1 00:00:09,700 --> 00:00:13,100 You're listening to the identity of the center podcast, this is 2 00:00:13,100 --> 00:00:15,600 the show that talks about identity and access management 3 00:00:15,700 --> 00:00:18,600 and making sure you know who has access to what let's get 4 00:00:18,600 --> 00:00:28,200 started. Welcome to the identity of the 5 00:00:28,200 --> 00:00:30,300 center podcast. I'm Jeff been that's Jim. 6 00:00:30,300 --> 00:00:34,200 Hey Jim hey Jeff, how are you? Oh not so bad yourself. 7 00:00:34,500 --> 00:00:35,300 I'm good. I'm good. 8 00:00:35,300 --> 00:00:39,000 I'm not going to complain about the heat wave I live in Georgia 9 00:00:39,000 --> 00:00:43,100 and it's hot for like four months straight. 10 00:00:43,100 --> 00:00:46,400 So to me I know a lot of the folks I'm talking to you from 11 00:00:46,400 --> 00:00:50,700 around the country are like oh my God, it's so hot but to me 12 00:00:50,700 --> 00:00:52,600 it's like it's just another day of hot. 13 00:00:54,200 --> 00:00:56,500 It's I'm in. Now, the mountains of Western 14 00:00:56,500 --> 00:00:58,800 North Carolina, it's not quite as hot which is kind of nice 15 00:00:58,800 --> 00:01:03,000 still, humid, but surviving. I think, yeah, the heat wave has 16 00:01:03,000 --> 00:01:05,099 been like all over the world. Basically, you know, like 17 00:01:05,400 --> 00:01:07,700 England head if shoes. I think it was last week or 18 00:01:07,708 --> 00:01:10,300 maybe was earlier this week. I don't times flying at this 19 00:01:10,300 --> 00:01:11,800 point. Yeah, right. 20 00:01:12,700 --> 00:01:15,900 Yeah, the big thing I've been working on this week, is kind of 21 00:01:15,900 --> 00:01:20,400 coming up with a conference plan for the group that I'm in. 22 00:01:20,800 --> 00:01:25,800 And really, you know, No, obviously you've got the 23 00:01:26,700 --> 00:01:30,300 opportunities, like Business Development opportunities that 24 00:01:30,300 --> 00:01:32,800 come from conferences than top of that. 25 00:01:33,700 --> 00:01:37,000 Of course there's the training aspect, you know, go there and 26 00:01:37,000 --> 00:01:41,400 receive training and I think the third thing that doesn't get 27 00:01:41,400 --> 00:01:46,300 enough attention is that it's really like a reward, almost 28 00:01:46,300 --> 00:01:50,300 like a retention kind of aspect to conferences. 29 00:01:50,300 --> 00:01:54,200 Like if you bring folks to conferences or Let folks go to 30 00:01:54,200 --> 00:01:57,500 conferences, they see it. As, you know, they're being 31 00:01:57,500 --> 00:02:00,600 rewarded or they're being recognized as somebody who's 32 00:02:00,900 --> 00:02:03,400 worthy of being invested in. What do you think? 33 00:02:04,800 --> 00:02:07,300 I think, I feel like we talked about this, a few weeks back. 34 00:02:07,800 --> 00:02:09,199 Generally, I want to agree with you. 35 00:02:09,199 --> 00:02:11,100 There are some people who don't like going to conferences and 36 00:02:11,100 --> 00:02:15,100 might see it as a punishment. So I could see it as a two-sided 37 00:02:15,100 --> 00:02:17,500 coin. I think it just depends on the 38 00:02:17,500 --> 00:02:19,300 individual. And you know, why are you going 39 00:02:19,300 --> 00:02:23,200 there? I think my attendance at Fences 40 00:02:23,200 --> 00:02:26,700 has changed over the years, it used to be for learning now it's 41 00:02:26,700 --> 00:02:29,000 less. So, it's more networking and, 42 00:02:29,000 --> 00:02:31,800 you know, business development and sort of things like that. 43 00:02:32,500 --> 00:02:35,000 I kind of wish it was, you know, more Focus sometimes on the 44 00:02:35,008 --> 00:02:36,800 learning side. But you get so busy at these 45 00:02:36,800 --> 00:02:39,500 conferences, going from one meeting to a next to another 46 00:02:40,000 --> 00:02:42,900 that there's I'm always personally finding less and less 47 00:02:42,900 --> 00:02:45,600 time to actually kind of sit down and actually listen and 48 00:02:45,600 --> 00:02:47,800 enjoy the content live. I don't have to catch it after 49 00:02:47,800 --> 00:02:51,700 the fact. So I mean during the pandemic we 50 00:02:51,700 --> 00:02:56,300 were attending conferences. Virtually I I did that myself. 