00:16:48,960 --> 00:16:52,560 And it was again immense. Like I know I'm like touting it, 328 00:16:52,560 --> 00:16:55,000 but it was it was like when he gave me the readout, I was just 329 00:16:55,000 --> 00:16:57,640 like, wow, this many people. It was enough so that like, 330 00:16:57,640 --> 00:17:01,920 because I'm also a side note, I'm also a Co chair of the 331 00:17:01,920 --> 00:17:06,200 shared channels working group along with Shane Neil from Cisco 332 00:17:06,200 --> 00:17:09,800 and and and Otto. We had to be very careful about 333 00:17:09,800 --> 00:17:13,760 how we made our made SSF backwards compatible to not 334 00:17:13,760 --> 00:17:17,400 break implementers. So the the interoperability 335 00:17:17,400 --> 00:17:20,720 event is there to to really understand how companies can 336 00:17:20,720 --> 00:17:24,560 share security information and demonstrate how like vendors 337 00:17:25,240 --> 00:17:29,520 that support it can help you achieve zero trust principles. 338 00:17:29,520 --> 00:17:33,040 Because again, the way the way you that's where the link zero 339 00:17:33,040 --> 00:17:37,840 trust and like Cape ish things is we're her talk about is you 340 00:17:37,840 --> 00:17:40,200 never trust. You always verify continuous 341 00:17:40,200 --> 00:17:43,360 identity is the foundation of a zero trust environment. 342 00:17:43,360 --> 00:17:45,680 And how you get to that is you got to talk, you got to 343 00:17:45,680 --> 00:17:47,440 communicate. How do you communicate shared 344 00:17:47,440 --> 00:17:50,640 signals, right? Cape events ride on a searchable 345 00:17:50,640 --> 00:17:52,960 framework. So that interop event is how do 346 00:17:52,960 --> 00:17:56,960 you share things like session revoked, assurance level change, 347 00:17:56,960 --> 00:18:00,880 token claims change, session presented, session established 348 00:18:00,920 --> 00:18:03,480 or a risk level change. Those are all Cape events. 349 00:18:04,160 --> 00:18:07,360 But if I send you an event, Jeff, it says, hey, this guy, 350 00:18:07,360 --> 00:18:10,480 Sean looks suspicious. You're like, oh, I have Sean on 351 00:18:10,480 --> 00:18:12,800 my system. I got a Nope, Sean's gone. 352 00:18:13,200 --> 00:18:16,200 But that's hard to do because you'd have an API. 353 00:18:16,200 --> 00:18:18,040 You have an API. How do you, oh, you speak this 354 00:18:18,040 --> 00:18:19,360 language? I speak this language. 355 00:18:19,360 --> 00:18:24,080 Whereas Cape gives you the mechanism whereas SSF gives you 356 00:18:24,080 --> 00:18:26,280 the highway to say how do I how do I communicate? 357 00:18:27,960 --> 00:18:31,440 And so I know you weren't able to make the one in Dallas 358 00:18:31,480 --> 00:18:34,040 because you were introducing, you know, new members of the 359 00:18:34,040 --> 00:18:37,360 family to you, to your side. What I guess take me behind the 360 00:18:37,360 --> 00:18:38,920 curtains if you can. Like, do you know what takes 361 00:18:38,920 --> 00:18:40,440 place these things? Is it basically a bunch of 362 00:18:40,440 --> 00:18:42,920 people talking? Is there like demonstrations 363 00:18:42,920 --> 00:18:44,080 actually? You're right. 364 00:18:44,080 --> 00:18:45,680 It it's demonstrated. So they actually, they actually 365 00:18:45,680 --> 00:18:48,600 get a room there and they set up tables and they actually 366 00:18:48,600 --> 00:18:50,880 showcase like here's how this works. 367 00:18:50,880 --> 00:18:53,480 Like no smoke and mirrors, like actual hands on keyboard. 368 00:18:53,480 --> 00:18:58,120 Like watch this Cisco interrupted with vendor company 369 00:18:58,120 --> 00:19:00,200 A for example. And I'll use Otto and Shane, for 370 00:19:00,200 --> 00:19:02,080 example. Cisco and Signal can talk, 371 00:19:02,440 --> 00:19:05,000 right? Or like to be very agnostic 372 00:19:05,000 --> 00:19:08,080 here, Microsoft Octa can talk, Octa and Bing can talk. 373 00:19:08,080 --> 00:19:09,960 I'm not saying they can or they can't, but just it's that kind 374 00:19:09,960 --> 00:19:12,280 of that kind of that kind of that kind of a situation. 375 00:19:12,280 --> 00:19:14,480 So company A can do it at Company B. 376 00:19:14,480 --> 00:19:18,080 It doesn't mean that there's there's not political or legal 377 00:19:18,080 --> 00:19:20,760 barriers, but you've demonstrated the ability that I 378 00:19:20,760 --> 00:19:22,960 can share with it with another company. 379 00:19:23,720 --> 00:19:25,160 But then legally can you do that? 380 00:19:25,160 --> 00:19:27,920 That's a whole different conversation, but it's a, it's a 381 00:19:27,920 --> 00:19:31,960 really hands on interrupt to showcase that we can we can 382 00:19:31,960 --> 00:19:33,880 actually share, we can actually share information. 383 00:19:33,880 --> 00:19:36,240 So it's actually really, really, really awesome. 384 00:19:37,160 --> 00:19:41,840 I'm I'm convinced that this is really important and I don't 385 00:19:41,840 --> 00:19:45,920 know if people really understand it yet because it probably won't 386 00:19:45,920 --> 00:19:50,800 manifest to normal. I am people like me into 387 00:19:50,800 --> 00:19:54,000 products probably for a little while still yet while products 388 00:19:54,000 --> 00:19:56,280 are being updated or developed to take advantage of it. 389 00:19:56,760 --> 00:20:00,280 But the idea here of having sort of this shared language and 390 00:20:00,280 --> 00:20:04,600 being able to take the best out of different products and 391 00:20:04,600 --> 00:20:07,280 combine them in new ways that we just haven't been able to do 392 00:20:07,280 --> 00:20:11,760 before because everything's been so siloed and proprietary. 393 00:20:12,080 --> 00:20:15,360 I, I don't, I don't, I, I don't want to sell this short because 394 00:20:15,360 --> 00:20:18,440 I think this is really a really exciting development and it's 395 00:20:18,440 --> 00:20:20,080 going to be open up a lot of eyes for people. 396 00:20:20,440 --> 00:20:23,480 Am I drinking the Kool-aid too much or are you with me? 397 00:20:24,360 --> 00:20:25,920 I'm thumbs up. I'm right with you. 398 00:20:27,000 --> 00:20:31,160 It, it is going to breed in Iran because not everyone, not every 399 00:20:31,160 --> 00:20:33,840 company is going to be all in this vendor. 400 00:20:34,160 --> 00:20:36,240 They're going to be, I have a suite of vendors or I have a 401 00:20:36,240 --> 00:20:41,320 suite and it's going to force standards to work because I, I, 402 00:20:41,400 --> 00:20:45,240 I keep saying this standards will set you free if you adopt A 403 00:20:45,240 --> 00:20:49,360 standard, it works, right? So. 404 00:20:49,360 --> 00:20:54,240 On the timeline of kind of where we're at as a industry, where do 405 00:20:54,240 --> 00:20:57,880 you see us now? Because I feel like maybe we're 406 00:20:57,880 --> 00:21:02,080 on the bubble of maybe another era or another phase or a coming 407 00:21:02,080 --> 00:21:03,200 phase that might be coming through. 408 00:21:03,200 --> 00:21:07,200 I am but help me understand, like where do you see I am today 409 00:21:07,360 --> 00:21:11,760 for people? It's a very loaded question. 410 00:21:11,760 --> 00:21:13,000 It's actually a good question too. 411 00:21:13,240 --> 00:21:16,040 I think where we're at right now is we're in a mixture of like an 412 00:21:16,720 --> 00:21:19,800 admin and runtime. So we're still very much like 413 00:21:20,560 --> 00:21:23,160 offline back office happens before login. 414 00:21:23,160 --> 00:21:25,320 And then there's the runtime that can't ever go down. 415 00:21:25,320 --> 00:21:29,360 Like I got a login, I have SSO, I need access management like 416 00:21:29,360 --> 00:21:32,120 and the admin pieces are more like your IGA stuff like your, 417 00:21:32,120 --> 00:21:34,480 your provisioning, your role management, your access request, 418 00:21:34,480 --> 00:21:38,920 your certifications, pamish things, you know, PIM 419 00:21:39,080 --> 00:21:40,840 privileged, any privileged, any management things. 420 00:21:41,960 --> 00:21:44,840 So it's like an awakening like the calm before the storm. 421 00:21:45,320 --> 00:21:48,080 But I right now we're still very much the between runtime and 422 00:21:48,080 --> 00:21:52,320 admin time. And it's starting to creep into 423 00:21:53,560 --> 00:21:58,000 efficiency of work and even security because stay full 424 00:21:58,000 --> 00:22:01,520 entitlements that last for years as you, as you travel between 425 00:22:01,520 --> 00:22:05,280 jobs or job titles in your where you're employed. 426 00:22:06,240 --> 00:22:08,320 You shouldn't have access to things if you, if you, if you 427 00:22:08,320 --> 00:22:11,520 change job roles. But right now that's on a that's 428 00:22:11,520 --> 00:22:15,480 on your new hire manager to say, oh, Sean left his job A to job B 429 00:22:16,080 --> 00:22:19,440 go revoke roles or entitlements. We both know that never happens 430 00:22:19,440 --> 00:22:21,720 at companies. It it just doesn't happen 431 00:22:21,960 --> 00:22:23,640 because they just don't have the cycles right. 