1 00:00:00,120 --> 00:00:03,600 So when I talk to somebody that has no idea what I do, depending 2 00:00:03,600 --> 00:00:06,960 on the conversation, I've, you know, I'll say I help keep my 3 00:00:06,960 --> 00:00:09,720 clients out of the news, right, because that's part of our job 4 00:00:09,720 --> 00:00:13,080 as identity security practitioners is helping 5 00:00:13,080 --> 00:00:16,640 mitigate data breaches. So we do a lot of that. 6 00:00:16,640 --> 00:00:19,840 But ultimately, I find when we're working with clients, more 7 00:00:20,160 --> 00:00:23,280 of the time than not, what we're doing is connecting different 8 00:00:23,280 --> 00:00:25,960 pieces of the organization that may not have even spoken to each 9 00:00:25,960 --> 00:00:31,000 other before to understand how they view access, how they view 10 00:00:31,000 --> 00:00:34,400 the different audiences and the personas in their organization 11 00:00:34,760 --> 00:00:38,680 to be able to try to put some level of control and security 12 00:00:38,680 --> 00:00:47,720 around that. This is identity at the center. 13 00:00:48,280 --> 00:00:53,960 If it has anything to do with IAM, this is the go to podcast 14 00:00:54,440 --> 00:00:58,600 now your hosts Jim McDonald and Jeff Stedman. 15 00:01:04,640 --> 00:01:06,360 Welcome to the Identity at the Center podcast. 16 00:01:06,360 --> 00:01:08,080 I'm Jeff and that's Jim. Hey, Jim. 17 00:01:08,640 --> 00:01:09,720 Hey, Jeff. How are you? 18 00:01:09,720 --> 00:01:11,160 Oh. Not so bad yourself. 19 00:01:12,040 --> 00:01:13,360 Good. I've been looking forward to 20 00:01:13,360 --> 00:01:16,240 this episode for a while because we've got a special guest, 21 00:01:16,240 --> 00:01:22,000 somebody I've known and worked with for roughly 8-9 years. 22 00:01:22,320 --> 00:01:28,000 And the the funny part was we did a YouTube video together as 23 00:01:28,000 --> 00:01:31,560 kind of like a a panel of folks from the company we worked 24 00:01:31,560 --> 00:01:33,440 together at, which was identropy. 25 00:01:33,760 --> 00:01:38,200 Eventually you joined identropy, but it was me and Chad and Mike 26 00:01:38,200 --> 00:01:41,200 Woodburn and Wayne Cecil and Mario Dusai. 27 00:01:41,600 --> 00:01:45,800 And one thing I noticed was that I looked like I was about mid 28 00:01:45,800 --> 00:01:50,600 30s and Chad looked like he was about maybe 20. 29 00:01:52,840 --> 00:01:56,520 So you know it was it was just so funny looking back on that. 30 00:01:56,520 --> 00:02:00,600 And I came to the realization that from 40 to 50 is when you 31 00:02:00,600 --> 00:02:03,920 age the most. Yeah, the the accelerator gets 32 00:02:03,920 --> 00:02:06,840 pressed. The ramp becomes suddenly just 33 00:02:06,840 --> 00:02:08,880 kind of takes off. Now you're like this grizzled 34 00:02:08,880 --> 00:02:11,160 mountain man. You've got like this big beard 35 00:02:11,160 --> 00:02:14,200 and you know, you got the long flowing hair and you know, the 36 00:02:14,200 --> 00:02:17,200 swole jock physique. That's a far cry from the 37 00:02:17,200 --> 00:02:21,600 original Jimmy Mac I am. Yeah, I was lean and mean. 38 00:02:21,600 --> 00:02:27,600 I had a little goatee, a short haircut, so definitely change of 39 00:02:27,600 --> 00:02:29,840 style. I was more of a runner back 40 00:02:29,840 --> 00:02:31,960 then. Now I'm more of, like you said, 41 00:02:31,960 --> 00:02:34,480 a mountain man. But I do think that the beard 42 00:02:34,480 --> 00:02:39,040 probably ages me a little bit. But I don't know I'm comfortable 43 00:02:39,040 --> 00:02:41,120 with it. Now it looks good and you 44 00:02:41,120 --> 00:02:43,720 mentioned that video. I actually watched that video 45 00:02:44,040 --> 00:02:47,440 before I interviewed with identropy, just to know what I 46 00:02:47,480 --> 00:02:50,000 what was I getting myself into? Who are these characters? 47 00:02:50,000 --> 00:02:52,160 And I was like, OK, these guys know what they're talking about. 48 00:02:52,160 --> 00:02:54,320 It's like, all right, let's, let's do, let's, you know, let's 49 00:02:54,320 --> 00:02:55,280 give it a shot. So. 50 00:02:55,360 --> 00:02:57,560 And you still took the job, the funny. 51 00:02:57,960 --> 00:03:01,240 The funny thing was I was, I think it was you asked me on a 52 00:03:01,240 --> 00:03:04,600 previous episode, like, you know, you've been doing this for 53 00:03:04,600 --> 00:03:07,080 12 years. Do you feel like you're much 54 00:03:07,080 --> 00:03:09,680 better at the job than you were 12 years ago? 55 00:03:10,200 --> 00:03:14,400 And I said absolutely yes. I mean, I do stand by that, but 56 00:03:14,400 --> 00:03:18,200 I think the advice that, you know, at least what I said 57 00:03:18,200 --> 00:03:21,760 during the panel was good advice. 58 00:03:22,120 --> 00:03:25,200 I do think though the interesting part was it's like 59 00:03:25,200 --> 00:03:30,360 the assumption was everybody was doing their IEM on Prem or not 60 00:03:30,360 --> 00:03:33,360 in the cloud, right, Because I mean eight years ago is how the 61 00:03:33,360 --> 00:03:37,320 video was. I mean, you know, doing cloud 62 00:03:37,320 --> 00:03:41,160 IEM was, you know, a novel concept at that point. 63 00:03:41,480 --> 00:03:44,160 Very cutting edge of you to be in that area. 64 00:03:44,160 --> 00:03:49,560 But yeah, didn't scare me away. I knew some of the faces and you 65 00:03:49,640 --> 00:03:51,000 know, today's kind of special episode. 66 00:03:51,000 --> 00:03:52,920 I think we've been looking forward to this one for a while. 67 00:03:52,960 --> 00:03:56,320 We're featuring the company that we all work for for the first 68 00:03:56,320 --> 00:03:57,640 time ever, I think, on this show. 69 00:03:58,040 --> 00:04:00,120 So today is a sponsor spotlight episode. 70 00:04:00,400 --> 00:04:05,720 We are the RSMUSLLP Identity and Access Management or Digital 71 00:04:05,720 --> 00:04:08,360 Identity Team. If you don't know who RSM is, 72 00:04:08,840 --> 00:04:11,680 we're here to tell you about it. Don't be afraid because I wasn't 73 00:04:11,680 --> 00:04:13,960 either when they called me. So I was like, all right, who 74 00:04:13,960 --> 00:04:17,040 the heck are these people? And you know, this group here 75 00:04:17,040 --> 00:04:18,600 and others have. We've been building up a really 76 00:04:18,600 --> 00:04:21,360 strong team. So today's episode again, fully 77 00:04:21,360 --> 00:04:23,640 sponsored. We have our guest today, Mr. 78 00:04:23,640 --> 00:04:25,520 Chad Wolcott. He's the Managing Director at 79 00:04:25,520 --> 00:04:27,880 RSM. Welcome to the show, Chad. 80 00:04:29,160 --> 00:04:30,680 Thanks guys. Thanks for having me. 81 00:04:30,760 --> 00:04:32,720 This is by far the highlight of my career. 82 00:04:33,520 --> 00:04:36,960 So undoubtedly and you've been in this space for a long time, 83 00:04:37,400 --> 00:04:39,320 you and I have known each other for a very long time, was a 84 00:04:39,320 --> 00:04:42,920 former customer of yours. That's how far back we go and 85 00:04:42,920 --> 00:04:45,200 the three of us were identropy and and now we're putting a band 86 00:04:45,200 --> 00:04:49,280 back together at RSM. So very exciting times ahead. 87 00:04:49,280 --> 00:04:52,760 But before we get too far along the way, let's talk a little bit 88 00:04:52,760 --> 00:04:55,040 about your identity background. People are familiar with Jim and 89 00:04:55,040 --> 00:04:58,920 myself at least to some degree. What about yourself? 90 00:04:58,960 --> 00:05:01,800 How did you get into identity? Is it something that you chose 91 00:05:01,800 --> 00:05:05,640 or did it choose you? Well, I'd say, like most people 92 00:05:05,640 --> 00:05:09,360 in identity, I knew from the first time I dialed into AOL on 93 00:05:09,360 --> 00:05:12,480 my Commodore 64 that I wanted to grow up to be an IAM 94 00:05:12,480 --> 00:05:15,360 practitioner. No, but that's. 95 00:05:15,400 --> 00:05:17,880 A great story, very inspiring for. 96 00:05:17,880 --> 00:05:19,200 All those words, right? All started. 97 00:05:19,200 --> 00:05:23,120 It was a winding journey to get to get here since then. 98 00:05:23,120 --> 00:05:28,280 But I think I've been in in identity for a lot longer than I 99 00:05:28,280 --> 00:05:29,880 care to admit. You know, Jim says that the 100 00:05:29,880 --> 00:05:32,240 beard ages you. It's actually the kids that do, 101 00:05:32,840 --> 00:05:37,160 but I've been doing this for probably from somewhere between 102 00:05:37,160 --> 00:05:41,680 20 and 25 years. I got into identity through a 103 00:05:41,680 --> 00:05:45,320 former boss of mine who at the time was with a company called 104 00:05:45,320 --> 00:05:49,520 Corion, who was an IGA vendor way back in the day based out of 105 00:05:49,560 --> 00:05:55,400 out of the Massachusetts area. And he asked me to come over and 106 00:05:55,400 --> 00:05:58,200 be what they called an identity management consultant, which was 107 00:05:58,200 --> 00:06:01,640 kind of a mix of ABA and a project manager. 108 00:06:02,760 --> 00:06:05,760 And I had done a lot of work, similar work for him previously 109 00:06:06,240 --> 00:06:07,840 on the professional services side. 110 00:06:07,840 --> 00:06:12,600 And I said that, what the heck, I had just kind of parted ways 111 00:06:12,600 --> 00:06:17,440 with my own software distribution company and said 112 00:06:17,440 --> 00:06:19,720 let's let's give this a try. And that's really kind of where 113 00:06:19,720 --> 00:06:23,560 I got started in identity. And it's been kind of a a long 114 00:06:23,560 --> 00:06:28,880 journey since then involving multiple acquisitions and moving 115 00:06:28,880 --> 00:06:32,600 from company to company and going from you know a small 116 00:06:32,600 --> 00:06:36,280 three person company that I had myself to couple 100 people then 117 00:06:36,280 --> 00:06:41,120 back down to 80 to 100 people at Entropy, which was then acquired 118 00:06:42,640 --> 00:06:45,560 by another consulting firm and then most recently here at RSM. 119 00:06:45,560 --> 00:06:47,000 So it's been an interesting journey. 120 00:06:48,240 --> 00:06:50,040 Yeah, it's very interesting journey. 121 00:06:50,240 --> 00:06:53,440 Now you're at RSM, so who is RSM? 122 00:06:53,440 --> 00:06:57,560 What is? What does RSM stand for to start 123 00:06:57,560 --> 00:07:01,280 with? So RSM, it's funny, Jeff, you 124 00:07:01,280 --> 00:07:03,440 mentioned before that you didn't know who RSM was. 125 00:07:03,440 --> 00:07:08,160 I didn't either at first. So RSM stands for Robson Roads, 126 00:07:08,160 --> 00:07:10,680 Solustro, Riedel and Ian Mcgladrey. 127 00:07:11,440 --> 00:07:15,480 Some people may be familiar with Mcgladrey that was AUS 128 00:07:15,520 --> 00:07:21,080 accounting firm back in 1926, I believe is when the firm 129 00:07:21,080 --> 00:07:24,720 started. Now we are the 5th largest 130 00:07:24,720 --> 00:07:27,920 accounting, tax and consulting services firm in the US So 131 00:07:27,920 --> 00:07:30,880 people talk about the big four. We like to call it the big 5. 132 00:07:32,120 --> 00:07:36,200 So we've got about 16,000 professionals in in North 133 00:07:36,200 --> 00:07:40,280 America today across 87 cities and four cities in Canada. 134 00:07:41,800 --> 00:07:44,920 Yeah, it's interesting. You know, I'm a New York Yankees 135 00:07:44,920 --> 00:07:47,160 fan, and Chad, please don't hold that against me. 136 00:07:47,160 --> 00:07:52,240 I know you're a Red Fox fan, but I knew who Mcleodry was because 137 00:07:52,240 --> 00:07:55,360 they ran commercials during the Yankees games. 138 00:07:55,680 --> 00:07:59,920 I was like, oh, Mceladry, tax and audit tax and consulting. 139 00:08:00,120 --> 00:08:04,120 So I knew about Mcleodry. I think it takes some guts for 140 00:08:04,120 --> 00:08:08,640 an organization to take a, you know, maybe not a household 141 00:08:08,640 --> 00:08:12,920 name, but a certainly a well established name and change it 142 00:08:12,920 --> 00:08:16,080 up in that way. So I think that's a big part of 143 00:08:16,080 --> 00:08:20,960 kind of not knowing the name, you know or or like sounding 144 00:08:20,960 --> 00:08:24,320 new. But to me that's that's an 145 00:08:24,320 --> 00:08:27,960 interesting aspect and kind of like bold for companies to do. 146 00:08:29,160 --> 00:08:32,400 Yeah, absolutely. I mean, I think we've been RSM 147 00:08:32,400 --> 00:08:34,799 since 2015 is when they rebranded. 148 00:08:35,440 --> 00:08:39,760 So it's a fairly recent change. But like you said after at that 149 00:08:39,760 --> 00:08:43,400 point nearly 90 years of operating under that name to to 150 00:08:43,400 --> 00:08:46,560 change the brand is that's a pretty bold, bold step. 151 00:08:47,760 --> 00:08:50,240 So I had heard of Mcgladrey, but I had not heard of the other 152 00:08:50,240 --> 00:08:53,000 one. So Robson Rhodes was in the UK 153 00:08:53,000 --> 00:08:56,400 so Lustro Riddell was France. So for international listeners, 154 00:08:56,400 --> 00:08:58,360 maybe those names might ring a bell. 155 00:08:58,360 --> 00:09:00,760 But I had heard of Mcgladrey, but I thought they were some 156 00:09:00,760 --> 00:09:03,720 sort of advertising firm or something, maybe just because I 157 00:09:03,920 --> 00:09:05,200 was, you know, not really paying attention. 158 00:09:05,200 --> 00:09:08,800 But yeah, now here we are. We're all underneath RSM. 159 00:09:08,800 --> 00:09:12,200 My master plan of putting together identropy 2 point O is, 160 00:09:12,560 --> 00:09:15,840 well is well underway. I thought it would be 161 00:09:15,840 --> 00:09:18,480 interesting to kind of peel back the curd, kick down the 4th 162 00:09:18,480 --> 00:09:20,120 wall. We do that a lot on this 163 00:09:20,200 --> 00:09:21,720 podcast. And. 164 00:09:21,800 --> 00:09:25,120 And what is identity consulting? Like, what do we actually do? 165 00:09:25,640 --> 00:09:28,440 How do we explain it to the people that know us or don't 166 00:09:28,440 --> 00:09:29,760 know us? You know, you're sitting in the 167 00:09:29,760 --> 00:09:31,000 Barber chair. Oh, what do you do? 168 00:09:31,000 --> 00:09:32,360 Well, you know, I'm a consultant. 169 00:09:32,560 --> 00:09:35,240 Oh, what kind of consultant? OK, Information security. 170 00:09:35,240 --> 00:09:38,320 Oh, like, like hacker. Not quite. 171 00:09:39,080 --> 00:09:41,840 But, you know, things like that. So I thought maybe we'd start 172 00:09:41,840 --> 00:09:45,040 with, what is Identity Consulting? 173 00:09:45,360 --> 00:09:48,920 And Chad, from your perspective, what do we do? 174 00:09:51,080 --> 00:09:54,840 Well, the answer I give my kids when they ask me is I have 175 00:09:54,840 --> 00:09:57,480 meetings because that's what I do a lot of. 176 00:09:58,160 --> 00:10:00,040 But I think that's as consultants, that's what we all 177 00:10:00,040 --> 00:10:05,040 do a lot of is have meetings but but ultimately, you know when I 178 00:10:05,160 --> 00:10:08,240 boil it down to the simplest components, right, identity, 179 00:10:08,880 --> 00:10:11,040 identity is about understanding or identity. 180 00:10:11,040 --> 00:10:14,320 Digital identity is more about understanding who has access to 181 00:10:14,320 --> 00:10:16,920 what, what are they doing with that access, are they doing the 182 00:10:16,920 --> 00:10:21,760 right things, right. So for me, taking that as sort 183 00:10:21,760 --> 00:10:25,640 of the core of what we do, like making identity at the center of 184 00:10:25,640 --> 00:10:28,960 everything and it's really expanding that to the broader 185 00:10:28,960 --> 00:10:32,160 cybersecurity space. So when I talk to somebody that 186 00:10:32,160 --> 00:10:35,840 has no idea what I do, depending on the conversation, I've, you 187 00:10:35,840 --> 00:10:39,440 know, I'll say I help keep my clients out of the news, right, 188 00:10:39,440 --> 00:10:42,400 because that's part of our job as identity security 189 00:10:42,400 --> 00:10:45,320 practitioners is helping mitigate data breaches. 