1 00:00:04,960 --> 00:00:11,040 This is identity at the center. Welcome to the Identity of the 2 00:00:11,040 --> 00:00:12,680 Center podcast. I'm Jeff, and that's Jim. 3 00:00:12,680 --> 00:00:14,720 Hey, Jim. Hey, Jeff, how are you? 4 00:00:15,200 --> 00:00:19,640 Oh, not so bad yourself. Good, I got some breaking news. 5 00:00:19,880 --> 00:00:23,760 I got married on Saturday, Valentine's Day. 6 00:00:24,440 --> 00:00:27,320 So now it's Mr. and Missus McDonald. 7 00:00:27,320 --> 00:00:31,000 Denise McDonald, for those who maybe know her, she goes to, 8 00:00:31,120 --> 00:00:35,640 she's gone to a lot of conferences with me and you over 9 00:00:35,640 --> 00:00:38,000 the past few years. Yeah. 10 00:00:38,120 --> 00:00:40,440 Congratulations. I knew it was happening but you 11 00:00:40,440 --> 00:00:43,680 literally like told me right before we hit record, so you 12 00:00:43,680 --> 00:00:45,560 gave me no time at all. I should. 13 00:00:45,720 --> 00:00:47,720 Now that I think about it, I shouldn't have even told you 14 00:00:47,720 --> 00:00:49,440 then. I should have just waited and 15 00:00:49,440 --> 00:00:51,680 popped it on you right now. And you. 16 00:00:51,680 --> 00:00:55,280 Because when I told you, you looked completely floored. 17 00:00:56,440 --> 00:00:58,680 I, you know, I figured it would be like sometime in the summer 18 00:00:58,680 --> 00:00:59,720 or, you know, whatever it may be. 19 00:00:59,720 --> 00:01:02,040 But yeah, no, congratulations to you and Denise. 20 00:01:02,040 --> 00:01:04,640 Like I said, you know, Denise has been visible, I think a lot 21 00:01:04,640 --> 00:01:06,440 of the conference we've been to kind of recently and over the 22 00:01:06,440 --> 00:01:09,040 last couple years. So yeah, punching way above 23 00:01:09,040 --> 00:01:10,760 your. You're punching way above your 24 00:01:10,760 --> 00:01:13,840 weight class, Sir. Yeah, well, that's for sure. 25 00:01:13,880 --> 00:01:17,400 That's for sure. But yeah, it's exciting stuff, 26 00:01:17,400 --> 00:01:19,120 man. I'm really happy. 27 00:01:19,720 --> 00:01:21,080 That's good. That's the whole point of it. 28 00:01:22,280 --> 00:01:25,160 I want to ask you a question because we had, I had a LinkedIn 29 00:01:25,160 --> 00:01:26,920 post, I think the other day, I think it might have been our 30 00:01:26,920 --> 00:01:30,600 400th episode 1. And you posted how are you? 31 00:01:30,800 --> 00:01:33,600 Hey, Jeff, how are you? And I'm wondering if it was a 32 00:01:33,600 --> 00:01:35,800 subtle nod to how we intro almost every show. 33 00:01:35,800 --> 00:01:38,520 Or you say how are you and I say not so bad yourself. 34 00:01:39,440 --> 00:01:41,440 Exactly. That's exactly what it was. 35 00:01:41,840 --> 00:01:44,240 You did get it. And I was actually thinking, I 36 00:01:44,240 --> 00:01:47,880 was going to say for the 400 and first time, hey, Jeff, how are 37 00:01:47,880 --> 00:01:49,680 you? But then I was thinking, well, 38 00:01:49,680 --> 00:01:52,840 there were probably about 10 episodes that I wasn't on. 39 00:01:52,840 --> 00:01:56,000 So anyway, I just went with that. 40 00:01:56,000 --> 00:01:58,160 I'm glad you got the subtle, subtle hint. 41 00:01:58,480 --> 00:02:00,600 It took me a a day or two. I was like, is that what I think 42 00:02:00,600 --> 00:02:03,480 it was? I'm like, is Jim that clever? 43 00:02:05,720 --> 00:02:08,080 Yeah, and. I and, and we got it. 44 00:02:08,080 --> 00:02:10,919 So no. Well, congratulations, that's 45 00:02:10,919 --> 00:02:13,800 great to you. And Denise, what else we got 46 00:02:13,800 --> 00:02:15,320 going on in the world. We got a bunch of conferences 47 00:02:15,320 --> 00:02:16,280 that we're going to be hitting up here. 48 00:02:16,280 --> 00:02:18,600 I think it's March by the time people listen to this. 49 00:02:18,600 --> 00:02:21,240 We've got EIC and Berlin coming up. 50 00:02:21,240 --> 00:02:23,800 So we've got discount code for that on our website, 51 00:02:23,800 --> 00:02:25,880 idacpodcast.com. Just Scroll down. 52 00:02:25,880 --> 00:02:27,000 I've got a discount code for that. 53 00:02:27,680 --> 00:02:29,640 What else? We got ideniverse in June, just 54 00:02:29,640 --> 00:02:34,040 a couple weeks after that. Tip for both of those if you 55 00:02:34,040 --> 00:02:38,920 think you're going to go to the conference, well, especially at 56 00:02:38,920 --> 00:02:42,600 Ideniverse, right? Because hotel cancellation rules 57 00:02:42,600 --> 00:02:47,600 are usually pretty LAX in the US is book your hotel, especially 58 00:02:47,600 --> 00:02:50,640 if you can do it without a cancellation fee. 59 00:02:51,120 --> 00:02:54,480 Because they're so often that we're at the conference maybe 60 00:02:54,480 --> 00:02:58,440 with our close compatriots who knew they were going to go to 61 00:02:58,440 --> 00:03:00,120 the conference. And they're like, yeah, I'm 62 00:03:00,120 --> 00:03:03,520 staying like 10 properties over. This place was sold out. 63 00:03:03,520 --> 00:03:06,560 And you're just like, how does that keep happening to you, man? 64 00:03:07,360 --> 00:03:11,240 That is the pro conference attendee move is to make sure 65 00:03:11,240 --> 00:03:14,320 you stay at the hotel of the conference. 66 00:03:14,880 --> 00:03:18,360 Or if you don't want to be seen with anybody after the 67 00:03:18,360 --> 00:03:20,960 conference, then don't stay at the conference hotel. 68 00:03:21,040 --> 00:03:22,760 Stay far away. You know, whatever that looks 69 00:03:22,760 --> 00:03:25,960 like depending on your persona and your style and however that 70 00:03:25,960 --> 00:03:27,160 one is. But you know. 71 00:03:27,480 --> 00:03:30,320 Be strategic about it, yeah. For this, I think it just makes 72 00:03:30,320 --> 00:03:31,480 sense. Less walking. 73 00:03:31,640 --> 00:03:34,200 You know, I know lots of people, myself included, have like ended 74 00:03:34,200 --> 00:03:37,040 up staying at the Luxor and then having to walk to Mandalay. 75 00:03:37,040 --> 00:03:40,080 And that's, that's legit like a mile walk every day. 76 00:03:40,360 --> 00:03:43,960 It's air condition but if you are like outside and having to 77 00:03:43,960 --> 00:03:48,520 walk in June in Vegas, it could easily be 100°. 78 00:03:48,720 --> 00:03:52,240 Yeah I wouldn't recommend. No, if you are carrying a heavy 79 00:03:52,240 --> 00:03:57,520 bag or God forbid you put a like a Sport coat on or something. 80 00:03:57,520 --> 00:03:59,720 You know, stuff like that. Not fun. 81 00:04:00,080 --> 00:04:02,160 Yeah, no. So stay at the hotel, book 82 00:04:02,160 --> 00:04:04,520 early, book often, go for the cancellation. 83 00:04:05,480 --> 00:04:09,600 I booked my Ideniverse hotel I think in like January and it was 84 00:04:09,600 --> 00:04:12,040 like straight through Mandalay and I got to tell you my rate is 85 00:04:12,040 --> 00:04:14,200 way cheaper than what the what the rate. 86 00:04:14,240 --> 00:04:19,120 Was I, I use the the room block that the Cyberisk Alliance had 87 00:04:19,399 --> 00:04:22,320 and I think it was like 178 tonight. 88 00:04:22,320 --> 00:04:25,280 So you can't say you haven't been warned, right? 89 00:04:25,440 --> 00:04:29,960 Get out there, book the room. Hopefully you have the approval 90 00:04:29,960 --> 00:04:32,320 already. Use the discount code that we 91 00:04:32,320 --> 00:04:36,400 have on idacpodcast.com. Yeah, save some money and show 92 00:04:36,400 --> 00:04:38,120 some support for the show. So there you go. 93 00:04:38,120 --> 00:04:40,840 You do that for EIC, do that for Ideniverse. 94 00:04:42,000 --> 00:04:44,280 If there's other events, let us know what you're looking at 95 00:04:44,280 --> 00:04:45,640 attending. And who knows, maybe Jim and I 96 00:04:45,640 --> 00:04:48,200 can pull some strings and get some discount codes for those as 97 00:04:48,200 --> 00:04:50,440 well. That's our goal. 98 00:04:51,200 --> 00:04:53,960 All right, let's talk about our main topic for today, which is 99 00:04:53,960 --> 00:04:57,720 the RSM 2026 Attack Vectors report. 100 00:04:58,080 --> 00:05:01,000 We don't typically we'll get into like a lot of RSM stuff on 101 00:05:01,000 --> 00:05:03,880 this show because we don't want it to turn like a commercial for 102 00:05:03,880 --> 00:05:05,320 RSM. And ours is very generous. 103 00:05:05,320 --> 00:05:07,680 This is for a lot of people don't know, it's like we do not 104 00:05:07,680 --> 00:05:09,640 do the podcast full time. This is nights and weekends. 105 00:05:09,680 --> 00:05:12,520 RSM is our employer. You and I are identity 106 00:05:12,520 --> 00:05:14,960 consultants by day. Been doing that for almost a 107 00:05:14,960 --> 00:05:18,280 decade together the last few years, you know, here with RSM. 108 00:05:18,280 --> 00:05:22,040 So we have this report that has just come out. 109 00:05:22,080 --> 00:05:23,480 It's called the Attack Vectors report. 110 00:05:23,520 --> 00:05:25,920 And we've got the person really kind of in charge of all that, 111 00:05:25,920 --> 00:05:28,760 David Lawrence. He's the principal with RSM or a 112 00:05:28,760 --> 00:05:29,960 principal with RSM, I should say. 113 00:05:30,320 --> 00:05:32,160 So let's get him on the show. Welcome to the show, David. 114 00:05:33,080 --> 00:05:34,600 Hey, thank you. Thank you for having me. 115 00:05:35,560 --> 00:05:38,840 So I've known you for almost 4 years because I'm coming up on 116 00:05:38,840 --> 00:05:41,680 four years with RSM and you know, we've kind of worked in 117 00:05:41,680 --> 00:05:45,000 the same circles. You've moved to other areas 118 00:05:45,040 --> 00:05:48,320 where this attack vendors report is of, you know, probably a key 119 00:05:48,320 --> 00:05:50,760 component of that. But before we get into the 120 00:05:50,760 --> 00:05:53,960 report, before we get into all that stuff, I always like to 121 00:05:53,960 --> 00:05:56,800 find out histories, backstories, origin stories. 122 00:05:57,520 --> 00:06:01,600 How did you get into the world of cybersecurity and is it 123 00:06:01,600 --> 00:06:03,920 something that you chose or did it choose you? 124 00:06:04,480 --> 00:06:06,840 Well, I think it kind of kills me. 125 00:06:07,720 --> 00:06:11,600 I mean, in high school, I had a pretty active, I guess, group of 126 00:06:11,600 --> 00:06:13,640 people that I used to hang out with. 127 00:06:14,280 --> 00:06:17,960 And whenever we went into computer lab, I mean, we just 128 00:06:17,960 --> 00:06:19,360 started playing with different things. 129 00:06:19,360 --> 00:06:23,680 And at that time, back in the 1990s, there was this thing that 130 00:06:23,680 --> 00:06:29,360 we was called Netbus, basically like a root, a rootkit Trojan 131 00:06:29,360 --> 00:06:33,440 type of thing. So I guess I'm accepting that 132 00:06:33,720 --> 00:06:36,680 between my friends and I, basically we installed netbooks 133 00:06:36,720 --> 00:06:39,240 across all the computer lab computers. 134 00:06:39,960 --> 00:06:43,480 And one of the things that this thing could do is just allow you 135 00:06:43,480 --> 00:06:48,000 to open the CD-ROM or close the turn on the TV, the monitor or, 136 00:06:48,000 --> 00:06:52,200 or just turn it off make sounds like modify the way that the 137 00:06:52,200 --> 00:06:55,760 computer was was working from another computer, right. 138 00:06:56,040 --> 00:06:58,160 So it was really cool to see all your friends. 139 00:06:58,760 --> 00:07:01,040 What I mean, basically doing whatever in their computer and 140 00:07:01,040 --> 00:07:04,440 then all of a sudden you're open the CD-ROM and then they will 141 00:07:04,520 --> 00:07:06,920 they will be surprised about it and then you'll be able to close 142 00:07:06,920 --> 00:07:08,600 it again or just turn off the computer. 143 00:07:08,960 --> 00:07:11,560 So it would be just chaos overall, having a good time. 144 00:07:11,600 --> 00:07:14,160 That was one of the things that basically piqued my interest and 145 00:07:14,160 --> 00:07:17,560 I was just like, I want to know how this works and what is the 146 00:07:17,560 --> 00:07:21,120 back end to follow this? And that's how I got interested 147 00:07:21,120 --> 00:07:24,000 into cybersecurity. And the second thing that got me 148 00:07:24,000 --> 00:07:28,320 interested into cybersecurity was in the same computer lab. 149 00:07:28,320 --> 00:07:31,320 That was the time where everybody was going into, I 150 00:07:31,320 --> 00:07:34,760 mean, opening e-mail accounts. And I mean, the first few times 151 00:07:34,760 --> 00:07:39,000 where you would communicate with your teacher through e-mail. 152 00:07:39,560 --> 00:07:43,080 And at some point I logged in into my e-mail and I didn't 153 00:07:43,080 --> 00:07:46,720 notice this, but my e-mail was compromised or hacked by someone 154 00:07:46,720 --> 00:07:49,760 else. And I didn't know better to to 155 00:07:49,760 --> 00:07:51,840 understand that. I mean, obviously if we 156 00:07:51,840 --> 00:07:56,120 installed netbooks on computers all across the computer labs, it 157 00:07:56,160 --> 00:07:58,920 was probably not a great idea to log into your e-mail and just 158 00:07:58,920 --> 00:08:00,920 just look at your e-mail in the same computer. 159 00:08:00,920 --> 00:08:02,920 But I didn't know any better, right? 160 00:08:02,920 --> 00:08:07,880 So my e-mail got compromised and someone I never learned who took 161 00:08:07,880 --> 00:08:12,120 my e-mail and sent a really nasty e-mail to a teacher in 162 00:08:12,120 --> 00:08:15,840 that school. And I almost got spell at that 163 00:08:15,840 --> 00:08:20,400 point. And I remember spending two days 164 00:08:20,840 --> 00:08:24,440 just trying to find ways to prove that it was, it hadn't 165 00:08:24,440 --> 00:08:29,040 been me and that in all honesty, it had been someone else to the 166 00:08:29,040 --> 00:08:32,360 point that the principal told me, if you're able to show me 167 00:08:32,360 --> 00:08:36,360 that it wasn't you, then I'll, I'll reconsider the, the, the 168 00:08:36,360 --> 00:08:38,840 punishment. And that's how I got into 169 00:08:38,840 --> 00:08:40,799 cybersecurity. I started doing forensics 170 00:08:40,799 --> 00:08:43,600 investigations in a lot of computers that were compromised, 171 00:08:43,600 --> 00:08:47,600 trying to find a way to clear my name in front of a teacher. 