432 00:22:24,280 --> 00:22:25,840 Or they forget, right? Humans involved. 433 00:22:25,840 --> 00:22:27,600 Humans are kind of human, as I like to kind of put it. 434 00:22:29,160 --> 00:22:30,560 It's. Go ahead. 435 00:22:31,280 --> 00:22:35,600 No, we're we're very much at that pre Renaissance layer. 436 00:22:35,640 --> 00:22:37,320 Like it's like, OK, we got to do something. 437 00:22:37,360 --> 00:22:38,920 We don't know what that something is yet, but it's 438 00:22:38,920 --> 00:22:41,800 something. I like that, that description 439 00:22:41,800 --> 00:22:44,880 though, of admin and runtime, because I think that maybe helps 440 00:22:44,880 --> 00:22:46,400 people understand. It's like, yeah, admin, right? 441 00:22:46,400 --> 00:22:49,440 It's people doing stuff and they're doing it to the best of 442 00:22:49,440 --> 00:22:53,920 their ability, I hope, right, Or at least best effort, and you're 443 00:22:53,920 --> 00:22:56,320 only as fast as the humans can do it. 444 00:22:56,640 --> 00:23:00,280 This idea of runtime though, I feel like it's like this is 445 00:23:00,280 --> 00:23:03,240 where the puck is going and hockey and we're skating towards 446 00:23:03,240 --> 00:23:06,600 it. So this idea of runtime is I'm 447 00:23:06,600 --> 00:23:12,080 assuming things like automation and more data-driven or maybe 448 00:23:12,080 --> 00:23:15,320 it's more event driven, right? And leveraging things like SSF 449 00:23:15,320 --> 00:23:16,720 and Cape and other things like that. 450 00:23:17,160 --> 00:23:18,400 Is that fair? Are they just? 451 00:23:18,560 --> 00:23:21,240 If I say something is event driven or data-driven, are they 452 00:23:21,240 --> 00:23:24,680 the same thing? So one quick, one quick 453 00:23:26,200 --> 00:23:28,240 terminology change there. The runtime is more of like 454 00:23:28,240 --> 00:23:31,920 where we're at now like login, OK, moving towards event driven, 455 00:23:32,200 --> 00:23:35,160 you're correct. And now your question is, is it 456 00:23:35,160 --> 00:23:37,320 a vent driven or deed driven? The answer is yes. 457 00:23:37,520 --> 00:23:40,000 Chicken and the egg carton, the horse, peanut butter and Jelly, 458 00:23:40,000 --> 00:23:43,400 which, which one you put on 1st? We are very much there. 459 00:23:43,720 --> 00:23:49,560 We're, we're most companies that I, that I'm, that I have people 460 00:23:49,560 --> 00:23:52,240 that I'm friends with in, they're doing it. 461 00:23:52,240 --> 00:23:54,800 They just don't know they're doing it or they're doing it in 462 00:23:54,800 --> 00:23:57,720 pockets like, you know, oh, I had to side project this thing. 463 00:23:57,720 --> 00:23:59,480 They're like, oh, I have this data feed coming in. 464 00:24:00,240 --> 00:24:01,480 You're doing it, you just don't know it. 465 00:24:01,880 --> 00:24:05,560 So if you're making, if you're making decisions off of data and 466 00:24:05,960 --> 00:24:08,960 taking actions on it, you're, you're essentially doing event 467 00:24:08,960 --> 00:24:12,200 driven IAM, which is AKA continuous. 468 00:24:12,200 --> 00:24:13,920 Any management or whatever garden wants to call it. 469 00:24:14,000 --> 00:24:18,520 I Ian and I Ian Glazer and I will talk like they will fix the 470 00:24:18,520 --> 00:24:20,200 terminology. We're just going to call it one 471 00:24:20,200 --> 00:24:21,480 of those two things and hopefully it sticks. 472 00:24:21,480 --> 00:24:23,720 And if it doesn't, great, we'll we'll we'll pick a new buzzword, 473 00:24:23,720 --> 00:24:27,400 right. But you were right, you need 474 00:24:27,400 --> 00:24:31,440 data to drive the vents, but in order to get data, you need 475 00:24:31,440 --> 00:24:33,320 events. So chicken on the egg, right? 476 00:24:34,040 --> 00:24:37,280 So that unlocks a lot of things like signal processing, 477 00:24:38,320 --> 00:24:39,560 continuous auditing. It changes. 478 00:24:39,560 --> 00:24:41,880 It's going to change governance as, as, as we know it, which is 479 00:24:41,880 --> 00:24:44,720 a different conversation because that's hours of talk there. 480 00:24:46,120 --> 00:24:48,880 It's going to change the dating management, session management, 481 00:24:48,880 --> 00:24:51,200 access management. And it gets you to like zero 482 00:24:51,200 --> 00:24:55,240 trust, but the real zero trust, not like network access, but 483 00:24:55,240 --> 00:24:58,880 like essentially moving more towards a zero trust foundation. 484 00:24:59,640 --> 00:25:03,840 But I can't trust enough that with change, auditing, 485 00:25:03,960 --> 00:25:05,800 governance, it's all going to change. 486 00:25:06,160 --> 00:25:09,440 But again, slowly, bits and pieces, not, not, not not all at 487 00:25:09,440 --> 00:25:13,560 once, But it is coming. It is like the the golden age of 488 00:25:13,560 --> 00:25:15,880 I am the Renaissance. It's like, hey, I am figured 489 00:25:15,880 --> 00:25:17,000 out. Oh, this is event driven 490 00:25:17,000 --> 00:25:18,640 architecture. This is awesome. 491 00:25:18,640 --> 00:25:20,040 Let's do this. And it's like it is. 492 00:25:21,600 --> 00:25:24,760 Like we just invented like I don't know, the the calculator 493 00:25:24,760 --> 00:25:27,040 or something like that. It's like it's going to get a 494 00:25:27,040 --> 00:25:31,760 lot better, but I, I tend to be a little more conservative when 495 00:25:31,760 --> 00:25:36,400 I think timelines and I am because while certainly 496 00:25:36,400 --> 00:25:38,920 organizations might be on cutting edge, I think for every 497 00:25:38,920 --> 00:25:41,760 cutting edge organization there's probably 100 or 1000 498 00:25:42,000 --> 00:25:45,160 that are not right. They're still trying to get the 499 00:25:45,160 --> 00:25:47,560 basics done. They're still maybe accepting a 500 00:25:47,560 --> 00:25:50,240 fax and saying here's my onboarding form, right to get 501 00:25:50,240 --> 00:25:53,360 onboarded or they're just now getting into multi factor 502 00:25:53,360 --> 00:25:55,720 authentication and maybe they're forced to do it because of 503 00:25:55,720 --> 00:25:57,880 either cyber risk or an event or things like that. 504 00:25:58,640 --> 00:26:03,960 As much as I like where this is going, I tend to be more 505 00:26:03,960 --> 00:26:05,400 conservative from a timeline perspective. 506 00:26:05,400 --> 00:26:08,680 So I'm going to throw out there something and say, OK, is this 507 00:26:08,840 --> 00:26:11,640 like for my, from my perspective, I think this is a 5 508 00:26:11,640 --> 00:26:18,160 to 10 year sort of migration or shift from runtime to event 509 00:26:18,160 --> 00:26:22,720 driven for the majority of I would call organizations that 510 00:26:22,720 --> 00:26:25,680 are doing something for identity to really kind of do it. 511 00:26:26,040 --> 00:26:29,520 I don't think it is like this is going to happen this year or 512 00:26:29,520 --> 00:26:31,720 next year. I think those are going to be 513 00:26:31,720 --> 00:26:33,680 leading edge. They're going to be early 514 00:26:33,680 --> 00:26:35,200 adopters. They're going to be 515 00:26:35,200 --> 00:26:37,720 organizations that are well funded and really have their 516 00:26:37,720 --> 00:26:41,440 sort of identity act together. Is that a fair? 517 00:26:41,440 --> 00:26:43,080 And I don't wanna call it a criticism 'cause I don't think 518 00:26:43,080 --> 00:26:44,600 it really is criticism. It's just, hey, this is the 519 00:26:44,600 --> 00:26:47,760 timing of the real world. But is that a fair, I guess, 520 00:26:48,680 --> 00:26:50,880 observation that I'm having? Or should I readjust that's 521 00:26:50,880 --> 00:26:54,040 amount? If only money grew on trees, 522 00:26:54,040 --> 00:26:59,240 right? The fact is businesses operate 523 00:26:59,240 --> 00:27:01,640 on a budget and everyone's budget is different. 524 00:27:02,360 --> 00:27:05,280 I can see the the mom and pop shops going slower. 525 00:27:05,480 --> 00:27:09,240 I can see the companies that do Billings and trillions of 526 00:27:09,240 --> 00:27:12,040 dollars in revenue to have more risk will adopt this faster. 527 00:27:12,560 --> 00:27:14,800 It's going to sound crazy, but it's going to be it's going to 528 00:27:14,800 --> 00:27:17,760 be a risk based approach. Because if you look at it from 529 00:27:17,760 --> 00:27:20,480 from that aspect, you're going to want to secure something that 530 00:27:20,480 --> 00:27:24,080 makes $14 million a minute. Whereas if you're securing a 531 00:27:24,080 --> 00:27:28,200 flower shop that brings in $100 revenue a year, no. 532 00:27:28,200 --> 00:27:30,040 Well, if. You're doing a flower shop at 533 00:27:30,040 --> 00:27:32,000 $100 a year Maybe. Maybe. 