190 00:10:46,280 --> 00:10:49,440 So we do a lot of that. But ultimately, I find when 191 00:10:49,440 --> 00:10:53,000 we're working with clients, more of the time than not, what we're 192 00:10:53,000 --> 00:10:55,560 doing is connecting different pieces of the organization that 193 00:10:55,560 --> 00:10:59,040 may not have even spoken to each other before to understand how 194 00:10:59,040 --> 00:11:03,840 they view access, how they view the different audiences and the 195 00:11:03,840 --> 00:11:07,400 personas in their organization to be able to try to put some 196 00:11:07,400 --> 00:11:10,080 level of control and security around that. 197 00:11:11,200 --> 00:11:14,040 So let me flip this over to Jim because he loves to ask the 198 00:11:14,040 --> 00:11:17,440 question, what was, what is it you would say you do around 199 00:11:17,440 --> 00:11:19,120 here, Jim? Yeah. 200 00:11:19,120 --> 00:11:22,480 And before I even answer that question, Jeff, I do want to 201 00:11:22,480 --> 00:11:26,480 recognize that you said this is your master plan and then you 202 00:11:26,520 --> 00:11:29,520 did the Mr. Burns thing. But you know, kudos to you. 203 00:11:29,520 --> 00:11:31,120 You really did pull this together. 204 00:11:31,120 --> 00:11:36,200 I mean, you know, I I wanted to follow you over here and it was 205 00:11:36,200 --> 00:11:40,440 a great decision that I made. It wasn't long after you know, 206 00:11:40,440 --> 00:11:44,480 another year and a half and Chad came over and I hope that he's 207 00:11:44,480 --> 00:11:47,800 looking at that decision now and smiling, but you're the kind of 208 00:11:47,800 --> 00:11:51,560 the master cog to all that. So to answer your question, what 209 00:11:51,560 --> 00:11:55,080 do I do? So I've run our digital identity 210 00:11:55,080 --> 00:11:58,800 advisory services. So it's really if you look at 211 00:11:58,800 --> 00:12:04,600 the the model that we use, it's assess, advise, implement and 212 00:12:04,600 --> 00:12:07,600 manage. So really the assess and advise 213 00:12:07,600 --> 00:12:11,080 usually gets grouped into advisory services. 214 00:12:11,760 --> 00:12:15,400 You start with an and you could do just an assessment or just 215 00:12:15,400 --> 00:12:20,680 advise, but usually it's you assess and then the advice which 216 00:12:20,680 --> 00:12:24,160 is like strategy and road map kind of work stacks on top of 217 00:12:24,160 --> 00:12:26,600 that. So assess is really how are you 218 00:12:26,600 --> 00:12:28,840 running your identity program now? 219 00:12:29,320 --> 00:12:33,120 What's working well, what's not working well, what needs to be 220 00:12:33,120 --> 00:12:35,760 improved. And from that you can kind of 221 00:12:35,760 --> 00:12:41,160 start to identify areas where you need to make improvements to 222 00:12:41,160 --> 00:12:42,960 reach a certain level of maturity. 223 00:12:43,280 --> 00:12:46,440 And by the way, usually when you say to reach a level of 224 00:12:46,440 --> 00:12:50,000 maturity, it's one of those things where that maturity curve 225 00:12:50,000 --> 00:12:55,040 is kind of moving constantly. So you know you're, you're doing 226 00:12:55,040 --> 00:12:57,880 things to make yourself look younger, but your body's getting 227 00:12:57,880 --> 00:13:02,120 older or really what it is that the industry's advancing to try 228 00:13:02,120 --> 00:13:05,800 and stay ahead of the bad guys, if you will. 229 00:13:06,880 --> 00:13:11,560 The advice part is really about now that we know what the gaps 230 00:13:11,560 --> 00:13:14,920 are, the areas that need to be improved based on our experience 231 00:13:14,920 --> 00:13:20,080 and I call it experiential based advisory or experiential based 232 00:13:20,080 --> 00:13:22,320 consulting. So in other words, we're not 233 00:13:22,720 --> 00:13:26,080 coming up with ideas like that or whiz bang or hey, no one's 234 00:13:26,080 --> 00:13:28,360 ever tried this one. But you try it based on our 235 00:13:28,360 --> 00:13:32,320 experience of seeing what has worked and well and what hasn't 236 00:13:32,320 --> 00:13:35,000 worked well at the clients that we've worked with. 237 00:13:35,000 --> 00:13:37,920 I mean you and I have worked with over 100 clients. 238 00:13:37,920 --> 00:13:42,320 I know Chad's probably somewhere in the ballpark of 200 clients. 239 00:13:42,600 --> 00:13:46,480 And what what are, what are they doing that would be considered 240 00:13:46,480 --> 00:13:49,880 leading practice or best practices, whichever term you 241 00:13:49,880 --> 00:13:53,400 kind of gravitate toward. And where do we see where 242 00:13:53,400 --> 00:13:57,760 organizations tend to hit walls and flop and avoid those things 243 00:13:57,760 --> 00:14:00,280 of course. So now you build a strategy and 244 00:14:00,280 --> 00:14:02,800 really the road map, once you have the strategy, the road map 245 00:14:02,800 --> 00:14:06,320 is just building a plan that is going to do those things in the 246 00:14:06,320 --> 00:14:10,560 right order, in an order that the organization can absorb them 247 00:14:10,880 --> 00:14:14,480 and then an order that the organization can make the 248 00:14:14,480 --> 00:14:15,880 investments that are. Required. 249 00:14:16,960 --> 00:14:19,440 So if we're working with an organization and Jim this is the 250 00:14:19,440 --> 00:14:22,400 background you and I have been working on for what 8-9 years 251 00:14:22,400 --> 00:14:25,800 now at this point is that assess and advise kind of area, right. 252 00:14:25,800 --> 00:14:27,800 What are we trying to do? Who are we trying to do it to 253 00:14:27,800 --> 00:14:28,840 and what are we going to do it with? 254 00:14:29,120 --> 00:14:33,000 Right, Sort of that, that kind of question and that transition. 255 00:14:33,280 --> 00:14:36,160 At some point you have to stop talking and start doing. 256 00:14:36,480 --> 00:14:38,720 And that's typically where we might get into like implement or 257 00:14:38,720 --> 00:14:40,640 manage. And historically this is where 258 00:14:40,640 --> 00:14:43,320 we would bring our friend Chad into conversation, say, hey, 259 00:14:43,320 --> 00:14:44,760 what's going on? You know, here's kind of the 260 00:14:44,760 --> 00:14:48,440 situation, what, what can we do here from a technology 261 00:14:48,440 --> 00:14:50,440 standpoint. And maybe Chad, if you want to 262 00:14:50,440 --> 00:14:52,840 talk to me about implement and so manage, which is that back 263 00:14:52,840 --> 00:14:56,840 half or second-half of the assess, advise, implement and 264 00:14:56,840 --> 00:14:59,160 manage process, we can get into a little bit more. 265 00:14:59,880 --> 00:15:01,760 Sure. I I I think once you get into 266 00:15:01,760 --> 00:15:05,360 the implement that's where it becomes a lot more complicated, 267 00:15:05,520 --> 00:15:07,360 right? Not that not that the strategy 268 00:15:07,360 --> 00:15:09,840 in the road map is not a complicated process because it 269 00:15:09,840 --> 00:15:12,440 is like the technology is actually the easiest part of it. 270 00:15:12,920 --> 00:15:16,040 But when you get into the implementation side, there's 271 00:15:16,040 --> 00:15:19,480 lots of different considerations that you have to think through, 272 00:15:19,480 --> 00:15:21,640 not the least of which is there's a long list of 273 00:15:21,640 --> 00:15:25,040 technologies that are out in the identity, the broader identity 274 00:15:25,040 --> 00:15:29,320 domain and trying to determine which of those technologies is 275 00:15:29,320 --> 00:15:34,080 the most appropriate for the, for the client, right at RSM, 276 00:15:34,240 --> 00:15:37,560 you know, so our our idea is really meeting clients where 277 00:15:37,560 --> 00:15:40,560 they need us most. So that doesn't mean just going 278 00:15:40,560 --> 00:15:44,120 out with the leader in every identity domain and saying this 279 00:15:44,120 --> 00:15:45,760 is what you should should plug in. 280 00:15:45,760 --> 00:15:48,480 So there's an aspect of understanding the different 281 00:15:48,480 --> 00:15:51,520 capabilities of those technologies, but then working 282 00:15:51,520 --> 00:15:54,680 with the client in a way that makes sense for them. 283 00:15:55,440 --> 00:15:59,680 It is ultimately a a, a transformation effort that goes 284 00:15:59,680 --> 00:16:02,400 on when you implement any identity technology. 285 00:16:02,600 --> 00:16:06,400 So really understanding all of those key components of how to 286 00:16:06,400 --> 00:16:08,600 get that through the organization, how to drive the 287 00:16:08,600 --> 00:16:12,960 adoption, how to drive the completeness of the breadth of 288 00:16:12,960 --> 00:16:14,160 what you're trying to connect to. 289 00:16:15,000 --> 00:16:18,120 And then ultimately how are you going to get all the downstream 290 00:16:18,120 --> 00:16:21,760 people on board with that including internal and external 291 00:16:21,760 --> 00:16:25,440 auditors and those types of security organizations to be 292 00:16:25,440 --> 00:16:29,840 able to drive to get there. So having a team of people that 293 00:16:30,040 --> 00:16:35,480 understand the nuances of the technologies and how to work 294 00:16:35,480 --> 00:16:39,040 through the change management required at an organization of 295 00:16:39,640 --> 00:16:43,480 you know, 200 people versus 250,000 people, right. 296 00:16:43,480 --> 00:16:46,800 And trying to work through those nuances, that's really where 297 00:16:46,800 --> 00:16:50,480 our, our implement or build team comes into play is helping 298 00:16:50,480 --> 00:16:55,280 clients navigate that and from you know, program management all 299 00:16:55,280 --> 00:16:58,880 the way down through hands on keyboard development if 300 00:16:58,880 --> 00:17:02,280 necessary. And then often that transitions 301 00:17:02,280 --> 00:17:07,160 to our manage capability which can take different different 302 00:17:07,160 --> 00:17:10,160 forms and flavors. But ultimately we continue to 303 00:17:10,160 --> 00:17:12,680 see more and more clients just wanting to have someone solve 304 00:17:12,680 --> 00:17:15,560 the problem for them, right. Don't just give me technology, 305 00:17:16,000 --> 00:17:18,720 give me a solution and that's when our manage team comes in 306 00:17:19,160 --> 00:17:23,079 and helps clients either in a Co managed way where we're we're 307 00:17:23,079 --> 00:17:26,440 doing the day-to-day operational support for their identity 308 00:17:26,440 --> 00:17:31,640 technologies or in a true you know managed service provider 309 00:17:31,840 --> 00:17:35,400 capability where we're we're managing the entire 310 00:17:35,400 --> 00:17:38,120 infrastructure and the whole the whole problem for them. 311 00:17:39,720 --> 00:17:42,200 And I think one thing that is, is starting to get a little 312 00:17:42,200 --> 00:17:45,360 attraction here is a lot of people I think associate manage 313 00:17:45,800 --> 00:17:49,120 with implementation and sort of technology and tools. 314 00:17:49,120 --> 00:17:52,760 But you know, myself, I do a lot of program management myself. 315 00:17:52,800 --> 00:17:56,240 So even though it's maybe not part of that, you know, formal 316 00:17:56,240 --> 00:17:59,200 kind of, you know, assess and advise, I'm helping 317 00:17:59,200 --> 00:18:03,920 organizations build up their IM programs, projects, program 318 00:18:03,920 --> 00:18:07,320 charters, policies, standards, do we have a steering committee 319 00:18:07,320 --> 00:18:10,040 and things like that. And so I think that's something 320 00:18:10,040 --> 00:18:12,360 that sometimes gets lost in the mix of the people just kind of 321 00:18:12,360 --> 00:18:14,200 think, oh, it's just like a, a tech service. 322 00:18:14,480 --> 00:18:16,920 It's not always that way, right. A lot of organizations struggle 323 00:18:16,920 --> 00:18:19,040 just kind of getting the bare bones of a program in place. 324 00:18:19,040 --> 00:18:20,760 And you know, I know, Jim, you've done it. 325 00:18:20,760 --> 00:18:22,160 I've done it. Chad, I'm sure you've done it as 326 00:18:22,160 --> 00:18:24,240 well. But that's another aspect of it 327 00:18:24,240 --> 00:18:27,360 that that I enjoy because at that point it's like, oh, OK, 328 00:18:27,360 --> 00:18:28,800 now we're actually starting to fix things. 329 00:18:29,520 --> 00:18:33,000 Don't get me wrong, I love the advisory stuff that you know, we 330 00:18:33,000 --> 00:18:35,080 typically work on. You know, I always say it's it's 331 00:18:35,080 --> 00:18:37,640 a great gig to have if you can get it because you're paid for 332 00:18:37,640 --> 00:18:40,720 an opinion. Now that opinion needs to be 333 00:18:40,720 --> 00:18:43,520 good and it needs to be based on facts and understanding and be 334 00:18:43,520 --> 00:18:46,280 able to say, OK, you know, I understand what the client is 335 00:18:46,280 --> 00:18:48,240 looking to get done. And I'm marrying that up with 336 00:18:48,560 --> 00:18:50,360 here's where the industry is going and here's where 337 00:18:50,360 --> 00:18:52,600 technology in general and the business etcetera and really 338 00:18:52,600 --> 00:18:56,000 kind of putting together you know those Tetris pieces to put 339 00:18:56,000 --> 00:19:01,040 together and start you know illuminating lines of the ever 340 00:19:01,080 --> 00:19:03,200 of the ever growing Tetris problem for identity. 341 00:19:04,080 --> 00:19:07,360 I think one of the interesting parts of of that Jeff, I think 342 00:19:07,360 --> 00:19:10,680 is as you get involved in more of those program management 343 00:19:10,720 --> 00:19:14,440 engagements when you're working with you know, senior executives 344 00:19:14,440 --> 00:19:17,920 at at a client and helping them navigate the complexities of 345 00:19:17,920 --> 00:19:19,840 this, you learn. You get to learn a lot more 346 00:19:19,840 --> 00:19:23,120 about their business and you actually learn a lot from them 347 00:19:23,160 --> 00:19:25,920 about how they see things. And we can take that, those 348 00:19:25,920 --> 00:19:29,440 learnings and actually apply those to where we go next, 349 00:19:29,440 --> 00:19:32,360 right, and what other clients we work with because we get a 350 00:19:32,360 --> 00:19:35,960 different perspective on how different clients approach 351 00:19:35,960 --> 00:19:40,120 problems and how they think about the, you know, the 352 00:19:40,120 --> 00:19:42,640 business benefits of some of the solutions that we talk about. 353 00:19:44,200 --> 00:19:47,480 Yeah, Jeff, the thing that I was going to add to that is what I 354 00:19:47,480 --> 00:19:50,480 think is so cool about program management is like that's the 355 00:19:50,480 --> 00:19:52,640 reality, That's how all this manifests. 356 00:19:52,800 --> 00:19:56,080 It'd be nice to think like you wake up one day and say, oh, 357 00:19:56,080 --> 00:19:59,640 we're going to do identity and access management starting with 358 00:19:59,880 --> 00:20:04,520 assess and then we're going to get some advice and we're going 359 00:20:04,520 --> 00:20:06,920 to implement and then we're just going to manage it. 360 00:20:07,160 --> 00:20:08,840 That's just not the way it works, right. 361 00:20:08,840 --> 00:20:11,120 It's a program. All those things are kind of 362 00:20:11,120 --> 00:20:15,200 happening at the same time. You're definitely implementing 363 00:20:15,200 --> 00:20:18,160 and managing at the same time, but you're also thinking about 364 00:20:18,160 --> 00:20:21,960 what's next, where do we need to improve and that's really that 365 00:20:21,960 --> 00:20:24,360 assess and advise. Yeah. 366 00:20:24,360 --> 00:20:28,360 That cycle is ever present. You know, I I think sometimes we 367 00:20:28,360 --> 00:20:30,440 all wish it was that easy. It's like, oh, well, we're going 368 00:20:30,440 --> 00:20:33,240 to start here at the beginning. Well, that doesn't know what's 369 00:20:33,240 --> 00:20:35,200 happened really. You're probably in flight, 370 00:20:35,200 --> 00:20:36,320 right? I'm sure people are listening to 371 00:20:36,320 --> 00:20:37,760 this. It's like, yeah, we're already 372 00:20:37,760 --> 00:20:39,880 have, you know, either an identity program where you've 373 00:20:39,880 --> 00:20:43,280 got some capabilities in place and it's OK Well, what's next? 374 00:20:43,400 --> 00:20:45,240 What should we be working on? What should be improving? 