172 00:08:47,600 --> 00:08:49,520 And then from that point forward, I was just like, this 173 00:08:49,520 --> 00:08:53,640 is never happening to me again. I mean, I could go into a 174 00:08:53,640 --> 00:08:55,440 computer and I'd better know what I do. 175 00:08:56,160 --> 00:08:58,040 I'll never get compromised. And I'm sure that I got 176 00:08:58,040 --> 00:09:01,280 compromised, and I mean a few other times, but I've never, 177 00:09:01,280 --> 00:09:04,760 least not to the extent that I was compromised on that day. 178 00:09:05,240 --> 00:09:06,960 So that's what got me into computer. 179 00:09:06,960 --> 00:09:10,960 And then really from that point forward, it was all about trying 180 00:09:10,960 --> 00:09:14,480 to get into computers, trying to hack computers and try to teach 181 00:09:14,480 --> 00:09:16,560 people how to not get hacked, to be honest. 182 00:09:17,440 --> 00:09:21,480 So you got into this because of poor digital identity security? 183 00:09:21,520 --> 00:09:24,720 Oh, absolutely. Pure, like, yeah, absolutely. 184 00:09:25,040 --> 00:09:27,480 Like everybody was using the same username and password in 185 00:09:27,480 --> 00:09:31,080 the computer lab, right? So just from starters, that was 186 00:09:31,080 --> 00:09:33,040 an issue, right? And that's why we could 187 00:09:33,040 --> 00:09:37,080 basically start this Netbus product into all these different 188 00:09:37,080 --> 00:09:39,920 computers. And then second, I remember that 189 00:09:39,920 --> 00:09:42,880 my password back in the day wasn't as strong, even though 190 00:09:43,400 --> 00:09:45,800 there was a key logger into Netbus as well, so they could 191 00:09:45,800 --> 00:09:49,560 read my passwords. But that was the reason for sure 192 00:09:49,880 --> 00:09:54,400 why I got into cybersecurity. So I introduced you as a 193 00:09:54,440 --> 00:09:57,360 principal with RSM. People may not be familiar with 194 00:09:57,360 --> 00:09:59,840 consulting terminology, but maybe briefly explain what a 195 00:09:59,840 --> 00:10:02,920 principle is and then your specific role with RSM because 196 00:10:02,920 --> 00:10:04,840 it's changed a couple times over the years that I've known you. 197 00:10:04,840 --> 00:10:07,560 But I think what you're doing now is really kind of the sets 198 00:10:07,560 --> 00:10:10,000 the table for the topic today. Yeah, I think that what a 199 00:10:10,000 --> 00:10:13,680 principle is in RSMI would say is just a partner without a CPAI 200 00:10:13,680 --> 00:10:16,520 mean someone that is part of, I mean the leadership of the 201 00:10:16,560 --> 00:10:20,040 company and is helping the company to, I mean, going the 202 00:10:20,040 --> 00:10:22,400 direction that the company wants to go from a strategy 203 00:10:22,400 --> 00:10:25,440 perspective. And I think the CPA firms 204 00:10:25,440 --> 00:10:28,920 distinguish between someone that has ACPA and someone that 205 00:10:28,920 --> 00:10:32,840 doesn't and they decide to call the whoever doesn't have a CPAA 206 00:10:32,840 --> 00:10:35,000 principal. So that's what a principle is. 207 00:10:35,840 --> 00:10:40,000 And then my role in RSM today, I lead the offensive security team 208 00:10:40,000 --> 00:10:42,280 and the cyber response team in RSM. 209 00:10:42,280 --> 00:10:48,000 And I'm also the product creator or owner of RSM Atlas, which is 210 00:10:48,440 --> 00:10:53,280 an, I guess, a, a tool, AI enabled tool that helps a lot of 211 00:10:53,280 --> 00:10:56,560 companies just to rationalize their controls and make sure 212 00:10:56,560 --> 00:10:58,720 that they have the right information in their GRC tools. 213 00:10:58,720 --> 00:11:03,200 So a lot of hats I guess, but mostly offensive security and 214 00:11:03,200 --> 00:11:06,200 leading the offensive security in RSM and globally as well. 215 00:11:06,880 --> 00:11:09,200 Well, Jim and I, you know, joke an awful lot that this is the 216 00:11:09,200 --> 00:11:11,240 show sometimes turns into AI at the center. 217 00:11:11,640 --> 00:11:14,480 And we'll probably want to have a separate conversation around, 218 00:11:14,480 --> 00:11:16,200 you know, Atlas and kind of what that does. 219 00:11:16,200 --> 00:11:20,000 But let's focus on on, you know, the offensive side of things and 220 00:11:20,000 --> 00:11:24,800 this report, so it's called the 2026 RSM attack vectors report. 221 00:11:25,240 --> 00:11:28,200 What is it? How does it get generated and 222 00:11:28,200 --> 00:11:30,640 maybe kind of take us to the background of it before we start 223 00:11:30,640 --> 00:11:31,920 talking about what what it entails. 224 00:11:31,920 --> 00:11:34,600 So. This is a report that we 225 00:11:34,600 --> 00:11:39,440 published every year for the last, I think four to five 226 00:11:39,440 --> 00:11:40,720 years. And the reason why we started 227 00:11:40,720 --> 00:11:45,040 doing this report is because we have obviously a number of 228 00:11:45,040 --> 00:11:48,600 engagements on the offensive security side with different 229 00:11:48,600 --> 00:11:52,240 clients and we have identified a number of trends every single 230 00:11:52,240 --> 00:11:55,160 year, right. For example, two years ago, you 231 00:11:55,160 --> 00:11:57,560 could see that companies were going into cloud and they were 232 00:11:57,560 --> 00:11:59,960 heavy on cloud and you could see a lot of the identity and access 233 00:11:59,960 --> 00:12:03,640 management components focusing on on cloud heavy 234 00:12:03,640 --> 00:12:07,480 implementations. And, and one of the things that 235 00:12:07,480 --> 00:12:11,440 we're trying to do is just still share what we expect companies 236 00:12:11,440 --> 00:12:14,720 to do from a technical point of view to protect themselves 237 00:12:14,720 --> 00:12:18,600 against, I mean, any attacker or any hacker that is using the 238 00:12:18,600 --> 00:12:21,480 most common techniques, right, like the low hanging fluids that 239 00:12:21,480 --> 00:12:23,080 you see out there. And one of the things that I was 240 00:12:23,080 --> 00:12:27,440 discussing with Jim the other the other day was that it's, 241 00:12:27,440 --> 00:12:31,480 it's funny how when you're doing offensive security, you hear a 242 00:12:31,480 --> 00:12:34,240 lot of cybersecurity practitioners talk about all 243 00:12:34,240 --> 00:12:38,280 their own perspective, I guess, topics and themes. 244 00:12:38,760 --> 00:12:41,320 But it, it does feel that sometimes offensive security 245 00:12:41,320 --> 00:12:45,640 just lives in a different world 'cause we see things that most 246 00:12:46,440 --> 00:12:50,240 other consultants, professionals don't really focus on because 247 00:12:50,240 --> 00:12:54,040 we're really, I guess going one step further into the technical 248 00:12:54,040 --> 00:12:58,400 aspect of things, right, Of just techniques, I would say. 249 00:12:58,680 --> 00:13:02,040 So the, the report itself, what it's trying to do is just create 250 00:13:02,120 --> 00:13:07,680 some big themes that people can take and then just leverage 251 00:13:07,680 --> 00:13:10,800 those, those themes to implement recommendations into their own 252 00:13:10,800 --> 00:13:14,360 environment without really trying to go through the whole 253 00:13:14,360 --> 00:13:18,120 effort of doing an offensive security test in their whole 254 00:13:18,120 --> 00:13:18,800 environment. Right. 255 00:13:18,800 --> 00:13:22,600 And it gives you specific recommendations on how you can 256 00:13:22,600 --> 00:13:26,240 implement identity and access management in your environment. 257 00:13:26,240 --> 00:13:29,520 The specific challenges that we see in each of these companies 258 00:13:29,520 --> 00:13:33,720 that we test in general levels, configuration management, 259 00:13:33,720 --> 00:13:35,520 vulnerability management and so on. 260 00:13:36,480 --> 00:13:39,080 With the idea that eventually, if you go through the report and 261 00:13:39,080 --> 00:13:42,600 you take the, the key takeaways and implement them in your 262 00:13:42,600 --> 00:13:46,240 environment, you're really moving the needle forward 263 00:13:47,200 --> 00:13:49,800 honestly, in, in a better and you're, you're getting to a 264 00:13:49,800 --> 00:13:52,480 better place than your competitors in, in, in most 265 00:13:52,480 --> 00:13:54,240 cases, right. So that's the idea just to share 266 00:13:54,240 --> 00:13:56,920 with the community and allow the community to understand what is 267 00:13:56,920 --> 00:14:00,200 happening across different companies, different sizes, 268 00:14:00,560 --> 00:14:02,880 different technologies, different industries and take 269 00:14:03,400 --> 00:14:06,720 what they're were giving them back so they can get better 270 00:14:06,720 --> 00:14:11,680 without, I guess like to to to buy services from us, you know. 271 00:14:13,320 --> 00:14:17,280 So David, we're recording this episode prior to the report 272 00:14:17,280 --> 00:14:19,760 being dropped. I think it's going to drop on 273 00:14:19,760 --> 00:14:23,720 2/22. So February 22nd, this episode 274 00:14:23,720 --> 00:14:29,040 is going to drop on March 2nd. We'll have a download link in 275 00:14:29,040 --> 00:14:31,040 the show notes. We don't have that link to 276 00:14:31,400 --> 00:14:35,560 verbalize it today, but I'm sure if you follow us on LinkedIn, 277 00:14:35,560 --> 00:14:39,320 you're going to see us reposting this thing because it's a ton of 278 00:14:39,320 --> 00:14:42,680 value. I got to review kind of a 279 00:14:42,840 --> 00:14:47,200 preview copy of it. And no surprise here, there's 280 00:14:47,360 --> 00:14:52,320 identity security is highly mentioned within the report. 281 00:14:52,480 --> 00:14:55,000 Wonder if you could speak to that and tell us like why? 282 00:14:55,080 --> 00:14:57,320 Why do you think that is? Yeah. 283 00:14:57,360 --> 00:15:03,680 I mean, obviously identity has taken a big, a big role into 284 00:15:03,680 --> 00:15:07,120 every single organization. And I mean, especially in 2025, 285 00:15:07,120 --> 00:15:11,320 we saw a lot of companies heavily investing on, I mean, 286 00:15:11,320 --> 00:15:15,760 just application development, cloud services and on top of 287 00:15:15,760 --> 00:15:19,000 that trying to push for AI services being enabled in both 288 00:15:19,000 --> 00:15:22,160 sides, the cloud and application. 289 00:15:22,160 --> 00:15:25,640 And then with that, you need to manage your identities better, 290 00:15:25,640 --> 00:15:27,320 right? Like I think in 2024, for 291 00:15:27,320 --> 00:15:30,880 example, we saw a lot of, hey, let's just focus on client 292 00:15:30,880 --> 00:15:33,360 identities and make sure that client identities are working 293 00:15:33,360 --> 00:15:35,480 well because that's our user experience. 294 00:15:35,480 --> 00:15:40,560 In 2025, we saw a huge push, especially on the second part of 295 00:15:40,600 --> 00:15:46,440 2025 from companies to enable AI in their own applications, make 296 00:15:46,440 --> 00:15:49,640 sure that they had some sort of, I don't know, functionality or 297 00:15:49,640 --> 00:15:52,920 feature related to AI And that created, I mean, multiple 298 00:15:52,920 --> 00:15:55,800 challenges, right? I mean, now I was just 299 00:15:55,800 --> 00:15:58,160 mentioning this to Jim, like one of the things that we saw in 300 00:15:58,160 --> 00:16:01,840 many applications where we're doing our offensive test is chat 301 00:16:01,840 --> 00:16:03,520 bots, right? Like this is a thing that I 302 00:16:03,520 --> 00:16:06,160 mean, it's an easy thing to add to your application. 303 00:16:06,160 --> 00:16:08,560 So you can think about, oh, let's just embed AI into our 304 00:16:09,440 --> 00:16:11,680 day-to-day applications. And one of the things that 305 00:16:11,800 --> 00:16:14,680 companies didn't do well at the very beginning is they they were 306 00:16:14,680 --> 00:16:20,040 not taking the identity of the user and matching it with the 307 00:16:20,040 --> 00:16:23,120 chat bot, right. So if David Lauren goes in into 308 00:16:23,120 --> 00:16:26,040 the application and then he's using a chat bot, you would 309 00:16:26,040 --> 00:16:30,360 expect that chat bot to be as restricted as David when David 310 00:16:30,360 --> 00:16:33,160 is using that chat bot to extract, to get free information 311 00:16:33,160 --> 00:16:35,840 and and review. I mean different things that I 312 00:16:35,840 --> 00:16:38,280 might have access as a user into the application. 313 00:16:38,600 --> 00:16:42,000 Well, many, many companies implemented chat bots just with 314 00:16:42,120 --> 00:16:46,200 way more privileges into the data and into the application 315 00:16:46,520 --> 00:16:48,840 overall. That created I mean some of the 316 00:16:48,840 --> 00:16:52,920 attack vectors that were I mean mentioning in the attack report 317 00:16:53,040 --> 00:16:54,880 for example. Yeah, you just mentioned there 318 00:16:54,880 --> 00:16:57,520 the over privilege accounts and that's something that I think 319 00:16:57,520 --> 00:17:01,480 that's been the bane of Jeff and My's existence for the last two 320 00:17:01,480 --> 00:17:04,079 decades. But I'm kind of wondering like 321 00:17:04,079 --> 00:17:08,520 what are some of the tell tale signs differences between 322 00:17:08,920 --> 00:17:12,960 organizations that got breached within a couple of hours and 323 00:17:12,960 --> 00:17:16,640 maybe didn't even discover it to those that were able to contain 324 00:17:16,640 --> 00:17:19,319 the breach or even prevent being breached? 