534 00:27:32,000 --> 00:27:35,200 It's not really a shop, it's more of a an Etsy or a hobby. 535 00:27:35,320 --> 00:27:37,000 At that point. But. 536 00:27:37,200 --> 00:27:40,000 But you, you make, you make a, you make a solid point where I 537 00:27:40,000 --> 00:27:42,880 don't think it's 5:00 to 10:00. I, I, I, I think it's three to 538 00:27:42,880 --> 00:27:44,640 five, I think. Organizations will move that 539 00:27:44,640 --> 00:27:47,240 quickly on to this. I think they're not gonna have a 540 00:27:47,240 --> 00:27:50,880 choice because of the advent of technology and how fast it's 541 00:27:50,880 --> 00:27:55,440 going where even if they can't move it that fast. 542 00:27:58,000 --> 00:28:01,040 I mean, the what I'm seeing and I am right now is the startup 543 00:28:01,040 --> 00:28:04,680 community is rampant. They're they're taken off. 544 00:28:05,240 --> 00:28:07,400 There's a lot of start-ups out of that are going to offer this 545 00:28:07,400 --> 00:28:12,480 as a service and it's going to work, do you think? 546 00:28:12,480 --> 00:28:15,880 Organizations get pulled along by their vendors. 547 00:28:16,280 --> 00:28:18,840 Or do organizations push their vendors in this case? 548 00:28:19,800 --> 00:28:22,600 Depends on depends on the organization, but some people 549 00:28:22,600 --> 00:28:24,320 like the tell me what you want me to do approach. 550 00:28:24,320 --> 00:28:25,840 Some people like to actually drive a vendor. 551 00:28:25,880 --> 00:28:30,120 I mean, I've, I've, I've seen both in my tenure across my 552 00:28:30,120 --> 00:28:32,800 career. I think you're going to get the 553 00:28:32,800 --> 00:28:35,520 early adopters that are going to push the vendors to, to, to play 554 00:28:35,520 --> 00:28:37,400 with standards like Cape and SSF. 555 00:28:38,560 --> 00:28:41,520 But like every company's in in it, every company has businesses 556 00:28:41,520 --> 00:28:44,520 just to make money. But if you, if you're marketing 557 00:28:44,520 --> 00:28:49,400 to like the Fortune 50s makes sense. 558 00:28:50,080 --> 00:28:54,960 The Fortune 5 hundreds again, you, you, you hit a nail on the 559 00:28:54,960 --> 00:28:57,360 head. Is it data or event companies 560 00:28:57,360 --> 00:29:01,080 that know their data that can invest in their data will drive 561 00:29:01,080 --> 00:29:02,920 this because they're gonna, they're gonna, they're gonna 562 00:29:02,920 --> 00:29:05,080 drive the vendors and be like, here's how I wanna talk to you. 563 00:29:05,080 --> 00:29:08,400 I wanna talk to you using these standards Then. 564 00:29:08,400 --> 00:29:11,480 And then at that point, this sounds very draconian, but 565 00:29:12,040 --> 00:29:15,240 things like your ID, PS your Pam systems and your IG assistant 566 00:29:15,240 --> 00:29:17,480 become, become appliances, but they're important appliances. 567 00:29:17,480 --> 00:29:20,000 It's just, it's not gonna be like a converged solution. 568 00:29:20,000 --> 00:29:23,680 You're not gonna have like, oh, vendor A does all my stuff that 569 00:29:23,680 --> 00:29:27,720 I, that chip is sale. I think get my opinion again it 570 00:29:27,760 --> 00:29:29,440 it can work for some companies but not all. 571 00:29:30,560 --> 00:29:33,480 We kind of hit where I was thinking here is, is it is a 572 00:29:33,480 --> 00:29:38,200 data problem to solve for a lot of organizations just don't have 573 00:29:38,200 --> 00:29:41,040 good data management or maybe they're collecting, they haven't 574 00:29:41,040 --> 00:29:43,920 done anything with it. So now we're back to that 575 00:29:43,920 --> 00:29:48,360 chicken egg of events, generating data data, being able 576 00:29:48,360 --> 00:29:51,760 to generate more events, right? Things like that in the real 577 00:29:51,760 --> 00:29:57,360 world, what do you see as like, OK, you need these things to 578 00:29:57,360 --> 00:30:00,720 really think about this next step when it goes to event 579 00:30:00,720 --> 00:30:03,920 driven, is it go get your data. If you're if you know you're 580 00:30:03,920 --> 00:30:08,120 talking to the the millions of identity, the center viewers and 581 00:30:08,120 --> 00:30:12,120 listeners and they're like Sean told me to go do this so we can 582 00:30:12,120 --> 00:30:15,920 set up for the next stage, which is this what is this? 583 00:30:16,080 --> 00:30:20,600 And then, then. The biggest thing is to have a 584 00:30:20,600 --> 00:30:26,880 story and know your data because you could go invest tons of 585 00:30:26,880 --> 00:30:28,720 money in this. And if your data is just swampy, 586 00:30:28,720 --> 00:30:35,760 you're going to have a swamp. When I say know your data, clean 587 00:30:35,760 --> 00:30:38,200 data, Marshall data. And I know that sounds like a 588 00:30:38,240 --> 00:30:43,120 very a very pipe dream, but get your identity data right first. 589 00:30:43,120 --> 00:30:46,320 And what does that mean? So how many companies onboard 590 00:30:46,320 --> 00:30:49,600 people without doing verification or proofing in the 591 00:30:49,600 --> 00:30:54,400 workforce? A lot they take HCM systems work 592 00:30:54,400 --> 00:30:55,920 for it. Like, yeah, I approve the person 593 00:30:55,920 --> 00:30:59,040 they faxed me over the I nines and the the thought license 594 00:30:59,040 --> 00:31:04,000 thing, manual entry. I mean, let's face it, it's out. 595 00:31:04,000 --> 00:31:06,720 It's out. It's public knowledge that there 596 00:31:06,720 --> 00:31:11,400 are some countries that are coming after domestically and 597 00:31:11,400 --> 00:31:13,360 they're faking. They're faking documents. 598 00:31:13,680 --> 00:31:16,040 Jen, AI is a thing. It's very easy to fake stuff 599 00:31:16,040 --> 00:31:19,960 now, right? So getting that right at the 600 00:31:19,960 --> 00:31:23,200 entry point makes everything else clean and simple. 601 00:31:23,480 --> 00:31:26,000 But if you get it wrong at the entry point, you create a 602 00:31:26,000 --> 00:31:28,560 fractured web of just distributed nonsensory. 603 00:31:28,720 --> 00:31:32,400 And yes, you can trademark that word and use it royalty free. 604 00:31:32,400 --> 00:31:36,200 But you want to create line segments like you want to have 605 00:31:36,200 --> 00:31:42,280 event data, event action. But if you have is, is this 606 00:31:42,280 --> 00:31:44,160 Jeff? I don't know. 607 00:31:45,040 --> 00:31:47,920 But if you give Jeff the wrong entitlement, security risk, if 608 00:31:47,920 --> 00:31:52,400 you give, if you onboard Jeff twice now I have 18 accounts to 609 00:31:52,400 --> 00:31:55,960 worry about South in a way, if you get your data right, you can 610 00:31:55,960 --> 00:32:00,120 decrease your spend across the board on Pam, IGA systems, 611 00:32:00,360 --> 00:32:01,640 account management. You won't have, you won't have 612 00:32:01,640 --> 00:32:03,480 account drift. You won't have account sprawl, 613 00:32:03,560 --> 00:32:05,880 real sprawl. All those are real problems. 614 00:32:06,400 --> 00:32:10,320 They always start at the base foundation of your data. 615 00:32:10,320 --> 00:32:15,920 Like know your data when I say know it intimately, know it like 616 00:32:16,400 --> 00:32:21,000 know how bad it is. Like, do you accept people to 617 00:32:21,000 --> 00:32:22,400 come in with like my last name's? 618 00:32:22,400 --> 00:32:25,280 Oh, really? Why? 619 00:32:26,320 --> 00:32:28,520 Oh, it's an apostrophe. Oh, I hate when that happens, 620 00:32:28,560 --> 00:32:30,440 right. You don't want to do the, the 621 00:32:30,440 --> 00:32:32,760 ampersand NBSP calling. No, I don't want to do that. 622 00:32:32,760 --> 00:32:34,440 That's just what is that? We're just going to scrap that, 623 00:32:34,440 --> 00:32:37,440 right. So, and, and, and this is, this 624 00:32:37,440 --> 00:32:39,640 is, this is a different topic, but when you get to continuous 625 00:32:39,640 --> 00:32:43,200 management, you're, you're providing building blocks for an 626 00:32:43,200 --> 00:32:45,840 architecture that has real benefits for security, privacy 627 00:32:45,840 --> 00:32:48,280 and user experience. And you're gonna, you're 628 00:32:48,280 --> 00:32:50,600 evaluating context and data signals. 629 00:32:50,720 --> 00:32:52,880 Context is supplementary to data signals. 630 00:32:52,880 --> 00:32:57,200 So getting your, you know, going identity first as a, as a dream 631 00:32:57,200 --> 00:33:02,320 for most companies. But how you on board and who you 632 00:33:02,320 --> 00:33:03,760 are as a person are two different things. 633 00:33:05,000 --> 00:33:08,120 Prove to me you are who you say you are through a vetted process 634 00:33:08,120 --> 00:33:12,320 using identity document verification like talking 635 00:33:12,320 --> 00:33:16,200 licenses, passports, etcetera. Once I have that and you are who 636 00:33:16,200 --> 00:33:19,680 you say you are, the rest of it is just a relationship and it's 637 00:33:19,680 --> 00:33:21,520 an it's an engagement and it's just consent. 