375 00:20:45,240 --> 00:20:47,160 And I, you know, I enjoy that type of work. 376 00:20:47,240 --> 00:20:50,120 I, you know, I hate to say it, but I sort of enjoy figuring out 377 00:20:50,120 --> 00:20:53,400 the psychology of an organization to say, OK, what's 378 00:20:53,400 --> 00:20:56,200 the trigger word or trigger phrase or thing that I need to 379 00:20:56,480 --> 00:20:58,880 whisper the secret password that's going to unlock 380 00:20:59,360 --> 00:21:03,120 investment in time or resources or people or money or whatever 381 00:21:03,120 --> 00:21:06,600 it is right to improve things because I don't think nobody 382 00:21:06,600 --> 00:21:10,080 wants to do it poorly. But a lot of times the reality 383 00:21:10,080 --> 00:21:14,120 is, look budgets are limited, resources are limited and people 384 00:21:14,120 --> 00:21:16,400 get put into a position where you have to choose like OK, well 385 00:21:16,600 --> 00:21:20,800 how do I advocate for proper or better identity access 386 00:21:20,800 --> 00:21:22,400 management as part of that process? 387 00:21:22,800 --> 00:21:26,560 I find that aspect of the job, you know, a lot of fun and you 388 00:21:26,560 --> 00:21:29,720 know I've, I've made a lot of good friends working, you know, 389 00:21:29,720 --> 00:21:31,600 working, you know hand in hand with, you know some of our 390 00:21:31,600 --> 00:21:33,000 clients. And it's been, it's been great 391 00:21:33,000 --> 00:21:36,560 to kind of grow with them as they've matured their program 392 00:21:36,840 --> 00:21:38,560 and seeing them get better and say Oh yeah, I remember, 393 00:21:38,560 --> 00:21:40,920 remember back in the day when Chad, when we were working at 394 00:21:41,240 --> 00:21:43,600 Walgreens and I was like hey, we got to do like password resets. 395 00:21:43,600 --> 00:21:46,520 So we need to handle our mainframes and As for hundreds 396 00:21:46,520 --> 00:21:49,360 and like and you know what you want to do, what it's like 397 00:21:49,360 --> 00:21:51,440 you're crazy like stuff like that right. 398 00:21:51,440 --> 00:21:54,000 And you sort of evolve and mature the program over time. 399 00:21:54,200 --> 00:21:58,200 So let's talk a little bit about again assess, advise, implement, 400 00:21:58,200 --> 00:22:00,640 manage because I think historically it's called people 401 00:22:01,120 --> 00:22:04,120 might be familiar with like plan build run, I know we use that 402 00:22:04,520 --> 00:22:07,960 historically. Any reason to change from plan 403 00:22:07,960 --> 00:22:09,720 build run? Is it just an evolution of the 404 00:22:09,720 --> 00:22:14,120 process, is it aligning with any kind of other methodology or we 405 00:22:14,120 --> 00:22:16,120 just modernizing the way we think about things? 406 00:22:16,120 --> 00:22:17,360 What are our thoughts about that, Chad? 407 00:22:18,520 --> 00:22:21,160 I think, certainly my thoughts around that, I think it's a 408 00:22:21,160 --> 00:22:22,640 little bit of all those things, right. 409 00:22:22,640 --> 00:22:28,720 Some of it is a bit of an evolution that's to a degree 410 00:22:28,720 --> 00:22:32,120 necessary just based on the construct of the firm that we're 411 00:22:32,120 --> 00:22:34,520 with now, right? And that that's largely the way 412 00:22:34,520 --> 00:22:38,240 the firm approaches things, being able to, you know, being a 413 00:22:38,240 --> 00:22:41,280 public accounting firm, we have independence things that we have 414 00:22:41,280 --> 00:22:45,600 to work through which in some respects causes us to need to 415 00:22:45,600 --> 00:22:48,040 have some level of separation in some cases. 416 00:22:48,040 --> 00:22:53,160 So being able to separate out an assessment function where we're 417 00:22:53,240 --> 00:22:57,720 you know evaluating the client's current state of affairs with 418 00:22:57,760 --> 00:23:01,760 providing advice to how you move that forward and then implement 419 00:23:01,760 --> 00:23:04,960 an operator really I think analogous to the build and the 420 00:23:04,960 --> 00:23:07,400 run pieces. So I think it really the 421 00:23:07,440 --> 00:23:11,520 evolution is kind of taking that holistic advisory function and 422 00:23:11,520 --> 00:23:16,200 breaking it into a couple of areas which in some respects you 423 00:23:16,200 --> 00:23:20,600 know there's a never ending list of regulations that comes out 424 00:23:20,600 --> 00:23:22,520 every year and new and updated things. 425 00:23:22,840 --> 00:23:26,000 And we have to really be up to speed on all of those. 426 00:23:26,400 --> 00:23:30,120 And that's for me is is a large function of the assess 427 00:23:30,200 --> 00:23:33,280 capability that we have is to really go through and evaluate 428 00:23:34,600 --> 00:23:37,640 client's current state based on the various frameworks and 429 00:23:37,640 --> 00:23:42,160 regulations that are out there. Advisory takes that to the next 430 00:23:42,160 --> 00:23:43,280 step, right? Great. 431 00:23:43,280 --> 00:23:45,640 Here's where you are, here's where you need to go, here's how 432 00:23:45,640 --> 00:23:49,000 you solve these challenges. In some cases, the client just 433 00:23:49,000 --> 00:23:52,440 wants to understand where they are against NIST, CSF framework, 434 00:23:52,440 --> 00:23:55,520 right. And then they can run from 435 00:23:55,520 --> 00:23:58,720 there. But by being able to tie all 436 00:23:58,720 --> 00:24:01,880 those things together, I think it's as much as we would like it 437 00:24:01,880 --> 00:24:04,600 to be that linear path. But tying all those functions 438 00:24:04,600 --> 00:24:08,160 together, I think in that in that cycle that cyclical process 439 00:24:08,160 --> 00:24:13,880 is important. You know, I just to add to that, 440 00:24:14,200 --> 00:24:17,640 I've always I I love plan, build run because it's like so easy to 441 00:24:17,640 --> 00:24:21,080 remember. But I also think then it's like 442 00:24:21,520 --> 00:24:24,960 OK, so are you only planning in the plan phase? 443 00:24:24,960 --> 00:24:29,240 Like don't you build project plans during build and don't you 444 00:24:29,400 --> 00:24:32,760 are you saying that you don't plan during run? 445 00:24:33,160 --> 00:24:39,320 And so I don't think that that model was, it was great for the 446 00:24:39,320 --> 00:24:43,040 mnemonic and easy, easy to remember, but I don't think it 447 00:24:43,040 --> 00:24:46,680 was like complex enough to quite capture what we were trying to 448 00:24:46,680 --> 00:24:50,200 communicate. Yeah, I think that's fair. 449 00:24:50,720 --> 00:24:54,720 And I think as many organizations move towards more 450 00:24:54,720 --> 00:24:59,400 of an iterative or agile type of a model that plan, build, run or 451 00:24:59,760 --> 00:25:03,120 you know, assess, advise, implement and operate, even it, 452 00:25:03,840 --> 00:25:06,880 that lends itself more to a waterfall sort of mindset and 453 00:25:06,880 --> 00:25:10,560 approach, right. I think to do it the way we talk 454 00:25:10,560 --> 00:25:12,720 to clients about doing it, it's got to be iterative. 455 00:25:12,760 --> 00:25:16,480 So we're doing all of those functions, you know some degree 456 00:25:16,480 --> 00:25:19,040 of planning upfront with that assess and advise. 457 00:25:19,320 --> 00:25:24,320 But very quickly you're rolling into implement while at the same 458 00:25:24,320 --> 00:25:27,400 time you're going and replanning, right, and and 459 00:25:27,400 --> 00:25:30,680 trying to revise that plan because you're going to learn as 460 00:25:30,680 --> 00:25:32,880 you go, you're going to uncover things. 461 00:25:32,880 --> 00:25:34,520 And we see this with clients all the time. 462 00:25:34,840 --> 00:25:37,200 You think you've got all the requirements, understood. 463 00:25:37,720 --> 00:25:39,960 Everybody in the room nods. They're like, Yep, that makes 464 00:25:39,960 --> 00:25:42,160 sense. And then you start down the path 465 00:25:42,240 --> 00:25:46,280 and a week later, you know, Susie gets called in for a 466 00:25:46,280 --> 00:25:48,600 meeting and you bounce one of these ideas. 467 00:25:48,600 --> 00:25:50,520 Oh, that's not how that works, right? 468 00:25:50,520 --> 00:25:52,320 And then you've got to change everything over again. 469 00:25:52,320 --> 00:25:56,200 So it really forces you into that more iterative approach, 470 00:25:57,120 --> 00:26:00,280 which ultimately is a benefit to clients, right? 471 00:26:00,280 --> 00:26:04,440 Get some value sooner. A long time ago, someone said 472 00:26:04,440 --> 00:26:06,360 something to me, and it's always stuck in my head, right? 473 00:26:06,400 --> 00:26:10,280 Incremental progress over delayed perfection, constantly 474 00:26:10,280 --> 00:26:14,480 iterating instead of just trying to set a path and a goal and 475 00:26:14,480 --> 00:26:18,440 just blindly charging for it. It's because things are going to 476 00:26:18,440 --> 00:26:21,160 change along the way. That's why I like to follow the 477 00:26:21,160 --> 00:26:24,280 pattern of you know, how are we better this month, this quarter, 478 00:26:24,760 --> 00:26:27,800 even maybe even this year than we were this time period last, 479 00:26:28,040 --> 00:26:31,960 whatever measurement period is I, I, I said we'd kind of kick 480 00:26:31,960 --> 00:26:33,360 down the 4th all a little bit here. 481 00:26:33,840 --> 00:26:36,800 I'd like to understand what's a typical day like for each of 482 00:26:36,800 --> 00:26:38,880 you. And Chad, I'll start with you. 483 00:26:39,240 --> 00:26:41,680 So you're a managing director, you know you're in charge of a 484 00:26:41,800 --> 00:26:46,560 digital identity for us. What's your typical day like as 485 00:26:46,640 --> 00:26:50,160 a managing director in consulting? 486 00:26:52,520 --> 00:26:58,800 So my typical day involves a lot of different things as we've 487 00:26:58,800 --> 00:27:03,520 been really building out this practice and really driving 488 00:27:03,520 --> 00:27:07,240 towards you know sort of our our big launch if you will. 489 00:27:08,000 --> 00:27:09,800 You know our fiscal year starts May 1st. 490 00:27:09,800 --> 00:27:12,240 So this is our new year and we're jumping into this. 491 00:27:12,240 --> 00:27:15,440 So a lot of my, the last couple of months have really been 492 00:27:15,440 --> 00:27:19,920 working through our strategy and our approach to how we talk to 493 00:27:19,920 --> 00:27:24,040 our clients, how we talk to different technology vendors 494 00:27:24,040 --> 00:27:28,160 really are go to market and really are why, right. 495 00:27:28,160 --> 00:27:30,280 That's what I've been trying to establish is what's our why? 496 00:27:31,280 --> 00:27:36,040 And then so I spend a lot of time talking with RSM partners 497 00:27:36,240 --> 00:27:40,480 and understanding our client base and the needs that they 498 00:27:40,480 --> 00:27:43,320 have. So a fair chunk of my day is 499 00:27:43,320 --> 00:27:46,600 meeting with different whether it be clients or our partners, 500 00:27:47,280 --> 00:27:51,560 there's a lot of boring operational stuff that goes into 501 00:27:51,560 --> 00:27:55,520 it that that problem is going to continue to get worse as the 502 00:27:55,520 --> 00:27:57,160 practice gets bigger and bigger, right. 503 00:27:57,160 --> 00:28:01,600 So whether that's staffing calls or revenue forecast meetings and 504 00:28:01,600 --> 00:28:07,040 those types of things, but it's also because we are a North 505 00:28:07,040 --> 00:28:09,560 American practice, it is US and Canada. 506 00:28:09,800 --> 00:28:12,160 I spend a lot of time with some new partners that we just 507 00:28:12,160 --> 00:28:17,240 brought on board up in in Canada, aligning our our 508 00:28:17,240 --> 00:28:21,080 collective experiences around implementation, around advisory, 509 00:28:21,080 --> 00:28:24,560 around managed services to make sure that we're taking all of 510 00:28:24,560 --> 00:28:28,000 the benefits of all of our experiences and being able to 511 00:28:28,000 --> 00:28:31,360 kind of craft that into our own secret sauce that we can bring 512 00:28:31,360 --> 00:28:34,600 to all of our clients. So a lot of my time is spent 513 00:28:34,720 --> 00:28:40,320 with clients, with operational things internally and more sort 514 00:28:40,320 --> 00:28:43,640 of strategic trying to figure out where is the market going, 515 00:28:43,840 --> 00:28:47,200 where do our clients need us most and how can we make sure 516 00:28:47,200 --> 00:28:50,520 we're there before they are. So a lot of meetings. 517 00:28:50,680 --> 00:28:52,080 You weren't lying when you said that earlier. 518 00:28:52,320 --> 00:28:54,200 I wasn't lying when I said that earlier. 519 00:28:54,560 --> 00:28:58,360 Thankfully the the travel has slowed a little bit, but it's 520 00:28:58,360 --> 00:29:01,360 starting to pick back up, so that always adds another 521 00:29:01,360 --> 00:29:05,040 interesting wrinkle. You know, after a couple of 522 00:29:05,040 --> 00:29:08,840 years of not much travel, it's tough to get used to working 523 00:29:08,840 --> 00:29:10,240 from a little laptop screen again. 524 00:29:12,160 --> 00:29:14,160 Jim, what's your kind of normal day like? 525 00:29:15,080 --> 00:29:16,720 Well, mine will be easier to explain. 526 00:29:16,720 --> 00:29:20,320 So there there's two roles that I have here at RSM. 527 00:29:20,320 --> 00:29:25,120 One is obviously serving our clients with the assess and 528 00:29:25,120 --> 00:29:29,160 advise projects and it's interesting because we've got a 529 00:29:29,440 --> 00:29:33,120 a couple of folks on the team, I'm thinking of Brian Lindstrom 530 00:29:33,120 --> 00:29:36,080 and Ben Dowd who are just like superstars, right. 531 00:29:36,280 --> 00:29:40,280 So they wind up actually doing most of the work, but they do 532 00:29:40,280 --> 00:29:44,360 ping back to me, right, because you know we, I've been doing 533 00:29:44,360 --> 00:29:47,560 this role for 12 years now. So I have some good insights at 534 00:29:47,560 --> 00:29:53,320 least I'd like to think so and but I mean if you come and do a 535 00:29:53,320 --> 00:29:57,520 project with RSM to put together RSS and advise and many other 536 00:29:57,520 --> 00:30:00,360 areas, but specifically on those and you're working with Ben and 537 00:30:00,360 --> 00:30:04,680 Brian, you'll see what I mean. These guys are just superstars. 538 00:30:04,880 --> 00:30:08,680 So my role is mostly as like engagement lead for this 539 00:30:08,680 --> 00:30:12,760 projects, but I also focus on some internal initiatives. 540 00:30:12,760 --> 00:30:16,440 So I'm what we call the strategic pillar lead for our 541 00:30:16,440 --> 00:30:19,880 training and professional development track. 542 00:30:20,160 --> 00:30:24,400 And so what's been really cool about that is RSM. 543 00:30:24,760 --> 00:30:27,520 It's the group that we're in, the security and privacy Risk 544 00:30:27,520 --> 00:30:32,320 Consulting has been really, really focused on making sure 545 00:30:32,320 --> 00:30:35,400 that people are getting the training that they need to be 546 00:30:35,560 --> 00:30:40,680 great in their current role, but also ready for promotion to that 547 00:30:40,680 --> 00:30:44,160 next level. And so it's an investment in the 548 00:30:44,160 --> 00:30:47,680 individuals, but it's also something that the organization 549 00:30:47,680 --> 00:30:50,680 obviously reaps benefit of as well. 550 00:30:51,680 --> 00:30:54,800 So it's just been fascinating. I've put a lot of focus on that 551 00:30:54,800 --> 00:30:58,560 area again because it's like it's important to RSM. 552 00:30:58,560 --> 00:31:02,960 So I'm able to carve out a big chunk of my week to dedicate 553 00:31:02,960 --> 00:31:05,760 toward that. And I'm, I'm honestly learning a 554 00:31:05,760 --> 00:31:09,120 lot because I'm starting to interact with folks in different 555 00:31:09,120 --> 00:31:13,080 areas of our practice and I'm learning a lot about what they 556 00:31:13,080 --> 00:31:16,240 do and what training requirements people go through 557 00:31:16,240 --> 00:31:19,800 to be, you know, to. Usually when we hire folks, 558 00:31:20,640 --> 00:31:23,880 there's obviously people that we hire who are fresh out of 559 00:31:23,880 --> 00:31:26,680 college or whatever, but most of the folks that we hire are 560 00:31:26,680 --> 00:31:28,880 already experienced to some level. 