1 00:00:04,720 --> 00:00:10,960 This is identity at the center. Welcome to the Identity at the 2 00:00:10,960 --> 00:00:12,720 Center podcast. I'm Jeff, and that's Jim. 3 00:00:12,720 --> 00:00:14,880 Hey, Jim. Hey, Jeff, how are you? 4 00:00:15,320 --> 00:00:19,040 Oh, not so bad yourself. I'm good live from South Dakota. 5 00:00:19,080 --> 00:00:21,320 Jim McDonald. Yeah, you've been making a cross 6 00:00:21,320 --> 00:00:24,480 country move the last couple weeks here, so hopefully things 7 00:00:24,480 --> 00:00:27,200 are going well. Going well enough, we'll see you 8 00:00:27,200 --> 00:00:30,080 for one of our banter episodes and I'll get into it. 9 00:00:30,400 --> 00:00:32,560 Yeah, people love the banter, but that is not today. 10 00:00:32,640 --> 00:00:35,840 Today is all about P0. So we've got a sponsored episode 11 00:00:36,160 --> 00:00:38,640 and so we are going to invite our guests on here in a second. 12 00:00:38,640 --> 00:00:40,360 But just to make it clear, right, this is a sponsored 13 00:00:40,360 --> 00:00:41,960 episode. We do these from time to time. 14 00:00:42,440 --> 00:00:45,400 Let's just get a little more, you know, product specific. 15 00:00:45,440 --> 00:00:48,120 I would say most of our episodes are more vendor neutral and we 16 00:00:48,200 --> 00:00:51,040 we generally don't have vendors on those episodes, but this 17 00:00:51,040 --> 00:00:52,120 gives an opportunity to learn more. 18 00:00:52,120 --> 00:00:54,320 And this is 1 I think a lot of people will want to hear about. 19 00:00:54,320 --> 00:00:57,600 So let me go ahead and introduce P0 Security. 20 00:00:57,600 --> 00:01:01,440 You can find them on the web at P0 dot dev slash IDAC And we've 21 00:01:01,440 --> 00:01:04,879 got their CEO and founder, Sheshwat Sagal. 22 00:01:04,879 --> 00:01:06,600 So welcome to the show, Sheshwat. 23 00:01:07,480 --> 00:01:08,760 Thanks chef. How are you? 24 00:01:09,560 --> 00:01:12,440 I'm good. It's a little bit warm here, but 25 00:01:12,440 --> 00:01:15,400 I'm inside and as as we're chatting before we hit record, I 26 00:01:15,400 --> 00:01:18,400 am very much an indoor cat. So I am totally fine in my, you 27 00:01:18,400 --> 00:01:21,360 know, air conditioned, you know, home studio, office, things like 28 00:01:21,360 --> 00:01:22,760 that. So hopefully things are going 29 00:01:22,760 --> 00:01:25,040 well for you as well. Yeah, no complaints. 30 00:01:25,040 --> 00:01:27,880 It's right at the start of the California, some of the best 31 00:01:27,880 --> 00:01:30,720 time to, to, to be living out here. 32 00:01:30,720 --> 00:01:34,400 Not that other times are any different, but my definitely my 33 00:01:34,400 --> 00:01:36,360 personal favorite time of the year. 34 00:01:37,200 --> 00:01:39,000 Yeah, it's tough to beat California weather. 35 00:01:39,040 --> 00:01:41,480 It's it's it's generally pretty darn good. 36 00:01:41,480 --> 00:01:44,160 So yeah, congratulations and thank you for making me envious. 37 00:01:44,160 --> 00:01:45,800 And I'm sure a lot of people listening who are either 38 00:01:45,920 --> 00:01:48,200 sweltering in the heat that has been gripping, you know, a lot 39 00:01:48,200 --> 00:01:50,400 of the the US or around the world or whatever. 40 00:01:50,400 --> 00:01:53,160 Maybe. But let's find out about your 41 00:01:53,160 --> 00:01:54,920 identity background. So the first time we have people 42 00:01:54,920 --> 00:01:57,040 on, we just like to find out where they came from, you know, 43 00:01:57,040 --> 00:01:59,400 from an identity perspective. So we're going to put you on the 44 00:01:59,400 --> 00:02:01,520 hot seat here and say, how did you get an identity? 45 00:02:01,520 --> 00:02:03,800 Is it something that you chose or did it choose you? 46 00:02:05,200 --> 00:02:08,840 Oh, great question. I'd say a bit of the latter. 47 00:02:11,280 --> 00:02:16,720 So I have been in engineering and R&D and product roles for 48 00:02:16,720 --> 00:02:22,440 the vast majority of my career and the the mid 2000, mid tier 49 00:02:22,440 --> 00:02:26,000 2000 tens were a very interesting time to be building 50 00:02:26,000 --> 00:02:28,720 products out in the Bay Area. Why do I say that? 51 00:02:29,040 --> 00:02:35,000 It's, it was a time where as you all know, cloud native 52 00:02:35,000 --> 00:02:37,280 development was, was going mainstream. 53 00:02:37,680 --> 00:02:41,920 Everyone was, was either moving to the cloud or if they started 54 00:02:41,920 --> 00:02:44,480 on to the within the cloud, if they were cloud native, they 55 00:02:44,480 --> 00:02:48,720 were experimenting with cloud native technologies and 56 00:02:48,720 --> 00:02:51,720 infrastructure like Kubernetes and various databases and such, 57 00:02:52,320 --> 00:02:57,840 right? And I built a variety of 58 00:02:58,040 --> 00:03:01,080 products across different spaces. 59 00:03:01,800 --> 00:03:08,560 And the commonality in every one of those roles was that as 60 00:03:09,120 --> 00:03:12,400 development, as application development, as engineering 61 00:03:12,400 --> 00:03:17,440 became more and more cloud native, the, the problem of 62 00:03:17,440 --> 00:03:21,560 securing who has access to the, to the privileged resources 63 00:03:22,080 --> 00:03:27,960 became kept getting more and more complex until it hit, you 64 00:03:27,960 --> 00:03:29,400 know, what I believe as a breaking point. 65 00:03:29,960 --> 00:03:34,200 And, and, and what I mean by that is that the old tools, the, 66 00:03:34,480 --> 00:03:37,520 the, the tools that are managing privileged access, which all of 67 00:03:37,520 --> 00:03:40,560 us are familiar with, you know, the, the, the, the legacy tools, 68 00:03:40,560 --> 00:03:45,200 which I like to believe used to manage walls and secrets, right? 69 00:03:45,200 --> 00:03:50,960 They were not built for an environment where privileged 70 00:03:50,960 --> 00:03:53,840 access meant access in the cloud. 71 00:03:54,560 --> 00:03:58,360 And we saw this gap and we saw it becoming worse, you know, the 72 00:03:58,440 --> 00:04:00,760 the problem becoming bigger and bigger and bigger. 73 00:04:01,080 --> 00:04:03,760 And that's when I decided to start P0 with S my colleagues. 74 00:04:04,240 --> 00:04:06,160 And Fast forward three years, here we are. 75 00:04:07,480 --> 00:04:09,680 So you had kind of a personal investment here, right, of 76 00:04:09,720 --> 00:04:11,720 seeing this problem first hand with some of the roles you had 77 00:04:11,720 --> 00:04:14,440 before. How do you solve that? 78 00:04:14,440 --> 00:04:17,880 So let's let's talk about P0 kind of upfront is tell us about 79 00:04:17,880 --> 00:04:22,200 P0 and then what are some of the capabilities that you bring to 80 00:04:22,200 --> 00:04:24,240 address those problems that you've just talked about? 81 00:04:24,840 --> 00:04:28,080 Great question. So let me back up a little bit 82 00:04:28,080 --> 00:04:32,600 and talk about the broader space that we play in and how that has 83 00:04:32,600 --> 00:04:35,720 evolved over the years. And then maybe that'll be a good 84 00:04:35,720 --> 00:04:38,200 segue for me to talk about the capabilities that we bring to 85 00:04:38,200 --> 00:04:44,080 the table, right? If you think about the space 86 00:04:44,080 --> 00:04:48,920 itself, people call it in various different names, but at 87 00:04:48,920 --> 00:04:52,040 its core, it's really just managing privileged access or 88 00:04:52,040 --> 00:04:54,320 privileged access management, right? 89 00:04:55,400 --> 00:05:01,880 And 2025 years ago, the space was, as I mentioned, synonymous 90 00:05:01,880 --> 00:05:07,640 with creating words and secrets. And the, the, the definition of 91 00:05:07,640 --> 00:05:13,840 the space at the time was depended on what privileged 92 00:05:13,840 --> 00:05:18,200 resources were. So for people who've been like, 93 00:05:18,200 --> 00:05:21,440 like you and I, who've been in the industry for decades, right, 94 00:05:21,440 --> 00:05:25,440 if we wind down the clock, wind back the clock. 20 years ago, 95 00:05:25,480 --> 00:05:31,320 privileged resources meant servers in the data centre or 96 00:05:31,320 --> 00:05:35,040 databases that were physically located on boxes within the data 97 00:05:35,040 --> 00:05:39,560 centre, right? And access to them basically 98 00:05:39,560 --> 00:05:44,400 meant create a root, a root account or a Linux administrator 99 00:05:44,400 --> 00:05:49,800 account or a database admin account, create a credential to 100 00:05:49,800 --> 00:05:55,160 those accounts, put them in a vault and then rotate those and 101 00:05:55,160 --> 00:05:58,560 then issue issue those credentials to people on demand, 102 00:05:59,880 --> 00:06:03,920 right. I call this version of Pam as 103 00:06:04,000 --> 00:06:06,520 the vault LED Pam or the secrets LED Pam. 104 00:06:10,240 --> 00:06:13,160 Then you know, let's call it early 2000 tens. 105 00:06:15,560 --> 00:06:21,800 This was the early cloud era. And instead of servers and 106 00:06:21,800 --> 00:06:24,680 databases being physically located within a data centre, 107 00:06:25,080 --> 00:06:29,720 they began to be located in a WSGCP Azure, right? 