325 00:17:20,960 --> 00:17:24,640 So we so just to give you some context, what we have in the 326 00:17:24,640 --> 00:17:29,320 report is we have I mean just anonymized data that we analyzed 327 00:17:30,360 --> 00:17:33,640 from upper market all the way to middle market, different 328 00:17:33,640 --> 00:17:36,600 industries and then different levels of activity as well, 329 00:17:36,600 --> 00:17:38,680 right. So when you try to extrapolate 330 00:17:38,680 --> 00:17:41,720 this into what is that is working for some companies and 331 00:17:41,720 --> 00:17:44,920 what is not working for some companies, it's really difficult 332 00:17:44,920 --> 00:17:48,320 because we do have a lot of companies that I mean for some 333 00:17:48,320 --> 00:17:52,000 that are on the upper market scale is really a big challenge 334 00:17:52,000 --> 00:17:56,000 because they have such a large enterprise environment that is 335 00:17:56,000 --> 00:17:58,600 really difficult to manage. And it's not easy to just 336 00:17:58,840 --> 00:18:01,680 pinpoint one thing. And then there's other companies 337 00:18:01,680 --> 00:18:05,560 in the middle market that are, I guess smaller and they're, I 338 00:18:05,600 --> 00:18:08,920 mean, better managing security, but they're missing budgets, 339 00:18:08,920 --> 00:18:11,160 they don't have the tools and they don't know how to implement 340 00:18:11,160 --> 00:18:13,680 some of these identity things. So going back to your question, 341 00:18:14,200 --> 00:18:17,720 what are the common things that you see companies doing that I 342 00:18:17,720 --> 00:18:20,600 mean, really work? I would say the easy one, right? 343 00:18:20,600 --> 00:18:25,000 And we did, we do point out this in in the report as something 344 00:18:25,000 --> 00:18:27,680 that is not well implemented, but is the easy one that you can 345 00:18:27,680 --> 00:18:30,640 implement right away is MFA multi factor authentication. 346 00:18:31,440 --> 00:18:34,240 If you're not implementing multi factor authentication for your 347 00:18:34,240 --> 00:18:37,160 users, especially for anything that external is externally 348 00:18:37,160 --> 00:18:41,480 exposed or internally for anything that is sensitive, 349 00:18:41,480 --> 00:18:44,600 that's an issue by itself and something that is an easy path 350 00:18:44,600 --> 00:18:48,200 for attackers. The second one is privileged 351 00:18:48,320 --> 00:18:51,640 access management. I think that is becoming a big, 352 00:18:51,640 --> 00:18:55,240 big, big, big theme again. Like I think 10 years ago 353 00:18:55,840 --> 00:18:58,520 everybody was just like, let's just implement Pam for all my 354 00:18:58,520 --> 00:19:00,760 privileged users, right? And it was just like human 355 00:19:00,760 --> 00:19:04,760 identity. Nowadays I think it's getting 356 00:19:04,760 --> 00:19:08,320 back to the point where non human identities are taking 357 00:19:08,320 --> 00:19:13,360 front and center of everything, especially with AI agents and 358 00:19:13,360 --> 00:19:17,920 just applications in general. So companies that were doing 359 00:19:17,920 --> 00:19:21,560 privileged access management correctly were the other 360 00:19:21,560 --> 00:19:24,880 companies that I mean it was a hard time to compromise them. 361 00:19:24,880 --> 00:19:31,160 And then the last one, which is less related to identity from a 362 00:19:31,600 --> 00:19:34,280 point of view of what what they were doing, but is related to 363 00:19:34,280 --> 00:19:38,880 identity as an indicator or something is wrong, which is 364 00:19:38,880 --> 00:19:42,440 lateral movement. The way that you identify 365 00:19:42,440 --> 00:19:45,920 lateral movement in many organizations is by seeing the 366 00:19:45,920 --> 00:19:48,920 same user jumping from computer to computer to computer to 367 00:19:48,920 --> 00:19:54,480 computer in a way that doesn't make sense from a human 368 00:19:54,480 --> 00:19:57,000 perspective. Like you don't want to see Jeff, 369 00:19:57,000 --> 00:20:00,280 for example, going into Jim's computer and then from Jim's 370 00:20:00,280 --> 00:20:04,360 computer to David's computer, or using the same identity all 371 00:20:04,360 --> 00:20:07,160 across different computers. Because the only way that you 372 00:20:07,240 --> 00:20:09,520 would use that is coming from a server. 373 00:20:09,800 --> 00:20:11,680 If it's coming from a computer, that's a problem. 374 00:20:12,000 --> 00:20:16,200 So identifying those patterns, whether it's someone using the 375 00:20:16,200 --> 00:20:18,680 wrong identity in the wrong places, someone using. 376 00:20:19,280 --> 00:20:24,080 The I mean a privileged identity across multiple systems in in a 377 00:20:24,080 --> 00:20:27,240 matter of, I mean minutes instead of matter of hours or 378 00:20:27,240 --> 00:20:34,360 days or someone logging from, I don't know, country A without 379 00:20:34,360 --> 00:20:38,000 going into, I guess an specific country, just country A and then 380 00:20:38,040 --> 00:20:41,840 logging in from the US as well. That would be another issue, 381 00:20:41,840 --> 00:20:43,200 right? Like if you have the same login 382 00:20:43,200 --> 00:20:45,720 coming from the the two different, I guess remote 383 00:20:45,720 --> 00:20:48,360 locations or different geographical locations, that's 384 00:20:48,360 --> 00:20:50,960 an indicator that I mean immediately can tell you, you 385 00:20:50,960 --> 00:20:52,280 know what, these guys are compromised. 386 00:20:52,280 --> 00:20:54,040 So you're not, you need to be careful with that. 387 00:20:54,360 --> 00:20:56,640 So those are the three things that I would say are main 388 00:20:56,640 --> 00:20:59,080 topics. And then for the more advanced 389 00:20:59,400 --> 00:21:06,320 companies, I would say, I mean just credential rotation. 390 00:21:06,840 --> 00:21:11,520 We have faced some really cool companies that every freaking 391 00:21:11,520 --> 00:21:17,520 days, every 8 hours, they would just rotate all their privileged 392 00:21:17,520 --> 00:21:22,000 user accounts like this. So as an attacker, you would 393 00:21:22,000 --> 00:21:26,120 come in and you would compromise A privileged user account. 394 00:21:26,160 --> 00:21:28,960 And the team that I managed, they would feel really confident 395 00:21:28,960 --> 00:21:30,920 that they were really good to go, right? 396 00:21:30,920 --> 00:21:33,640 Like I have a privileged user account and I have the whole 397 00:21:33,640 --> 00:21:36,200 week to just do whatever I want in this company and then next 398 00:21:36,200 --> 00:21:40,480 day they show up and all these credentials were rotated. 399 00:21:40,800 --> 00:21:43,080 They cannot access these credentials anymore. 400 00:21:43,520 --> 00:21:46,760 And every time that they try to use that credential is creating 401 00:21:46,760 --> 00:21:49,880 a new alert or flagging something that is a problem for 402 00:21:49,880 --> 00:21:51,280 them. And then they need to restart to 403 00:21:51,280 --> 00:21:55,320 try to compromise anything. So that is what I have seen most 404 00:21:55,320 --> 00:21:58,920 companies doing. Well, it's easier said than done 405 00:21:58,920 --> 00:22:01,680 to be honest. Like it's, it's just there's a 406 00:22:01,680 --> 00:22:03,280 lot of caveats to what I just said. 407 00:22:03,280 --> 00:22:05,560 And I know that it's not not easy to implement, but those are 408 00:22:05,560 --> 00:22:08,280 the things that I would say are common themes on, on really good 409 00:22:08,280 --> 00:22:11,440 companies that that have done identity and access management 410 00:22:11,440 --> 00:22:14,200 well and security well as well. So I'm glad you put that 411 00:22:14,200 --> 00:22:16,760 asterisk towards the end because I was going to say, you know, 412 00:22:16,760 --> 00:22:21,320 secrets rotation is I think, a target that most companies want 413 00:22:21,320 --> 00:22:24,400 to get to, but not a lot do it still, relatively speaking, 414 00:22:24,520 --> 00:22:28,840 right? Well, in in again, it, it 415 00:22:28,840 --> 00:22:30,720 depends on the industry and the complexity. 416 00:22:30,720 --> 00:22:34,680 But if you think about secrets and non human entities 417 00:22:34,680 --> 00:22:39,040 specifically, you're going to have service accounts that are 418 00:22:39,040 --> 00:22:41,480 more Microsoft based. And I think those are the easy 419 00:22:41,480 --> 00:22:48,040 ones once you start going into, I mean databases, specific local 420 00:22:48,880 --> 00:22:54,080 passwords for, for servers that are not Windows based, things of 421 00:22:54,080 --> 00:22:57,360 like that are just not easy to manage in general, right. 422 00:22:57,360 --> 00:23:00,840 And then the the last piece, which is probably the biggest 423 00:23:00,840 --> 00:23:05,240 challenge for most organizations is that many companies think 424 00:23:05,240 --> 00:23:09,640 that they know what they have. And what the engagements that we 425 00:23:09,640 --> 00:23:14,320 deliver really point out is that many of them just know, don't 426 00:23:14,320 --> 00:23:16,680 know what they have. They don't know what assets they 427 00:23:16,680 --> 00:23:19,760 manage, they don't know what identities they manage. 428 00:23:20,800 --> 00:23:24,280 And because of that, they think that they are really doing 429 00:23:24,280 --> 00:23:28,280 things well in their own world, but they they really miss the 430 00:23:28,280 --> 00:23:30,520 point of what is the universe, right? 431 00:23:30,520 --> 00:23:32,120 And that's the biggest challenge, I think in 432 00:23:32,120 --> 00:23:35,160 cybersecurity thing, why you bring sometimes, I guess, 433 00:23:35,160 --> 00:23:37,600 consultants, right? It's easy to just get lost in 434 00:23:37,600 --> 00:23:40,200 your own chaos and, and lose the bigger picture. 435 00:23:40,200 --> 00:23:43,440 And consultants, sadly, for whatever reason, can come in and 436 00:23:43,440 --> 00:23:45,600 just tell you, hey, you know what, you're too lost in here 437 00:23:45,600 --> 00:23:47,400 just to step back and look at the bigger picture. 438 00:23:48,760 --> 00:23:51,160 So David, you've kind of referenced 2 of the biggest 439 00:23:51,160 --> 00:23:54,640 topics that I really wanted to get into with you today on the 440 00:23:54,640 --> 00:23:57,520 non humans. That's really, I've always felt 441 00:23:57,520 --> 00:24:01,800 like we, we've kind of figured out how to manage human 442 00:24:01,800 --> 00:24:03,760 identities within the enterprise. 443 00:24:04,120 --> 00:24:07,520 But then there's the attack path that you also referenced, which 444 00:24:07,520 --> 00:24:13,600 is, you know, switching roles and, and basically lateral 445 00:24:13,600 --> 00:24:17,280 movement. And your goal may be to get up 446 00:24:17,280 --> 00:24:20,160 and take over the like the Active Directory and have the 447 00:24:20,160 --> 00:24:23,400 global administrator account access. 448 00:24:23,760 --> 00:24:27,640 Maybe start with a service account, You move to a help desk 449 00:24:27,640 --> 00:24:30,400 account, you reset the credentials for the global admin 450 00:24:30,400 --> 00:24:33,560 and bingo, that company's out of business. 451 00:24:35,040 --> 00:24:37,400 But I wanted to go back to something else that you said. 452 00:24:37,560 --> 00:24:41,040 I don't want to like let it go without talking about it because 453 00:24:41,040 --> 00:24:43,240 you did talk about large enterprise. 454 00:24:43,240 --> 00:24:47,280 Then you talked about the middle market, which is the main area 455 00:24:47,280 --> 00:24:52,360 that RSM focuses on and the this attack vectors report, a big 456 00:24:52,360 --> 00:24:55,520 focus is on the middle market. And I guess when I think about 457 00:24:55,520 --> 00:24:59,480 the middle market, I, I think you mentioned a good point, 458 00:24:59,480 --> 00:25:02,280 right. The scope is probably smaller of 459 00:25:02,280 --> 00:25:06,040 what we have to protect than a large enterprise, but a lot of 460 00:25:06,040 --> 00:25:09,760 times we're also playing with a smaller budget to put towards 461 00:25:09,760 --> 00:25:13,800 cybersecurity. So my question to you really is, 462 00:25:14,640 --> 00:25:17,560 is what's more important? Is that the size of the budget? 463 00:25:17,920 --> 00:25:23,240 Is it you know how much money you spend on cyber or is it the 464 00:25:23,360 --> 00:25:26,240 like how well you spend the dollars or is it just 465 00:25:26,720 --> 00:25:30,720 inseparable? Oh man, that's a great question. 466 00:25:30,720 --> 00:25:35,360 So to, to me, there's, there's, there's a threshold, right? 467 00:25:35,360 --> 00:25:40,120 There's, there's a point in time where you can have a budget and 468 00:25:40,120 --> 00:25:42,640 still you can make it work. But there's some companies that 469 00:25:42,640 --> 00:25:46,520 don't have even that, right. And I think if you're not past 470 00:25:46,520 --> 00:25:49,320 that threshold where you have enough budget to make it work, 471 00:25:49,320 --> 00:25:52,000 then I mean, just just forget it. 472 00:25:52,000 --> 00:25:54,560 There's nothing that you can do or, or a few things that you can 473 00:25:54,560 --> 00:25:57,440 do because you're still going to need licensing. 474 00:25:57,440 --> 00:25:59,320 You're going to need all the things that would help you, 475 00:25:59,320 --> 00:26:03,440 especially with technology today to manage everything that you 476 00:26:03,440 --> 00:26:06,920 need to manage in cybersecurity. Once you're past an specific 477 00:26:07,200 --> 00:26:11,800 threshold and you have that budget already approved, then it 478 00:26:11,800 --> 00:26:16,600 does matter how you spend it and it does matter how you're 479 00:26:16,600 --> 00:26:20,600 managing your own technology, how you're managing your 480 00:26:20,600 --> 00:26:23,520 investments, and how you're collaborating with other 481 00:26:23,760 --> 00:26:25,400 departments. I think this is something that 482 00:26:25,400 --> 00:26:29,440 is really easy to miss. When you talk about 483 00:26:29,440 --> 00:26:32,080 cybersecurity, especially cybersecurity professionals. 