561 00:31:29,200 --> 00:31:32,560 They come in with different certifications or different 562 00:31:32,800 --> 00:31:37,360 experiences. So it's a matter of going ahead 563 00:31:37,360 --> 00:31:41,640 and and how do they get you know go from uncertified to certified 564 00:31:41,640 --> 00:31:44,800 or if they have certifications how are they maintaining those 565 00:31:44,800 --> 00:31:49,160 certifications and what are the things that you know currently 566 00:31:49,160 --> 00:31:51,840 we don't have a solution for and let's make sure we have a 567 00:31:51,840 --> 00:31:55,680 solution for that. So I'm really proud of my work 568 00:31:55,840 --> 00:31:59,160 there and like I said I get to carve out a a quite a bit for 569 00:31:59,160 --> 00:32:00,800 that. It's gotten to the point where 570 00:32:00,800 --> 00:32:05,000 I'm pretty busy between client work and the strategic work and 571 00:32:05,000 --> 00:32:07,120 we're doing a lot of podcasts in the evening. 572 00:32:07,120 --> 00:32:11,560 I know you're you're in the same boat, Jeff, but and actually I 573 00:32:11,560 --> 00:32:14,600 kicked the question over to you. You know, other than being the 574 00:32:14,600 --> 00:32:17,120 podcast producer, which I know you're doing at nights and 575 00:32:17,160 --> 00:32:20,120 weekends for the most part, what's your typical day like? 576 00:32:21,160 --> 00:32:23,800 It depends on the day actually. It changes so much. 577 00:32:24,960 --> 00:32:28,480 I have been doing a lot of travel for like the last six to 578 00:32:28,480 --> 00:32:29,520 nine months. I would say. 579 00:32:29,720 --> 00:32:32,880 I think you know last year was a record for me over 100 flights I 580 00:32:32,880 --> 00:32:38,000 took in 2023 alone. I'm already platinum with Delta 581 00:32:38,000 --> 00:32:42,840 for next year. So I I I kind of see myself a 582 00:32:42,840 --> 00:32:44,560 little bit as as a Flex person now. 583 00:32:44,720 --> 00:32:46,880 So I'm kind of wherever I'm needed. 584 00:32:47,000 --> 00:32:50,280 So I might be meeting with clients, I might be you know on 585 00:32:50,280 --> 00:32:52,640 a phone calls with clients kind of talking about what's going 586 00:32:52,640 --> 00:32:56,520 on, might be pulling you guys into conversations as well, 587 00:32:57,120 --> 00:32:59,960 obviously doing the podcast. And so there are other kind of 588 00:32:59,960 --> 00:33:04,400 internal stuff that we work on different projects, but and then 589 00:33:04,400 --> 00:33:06,600 advisory work, I mean I'm still involved with some of those 590 00:33:06,600 --> 00:33:08,200 projects and kind of work through that. 591 00:33:08,200 --> 00:33:12,920 So it's a little bit of a this and that and the other thing 592 00:33:12,920 --> 00:33:15,520 which I kind of like gives me some variety and definitely the 593 00:33:15,520 --> 00:33:18,840 podcast which we are always have to point out is not an RSM 594 00:33:18,840 --> 00:33:20,240 podcast. That's why we can do what we 595 00:33:20,240 --> 00:33:21,960 need to do. But RSM has been very 596 00:33:21,960 --> 00:33:23,200 supportive. You know, they're helping 597 00:33:23,200 --> 00:33:25,840 sponsor this episode and they help us out quite a bit. 598 00:33:25,840 --> 00:33:30,520 But yeah, I mean that's and and this is one of the ways that I 599 00:33:30,520 --> 00:33:33,800 stay on top of things, right. So what's going on in the 600 00:33:33,800 --> 00:33:36,200 market, yes, talking with clients is one thing, but also 601 00:33:36,200 --> 00:33:38,720 getting to meet all the cool people in this space. 602 00:33:39,120 --> 00:33:40,840 I mean just in the last couple of weeks, right, we've 603 00:33:40,840 --> 00:33:44,680 interviewed Enrique Teshara who was with Gartner for a long 604 00:33:44,680 --> 00:33:47,480 time, very popular analyst and now he's with Sabian. 605 00:33:47,920 --> 00:33:50,280 We talked with Omri Gazit, who's over with Asserto. 606 00:33:50,280 --> 00:33:52,800 I had a conversation in Troy today because we were talking 607 00:33:52,800 --> 00:33:56,040 about policy based access control for some of our internal 608 00:33:56,040 --> 00:33:58,720 initiatives and was like, Oh well yeah, I know a couple 609 00:33:58,720 --> 00:34:00,800 things around this and I can make some introductions, right. 610 00:34:00,800 --> 00:34:04,080 So stuff like that, maybe we'll be a matchmaker, stuff like 611 00:34:04,080 --> 00:34:07,600 that, but that's, you know, my, my day is rarely the same, but 612 00:34:07,960 --> 00:34:11,480 most of the time it seems like I'm headed to the airport. 613 00:34:11,760 --> 00:34:15,239 You know, the work address in my car is the actual airport. 614 00:34:15,880 --> 00:34:19,239 So if that gives you any sense of of where of of how I 615 00:34:19,239 --> 00:34:22,199 typically spend my time, that's that's pretty much it. 616 00:34:22,800 --> 00:34:26,000 Chicken or steak? Depends on where, man. 617 00:34:26,199 --> 00:34:28,400 If we're doing chicken and waffles or are we doing like a 618 00:34:28,400 --> 00:34:31,880 nice steak place? Well, it's it used to be like 619 00:34:31,880 --> 00:34:36,360 the the phrase they would have on Delta flights was like, you 620 00:34:36,360 --> 00:34:41,639 know, has your life become, you're sitting at TGI Friday's 621 00:34:41,639 --> 00:34:44,719 or getting a meal on the plane is like chicken or steak? 622 00:34:45,960 --> 00:34:48,080 Yeah, neither. I'm probably going to bring my 623 00:34:48,080 --> 00:34:51,440 own. Bring your own Snickers bar. 624 00:34:52,040 --> 00:34:53,639 Chatter Are you a chicken or a steak person? 625 00:34:53,639 --> 00:34:54,719 What are you doing on the airplane? 626 00:34:55,920 --> 00:34:57,840 Probably more a chicken than a steak person. 627 00:34:59,120 --> 00:35:01,920 I do like a good steak, but airplane steak? 628 00:35:01,960 --> 00:35:07,040 Probably not high on my list of of things to to go for. 629 00:35:07,360 --> 00:35:09,400 No matter how much they microwave it and dress it up 630 00:35:09,400 --> 00:35:11,320 with a a fancy cloth napkin, it's not the same. 631 00:35:11,320 --> 00:35:14,360 Exactly, exactly. Let's talk a little bit about 632 00:35:14,360 --> 00:35:17,440 the market because I think one of the things that we get to do 633 00:35:17,480 --> 00:35:21,120 is be really at the forefront, at least we try to be of 634 00:35:21,120 --> 00:35:24,120 different aspects of identity and access management and 635 00:35:24,560 --> 00:35:26,680 there's a lot of spaces. We're not going to cover every 636 00:35:26,680 --> 00:35:29,200 single thing about identity today, but kind of picked out a 637 00:35:29,200 --> 00:35:32,640 couple things that are usually top of mind for our clients. 638 00:35:32,640 --> 00:35:35,000 And hopefully people out there listening will get some value 639 00:35:35,000 --> 00:35:37,760 out of this as well. But what I wanted to do was kind 640 00:35:37,760 --> 00:35:41,840 of pose the question of where are things going, Where do we 641 00:35:41,840 --> 00:35:44,400 see the identity industry going in X? 642 00:35:45,080 --> 00:35:47,280 The first one, and I'll start with Jim for yourself. 643 00:35:47,800 --> 00:35:51,000 Where do we see the identity industry going in 644 00:35:51,160 --> 00:35:55,040 authentication? Yeah, I mean great question. 645 00:35:55,040 --> 00:35:59,560 And you know the the biggest trend is toward password list, 646 00:35:59,560 --> 00:36:03,320 it's getting away from knowledge based authentication into 647 00:36:03,480 --> 00:36:06,880 possession based authentication which includes biometrics. 648 00:36:07,160 --> 00:36:11,440 So it's you know you still see the number one and #2 attack 649 00:36:11,440 --> 00:36:14,320 vectors being social engineering and fishing. 650 00:36:14,320 --> 00:36:17,720 Well those things become a lot more difficult when you layer in 651 00:36:17,720 --> 00:36:21,360 multi factor authentication and almost impossible when you get 652 00:36:21,360 --> 00:36:24,160 to password list. So those are kind of the biggest 653 00:36:24,160 --> 00:36:26,640 trends. Those are being led by the Fido 654 00:36:26,640 --> 00:36:30,080 alliance, you know. So if you're not familiar with 655 00:36:30,080 --> 00:36:33,360 the Fido Alliance, I think you should get familiar with it and 656 00:36:33,360 --> 00:36:38,160 the standards that the Fido 2 standard for authentication will 657 00:36:38,160 --> 00:36:40,800 really help drive. You know obviously pass keys is 658 00:36:40,800 --> 00:36:42,240 on the tip of most people's tongues. 659 00:36:42,240 --> 00:36:48,680 Now that's mostly focused on you know the customer facing or or 660 00:36:48,720 --> 00:36:51,000 or web facing type of applications. 661 00:36:51,160 --> 00:36:53,600 There's plenty of solutions also in the enterprise. 662 00:36:54,680 --> 00:36:57,720 You see, I think the other thing for authentication is really now 663 00:36:58,280 --> 00:37:03,120 using verifiable credentials so that you can, you know, prove 664 00:37:03,120 --> 00:37:07,400 your identity and start to match yourself up with a credential 665 00:37:07,680 --> 00:37:11,320 and kind of a live selfie test. And then some of that 666 00:37:11,320 --> 00:37:14,080 information can then be leveraged from an authentication 667 00:37:14,080 --> 00:37:17,160 standpoint. But all this is trending toward 668 00:37:17,160 --> 00:37:20,680 getting away from the password and having a better sense of 669 00:37:20,840 --> 00:37:22,840 that. The person on the other end is 670 00:37:22,840 --> 00:37:25,320 who they say they are. Yeah, I got to give a lot of 671 00:37:25,320 --> 00:37:28,480 credit to the Fight Alliance for really pushing pass keys 672 00:37:28,480 --> 00:37:31,920 forward, getting basically the big three in the same room, 673 00:37:31,920 --> 00:37:34,680 Microsoft, Google and Apple, to collaborate on this, which is no 674 00:37:34,680 --> 00:37:37,680 small feat. So shout out to Andrew, Shikiar 675 00:37:37,680 --> 00:37:41,040 and Megan and Adrian over there. We'll be at Authenticate later 676 00:37:41,040 --> 00:37:42,320 this year. We're big supporters of that 677 00:37:42,320 --> 00:37:45,600 organization, but you can show your appreciation by sending 678 00:37:45,600 --> 00:37:47,880 your favorite Heart song to Andrew Shikiar, 'cause he's such 679 00:37:47,880 --> 00:37:50,160 a big fan of Heart. We want to make sure that, you 680 00:37:50,160 --> 00:37:53,480 know he gets that. Chad, where do you see 681 00:37:53,920 --> 00:37:57,720 authentication going? I I don't think I have anything 682 00:37:57,720 --> 00:37:59,320 materially different to say to that. 683 00:37:59,320 --> 00:38:03,280 I mean password list is really what all the clients that I 684 00:38:03,280 --> 00:38:07,000 talked to aspire to get to. Now many of them they have 685 00:38:07,680 --> 00:38:10,560 difficulty just get getting people to change a password you 686 00:38:10,680 --> 00:38:14,720 know once in their life cycle of journey at that client. 687 00:38:14,720 --> 00:38:18,280 But password list is really where I see more and more 688 00:38:18,280 --> 00:38:22,280 clients wanting to go. But interestingly it's it's all 689 00:38:22,280 --> 00:38:24,800 about, it's more about the frictionless experience for 690 00:38:24,800 --> 00:38:28,680 their constituents, whether that's employees or vendors or 691 00:38:28,680 --> 00:38:31,680 customers than it is even they're not even thinking about 692 00:38:31,680 --> 00:38:34,720 it from a security perspective. It's more just we've got to stop 693 00:38:34,720 --> 00:38:37,840 asking people to remember 25 different passwords. 694 00:38:37,880 --> 00:38:43,480 And you know, Single Sign On is great when you can connect all 695 00:38:43,480 --> 00:38:48,040 of your systems to it. But as a lot of our, a lot of 696 00:38:48,040 --> 00:38:51,000 clients that I work with have environments that are very 697 00:38:51,000 --> 00:38:53,120 mixed. In some cases they're very easy 698 00:38:53,120 --> 00:38:56,280 to integrate Single Sign on, in other cases it's virtually 699 00:38:56,280 --> 00:38:59,800 impossible. So getting to something that's 700 00:39:00,320 --> 00:39:04,920 much easier for the end user is really where where we have to 701 00:39:04,920 --> 00:39:07,360 get to. We've got to find ways, creative 702 00:39:07,360 --> 00:39:09,920 ways to get there easily for clients. 703 00:39:11,160 --> 00:39:13,360 Yeah, I think over the last couple years, COVID really kind 704 00:39:13,360 --> 00:39:18,000 of forced people down the MFA route if they haven't already, 705 00:39:18,000 --> 00:39:20,600 which they should have been, but a enough like a little pandemic 706 00:39:20,600 --> 00:39:24,240 to get people started. So we're past that now and I 707 00:39:24,240 --> 00:39:26,440 think like most organizations, MFA now, they're looking at 708 00:39:26,440 --> 00:39:28,800 password lists, they're looking at, I've seen a lot of interest 709 00:39:28,800 --> 00:39:30,960 in Windows Hello for Business on the Microsoft side. 710 00:39:31,080 --> 00:39:34,400 So you know, projects coming along where it's like, hey, the 711 00:39:34,600 --> 00:39:38,160 the hardware cycle has caught up with where it's been from a 712 00:39:38,160 --> 00:39:40,480 software perspective. Remember, you know, Windows 713 00:39:40,480 --> 00:39:42,760 Hello might sound like, Oh yeah, it's been around for a while. 714 00:39:42,760 --> 00:39:44,840 But if you think about it from like a organizational 715 00:39:44,840 --> 00:39:48,400 perspective, it takes time to refresh hardware and it usually 716 00:39:48,400 --> 00:39:50,600 takes multiple years to kind of get everybody up to the same 717 00:39:50,600 --> 00:39:53,400 playing level. Do I have a compatible 718 00:39:54,000 --> 00:39:56,240 fingerprint reader or camera or things like that. 719 00:39:56,240 --> 00:39:58,680 And you know, thankfully now we're into that phase. 720 00:39:59,040 --> 00:40:01,240 So I am seeing more Windows Hello for Business and sort of 721 00:40:01,240 --> 00:40:03,600 taking that approach of I don't want to have to type my password 722 00:40:03,600 --> 00:40:05,360 a whole bunch of times. You know, I mean I I have 723 00:40:05,360 --> 00:40:08,520 Windows Hello set up on my work machine and I look at my camera 724 00:40:08,520 --> 00:40:11,000 and I'm in, you know, and it and it works great. 725 00:40:12,000 --> 00:40:13,600 So I think that's that's been a nice trend. 726 00:40:14,240 --> 00:40:16,360 Why don't we shift gears to authorization? 727 00:40:16,480 --> 00:40:17,880 And Jim, I'll come back to you on this one. 728 00:40:17,880 --> 00:40:20,240 Where do you see things going from an authorization 729 00:40:20,240 --> 00:40:23,200 standpoint? Well, I mean obviously the hot 730 00:40:23,200 --> 00:40:28,240 trend is around P back, a back re back, what does they're? 731 00:40:28,240 --> 00:40:29,840 Using acronyms, let's not lose people. 732 00:40:30,360 --> 00:40:33,680 OK P back policy based authentication. 733 00:40:33,760 --> 00:40:39,680 A back attribute based authentication. 734 00:40:40,080 --> 00:40:45,280 Re back is relationship based authentication and it's not that 735 00:40:45,280 --> 00:40:48,040 I'm against those things. Those things are great trends. 736 00:40:48,400 --> 00:40:54,440 What I still see organizations, clients having to do is RBAC. 737 00:40:55,000 --> 00:40:59,480 They understand RBAC, they get the concept, they can start to 738 00:40:59,480 --> 00:41:04,000 develop it without having to change their paradigm. 739 00:41:04,600 --> 00:41:07,120 But guess what? The other thing is, almost every 740 00:41:07,120 --> 00:41:12,120 organization I talk to, their group management in their Active 741 00:41:12,120 --> 00:41:15,400 Directory, their enter ID is a nightmare. 742 00:41:15,680 --> 00:41:17,840 They have more groups than they have users. 