108 00:06:29,720 --> 00:06:34,640 And the very first use cases that people had was just lift 109 00:06:34,640 --> 00:06:39,160 and shift your workloads as they are from the data centre to the 110 00:06:39,160 --> 00:06:43,760 cloud, right? So then the the use cases for 111 00:06:43,760 --> 00:06:49,560 Pam translated to hey, give me access to databases and and and 112 00:06:49,560 --> 00:06:50,920 the virtual machines in the cloud, right? 113 00:06:50,920 --> 00:06:56,640 Easy peasy, right? So in those very early days, the 114 00:06:56,720 --> 00:07:00,560 legacy or the vault LED Pams attempted to solve the same 115 00:07:00,560 --> 00:07:03,920 problem by checking in, checking out credentials to these 116 00:07:03,960 --> 00:07:05,840 databases and virtual virtual machines. 117 00:07:06,760 --> 00:07:09,200 The problem was there were too many of them, right? 118 00:07:09,240 --> 00:07:14,880 As, as, as is, you know, anyone who's familiar with cloud, 119 00:07:14,880 --> 00:07:18,200 native cloud development will know that infrastructure spins 120 00:07:18,200 --> 00:07:20,280 up, up and down on demand. And there's a lot of 121 00:07:20,280 --> 00:07:26,080 infrastructure, right? So the old strategy of securing 122 00:07:26,080 --> 00:07:31,520 credentials didn't quite work as well as people would have liked 123 00:07:32,440 --> 00:07:36,160 it. It left SSH keys for virtual 124 00:07:36,160 --> 00:07:38,960 machines all over the place. It left database credentials all 125 00:07:38,960 --> 00:07:43,280 over the place and rotating those manually became a bit of 126 00:07:43,280 --> 00:07:45,800 a, you know, pain in the neck, right. 127 00:07:46,000 --> 00:07:50,240 So, so the second fail evolution of Pam was what I call as a 128 00:07:50,240 --> 00:07:53,760 bastion LED Pam. And, and what I mean by bastion 129 00:07:53,760 --> 00:07:57,880 LED Pam Well, instead of giving and managing access to each and 130 00:07:57,880 --> 00:08:00,880 every one of these servers individually, people saw that it 131 00:08:00,880 --> 00:08:04,360 was much easier to just put a bastion in front of your network 132 00:08:04,640 --> 00:08:08,600 or a proxy or a jump host. The the bastions come in various 133 00:08:08,600 --> 00:08:11,600 different names, right? And and, and and just control 134 00:08:12,080 --> 00:08:15,080 the access to your network through this one server called 135 00:08:15,080 --> 00:08:19,800 the Bastion, right. So, So what I'll call this the 136 00:08:19,800 --> 00:08:25,760 the pans of this era as the bastion LED time, they worked, 137 00:08:26,080 --> 00:08:30,000 except they were also a giant, giant pain in the neck in, in, 138 00:08:30,000 --> 00:08:33,919 in ways in, in different ways than than than than the the 139 00:08:33,919 --> 00:08:36,600 older Pam solutions. The problem with spinning up 140 00:08:36,600 --> 00:08:40,520 infrastructure was that, hey, as, as when I know, every time 141 00:08:40,520 --> 00:08:44,400 you, you, you start deploying an infrastructure for anything 142 00:08:44,800 --> 00:08:47,760 you're on the hook for to maintain it, right? 143 00:08:47,920 --> 00:08:52,400 So maintenance and usability and developer experience was a major 144 00:08:52,400 --> 00:08:55,200 challenge in in using the Pam solutions of this era. 145 00:08:55,760 --> 00:09:04,160 And and and secondly, the other big problem was once you were in 146 00:09:04,160 --> 00:09:06,520 the network, you still had access to everything. 147 00:09:06,560 --> 00:09:10,160 In other words, you had standing access as a developer to a lot 148 00:09:10,160 --> 00:09:13,400 of your privileged infrastructure, right? 149 00:09:15,960 --> 00:09:20,760 And hence to solve these problems is, you know, we 150 00:09:20,760 --> 00:09:24,560 believe we are in the third evolution of of Pam, which I'd 151 00:09:24,560 --> 00:09:29,360 call as the API LED Pam, right? And that is ultimately the 152 00:09:29,360 --> 00:09:35,680 problem we are solving, which is that as P0, we want to provide 153 00:09:35,760 --> 00:09:40,680 a, a, a solution that can secure access to all of your sensitive 154 00:09:40,680 --> 00:09:45,600 assets in the cloud from identities of all sort use, 155 00:09:45,600 --> 00:09:48,080 whether it's users, whether it's service accounts, whether it's 156 00:09:48,080 --> 00:09:52,120 machine identities or whether it's AI agents, right. 157 00:09:52,520 --> 00:09:56,560 And what's changed in the past few years is that we, you know, 158 00:09:56,560 --> 00:10:03,200 now the cloud IMAPIS are, are robust enough that we can use an 159 00:10:03,200 --> 00:10:08,360 architecture that's based on using those IMAPIS to, to secure 160 00:10:08,360 --> 00:10:12,720 privileged access on demand for, for any, for any identity of any 161 00:10:12,720 --> 00:10:15,120 sort. And, and, and that is what we 162 00:10:15,120 --> 00:10:18,360 call as the API LED Pam, right? It's, it's, it's a natural 163 00:10:18,360 --> 00:10:22,920 evolution of Pam from Bastian LED Pam or sorry, word LED Pam 164 00:10:22,920 --> 00:10:27,240 or secret LED Pam to Bastian LED Pam to ultimately to API LED 165 00:10:27,240 --> 00:10:30,520 Pam, right. And it's, it's, it's meant for 166 00:10:30,520 --> 00:10:35,160 organizations who've been using cloud, cloud native technologies 167 00:10:35,760 --> 00:10:39,720 or hybrid environments. And, and, and what they have 168 00:10:39,720 --> 00:10:42,680 witnessed is that there are so many identities in the cloud, so 169 00:10:42,680 --> 00:10:47,160 many resources in the cloud users, you know, people call 170 00:10:47,160 --> 00:10:50,640 them non non human identities or service accounts or IM roles. 171 00:10:50,880 --> 00:10:53,640 And all of these can access the cloud in so many different ways 172 00:10:53,880 --> 00:10:57,440 that you really need a, a, a different solution that can work 173 00:10:57,440 --> 00:10:59,920 at the scale of the cloud. That is, that is the ultimate 174 00:10:59,920 --> 00:11:03,240 problem we are looking to solve. So you, you talked about sort of 175 00:11:03,240 --> 00:11:06,920 the history there of Pam and, you know, the, the vault era, 176 00:11:06,920 --> 00:11:09,480 the bastion era, the API era. And I'm sure there'll be future 177 00:11:09,480 --> 00:11:11,440 errors that we are, you know, thinking about. 178 00:11:11,680 --> 00:11:15,280 How do, how do analysts think about this is when you have this 179 00:11:15,280 --> 00:11:18,200 conversation with folks like that, who are looking at the 180 00:11:18,200 --> 00:11:21,000 markets, like how do they, how do they see P0? 181 00:11:21,000 --> 00:11:24,920 And do they, do they slot you in as a, as a privileged access 182 00:11:24,920 --> 00:11:27,160 management vendor or some other spot? 183 00:11:27,240 --> 00:11:29,840 Like how does that typically that that that conversation go 184 00:11:29,840 --> 00:11:31,600 no? It's a it's a great question 185 00:11:32,280 --> 00:11:38,120 That is, you know, like most spaces in cybersecurity, right, 186 00:11:38,640 --> 00:11:42,400 there are various overlaps with various different spaces. 187 00:11:43,480 --> 00:11:47,560 In particular, you know, there is a reasonable overlap between 188 00:11:47,560 --> 00:11:52,760 Pam and IGA, right? We do solve some IGA related use 189 00:11:52,760 --> 00:11:56,520 cases as well. And, and for the most part, when 190 00:11:56,520 --> 00:12:01,720 people, when analysts look at us though, it's, it's, it's, you 191 00:12:01,720 --> 00:12:04,720 know, we, they, they've recognized that most of the 192 00:12:04,720 --> 00:12:08,520 capabilities that we bring to the table are, are the domain, 193 00:12:08,520 --> 00:12:10,560 are within the domain of a next Gen. 194 00:12:10,560 --> 00:12:12,560 Pam vendor. And that's what people tend to 195 00:12:12,560 --> 00:12:16,560 recognize us as as. OK, makes sense. 196 00:12:16,800 --> 00:12:19,200 You know, nobody likes to be put into a box I think, but I think 197 00:12:19,200 --> 00:12:22,080 that's it probably helps people kind of understand like where 198 00:12:22,400 --> 00:12:24,160 things fit sort of together in a market. 199 00:12:24,600 --> 00:12:27,200 I got to ask, P0 is such a a unique name. 200 00:12:27,200 --> 00:12:29,240 Where does the name P0 come from? 201 00:12:31,360 --> 00:12:39,080 So the story here is that in my last, in one of the companies 202 00:12:39,080 --> 00:12:43,280 that I worked at before I joined, before I started P0, 203 00:12:45,920 --> 00:12:49,160 there was an acquisition of a company. 204 00:12:49,720 --> 00:12:55,280 And as we were trying to merge the company's assets into the 205 00:12:55,280 --> 00:13:01,480 wider code base, what we realized was that, you know, 206 00:13:01,800 --> 00:13:06,760 the, the company which was acquiring the, the, the, the 207 00:13:07,240 --> 00:13:12,440 acquisition had obviously had a very high bar for security and 208 00:13:12,440 --> 00:13:16,720 they expected the acquiring the acquisition to be at a similar 209 00:13:16,720 --> 00:13:20,160 high bar. So they had to make sure that 210 00:13:20,600 --> 00:13:25,320 they pause any development of any new features for one entire 211 00:13:25,320 --> 00:13:30,040 year in order to, to, to get the, the, the security story to 212 00:13:30,040 --> 00:13:36,240 get right. And as we were implementing the, 213 00:13:36,240 --> 00:13:38,680 the, the features and functionalities to make sure 214 00:13:38,920 --> 00:13:41,720 the, the combined solution had a watertight security posture. 