484 00:26:32,920 --> 00:26:36,080 We tend to be in a silo and feel that we're in a silo. 485 00:26:36,760 --> 00:26:39,920 And the better cybersecurity teams are the teams that are 486 00:26:39,920 --> 00:26:42,680 really good collaborating with the rest of the enterprise, 487 00:26:42,680 --> 00:26:46,000 whether it's a small middle market company all the way to 488 00:26:46,000 --> 00:26:50,200 the enterprise. They find ways to make what is 489 00:26:50,200 --> 00:26:54,520 important happen, whether it's with their budget or some other 490 00:26:54,520 --> 00:26:57,640 else's budget. And they've, they, they identify 491 00:26:57,640 --> 00:27:00,200 really good ways to understand what is important to the 492 00:27:00,200 --> 00:27:03,960 business and not to the cybersecurity professionals. 493 00:27:04,320 --> 00:27:06,880 And you made, you made a really good point on, on your comment 494 00:27:06,880 --> 00:27:11,200 about, well, you might be coming in and trying to compromise 495 00:27:11,480 --> 00:27:14,440 Active Directory or compromise my identity and access 496 00:27:14,440 --> 00:27:18,600 management solution. And that might be relevant for 497 00:27:18,840 --> 00:27:23,280 the cyber security professional that that is in front of me on 498 00:27:23,280 --> 00:27:25,600 the other side, right, like the CISO or whoever. 499 00:27:26,040 --> 00:27:28,840 But in reality, one of the things that I think is really 500 00:27:29,360 --> 00:27:32,200 easy to me is from a cyber security point of view is what 501 00:27:32,200 --> 00:27:37,200 is important to the business. And I have been and this is this 502 00:27:37,200 --> 00:27:40,160 I think a privilege. I have been in organizations 503 00:27:40,160 --> 00:27:46,160 where you can compromise their whole Active Directory and the 504 00:27:46,160 --> 00:27:50,800 CEO, the CFO, the CEO can just watch it. 505 00:27:50,800 --> 00:27:53,560 This is like, I don't care. This is not important to me. 506 00:27:53,920 --> 00:27:57,080 My business is somewhere else. I know that I can recover. 507 00:27:57,080 --> 00:27:59,560 It's going to be a really uncontrolled day for the CIO and 508 00:27:59,560 --> 00:28:02,040 the CIO. So I give you that. 509 00:28:02,200 --> 00:28:04,400 But my business is going to continue to run. 510 00:28:04,840 --> 00:28:08,720 So I think there's this balance, right, where you, when you talk 511 00:28:08,720 --> 00:28:12,520 specifically about cybersecurity of what is important for 512 00:28:12,520 --> 00:28:14,920 cybersecurity professionals and what is important to the 513 00:28:14,920 --> 00:28:17,120 business. And I think the people that 514 00:28:17,160 --> 00:28:19,280 understand what is important to the business are the people that 515 00:28:19,280 --> 00:28:21,360 are actually investing their budget correctly. 516 00:28:21,440 --> 00:28:24,320 So that that would be my long winded way of saying that that's 517 00:28:24,520 --> 00:28:28,640 how I see cybersecurity being spent correctly, if that makes 518 00:28:28,640 --> 00:28:30,480 sense. Well, I think that's valuable 519 00:28:30,480 --> 00:28:33,280 because if you can use other people's budget to further 520 00:28:33,280 --> 00:28:36,240 security goals, that's a win as far as I'm concerned. 521 00:28:36,640 --> 00:28:40,360 And the best way to do that is to tie security objectives with 522 00:28:40,360 --> 00:28:42,640 business objectives. Absolutely. 523 00:28:42,640 --> 00:28:46,480 And this is something that, again, not a lot of 524 00:28:46,720 --> 00:28:51,200 cybersecurity professionals do well because it tends to be a 525 00:28:51,360 --> 00:28:53,560 confrontational relationship and a lot of friction. 526 00:28:53,560 --> 00:28:58,480 But I have seen really smart people using internal audit for 527 00:28:58,480 --> 00:29:00,800 their own purposes. Why? 528 00:29:00,800 --> 00:29:03,240 Because internal audit talks about the business risks. 529 00:29:03,800 --> 00:29:07,760 And if you're able to present your cybersecurity challenges 530 00:29:07,800 --> 00:29:12,480 through internal audit, most likely the CEO and the CEO and, 531 00:29:12,480 --> 00:29:14,280 and others are going to pay attention to this is an 532 00:29:14,320 --> 00:29:17,800 independent party that is coming in and just saying the same 533 00:29:17,800 --> 00:29:20,200 thing as the cybersecurity professional has been shouting 534 00:29:20,200 --> 00:29:22,200 for a very long time to the same people, right? 535 00:29:22,200 --> 00:29:27,480 So that's an example of how some of the better CISOS have that I 536 00:29:27,480 --> 00:29:31,640 know have I mean done well creating internal relationships 537 00:29:31,640 --> 00:29:34,320 in the organization to accomplish what they they need 538 00:29:34,840 --> 00:29:40,680 even with a really small budget or I guess a less of of not a 539 00:29:40,680 --> 00:29:43,720 good budget I would say. Yeah, they might be shorted 540 00:29:43,720 --> 00:29:45,480 somewhere, right? Everyone's trying to claw back 541 00:29:45,480 --> 00:29:47,320 money. I feel like this is definitely 542 00:29:47,320 --> 00:29:50,760 where there is where you know, the vertical or industry you're 543 00:29:50,760 --> 00:29:55,200 in definitely impacts probably what tools you can afford and 544 00:29:55,200 --> 00:29:58,120 how mature you are, right? Finance probably doesn't have a 545 00:29:58,120 --> 00:30:01,200 problem spending with it because you know you're you're you're 546 00:30:01,200 --> 00:30:03,400 saving dollars and risk and things like that. 547 00:30:03,760 --> 00:30:07,360 But the reality is there are so many other organizations that 548 00:30:07,360 --> 00:30:12,320 are not in maybe highly regulated industries that would 549 00:30:12,320 --> 00:30:15,320 like to be more secure but have to get creative from a. 550 00:30:15,320 --> 00:30:17,520 Budget, well, absolutely. And that's the other thing that 551 00:30:17,520 --> 00:30:20,320 I think going back to the question that Jim just just 552 00:30:20,440 --> 00:30:23,960 made, right, the other good part of the cybersecurity 553 00:30:23,960 --> 00:30:27,720 professionals that I know of at the executive level, some of 554 00:30:27,720 --> 00:30:30,760 them are really good explaining the risk through other means and 555 00:30:30,760 --> 00:30:33,560 collaborating, collaborating with other parts of the 556 00:30:33,560 --> 00:30:36,000 business. And some of them are really good 557 00:30:36,000 --> 00:30:39,040 understand explaining to the business how cybersecurity is a 558 00:30:39,080 --> 00:30:41,760 business enabler instead of a business deterrent. 559 00:30:42,200 --> 00:30:45,040 Because when you talk about risk, the first thing that comes 560 00:30:45,040 --> 00:30:49,240 up immediately is, Oh my God, like I'm going to have to start 561 00:30:49,240 --> 00:30:51,520 to stop my operations. This is going to be 562 00:30:51,520 --> 00:30:53,920 uncomfortable to someone. It's going to be really 563 00:30:53,920 --> 00:30:56,880 annoying. But if you implement, and this 564 00:30:56,880 --> 00:31:00,520 works really well in identity, like if you implement a really 565 00:31:00,520 --> 00:31:03,840 good identity and access management program, I mean, you 566 00:31:03,840 --> 00:31:07,160 can enable your business from a client perspective, right? 567 00:31:07,160 --> 00:31:10,080 Because a good identity and access management user 568 00:31:10,080 --> 00:31:14,360 experience, I mean, it's a huge benefit for the business and it 569 00:31:14,440 --> 00:31:18,040 attracts better clients to your business as well, right. 570 00:31:18,040 --> 00:31:21,400 So those are the, the other places where I see really good 571 00:31:21,400 --> 00:31:24,120 security professionals coming in and those, I mean, making a 572 00:31:24,120 --> 00:31:26,920 change. I mean, with, with a better 573 00:31:26,920 --> 00:31:29,720 story other than, Oh my God, we're going to get compromised. 574 00:31:30,480 --> 00:31:32,720 I mean, it's going to be a horrible day when we get hit by 575 00:31:32,720 --> 00:31:34,920 ransomware and then our operation is going to be, I 576 00:31:34,960 --> 00:31:38,320 mean, really bad. Nobody wants that day. 577 00:31:39,240 --> 00:31:42,600 Nobody wants that day, but I mean you can, you can recover 578 00:31:42,600 --> 00:31:44,960 from that day if you understand the business as well, in my 579 00:31:44,960 --> 00:31:47,120 opinion. And hopefully you've got like 580 00:31:47,120 --> 00:31:50,280 good backups and the backups haven't been like tainted in any 581 00:31:50,280 --> 00:31:52,520 way. So we did a whole episode on 582 00:31:52,520 --> 00:31:54,800 recovery and resilience. Okay, that's good to know 583 00:31:54,800 --> 00:31:58,880 because you were going to drive me into that rabbit hole of, I 584 00:31:58,920 --> 00:32:01,160 mean, where to invest if you're really concerned about those 585 00:32:01,160 --> 00:32:04,680 things. And for sure in mutable backups 586 00:32:04,680 --> 00:32:07,160 would be one thing that I would immediately invest on. 587 00:32:08,040 --> 00:32:12,240 So print out your entire system, right, put it on to like a 588 00:32:12,240 --> 00:32:15,640 binder and put it into like a shelf on an offset location and 589 00:32:15,680 --> 00:32:18,640 then code it back all in. You can use AI right? 590 00:32:18,640 --> 00:32:21,080 Probably to help you, you know, vibe code your entire business 591 00:32:21,080 --> 00:32:22,520 operating. System you can call that in 592 00:32:22,520 --> 00:32:24,480 mutable as well in some sort of way, right? 593 00:32:24,520 --> 00:32:27,080 I mean, probably not agile, but in mutable for sure. 594 00:32:27,400 --> 00:32:30,520 We have the backup. We we can't restore it, but we. 595 00:32:30,520 --> 00:32:35,240 Have the backup. I want to go back to a little 596 00:32:35,240 --> 00:32:37,760 bit about the service account and sort of this non human 597 00:32:37,760 --> 00:32:40,920 identity, because look, this has been sort of the topic du jour 598 00:32:40,920 --> 00:32:43,480 in the identity world for like the last, I'd say six months, 599 00:32:43,480 --> 00:32:45,200 maybe approaching a year at this point. 600 00:32:45,760 --> 00:32:49,560 And you know, look, it's it's an explosion of these accounts, 601 00:32:49,680 --> 00:32:50,840 right? I think everyone's familiar with 602 00:32:50,840 --> 00:32:53,160 like service accounts from like an Active Directory perspective 603 00:32:53,160 --> 00:32:56,680 or, you know, SQL or whatever those, you know, systems are. 604 00:32:56,680 --> 00:33:02,000 But now we've got non human identity, agentic identity AI, 605 00:33:02,000 --> 00:33:03,560 right? All this stuff is happening. 606 00:33:03,920 --> 00:33:06,880 And I'm curious, you know, based on sort of the report, what are 607 00:33:06,880 --> 00:33:08,840 some of the things maybe that you want to kind of pick out 608 00:33:08,840 --> 00:33:13,000 around that idea of not only the service accounts, but this idea 609 00:33:13,000 --> 00:33:17,520 of, oh boy, now we've got a new, a new class of citizen called 610 00:33:17,560 --> 00:33:20,000 Agentic. Well, I mean, so first I would 611 00:33:20,000 --> 00:33:22,360 highlight that for me it's awesome because it's job 612 00:33:22,360 --> 00:33:26,360 security. I mean, in all honesty, it's. 613 00:33:26,360 --> 00:33:28,000 Tell me your consultant without being a. 614 00:33:28,160 --> 00:33:29,440 Without telling me you're a consultant. 615 00:33:29,480 --> 00:33:35,120 It's insanity right now because it feels like we went back maybe 616 00:33:35,120 --> 00:33:39,360 20 years ago when I mean, and that tells you that I'm really 617 00:33:39,360 --> 00:33:41,960 old. But I mean, back in the day, you 618 00:33:41,960 --> 00:33:44,800 would see everybody going crazy because the Internet was there. 619 00:33:44,800 --> 00:33:46,400 Everybody wanted to have a website. 620 00:33:46,920 --> 00:33:50,840 And then creating a website was like the thing that you wanted 621 00:33:50,840 --> 00:33:53,720 to have, right? And people would be paid, I 622 00:33:53,720 --> 00:33:57,640 mean, just crazy amount of money to create a really basic 623 00:33:57,640 --> 00:33:59,720 website. But now you could say as a 624 00:33:59,720 --> 00:34:02,360 company that you have your website and no one cared about 625 00:34:02,360 --> 00:34:05,200 security, no one cared about how that was being built. 626 00:34:05,680 --> 00:34:09,000 Everybody was wanted to just have their website and then just 627 00:34:09,000 --> 00:34:13,239 move on. So it's, it's seems to me that 628 00:34:13,239 --> 00:34:16,840 AI is so similar to that. Everybody wants AI. 629 00:34:16,880 --> 00:34:18,800 Everybody wants a gentic to be working. 630 00:34:18,800 --> 00:34:20,639 Everybody wants to claim that they're using AI. 631 00:34:21,199 --> 00:34:23,719 No one is paying attention to security, no one is paying 632 00:34:23,719 --> 00:34:26,199 attention to these identities that are being created and these 633 00:34:26,199 --> 00:34:29,280 are going to stay for a very long time out there. 634 00:34:29,639 --> 00:34:33,000 So going back to the report, one of the things that my team is, 635 00:34:33,080 --> 00:34:36,920 has been able to do, I mean, throughout the years, but just 636 00:34:36,920 --> 00:34:41,280 lately more and more is compromising service accounts 637 00:34:42,159 --> 00:34:44,040 with, with high privileges, right? 