743 00:41:18,000 --> 00:41:20,160 They don't have the owners assigned to the groups. 744 00:41:20,160 --> 00:41:24,440 They they've got an ugly nesting maybe they've got poor 745 00:41:24,440 --> 00:41:27,240 descriptions and they've got groups that people just don't 746 00:41:27,240 --> 00:41:29,800 know what they do. They're afraid to delete them. 747 00:41:29,800 --> 00:41:33,000 They're afraid to write the description that says this group 748 00:41:33,000 --> 00:41:36,600 does XY and Z, because what if it also does PDQ? 749 00:41:38,360 --> 00:41:42,160 You know? So anyway, I think this entire 750 00:41:42,160 --> 00:41:46,040 spectrum is what's going to continue to happen. 751 00:41:46,040 --> 00:41:48,040 I think it's different than authentication, right? 752 00:41:48,320 --> 00:41:51,080 It's not like you're going to see more and more password, 753 00:41:51,480 --> 00:41:53,480 you're going to see the password go away. 754 00:41:53,800 --> 00:41:57,760 I think 510 years from now, it's like the only folks using 755 00:41:57,760 --> 00:42:00,400 passwords are like true laggards. 756 00:42:00,600 --> 00:42:01,960 I I mean, it's getting there now. 757 00:42:01,960 --> 00:42:06,120 So I'm saying I'm being generous by saying 5-10 years RBAC is 758 00:42:06,240 --> 00:42:08,760 definitely going to be around 5 years from now. 759 00:42:09,920 --> 00:42:13,160 Yeah, I I find a lot of organizations want to be our 760 00:42:13,160 --> 00:42:14,880 back or role based access control. 761 00:42:14,880 --> 00:42:18,280 They get about 15 minutes down that road and like oh, this is 762 00:42:18,280 --> 00:42:19,320 harder than I thought it would be. 763 00:42:19,320 --> 00:42:21,480 You know what I mean? We just can't make a, you know, 764 00:42:21,480 --> 00:42:24,400 a role called analyst. OK, well, you know, do you have 765 00:42:24,400 --> 00:42:25,600 the data, do you even back it up? 766 00:42:25,600 --> 00:42:27,040 That's another challenge typically see. 767 00:42:27,040 --> 00:42:29,800 So I'm right there with you. I've always been a fan of 768 00:42:29,800 --> 00:42:34,840 alternative backs. So attribute based is generally 769 00:42:34,840 --> 00:42:38,520 where I like to start things because generally you can say is 770 00:42:38,520 --> 00:42:41,480 this person an employee or not an employee Generally that's 771 00:42:41,480 --> 00:42:44,000 well defined. You can start to drive rules or 772 00:42:44,000 --> 00:42:46,040 policies based off those different attributes. 773 00:42:46,640 --> 00:42:49,800 Chad, what are you seeing from an authorization standpoint and 774 00:42:49,800 --> 00:42:54,360 where the industry's headed? So I I don't disagree with Jim 775 00:42:54,360 --> 00:42:56,720 about the about RBAC not going away. 776 00:42:57,160 --> 00:43:01,080 For a lot of organizations that's pardon the pun, a four 777 00:43:01,080 --> 00:43:03,480 letter word, right. They've gone down that path and 778 00:43:03,800 --> 00:43:06,080 like you said they've realized and this is a lot more 779 00:43:06,080 --> 00:43:07,480 complicated than we thought it was. 780 00:43:08,120 --> 00:43:13,520 But ultimately for many, for many companies that's really the 781 00:43:13,520 --> 00:43:18,080 only thing that they can, they can tie on to a degree R BAC is 782 00:43:18,680 --> 00:43:20,480 can be a little bit like a BAC, right. 783 00:43:20,480 --> 00:43:22,680 You can leverage some of the same principles which I think is 784 00:43:22,680 --> 00:43:25,760 great being able to do that attribute based access. 785 00:43:25,760 --> 00:43:31,120 I think where I see us getting to down the road is a little bit 786 00:43:31,120 --> 00:43:35,600 more effective dynamic evaluation of access really to 787 00:43:35,600 --> 00:43:41,360 be able to get to be able to make it easier to administer the 788 00:43:41,360 --> 00:43:45,640 process, be make it easier to kind of govern the controls. 789 00:43:46,400 --> 00:43:50,000 The hurdles that I think we've seen recently with a lot of the 790 00:43:50,440 --> 00:43:54,400 dynamic conditional access, dynamic groups, those types of 791 00:43:54,400 --> 00:43:59,080 things is more from a governance and an audit perspective because 792 00:43:59,080 --> 00:44:03,680 there's no historically has not been a good way to actually 793 00:44:03,680 --> 00:44:08,080 determine why that person was granted access at that given 794 00:44:08,080 --> 00:44:11,640 time in the in the past, right. You've got policies and you can 795 00:44:11,640 --> 00:44:14,840 say, well it's because they fit in this bucket, right. 796 00:44:14,840 --> 00:44:17,720 If you've got a series of screens and they made it all the 797 00:44:17,720 --> 00:44:20,680 way through each and they have the access they need, but there 798 00:44:20,680 --> 00:44:23,600 is no accounting for how they got that right. 799 00:44:23,600 --> 00:44:25,400 And that's where I think the gap has been there. 800 00:44:25,800 --> 00:44:27,840 It's got a lot of promise because I think people would 801 00:44:28,240 --> 00:44:33,480 much rather define a policy and manage that policy rather than 802 00:44:33,480 --> 00:44:36,760 going through and managing thousands and thousands of 803 00:44:36,760 --> 00:44:40,360 discreet roles. I I think we need to get there. 804 00:44:40,560 --> 00:44:43,880 I just don't think that the technology is is there yet where 805 00:44:43,880 --> 00:44:46,880 it needs to be. It's a probably a pretty good 806 00:44:46,880 --> 00:44:49,120 segue because they think the next thing I want to talk about 807 00:44:49,120 --> 00:44:52,080 is automation. I feel like to do things around 808 00:44:52,080 --> 00:44:55,680 automation or or say around policy based access control. 809 00:44:55,680 --> 00:44:58,440 Attribute based access control is you need some level of 810 00:44:58,440 --> 00:45:00,600 automation to actually make this real. 811 00:45:01,920 --> 00:45:05,280 Jim, where do you see automation helping those things or maybe 812 00:45:05,280 --> 00:45:06,720 other areas in the identity industry? 813 00:45:07,080 --> 00:45:14,240 Think that our scope as identity professionals is growing so fast 814 00:45:14,240 --> 00:45:18,080 and it can't all be done without automation. 815 00:45:19,560 --> 00:45:23,920 And I think most organizations who are in kind of a a laggard 816 00:45:23,920 --> 00:45:28,640 position or under invested over time, some of those, if you take 817 00:45:28,640 --> 00:45:31,920 over an identity program or maybe even managing it for a 818 00:45:31,920 --> 00:45:37,840 long period of time and haven't had investment in terms of you 819 00:45:37,840 --> 00:45:42,400 know spending money on automation, that's where you 820 00:45:42,400 --> 00:45:45,120 want to go, right. And that's how you're going to 821 00:45:45,120 --> 00:45:49,840 be able to do more with your resources is by automating as 822 00:45:49,840 --> 00:45:52,000 much as possible. So provisioning and 823 00:45:52,000 --> 00:45:54,320 deprovisioning has got to have automation. 824 00:45:55,160 --> 00:45:58,720 You've got to have automation in terms of you're monitoring and 825 00:45:58,720 --> 00:46:03,760 alerting as well and response. So that's the other one of the 826 00:46:03,760 --> 00:46:07,320 other big challenges is that you know you've seen these slides 827 00:46:07,320 --> 00:46:11,320 where it talks about the anatomy of a breach and it's like it 828 00:46:11,320 --> 00:46:15,320 takes 170 some days to figure out you've been breached, it 829 00:46:15,320 --> 00:46:18,720 takes this, that and the other. But when you find out like from 830 00:46:18,720 --> 00:46:22,360 the time clone breaches you to the time that they've got the 831 00:46:22,360 --> 00:46:24,840 keys to the Kingdom, it's like seconds. 832 00:46:25,400 --> 00:46:29,360 So your system has to be processing that data in real 833 00:46:29,360 --> 00:46:34,720 time to capture that that's happened and respond and the 834 00:46:34,720 --> 00:46:39,360 response has to be effective. So I think automation is, you 835 00:46:39,400 --> 00:46:42,000 know, table stakes at some level. 836 00:46:42,320 --> 00:46:45,800 What do you think? I mean, yeah, I think a lot of 837 00:46:45,800 --> 00:46:49,400 these things are really neat ideas, but they are not 838 00:46:49,400 --> 00:46:51,240 something that you can do by hand. 839 00:46:52,000 --> 00:46:54,760 If you're really serious about doing identity, you're going to 840 00:46:54,760 --> 00:46:57,800 need some level of automation. And it's going to be either, you 841 00:46:57,800 --> 00:46:59,880 know, identity governance, which is probably most traditionally 842 00:46:59,960 --> 00:47:02,000 associated with automation, onboarding, offboarding, like 843 00:47:02,000 --> 00:47:04,760 you mentioned, changes in access, taking your different 844 00:47:04,760 --> 00:47:07,400 attributes that you know about individuals or policies you 845 00:47:07,400 --> 00:47:10,960 define to say, OK, you know, Chad is here and he is a new 846 00:47:10,960 --> 00:47:13,320 joiner. And because he's a new joiner as 847 00:47:13,800 --> 00:47:17,680 an attribute of an employee in this department or this physical 848 00:47:17,680 --> 00:47:21,480 location, we've defined a policy that says these things mean you 849 00:47:21,480 --> 00:47:24,200 get these other things in automation or take them away. 850 00:47:24,280 --> 00:47:26,520 I think that's another way where automation is really helpful is 851 00:47:26,920 --> 00:47:30,040 a lot of organizations are really good at granting access 852 00:47:30,440 --> 00:47:33,360 and really not great at pulling away access when someone moves 853 00:47:33,360 --> 00:47:35,760 from, you know, one team to another team or whatever that 854 00:47:35,760 --> 00:47:37,880 looks like. So I think that's an area where 855 00:47:37,880 --> 00:47:39,800 automation is, is definitely big as well. 856 00:47:39,800 --> 00:47:42,920 But Chad, what do you think? Where do you see automation 857 00:47:42,920 --> 00:47:45,520 fitting into the identity industry and where things are 858 00:47:45,520 --> 00:47:48,360 going? Yeah, I think interestingly 859 00:47:48,360 --> 00:47:52,480 enough, back at the beginning of when when identity really 860 00:47:52,480 --> 00:47:55,280 started to become a thing, right, we like often call it the 861 00:47:55,280 --> 00:47:57,960 first wave of identity. It was all about connecting 862 00:47:57,960 --> 00:48:01,320 everything, connecting all the systems to drive a lot of that 863 00:48:01,320 --> 00:48:03,200 automation. That was kind of the promise 864 00:48:03,520 --> 00:48:06,000 back in the, you know, early 2000s. 865 00:48:06,000 --> 00:48:07,560 This is what identity is going to be. 866 00:48:08,360 --> 00:48:11,080 And everything failed like nothing worked. 867 00:48:11,160 --> 00:48:14,280 You couldn't connect to systems and then it shifted away from 868 00:48:14,280 --> 00:48:16,520 that and became more governance based. 869 00:48:17,080 --> 00:48:21,240 I think the rest of the technology around, you know, IT 870 00:48:21,960 --> 00:48:25,880 broadly has now gotten to a point where it actually may be 871 00:48:25,880 --> 00:48:28,680 possible to drive a lot more automation, right, as a lot of 872 00:48:28,680 --> 00:48:32,080 the legacy systems that you, you know, couldn't really integrate 873 00:48:32,080 --> 00:48:35,080 with very easily are all being retired. 874 00:48:35,080 --> 00:48:38,120 There's still obviously a lot out there, but the ability to 875 00:48:38,160 --> 00:48:42,600 integrate with systems for automation purposes I think is 876 00:48:42,600 --> 00:48:43,920 better now than it ever has been. 877 00:48:44,720 --> 00:48:48,080 As more organizations move to, you know, Federated models where 878 00:48:48,080 --> 00:48:52,480 you're leveraging some access management system to provide 879 00:48:52,480 --> 00:48:55,680 authentication and authorization, the ability to 880 00:48:55,680 --> 00:48:57,480 automate is just going to be that much better. 881 00:48:58,280 --> 00:49:02,800 So I I think, you know, the only way to do this effectively is to 882 00:49:02,840 --> 00:49:05,800 drive more automation. There are too many applications, 883 00:49:06,080 --> 00:49:09,360 too many users, too many regulations, too many controls 884 00:49:09,760 --> 00:49:13,440 for people to do that. I had a client the other day ask 885 00:49:13,440 --> 00:49:19,960 me, are there any tools out there that we can use to verify 886 00:49:19,960 --> 00:49:24,080 that our help desk did made the changes to the accounts that 887 00:49:24,080 --> 00:49:25,400 they were asked to in the ticket? 888 00:49:26,960 --> 00:49:29,960 So basically, are there is there automation that we can you put 889 00:49:29,960 --> 00:49:32,360 in place to check the work of a human? 890 00:49:33,520 --> 00:49:37,080 So like that's a very interesting idea, but why 891 00:49:37,080 --> 00:49:39,960 wouldn't you just remove the human from that process, you 892 00:49:39,960 --> 00:49:43,720 know, to start with and then put the human back in to check the 893 00:49:43,720 --> 00:49:47,320 work of the automated system, right. 894 00:49:47,320 --> 00:49:52,280 So I think we've got to drive towards more automation broadly 895 00:49:52,280 --> 00:49:56,680 across all of Identity. And that automation typically 896 00:49:56,680 --> 00:49:59,560 leads to more data than you probably know what to do with. 897 00:49:59,920 --> 00:50:05,280 So next topic is AI and analytics, because AI has really 898 00:50:05,280 --> 00:50:07,760 kind of taken the world by storm the last couple years, but 899 00:50:07,760 --> 00:50:11,160 generally in the last year or so, that means that we have 900 00:50:11,160 --> 00:50:13,200 better tools to sift through data. 901 00:50:13,680 --> 00:50:17,200 Jim, where do you see AI impacting identity in the 902 00:50:17,200 --> 00:50:20,280 analytic space? Here's where I am right now is 903 00:50:20,280 --> 00:50:29,280 that I believe AI could be used in an IM system, call it IGA, or 904 00:50:29,280 --> 00:50:34,680 call it like the total picture of your system to query it for 905 00:50:35,040 --> 00:50:38,920 meaningful information. It could start like, you know, 906 00:50:39,440 --> 00:50:42,560 just iterative questions that build on themselves. 907 00:50:43,000 --> 00:50:45,600 Give me a list of all the people who have access to this 908 00:50:45,600 --> 00:50:49,960 application. Now no I want to see the 909 00:50:49,960 --> 00:50:51,920 administrators of that application. 910 00:50:51,920 --> 00:50:57,320 Or you know who has access to be the administrator of that 911 00:50:57,320 --> 00:51:03,720 application and is also at least a a a power user of this other 912 00:51:03,720 --> 00:51:06,240 application. So in other words, have a way 913 00:51:06,240 --> 00:51:09,960 that people who maybe don't know how to use advanced reporting 914 00:51:09,960 --> 00:51:15,760 tools can go and make take me ask meaningful questions of your 915 00:51:15,760 --> 00:51:18,680 IM system to get meaningful answers. 916 00:51:18,840 --> 00:51:23,120 So I could see that as a fantastic way to use AI, and 917 00:51:23,120 --> 00:51:26,960 where I'd like to see it go is to be able to ask questions that 918 00:51:27,840 --> 00:51:29,480 we don't have the data for it now. 919 00:51:29,680 --> 00:51:34,880 So tell me all the users who can enter an order in our order 920 00:51:34,880 --> 00:51:39,640 entry system or SAP system, the IM system would have to know 921 00:51:39,640 --> 00:51:42,720 enough about. Or the AI would have to know 922 00:51:42,720 --> 00:51:47,800 about enough about your IM system, which is which roles and 923 00:51:47,800 --> 00:51:50,640 groups entitlements are going to give me that access. 924 00:51:51,000 --> 00:51:54,080 And then maybe it's going to have to know enough about SAP to 925 00:51:54,360 --> 00:52:00,680 understand how those groups map to some entitlement structure 926 00:52:00,680 --> 00:52:05,160 within SAP that gives you access to that order entry screen 927 00:52:05,160 --> 00:52:08,200 within SAP. You know, in other words, it's 928 00:52:08,240 --> 00:52:12,120 it's going to have to be the big brain that can cross the chasm 929 00:52:12,120 --> 00:52:17,640 of identity and business systems to kind of drill down and ask 930 00:52:17,640 --> 00:52:19,560 questions that we can't answer today. 