215 00:13:42,400 --> 00:13:47,240 By far the biggest challenge that we faced as an R&D team was 216 00:13:47,280 --> 00:13:50,560 answering the simple question, who has access to production? 217 00:13:50,800 --> 00:13:53,760 Or rather who or what has access to production, right? 218 00:13:54,440 --> 00:13:57,560 And, and how do we make sure that access is secure, that 219 00:13:57,560 --> 00:14:00,280 access is least privileged. It conforms to all the best 220 00:14:00,280 --> 00:14:03,600 practices. No static credentials, no long 221 00:14:03,600 --> 00:14:07,680 standing keys, heavy roll is just the right sized. 222 00:14:08,000 --> 00:14:11,000 And it turned out to be a ginormous problem, right? 223 00:14:11,800 --> 00:14:15,320 Just operationally, how do you make sure that these best 224 00:14:15,320 --> 00:14:22,200 practices get implemented? And that was the motivation for, 225 00:14:22,320 --> 00:14:26,520 for calling the name of the company is P0AS. 226 00:14:26,520 --> 00:14:29,360 As as I'm sure you know and as as I'm sure many of your 227 00:14:29,360 --> 00:14:33,160 listeners are also aware, P0 is the highest level of severity of 228 00:14:33,160 --> 00:14:38,800 any incident. So our our tagline is access is 229 00:14:38,800 --> 00:14:44,440 always AP0 problem. Yeah, that, you know, I, I 230 00:14:44,440 --> 00:14:48,520 wanted to go back because I think the explanation you gave 231 00:14:48,520 --> 00:14:53,120 on the history of privilege management, a lot, it made so 232 00:14:53,120 --> 00:14:55,400 much sense. I just never heard anybody put 233 00:14:55,400 --> 00:14:59,880 it in those different eras. And it kind of leads me to the 234 00:14:59,880 --> 00:15:04,200 question that I wanted to ask, which was, you know, when I 235 00:15:04,200 --> 00:15:08,800 talked to practitioners about how they're solving the very 236 00:15:08,800 --> 00:15:13,200 problem of, OK, now your company's moving more and more 237 00:15:13,200 --> 00:15:16,440 of its IT operations out to the cloud. 238 00:15:16,880 --> 00:15:20,120 How are you managing privilege? How are you managing all these 239 00:15:20,120 --> 00:15:23,600 new accounts? And I know that kind of the 240 00:15:23,600 --> 00:15:28,280 starting point of the preference is, well, I've got IGA, I've got 241 00:15:28,280 --> 00:15:33,080 privileged access management, maybe I've Kim, can I just use 242 00:15:33,080 --> 00:15:36,640 these tools? I, I get the sense that 243 00:15:36,640 --> 00:15:38,200 obviously that falls short, right? 244 00:15:38,200 --> 00:15:42,640 You started this company, P0 dot dev, and by the way, that's P 245 00:15:42,640 --> 00:15:48,480 with the #0 dot dev and P0 dot dev slash idac if you want to 246 00:15:48,800 --> 00:15:50,760 learn more. But you started this company, 247 00:15:50,760 --> 00:15:54,280 you had a vision that if you're just to take kind of the 248 00:15:54,280 --> 00:15:57,680 existing tools and try to approach this problem, it falls 249 00:15:57,680 --> 00:16:00,760 short. My question to you is, what is 250 00:16:00,760 --> 00:16:03,400 that shortcoming? The solutions that you mentioned 251 00:16:03,400 --> 00:16:08,880 in particular like things like IGA, things like Kim, right? 252 00:16:08,880 --> 00:16:16,840 They, they talk it at least as far as Kim and related spaces 253 00:16:16,840 --> 00:16:22,080 like CSPM and CNAP etcetera are concerned, they are concerned 254 00:16:22,440 --> 00:16:25,440 primarily with offering visibility to an environment, 255 00:16:26,400 --> 00:16:28,680 right. In other words, it's an after 256 00:16:28,680 --> 00:16:32,520 the fact at a station of sorts. Hey, these are all the things 257 00:16:32,520 --> 00:16:35,800 that exist in your environment. Let us just make sure somebody's 258 00:16:35,800 --> 00:16:40,040 reviewing that. And most often than more often 259 00:16:40,040 --> 00:16:42,920 than not, it's, it's either the SoC team or the cloud security 260 00:16:42,920 --> 00:16:47,240 team. They, they'll do a, a, a review 261 00:16:47,560 --> 00:16:50,520 based on the limited context they have and they'll say, OK, 262 00:16:50,560 --> 00:16:53,360 it passes all the checks or hey, it does not pass the checks, 263 00:16:54,160 --> 00:16:57,440 right? This is very much a compliance 264 00:16:57,560 --> 00:17:02,320 driven problem or a compliance driven use case, right? 265 00:17:03,080 --> 00:17:05,960 When it comes to actually managing the privileged access, 266 00:17:06,160 --> 00:17:10,640 who are the people who are using access, creating access, 267 00:17:10,680 --> 00:17:12,880 destroying access on a day in, day out basis? 268 00:17:13,160 --> 00:17:17,319 It's not the people who are reviewing access after the fact, 269 00:17:17,319 --> 00:17:20,280 three months later, six months later, on a quarterly schedule 270 00:17:20,280 --> 00:17:23,800 or, or what have you, right? The people who are using access 271 00:17:24,160 --> 00:17:26,680 tend to be the developers, the dev OPS teams, the platform 272 00:17:26,680 --> 00:17:29,520 engineering teams. These are people who need to 273 00:17:29,520 --> 00:17:33,240 maintain production, need to make sure access to production 274 00:17:33,240 --> 00:17:35,680 is secure. Then they are the ones who need 275 00:17:35,680 --> 00:17:39,800 to go and make sure databases are being spun up, data data 276 00:17:39,800 --> 00:17:43,840 jobs are being executed. You know, clusters are healthy, 277 00:17:43,840 --> 00:17:46,240 cluster health has healthy, etcetera, etcetera, right? 278 00:17:48,400 --> 00:17:54,800 They and and and and and what we, because there's a 279 00:17:54,800 --> 00:17:57,960 distinction in the persona. It's not a SoC use case. 280 00:17:57,960 --> 00:18:00,280 It's more of a practitioner driven use case. 281 00:18:01,200 --> 00:18:06,200 The the use case becomes, hey, I don't want to merely review who 282 00:18:06,200 --> 00:18:09,080 has access. I want to give people access 283 00:18:09,080 --> 00:18:11,440 safely. I want to make sure that 284 00:18:11,440 --> 00:18:14,280 whatever they do behind the scenes is audited. 285 00:18:14,720 --> 00:18:17,520 And once their work is done, I want to destroy that access, 286 00:18:18,040 --> 00:18:21,440 right. In other words, the goal of Pam 287 00:18:21,840 --> 00:18:26,200 is not to ensure after the fact that, hey, somebody's reviewing 288 00:18:26,200 --> 00:18:28,160 access. That's the goal. 289 00:18:28,160 --> 00:18:32,600 That's a compliancy compliance related use case relevant for 290 00:18:32,600 --> 00:18:36,240 IGA and Kim. But for Pam the use case is 291 00:18:38,480 --> 00:18:44,400 every access to any privileged system should be a short lived B 292 00:18:44,600 --> 00:18:49,680 it should not be it should be least privileged and C it should 293 00:18:49,680 --> 00:18:51,720 use. It should not use static 294 00:18:51,720 --> 00:18:54,960 credentials or or long lived keys or long lived tokens. 295 00:18:54,960 --> 00:18:58,520 It should as much as possible be based on, on short lived 296 00:18:58,520 --> 00:19:02,080 credentials and add a fourth one in there. 297 00:19:02,440 --> 00:19:05,840 Any activity that is going on under the hood should be 298 00:19:05,840 --> 00:19:10,080 auditable logged for any kind of compliance related audit 299 00:19:10,120 --> 00:19:14,000 requirements, right? So I'd say that that is really 300 00:19:14,000 --> 00:19:18,400 the job of a Pam solution to make sure I reiterate any access 301 00:19:18,400 --> 00:19:23,040 to short lived least privileged does not use static credentials 302 00:19:23,040 --> 00:19:26,160 and is, you know, auditable by design. 303 00:19:26,600 --> 00:19:30,120 And that's that's that's how we differ from an IGA solution or a 304 00:19:30,120 --> 00:19:36,440 chem solution. Yeah, I was kind of so you jump 305 00:19:36,440 --> 00:19:39,320 me to mode one of the other questions that I wanted to to 306 00:19:39,320 --> 00:19:44,200 ask or maybe a topic that I wanted to pose because I think 307 00:19:44,200 --> 00:19:52,040 there's at least this is the the goal state that I've come down 308 00:19:52,040 --> 00:19:55,280 to where you you want your privilege access management 309 00:19:55,280 --> 00:19:59,240 program to be. Is that at least your privilege 310 00:19:59,520 --> 00:20:02,680 access? Maybe it's not the credentials, 311 00:20:02,680 --> 00:20:06,520 maybe it's more the entitlements that it's where the rubber hits 312 00:20:06,520 --> 00:20:09,480 the road. You want that to be just in time 313 00:20:09,480 --> 00:20:14,520 0 standing privileges because if some account gets compromised, 314 00:20:15,520 --> 00:20:19,640 it won't just lead to inappropriate access or 315 00:20:20,120 --> 00:20:23,440 downright dangerous access. Is that kind of where you're 316 00:20:23,440 --> 00:20:25,800 going with what you're talking about earlier? 