638 00:33:22,280 --> 00:33:23,640 Jeff wants to work for company A. 639 00:33:23,640 --> 00:33:26,280 Do you consent her? Do you consent to share this 640 00:33:26,280 --> 00:33:27,640 information with me? Absolutely. 641 00:33:27,880 --> 00:33:29,120 Great. This is you. 642 00:33:29,840 --> 00:33:33,400 I'm good to go. I know that you now now 643 00:33:33,600 --> 00:33:37,880 contextual signals. Jeff always logs in using a 644 00:33:38,360 --> 00:33:41,840 device from a location to these to these places. 645 00:33:41,840 --> 00:33:44,120 It feels very Orwellian, but it's not. 646 00:33:44,520 --> 00:33:48,720 It's meant to keep you safe and your company safe because it's 647 00:33:48,760 --> 00:33:50,760 it's a problem right now. The government's passing 648 00:33:50,760 --> 00:33:53,760 sweeping regulation to where they're putting the onus on the 649 00:33:53,760 --> 00:33:57,240 companies to keep their data safe because we're a target. 650 00:33:57,560 --> 00:34:00,640 Every company, that every company is a target and goes 651 00:34:00,640 --> 00:34:02,800 back down to never trust, always verify. 652 00:34:03,000 --> 00:34:05,760 That's the beginning. Continuous identity is the 653 00:34:05,760 --> 00:34:07,600 foundation of a zero trust environment. 654 00:34:08,199 --> 00:34:11,280 As much context you can pull into your, your, your data 655 00:34:11,280 --> 00:34:14,960 fabric if you will, like you pulling stuff like your ITSM 656 00:34:14,960 --> 00:34:20,040 systems, your CMDB systems, your change management, JIRA, GitHub, 657 00:34:21,320 --> 00:34:25,199 anything you can hang off of an identity that says this is what 658 00:34:25,199 --> 00:34:27,320 Jeff normally does and it's good. 659 00:34:28,000 --> 00:34:30,360 You can derive what's normal, what's not normal, because at 660 00:34:30,360 --> 00:34:32,320 the end they're not that no one should be tracking what you're 661 00:34:32,320 --> 00:34:36,360 doing. It's more of that one time you 662 00:34:36,360 --> 00:34:39,560 accept that push, you're like, oh, I shouldn't have done that. 663 00:34:39,840 --> 00:34:42,560 That's the time. That's what you don't want to 664 00:34:42,560 --> 00:34:47,920 happen. So the this this idea of data 665 00:34:48,000 --> 00:34:52,639 hygiene and knowing your data really strikes me as a business 666 00:34:52,639 --> 00:34:57,080 process problem to solve for, you know, you're a lot of times 667 00:34:57,080 --> 00:35:00,720 identity teams are not the ones generating the data. 668 00:35:01,800 --> 00:35:03,560 And I'll go beyond things like authentication and 669 00:35:03,560 --> 00:35:04,680 authorization, things like that, right? 670 00:35:04,680 --> 00:35:07,920 Might be application owners who really are the ones who are, you 671 00:35:07,920 --> 00:35:09,160 know, generating authorization data. 672 00:35:09,160 --> 00:35:11,240 It might be like you mentioned that, you know, HR teams or 673 00:35:11,240 --> 00:35:13,040 Hirs. However, your organization works 674 00:35:13,560 --> 00:35:16,520 for people data. Maybe there's not even a source 675 00:35:16,520 --> 00:35:19,120 for non humans. Maybe it's well, service 676 00:35:19,120 --> 00:35:22,080 accounts to live in our Active Directory and it is what it is. 677 00:35:22,600 --> 00:35:28,080 What are some tips for having this this this discussion with 678 00:35:28,080 --> 00:35:32,120 non-technical people to help them understand that we need to 679 00:35:32,120 --> 00:35:36,000 fix the business process so we can fix the data problem? 680 00:35:36,880 --> 00:35:37,920 Or. Part of the data problem I 681 00:35:37,920 --> 00:35:40,120 should say. I think I already alluded to it. 682 00:35:40,440 --> 00:35:44,240 You have to have proofing and verification at the gate whether 683 00:35:44,240 --> 00:35:49,040 you do it at hiring, interview or onboarding. 684 00:35:51,760 --> 00:35:53,880 A lot of times the person you interview for the job who shows 685 00:35:53,880 --> 00:35:57,800 up may not be the same person. That's the security aspect mind, 686 00:35:57,800 --> 00:35:58,880 I think. So you're talking about business 687 00:35:58,880 --> 00:36:04,080 process if you really look at it from identity first, not access 688 00:36:04,080 --> 00:36:08,360 first standpoint. If you flip the model and say 689 00:36:08,800 --> 00:36:12,040 Jeff wants to work in a company, prove to me who you are Jeff. 690 00:36:12,080 --> 00:36:13,200 OK, thank you. Appreciate that. 691 00:36:13,200 --> 00:36:16,680 Now you have an engagement with a company I want, I want to 692 00:36:16,680 --> 00:36:21,400 employ Jeff a company a awesome identity drives it all. 693 00:36:21,520 --> 00:36:26,680 So I now can provision to your HRHIS systems and seamless user 694 00:36:26,680 --> 00:36:29,720 experience. You can do, let's use the word 695 00:36:29,720 --> 00:36:31,840 birthright provisioning, which I personally don't like because 696 00:36:31,840 --> 00:36:33,800 it's, again, you need good data for this. 697 00:36:34,800 --> 00:36:38,200 So if you hang, hang off this great identity data and you have 698 00:36:38,200 --> 00:36:42,760 supplemental HRHRISHCM data attribution, you can start 699 00:36:42,760 --> 00:36:47,720 driving things like if Jeff's the manager in finance, he gets 700 00:36:47,760 --> 00:36:51,400 access to these things. But vice versa, if I still know 701 00:36:51,400 --> 00:36:54,480 you're Jeff and you're always Jeff and you say who you are and 702 00:36:54,480 --> 00:36:58,680 you change jobs automation or it's like, oh, there's another 703 00:36:59,560 --> 00:37:01,800 manager had to onboard Jeff again because they got a new job 704 00:37:01,800 --> 00:37:05,040 title and you know. Or maybe converted from 705 00:37:05,040 --> 00:37:08,280 contractor to Employee or vice? Versa, let's go there yeah, I'm 706 00:37:08,280 --> 00:37:12,800 glad you went there a lot a lot, a lot of times it's I can't wait 707 00:37:12,800 --> 00:37:15,480 for process of the fire. I'm just going to circumvent him 708 00:37:15,480 --> 00:37:18,360 and go that way. This would stop that because it 709 00:37:18,360 --> 00:37:22,400 wouldn't allow that data to come into the ecosystem and create 710 00:37:22,400 --> 00:37:24,600 that. No more of a line, just a 711 00:37:24,600 --> 00:37:26,800 fractured web. Because now it's like there's 712 00:37:26,800 --> 00:37:30,600 three Jeffs, who are you here? You're the same person. 713 00:37:30,600 --> 00:37:35,760 But it's like, why do I need to have nine accounts, 15 profiles 714 00:37:35,760 --> 00:37:39,640 and SAS application 12245? Just really annoying, right? 715 00:37:40,520 --> 00:37:45,080 I cannot stress enough that your data is the most important piece 716 00:37:45,080 --> 00:37:47,480 of this because without without your data, the event stuff is 717 00:37:47,480 --> 00:37:50,840 just it's more problematic, honestly. 718 00:37:51,880 --> 00:37:55,160 So let's talk about that. Data because I feel like what 719 00:37:55,160 --> 00:37:57,120 the, you know, we're going to find data everywhere. 720 00:37:57,480 --> 00:37:59,040 Like everything is generating data. 721 00:37:59,400 --> 00:38:02,720 Is this a situation where we need to do maybe some internal 722 00:38:02,720 --> 00:38:04,520 cleansing or centralization of it? 723 00:38:04,520 --> 00:38:07,160 And I think, you know, things like the data lakes have been 724 00:38:07,160 --> 00:38:10,840 and probably still are popular. Do you dump everything into sort 725 00:38:10,840 --> 00:38:14,520 of like, hey, here is a central repository of everything that we 726 00:38:14,520 --> 00:38:17,840 want our identity team to do stuff with? 727 00:38:18,280 --> 00:38:20,400 Maybe it's a SIM, or maybe it's something custom. 728 00:38:21,360 --> 00:38:23,480 How? Much of that I don't know. 729 00:38:24,320 --> 00:38:27,720 Cleansing or centralization of data really needs to take place 730 00:38:27,720 --> 00:38:31,240 for this to work. Can I get away with having 810 a 731 00:38:31,240 --> 00:38:36,440 hundred different data sources? In which order do you want me to 732 00:38:36,440 --> 00:38:37,840 answer those questions? Whatever. 733 00:38:37,840 --> 00:38:39,880 Order makes the most sense to make make sense of my 734 00:38:39,880 --> 00:38:42,680 gobbledygook, so. Ian and I talked about this ad 735 00:38:42,800 --> 00:38:47,280 nauseam there. There's a need for a schema. 