638 00:34:44,080 --> 00:34:46,440 And the reality that many organizations don't have a 639 00:34:46,440 --> 00:34:51,320 strategy to take high privilege service accounts, embed them 640 00:34:51,320 --> 00:34:54,880 into a process or a factory model, where before even just 641 00:34:54,880 --> 00:34:58,200 creating that identity, you have a way to embed it into your Pam 642 00:34:58,480 --> 00:35:01,000 or embed it into your identity and access management 643 00:35:02,120 --> 00:35:05,640 infrastructure and then secure that identity before it becomes 644 00:35:05,640 --> 00:35:08,800 something that is live. What happens is the opposite, 645 00:35:08,800 --> 00:35:10,880 right? The identity, I mean for 646 00:35:10,880 --> 00:35:15,200 whatever reason, it starts us as a strong high privilege identity 647 00:35:15,200 --> 00:35:18,360 that goes live and then everybody forgets about it and 648 00:35:18,360 --> 00:35:21,000 then they remember when we compromise them. 649 00:35:21,440 --> 00:35:24,320 So the way that we usually compromise them and in 650 00:35:24,320 --> 00:35:27,760 identities is there's two different ways identity through 651 00:35:27,760 --> 00:35:30,840 cover asking which is something that is really on but still out 652 00:35:30,840 --> 00:35:33,080 there. And the second one would be 653 00:35:33,080 --> 00:35:38,200 just, I mean misconfigurations on, on the specific certificates 654 00:35:38,200 --> 00:35:41,400 that you're assigning to different identities and how 655 00:35:41,400 --> 00:35:45,120 certificate based type of a type of authentication is being used 656 00:35:45,120 --> 00:35:49,360 in a Microsoft tomorrow, right. So those are the 2 main main 657 00:35:49,360 --> 00:35:51,000 ways I guess or techniques that we're using. 658 00:35:51,840 --> 00:35:55,240 So one of the things that struck me as I kind of read it was this 659 00:35:55,240 --> 00:35:58,280 idea of prompt injection is is a very real threat. 660 00:35:58,280 --> 00:36:00,200 I don't want to get into specific statistics. 661 00:36:00,200 --> 00:36:04,640 I want to say it was like 70 or 75% of the things that were 662 00:36:04,640 --> 00:36:09,440 tested fell prey to some sort of prompt injection, which, OK, so 663 00:36:09,440 --> 00:36:10,840 now we've got to worry about that. 664 00:36:11,160 --> 00:36:13,840 And those are just the things that, you know, as me, as a 665 00:36:13,840 --> 00:36:16,320 security person, these are the ones that I know about. 666 00:36:16,920 --> 00:36:21,040 Imagine all the shadow AI that's taking place as an organization, 667 00:36:21,920 --> 00:36:25,120 and that's how to protect those. I mean that is another topic by 668 00:36:25,200 --> 00:36:26,960 by it's own right. Like, I mean, so many 669 00:36:26,960 --> 00:36:29,960 organizations have AI right now that I mean, they don't even 670 00:36:29,960 --> 00:36:33,080 know that they're using. But going back to the prompt 671 00:36:33,080 --> 00:36:35,840 injection component, it goes back to what I mentioned with 672 00:36:35,840 --> 00:36:39,560 Jim, right? Like you have this chat bot of 673 00:36:39,560 --> 00:36:43,800 some sort that is exposed to the application and then you know 674 00:36:43,800 --> 00:36:47,320 that that chat bot is going to have access to more things that 675 00:36:47,320 --> 00:36:50,760 you do as an user. And the thing with AI is that 676 00:36:50,760 --> 00:36:53,320 they usually don't have really long term memory. 677 00:36:53,320 --> 00:36:57,960 Like they can have context for, I mean, few prompts, but then 678 00:36:57,960 --> 00:37:00,160 little by little they start losing that memory, right? 679 00:37:00,160 --> 00:37:02,640 And that's the main risk, the main issue with the other lens. 680 00:37:03,160 --> 00:37:06,960 So what my team usually does is they continue to inject new 681 00:37:06,960 --> 00:37:11,520 things into the prompts until the, the, the bot or the lens 682 00:37:11,520 --> 00:37:13,880 starts getting lost into the prompts. 683 00:37:13,880 --> 00:37:17,200 And then they start asking questions with assumptions or 684 00:37:17,200 --> 00:37:21,120 things that they can imagine. And from there, I mean, the, the 685 00:37:21,120 --> 00:37:26,120 prompt would just, the, the chat bot would just forget the 686 00:37:26,120 --> 00:37:28,520 context that they're in. And then they start to giving 687 00:37:28,520 --> 00:37:30,800 information back that they shouldn't be giving. 688 00:37:30,800 --> 00:37:32,840 And this happens not only with the chat bots that we have 689 00:37:33,600 --> 00:37:36,800 tested, but just many, many AI applications that are out there 690 00:37:36,800 --> 00:37:39,160 right now. But yeah, that's a, that's a 691 00:37:39,160 --> 00:37:41,960 challenge by itself. And again, I don't think 692 00:37:41,960 --> 00:37:49,240 companies even realize that the biggest challenge is not as 693 00:37:49,240 --> 00:37:53,880 simple to fix because once you create that chat bot and you 694 00:37:53,880 --> 00:37:57,120 didn't create the right identity and access management structure 695 00:37:57,120 --> 00:38:00,720 in your application and you didn't segment data correctly 696 00:38:01,360 --> 00:38:04,080 and everybody's using that application for whatever reason, 697 00:38:04,840 --> 00:38:09,480 this is a vulnerability that can live there for years without you 698 00:38:09,480 --> 00:38:11,400 knowing. And people can be extracting 699 00:38:11,400 --> 00:38:15,600 information and it would be close to impossible to monitor 700 00:38:16,040 --> 00:38:18,480 that someone is doing this through the application. 701 00:38:19,040 --> 00:38:23,200 So to me, really exciting times, as I mentioned, like there's a 702 00:38:23,200 --> 00:38:26,880 lot of really interesting things that are happening that are 703 00:38:26,880 --> 00:38:29,320 going to be there for a very long time for my team to 704 00:38:29,320 --> 00:38:32,960 continue to test. But in reality, a really 705 00:38:32,960 --> 00:38:35,960 difficult challenge to match if I'm on the other side, right? 706 00:38:35,960 --> 00:38:39,880 Like if I'm someone that is a CISO or cybersecurity 707 00:38:39,880 --> 00:38:43,800 professional in a company and I have my CEO and the rest of the 708 00:38:43,800 --> 00:38:47,120 board just asking me to implement AI no matter what. 709 00:38:47,840 --> 00:38:50,960 I mean, I can't see why some companies just go directly into 710 00:38:50,960 --> 00:38:53,760 AI and then they just don't have a real security assessment 711 00:38:53,760 --> 00:38:55,280 before even doing these things, right? 712 00:38:55,760 --> 00:38:58,160 I think some companies are getting better and clever, but 713 00:38:58,480 --> 00:39:01,240 most of the companies that I have seen or we have seen 714 00:39:01,560 --> 00:39:07,680 implementing AI, they have not been able to implement 715 00:39:07,800 --> 00:39:10,160 correctly. And I mean with really simple 716 00:39:10,160 --> 00:39:13,280 tests you would be able to compromise data that is 717 00:39:13,280 --> 00:39:15,520 extremely sensitive for those companies. 718 00:39:16,640 --> 00:39:20,280 So Dave, we've recorded over 400 episodes and our focus has 719 00:39:20,280 --> 00:39:24,520 always been on the practitioner. And one of the things that we've 720 00:39:24,520 --> 00:39:31,000 always tried to do is make our episodes be actionable for the 721 00:39:31,000 --> 00:39:33,480 practitioner. And you kind of talked about 722 00:39:33,480 --> 00:39:35,800 some of the framework and some of the philosophies. 723 00:39:35,800 --> 00:39:41,800 So whether working like a DIY from a DIY perspective or 724 00:39:41,800 --> 00:39:46,240 working with a partner, what are some of the things that the 725 00:39:46,240 --> 00:39:51,360 practitioner can do to kind of self assess or to assess where 726 00:39:51,360 --> 00:39:53,680 they stand, where their weaknesses are? 727 00:39:53,680 --> 00:39:57,120 Because we talked a lot about those weaknesses today, and I 728 00:39:57,120 --> 00:39:59,920 think if you know where they are, you can do something about 729 00:39:59,920 --> 00:40:01,280 it. Yeah. 730 00:40:01,360 --> 00:40:04,120 I, I mean, I, I, I'm going to sound like I'm promoting myself, 731 00:40:04,120 --> 00:40:06,200 but I'm not. I I think we have documented 732 00:40:06,240 --> 00:40:09,560 really well some of the actionable recommendations in 733 00:40:09,560 --> 00:40:12,000 the report that you and Jeff mentioned. 734 00:40:12,000 --> 00:40:15,080 Like we do have really a specific things that we 735 00:40:15,080 --> 00:40:21,440 recommend people to follow for the most part is really having 736 00:40:21,440 --> 00:40:25,840 a, as much as possible good hygiene with your identities, 737 00:40:26,200 --> 00:40:31,400 being able to monitor when things don't look precisely as 738 00:40:31,560 --> 00:40:35,120 as a natural way of operating, whether it's human or non human, 739 00:40:35,240 --> 00:40:37,640 you can identify it if you know your environment. 740 00:40:38,520 --> 00:40:42,560 I think over communicating also helps across the enterprise so 741 00:40:42,560 --> 00:40:45,520 people can understand the risk. And one thing that I think as a 742 00:40:45,520 --> 00:40:48,880 practitioner, I mentioned that I'm expecting from people to do 743 00:40:48,880 --> 00:40:51,800 that we don't do enough as cybersecurity professionals or 744 00:40:51,800 --> 00:40:55,160 identity and as management professionals is really 745 00:40:55,320 --> 00:41:00,280 understand what are the main business drivers and I mean main 746 00:41:00,280 --> 00:41:03,320 business risks, right? Like a lot of people that live 747 00:41:03,320 --> 00:41:06,640 in technology, they live in technology without understanding 748 00:41:06,640 --> 00:41:08,720 what is important to their own company. 749 00:41:09,400 --> 00:41:12,400 If you understand what is important to your own company 750 00:41:12,400 --> 00:41:15,320 and then from there you drive the rest of the investments, I 751 00:41:15,320 --> 00:41:17,960 think everything clears out, right? 752 00:41:18,080 --> 00:41:22,160 If not, you're going to be in this weird, I mean rabbit hole 753 00:41:22,160 --> 00:41:24,880 and cycle where you're investing things and you don't feel that 754 00:41:24,880 --> 00:41:28,920 you're really making a good progress or moving the needle. 755 00:41:29,120 --> 00:41:33,120 So those would be really, I guess, high level things that I 756 00:41:33,120 --> 00:41:37,400 would think are actionable. And then the the last piece more 757 00:41:37,400 --> 00:41:41,800 technical to your, to your, I guess to your listeners would be 758 00:41:42,400 --> 00:41:48,120 make sure that you're matching identity and access management 759 00:41:48,280 --> 00:41:52,400 with something else. These are the things that I 760 00:41:52,400 --> 00:41:55,680 think sometimes are missed. Many companies as I mentioned 761 00:41:55,680 --> 00:42:00,120 have MFA, have Pam, have I mean good identity and access 762 00:42:00,120 --> 00:42:05,520 management hygiene, but they miss to manage configuration 763 00:42:05,520 --> 00:42:08,760 well or they miss to do logging and monitoring well. 764 00:42:09,080 --> 00:42:13,840 So if you do identity and access management and you add one thing 765 00:42:13,840 --> 00:42:16,960 more, whether it's configuration management, whether it's logging 766 00:42:16,960 --> 00:42:20,440 and monitoring like something else that you're really good at, 767 00:42:20,800 --> 00:42:24,440 usually those two things complement themselves really 768 00:42:24,440 --> 00:42:28,040 well and you end up being a really good environment that you 769 00:42:28,040 --> 00:42:30,960 can manage, right. So I don't know how actionable 770 00:42:30,960 --> 00:42:33,760 that that is, but I mean, at the very least I can tell you that 771 00:42:33,760 --> 00:42:36,120 that is what I would, I would recommend to people. 772 00:42:36,120 --> 00:42:38,840 And then again, if you want to go into the technical details, 773 00:42:39,160 --> 00:42:41,200 I'll, I'll refer you to the report. 774 00:42:41,880 --> 00:42:45,120 But I mean, I think that is what I would recommend to some of the 775 00:42:45,120 --> 00:42:47,280 people that you have that are listening to this. 776 00:42:48,440 --> 00:42:50,760 There's a lot to cover here and I think, you know, one of the 777 00:42:50,760 --> 00:42:53,640 things that was out there was run MFA and I don't want to 778 00:42:53,640 --> 00:42:57,040 spend too much time on it because I think the the gist of 779 00:42:57,040 --> 00:43:00,640 that finding was that's great you've got MFA, but do you have 780 00:43:00,640 --> 00:43:04,240 MFA everywhere? There were some findings that 781 00:43:04,240 --> 00:43:06,800 maybe there were still some holes in the deployment of MFA 782 00:43:06,800 --> 00:43:09,760 where there weren't, you know, it really wasn't everywhere. 783 00:43:09,840 --> 00:43:12,520 There were certain. Well, so I'll explain like, I 784 00:43:12,520 --> 00:43:15,840 mean, the report itself says that you can have MFA, but then 785 00:43:15,840 --> 00:43:20,520 MFA can be implemented in really secure ways on just or just in a 786 00:43:20,720 --> 00:43:24,520 more generic way, right? And what my team is able to do 787 00:43:24,520 --> 00:43:27,280 in other teams as well, not on my team is basically able to 788 00:43:27,280 --> 00:43:32,600 trick the users to go through the MFA process, but then steal 789 00:43:32,600 --> 00:43:36,760 their token or their session when they go through the MFA 790 00:43:36,920 --> 00:43:39,320 process. Once they go through the MFA 791 00:43:39,320 --> 00:43:42,720 process, and I mean, the attacker has your session and 792 00:43:42,720 --> 00:43:46,720 you still have your session. You can have two logins going 793 00:43:46,720 --> 00:43:50,200 in, but then you have a starting point as an attacker, as a non 794 00:43:50,200 --> 00:43:53,120 privileged user. And the beauty of this is that 795 00:43:53,120 --> 00:43:57,640 once you cross that line from a no user to a non privileged user 796 00:43:58,640 --> 00:44:03,400 as an attacker, the whole world opens up because now you have 797 00:44:03,400 --> 00:44:08,080 access to data, you have access to assets, you have access to, I 798 00:44:08,080 --> 00:44:11,080 mean multiple identities that are already lingering over there 799 00:44:11,080 --> 00:44:13,840 that you can see if you can basically compromise or not. 800 00:44:14,160 --> 00:44:17,200 When you are not a user in a company, you have no access to 801 00:44:17,200 --> 00:44:18,560 everything, right? So everything that you're 802 00:44:18,560 --> 00:44:23,200 gathering is external. Once you get that first user is 803 00:44:23,200 --> 00:44:26,760 just like day and night for for the people that work in my 804 00:44:26,840 --> 00:44:29,920 group. And once you get that user, even 805 00:44:29,920 --> 00:44:32,680 as a regular user, as I mean, one of the things that we point 806 00:44:32,680 --> 00:44:36,120 out is the the certificate based challenges that you might have 807 00:44:36,120 --> 00:44:40,560 in Active Directory as a regular user, you could compromise and 808 00:44:40,560 --> 00:44:43,960 escalate privileges all the way to domain admin if you didn't 809 00:44:43,960 --> 00:44:47,160 configure your Active Directory correctly with that certificate 810 00:44:47,160 --> 00:44:49,440 based vulnerability. Well, not vulnerability, but 811 00:44:49,960 --> 00:44:52,720 misconfiguration that you can have in Microsoft, right? 