317 00:20:25,800 --> 00:20:31,040 And then I mean, the reason that organizations aren't doing that 318 00:20:31,040 --> 00:20:34,080 I, I don't think it's because they don't agree with that or 319 00:20:34,320 --> 00:20:36,720 that they're lazy. It's just, it's hard to do. 320 00:20:36,880 --> 00:20:40,520 Maybe it's hard to do because the tools that existed up until 321 00:20:40,520 --> 00:20:43,800 today don't really make it easy to do. 322 00:20:43,840 --> 00:20:45,560 I don't know. Absolutely. 323 00:20:45,600 --> 00:20:47,360 Absolutely. So you hit the name on the head, 324 00:20:47,360 --> 00:20:50,520 right? Entitlements are something you 325 00:20:50,520 --> 00:20:54,960 worry about when a system is very complex, like the cloud, 326 00:20:55,520 --> 00:20:58,680 right? During the vault LED pan era, 327 00:20:59,000 --> 00:21:00,840 there's no such thing as entitlements, right? 328 00:21:01,000 --> 00:21:04,240 Once you had root privileges to to a box, you could go in there 329 00:21:04,240 --> 00:21:06,120 and do whatever it is that you wanted to right? 330 00:21:06,360 --> 00:21:10,000 The entitlements were fairly easy to to control because you 331 00:21:10,160 --> 00:21:11,760 they were only a handful of systems. 332 00:21:12,680 --> 00:21:16,080 This started breaking down completely in the cloud native 333 00:21:16,080 --> 00:21:19,920 era, especially as IMABI has became more sophisticated 334 00:21:20,360 --> 00:21:23,720 because instead of the front door access via username 335 00:21:23,720 --> 00:21:29,040 password, the the attack surface became entitlements. 336 00:21:29,720 --> 00:21:33,680 Right? So a big portion of what we call 337 00:21:33,720 --> 00:21:39,840 as the API LED Pam is as I said, the problems it looks to solve 338 00:21:39,840 --> 00:21:45,240 are how do you make every every access short lived and least 339 00:21:45,240 --> 00:21:47,160 privileged and auditable by design. 340 00:21:47,440 --> 00:21:50,440 You know what that means? Just in time access for users. 341 00:21:50,720 --> 00:21:54,960 That means 0 standing access for users as well as non human 342 00:21:54,960 --> 00:21:59,000 identities, right? It's how do you implement and 343 00:21:59,000 --> 00:22:02,400 operationalize these concepts that is really the heart of what 344 00:22:02,640 --> 00:22:05,040 this next Gen. pad panel is all about. 345 00:22:06,720 --> 00:22:13,080 So I'm wondering when you get called into, OK, let's see demo 346 00:22:13,080 --> 00:22:17,240 P0, is that usually when an organization saying that we kind 347 00:22:17,240 --> 00:22:20,920 of hit our limits with privileged access management or 348 00:22:21,120 --> 00:22:25,200 we don't have privileged access management, or, you know, I've 349 00:22:25,200 --> 00:22:30,120 seen a lot of privileged access management organizations buying 350 00:22:30,120 --> 00:22:34,320 to privileged access management and it flops, right? 351 00:22:34,320 --> 00:22:37,800 Or maybe they own a whole lot of licenses and are just doing 352 00:22:37,800 --> 00:22:41,120 vaulting and things like that. It's because there's so much 353 00:22:41,120 --> 00:22:44,960 resistance from the developer. And one thing I'm getting the 354 00:22:44,960 --> 00:22:48,720 sense of is that the developers want to use this product. 355 00:22:48,720 --> 00:22:52,240 It makes their job easier. So, you know, one, I wanted to 356 00:22:52,360 --> 00:22:55,800 to validate that. But two, I'm more interested to 357 00:22:55,800 --> 00:22:59,200 know when is it that practitioners are calling you 358 00:22:59,480 --> 00:23:01,440 in? Is it because their wholesale 359 00:23:01,440 --> 00:23:05,040 need to, you know, they've, they've recognized that they 360 00:23:05,040 --> 00:23:09,240 need a new platform or is it that there's certain use cases 361 00:23:09,240 --> 00:23:13,400 that are coming up and they're looking to, you know, add on to 362 00:23:13,400 --> 00:23:17,160 what they have to kind of just address those use cases? 363 00:23:17,440 --> 00:23:21,520 Yeah, no, great question. So I'd say people fall along the 364 00:23:21,520 --> 00:23:28,640 spectrum of of of their of how much bought into the concept of 365 00:23:28,640 --> 00:23:34,280 pan. They are right on one extreme of 366 00:23:34,280 --> 00:23:38,080 the spectrum are people who are already bought in, they know 367 00:23:38,080 --> 00:23:43,080 they need pan and most likely they're already using some 368 00:23:43,080 --> 00:23:45,680 version or older version of a Pam product. 369 00:23:46,960 --> 00:23:49,440 Let's call let's say that they are using the bastion LED Pam, 370 00:23:50,080 --> 00:23:53,640 right They'll security team, in fact one of our largest 371 00:23:53,640 --> 00:23:55,680 customers falls in this category. 372 00:23:55,920 --> 00:24:03,200 They were using a, a, you know, a bastion LED Pam with, let's 373 00:24:03,200 --> 00:24:05,120 go, let's say a 15 year old technology, right? 374 00:24:05,440 --> 00:24:10,000 And, and they realized that A, the user experience of 375 00:24:10,000 --> 00:24:12,920 maintaining infrastructure and deploying infrastructure is not 376 00:24:12,920 --> 00:24:16,800 the best in the world. And, and B, this, this product 377 00:24:16,800 --> 00:24:19,720 gives developers standing access to critical infrastructure, 378 00:24:20,040 --> 00:24:23,800 which does not fly with most sophisticated customers anymore, 379 00:24:24,000 --> 00:24:25,640 right? Every, every customer wants 380 00:24:25,640 --> 00:24:30,520 their data sensitive data in the hands of their vendors to be 381 00:24:30,520 --> 00:24:33,120 secure, right. So this this company was a 382 00:24:33,120 --> 00:24:36,040 vendor to their own customers. They want to make sure that 383 00:24:36,040 --> 00:24:39,800 their developers do not have standing access or standing 384 00:24:39,800 --> 00:24:42,480 privileges to do to any of their customer data. 385 00:24:43,200 --> 00:24:48,560 So they came in and they decided, hey, yes, we would like 386 00:24:48,560 --> 00:24:54,680 a solution in which our, our developers are, their experience 387 00:24:54,680 --> 00:24:58,000 is, is, is not affected. If anything, it's enhanced. 388 00:24:58,440 --> 00:25:02,400 And yet they do not have standing access to, to, to any 389 00:25:02,400 --> 00:25:06,160 infrastructure anymore. They can elevate their 390 00:25:06,160 --> 00:25:08,720 privileges on demand in a just in time fashion. 391 00:25:09,000 --> 00:25:11,040 And when their work is done, they can revoke those. 392 00:25:11,120 --> 00:25:13,240 You can revoke that access, right. 393 00:25:13,320 --> 00:25:16,760 So that is 1 extreme of customers who are completely 394 00:25:16,760 --> 00:25:19,880 bought into the idea. They need Pam and if anything, 395 00:25:19,880 --> 00:25:23,800 they might need a refresh of the, the, the, the Lexi Pam 396 00:25:23,800 --> 00:25:28,120 vendors that they already have. On the other extreme, they might 397 00:25:28,120 --> 00:25:33,880 be customers as you, as you, as you said, right, who where the 398 00:25:33,880 --> 00:25:38,600 security team knows that they need Pam, right, But they may 399 00:25:38,600 --> 00:25:43,920 not have the buy in from the developer teams just yet. 400 00:25:44,160 --> 00:25:46,800 Developers are a little hesitant to give up their standing 401 00:25:46,800 --> 00:25:49,040 access. They are a little hesitant to, 402 00:25:49,040 --> 00:25:53,640 to make sure that these service accounts, IM roles, etcetera, 403 00:25:53,880 --> 00:25:56,920 they, they conform to the best practices, right? 404 00:25:58,120 --> 00:26:02,440 And for, for such customers, the idea of Pam is more of a 405 00:26:02,440 --> 00:26:07,520 journey, right, which starts by giving them visibility into 406 00:26:08,320 --> 00:26:13,200 every access path to their production stack, right? 407 00:26:14,000 --> 00:26:17,520 So that's the step one. Step 2 is identifying which of 408 00:26:17,520 --> 00:26:21,640 those access paths or access patterns are potentially risky 409 00:26:23,120 --> 00:26:27,560 and, and giving them workflows to, to implement some governance 410 00:26:27,560 --> 00:26:29,600 or remove those, those standing privileges. 411 00:26:30,040 --> 00:26:33,440 And step three, once that is done, how do you transition them 412 00:26:33,440 --> 00:26:35,600 over to a just in time access model, right. 413 00:26:35,800 --> 00:26:38,200 So these three steps don't happen overnight. 414 00:26:38,800 --> 00:26:43,480 It becomes more of a journey to, to educate the, the, the broader 415 00:26:43,480 --> 00:26:45,920 teams that, hey, this is, there's a better way to do this. 416 00:26:46,920 --> 00:26:50,520 And, and, and, and, and that's how those, those conversations 417 00:26:50,520 --> 00:26:53,800 go. And, and, and most customers are 418 00:26:53,800 --> 00:26:56,880 not, are somewhere on the spectrum between these two 419 00:26:56,880 --> 00:26:58,400 extremes, as you can imagine, right? 