931 00:52:20,000 --> 00:52:22,800 And what why couldn't AI do that? 932 00:52:22,880 --> 00:52:25,640 What? Why couldn't AI have a big brain 933 00:52:25,920 --> 00:52:29,400 and understand both of those models and and look at the 934 00:52:29,920 --> 00:52:32,720 entitlement structure of those applications, especially 935 00:52:33,000 --> 00:52:36,920 packaged applications? So it sounds like you see AI as 936 00:52:36,920 --> 00:52:40,880 being more of a helper for people using IM because what 937 00:52:40,880 --> 00:52:44,600 you're describing saw sounds off like querying data, right? 938 00:52:44,680 --> 00:52:48,400 And today, maybe you need to run Sequel statements and look at a 939 00:52:48,400 --> 00:52:51,560 database and pull pull data to make reports and things like 940 00:52:51,560 --> 00:52:53,720 that. I certainly see that same use 941 00:52:53,720 --> 00:52:56,160 cases like, yeah, show me all the users who have access to 942 00:52:56,160 --> 00:52:59,040 this rather than doing Sequel joins and trying to figure out, 943 00:52:59,320 --> 00:53:01,240 you know, what your database schema looks like to pull this 944 00:53:01,240 --> 00:53:04,040 information together or trying to do some sort of custom 945 00:53:04,040 --> 00:53:05,280 report. I think that's a really 946 00:53:05,280 --> 00:53:09,000 interesting approach to it is, you know, talking to your 947 00:53:09,000 --> 00:53:11,400 identity system basically, right? 948 00:53:11,400 --> 00:53:15,160 And talking to it and say here's what I'm looking for hey 949 00:53:15,440 --> 00:53:18,760 identity system give me this information and it's it's kind 950 00:53:18,760 --> 00:53:21,520 of the ultimate low code no code environment if you think about 951 00:53:21,520 --> 00:53:23,480 which is where we've been heading in the last you know 952 00:53:23,480 --> 00:53:25,280 several years was that it? Same thing. 953 00:53:25,920 --> 00:53:28,920 It's just instead of doing drags, dragging blocks on a 954 00:53:28,920 --> 00:53:30,800 screen, now we're just talking to it. 955 00:53:30,800 --> 00:53:34,280 Say hey product, give me this information. 956 00:53:35,560 --> 00:53:39,400 Yeah, you know, I think so. I think that's the the one major 957 00:53:39,400 --> 00:53:41,640 functional use case that I would like to see. 958 00:53:42,000 --> 00:53:44,960 I think the other thing I will do is chase the money. 959 00:53:45,280 --> 00:53:50,200 I I kind of feel like if you could have AI automate the work 960 00:53:50,200 --> 00:53:53,720 of an IM team across 50, a hundred, a thousand different 961 00:53:53,720 --> 00:53:56,720 organizations. So you get the same size team 962 00:53:56,960 --> 00:54:00,440 that can manage one organization, be able to manage 963 00:54:00,680 --> 00:54:03,880 hundreds or even thousands of organizations, Now you have a 964 00:54:03,880 --> 00:54:06,640 force multiplier. Well, you can only do that with 965 00:54:06,640 --> 00:54:10,000 a tremendous amount of automation. 966 00:54:10,120 --> 00:54:13,000 And if AI can become smart enough that it could build the 967 00:54:13,000 --> 00:54:17,160 automation and it could give you insight so that you could 968 00:54:17,160 --> 00:54:21,960 manage, now you free up a bigger portion of humanity to work on 969 00:54:21,960 --> 00:54:24,520 other things. Yeah, it's very similar to like 970 00:54:24,520 --> 00:54:27,440 when you know, manufacturing lines, automation started to hit 971 00:54:27,440 --> 00:54:28,920 that. You know, it used to be you'd 972 00:54:28,920 --> 00:54:31,000 have hundreds of people on a line building something. 973 00:54:31,520 --> 00:54:34,520 And I worked for SC Johnson for a while and I went to one of the 974 00:54:34,520 --> 00:54:37,240 factories and there was one person working a line spitting 975 00:54:37,240 --> 00:54:41,240 out 40,000 cases of Windex. So I I see it very similar 976 00:54:41,240 --> 00:54:44,720 except more more the IT production line so to speak, 977 00:54:45,200 --> 00:54:47,880 where you come in Chad, you've got a background in product. 978 00:54:47,880 --> 00:54:49,440 I'm curious from your perspective and all the 979 00:54:49,440 --> 00:54:53,440 experience you've had, where do you see AI hitting the AI or 980 00:54:53,440 --> 00:54:55,760 hitting the identity space and how is it going to help with 981 00:54:55,760 --> 00:54:58,760 analytics and things like that? Yes, I think there's there's two 982 00:54:58,760 --> 00:55:02,880 angles. I I, I love the idea of having 983 00:55:03,000 --> 00:55:07,320 AI that's smart enough to take a problem like application on 984 00:55:07,320 --> 00:55:10,600 boarding right? And that's that not only is that 985 00:55:10,600 --> 00:55:12,760 sort of instantiating the application in the various 986 00:55:12,760 --> 00:55:15,240 technologies but building the integrations right. 987 00:55:15,240 --> 00:55:19,360 You've got you know there's you can go to use AI now to generate 988 00:55:19,360 --> 00:55:22,480 code for things right. Imagine being able to just say, 989 00:55:22,480 --> 00:55:27,200 hey, I need to, I need to automate access for, you know, 990 00:55:27,200 --> 00:55:29,880 system X and just provide some information. 991 00:55:29,880 --> 00:55:33,680 And off the AI goes building the integration, connecting to the 992 00:55:33,680 --> 00:55:36,680 system, pulling it into all of your infrastructure. 993 00:55:37,280 --> 00:55:40,240 That's all stuff that needs to be done today to drive that 994 00:55:40,240 --> 00:55:43,720 automation, take that problem away, drive it through AI. 995 00:55:44,080 --> 00:55:46,160 And I think there are, you know, there are some vendors out there 996 00:55:46,160 --> 00:55:47,880 that are taking steps on that path. 997 00:55:48,480 --> 00:55:51,680 I think that's a that's a really cool idea to take some of the 998 00:55:51,680 --> 00:55:56,120 burden off the IT organization to be able to drive the breath 999 00:55:56,120 --> 00:56:00,520 of the implementation if you will, of these various 1000 00:56:00,520 --> 00:56:03,280 technologies. But I also think there's a end 1001 00:56:03,280 --> 00:56:06,520 user angle, right, an adoption angle that helps with this. 1002 00:56:08,000 --> 00:56:10,720 Like I said, just being able to say, hey, I need access to the 1003 00:56:10,720 --> 00:56:13,200 softball file share. Like I don't, I don't know where 1004 00:56:13,200 --> 00:56:15,720 to go for that, but just tell the AI and it goes off and 1005 00:56:15,720 --> 00:56:18,080 handles that for you. That sends things out for 1006 00:56:18,080 --> 00:56:20,880 approvals as necessary. So I think there's an end user 1007 00:56:20,880 --> 00:56:23,840 enablement or empowerment angle with AI. 1008 00:56:24,840 --> 00:56:27,880 I'm really interested and I'm actually looking forward to one 1009 00:56:27,880 --> 00:56:31,360 of the panels that identiverse that's talking about AI from AN, 1010 00:56:31,600 --> 00:56:33,480 you know, from a threat perspective with identity 1011 00:56:33,480 --> 00:56:35,120 security. Like that's something I'm really 1012 00:56:35,120 --> 00:56:38,440 excited to dig into a little bit more because, you know, you've 1013 00:56:38,440 --> 00:56:41,120 got the people that love AI, love to use it. 1014 00:56:41,120 --> 00:56:43,360 I use it fairly regularly. A big fan. 1015 00:56:44,240 --> 00:56:46,960 You've got the doomsayers that are like, oh, it's going to be 1016 00:56:46,960 --> 00:56:50,720 Skynet and yeah, I can, you know, it can go both of those 1017 00:56:50,720 --> 00:56:53,040 paths. But I think it's going to be, 1018 00:56:53,040 --> 00:56:55,080 there's going to be a balance. We've got to find good use 1019 00:56:55,080 --> 00:56:57,280 cases. The amount of data that these 1020 00:56:57,280 --> 00:57:01,720 identity systems generate is tremendous and there's minimal 1021 00:57:01,720 --> 00:57:03,520 correlation between those systems. 1022 00:57:04,280 --> 00:57:07,520 Not a person is not going to be able to make those correlations 1023 00:57:07,520 --> 00:57:10,800 and define those patterns and and action from there. 1024 00:57:11,120 --> 00:57:14,680 So that's where I think we can use AI from a from an analysis 1025 00:57:14,680 --> 00:57:18,000 and a monitoring perspective to make our people smarter and 1026 00:57:18,000 --> 00:57:21,040 where they focus their attention in addition to a lot of the 1027 00:57:21,040 --> 00:57:24,400 automation capabilities that I think it will be more enabling 1028 00:57:24,400 --> 00:57:26,720 technologies. You bring up a couple 1029 00:57:26,720 --> 00:57:29,600 interesting points there. And this idea of a copilot seems 1030 00:57:29,600 --> 00:57:33,680 to be catching a lot of traction with the industry of some some 1031 00:57:33,680 --> 00:57:36,320 sort of helper, right, that's helping you navigate through 1032 00:57:36,320 --> 00:57:38,000 whatever it is you're trying to do today in space. 1033 00:57:38,880 --> 00:57:41,400 You brought up security of AI, which I think is really 1034 00:57:41,400 --> 00:57:42,480 important. So, you know, I'm looking 1035 00:57:42,480 --> 00:57:44,920 forward probably the same session that you're referring to 1036 00:57:44,920 --> 00:57:47,280 it identivers, but I think that's something we're going to 1037 00:57:47,280 --> 00:57:50,560 have to navigate together and say, OK, well how do we keep 1038 00:57:50,560 --> 00:57:54,560 these? AI is safe and secure and you 1039 00:57:54,560 --> 00:57:57,200 know, large language models and they don't get poisoned with, 1040 00:57:57,680 --> 00:58:00,560 you know, false information or manipulation or whatever that 1041 00:58:00,560 --> 00:58:02,640 might be. It'll be interesting to see how 1042 00:58:02,640 --> 00:58:08,920 the industry moves forward with this idea of AII can very I can 1043 00:58:08,920 --> 00:58:13,000 my my vision right here is I see like a generalized AI and I 1044 00:58:13,000 --> 00:58:18,520 think about things like Chachi, BT, Gemini, Meta, Perplexity, 1045 00:58:18,520 --> 00:58:21,800 which is kind of a mix of everything clawed and that's 1046 00:58:21,800 --> 00:58:25,200 sort of like the general AI. Then I see very specific AI, 1047 00:58:25,600 --> 00:58:28,960 large language models or generative AI that is very 1048 00:58:28,960 --> 00:58:32,280 product specific. Oh, here is the sail point. 1049 00:58:32,520 --> 00:58:35,800 AI, here is the Sabian AI, here is the Octa, the ping, the 1050 00:58:35,800 --> 00:58:40,080 Microsoft right And how those models interact together and 1051 00:58:40,080 --> 00:58:46,200 keep your data safe and not have a transitive attack from another 1052 00:58:46,200 --> 00:58:47,920 large language model into another one. 1053 00:58:47,920 --> 00:58:50,040 Will be interesting to see how that develops. 1054 00:58:50,480 --> 00:58:53,440 You know I'm I'm sure there are already plenty of companies that 1055 00:58:53,440 --> 00:58:56,600 are you know thinking about what their their startup is going to 1056 00:58:56,600 --> 00:59:00,960 be or is to protect protect your large language model. 1057 00:59:00,960 --> 00:59:03,600 Protect your AI, right. Shield it from that thing. 1058 00:59:03,600 --> 00:59:06,720 And maybe this is just at the end of the day API management, 1059 00:59:07,400 --> 00:59:09,440 how are we managing? AP is talking to each. 1060 00:59:09,880 --> 00:59:12,360 Other right. It is an interesting thing to 1061 00:59:12,360 --> 00:59:15,640 think through because obviously you want you want those sort of 1062 00:59:15,640 --> 00:59:19,920 proprietary large language models to be able to reap the 1063 00:59:19,920 --> 00:59:22,240 benefits of all of the public ones that are out there and the 1064 00:59:22,240 --> 00:59:24,640 more general ones. But you need to be able to 1065 00:59:24,640 --> 00:59:28,080 segment your own data that you want to feed it so that it's 1066 00:59:28,080 --> 00:59:31,000 smarter about your firm and what you're trying to accomplish and 1067 00:59:31,000 --> 00:59:34,840 let your people do. So that's a that's a interesting 1068 00:59:34,840 --> 00:59:37,280 balance of trying to understand how to firewall that. 1069 00:59:38,040 --> 00:59:40,520 And there might even be tenants within tenants. 1070 00:59:40,760 --> 00:59:46,720 So say you're an A cloud identity provider and you've got 1071 00:59:47,080 --> 00:59:49,560 70 customers and they're all putting data in. 1072 00:59:49,560 --> 00:59:52,800 Now it might be really interesting, at least from an 1073 00:59:52,800 --> 00:59:57,360 administrative perspective to say to query that data spanning 1074 00:59:57,360 --> 01:00:00,640 all 70. But then you wouldn't want two 1075 01:00:00,640 --> 01:00:04,560 of your customers to start looking at asking questions that 1076 01:00:04,560 --> 01:00:07,800 would violate that that tenancy model. 1077 01:00:07,800 --> 01:00:11,600 In other words, what's my competitor doing with IAM? 1078 01:00:11,760 --> 01:00:16,320 How many accounts do they have? What's their password policy I 1079 01:00:16,320 --> 01:00:18,080 mean? No, those aren't really 1080 01:00:18,080 --> 01:00:22,280 competitive secrets. Maybe, but still, you don't want 1081 01:00:22,280 --> 01:00:24,200 them. You don't want to have that 1082 01:00:24,200 --> 01:00:26,800 happen. Well, I'm looking forward to the 1083 01:00:26,840 --> 01:00:28,680 day when AI start arguing amongst themselves trying to 1084 01:00:28,680 --> 01:00:31,880 resolve conflicts. Well, the SAPAI is saying I can 1085 01:00:31,880 --> 01:00:34,760 run this T code, but the other AI is saying that you can't. 1086 01:00:34,760 --> 01:00:36,000 OK, well, you guys figure it out. 1087 01:00:36,000 --> 01:00:38,920 Wake me up when when you've got that figured out. 1088 01:00:39,880 --> 01:00:42,120 Chad, you mentioned Identiverse. We're going to be out there in 1089 01:00:42,120 --> 01:00:45,400 full force and, you know, hopefully people come out, meet 1090 01:00:45,400 --> 01:00:48,640 with us, but what are you looking forward to most at this 1091 01:00:48,640 --> 01:00:51,640 year's Identiverse? I think the thing most I'm 1092 01:00:51,640 --> 01:00:55,120 looking for, there's a little panel on Wednesday about 1093 01:00:55,120 --> 01:00:58,760 identity security that this guy, Jeff Steadman is is moderating. 1094 01:00:58,760 --> 01:00:59,920 I'm really looking forward to that. 1095 01:01:00,560 --> 01:01:04,040 Check is on the mail. I think there's a couple of 1096 01:01:04,040 --> 01:01:06,960 things I'm I'm really looking forward to catching up with, you 1097 01:01:06,960 --> 01:01:08,760 know, new and long time friends, right? 1098 01:01:08,760 --> 01:01:10,640 As I mentioned at the beginning, I've been in this space for a 1099 01:01:10,640 --> 01:01:14,400 long time and every one of these concert concerts, these 1100 01:01:14,400 --> 01:01:19,560 conferences is like, you know, old, old friend week, right. 1101 01:01:19,560 --> 01:01:22,760 And it's just about OK, which firm are you with now, right, 1102 01:01:22,760 --> 01:01:25,440 Both from a software as well as a consulting perspective. 1103 01:01:25,440 --> 01:01:28,000 So it's great to catch up with those, those folks as well as 1104 01:01:28,000 --> 01:01:29,240 some clients that are going to be there. 1105 01:01:30,360 --> 01:01:34,080 But the two areas I mentioned AI, I'm really interested in 1106 01:01:34,080 --> 01:01:36,640 digging into that a bit more. We talked a bit about password 1107 01:01:36,680 --> 01:01:40,320 lists and you know, candidly that's not an area that I have a 1108 01:01:40,320 --> 01:01:42,520 lot of expertise in. I usually go to gym when I have 1109 01:01:42,520 --> 01:01:45,840 questions about password list, but that's an area I'm, I'm 1110 01:01:45,840 --> 01:01:47,600 really interested. There's a number of sessions 1111 01:01:47,600 --> 01:01:50,520 that I'm going to be digging into just to get a little bit 1112 01:01:50,520 --> 01:01:53,640 more educated on that so that I can bring some of that knowledge 1113 01:01:53,640 --> 01:01:56,320 to my clients. Jim, what are you looking 1114 01:01:56,320 --> 01:01:59,720 forward to today anniversary? I think in the order of 1115 01:01:59,720 --> 01:02:03,400 importance, it's hallway conversations, It's podcasting. 