812 00:44:52,720 --> 00:44:57,480 So that's one of the things that I mean in matter of hours can 813 00:44:57,480 --> 00:45:01,920 get you from no user to regular user to full compromise. 814 00:45:02,360 --> 00:45:05,560 So those are the things that I think again, you can implement 815 00:45:05,560 --> 00:45:08,800 MFA, but if it's not implemented correctly, it's, it's a 816 00:45:08,800 --> 00:45:11,920 challenge. Now the report will tell you the 817 00:45:11,920 --> 00:45:18,360 best way to protect against this is implement 5O2 and like a GODB 818 00:45:18,360 --> 00:45:20,440 key or whatever. And everybody in your podcast is 819 00:45:20,440 --> 00:45:25,600 going to say what the hell? I mean, this is, I mean, many 820 00:45:25,600 --> 00:45:27,400 are going to say that's impossible to implement. 821 00:45:27,600 --> 00:45:30,920 It's it's close to, I mean, it's not a user friendly and, and you 822 00:45:30,920 --> 00:45:32,160 still have to manage the hardware. 823 00:45:32,160 --> 00:45:36,440 And, and I agree with that. And what we recommend instead of 824 00:45:36,680 --> 00:45:39,840 implementing Fido, even though there's some organizations that 825 00:45:40,040 --> 00:45:44,040 they shouldn't have an option, just have Fido too and GOB keys 826 00:45:44,600 --> 00:45:48,240 for most of the organizations that is not a reasonable type of 827 00:45:48,240 --> 00:45:50,120 implementation. So what is actionable? 828 00:45:50,480 --> 00:45:54,040 What is actionable is implement the MFA and then add 829 00:45:54,040 --> 00:45:57,840 configuration management on top of that, which is conditional 830 00:45:57,840 --> 00:46:02,040 access. Impossible logins like for 831 00:46:02,040 --> 00:46:05,640 example, David and and another person in another country 832 00:46:05,640 --> 00:46:08,960 shouldn't be logging at the same time and this and at the same 833 00:46:08,960 --> 00:46:11,360 time just implement processes around those configuration 834 00:46:11,360 --> 00:46:15,320 controls so you can act on it immediately when someone gets 835 00:46:15,320 --> 00:46:17,160 compromised. That is the part that is 836 00:46:17,160 --> 00:46:18,920 missing, right? So MFA can't be implemented. 837 00:46:18,920 --> 00:46:22,560 But if you know it's implemented incorrectly, you need to add 838 00:46:22,960 --> 00:46:27,280 more steps and security in depth so you can actually manage your 839 00:46:27,280 --> 00:46:30,640 risks overall, right? So that that's a little bit of I 840 00:46:30,640 --> 00:46:33,800 guess of the recommendation. Dave, you sound like a modern 841 00:46:33,800 --> 00:46:38,000 day identity security guy. So look, you're on identity at 842 00:46:38,000 --> 00:46:40,320 the center. Sometimes it feels a bit like an 843 00:46:40,320 --> 00:46:46,080 echo chamber, but what I'm going to say is identity security is a 844 00:46:46,080 --> 00:46:48,480 board level issue. I mean, we say that on the 845 00:46:48,480 --> 00:46:50,360 podcast a lot. I want to know does that 846 00:46:50,360 --> 00:46:55,120 resonate with you? I mean, I think so. 847 00:46:55,120 --> 00:46:57,160 I'm not an identity Nexus management experts. 848 00:46:57,160 --> 00:47:00,120 I'm going to challenge anyone over that comment just in 849 00:47:00,120 --> 00:47:03,480 general, right? I think that board level issue 850 00:47:03,480 --> 00:47:10,000 to me is identity as a whole because I want to engage my 851 00:47:10,000 --> 00:47:12,400 clients, I want to engage my customers. 852 00:47:12,400 --> 00:47:14,880 I want to make sure that identity is enabling my business 853 00:47:14,880 --> 00:47:22,400 in some sort of way. Identity security, it's a board 854 00:47:22,400 --> 00:47:25,360 relevant issue, but it's not a board issue itself. 855 00:47:25,360 --> 00:47:29,960 I guess because it there's that's why you have a CIO&ACISO 856 00:47:29,960 --> 00:47:32,880 that would manage and would help you, right. 857 00:47:32,880 --> 00:47:37,520 But at the board level, I see, I would say maybe other more 858 00:47:37,520 --> 00:47:39,960 relevant challenges being managed. 859 00:47:40,080 --> 00:47:44,160 Now again, depending on the industry, I would say yes, if 860 00:47:44,160 --> 00:47:46,920 you're talking about cybersecurity as being one of 861 00:47:46,920 --> 00:47:50,440 the major risks in any enterprise risk management 862 00:47:50,440 --> 00:47:54,600 framework, identity has to be part of the conversation for 863 00:47:54,600 --> 00:47:57,320 sure, if that is what you're referring to. 864 00:47:58,120 --> 00:48:01,600 So let me let me spin that question a different way, OK? 865 00:48:01,840 --> 00:48:07,280 OK. Instead of presenting identity 866 00:48:07,280 --> 00:48:10,800 to the board, right identity security, let's flip it. 867 00:48:11,080 --> 00:48:15,280 Should the board be asking questions around how are we 868 00:48:15,280 --> 00:48:18,640 doing an identity security as part of their due diligence to 869 00:48:18,640 --> 00:48:21,760 make sure that security for the organization is good. 870 00:48:21,760 --> 00:48:26,400 Now, this assumes that the people who are on the board know 871 00:48:26,400 --> 00:48:29,960 what questions to ask, but I bet we've got a lot of board members 872 00:48:29,960 --> 00:48:32,880 who are listening to this podcast now. 873 00:48:32,880 --> 00:48:34,720 They probably know identity's important. 874 00:48:34,720 --> 00:48:37,080 At least I hope they do. Otherwise, why are you? 875 00:48:37,080 --> 00:48:40,440 Listening to. Right, but should the board 876 00:48:40,640 --> 00:48:44,680 start asking more identity security related questions to 877 00:48:44,680 --> 00:48:47,520 their CI OS and C CS? OK, so that's a yes. 878 00:48:47,600 --> 00:48:50,560 I mean short answer is yes. And the reason why the, I mean 879 00:48:51,680 --> 00:48:55,680 the, the, it's a no brainer, first because of the importance 880 00:48:56,280 --> 00:49:00,120 and second because a lot of people at the board level can be 881 00:49:00,120 --> 00:49:02,880 intelligent about their questions related to identity. 882 00:49:02,920 --> 00:49:05,920 Identity is something that I mean you can understand at a 883 00:49:05,920 --> 00:49:10,240 high level and still ask really tough questions to someone that 884 00:49:10,240 --> 00:49:13,080 is technical, right? So you don't have to be 885 00:49:13,080 --> 00:49:15,320 extremely technical to understand identity and 886 00:49:15,320 --> 00:49:18,560 challenge someone on the way that they have it, I mean, 887 00:49:18,560 --> 00:49:21,680 implemented identity or the way that they're securing your 888 00:49:21,680 --> 00:49:26,240 systems with the identities, I guess management processes that 889 00:49:26,240 --> 00:49:28,800 they have. So her answer is yes, like at 890 00:49:28,800 --> 00:49:31,480 that level for sure. And then you mentioned just are 891 00:49:31,480 --> 00:49:34,400 they required? So if you're a public company, 892 00:49:34,800 --> 00:49:37,400 you probably need to be looking at this because there's a SEC 893 00:49:37,440 --> 00:49:40,400 rule that says that you're liable as well if you get 894 00:49:40,400 --> 00:49:43,720 compromised. So yes, some of the boards need 895 00:49:43,720 --> 00:49:45,840 to be thinking about this and they need to be asking. 896 00:49:45,840 --> 00:49:49,440 That question for sure. OK, see we got to yes. 897 00:49:49,440 --> 00:49:51,120 So now we're back on the same page. 898 00:49:52,600 --> 00:49:54,920 I want to wrap up the conversation with, you know, 899 00:49:54,920 --> 00:49:57,400 something actionable. You know, Jim and I like to make 900 00:49:57,400 --> 00:50:00,280 this a conversation that people can kind of take back and say, 901 00:50:00,280 --> 00:50:03,200 oh, let me go ask these questions or go find out these 902 00:50:03,200 --> 00:50:06,000 answers. So there was a lot to read in 903 00:50:06,000 --> 00:50:08,360 this report. And so coming out again, a link 904 00:50:08,360 --> 00:50:10,080 will be in our show notes and I'm sure you'll see it, you 905 00:50:10,080 --> 00:50:12,800 know, plastered all over LinkedIn with RSM and probably 906 00:50:12,800 --> 00:50:14,560 Jim and myself sharing in yourself, etcetera. 907 00:50:15,120 --> 00:50:19,160 And I'm actually working on a follow up article for RSM that 908 00:50:19,240 --> 00:50:22,840 kind of the specific identity components of the attack 909 00:50:22,840 --> 00:50:24,720 vectors. I meant, I want to say I meant 910 00:50:24,720 --> 00:50:28,240 like 3500 words so far. I don't know if that'll be the 911 00:50:28,280 --> 00:50:30,680 final version or not after it gets edited and kind of, you 912 00:50:30,680 --> 00:50:33,720 know, reformatted or whatever, but there's a lot to cover. 913 00:50:34,160 --> 00:50:37,720 So let's digest this in a way that something in a see, so 914 00:50:37,840 --> 00:50:41,520 reading this report saying, OK, what are the next three things 915 00:50:41,880 --> 00:50:44,080 that I need to be focused on for the next year? 916 00:50:44,080 --> 00:50:45,920 So let's say through the rest of 2026. 917 00:50:46,760 --> 00:50:50,320 According to David Lawrence and the RSM Attack Vectors report, 918 00:50:50,360 --> 00:50:52,480 these are the three things you should be spending time on. 919 00:50:53,000 --> 00:51:00,240 I mean Pam, Pam to me is just I, I mean, I see so many companies 920 00:51:00,240 --> 00:51:03,200 misusing and miss implementing Pam. 921 00:51:03,200 --> 00:51:08,080 So that would be my first one. If you have to invest money in 922 00:51:08,080 --> 00:51:13,800 some sort of way and time and effort, I would say Pam is 923 00:51:13,800 --> 00:51:15,960 significant, right? And there's so many solutions 924 00:51:15,960 --> 00:51:19,600 out there now that can help you in many, many ways. 925 00:51:19,600 --> 00:51:21,840 So Pam would be the first one to me. 926 00:51:23,360 --> 00:51:32,600 The second one, I mean just removing as much as possible 927 00:51:32,680 --> 00:51:36,960 privileges from users. And I think when I say this, 928 00:51:37,400 --> 00:51:40,920 users are just like, Oh my God, this guy's insane. 929 00:51:40,920 --> 00:51:47,200 What I'm, but in reality, one of the things that I think is, is 930 00:51:47,920 --> 00:51:53,360 extremely important is as a user and, and I, I say this and I 931 00:51:53,360 --> 00:51:57,880 don't want my, my RSMIT team ever listening to this comment. 932 00:51:59,400 --> 00:52:01,880 I don't need to be an administrator on my computer to 933 00:52:01,880 --> 00:52:04,560 do my day-to-day job, right? I don't need to have 934 00:52:04,560 --> 00:52:07,280 administrative privileges or high privileges in other places, 935 00:52:07,280 --> 00:52:11,080 right? So that clean up of users while 936 00:52:11,080 --> 00:52:16,240 you're implementing Pam is, I mean just the best thing and and 937 00:52:17,120 --> 00:52:21,000 most of the financial services companies that I visit that have 938 00:52:21,000 --> 00:52:25,480 implemented this correctly are really, really hard to 939 00:52:25,480 --> 00:52:27,760 compromise. David, why is that so important? 940 00:52:27,760 --> 00:52:30,880 Because I think that's like the third rally, try to take some 941 00:52:30,880 --> 00:52:33,000 most administrative privileges away. 942 00:52:33,240 --> 00:52:36,400 Why is this so important to do? So from an attacker's 943 00:52:36,400 --> 00:52:42,480 perspective, because in general terms, if you're not 944 00:52:42,640 --> 00:52:46,640 implementing this type of let's take away from users their 945 00:52:46,640 --> 00:52:49,640 privileges and then let them use their privileges, high 946 00:52:49,640 --> 00:52:51,880 privileges when they are just needed. 947 00:52:52,840 --> 00:52:57,520 It's almost impossible to identify when, when a compromise 948 00:52:57,520 --> 00:53:00,040 just happened, right? If you think about everything 949 00:53:00,040 --> 00:53:06,480 that we just discussed, Jim, service accounts, non human 950 00:53:06,480 --> 00:53:09,360 identities, and then high privileged user accounts. 951 00:53:10,200 --> 00:53:16,280 If those three things are used always in a specific places at a 952 00:53:16,280 --> 00:53:19,640 specific times and you know that there's a pattern because non 953 00:53:19,640 --> 00:53:23,080 human identities usually have a pattern, whether we like it or 954 00:53:23,080 --> 00:53:25,000 not. They're always enacted in some 955 00:53:25,000 --> 00:53:28,520 sort of way that you can identify patterns on it, unless 956 00:53:28,520 --> 00:53:30,840 you have an spaghetti of things, which can happen at the 957 00:53:30,840 --> 00:53:33,840 enterprise table, but that is one thing, right? 958 00:53:33,840 --> 00:53:38,320 And then the second piece, users, like humans, usually need 959 00:53:38,320 --> 00:53:41,920 their privilege, their privileges when you're acting on 960 00:53:41,920 --> 00:53:45,360 a change, right? If you're not changing anything, 961 00:53:45,640 --> 00:53:49,440 you don't need those privileges. You just need, I mean, to act as 962 00:53:49,440 --> 00:53:52,800 a regular user when you're acting as a privileged user all 963 00:53:52,800 --> 00:53:57,080 the time. It's the best way for anybody to 964 00:53:57,080 --> 00:54:02,320 hide under that noise. So at some point in time, if 965 00:54:02,320 --> 00:54:05,640 anybody uses that privileged account in a malicious way, 966 00:54:05,640 --> 00:54:10,000 whether it's an internal person or someone else, you'll find 967 00:54:10,000 --> 00:54:16,920 out, I mean days, months, years in advance and you'll never know 968 00:54:16,920 --> 00:54:20,400 why, right? So that is, that is the key 969 00:54:20,400 --> 00:54:23,160 piece of everything. That's just, there's no need. 970 00:54:23,560 --> 00:54:27,960 And if there's no need and you don't restrict it, then you're 971 00:54:27,960 --> 00:54:30,440 just going to allow someone to hide themselves in the noise. 