420 00:26:59,720 --> 00:27:01,440 And, and, and, and that's it. It. 421 00:27:01,680 --> 00:27:04,000 It really comes down to understanding what specific 422 00:27:04,000 --> 00:27:06,880 problem they're looking to solve and working with them to make 423 00:27:06,880 --> 00:27:09,560 sure we operationalize that. Yeah, great answer. 424 00:27:10,560 --> 00:27:14,040 You know, I'm kind of sitting here thinking like the identity 425 00:27:14,040 --> 00:27:18,640 industry follows what's happening in IT, the tools and 426 00:27:18,640 --> 00:27:23,520 identity need to solve the problems that or challenges that 427 00:27:23,760 --> 00:27:27,760 the IT infrastructure applications, etcetera throw at 428 00:27:27,760 --> 00:27:31,280 it. I'm also kind of thinking with 429 00:27:31,280 --> 00:27:35,760 that question that it does seem to me, you know, it goes all the 430 00:27:35,760 --> 00:27:39,080 way back to that timeline that you payment, you know, going 431 00:27:39,080 --> 00:27:43,720 from 20 year old where it was the vault, then it was Bastion 432 00:27:43,720 --> 00:27:49,880 or Jump Box, now it's API driven that really there is legacy Pam 433 00:27:50,600 --> 00:27:55,240 and modern Pam. I feel like when I talk to 434 00:27:55,240 --> 00:27:59,000 organizations and this has always been true, OK, so this 435 00:27:59,000 --> 00:28:02,960 has been true since my very first days in IT is that 436 00:28:02,960 --> 00:28:06,360 organizations have one foot in the past and 1 foot in the 437 00:28:06,360 --> 00:28:10,320 future, right? One foot in the past is always 438 00:28:10,320 --> 00:28:13,360 going to be there. But if you look five years down 439 00:28:13,360 --> 00:28:17,200 the road, more is going to be what you call the future today, 440 00:28:17,200 --> 00:28:19,800 right? And so if you're starting out 441 00:28:19,800 --> 00:28:23,280 today and you say we got 1 foot in the future, if you say we 442 00:28:23,280 --> 00:28:26,920 need to solve for both, bottom line is we need to follow solve 443 00:28:26,920 --> 00:28:28,760 for both. That you're going to probably 444 00:28:28,760 --> 00:28:32,040 need legacy Pam and modern Pam at the same time. 445 00:28:32,240 --> 00:28:35,400 But if you start, if you're at the point where you have nothing 446 00:28:35,680 --> 00:28:42,080 and you have to pick between the two, I'd say where are you going 447 00:28:42,080 --> 00:28:45,080 to 1st off, you're not just going to snap your fingers. 448 00:28:45,080 --> 00:28:46,520 Then a Pam's going to be rolled out. 449 00:28:46,800 --> 00:28:50,000 So you're looking at a couple years and you have to look at 450 00:28:50,000 --> 00:28:52,120 like, where are you going to be in the future? 451 00:28:52,120 --> 00:28:55,200 You're going to be mostly in the future or mostly in the past. 452 00:28:55,200 --> 00:28:56,600 You're going to be mostly in the past. 453 00:28:56,600 --> 00:28:58,800 Maybe you do need legacy Pam as your answer. 454 00:28:59,000 --> 00:29:02,080 But if where you're going is going to be in the cloud, it's 455 00:29:02,080 --> 00:29:07,240 going to be using much more automation, maybe AI agents in 456 00:29:07,240 --> 00:29:09,960 the future, like that's where you put your investment. 457 00:29:10,600 --> 00:29:12,920 Thoughts. Yeah, no, absolutely. 458 00:29:12,920 --> 00:29:16,200 So you you hit the name on the head right, given the 459 00:29:16,200 --> 00:29:20,680 implementation times involved with with with with digital 460 00:29:20,680 --> 00:29:25,520 transformations of most of the size that most respectable 461 00:29:25,520 --> 00:29:33,360 organizations undertake right. It's the, the, the calculus in 462 00:29:33,360 --> 00:29:37,120 front of most security leaders is not just what they need now. 463 00:29:37,440 --> 00:29:41,280 But hey, given our organizations current investments, given our 464 00:29:41,280 --> 00:29:44,600 organizations planned investments, where are we likely 465 00:29:44,600 --> 00:29:46,680 to be in the next 5 years, right? 466 00:29:46,680 --> 00:29:49,640 What is my stack on a look like? Is it going to be more cloud 467 00:29:49,640 --> 00:29:50,760 native? Is it going to be less cloud 468 00:29:50,760 --> 00:29:53,400 native? Is it completely irrelevant 469 00:29:53,400 --> 00:29:55,720 based on some of the AI investments we are making? 470 00:29:56,160 --> 00:29:59,320 And given that reality or given that projection five years out, 471 00:29:59,560 --> 00:30:03,480 what is the best solution that fits the needs and will future 472 00:30:03,480 --> 00:30:06,080 proof us so that we don't have to worry about this damn problem 473 00:30:06,360 --> 00:30:10,200 for the next 10 years, right? That's, that's the, that's the, 474 00:30:10,200 --> 00:30:14,080 the calculus in front of, of, of most security leaders out there. 475 00:30:14,200 --> 00:30:20,920 What is the the maximum we can solve that would make this this 476 00:30:20,920 --> 00:30:23,320 investment moot for the next 10 years? 477 00:30:24,960 --> 00:30:27,360 Yeah, absolutely. So I wanted to ask you another 478 00:30:27,360 --> 00:30:29,440 question based on something you said earlier. 479 00:30:29,720 --> 00:30:33,440 We were talking about we need to, I think you're taking a 480 00:30:33,440 --> 00:30:36,480 story from your past. You're talking about protecting 481 00:30:37,120 --> 00:30:39,800 people, but also the non people, right? 482 00:30:39,800 --> 00:30:43,640 So you're getting into this whole non human identity 483 00:30:43,960 --> 00:30:49,080 question. And I guess in my mind they're 484 00:30:49,080 --> 00:30:52,680 different, but I'm not, you know, and having talked to you 485 00:30:52,680 --> 00:30:57,720 in the past, I kind of get the sense you don't treat them 486 00:30:57,720 --> 00:31:00,040 differently or you don't think about them differently when it 487 00:31:00,040 --> 00:31:03,560 comes to management of the access that they have. 488 00:31:03,600 --> 00:31:06,440 And I'm wondering if you can explain that a little bit. 489 00:31:07,440 --> 00:31:10,640 Great question. So I think I want to distinguish 490 00:31:10,640 --> 00:31:15,720 between what's a use case and what's a company, right or or 491 00:31:15,720 --> 00:31:17,840 rather what's a use case and what's a platform. 492 00:31:18,280 --> 00:31:22,240 Absolutely securing service accounts, non human identities 493 00:31:22,240 --> 00:31:25,400 etcetera is a very legitimate use case, right. 494 00:31:25,400 --> 00:31:27,960 Absolutely. This thing is becoming more 495 00:31:27,960 --> 00:31:33,240 relevant now that we are in a in a cloud native error, we are in 496 00:31:33,760 --> 00:31:38,360 moving towards an agentic error. There the number of entities 497 00:31:38,360 --> 00:31:44,000 that can access your sensitive infrastructure and data is is 498 00:31:44,000 --> 00:31:47,320 increasing and only going to explode even more rapidly from 499 00:31:47,320 --> 00:31:56,200 here on, right. But I would argue that is a use 500 00:31:56,200 --> 00:32:03,040 case and not a company defining feature in and of itself because 501 00:32:04,840 --> 00:32:10,440 I define the space privileged access management as hey, I need 502 00:32:10,440 --> 00:32:14,160 a platform that helps secure privileged access to my 503 00:32:14,160 --> 00:32:16,360 sensitive infrastructure. Period. 504 00:32:16,840 --> 00:32:20,520 No way do I say that it has to only come from users, or it has 505 00:32:20,520 --> 00:32:24,320 to come from machines or it has to come from agents, right? 506 00:32:24,320 --> 00:32:28,200 I mean, at the end of the day, if I'm a security leader, I care 507 00:32:28,200 --> 00:32:34,440 about securing access because that is my most important 508 00:32:35,960 --> 00:32:38,080 perimeter, for the lack of a better word. 509 00:32:38,320 --> 00:32:40,920 I hate the word perimeter. It gets used and abused so much. 510 00:32:41,280 --> 00:32:44,880 But but it's true, right? It's identity and access is is 511 00:32:44,960 --> 00:32:48,240 the foot is the most important line of defence, right? 512 00:32:48,400 --> 00:32:55,760 But it almost sounds a little too narrow to think about access 513 00:32:55,760 --> 00:32:59,080 for only certain categories of identities, right? 514 00:32:59,440 --> 00:33:02,920 Particularly when it's the same product or the same framework of 515 00:33:02,920 --> 00:33:05,840 thinking can solve both those problems, right? 516 00:33:06,040 --> 00:33:09,440 At the end of the day, our belief is that any kind of 517 00:33:09,440 --> 00:33:12,960 access, whether it's from users or from non human identities, 518 00:33:13,480 --> 00:33:15,480 any kind of access should be least privileged. 519 00:33:15,920 --> 00:33:20,000 It should be short lived and it should conform to the best 520 00:33:20,000 --> 00:33:24,960 practices of of not using static credentials, no matter whether 521 00:33:24,960 --> 00:33:29,760 it's for users, EI agents or non human identities, right? 522 00:33:29,760 --> 00:33:32,320 So. Yeah, Yeah, it's absolutely. 