1116 01:02:03,400 --> 01:02:07,920 So you and I, Jeff, work on trying to give a little taste of 1117 01:02:07,920 --> 01:02:10,840 what's going on, but have it be original content, right? 1118 01:02:10,840 --> 01:02:13,760 It's not just, you know, us dropping into a session and 1119 01:02:13,760 --> 01:02:17,400 recording them and and posting them on the Internet, which I 1120 01:02:17,400 --> 01:02:21,440 don't think the folks over at the Cyber Risk Alliance would 1121 01:02:21,440 --> 01:02:26,000 appreciate. No, it's all the conversations, 1122 01:02:26,080 --> 01:02:30,840 it's podcasting, It's attending as many sessions as we can fit 1123 01:02:30,840 --> 01:02:34,280 in other than those things above. 1124 01:02:34,320 --> 01:02:38,000 And then finally it's Las Vegas. I mean we're going to have go 1125 01:02:38,000 --> 01:02:39,960 out and have some fantastic food. 1126 01:02:40,200 --> 01:02:43,280 I'm looking forward to that part, look forward to the sights 1127 01:02:43,280 --> 01:02:46,320 and sounds. I'm probably leaving something 1128 01:02:46,320 --> 01:02:48,720 out, but what do you, what are you looking forward to, Forward 1129 01:02:48,720 --> 01:02:50,560 to Jeff? I mean it's pretty much what you 1130 01:02:50,560 --> 01:02:52,640 guys said. I think for me it is very much 1131 01:02:52,640 --> 01:02:56,120 like a high school reunion almost where you know, if the 1132 01:02:56,600 --> 01:02:59,640 the identity industry is a very small industry comparatively to 1133 01:02:59,640 --> 01:03:03,040 others and people tend to know each other and chatty hit on the 1134 01:03:03,040 --> 01:03:05,040 head, it's like, OK, well, which company you're with now or which 1135 01:03:05,040 --> 01:03:07,640 consulting firm or whatever it may be, which vendor and people 1136 01:03:07,640 --> 01:03:09,600 tend to move around a little bit in the space. 1137 01:03:10,640 --> 01:03:12,960 And so just meeting people, you know, sometimes this is the one, 1138 01:03:13,120 --> 01:03:16,360 one time of year that I might see somebody who's over at X 1139 01:03:16,360 --> 01:03:18,840 organization and we catch up for a little bit and say, all right, 1140 01:03:18,840 --> 01:03:20,880 well, see you next year or see you at the next conference, 1141 01:03:20,880 --> 01:03:22,960 maybe Gartner, you know, later this year, stuff like that. 1142 01:03:23,760 --> 01:03:26,280 But yeah, I think just the hallway conversations meeting 1143 01:03:26,280 --> 01:03:31,920 people, you know, establishing or just you know strengthening 1144 01:03:31,920 --> 01:03:34,760 relationships we've got out there in the space and you know 1145 01:03:34,760 --> 01:03:38,080 just trying to be a a a good friendly dude to to walk up to 1146 01:03:38,080 --> 01:03:41,160 and say hello to. So that's what I look forward 1147 01:03:41,160 --> 01:03:42,480 to. And then of course, you know I'm 1148 01:03:42,560 --> 01:03:45,880 moderating a panel our friend Sean and and the tool have asked 1149 01:03:45,880 --> 01:03:48,920 me to moderate a panel on identity security with Cape 1150 01:03:49,280 --> 01:03:52,520 Continuous Authentication Evaluation Profile. 1151 01:03:52,560 --> 01:03:57,680 So I will be the person helping the smart people get the word 1152 01:03:57,680 --> 01:04:00,520 out for that and quiz them with questions and things like that. 1153 01:04:00,520 --> 01:04:05,120 So that'll be on Wednesday, May 29th, Joshua 10 plug for that 1154 01:04:05,120 --> 01:04:09,320 11:40 AM come out see me sweat on the stage as I don't know as 1155 01:04:09,320 --> 01:04:11,880 much as these other guys but I'm sure it'll be a a good one. 1156 01:04:11,880 --> 01:04:14,600 But that's what I look forward to and and you said it Jim 1157 01:04:14,600 --> 01:04:16,920 Vegas, I know a lot of people don't like Vegas. 1158 01:04:17,520 --> 01:04:19,320 I don't gamble. I don't really drink. 1159 01:04:19,360 --> 01:04:23,880 So the food and the world class people watching and you know the 1160 01:04:23,880 --> 01:04:26,280 shows if there's time for that all top notch. 1161 01:04:26,280 --> 01:04:29,320 So I'm always a fan of that and generally everything is pretty 1162 01:04:29,320 --> 01:04:31,680 easy to get around to, especially in a location like 1163 01:04:31,680 --> 01:04:35,000 we're out in the area where you know, you've got the Cosmo, the 1164 01:04:35,000 --> 01:04:37,440 Vadara and you're just a few steps away from, you know, the 1165 01:04:37,440 --> 01:04:40,240 the strip itself. So I'm, I'm looking forward to 1166 01:04:40,240 --> 01:04:42,000 it all. And of course, editing podcasts 1167 01:04:42,000 --> 01:04:44,960 every night just to try and get something out on time, since 1168 01:04:44,960 --> 01:04:47,280 you're a real slave driver when it comes to the podcast gym. 1169 01:04:48,360 --> 01:04:50,960 Six episodes in three days, baby. 1170 01:04:51,120 --> 01:04:52,520 Yeah. And now we're doing a video, so 1171 01:04:52,520 --> 01:04:56,600 that's just even more work. So, all right, we have gone over 1172 01:04:56,600 --> 01:04:59,840 an hour, but I'm happy to keep going here for a few more 1173 01:04:59,840 --> 01:05:02,400 minutes. Let's close out a couple ways. 1174 01:05:02,400 --> 01:05:04,760 The first will be I am horror stories. 1175 01:05:05,240 --> 01:05:08,200 You know, I think we've all been in this space for 20 plus years. 1176 01:05:08,560 --> 01:05:10,760 We've probably come across some really weird stuff. 1177 01:05:10,840 --> 01:05:13,760 The rules of the game are, you know, a Horror Story. 1178 01:05:13,760 --> 01:05:15,520 But we will protect the innocent. 1179 01:05:15,520 --> 01:05:17,440 We won't name names, we won't name clients or anything like 1180 01:05:17,440 --> 01:05:20,240 that. But I think hopefully these are 1181 01:05:20,240 --> 01:05:24,760 stories that we have that will help people avoid some of these 1182 01:05:24,760 --> 01:05:28,560 situations in the future, or at least be aware of what these can 1183 01:05:28,560 --> 01:05:30,640 happen, you know? If you don't account for that, 1184 01:05:31,200 --> 01:05:33,680 Chad, we'll start with you. Do you have any good? 1185 01:05:33,680 --> 01:05:37,520 I am horror stories. So this one is it's interesting, 1186 01:05:37,520 --> 01:05:39,600 it's it's somewhat of a Horror Story. 1187 01:05:40,040 --> 01:05:43,000 I worked with a client for many, many years. 1188 01:05:44,160 --> 01:05:48,800 This back when I first got started an identity and it was 1189 01:05:48,800 --> 01:05:52,560 one of those situations where you gather, you meet with a lot 1190 01:05:52,560 --> 01:05:54,760 of folks, you gather a lot of information, you understand 1191 01:05:54,760 --> 01:06:00,280 really where they want to go and and you build out a truly world 1192 01:06:00,280 --> 01:06:02,920 class solution for them. It was amazing. 1193 01:06:02,920 --> 01:06:06,280 It did everything like made you coffee, you know, took the dog 1194 01:06:06,280 --> 01:06:08,440 out, did did everything you needed, connected to thousands 1195 01:06:08,440 --> 01:06:12,800 of different applications, built out roles. 1196 01:06:12,800 --> 01:06:15,960 All of those things are true, like a really robust IGA 1197 01:06:15,960 --> 01:06:23,240 platform and it worked great and then they had a team of like 60 1198 01:06:23,240 --> 01:06:26,640 people managing it, which now you think that's crazy like you 1199 01:06:26,640 --> 01:06:31,440 know we would ever do that. And probably three years later I 1200 01:06:31,480 --> 01:06:35,560 I ran into the CIO at A at a dinner one night and I just said 1201 01:06:35,560 --> 01:06:38,080 hey, how how's everything going? Because it's been I moved to 1202 01:06:38,120 --> 01:06:40,120 companies. And so I talked to him a little 1203 01:06:40,120 --> 01:06:42,680 bit about it. He said, you know, you you built 1204 01:06:42,680 --> 01:06:45,720 exactly what we asked you to build, but it turns out it 1205 01:06:45,720 --> 01:06:48,720 wasn't what we needed, right? It was. 1206 01:06:49,040 --> 01:06:52,120 They were just looking at things from a very tactical 1207 01:06:52,120 --> 01:06:54,800 perspective. Just fix these problems and just 1208 01:06:54,800 --> 01:06:58,000 make the like add more things and make it more complicated to 1209 01:06:58,000 --> 01:06:59,520 make it larger and larger and larger. 1210 01:07:00,040 --> 01:07:03,760 And it became unmanageable to a point where they continue to 1211 01:07:03,760 --> 01:07:06,680 have to add resources at people to manage the system. 1212 01:07:06,680 --> 01:07:08,960 And it really wasn't even remotely close to what they 1213 01:07:08,960 --> 01:07:13,440 needed. Now they paid a firm a lot of 1214 01:07:13,440 --> 01:07:15,960 money to build this and it did a lot of great things, but it 1215 01:07:15,960 --> 01:07:19,200 just, it became something that was unwieldy. 1216 01:07:19,360 --> 01:07:21,280 They couldn't support it anymore. 1217 01:07:21,560 --> 01:07:24,480 They couldn't move to new versions of the platform. 1218 01:07:25,600 --> 01:07:30,080 And unfortunately that's a pattern that I've seen over and 1219 01:07:30,080 --> 01:07:33,600 over and over again, right when you talk to clients that are on 1220 01:07:33,600 --> 01:07:38,560 their second or third iteration of of their identity journey and 1221 01:07:38,560 --> 01:07:40,840 they've done the same thing. They customize the heck out of 1222 01:07:40,840 --> 01:07:44,920 something and it's cost them millions and millions of dollars 1223 01:07:44,920 --> 01:07:48,080 and what they've got is some big mess of spaghetti, but they 1224 01:07:48,080 --> 01:07:50,680 don't know what to do with. So I know that's a little bit of 1225 01:07:50,680 --> 01:07:54,440 a general Horror Story that I unfortunately I see over and 1226 01:07:54,440 --> 01:07:56,880 over again. So how do you approach that 1227 01:07:56,880 --> 01:08:01,320 conversation with, you know, a client like that where, you 1228 01:08:01,320 --> 01:08:04,160 know, I think a lot of people are familiar with the phrase, 1229 01:08:04,160 --> 01:08:07,760 the customer is always right. Well, the customer is not always 1230 01:08:07,760 --> 01:08:09,360 right. Sometimes you have to help them 1231 01:08:09,360 --> 01:08:11,280 figure it out. How do you approach that 1232 01:08:11,280 --> 01:08:12,680 conversation? Say, hey, look, based on my 1233 01:08:12,680 --> 01:08:16,000 experience or here's why are they generally receptive to that 1234 01:08:16,000 --> 01:08:18,160 kind of conversation approach to say, hey, here's what you need 1235 01:08:18,160 --> 01:08:20,760 to be thinking about? And based on what you're telling 1236 01:08:20,760 --> 01:08:23,439 me or what you've built, here are some of the risks that are 1237 01:08:23,439 --> 01:08:26,319 out there. Yeah, I I I think your mileage 1238 01:08:26,319 --> 01:08:29,960 will vary on the the on the customer when you have that 1239 01:08:29,960 --> 01:08:32,840 conversation. For me it really comes down to 1240 01:08:32,840 --> 01:08:36,640 the organization's maturity around dealing with change. 1241 01:08:36,680 --> 01:08:39,120 It's not even like a technology maturity. 1242 01:08:39,120 --> 01:08:43,160 It's are they do they understand what true transformation 1243 01:08:43,160 --> 01:08:46,279 initiatives are like or is this their first time going through 1244 01:08:46,279 --> 01:08:48,800 it Because having that conversation about the 1245 01:08:48,800 --> 01:08:52,800 complexity of just trying to over engineer everything for you 1246 01:08:52,800 --> 01:08:57,520 know every single edge case. I think most people that I talk 1247 01:08:57,520 --> 01:09:00,560 to certainly most C level executives have done this a 1248 01:09:00,560 --> 01:09:03,439 number of times and they it resonates with them. 1249 01:09:03,680 --> 01:09:08,720 Don't do that again. But every it seems that there's 1250 01:09:08,720 --> 01:09:11,279 always somebody in an organization that says no, this 1251 01:09:11,279 --> 01:09:13,040 is the way we've always done it. We have to keep doing it this 1252 01:09:13,040 --> 01:09:16,920 way. So it's really hard to try to to 1253 01:09:16,920 --> 01:09:19,880 peel people back from that. But that's ultimately one of the 1254 01:09:19,880 --> 01:09:23,439 first questions that I talk to clients about when we start down 1255 01:09:23,439 --> 01:09:28,319 this identity journey is how open is the organization from a 1256 01:09:28,319 --> 01:09:31,439 cultural perspective to changing things, right? 1257 01:09:31,439 --> 01:09:33,920 Do we have to fit everything into the way it's being done 1258 01:09:33,920 --> 01:09:37,640 today, or is there an openness to think of new ways to do it? 1259 01:09:37,640 --> 01:09:40,760 And that's really what we spend a lot of time doing with clients 1260 01:09:40,760 --> 01:09:43,520 is trying to get them thinking about different ways to 1261 01:09:43,520 --> 01:09:46,319 accomplish the goal. Don't tell me how to do 1262 01:09:46,319 --> 01:09:48,720 something, tell me what needs to get done right. 1263 01:09:48,720 --> 01:09:50,439 And then we'll work through the best way to do that. 1264 01:09:51,560 --> 01:09:54,840 But you know there's I think there's a lot more openness 1265 01:09:55,720 --> 01:09:59,000 within the last two to three years to to change because you 1266 01:09:59,000 --> 01:10:02,280 can put together a reasonable business case for doesn't make 1267 01:10:02,280 --> 01:10:04,200 sense to do this as an on premise. 1268 01:10:04,400 --> 01:10:07,640 You know waterfall project where you're putting this a bunch of 1269 01:10:07,640 --> 01:10:12,360 servers in your data center and making people think a little bit 1270 01:10:12,360 --> 01:10:15,720 more about taking a different approach to solving the problem. 1271 01:10:16,920 --> 01:10:18,880 That's a good one, Jim. How about yourself? 1272 01:10:19,240 --> 01:10:20,720 You've got to have some I Am horror stories. 1273 01:10:21,360 --> 01:10:24,200 Yeah, I've got a few. But I'm going to tell one that's 1274 01:10:24,200 --> 01:10:28,720 a real doozy. And I'd much rather if you had 1275 01:10:28,720 --> 01:10:31,440 asked questions like tell us about one of your great 1276 01:10:31,680 --> 01:10:34,640 successes. But you learn way more from your 1277 01:10:34,640 --> 01:10:38,640 failures, right? So this one goes back to the 1278 01:10:38,640 --> 01:10:45,080 identity DS and I was a real hardcore spokesperson for, you 1279 01:10:45,080 --> 01:10:50,000 know, I learned about Fordraw, a client and I said that's the 1280 01:10:50,000 --> 01:10:52,080 wave of the future. We need to get on that. 1281 01:10:52,080 --> 01:10:54,720 And I think that was very good advice. 1282 01:10:54,720 --> 01:11:00,320 So we built A-Team, learned Open AM, learned Open IDM. 1283 01:11:01,120 --> 01:11:04,560 It took a long time. We finally found a client, 1284 01:11:04,680 --> 01:11:09,440 helped them build their strategy and then you know, they said, 1285 01:11:09,800 --> 01:11:12,440 you know, we trust you guys, we're going to bring you back 1286 01:11:12,440 --> 01:11:16,800 and build it out. The Open AM part was simple. 1287 01:11:17,080 --> 01:11:20,320 The thing was Open IDM and I think it was like version 1.2 or 1288 01:11:20,320 --> 01:11:23,400 something like that. You've heard it probably 1289 01:11:25,320 --> 01:11:29,080 described as a box of Legos and what can you build with a box of 1290 01:11:29,080 --> 01:11:31,880 Legos? Pretty much anything, right? 1291 01:11:32,840 --> 01:11:37,760 So we started like planning the project and I was very involved, 1292 01:11:37,760 --> 01:11:40,560 right? I was the practice lead for our 1293 01:11:40,560 --> 01:11:45,400 Ford Rock team, but things were picking up like business was 1294 01:11:45,400 --> 01:11:48,760 picking up in other areas. So I had to go and focus on some 1295 01:11:48,760 --> 01:11:52,040 other things. So I left the team with this one 1296 01:11:52,040 --> 01:11:55,960 piece of advice which was don't integrate that application. 