972 00:54:30,560 --> 00:54:34,040 And, and the last piece, I would say go back to the change 973 00:54:34,040 --> 00:54:38,680 management comment. I mean, the biggest issues that 974 00:54:38,680 --> 00:54:42,840 we have seen in large scale technologies nowadays is because 975 00:54:42,920 --> 00:54:47,000 people implementing changes without really understanding the 976 00:54:47,000 --> 00:54:48,680 type of privileges that they had. 977 00:54:48,840 --> 00:54:53,360 And the change that they did was so impactful that they couldn't 978 00:54:53,640 --> 00:54:56,720 come back to, I guess, a stable state, right. 979 00:54:56,720 --> 00:55:00,920 So even if it's from an operations point of view, remove 980 00:55:00,920 --> 00:55:07,880 the cybersecurity component and then just go into CIO view, you 981 00:55:07,880 --> 00:55:12,200 cannot be doing changes without a real analysis of what the 982 00:55:12,200 --> 00:55:14,200 change is going to be with a privileged account. 983 00:55:14,200 --> 00:55:17,640 So that that would be my my immediate reaction to that. 984 00:55:18,080 --> 00:55:21,400 Yeah, and that, you know, I, I've always thought of it as 985 00:55:21,400 --> 00:55:23,880 like, if you're not an administrator, if you don't have 986 00:55:23,880 --> 00:55:29,000 the ability to install software, you get that attachment that 987 00:55:29,000 --> 00:55:33,040 looks like a doc, but it's really an EXE and good to 988 00:55:33,040 --> 00:55:34,760 install it. Your computer's going to stop 989 00:55:34,760 --> 00:55:38,880 you, and probably that was some sort of malware or spyware or 990 00:55:38,880 --> 00:55:41,240 something. So taking away that admin 991 00:55:41,240 --> 00:55:45,720 privilege stops them from putting the worm on the network 992 00:55:45,720 --> 00:55:50,600 in the kind of the old context, or doing a keystroke log or 993 00:55:50,600 --> 00:55:52,440 something like that. Yeah, like you guys are 994 00:55:52,440 --> 00:55:53,880 forgetting something very important here. 995 00:55:54,600 --> 00:55:57,160 What if? What if I need that access? 996 00:55:57,240 --> 00:56:00,160 Yeah, exactly. And well, and then and then as. 997 00:56:00,240 --> 00:56:04,360 Argue with that. Yeah, well and then as IT people 998 00:56:04,360 --> 00:56:06,800 you don't want to be dealing with the hey, can you give me 999 00:56:06,800 --> 00:56:09,640 this access and then someone that is not in a good mood just 1000 00:56:09,640 --> 00:56:10,880 I mean delaying the access, right. 1001 00:56:10,880 --> 00:56:13,080 But I agree with that. The what if is the challenge. 1002 00:56:13,640 --> 00:56:16,440 And the last piece I would say because you asked for three 1003 00:56:16,440 --> 00:56:19,920 things, right. And the last thing is you need 1004 00:56:20,440 --> 00:56:24,960 to redefine what privilege is in your organization. 1005 00:56:25,120 --> 00:56:29,440 So you you made a really good point, Jim, which is if I need 1006 00:56:29,440 --> 00:56:32,800 that, if I don't have admin privileges, then you cannot do 1007 00:56:34,200 --> 00:56:37,560 XI think one of the main failures in cybersecurity is 1008 00:56:37,560 --> 00:56:40,840 that everybody thinks that privilege is just admin 1009 00:56:40,840 --> 00:56:43,720 privilege. And in many cases, you have a 1010 00:56:43,720 --> 00:56:47,600 lot of privileges in your organization that require the 1011 00:56:47,600 --> 00:56:52,920 same type of the scooting or more than an administrator. 1012 00:56:53,440 --> 00:56:56,760 And we, because cybersecurity doesn't understand the business 1013 00:56:56,760 --> 00:57:01,520 well or the processes of the business, we decide that the 1014 00:57:01,520 --> 00:57:05,480 only thing that we shouldn't can protect is the administrators 1015 00:57:05,600 --> 00:57:09,480 and not maybe other roles that might be way more concerning to 1016 00:57:09,480 --> 00:57:12,000 the business than just your administrator in IT. 1017 00:57:12,960 --> 00:57:15,320 So that's that's the last thing that I would say that they they 1018 00:57:15,320 --> 00:57:17,840 should be focusing on, which are not easy, but those are the 1019 00:57:17,840 --> 00:57:20,760 things that I would immediately focus on if I was on the other 1020 00:57:20,760 --> 00:57:22,640 side, I would say. Well, the definition of 1021 00:57:22,640 --> 00:57:25,120 privilege is something that I, you know, bring it comes up 1022 00:57:25,120 --> 00:57:28,080 quite a bit, I think in my day job is how do you define that? 1023 00:57:28,080 --> 00:57:31,240 Because I think a lot of people just assume when they hear 1024 00:57:31,240 --> 00:57:33,880 privileged access management, they think of things like, you 1025 00:57:33,880 --> 00:57:37,200 know, domain admin, cloud admin, right, all the sort of built in 1026 00:57:37,200 --> 00:57:40,600 rules. But there are a host of admin 1027 00:57:40,600 --> 00:57:43,640 type privileges that exist within every application out 1028 00:57:43,640 --> 00:57:45,880 there, including your social media apps. 1029 00:57:46,000 --> 00:57:49,680 You know who can go on LinkedIn and post something that maybe 1030 00:57:49,680 --> 00:57:51,120 your company doesn't want posted? 1031 00:57:51,480 --> 00:57:54,160 Absolutely. Or Facebook or Twitter or you 1032 00:57:54,160 --> 00:57:56,320 know, whatever, whatever it's called now X, you know, you 1033 00:57:56,360 --> 00:57:58,800 know, blue Sky or Mastodon or whatever it is. 1034 00:57:58,800 --> 00:58:02,920 Like I would argue that social media should be part of the 1035 00:58:02,920 --> 00:58:06,600 definition of privileged access management, Maybe not managed 1036 00:58:06,600 --> 00:58:09,480 specifically, but at least from a policy standpoint, how are we 1037 00:58:09,480 --> 00:58:10,760 governing these? Accounts, I can see that, 1038 00:58:10,760 --> 00:58:12,680 especially if you're a public company, right? 1039 00:58:12,680 --> 00:58:15,560 Because if you're a public company and someone in social 1040 00:58:15,560 --> 00:58:19,960 media, someone that owns social media publishes something, I 1041 00:58:19,960 --> 00:58:23,600 mean, they can actually manage to hit your stock in a negative 1042 00:58:23,600 --> 00:58:26,120 or positive way in some sort of way, right? 1043 00:58:26,120 --> 00:58:28,600 So I think, I think you have to distinguish obviously between 1044 00:58:28,600 --> 00:58:31,160 the type of company and the size of the company. 1045 00:58:31,160 --> 00:58:33,520 But I I would agree with that comment for sure. 1046 00:58:33,960 --> 00:58:36,400 Yeah, everyone has to be protective of their public 1047 00:58:36,400 --> 00:58:40,280 persona, and there's no quicker way to to destroy that than to 1048 00:58:40,280 --> 00:58:42,440 post something on, you know, a social channel that shouldn't 1049 00:58:42,440 --> 00:58:44,000 be. There and that that that's 1050 00:58:44,000 --> 00:58:46,400 actually a fun story. So one of the things that we 1051 00:58:46,680 --> 00:58:51,560 find most of the time, I mean, I would say probably 40% of the 1052 00:58:51,560 --> 00:58:54,160 time in the, in the places that we visit and, and we know this 1053 00:58:54,160 --> 00:58:58,080 type of offensive security analysis is we do find a lot of 1054 00:58:59,800 --> 00:59:03,400 SharePoint sites or OneDrive with just usernames and 1055 00:59:03,400 --> 00:59:07,520 passwords, right? Which tells you that there's a 1056 00:59:07,520 --> 00:59:12,320 need for some sort of a Pam and there's a user there that 1057 00:59:12,320 --> 00:59:15,440 doesn't know what to do. And I mean they're not being 1058 00:59:15,440 --> 00:59:20,400 enabled in some sort of way, but the by the IT department to 1059 00:59:20,400 --> 00:59:22,120 manage their credentials correctly. 1060 00:59:22,600 --> 00:59:25,240 I'm sure every Cecil listening to this just kind of cringed. 1061 00:59:25,400 --> 00:59:27,880 Oh, they're going to love me. Like it's just like these guys. 1062 00:59:27,880 --> 00:59:31,480 It's just. All right, we're coming up on an 1063 00:59:31,480 --> 00:59:32,440 hour here. David. 1064 00:59:32,440 --> 00:59:34,120 I feel like there's so much to unpack. 1065 00:59:34,120 --> 00:59:36,680 Read the report, it's great. And then read my follow up, 1066 00:59:36,680 --> 00:59:38,720 which will also be great. I'll just show that as well. 1067 00:59:38,720 --> 00:59:40,080 There'll be links in our show notes. 1068 00:59:40,080 --> 00:59:41,680 There'll be links kind of everywhere for it. 1069 00:59:42,560 --> 00:59:44,200 We like to end our shows in a later note. 1070 00:59:44,360 --> 00:59:47,280 And one of the things that you do in your spare time that you 1071 00:59:47,280 --> 00:59:51,800 shared with us is you play soccer and you know, other 1072 00:59:51,880 --> 00:59:54,480 family type sports. I don't know if we have time to 1073 00:59:54,480 --> 00:59:56,960 touch on everything, but tell me a little bit about your soccer 1074 00:59:56,960 --> 00:59:59,480 because I thought it was kind of interesting that did I hear you 1075 00:59:59,480 --> 01:00:02,960 correctly or that you play you used to play like semi pro or at 1076 01:00:02,960 --> 01:00:05,760 least approaching pro. Semi pro, I was approaching pro 1077 01:00:05,760 --> 01:00:09,400 level and at some point I stopped because I didn't want to 1078 01:00:09,400 --> 01:00:12,200 risk it on my knees to, I mean, basically make my money. 1079 01:00:13,440 --> 01:00:16,280 But yeah, at some point and I was really competitive for a 1080 01:00:16,280 --> 01:00:20,400 very long time. And now I play, which is the, 1081 01:00:20,480 --> 01:00:26,400 the, the joke of the house in the house is now I play over 40s 1082 01:00:27,840 --> 01:00:31,800 on Tuesdays and then I play soccer on Saturdays with my kids 1083 01:00:32,120 --> 01:00:39,040 parents class parents, right? And I mean my son every time 1084 01:00:39,040 --> 01:00:42,800 that goes and just goes and watch and watches me how I'm 1085 01:00:42,800 --> 01:00:45,040 playing, he's, he's always telling me, man, it's just like 1086 01:00:45,040 --> 01:00:48,480 you're playing in a slow motion. You're totally washed. 1087 01:00:48,520 --> 01:00:51,960 You cannot do what you used to do before because he, he knew me 1088 01:00:51,960 --> 01:00:54,560 when I was better, I think. And now I'm not that good. 1089 01:00:55,240 --> 01:00:58,240 So that's one of the things that, yeah, I I do on my free 1090 01:00:58,240 --> 01:01:01,640 time, but I don't know how much time I can still do it. 1091 01:01:01,720 --> 01:01:06,200 I guess we'll see. So what position does a washed 1092 01:01:06,200 --> 01:01:07,880 player like yourself play these days? 1093 01:01:09,480 --> 01:01:12,240 Offense, you know, you kind of roaming midfield like where you. 1094 01:01:12,240 --> 01:01:15,960 At So I stopped playing on Sunday's league because that was 1095 01:01:16,520 --> 01:01:22,400 involving the 20 year olds and I was, I mean, basically on the 1096 01:01:22,400 --> 01:01:28,360 different side, basically on, on the left side defense. 1097 01:01:29,000 --> 01:01:31,640 On the other teams. I still can't play midfield or 1098 01:01:31,640 --> 01:01:34,880 forward and I'm, I'm doing pretty well. 1099 01:01:34,880 --> 01:01:37,360 Like I can run, I can do all these other things, but when I 1100 01:01:37,360 --> 01:01:40,240 play against the 20 year old guys, I'm the guy that is just 1101 01:01:40,240 --> 01:01:44,520 kicking and I mean trying to survive for 20 minutes because 1102 01:01:45,080 --> 01:01:47,240 it's not to shave anymore. The other thing that happened to 1103 01:01:47,240 --> 01:01:51,880 me, I mean, I'm you cannot tell, but I'm not a tall guy or really 1104 01:01:51,880 --> 01:01:56,000 strong person either compared to the average American, I would 1105 01:01:56,000 --> 01:02:01,640 say. And I used to play soccer in 1106 01:02:01,640 --> 01:02:05,800 Latin America where you could be playing really hard and strong 1107 01:02:05,800 --> 01:02:08,960 and, and you'll feel strong because most people are the same 1108 01:02:08,960 --> 01:02:12,840 size as you are. Then I came into the US, started 1109 01:02:12,840 --> 01:02:16,600 playing and it was just like it was day and night like I used 1110 01:02:16,600 --> 01:02:18,640 to. Like I used to go in and class 1111 01:02:18,640 --> 01:02:20,720 with people. Like I felt that I could do it 1112 01:02:20,720 --> 01:02:22,920 and I felt in the best shape of my life. 1113 01:02:23,720 --> 01:02:27,120 And then I would go clash with all these people and it was just 1114 01:02:27,120 --> 01:02:30,520 like running into a wall. And I remember like the first 1115 01:02:30,800 --> 01:02:32,840 two years that I was playing soccer here in Houston is still 1116 01:02:32,840 --> 01:02:36,280 pretty competitive. My wife, my wife would tell me 1117 01:02:36,320 --> 01:02:37,840 what the hell is going on with you? 1118 01:02:37,880 --> 01:02:41,720 Because I would wake up the next day and it would have been like 1119 01:02:41,720 --> 01:02:44,720 I have taken a beat from someone, right? 1120 01:02:44,720 --> 01:02:47,880 Like I couldn't walk. Like I had bruises all over the 1121 01:02:48,200 --> 01:02:50,560 place. So basically that made me change 1122 01:02:50,560 --> 01:02:56,080 my style of, of flame and now I'm less, I don't talk trash 1123 01:02:56,080 --> 01:02:59,520 that much anymore. And then I, I don't crash into 1124 01:02:59,520 --> 01:03:02,080 failures anymore. But yeah, for sure, soccer is 1125 01:03:02,080 --> 01:03:05,560 something that I, I love to do and I'll play until I, I can, I 1126 01:03:05,680 --> 01:03:08,320 guess. So I'll share a soccer story. 