523 00:33:32,320 --> 00:33:38,520 So the business drivers that you just mentioned I'm 100% on board 524 00:33:38,520 --> 00:33:40,440 with. I mean you are spot on. 525 00:33:41,200 --> 00:33:45,240 My question, I guess my follow up question to that is talked 526 00:33:45,240 --> 00:33:49,680 about the word in this API era. I think I know what that means. 527 00:33:50,080 --> 00:33:54,920 Is that what enables you to more or less treat them the same? 528 00:33:54,920 --> 00:33:58,200 Or is it just the the business philosophy? 529 00:33:58,400 --> 00:34:01,960 Is the technology in the background, this API era that 530 00:34:02,200 --> 00:34:08,360 you know, if you can script it to go out to an API, then you 531 00:34:08,360 --> 00:34:10,880 can you can make it work? Absolutely, Absolutely. 532 00:34:10,920 --> 00:34:14,040 I mean, you, you hit the, you hit the name on the head, right? 533 00:34:14,040 --> 00:34:15,960 So it's not just the business drivers that I was talking 534 00:34:15,960 --> 00:34:17,639 about, it's also the technical drivers. 535 00:34:19,520 --> 00:34:22,880 In a nutshell, the way our product works is that we create 536 00:34:22,880 --> 00:34:30,800 a graph of of every identity in the system, who's the consumer 537 00:34:30,800 --> 00:34:33,960 of that identity, what credentials they're using, what 538 00:34:33,960 --> 00:34:37,719 roles, permissions they have and what insensitive resources they 539 00:34:37,719 --> 00:34:41,360 have access to, right. So think of it as a graph and it 540 00:34:41,360 --> 00:34:45,120 does not make a huge amount of sense, in my opinion, to treat 541 00:34:45,120 --> 00:34:48,560 this graph differently for users versus non human identities 542 00:34:48,560 --> 00:34:51,360 versus versus agents. What not right? 543 00:34:51,600 --> 00:34:57,600 So technically we have under the hood, a common engine that 544 00:34:57,600 --> 00:35:00,480 treats all of these different kinds of identities as one, 545 00:35:01,080 --> 00:35:03,480 right? And all of this graph is just 546 00:35:03,480 --> 00:35:08,040 built by hooking together the the APIs of different systems, 547 00:35:08,040 --> 00:35:11,880 such as your cloud providers, your identity providers, your 548 00:35:11,880 --> 00:35:16,280 HRMS systems, right? And and and we don't really need 549 00:35:16,280 --> 00:35:20,720 to to to slice and dice it further based on the the the 550 00:35:20,760 --> 00:35:25,440 kind of identity when when when one common framework can is good 551 00:35:25,440 --> 00:35:27,880 enough for treating both of them as first class citizens. 552 00:35:28,160 --> 00:35:31,760 And so I think that's going to be a lead into my, the, the, my 553 00:35:31,760 --> 00:35:35,200 next question or my last question, which was really I'm, 554 00:35:35,280 --> 00:35:37,480 I'm thinking from the practitioner perspective. 555 00:35:37,480 --> 00:35:41,800 So some tools you buy them because they've got great 556 00:35:41,800 --> 00:35:46,000 features and functionality other tools bring to the table, like 557 00:35:46,440 --> 00:35:50,840 wide visibility, like you can connect to a lot of things and 558 00:35:50,840 --> 00:35:54,760 get the visibility. And I'm wondering from the P0 559 00:35:54,760 --> 00:35:58,240 perspective, which of those two camps do you fall into? 560 00:35:59,440 --> 00:36:03,480 So ultimately we want to be the, the tool that helps in the 561 00:36:03,480 --> 00:36:07,880 operationalization of, of police privilege, right? 562 00:36:08,200 --> 00:36:12,120 And visibility is a necessary first step on that journey. 563 00:36:12,800 --> 00:36:16,480 So again, it goes back to what I was saying, customers fall on a 564 00:36:16,480 --> 00:36:18,600 spectrum. They'll be the ones that they'll 565 00:36:18,600 --> 00:36:22,200 be ones that are more advanced who will come in and say, you 566 00:36:22,200 --> 00:36:23,600 know what, we don't need visibility. 567 00:36:23,600 --> 00:36:26,920 Just help me implement least privilege because I already have 568 00:36:26,920 --> 00:36:29,600 the basic building blocks in place, right? 569 00:36:29,600 --> 00:36:32,480 For them. We are first and foremost an 570 00:36:32,480 --> 00:36:36,080 operationalization of least privilege company, right? 571 00:36:36,240 --> 00:36:40,240 Then there'll be others who are bought into the idea, but they 572 00:36:40,240 --> 00:36:42,560 may face developer resistance to begin with. 573 00:36:42,960 --> 00:36:46,880 For them, in the beginning, we'll land by providing them 574 00:36:46,880 --> 00:36:50,120 visibility. But ultimately, even for them, 575 00:36:50,600 --> 00:36:56,440 if we are so successful, we want to move them towards a model of 576 00:36:56,440 --> 00:36:58,760 operationalizing lease privilege, right? 577 00:36:58,920 --> 00:37:03,800 So to answer your question, Jim, for all customers, we are 578 00:37:03,800 --> 00:37:08,560 ultimately a company that wants to operationalize lease 579 00:37:08,560 --> 00:37:10,760 privilege. For some of those. 580 00:37:11,080 --> 00:37:14,480 The way to do so is by giving them visibility and hand holding 581 00:37:14,480 --> 00:37:16,600 them. On the journey so all this talk 582 00:37:16,600 --> 00:37:18,800 of identity and you're you're preaching to the choir here, 583 00:37:18,800 --> 00:37:21,080 right you're on the identity at the center podcast, right so we 584 00:37:21,080 --> 00:37:24,040 kind of get it but there's a lot of people who listen to this who 585 00:37:24,040 --> 00:37:26,280 maybe don't consider themselves an identity they might be an 586 00:37:26,280 --> 00:37:29,280 engineering or insecurity or, you know somewhere around there. 587 00:37:29,600 --> 00:37:33,200 What's something that you wish, like engineering, people would 588 00:37:33,200 --> 00:37:36,880 understand about access and, and identities and, and how to 589 00:37:36,880 --> 00:37:41,000 manage it? Because I hate to say it, but 590 00:37:41,000 --> 00:37:43,120 people keep saying identity is the new perimeter. 591 00:37:43,640 --> 00:37:45,600 It's been around forever. It's not a new perimeter. 592 00:37:45,920 --> 00:37:48,440 So I feel like this is an area where we could probably do some 593 00:37:48,440 --> 00:37:51,280 education for for people who maybe aren't as familiar with it 594 00:37:51,280 --> 00:37:54,360 or haven't traditionally looked at identity as as part of their 595 00:37:54,360 --> 00:37:56,840 their role. Yeah, no, absolutely. 596 00:37:56,880 --> 00:38:01,360 I think the biggest learning for anyone who's not in a core 597 00:38:01,360 --> 00:38:04,840 security function, who's not thinking about identity on a day 598 00:38:04,840 --> 00:38:09,280 in, day out basis, is that expediency in technical 599 00:38:09,280 --> 00:38:17,160 decisions ultimately always creates headaches further down 600 00:38:17,160 --> 00:38:23,320 the line. And in many areas, this is truer 601 00:38:23,320 --> 00:38:26,240 than others. And identity happens to be 1. 602 00:38:27,040 --> 00:38:30,040 And what I mean by that is if you're an engineer, it's very 603 00:38:30,040 --> 00:38:34,120 easy to be expedient and say that, hey, no, I need standing 604 00:38:34,120 --> 00:38:36,080 access all the time because I need it for my work. 605 00:38:36,400 --> 00:38:40,520 Or hey, I, I need to hard code this credential into my, into 606 00:38:40,520 --> 00:38:42,320 the service that I'm building because you know what? 607 00:38:42,400 --> 00:38:46,840 Yellow right? But, but, but, but those things 608 00:38:49,480 --> 00:38:51,480 are never the security best practice. 609 00:38:51,720 --> 00:38:58,440 They always snowball over time. They almost always compound and 610 00:38:58,440 --> 00:39:01,800 and in time become a much bigger problem than if they're 611 00:39:01,880 --> 00:39:03,560 addressed directly at the source. 612 00:39:04,000 --> 00:39:07,960 And if you have the right tools that addressing those at the 613 00:39:07,960 --> 00:39:12,840 source is actually much easier than it than it sounds right. 614 00:39:12,920 --> 00:39:19,560 So, so that is that is something that I wish you know the the the 615 00:39:19,720 --> 00:39:24,200 people who are in touch with identity, but from a user 616 00:39:24,200 --> 00:39:26,680 perspective, but not thinking about it day in, day out. 617 00:39:26,880 --> 00:39:29,480 That is something that I would wish that they would stand, stop 618 00:39:29,480 --> 00:39:32,800 for a minute and appreciate. So let me challenge a little bit 619 00:39:32,800 --> 00:39:37,800 because what happens if you've inherited a mess, right? 620 00:39:37,800 --> 00:39:39,880 This happens a lot, right? As you know, someone comes into 621 00:39:39,880 --> 00:39:42,520 a new role or you know, decisions that were made in the 622 00:39:42,520 --> 00:39:44,920 past maybe aren't the best decisions, and we have to pick 623 00:39:44,920 --> 00:39:46,720 up the pieces of whatever that looks like. 624 00:39:47,040 --> 00:39:50,320 What's some advice if you're in that scenario where you know 625 00:39:50,320 --> 00:39:54,880 what you should do, but it might be difficult either financially 626 00:39:54,880 --> 00:39:56,760 or politically? Absolutely, absolutely. 