736 00:38:47,280 --> 00:38:49,440 So that'll be a different conversation for hopefully a 737 00:38:49,440 --> 00:38:53,040 different, a different podcast. But let's just pretend that 738 00:38:53,040 --> 00:38:56,680 there's one out there. The the reason why you want to 739 00:38:56,680 --> 00:39:03,960 centralized this, it's for taxonomy and single pane of 740 00:39:03,960 --> 00:39:06,760 glass. A lot of companies want to get 741 00:39:06,760 --> 00:39:10,320 to the question who has access to what, why and when and who 742 00:39:10,320 --> 00:39:13,200 did it. That is the easiest question to 743 00:39:13,200 --> 00:39:15,680 state and the hardest to answer. I'm sure, Jeff, in your travels 744 00:39:15,680 --> 00:39:18,720 with your client, just like, yeah, everyone wants to get to 745 00:39:18,720 --> 00:39:19,560 that. Yeah. 746 00:39:20,240 --> 00:39:22,000 The. Angel's usually like IGA can do 747 00:39:22,000 --> 00:39:22,720 this. No I can't. 748 00:39:23,400 --> 00:39:25,920 It can, but I can do. Parts of it, but not everything. 749 00:39:26,440 --> 00:39:30,600 Exactly. So how many sources do you pull 750 00:39:30,600 --> 00:39:32,120 in? That is a very that is a very 751 00:39:32,120 --> 00:39:35,440 subjective answer. I would start with separating 752 00:39:35,440 --> 00:39:42,280 identity from HR because the two are not the two are not the same 753 00:39:42,280 --> 00:39:44,040 and they are, they should be treated mutually exclusive. 754 00:39:44,040 --> 00:39:46,520 Because here's a use case for you. 755 00:39:48,520 --> 00:39:52,720 I may have pre hire activity that I have to do that won't put 756 00:39:52,720 --> 00:39:55,080 me into an HR system. So how do you, how do you get 757 00:39:55,080 --> 00:39:57,640 access to those applications? You have to do it from an IAM 758 00:39:57,640 --> 00:39:59,920 context. I got, I got to give you some of 759 00:39:59,920 --> 00:40:02,920 the log in with to access some systems, but you're not, you're 760 00:40:02,920 --> 00:40:05,960 not an HR backed identity yet. You're just like you're Jeff. 761 00:40:06,280 --> 00:40:07,880 You're a guest. I'm sorry for the company. 762 00:40:08,240 --> 00:40:13,280 Yeah, you're you're interested. So that's the first concept is 763 00:40:13,280 --> 00:40:15,320 like, get that right. And that comes back down to how 764 00:40:15,320 --> 00:40:18,680 do you, how do you ingest that? And that that's a four hour 765 00:40:18,680 --> 00:40:20,400 conversation. But again, you could, you could 766 00:40:20,400 --> 00:40:23,200 do proofing verification. You could just have a form Excel 767 00:40:23,200 --> 00:40:24,600 spreadsheet. Don't recommend any of that 768 00:40:24,600 --> 00:40:25,280 stuff. It's bad. 769 00:40:26,640 --> 00:40:32,880 But going identity first solves a lot of a lot of this problem 770 00:40:32,880 --> 00:40:36,560 because this isn't, this isn't a knock on anything in HR. 771 00:40:36,560 --> 00:40:40,880 It's just they don't, they don't fed it like you get a request 772 00:40:40,880 --> 00:40:42,840 and it's like, hey, I'm a hiring manager, hire this person. 773 00:40:42,880 --> 00:40:45,200 Cool, safe. They don't. 774 00:40:45,200 --> 00:40:47,680 They don't check. Well, I don't. 775 00:40:47,760 --> 00:40:51,040 I don't, I don't know if that's fair because I, I feel like, I 776 00:40:51,040 --> 00:40:55,560 feel like our HR people out there do do things like I nines 777 00:40:55,560 --> 00:40:58,400 at least in the US, right? Kind of initial verification, 778 00:40:58,800 --> 00:40:59,880 no? They do I'm. 779 00:40:59,880 --> 00:41:03,440 With you and that it doesn't take place past that first day. 780 00:41:04,000 --> 00:41:05,920 Correct. But let's let's play your your 781 00:41:05,920 --> 00:41:10,720 contract a full time employee case again, I'm converting. 782 00:41:11,760 --> 00:41:14,840 There's take your work days, your SA, PS, your bubble, your, 783 00:41:14,840 --> 00:41:20,120 your, your Bamboo software, the stringent, the stringent 784 00:41:20,120 --> 00:41:22,960 security model you have to have an IAM does not exist in HR 785 00:41:22,960 --> 00:41:25,920 systems because that's getting you into their system to do 786 00:41:25,920 --> 00:41:28,520 their stuff. But if your HR systems get 787 00:41:28,520 --> 00:41:33,680 access to things you've opened up, you'll open up can of worms. 788 00:41:33,680 --> 00:41:39,000 And to your point, it's not fair to say all HR, all HR employees 789 00:41:39,000 --> 00:41:42,640 are all HR workers. Don't don't don't validate or 790 00:41:42,640 --> 00:41:46,840 Fact Check it but talk to practitioners. 791 00:41:48,160 --> 00:41:51,040 They I'm not. It's not a hill I'll die on to 792 00:41:51,040 --> 00:41:53,400 say it's 100% I think. But it's. 793 00:41:53,400 --> 00:41:54,320 Not zero. It's not. 794 00:41:54,320 --> 00:41:56,200 Definitely not zero. I think what typically happens 795 00:41:56,200 --> 00:42:01,120 is especially in this world of changing from a contractor to an 796 00:42:01,120 --> 00:42:05,840 employee, that is sometimes very iffy because a lot of 797 00:42:05,840 --> 00:42:07,800 organizations don't do a good job of tracking their 798 00:42:07,800 --> 00:42:10,560 contractors being with all they're not employees, vendors, 799 00:42:10,560 --> 00:42:12,520 partners, etcetera. People have access to different 800 00:42:12,520 --> 00:42:14,920 things. I think it's gotten better over 801 00:42:14,920 --> 00:42:18,680 the last five years or so as I've been in the consulting biz 802 00:42:18,680 --> 00:42:21,800 for about 9 years now. I've I've seen it improved, but 803 00:42:21,800 --> 00:42:23,600 it's still not where it needs to be. 804 00:42:24,640 --> 00:42:27,120 So my question now becomes, OK, now we're talking about a 805 00:42:27,120 --> 00:42:29,240 business process and I keep going back to the business 806 00:42:29,240 --> 00:42:32,600 process of this and say, OK, whose responsibility is it to 807 00:42:32,600 --> 00:42:38,520 let HR know that, oh, this is a contractor converting to a full 808 00:42:38,520 --> 00:42:42,200 time employee or vice versa? Is it the manager? 809 00:42:42,240 --> 00:42:46,680 Is it the contractor themselves? But what is like, I, I think 810 00:42:46,680 --> 00:42:49,280 there's a, a shared responsibility here for people 811 00:42:49,280 --> 00:42:54,200 who are responsible or have accountability for identity or 812 00:42:54,200 --> 00:42:59,240 person data to have a business process that makes sense and is 813 00:42:59,240 --> 00:43:02,280 livable the real world. And I see organizations do it a 814 00:43:02,280 --> 00:43:03,960 lot of different ways. I don't necessarily I, I don't 815 00:43:03,960 --> 00:43:06,720 think there's like a right way and a wrong, the wrong way to do 816 00:43:06,720 --> 00:43:09,600 it is to not do anything. There's a lot of right ways you 817 00:43:09,600 --> 00:43:12,760 could do it. And I guess you know that that 818 00:43:12,760 --> 00:43:17,200 idea of business process seems like it's such an important part 819 00:43:17,200 --> 00:43:18,520 of this data problem. Yeah, you're right. 820 00:43:18,520 --> 00:43:22,360 I I think it's, it's more about shared responsibility and I 821 00:43:22,360 --> 00:43:26,280 think when you combine HR teams and managers and identity teams, 822 00:43:26,840 --> 00:43:31,640 that's why having both HR context and any context in your 823 00:43:31,640 --> 00:43:37,040 data lake swamp helps to give a feedback loop. 824 00:43:37,040 --> 00:43:39,920 So you should always be pushing back and forth to say, listen, 825 00:43:40,680 --> 00:43:43,200 this looks weird. Is it legit? 826 00:43:43,240 --> 00:43:44,880 Oh, it is OK, cool. We're good to go. 827 00:43:44,880 --> 00:43:47,360 But it's, it's always good to have like a reconciliation or a 828 00:43:47,360 --> 00:43:49,320 feedback loop in any data platform. 829 00:43:49,480 --> 00:43:53,120 It's actually one O 1 by building data platform. 830 00:43:53,120 --> 00:43:54,880 So. Well, I'd say it, but there's a 831 00:43:54,880 --> 00:43:57,720 lot of one-on-one that needs to maybe take place for for data 832 00:43:57,720 --> 00:44:00,480 for a lot of companies. I know there were some other 833 00:44:00,480 --> 00:44:02,800 things you wanted to bring up. We haven't really talked about 834 00:44:02,800 --> 00:44:04,800 things like sessions and and things like that. 835 00:44:04,800 --> 00:44:07,560 But what else is important here that people should be thinking 836 00:44:07,560 --> 00:44:08,440 about? Yeah. 837 00:44:08,440 --> 00:44:11,240 So it's it's more of the, it's more of the continuous aspect. 838 00:44:11,240 --> 00:44:13,760 So I want to get into like session management and access 839 00:44:13,760 --> 00:44:15,920 management. So let's say for example, that 840 00:44:17,440 --> 00:44:21,800 you're valuing some context and you have you're pulling in 841 00:44:21,800 --> 00:44:25,960 endpoint logs or you're pulling in device logs from pick your 842 00:44:25,960 --> 00:44:27,200 vendor, pick your vendor of choice. 