1127 01:03:08,320 --> 01:03:11,520 I used to play in high school and so I played right fullback, 1128 01:03:11,520 --> 01:03:15,440 which is defender for us. And I'm not a tall person 1129 01:03:15,440 --> 01:03:17,120 either. You know, I, I stand up very 1130 01:03:17,120 --> 01:03:20,600 proud 5-6. Now imagine me in high school 1131 01:03:20,640 --> 01:03:23,520 and like middle school where, you know, definitely I've been 1132 01:03:23,520 --> 01:03:26,360 approaching that. And so, you know, I was, I would 1133 01:03:26,360 --> 01:03:27,800 say I was pretty good for high school. 1134 01:03:28,080 --> 01:03:29,920 Well, you know, never going to go to like school for anything 1135 01:03:29,920 --> 01:03:31,200 like that, but I was good enough. 1136 01:03:31,760 --> 01:03:36,440 And you know, here is this short little, you know, Jeff Wright 1137 01:03:36,440 --> 01:03:40,320 fullback playing for this team and we were pretty good and we 1138 01:03:40,320 --> 01:03:42,760 played what was it I want to say? 1139 01:03:42,760 --> 01:03:44,320 And this is for my my folks in Illinois. 1140 01:03:44,320 --> 01:03:49,040 I think we played a school in Schaumburg, IL and they showed 1141 01:03:49,040 --> 01:03:54,720 up to the to our field and they were all men who showed up for 1142 01:03:54,720 --> 01:03:58,440 this like 9th grade, you know, high school game. 1143 01:03:58,440 --> 01:04:02,280 And they were all like 6-2 towering above. 1144 01:04:02,760 --> 01:04:05,920 And I remember when to that game and, and we won, we beat them 1145 01:04:05,920 --> 01:04:10,360 because we were a good team. But my dad was watching and he 1146 01:04:10,360 --> 01:04:16,120 described me as a gnat on the leg of this horse of a forward 1147 01:04:16,120 --> 01:04:20,320 that was coming down to my side. And I, I locked that kid down, 1148 01:04:20,320 --> 01:04:22,080 you know, like he couldn't get past me. 1149 01:04:22,080 --> 01:04:24,400 I was good. And he got so frustrated that 1150 01:04:24,400 --> 01:04:27,240 he, like, you know, got a yellow card on me by like shoving me or 1151 01:04:27,240 --> 01:04:30,760 whatever. But you know, power toll is all 1152 01:04:30,760 --> 01:04:32,440 the short kings, David. I know. 1153 01:04:32,800 --> 01:04:35,000 And that's the thing. Like, I mean, for for me soccer, 1154 01:04:35,000 --> 01:04:36,280 that's the beauty of soccer, right? 1155 01:04:36,280 --> 01:04:40,320 Like, I mean, you can be not as strong as the other players, but 1156 01:04:40,320 --> 01:04:43,920 you can still win. And it's a team sport and it's 1157 01:04:44,720 --> 01:04:47,720 AI think a really mental sport. People misses that a lot. 1158 01:04:47,720 --> 01:04:51,400 And we used to have this saying in Mexico when when I used to 1159 01:04:51,400 --> 01:04:53,760 play soccer and there was a bigger team, like our coach 1160 01:04:53,800 --> 01:04:56,040 would tell us. I mean, it doesn't matter if 1161 01:04:56,040 --> 01:04:57,640 they're big or not, you're not going to carry them. 1162 01:04:57,640 --> 01:04:58,720 You're just going to score on them. 1163 01:04:58,960 --> 01:05:00,480 It's like that is a true statement. 1164 01:05:00,480 --> 01:05:02,600 Like you don't carry them. Like I don't have to fight you. 1165 01:05:02,640 --> 01:05:04,560 I would just have to score on you. 1166 01:05:04,560 --> 01:05:06,880 So anyhow, you know. All right, let me ask you one 1167 01:05:06,880 --> 01:05:10,240 last question. That's trash talk, something 1168 01:05:10,240 --> 01:05:14,480 that either you've received or given out that someone listening 1169 01:05:14,480 --> 01:05:16,600 to this, maybe me, maybe Jim, I'm going to ask you the same 1170 01:05:16,600 --> 01:05:19,360 question here a little bit. But what's a good like trash 1171 01:05:19,360 --> 01:05:21,920 talk that you were like? I'm pretty proud of that one. 1172 01:05:21,920 --> 01:05:27,240 That was a good one, either given to you or you've dished 1173 01:05:27,240 --> 01:05:29,800 out to somebody else. So the, I mean, the one that I 1174 01:05:29,800 --> 01:05:32,400 remember that's given me in my head right now is the one that 1175 01:05:32,400 --> 01:05:37,120 my son applied to me just recently, to be honest, like I 1176 01:05:37,160 --> 01:05:38,760 mean it. Hurts because it came from 1177 01:05:38,760 --> 01:05:41,720 inside the house. Yeah, I mean whiff, slipping 1178 01:05:41,720 --> 01:05:44,920 phone, I mean almost every weekend. 1179 01:05:44,920 --> 01:05:49,240 And then he, he's usually getting, he's getting pretty 1180 01:05:49,240 --> 01:05:52,120 good at it. And at some point when he's 1181 01:05:52,120 --> 01:05:54,800 getting really good and he's winning point after point after 1182 01:05:54,800 --> 01:05:57,560 point, he starts saying, Oh, I'm knocked in, I'm knocked in. 1183 01:05:57,560 --> 01:05:59,400 I'm going to get you, I'm going to get you. 1184 01:06:00,040 --> 01:06:02,560 And then at some point with the last time that he, I mean, he 1185 01:06:02,560 --> 01:06:04,080 continued to build up on that, right? 1186 01:06:04,080 --> 01:06:05,920 Like he said he was like, oh, I'm locked in. 1187 01:06:05,920 --> 01:06:07,600 I'm locked in. And I was like, I'm starting, I 1188 01:06:07,600 --> 01:06:09,320 was starting to get pissed off from myself. 1189 01:06:09,320 --> 01:06:11,520 Like what is going on? Like, why is this guy just start 1190 01:06:12,040 --> 01:06:14,280 talking trials? And then he actually won. 1191 01:06:14,480 --> 01:06:21,120 And, and when he finished the, the, the, the game, he just put 1192 01:06:21,120 --> 01:06:24,720 his paddle on the table and he was like, I owned you. 1193 01:06:24,840 --> 01:06:28,520 It was like, Oh my God. And like, that means so many 1194 01:06:28,520 --> 01:06:31,920 things for me, right? Because even going from a 1195 01:06:31,920 --> 01:06:36,560 cybersecurity perspective is like, anyhow, that is probably 1196 01:06:36,560 --> 01:06:40,200 the better one that that has been applied to me daily. 1197 01:06:40,800 --> 01:06:42,360 And he always tells me that I'm washed. 1198 01:06:42,440 --> 01:06:45,400 So those are the two things that I'm just like, but I just live 1199 01:06:45,400 --> 01:06:47,920 with it now. I don't think I, I, I, I get 1200 01:06:47,920 --> 01:06:49,120 that often. I just laugh. 1201 01:06:50,080 --> 01:06:51,640 Then he sets him upstairs to do his homework. 1202 01:06:52,440 --> 01:06:56,400 Yeah, yeah, go work, whatever. And then his mom would do the 1203 01:06:56,400 --> 01:07:00,080 same to me. So she just all across the 1204 01:07:00,080 --> 01:07:03,000 family that runs in. So what about you guys? 1205 01:07:03,840 --> 01:07:07,640 Jimmy got good trash talk. You know, I I'm a little old 1206 01:07:07,640 --> 01:07:11,400 school Jeff, which I'm sure you had no no clue of that. 1207 01:07:12,600 --> 01:07:16,080 But here's the trash talk. I think it works if you can, if 1208 01:07:16,080 --> 01:07:19,400 it's actually true and it works in every sport, which is 1209 01:07:19,400 --> 01:07:22,360 scoreboard. You know, one thing I can't 1210 01:07:22,360 --> 01:07:26,760 stand is like a team is down 5 touchdowns or five scores or 1211 01:07:27,360 --> 01:07:30,600 whatever sport you're playing and they're in the end zone 1212 01:07:30,600 --> 01:07:33,080 dancing because they got a sack or something. 1213 01:07:33,080 --> 01:07:38,200 It's like scoreboard, dude. That's all they're that's all 1214 01:07:38,200 --> 01:07:40,520 you have to say. Yeah, my favorite is when the 1215 01:07:40,520 --> 01:07:42,640 wide receiver gets up, they've got a first down and a 1216 01:07:42,640 --> 01:07:45,600 meaningless drive at the end of the game, and it's like, OK, 1217 01:07:45,600 --> 01:07:46,880 dude. Like yeah, scoreboard. 1218 01:07:47,160 --> 01:07:49,520 Get over. It you know, my first down 1219 01:07:49,520 --> 01:07:53,840 signal like whoa, yeah, I caught a 11 yard pass and we're losing 1220 01:07:53,840 --> 01:07:56,360 40 to nothing. Unless that catch got you like 1221 01:07:56,360 --> 01:07:58,240 $100,000 bonus, go back to the huddle. 1222 01:07:58,800 --> 01:08:01,480 Yeah, right. You know, my favorite trash talk 1223 01:08:01,480 --> 01:08:04,880 that I always like to do was I played a lot of basketball and I 1224 01:08:04,880 --> 01:08:06,960 was, I was pretty good back in the day. 1225 01:08:06,960 --> 01:08:08,920 You know, Spike being short and all that stuff. 1226 01:08:09,160 --> 01:08:11,600 I could shoot dribble Dr. you know, it's kind of a point 1227 01:08:11,600 --> 01:08:14,200 guard. And I would call my shots 1228 01:08:14,320 --> 01:08:17,040 against all my tall friends. Oh, nice. 1229 01:08:17,040 --> 01:08:19,240 And they're all, you know, 6 feet plus. 1230 01:08:19,240 --> 01:08:22,880 And, you know, in the in the words of your son, David, I 1231 01:08:22,880 --> 01:08:25,279 owned them. It was my court. 1232 01:08:25,359 --> 01:08:29,000 And I would call the shot that I would do in the game very much 1233 01:08:29,000 --> 01:08:33,080 like Larry Bird used to do Nice. Now I have I am. 1234 01:08:33,319 --> 01:08:36,080 Those days have long passed me by SO. 1235 01:08:36,319 --> 01:08:39,960 They don't ask you. What were they going to do? 1236 01:08:40,040 --> 01:08:42,560 I was going to, I, I would score. 1237 01:08:42,560 --> 01:08:44,760 It will. Let me just put it that way. 1238 01:08:45,040 --> 01:08:47,680 Yeah. So that was my trash talking 1239 01:08:47,680 --> 01:08:50,160 was, you know, OK, here's what I'm going to do. 1240 01:08:50,640 --> 01:08:53,200 And every once in a while, we would lower the rims in my 1241 01:08:53,200 --> 01:08:55,520 backyard because I had a basketball hoop in my backyard. 1242 01:08:55,520 --> 01:08:58,880 And we'd lower it down to like 9 feet and I could dunk on 9 feet 1243 01:09:00,200 --> 01:09:02,640 and I would call the shot. And I remember one of my 1244 01:09:02,640 --> 01:09:05,000 friends, you know, shout out, shout out to Chad out there. 1245 01:09:05,800 --> 01:09:09,359 I've known since 8th grade. I told him that I was going to 1246 01:09:09,359 --> 01:09:11,240 bounce the ball off his head and dunk it. 1247 01:09:11,800 --> 01:09:13,920 No. And I did. 1248 01:09:13,920 --> 01:09:17,120 Oh my God. I wish it was a. 1249 01:09:17,200 --> 01:09:19,200 Video for that. Well, I'm I'm glad there wasn't 1250 01:09:19,200 --> 01:09:21,399 because there was probably a whole bunch of language that 1251 01:09:21,399 --> 01:09:23,359 probably would not make it safe to error these days. 1252 01:09:23,359 --> 01:09:28,000 But that was my thing was, you know, that was my safe place was 1253 01:09:28,000 --> 01:09:31,760 the basketball court. And this is this was my house, 1254 01:09:32,439 --> 01:09:34,600 and I was going to tell you how it was going to run. 1255 01:09:34,920 --> 01:09:37,000 That's really cool. I didn't know that you played 1256 01:09:37,080 --> 01:09:37,920 basketball. So that's. 1257 01:09:37,920 --> 01:09:40,120 Very, very long time ago. Don't ask me to do it now. 1258 01:09:40,359 --> 01:09:43,680 But you should see Jeff's calves or like they're jumping calves. 1259 01:09:44,399 --> 01:09:46,200 Yeah, I used to be in the backyard. 1260 01:09:47,040 --> 01:09:48,800 Yeah. It was, you know, it was, it was 1261 01:09:48,800 --> 01:09:50,680 my thing. That was just bat and soccer. 1262 01:09:50,800 --> 01:09:54,760 So OK, we're in a like an hour and 10 minutes and we just spent 1263 01:09:54,760 --> 01:09:57,240 10 minutes trash talking and talking about soccer and 1264 01:09:57,240 --> 01:10:00,040 basketball. But go to the website, go to our 1265 01:10:00,040 --> 01:10:01,760 show notes. You know, we'll have a link to 1266 01:10:01,760 --> 01:10:05,600 the the attack vectors report. David, thank you so much for 1267 01:10:05,600 --> 01:10:09,360 joining with us and sharing your wisdom and, you know, putting us 1268 01:10:09,360 --> 01:10:10,760 report. You know, I think it's, it's one 1269 01:10:10,760 --> 01:10:12,480 of the things that we want to get more involved with. 1270 01:10:12,480 --> 01:10:15,320 I think you know from the podcast perspective is when we 1271 01:10:15,320 --> 01:10:18,800 have these types of information to share, do it in a way that is 1272 01:10:19,560 --> 01:10:21,280 as free from commercial as possible. 1273 01:10:21,320 --> 01:10:24,320 So it is coming from our. Company, this was fun. 1274 01:10:24,480 --> 01:10:25,640 Thanks so much. Really appreciate it. 1275 01:10:25,680 --> 01:10:27,760 So I'm gonna have a link in our show notes to your LinkedIn 1276 01:10:28,000 --> 01:10:30,360 profile so people can reach out whether it's, you know, 1277 01:10:30,760 --> 01:10:32,920 something about the attack factors report or maybe a really 1278 01:10:32,920 --> 01:10:35,280 good trash talk that you'd like to share and we'll. 1279 01:10:35,920 --> 01:10:38,680 Go. Ahead and leave it there for 1280 01:10:38,680 --> 01:10:41,320 this week. You can find us on the web, IDC, 1281 01:10:41,320 --> 01:10:44,320 podcast.com. Like subscribe, share with a 1282 01:10:44,320 --> 01:10:46,440 friend, share with an enemy. Doesn't matter as long as people 1283 01:10:46,440 --> 01:10:48,200 are listening, that's all it matters to us. 1284 01:10:48,800 --> 01:10:52,760 And yeah, thanks everyone for watching and or listening and 1285 01:10:52,760 --> 01:10:54,160 we'll catch you with you all in the next one. 1286 01:10:56,440 --> 01:10:59,480 You've been listening to Identity at the Center. 1287 01:10:59,840 --> 01:11:03,920 We hope you've enjoyed the show. Make sure to like, rate and 1288 01:11:03,920 --> 01:11:07,560 review, and we'll be back soon. But in the meantime, hit the 1289 01:11:07,560 --> 01:11:10,960 website at identity@thecenter.com. 1290 01:11:11,560 --> 01:11:15,680 See you next time on Identity at the Center.