627 00:39:56,760 --> 00:39:59,640 Look, some amount of technical debt is is. 628 00:40:00,440 --> 00:40:04,280 Is to be expected, right? People go to do things which 629 00:40:04,280 --> 00:40:08,400 they have to do. Everyone is making trade-offs 630 00:40:08,400 --> 00:40:12,520 based on the time, the budget they have, the resources they 631 00:40:12,520 --> 00:40:14,160 have, the OK Rs they need to hit. 632 00:40:14,480 --> 00:40:16,760 That's, that's that's just the world we live in, right? 633 00:40:18,080 --> 00:40:23,120 But at the same time, many of these decisions need not be made 634 00:40:23,120 --> 00:40:28,320 the way they are, especially for Greenfield projects or even if 635 00:40:28,320 --> 00:40:31,240 for brownfield projects, right? If you have to fix something 636 00:40:31,600 --> 00:40:36,080 right, just make sure you are tackling the most important big 637 00:40:36,080 --> 00:40:39,640 rocks in your in the mess that you inherit, right? 638 00:40:39,640 --> 00:40:42,360 And it just so happens identity is usually one of the biggest 639 00:40:42,360 --> 00:40:45,960 rock, if not the biggest rock. Here, here you're, you're, like 640 00:40:45,960 --> 00:40:47,760 I said, you're, you're, you're talking to the right people 641 00:40:47,760 --> 00:40:49,800 about this. I guess I kind of want to wrap 642 00:40:49,800 --> 00:40:52,280 up the conversation with where do you see this going? 643 00:40:52,280 --> 00:40:54,120 Because you've talked about the different eras and being in the 644 00:40:54,120 --> 00:40:56,840 API era. What do you see as like the next 645 00:40:56,840 --> 00:41:00,280 era and like the next challenges that we need to be thinking 646 00:41:00,280 --> 00:41:03,080 about? And how do you see P0 kind of 647 00:41:03,320 --> 00:41:05,280 staying with it, right? Because you don't want to get 648 00:41:05,280 --> 00:41:08,280 left behind, as we've seen with some of the other eras. 649 00:41:09,160 --> 00:41:11,560 Yeah, look, we're, it's, this is an easy one, right? 650 00:41:11,560 --> 00:41:13,880 We are in the age of AI agents, right? 651 00:41:13,880 --> 00:41:16,600 Or we are very soon, depending on who you ask. 652 00:41:16,760 --> 00:41:21,160 We are at the doorstep of the the age of AI agents. 653 00:41:21,520 --> 00:41:26,640 And, and what this means is that very soon, once a lot of these 654 00:41:27,120 --> 00:41:32,400 agents are in production, you know, 9099% of the organizations 655 00:41:32,400 --> 00:41:34,680 that I've spoken to, they're still playing around with 656 00:41:34,680 --> 00:41:36,440 agents. They haven't been productionized 657 00:41:36,440 --> 00:41:38,920 just yet, but it's only a matter of time, right? 658 00:41:38,920 --> 00:41:42,800 So I think the next evolution of Pam would be the agent LED Pam 659 00:41:43,160 --> 00:41:46,360 for the lack of a better word, where the same problems. 660 00:41:46,360 --> 00:41:49,240 By the way. Again, the core focus of Pam 661 00:41:49,280 --> 00:41:51,240 hasn't really changed for the last 30 years. 662 00:41:51,400 --> 00:41:54,080 It's still make sure every acts, I, I. 663 00:41:54,080 --> 00:41:56,920 I hate to sound like a broken record but that is what it is. 664 00:41:57,240 --> 00:42:00,520 Every access needs to be least privileged, every access needs 665 00:42:00,520 --> 00:42:04,440 to be short lived, every access needs to be auditable and every 666 00:42:04,440 --> 00:42:09,480 access needs to be not using static keys and credentials. 667 00:42:09,480 --> 00:42:13,000 Right. The same 4 problems need to be 668 00:42:13,000 --> 00:42:19,320 solved for agents, right? And and it will just make for a 669 00:42:19,360 --> 00:42:22,880 product with slightly different form factor, slightly different 670 00:42:22,880 --> 00:42:26,840 assumptions based on how agents get operationalized in practice. 671 00:42:27,120 --> 00:42:35,040 But again, the Gen. 4 I'm pretty sure would be the agent LED Pam 672 00:42:36,280 --> 00:42:38,520 solving. The same for, you know, 3 or 4 673 00:42:38,520 --> 00:42:42,240 problems for an entirely new class of of of identities. 674 00:42:43,120 --> 00:42:44,960 It sounds a little bit kind of like The Matrix where we've got 675 00:42:44,960 --> 00:42:47,560 a bunch of agents talking to each other and figuring out what 676 00:42:47,560 --> 00:42:48,640 they should and shouldn't be doing. 677 00:42:48,640 --> 00:42:51,480 And, you know, I've kind of sent us a four in previous episodes. 678 00:42:51,480 --> 00:42:53,760 It's like, all right, you agents, you figure it out and 679 00:42:53,760 --> 00:42:56,640 let me know what you decide. Just kind of take care of for 680 00:42:56,640 --> 00:42:58,120 me. Yeah, absolutely. 681 00:42:58,120 --> 00:43:00,400 I mean, that's, that's, that's a, that's a good way of putting 682 00:43:00,400 --> 00:43:02,400 it, right? I mean, it's and, and, and the 683 00:43:02,400 --> 00:43:05,080 use cases, the tangible use cases are actually very easy to 684 00:43:05,080 --> 00:43:08,880 think about. So like for example, right, if 685 00:43:08,880 --> 00:43:12,320 you, if you're using a coding agent, you, you want to make 686 00:43:12,320 --> 00:43:18,720 sure that whatever agent you're using cursor or or or broad or, 687 00:43:18,720 --> 00:43:21,880 or something else, you want to make sure that a they have 688 00:43:22,240 --> 00:43:23,880 access. If they're talking to GitHub, 689 00:43:23,880 --> 00:43:25,640 for example, right? You want to make sure that these 690 00:43:25,640 --> 00:43:29,360 agentic identities are not using personal access tokens or 691 00:43:29,680 --> 00:43:36,280 they're using some, if they are authenticated via Oauth using an 692 00:43:36,280 --> 00:43:39,840 MCP in the middle, you want to make sure that you know the, 693 00:43:40,000 --> 00:43:42,760 the, the, the tokens that they're using are, are going 694 00:43:43,720 --> 00:43:45,960 they are, they are not static. They are not long lived. 695 00:43:45,960 --> 00:43:48,160 They are not hard coded into the MCP, right. 696 00:43:48,160 --> 00:43:51,160 You want to make sure that their scopes to the repos that they 697 00:43:51,160 --> 00:43:55,040 are are, are accessing our least privilege. 698 00:43:55,200 --> 00:44:01,480 Nobody, no agent has, you know, write or delete access to just 699 00:44:01,480 --> 00:44:05,040 about every repo in your in your code base, right? 700 00:44:05,040 --> 00:44:08,520 So again, the the the the precise problems might sound 701 00:44:08,520 --> 00:44:10,960 different, but it's all it it all. 702 00:44:10,960 --> 00:44:13,480 Rhymes with what has happened in the best. 703 00:44:14,560 --> 00:44:16,840 I feel like it's a speed problem more than anything in an 704 00:44:16,840 --> 00:44:19,400 automation thing because the use cases are the same. 705 00:44:19,400 --> 00:44:22,520 It's still even if it's not a human versus a human, it's still 706 00:44:22,520 --> 00:44:24,720 onboarding, offboarding, you know, join your mover reliever. 707 00:44:24,720 --> 00:44:28,360 It just so happens that they're not humans, but the speed with 708 00:44:28,360 --> 00:44:31,040 which it has to take place with and the ephemeral nature of some 709 00:44:31,040 --> 00:44:34,480 of these, you know, micro services or API calls or agents 710 00:44:34,480 --> 00:44:36,200 that might only live for milliseconds. 711 00:44:36,560 --> 00:44:39,400 You still need the traceability and the audit logs to show that, 712 00:44:39,400 --> 00:44:42,920 Oh yeah, this agent did exist. It did these things and these 713 00:44:42,920 --> 00:44:44,600 three milliseconds, and then it went away. 714 00:44:45,240 --> 00:44:46,120 Right? All that kind of stuff. 715 00:44:46,680 --> 00:44:50,320 Yeah. So this has been a really fun 716 00:44:50,320 --> 00:44:51,920 conversation. I'm glad you were able to join 717 00:44:51,920 --> 00:44:55,440 us. I have to say, I'm going to 718 00:44:55,440 --> 00:44:58,880 assume you do more than just, you know, solving identity 719 00:44:58,880 --> 00:45:00,920 challenges. What do you do like outside of, 720 00:45:01,200 --> 00:45:05,320 you know, being in the nerdery, you know, with us talking MCP 721 00:45:05,320 --> 00:45:08,960 and Pam and agents and all that other stuff, like what do you do 722 00:45:08,960 --> 00:45:12,760 for fun to unwind? I spent time with the family 723 00:45:12,880 --> 00:45:15,440 first and foremost. I have an 8 year old. 724 00:45:16,000 --> 00:45:18,920 I played tennis with him. Earlier, I used to play tennis 725 00:45:18,920 --> 00:45:20,560 by myself. These days, increasingly I 726 00:45:20,560 --> 00:45:27,480 played tennis with him. I like to stay fit as much as I 727 00:45:27,480 --> 00:45:33,480 can, by going to the gym, by swimming, by playing tennis, 728 00:45:33,480 --> 00:45:38,200 whenever, whenever time allows. And I'm trying to get back into 729 00:45:38,200 --> 00:45:41,840 a reading habit which I've not been so good at, especially 730 00:45:41,840 --> 00:45:46,040 since I started a company. Is there a specific genre of of 731 00:45:46,040 --> 00:45:47,400 reading that you like to do as a fiction? 