1297 01:11:55,960 --> 01:11:58,960 We have to integrate like 3 applications, but it ain't going 1298 01:11:58,960 --> 01:12:01,600 to be that one. And the reason I said that was I 1299 01:12:01,600 --> 01:12:04,320 looked at it and was like that's one of those applications they 1300 01:12:04,320 --> 01:12:07,000 built 10 years ago. And they've been building out 1301 01:12:07,000 --> 01:12:10,720 like every feature and functionality for their identity 1302 01:12:10,720 --> 01:12:14,280 management like you know, edge use cases ever since. 1303 01:12:14,680 --> 01:12:18,000 And if it took them ten years to build, it's going to take us 10 1304 01:12:18,000 --> 01:12:20,320 years to build. I don't, I mean Open IDM is a 1305 01:12:20,320 --> 01:12:23,320 great tool and everything but we're they're going to want 1306 01:12:23,320 --> 01:12:26,080 every feature. So I said that thing needs to be 1307 01:12:26,480 --> 01:12:30,640 re engineered. So I went off and got involved 1308 01:12:30,640 --> 01:12:33,800 with my other projects and then you know started hearing some 1309 01:12:33,800 --> 01:12:36,880 grumblings like it's not going so great project's not going so 1310 01:12:36,880 --> 01:12:39,200 great. I come back and find that our 1311 01:12:39,200 --> 01:12:46,160 team had basically rebuilt that application in Open IDM and it 1312 01:12:46,160 --> 01:12:50,400 was, you know, what I I realized was we could work on this thing 1313 01:12:50,400 --> 01:12:52,680 for another three months, six months year. 1314 01:12:53,040 --> 01:12:58,920 It's still not going to work. So we had to go back to the 1315 01:12:58,920 --> 01:13:02,920 client and talk about like, you know, we can't integrate this 1316 01:13:02,920 --> 01:13:05,080 application. It's going to have to be a 1317 01:13:05,080 --> 01:13:08,960 different application and we had to wind up integrating that 1318 01:13:08,960 --> 01:13:13,040 other application at no cost. The client still wasn't happy 1319 01:13:13,040 --> 01:13:16,200 because it blew their timeline and they didn't get the 1320 01:13:16,200 --> 01:13:18,040 application that they really wanted. 1321 01:13:18,400 --> 01:13:22,160 The learning from my perspective, was don't walk away 1322 01:13:22,160 --> 01:13:26,720 like that again, you know, like I knew that thing could not be 1323 01:13:26,720 --> 01:13:32,160 rebuilt in our project and if I stayed on, I would have said no, 1324 01:13:32,160 --> 01:13:35,720 no, no, I would have pounded my fists, fists on the table before 1325 01:13:35,720 --> 01:13:40,000 I would have done that. But again, you learn from those 1326 01:13:40,000 --> 01:13:42,560 things, so that's the best thing you can get from your failures 1327 01:13:42,560 --> 01:13:46,480 is a good lesson, a life lesson that you won't forget. 1328 01:13:47,760 --> 01:13:48,840 Those ones are pretty good stories. 1329 01:13:49,240 --> 01:13:52,200 I'll keep mine short and sweet and I'll focus mine more on the 1330 01:13:52,200 --> 01:13:56,400 operational side of things. We we all know our good friend 1331 01:13:56,400 --> 01:13:58,680 Wayne Sissel. He's the reason I got into 1332 01:13:58,680 --> 01:14:02,200 consulting in the 1st place Back in the day. 1333 01:14:02,200 --> 01:14:06,320 I was a customer of of Wayne's Curry on at Walgreens and so 1334 01:14:06,320 --> 01:14:07,960 forth. And we're going through the 1335 01:14:07,960 --> 01:14:09,720 process of rolling out Curry on IGA. 1336 01:14:10,080 --> 01:14:12,760 And I remember very distinctly we were in a conference room, we 1337 01:14:12,760 --> 01:14:15,520 were in Lincolnshire, IL. So if you're listening from 1338 01:14:15,520 --> 01:14:17,120 Walgreens, that's how far back this goes. 1339 01:14:17,600 --> 01:14:20,280 And we were sitting in a conference room, we were talking 1340 01:14:20,280 --> 01:14:23,920 about orphaned accounts and we had built this home grown 1341 01:14:24,040 --> 01:14:29,400 authentication system and directory and everybody in the 1342 01:14:29,600 --> 01:14:31,800 in the company had at least one account in there. 1343 01:14:31,800 --> 01:14:35,720 It was how all the stores so like 250,000 people had accounts 1344 01:14:36,280 --> 01:14:39,800 and we were in the process of doing mapping of those accounts 1345 01:14:39,800 --> 01:14:41,360 to say, OK, who do these accounts belong to? 1346 01:14:42,000 --> 01:14:45,160 And I walked in the room and I remember Wayne seemed kind of 1347 01:14:45,160 --> 01:14:49,080 nervous and he was like, all right, we've, you know, we've, 1348 01:14:49,080 --> 01:14:51,320 we've done some account mapping. And I was like, all right, cool, 1349 01:14:51,720 --> 01:14:54,080 you know, where are we at? And he's like, he's like, I hate 1350 01:14:54,080 --> 01:14:55,640 to tell you. And he always, he always say it 1351 01:14:55,640 --> 01:15:01,160 was like, you know, super nice music, but there's 90,000 1352 01:15:01,160 --> 01:15:05,320 accounts that we can't map. And I was like, oh, that's not 1353 01:15:05,320 --> 01:15:08,840 too bad, 'cause I was expecting like more than that. 1354 01:15:08,840 --> 01:15:10,880 And he, I just remember him having like shocked face, 1355 01:15:10,880 --> 01:15:14,280 shocked Pikachu face like it's 90,000 accounts. 1356 01:15:14,280 --> 01:15:17,040 Like, yeah, there's no guardrails in this application. 1357 01:15:17,040 --> 01:15:19,040 You can name your account whenever you want. 1358 01:15:19,040 --> 01:15:20,760 And there were plenty of people who took advantage of that at 1359 01:15:20,760 --> 01:15:24,400 the store level with not safe for work names, all kinds of 1360 01:15:24,400 --> 01:15:28,240 stuff. But that idea of 90,000 orphan 1361 01:15:28,240 --> 01:15:32,480 accounts and you know, really put my hands there, right? 1362 01:15:32,480 --> 01:15:35,000 There needs to be better structure around how accounts 1363 01:15:35,000 --> 01:15:37,240 are built and lesson learned, right? 1364 01:15:37,240 --> 01:15:41,160 Putting in rules of the road, you know, safeguards to prove to 1365 01:15:41,160 --> 01:15:44,160 prevent that, the importance of having an employee ID number 1366 01:15:44,400 --> 01:15:47,400 associated with accounts, right. All those little tips and tricks 1367 01:15:47,400 --> 01:15:49,520 to kind of make your IGA platform hum. 1368 01:15:49,920 --> 01:15:52,320 But I'll never forget, you know, Wayne's face and it's like, oh, 1369 01:15:52,320 --> 01:15:54,160 it's 90,000 And she's like, oh, that's not too bad. 1370 01:15:54,160 --> 01:15:56,680 It's like, all right, like, that's just a drop in the 1371 01:15:56,680 --> 01:15:58,040 bucket. We already have like several 1372 01:15:58,040 --> 01:16:01,080 million accounts that we're managing, you know, 90,000. 1373 01:16:01,360 --> 01:16:04,600 That's like a Sunday. You'll get that done your week, 1374 01:16:04,600 --> 01:16:08,920 Wayne. Yeah, so the Horror Story was 1375 01:16:08,920 --> 01:16:09,440 for Wayne. Not. 1376 01:16:09,480 --> 01:16:11,200 It was probably. More for Wayne at that point. 1377 01:16:11,200 --> 01:16:14,720 But the fact that we had 90,000 orphans in one in one system out 1378 01:16:14,720 --> 01:16:17,600 of like dozens that we're integrating, I'm sure probably 1379 01:16:17,600 --> 01:16:18,960 caused some heartburn in the Korean side. 1380 01:16:20,640 --> 01:16:23,720 All right, we've gone real long. So we'll wrap things up with a 1381 01:16:23,720 --> 01:16:25,600 very quick question. We always like to end in a 1382 01:16:25,600 --> 01:16:28,520 lighter note. Chad, what's the most unusual 1383 01:16:28,520 --> 01:16:34,400 job you've ever had? So I think probably the most 1384 01:16:34,400 --> 01:16:36,960 unusual that most people wouldn't have experience with 1385 01:16:38,160 --> 01:16:40,200 right out of college. I'm a mechanical engineer by a 1386 01:16:40,200 --> 01:16:42,760 degree, right out of college. I started working for a company 1387 01:16:42,760 --> 01:16:47,680 in Cincinnati, OH, and I was able to design and build robots. 1388 01:16:48,440 --> 01:16:50,680 They're all powered by AI, and they're going to come back to 1389 01:16:50,680 --> 01:16:54,960 kill us now. But no, I my I worked for a 1390 01:16:54,960 --> 01:16:58,680 company that made projection television lenses and I was 1391 01:16:58,680 --> 01:17:04,280 responsible for building a lot of the security really around 1392 01:17:04,680 --> 01:17:07,600 our robotic class manufacturing lines. 1393 01:17:08,200 --> 01:17:11,720 So big automated plants like you talked about before. 1394 01:17:11,760 --> 01:17:16,320 We, you know, have one person managing a line of robots of 1395 01:17:16,320 --> 01:17:20,160 these ten machines that would pick up a glass blank and Polish 1396 01:17:20,160 --> 01:17:25,240 it through a number of stages at lightning speed and having to 1397 01:17:25,240 --> 01:17:28,640 build a lot of the controls and the security around that to make 1398 01:17:28,640 --> 01:17:31,200 sure that if someone walked anywhere near the robots 1399 01:17:31,200 --> 01:17:34,840 envelope they weren't going to get beaten up by that robot. 1400 01:17:35,920 --> 01:17:38,440 So it was very cool. It was from a mechanical 1401 01:17:38,440 --> 01:17:41,600 engineering perspective, was a lot of fun, but it's definitely 1402 01:17:42,240 --> 01:17:44,560 this was back in, you know, the mid 90s. 1403 01:17:44,560 --> 01:17:46,440 Not too many people were dealing with robots then. 1404 01:17:47,200 --> 01:17:49,600 That is pretty cool. That's definitely unique, Jim. 1405 01:17:49,600 --> 01:17:51,800 How about yourself? What's an unusual job that 1406 01:17:51,800 --> 01:17:54,520 you've had? And that's impressive is that 1407 01:17:54,520 --> 01:17:56,200 one. But also mid 90s. 1408 01:17:56,640 --> 01:18:01,800 I worked at an arcade in the mall and what was really cool 1409 01:18:01,800 --> 01:18:05,760 and unusual about it was I had to take public transportation to 1410 01:18:05,760 --> 01:18:08,680 get there. And it was like 1/2 hour 45 1411 01:18:08,680 --> 01:18:12,120 minute bus ride and I would take the bus home and it'd be like 1412 01:18:12,120 --> 01:18:16,280 11/11/30 at night. I lived in Philadelphia so 1413 01:18:16,360 --> 01:18:19,360 public transportation could get you just about anywhere. 1414 01:18:20,040 --> 01:18:24,520 But with the maintenance guys and oh man, some of the stories, 1415 01:18:24,520 --> 01:18:29,360 this guy's hotel and just like horsing around on the on the bus 1416 01:18:29,360 --> 01:18:32,160 and everything, like, yeah, that was pretty cool. 1417 01:18:33,160 --> 01:18:35,520 So that was an educational trip as well then, I'm sure. 1418 01:18:35,920 --> 01:18:39,280 Very, very educational. Let's see. 1419 01:18:39,280 --> 01:18:41,520 People are probably familiar with my long history in 1420 01:18:41,520 --> 01:18:44,880 restaurants, but that's not the strangest or I guess unusual job 1421 01:18:44,880 --> 01:18:48,200 I actually was. I don't know what my position 1422 01:18:48,200 --> 01:18:51,120 was but like, bank teller, I guess. 1423 01:18:51,760 --> 01:18:55,560 But really what that meant. And I I this was, this came 1424 01:18:55,560 --> 01:18:56,800 actually from a customer of mine. 1425 01:18:56,880 --> 01:19:00,240 I was serving tables and somebody from TCF Bank in 1426 01:19:00,240 --> 01:19:01,520 Chicago. I I guess I waited. 1427 01:19:01,520 --> 01:19:03,200 I'm going to impress him and say, hey, give me his card. 1428 01:19:03,200 --> 01:19:04,880 And he said, hey, I'd love to have you work for us. 1429 01:19:05,320 --> 01:19:07,240 You know, give me a call. And I did. 1430 01:19:07,240 --> 01:19:09,160 And I was like, all right, will you see what else you got? 1431 01:19:09,720 --> 01:19:11,640 And I was like, you know, what do you want to do? 1432 01:19:11,640 --> 01:19:13,600 I was like, oh, you know, like like working with people or 1433 01:19:13,600 --> 01:19:15,520 stuff like that. I was like, all right, so I go, 1434 01:19:15,720 --> 01:19:19,520 I get the job and go through training or whatever and I show 1435 01:19:19,520 --> 01:19:22,080 up and I'm assigned to a Cub Foods. 1436 01:19:22,640 --> 01:19:24,680 And so if you're familiar with Cub Foods, it's like a grocery 1437 01:19:24,680 --> 01:19:26,960 chain, kind of like I don't know where it is now, but kind of 1438 01:19:26,960 --> 01:19:29,320 Midwest, maybe upper Midwest, that kind of thing. 1439 01:19:29,320 --> 01:19:33,720 Illinois at the time. And my job was to stand outside 1440 01:19:33,720 --> 01:19:36,640 of the Cub Foods trying to get people to open checking and 1441 01:19:36,640 --> 01:19:38,680 savings account and hang them Flyers. 1442 01:19:39,200 --> 01:19:43,640 And I was. I lasted 3 hours, went to lunch, 1443 01:19:43,920 --> 01:19:47,200 never came back. Called on the way, you know, on 1444 01:19:47,200 --> 01:19:49,400 my car on the way back. I was like, this job isn't for 1445 01:19:49,400 --> 01:19:50,680 me. Sorry, I quit. 1446 01:19:50,680 --> 01:19:52,760 That's the only job I've ever quit with. 1447 01:19:52,760 --> 01:19:55,360 Like, you know, no notice, didn't do anything. 1448 01:19:55,360 --> 01:19:57,520 But it was not what was advertised to be. 1449 01:19:57,800 --> 01:20:00,360 I was basically handing out Flyers outside of a Cub Foods. 1450 01:20:00,920 --> 01:20:04,320 You're working with people. Who didn't? 1451 01:20:04,600 --> 01:20:10,280 Want anything to do with me? So yeah, that was not my most 1452 01:20:10,280 --> 01:20:12,480 favorite job, but you know, things work out for a reason. 1453 01:20:12,600 --> 01:20:14,680 All right, let's go ahead and leave it there for this week. 1454 01:20:15,240 --> 01:20:18,320 Hopefully that gave people some insight into RSM and the the 1455 01:20:18,320 --> 01:20:20,400 digital identity practice that we've been building here. 1456 01:20:20,400 --> 01:20:22,920 And people come out, we'll be at Identiverse. 1457 01:20:23,640 --> 01:20:26,000 A bunch of us, pretty much all of us will be there. 1458 01:20:26,360 --> 01:20:28,360 So you get to meet the rock star team that we've built here. 1459 01:20:28,680 --> 01:20:34,600 And yeah, so rsmus.com. And what else should we should 1460 01:20:34,600 --> 01:20:35,800 we plug? Maybe ourselves? 1461 01:20:35,800 --> 01:20:42,440 IDC podcast.com our Twitter at IDC podcasts Our Mastodon IDC 1462 01:20:42,440 --> 01:20:45,320 Podcast at infosec dot exchange I know Jim, you're all about the 1463 01:20:45,320 --> 01:20:47,800 YouTube channel. See There's happy. 1464 01:20:47,840 --> 01:20:48,760 I was like there there. We are. 1465 01:20:48,760 --> 01:20:50,680 I'm happy now. Look us up on YouTube. 1466 01:20:50,680 --> 01:20:53,080 We're starting to put more of our episodes in a video format 1467 01:20:53,520 --> 01:20:56,000 and stuff like that. But yeah, and hire us, right? 1468 01:20:56,000 --> 01:20:59,680 I mean, Jim, Chad, myself. We're happy to talk identity, 1469 01:20:59,680 --> 01:21:01,920 but love to work with folks who are listening out there. 1470 01:21:01,920 --> 01:21:04,720 Call us if you got any issues or concerns that you think we can 1471 01:21:04,720 --> 01:21:07,000 help with and we'd be happy to hop on a call. 1472 01:21:07,040 --> 01:21:10,800 So more meetings for Chad because I know he loves them so 1473 01:21:10,800 --> 01:21:12,680 much. I do and thanks for having me 1474 01:21:12,680 --> 01:21:13,520 guys. I appreciate it. 1475 01:21:13,960 --> 01:21:15,160 Yeah. Thanks, Chad. 1476 01:21:15,480 --> 01:21:18,240 That's it for this week. Thanks everybody for listening 1477 01:21:18,240 --> 01:21:20,520 and or watching and we'll talk with you all in the next one. 1478 01:21:22,920 --> 01:21:25,880 You've been listening to Identity at the center. 1479 01:21:26,200 --> 01:21:30,320 We hope you've enjoyed the show. Make sure to like, rate and 1480 01:21:30,320 --> 01:21:33,920 review and we'll be back soon. But in the meantime, hit the 1481 01:21:33,920 --> 01:21:37,360 website at identity@thecenter.com. 1482 01:21:37,960 --> 01:21:42,080 See you next time on Identity at the center.