843 00:44:28,880 --> 00:44:34,080 This is the whole problem of like some really big companies 844 00:44:34,080 --> 00:44:36,480 that are in the news for security incidents that happened 845 00:44:36,480 --> 00:44:39,040 then like he could very keep his very, very high level. 846 00:44:41,680 --> 00:44:45,800 When you have context coming into your fabric and you, you 847 00:44:45,800 --> 00:44:48,120 know that something looks that looks anomalous, you now have 848 00:44:48,120 --> 00:44:49,800 the ability to start revoking sessions. 849 00:44:50,400 --> 00:44:52,440 Now is it just like, oh, put this into a data lake and it 850 00:44:52,440 --> 00:44:53,560 magically happens? No. 851 00:44:54,040 --> 00:44:57,040 But this comes back down to like all of your IM systems become 852 00:44:57,040 --> 00:45:02,120 appliances to help you orchestrate session management. 853 00:45:02,120 --> 00:45:07,320 So an example, if I know you continually come in from North 854 00:45:07,320 --> 00:45:09,880 Carolina on an Apple device, it's you. 855 00:45:10,800 --> 00:45:14,120 But if I see you all of a sudden coming in from Nebraska, Texas, 856 00:45:15,120 --> 00:45:20,240 you travel a lot. OK, But ordinarily same, same, 857 00:45:20,240 --> 00:45:24,040 same things. But what this gives you is 858 00:45:25,040 --> 00:45:28,600 session manager at scale, which is very hard to solve it in in 859 00:45:28,640 --> 00:45:30,440 in identity right now. So that that's that's one 860 00:45:30,440 --> 00:45:32,720 example that I think is tantamount. 861 00:45:33,360 --> 00:45:38,880 What is what another another good, important one is I'm going 862 00:45:38,880 --> 00:45:40,880 to say identity management. And what does that mean? 863 00:45:41,080 --> 00:45:44,360 So not only can I not only can I can I, can I revoke things, but 864 00:45:44,360 --> 00:45:46,440 this is going into like the Cape ish things. 865 00:45:46,440 --> 00:45:50,200 But if I know that you're constantly under under attack, 866 00:45:50,200 --> 00:45:52,720 like everyone's going after Jeff because he has privileged access 867 00:45:52,720 --> 00:45:55,800 to a ton to a ton of stuff and they're spraying it across the 868 00:45:55,800 --> 00:45:59,080 board. And let's say forbid someone 869 00:45:59,080 --> 00:46:01,480 grabs your session has your token and they're just going 870 00:46:01,480 --> 00:46:04,760 after all your apps. Not only can I revoke it, but 871 00:46:04,760 --> 00:46:06,240 now I can be like, oh, there's a pattern here. 872 00:46:06,240 --> 00:46:08,040 There's a behavioral pattern that they're going after this. 873 00:46:08,440 --> 00:46:11,360 I now can turn your accounts off, revoke your access. 874 00:46:11,880 --> 00:46:14,440 I can call your IGA platform and start revoking all your roles 875 00:46:14,440 --> 00:46:17,560 and entitlements to keep, to keep the company safe and keep 876 00:46:17,560 --> 00:46:21,000 you safe because you may have not done it knowingly, right? 877 00:46:22,280 --> 00:46:24,640 So there's access management pieces to this in the, in the 878 00:46:24,640 --> 00:46:31,720 continuous aspect where it, the, the data fabric, the ingest of 879 00:46:31,720 --> 00:46:36,560 data signals gets you more secure, but it also gives you 880 00:46:36,560 --> 00:46:38,240 the ability to start being dynamic. 881 00:46:38,240 --> 00:46:42,280 And this is Jeff. We'll just use Jim because he's 882 00:46:42,280 --> 00:46:44,120 he's out here. So sorry, Jim. 883 00:46:45,120 --> 00:46:49,680 Jeff and Jim are of like roles when you have a data lake and 884 00:46:49,680 --> 00:46:53,440 you collect like Jeff's a manager, Jim's a manager. 885 00:46:54,320 --> 00:46:57,560 Why do you have access to 500 system that he has five Who's 886 00:46:57,560 --> 00:47:00,160 right, who's wrong? So now you get to actually go 887 00:47:00,160 --> 00:47:02,320 look at this from from from an analyst standpoint and be 888 00:47:02,520 --> 00:47:05,800 proactive to say, do we have roll drift here? 889 00:47:05,800 --> 00:47:09,120 Is this right or is this wrong? And then you actually can using 890 00:47:09,120 --> 00:47:12,840 this framework, act on it and say, please do this. 891 00:47:12,840 --> 00:47:15,640 And then when I'm saying way the magic wand, I'm those of you who 892 00:47:15,640 --> 00:47:20,160 are listening on podcast, I'm waving my hand across right now. 893 00:47:20,160 --> 00:47:23,720 You can use your ID, PS, your ID, your ID platform to say, 894 00:47:24,000 --> 00:47:27,240 remove them from Group A Group B, remove them from this role, 895 00:47:27,280 --> 00:47:30,080 remove, remove these applications. 896 00:47:30,760 --> 00:47:32,400 So we're getting towards more event driven. 897 00:47:32,400 --> 00:47:36,240 So when you have an HR signal that changes that says Jeff has 898 00:47:36,240 --> 00:47:39,520 went from engineer one to manager, guess what? 899 00:47:39,520 --> 00:47:43,320 You've lost your GitHub reply access, your confluence, your 900 00:47:43,320 --> 00:47:46,280 lassie and stuff. This is policy now. 901 00:47:46,360 --> 00:47:48,320 Now you could drive this to a policy framework. 902 00:47:48,320 --> 00:47:49,760 So this is gets even more interesting now. 903 00:47:49,760 --> 00:47:51,760 So this is where auditing comes into play. 904 00:47:53,520 --> 00:47:55,840 You're no longer doing user access reviews. 905 00:47:56,440 --> 00:48:01,760 Your policy states that any manager in this company is 906 00:48:01,760 --> 00:48:04,160 baseline access, any engineers baseline access. 907 00:48:04,160 --> 00:48:07,880 So if I have an event that comes in and says event went, I'm 908 00:48:07,880 --> 00:48:13,160 sorry, job title went from an engineer to manager policy 909 00:48:13,160 --> 00:48:15,840 happens now when your auditors come in and say I want to 910 00:48:15,840 --> 00:48:18,360 evaluate user access usually like you don't have to here's 911 00:48:18,360 --> 00:48:22,960 the policy and you want audit logs, insert vendor insert 912 00:48:22,960 --> 00:48:24,800 thing. Here you go here, here, here, 913 00:48:24,800 --> 00:48:28,280 your auto logs. Not only does this revolutionize 914 00:48:28,280 --> 00:48:30,680 things, but it actually drives costs down from an auditing 915 00:48:30,680 --> 00:48:32,840 standpoint. I mean, the the big four, maybe 916 00:48:32,840 --> 00:48:36,800 like the big four will have to probably change how they audit 917 00:48:36,800 --> 00:48:39,800 some things, but it should make it easier all along. 918 00:48:39,800 --> 00:48:42,760 Because if you, if you have a policy that states these four 919 00:48:42,760 --> 00:48:45,200 things, these four things, that's more binary. 920 00:48:45,880 --> 00:48:48,080 Is everything going to fit into this puzzle? 921 00:48:48,200 --> 00:48:54,400 No, absolutely not. Is the 80% we hope shrug 922 00:48:54,400 --> 00:48:58,120 question mark. But I, I do, I can't say it 923 00:48:58,120 --> 00:49:02,520 enough that identity management and session management access 924 00:49:02,520 --> 00:49:05,520 it's, it's I purposely couple identity management and access 925 00:49:05,520 --> 00:49:08,360 management as different things because one's behavioral and 926 00:49:08,360 --> 00:49:13,320 one's data-driven. I, I think it's this is changing 927 00:49:13,320 --> 00:49:16,960 how we're going to do our jobs at in identity. 928 00:49:17,240 --> 00:49:19,720 I really do. Well, I think it it'll 929 00:49:19,720 --> 00:49:22,240 definitely change the way auditors need to look at it. 930 00:49:22,280 --> 00:49:24,240 And I think this is some education will probably need to 931 00:49:24,240 --> 00:49:27,920 take place by identity teams out there to say here's how this 932 00:49:27,920 --> 00:49:30,160 thing works. You know, they're going to want 933 00:49:30,160 --> 00:49:33,320 proof and you know, isn't working the way the system is 934 00:49:33,320 --> 00:49:35,240 designed, right documentation and all that. 935 00:49:35,240 --> 00:49:38,440 And there's probably a break in period where, you know, they're 936 00:49:38,440 --> 00:49:42,080 probably going to look at a little bit harder or weirder as, 937 00:49:42,120 --> 00:49:43,240 as they get more comfortable with it. 938 00:49:43,240 --> 00:49:46,760 But as, as it becomes more commonplace, then identity teams 939 00:49:46,760 --> 00:49:48,320 are able to demonstrate that, look, it does work. 940 00:49:48,560 --> 00:49:51,640 We do have a policy. Here's how the policy works and 941 00:49:51,640 --> 00:49:55,120 how the configurations work. And that comfortability grows. 