732 00:45:47,400 --> 00:45:49,520 Non fiction? Like what are you into? 733 00:45:50,400 --> 00:45:53,360 Increasingly it's history, historical narratives. 734 00:45:53,720 --> 00:45:56,240 OK, so now you're starting to talk about Jim's language 735 00:45:56,240 --> 00:45:58,400 because he's always interested in like documentaries about 736 00:45:58,400 --> 00:46:00,800 history, working out, stuff like that. 737 00:46:01,160 --> 00:46:05,120 I I guess I'll let you 2 talk right recommendations for each 738 00:46:05,120 --> 00:46:07,560 other. Maybe, maybe, maybe the next 739 00:46:07,560 --> 00:46:12,200 time we talk, I'm I'm on the road to, to South Dakota for all 740 00:46:12,200 --> 00:46:13,960 you know. I would love it. 741 00:46:14,000 --> 00:46:17,760 You'd be welcome here. Well, that's been a lot of fun, 742 00:46:18,640 --> 00:46:19,960 Jim. Like what would you give like 743 00:46:19,960 --> 00:46:22,200 some suggestion for Shashwat to read? 744 00:46:22,200 --> 00:46:24,000 I know you're big into like documentaries and stuff like 745 00:46:24,000 --> 00:46:27,520 that. I don't read, so I, you know, I 746 00:46:27,520 --> 00:46:31,040 have YouTube Premium because they can't stand the commercials 747 00:46:31,400 --> 00:46:34,920 and it's just unbelievable with the amount of historical 748 00:46:34,920 --> 00:46:37,440 documentaries. And now what I'm seeing is a new 749 00:46:37,440 --> 00:46:42,960 genre is that there are content creators who take a period in 750 00:46:42,960 --> 00:46:49,440 time and build a day in the life of story and they'll pick a a 751 00:46:50,280 --> 00:46:54,400 fictitious figure who lived in that place at that time, like 752 00:46:54,680 --> 00:47:01,080 New York City in 1882. And you just watch like, and I'm 753 00:47:01,080 --> 00:47:03,800 talking like an hour long documentary. 754 00:47:04,200 --> 00:47:05,960 I watch. I love those, I love those. 755 00:47:06,480 --> 00:47:09,680 I can't believe like there are people out there and I know it's 756 00:47:09,880 --> 00:47:11,720 when I say it's like an independent creator. 757 00:47:11,720 --> 00:47:14,680 I don't know what his whole corporate structure is, but 758 00:47:15,000 --> 00:47:19,000 there's one guy, because I saw several videos where he's the 759 00:47:19,000 --> 00:47:22,480 fictitious character, he's the actor in all these different 760 00:47:22,480 --> 00:47:25,760 videos. And I'm like, this is the 761 00:47:25,760 --> 00:47:29,240 future. It's people kind of saying, hey, 762 00:47:29,240 --> 00:47:32,960 this is what I want to create. I can be an artist now and put 763 00:47:32,960 --> 00:47:37,560 together something because all of the materials that are 764 00:47:37,560 --> 00:47:40,880 neither commercially available, there's AI to help me create 765 00:47:40,880 --> 00:47:45,960 backgrounds and create videos, etcetera, etcetera, and put that 766 00:47:45,960 --> 00:47:47,920 up and then other people can enjoy it. 767 00:47:48,800 --> 00:47:50,600 That's what I love about technology. 768 00:47:50,800 --> 00:47:53,240 We talk about like the bad parts of technology. 769 00:47:53,240 --> 00:47:56,480 Yeah, they're there, but there's so much good that can come from 770 00:47:56,480 --> 00:47:59,120 it. Just what do you know what Jim's 771 00:47:59,120 --> 00:48:00,960 talking about with this day? And I think because I've never 772 00:48:00,960 --> 00:48:03,760 heard of this, it sounds, it sounds kind of interesting, but 773 00:48:03,760 --> 00:48:05,280 I'm, I don't know what to think about it. 774 00:48:05,920 --> 00:48:07,480 No, it sounds, it sounds interesting. 775 00:48:08,080 --> 00:48:11,840 I'm not too big into into YouTube videos. 776 00:48:11,840 --> 00:48:15,640 I do not have YouTube Premium, just for the record, but it's 777 00:48:15,640 --> 00:48:17,440 it's, it definitely sounds very interesting. 778 00:48:18,160 --> 00:48:20,000 Well, you're, you're in the minority here. 779 00:48:20,000 --> 00:48:21,400 I think Jim and I are both YouTube Premium. 780 00:48:21,400 --> 00:48:24,040 I, it's on quite a bit for me and I think it's such an 781 00:48:24,040 --> 00:48:26,760 interesting thing. I think, you know, if I'm going 782 00:48:26,760 --> 00:48:29,880 to lay a, a, a day in the life gym, I want to like, have some 783 00:48:29,880 --> 00:48:32,360 fantasy around it, like Game of Thrones, right? 784 00:48:32,360 --> 00:48:34,760 Or I don't know, the Matrix, right? 785 00:48:34,760 --> 00:48:36,360 Things like that. I want to like have a good 786 00:48:36,360 --> 00:48:41,720 story, you know, and, and 'cause I, I mean, you're going to have 787 00:48:41,720 --> 00:48:44,320 to fill me in on this at some point because I can't imagine 788 00:48:44,320 --> 00:48:47,200 that there are that many interesting lives of like 789 00:48:47,200 --> 00:48:50,240 normal, like people. If that makes. 790 00:48:50,240 --> 00:48:53,440 Sense these are fictitious lives, the person's making them 791 00:48:53,440 --> 00:48:55,600 up and then they make a video, right? 792 00:48:55,640 --> 00:48:57,480 I'll, I'll send you a few of them, OK? 793 00:48:57,680 --> 00:49:01,400 I mean, 'cause I'm, I'm thinking of like the most dry video ever 794 00:49:01,400 --> 00:49:04,080 where it's like, oh, I woke up today and then I went and did 795 00:49:04,080 --> 00:49:06,800 laundry. Then I, you know, sat at my 796 00:49:06,840 --> 00:49:08,440 computer all day and did nothing. 797 00:49:08,440 --> 00:49:11,240 Or, you know, I went and farmed or something like that. 798 00:49:11,240 --> 00:49:13,160 I'm like, I'm sure there's a market for it, but I I'm. 799 00:49:13,200 --> 00:49:17,160 Just so there's a day in the life of this guy in 1882. 800 00:49:17,160 --> 00:49:22,160 He was in New York City. He was a German immigrant, and 801 00:49:22,160 --> 00:49:26,000 his girlfriend came over and some pickpocket, like, dropped 802 00:49:26,000 --> 00:49:30,400 something in her bag. And then she pulls it out of the 803 00:49:30,400 --> 00:49:33,000 bag. The police see her, they arrest 804 00:49:33,000 --> 00:49:34,880 her. Now he's like, trying to figure 805 00:49:34,880 --> 00:49:39,000 out how to get her out of jail. Like, there's a whole little 806 00:49:39,000 --> 00:49:42,080 drama behind it. So it's kind of a good story. 807 00:49:42,320 --> 00:49:46,560 Will acted and I mean, it seems like there's a little more to it 808 00:49:46,560 --> 00:49:51,920 than a one person, you know thing, but it's pretty 809 00:49:51,920 --> 00:49:54,880 incredible that it's out there. It's just free content. 810 00:49:55,440 --> 00:49:58,240 I'll have to check it out. I think you know every, my 811 00:49:58,240 --> 00:50:00,720 position is everybody at this point is a content creator. 812 00:50:00,720 --> 00:50:03,360 It's just do people want to consume that content? 813 00:50:04,200 --> 00:50:05,960 That's right. We're on camera somewhere. 814 00:50:05,960 --> 00:50:08,400 So all right. Well, this has been a just a 815 00:50:08,400 --> 00:50:10,480 really fun conversation. Joshua, thank you so much for 816 00:50:10,480 --> 00:50:12,720 being with us. Any final thoughts that you want 817 00:50:12,720 --> 00:50:15,800 to get out there for the the folks who are listening and or 818 00:50:15,800 --> 00:50:19,880 watching? Access is our probably 0, so if 819 00:50:19,880 --> 00:50:26,080 you have any any challenges managing privileged access to 820 00:50:26,640 --> 00:50:31,640 cloud, native or hybrid environments, please come talk 821 00:50:31,640 --> 00:50:32,920 to us. We'll be happy to help. 822 00:50:33,640 --> 00:50:37,000 I love that tackling access is our priority Zero that that's 823 00:50:37,000 --> 00:50:39,880 something that resonates with a lot of IT people around the 824 00:50:39,880 --> 00:50:41,320 world. So good one there. 825 00:50:41,320 --> 00:50:45,680 So be sure to visit the website P0 dot dev slash IDAC. 826 00:50:45,720 --> 00:50:47,280 There'll be a bunch of information that you can kind of 827 00:50:47,280 --> 00:50:49,840 check out and learn more about what you guys are doing. 828 00:50:49,840 --> 00:50:51,360 So thank you again for being with us. 829 00:50:52,280 --> 00:50:55,560 For those listening, keep on a liking, subscribing, sharing 830 00:50:55,560 --> 00:50:57,120 with friends, enemies doesn't matter. 831 00:50:57,120 --> 00:50:58,600 As long as they're listening, that's all that matters. 832 00:50:58,920 --> 00:51:01,440 So check us out on the web idacpodcast.com. 833 00:51:01,520 --> 00:51:03,000 And with that, we'll leave it for this week. 834 00:51:03,440 --> 00:51:05,880 Thanks everybody for watching and or listening and we'll talk 835 00:51:05,880 --> 00:51:10,600 with you all in the next one. You've been listening to 836 00:51:10,600 --> 00:51:14,520 Identity at the Center. We hope you've enjoyed the show. 837 00:51:14,720 --> 00:51:18,840 Make sure to like, rate and review, and we'll be back soon. 838 00:51:19,080 --> 00:51:21,360 But in the meantime, hit the website at 839 00:51:21,360 --> 00:51:27,720 identity@thecenter.com. See you next time on Identity at 840 00:51:27,720 --> 00:51:28,640 the Center.