942 00:49:55,120 --> 00:49:58,040 It'll become a lot easier, I think for for auditors to look 943 00:49:58,040 --> 00:50:00,440 at it and. What you can and and you make 944 00:50:00,440 --> 00:50:01,880 you make a great point. You made me think about 945 00:50:01,880 --> 00:50:03,760 something to that one and I wanted to touch on it. 946 00:50:03,760 --> 00:50:10,680 It's a zero touch principle. I love Wendy and said this and 947 00:50:10,680 --> 00:50:12,560 he always takes the contrary viewpoint, which is which is 948 00:50:12,560 --> 00:50:14,880 great. At least privilege is a lie. 949 00:50:15,200 --> 00:50:17,520 I am, I'm a, I'm a believer of that. 950 00:50:17,520 --> 00:50:19,240 I know we've talked about that ad nauseam. 951 00:50:23,800 --> 00:50:28,000 When implemented the right way, purchased, implemented, built, 952 00:50:28,000 --> 00:50:33,760 purchased hybrid of things, you kind of get 0 standing privilege 953 00:50:33,760 --> 00:50:35,800 for some aspects of things. Let me explain what that means. 954 00:50:37,000 --> 00:50:40,360 You have this data fabric of HR signals and contact signals. 955 00:50:40,360 --> 00:50:43,960 I want to say you, you do change management right now. 956 00:50:43,960 --> 00:50:46,400 You can start taking your most targeted system and let's take 957 00:50:46,400 --> 00:50:50,480 the the most beloved cloud provider that has the the most 958 00:50:50,520 --> 00:50:53,320 target in most companies, which is AWS, right? 959 00:50:54,480 --> 00:50:56,800 I gave a talk about this at at identifiers last year. 960 00:50:58,480 --> 00:51:04,120 You now can take authorization with context that says Sean does 961 00:51:04,120 --> 00:51:07,120 not need this access. Sean is an engineer, he should 962 00:51:07,120 --> 00:51:08,280 have access. Awesome. 963 00:51:08,360 --> 00:51:12,520 That's one guardrail. Do I need it on Saturday at 8:00 964 00:51:12,520 --> 00:51:15,120 PM at 9:00 AM? Maybe, maybe not. 965 00:51:15,560 --> 00:51:19,440 How do I know that you use things like Salesforce, whatever 966 00:51:19,440 --> 00:51:23,840 ticket system you want to use, ServiceNow, Jira, GitHub, take 967 00:51:23,840 --> 00:51:28,200 your pick, right When you have that additional context on your 968 00:51:28,200 --> 00:51:31,160 fabric that says Sean is an engineer that has an open thing 969 00:51:31,160 --> 00:51:35,000 attached to him, I'm, I'm going to be granting him AWS access 970 00:51:35,000 --> 00:51:36,200 for this ephemeral period of time. 971 00:51:37,000 --> 00:51:38,560 Great. So you just minimize your 972 00:51:38,560 --> 00:51:40,240 footprint. You haven't really destroyed a 973 00:51:40,240 --> 00:51:43,120 user experience. You should have proper change 974 00:51:43,120 --> 00:51:44,960 management in place for production system that connects 975 00:51:44,960 --> 00:51:46,640 do that could do financial harmful company. 976 00:51:47,840 --> 00:51:50,160 That's your business. All right, there is we need this 977 00:51:50,160 --> 00:51:52,800 for security, but it's also not going to it's actually going to 978 00:51:52,800 --> 00:51:55,440 improve user experience if you, if you think about it, because 979 00:51:58,400 --> 00:52:01,800 you're still going to be able to to apply provisioning aspects to 980 00:52:01,800 --> 00:52:08,000 this with security mindset. So I just gave you a zero trust 981 00:52:08,000 --> 00:52:10,360 principle, but with provisioning, it's the it's the 982 00:52:10,360 --> 00:52:12,760 same concept. Shawn's been proofed. 983 00:52:12,960 --> 00:52:15,520 He got hired. Here's your policy. 984 00:52:15,520 --> 00:52:18,120 Shawn's an engineer. He should have access to GitHub, 985 00:52:18,120 --> 00:52:21,320 GitLab, take your shoe to short of of systems. 986 00:52:22,760 --> 00:52:25,360 That doesn't mean I'm granted access to every, every project 987 00:52:25,360 --> 00:52:26,960 in there. It means that I can get into it. 988 00:52:27,080 --> 00:52:30,360 Great, now what? OK, now I'm working with team 989 00:52:30,360 --> 00:52:34,080 A-Team B, Team C OK, I have a jury item associated to me. 990 00:52:34,080 --> 00:52:38,080 I can now grant you really granular access to the to those 991 00:52:38,080 --> 00:52:44,120 platforms based on a task or a just in time approach to me as a 992 00:52:44,120 --> 00:52:48,320 practitioner, I love that because you don't get that call 993 00:52:48,320 --> 00:52:54,240 saying like, hey, Saturday, I need to know what so and so had 994 00:52:54,240 --> 00:52:56,440 access to. It's so and so point in time 995 00:52:56,440 --> 00:53:01,680 because so and so hit that accept that MFA prompt like, 996 00:53:01,800 --> 00:53:03,480 Dang, I hate we'd be able to keep people keep doing that, 997 00:53:03,480 --> 00:53:05,640 right? But that's the security side of 998 00:53:05,640 --> 00:53:07,680 me. But there's also business value 999 00:53:07,680 --> 00:53:11,920 here where provisioning in this gets more real time versus like 1000 00:53:12,880 --> 00:53:16,960 see you in two weeks, see you in a week, wait for a device, wait 1001 00:53:16,960 --> 00:53:20,520 for an e-mail where event driven gets you both business 1002 00:53:20,520 --> 00:53:24,480 procurement quicker, better security, better access 1003 00:53:24,480 --> 00:53:27,120 management in, in better session management. 1004 00:53:27,320 --> 00:53:30,840 So to me, it's the, it's the, I want to say trifecta, but it's 1005 00:53:30,840 --> 00:53:32,240 wrong because there's five things there. 1006 00:53:32,240 --> 00:53:35,680 So 5 facta if you will, I mean. Quinfecta. 1007 00:53:35,680 --> 00:53:37,040 Is that a quinfecta? That's right, yeah. 1008 00:53:37,840 --> 00:53:39,360 Penfecta, if you will. Penfecta. 1009 00:53:40,800 --> 00:53:45,040 This smells a lot like 0 standing privileges to me, which 1010 00:53:45,560 --> 00:53:48,800 to me and, and, and shout out to John Morton, who opened my eyes 1011 00:53:48,800 --> 00:53:51,040 up to this a couple years ago when I when we first met. 1012 00:53:51,560 --> 00:53:55,280 But this is kind of like the the Holy Grail almost for 1013 00:53:55,600 --> 00:53:58,920 authentication authorization, where people are walking around 1014 00:53:58,920 --> 00:54:03,080 and they have this ephemeral access where they only need it 1015 00:54:03,200 --> 00:54:05,560 and the point in time that they need it and then it goes away. 1016 00:54:05,800 --> 00:54:09,160 And then right, you know, super secure if account gets popped. 1017 00:54:09,320 --> 00:54:12,800 It's less about authentication, it's more about authorization. 1018 00:54:13,520 --> 00:54:18,120 I I said it at at my talk. Take, take my session, have it. 1019 00:54:18,120 --> 00:54:21,240 I don't care. I mean, I not really, but like 1020 00:54:21,240 --> 00:54:24,320 I'm saying, you can have it. That isn't the attack point 1021 00:54:24,320 --> 00:54:25,920 anymore. Like you can go after and go 1022 00:54:25,920 --> 00:54:31,240 after my session hijack it. OK, have fun, have Syria menu 1023 00:54:31,360 --> 00:54:35,040 but talk talk. Elsewhere, and you're using 1024 00:54:35,040 --> 00:54:36,920 shared signals framework and you're taking advantage of 1025 00:54:36,920 --> 00:54:40,280 things like that and Cape and interop between all these 1026 00:54:40,280 --> 00:54:43,200 different tools, right? They've, they've signed on and 1027 00:54:43,200 --> 00:54:44,880 now their tools are capable of it. 1028 00:54:45,120 --> 00:54:48,960 Can you imagine, right? It's almost like identity 2 1029 00:54:48,960 --> 00:54:51,240 point O or three-point O or whatever phase we want to call 1030 00:54:51,240 --> 00:54:53,640 it, right? It's like, OK, this is I love. 1031 00:54:53,880 --> 00:54:55,480 What you're talking about? I. 1032 00:54:55,520 --> 00:54:57,480 Love what you call it that because I was actually, I had a 1033 00:54:57,480 --> 00:55:00,560 conversation with a couple of people about it and I'm like, is 1034 00:55:00,560 --> 00:55:02,760 it continuous? I am or is it identity 2.0? 1035 00:55:02,880 --> 00:55:04,720 They're like too soon, too. Soon. 1036 00:55:04,720 --> 00:55:06,080 Yeah, it's too soon. We got to wait. 1037 00:55:06,080 --> 00:55:07,680 It's got. All I know is it's got to have a 1038 00:55:07,680 --> 00:55:10,520 cool acronym. That's the most important thing. 1039 00:55:10,560 --> 00:55:11,800 And then we'll figure out the name. 1040 00:55:11,800 --> 00:55:13,640 So we need to come up with the acronym first and then we'll 1041 00:55:13,640 --> 00:55:16,840 figure out what to call it. Exactly. 1042 00:55:18,760 --> 00:55:21,000 Let's see, I feel we covered a lot of ground. 1043 00:55:21,200 --> 00:55:23,600 I'm sure we missed something or I'm not thinking of something. 1044 00:55:23,600 --> 00:55:25,520 Is there anything else that you want to bring up to the table 1045 00:55:25,520 --> 00:55:26,480 now? Because I know you're going to 1046 00:55:26,480 --> 00:55:29,080 have maybe, probably more conversations about this 1047 00:55:29,080 --> 00:55:32,480 Identiverse and it's too much to cover in a 45 minute or an hour 1048 00:55:32,480 --> 00:55:33,360 episode. Oh yeah. 1049 00:55:33,600 --> 00:55:36,680 Yeah, there's going to be a 2 hour workshop at Identiverse. 1050 00:55:36,680 --> 00:55:38,480 I highly encourage you to go to the site, check it out. 1051 00:55:39,640 --> 00:55:43,400 Might be running it. I'll know later in February, 1052 00:55:44,320 --> 00:55:48,560 maybe given talks if if I'm if I'm chosen by the the board, 1053 00:55:48,560 --> 00:55:51,720 which is great. I do want to end on like, you 1054 00:55:51,720 --> 00:55:55,480 know, we never really covered like define what continuous IAM 1055 00:55:55,480 --> 00:55:57,760 is or continuous identity. And I just want to give a very 1056 00:55:58,120 --> 00:56:01,000 blanket statement that way you people are like, this is great. 1057 00:56:01,200 --> 00:56:03,760 Give me a sentence that I can go back and say this is what this 1058 00:56:03,760 --> 00:56:07,320 thing, this thing is so, so continuous identity thing is I 1059 00:56:07,320 --> 00:56:12,280 am used and used interchangeably is the ability to apply controls 1060 00:56:13,440 --> 00:56:17,600 to an existing identity based session utilizing signals 1061 00:56:18,160 --> 00:56:20,200 received and processed by your fabric. 1062 00:56:20,240 --> 00:56:23,240 Fabric is very nabulous term, but it could be like your data 1063 00:56:23,240 --> 00:56:26,040 lake or in your or your orchestration layer. 1064 00:56:26,040 --> 00:56:29,720 But essentially that's what this is and you're building a 1065 00:56:29,720 --> 00:56:32,840 foundation to get to real time and continuous and event driven 1066 00:56:32,840 --> 00:56:35,960 things. And you're right, Jeff, we 1067 00:56:35,960 --> 00:56:39,240 covered a lot. I think it's almost like sensory 1068 00:56:39,240 --> 00:56:42,960 overload, but it's a lot, a lot to think about. 1069 00:56:43,680 --> 00:56:46,680 I'm open on LinkedIn questions. Hit me up. 1070 00:56:46,720 --> 00:56:49,320 I'm I love talking about it so doesn't bother me at all. 1071 00:56:51,000 --> 00:56:52,640 All right, let's end on a lighter note here. 1072 00:56:53,320 --> 00:56:56,560 Jim and I were very fortunate to be at the Gartner conference at 1073 00:56:56,560 --> 00:57:00,360 the end of 2024 and turnabout is fair play. 1074 00:57:01,080 --> 00:57:05,200 Our friend Rebecca Archambault invited us on stage to interview 1075 00:57:05,200 --> 00:57:07,800 us, which is really a shoe on the other foot because we did 1076 00:57:07,800 --> 00:57:11,360 that to her and Henrique Teixeira when we were when he 1077 00:57:11,360 --> 00:57:13,520 was with Gartner, I think two years ago at this point. 1078 00:57:14,120 --> 00:57:16,400 And so we had this conversation kind of, you know, learn more 1079 00:57:16,400 --> 00:57:19,120 about kind of like what do we do in the podcast and some of the 1080 00:57:19,120 --> 00:57:21,760 interesting stories we had. So it was like one of the last 1081 00:57:21,760 --> 00:57:24,320 sessions of the event. So thank you for all the people 1082 00:57:24,320 --> 00:57:26,320 who showed up for that. And I think we had a really good 1083 00:57:26,440 --> 00:57:29,600 kind of fun discussion. One of my favorite things that 1084 00:57:29,600 --> 00:57:32,320 I've introduced to the show over the years has been this lighter 1085 00:57:32,320 --> 00:57:37,320 note because it gets me, it lets me ask really challenging, 1086 00:57:37,360 --> 00:57:39,760 interesting questions. And this is one that I brought 1087 00:57:39,760 --> 00:57:41,760 up to the audience and I brought it up before in the show. 1088 00:57:42,600 --> 00:57:46,200 And so, Sean, I'm going to ask you, this is a profound question 1089 00:57:46,200 --> 00:57:50,480 of if you were a potato, how would you want to be prepared? 1090 00:57:50,600 --> 00:57:54,400 Initial thought is not like Mark Watney on The Martian. 1091 00:57:55,480 --> 00:57:59,000 OK, but bad. So don't don't like that so. 1092 00:57:59,000 --> 00:58:01,760 There's a couple ways you can take this, and I and I shared my 1093 00:58:02,320 --> 00:58:04,280 my thoughts on this with the audience of Gartner. 1094 00:58:04,280 --> 00:58:10,000 But do you take it with the idea of, oh, what's delicious right 1095 00:58:10,000 --> 00:58:11,520 in your mind? Like what's your favorite style 1096 00:58:11,520 --> 00:58:15,600 of potato when you eat them? Or do you take the gym route, 1097 00:58:15,760 --> 00:58:19,760 which is an, and Jim, Jim McDonald as in like, like, oh, 1098 00:58:20,560 --> 00:58:23,360 is he thinks about it from a pain perspective. 1099 00:58:23,360 --> 00:58:27,200 What is going to be the least painful way to go as a potato? 1100 00:58:28,400 --> 00:58:31,480 And there's there's other very variations on that, but those 1101 00:58:31,480 --> 00:58:33,280 seem to be the two most common. Yeah. 1102 00:58:36,280 --> 00:58:38,840 I was thinking raw, but that's not how you serve potatoes 1103 00:58:38,840 --> 00:58:40,720 because Melanie's raw potato. This is not happening. 1104 00:58:43,640 --> 00:58:46,040 Somebody out there the The Raw Potato gang is getting ready to 1105 00:58:46,040 --> 00:58:48,560 send you a bunch of DMS and and messages on LinkedIn. 1106 00:58:49,960 --> 00:58:57,840 I'm, I'm almost leaning towards loaded or mashed and I, I think 1107 00:58:57,840 --> 00:59:01,360 I'm going to go with mashed because it is the most 1108 00:59:01,360 --> 00:59:02,840 delicious. I love mashed potatoes. 1109 00:59:02,880 --> 00:59:07,120 I am, I love potatoes. So butter cream potato. 1110 00:59:07,120 --> 00:59:08,920 It's the simplest thing. It goes with anything. 1111 00:59:08,920 --> 00:59:11,600 It it, it goes well with all the, all the, all the things and 1112 00:59:11,600 --> 00:59:13,440 it blends well. So and. 1113 00:59:13,800 --> 00:59:15,960 Eat just that and have sustenance. 1114 00:59:16,960 --> 00:59:19,240 Potato the perfect food. I don't know, maybe that's our 1115 00:59:19,240 --> 00:59:21,440 next our next podcast episode also. 1116 00:59:21,440 --> 00:59:23,760 Because my kid loves potatoes, so he's like potato. 1117 00:59:23,760 --> 00:59:26,640 I'm like, OK, we're good. I mean, it's, it's hard to beat 1118 00:59:26,640 --> 00:59:29,360 a McDonald's French fry. I feel like when it's prepared 1119 00:59:29,360 --> 00:59:32,840 and fresh, that's really good. I'm an all gratin person myself, 1120 00:59:32,840 --> 00:59:36,720 so I have like kind of a cheesy potato, you know, experience as 1121 00:59:36,720 --> 00:59:39,720 I'll call it. Hash Browns are really good. 1122 00:59:39,720 --> 00:59:42,960 A nice crispy hash brown. I mean, yeah, I could go on and 1123 00:59:42,960 --> 00:59:44,640 on for hours. Maybe we'll make it potato at 1124 00:59:44,640 --> 00:59:47,240 the center. At some point, potato at the 1125 00:59:47,240 --> 00:59:48,200 center. That's funny. 1126 00:59:49,280 --> 00:59:51,120 All right, well, you're hungry. I'm hungry. 1127 00:59:51,280 --> 00:59:52,440 We've been talking to you for a bit. 1128 00:59:52,440 --> 00:59:54,400 I do appreciate coming back. I'm looking forward to seeing 1129 00:59:54,400 --> 00:59:58,840 you at Universe Away this year. And congratulations on the new 1130 00:59:58,840 --> 01:00:02,680 addition to the family. And again, very cool setup you 1131 01:00:02,680 --> 01:00:04,760 got behind you. So if you're listening to this, 1132 01:00:04,760 --> 01:00:07,120 hop on over to the YouTube channel and take a look at 1133 01:00:07,480 --> 01:00:10,800 Sean's background. It's rife with Star Wars stuff, 1134 01:00:10,800 --> 01:00:13,000 which is super cool. Thanks, we'll go. 1135 01:00:13,040 --> 01:00:15,680 Ahead and leave it there for this week as I mentioned, I'll 1136 01:00:15,680 --> 01:00:18,360 have links in the show notes for your LinkedIn profile. 1137 01:00:18,360 --> 01:00:23,200 Sean also have linked for our discount for EIC again ID AC25, 1138 01:00:23,360 --> 01:00:26,800 MKO. What else links to Jim and I 1139 01:00:26,920 --> 01:00:29,480 and. Yeah, like. 1140 01:00:29,480 --> 01:00:33,760 Subscribe to all that fun things that are great for social and 1141 01:00:33,800 --> 01:00:35,160 share it with friends and enemies. 1142 01:00:35,160 --> 01:00:38,160 I don't care who you share it with as long as they listen and 1143 01:00:38,160 --> 01:00:40,280 or watch. So go ahead and leave it. 1144 01:00:40,520 --> 01:00:43,040 Thanks everybody for watching and are listening and we'll talk 1145 01:00:43,040 --> 01:00:47,480 with you all in the next one. You've been listening to 1146 01:00:47,480 --> 01:00:51,400 Identity at the Center. We hope you've enjoyed the show. 1147 01:00:51,600 --> 01:00:55,680 Make sure to like, rate and review, and we'll be back soon. 1148 01:00:55,960 --> 01:00:58,240 But in the meantime, hit the website at 1149 01:00:58,240 --> 01:01:04,560 identity@thecenter.com. See you next time on Identity at 1150 01:01:04,560 --> 01:01:05,480 the Center.