51 00:02:56,400 --> 00:03:01,000 You know what I found was, a lot of times I couldn't stay focused 52 00:03:01,000 --> 00:03:02,600 on the conference the entire day. 53 00:03:02,600 --> 00:03:06,700 So you know, especially knowing that sessions would be available 54 00:03:06,700 --> 00:03:10,900 for later viewing. I felt like the training and 55 00:03:10,900 --> 00:03:14,900 learning side of it was enhanced because you can really focus on 56 00:03:14,900 --> 00:03:19,600 it but that everything else was not nearly as good. 57 00:03:20,700 --> 00:03:23,200 Yeah, that's for sure. I mean the hallway conversations 58 00:03:23,200 --> 00:03:27,600 just, you know, seeing people and faces and voices that you 59 00:03:27,600 --> 00:03:30,700 recognize that that whole stuff. Definitely spare time, it's 60 00:03:30,700 --> 00:03:32,600 back. I was at RSA earlier this year 61 00:03:34,200 --> 00:03:37,200 miss the Denver's because it was moving and then we're gonna be 62 00:03:37,200 --> 00:03:40,000 at Gartner in a few weeks. So I'm looking forward to that 63 00:03:40,000 --> 00:03:46,000 as well but it's back man would just sort of like this is we're 64 00:03:46,000 --> 00:03:48,500 just going to move forward now unless something happens this 65 00:03:48,500 --> 00:03:51,400 kind of move things backwards but I don't see that happening. 66 00:03:51,900 --> 00:03:54,300 No, I don't think so. Yeah. 67 00:03:54,300 --> 00:03:57,100 So as you mentioned, we're heading out to the Gartner 68 00:03:57,100 --> 00:04:01,400 conference and hoping to up our podcast game, a little bit. 69 00:04:02,500 --> 00:04:05,700 What are your thoughts are? I think, yes. 70 00:04:05,700 --> 00:04:08,800 Upping, the game will be a challenge as usual, but we're 71 00:04:08,800 --> 00:04:11,100 starting from zero. So anything is an improvement. 72 00:04:12,600 --> 00:04:14,700 We are actually still looking for a place to record. 73 00:04:14,700 --> 00:04:17,100 While we're out there, we actually tried to go the Gartner 74 00:04:17,100 --> 00:04:20,200 route, and that was not successful in finding a spot 75 00:04:20,200 --> 00:04:23,500 that we could set up camp at. So if there's any friends of the 76 00:04:23,500 --> 00:04:26,400 show out there that have like a breakout room or something 77 00:04:26,400 --> 00:04:29,500 that's convenient within the conference based in Las Vegas, 78 00:04:29,900 --> 00:04:31,800 Reach Out. We'd love to figure out how we, 79 00:04:31,800 --> 00:04:34,600 maybe we could share some of that space with you at least for 80 00:04:34,700 --> 00:04:37,900 Time because we are definitely looking to do some podcasting 81 00:04:37,900 --> 00:04:40,700 and get some guests. And maybe even hopefully, if we 82 00:04:40,700 --> 00:04:43,200 can get enough people, you know, one, two or three, people that 83 00:04:43,200 --> 00:04:46,100 want to watch how the sausage is made so to speak, that's 84 00:04:46,100 --> 00:04:48,900 certainly an option as well. But as of right now, I feel like 85 00:04:48,900 --> 00:04:50,500 it's going to be you and me holding these little 86 00:04:50,500 --> 00:04:52,800 microphones. And a costing people in 87 00:04:52,800 --> 00:04:55,400 hallways, are trying to find like little cubby holes that we 88 00:04:55,400 --> 00:04:58,100 can do things in, I guess we could try to look for like a 89 00:04:58,108 --> 00:05:01,400 sweet or something like that at Caesars but that's nowhere near 90 00:05:01,400 --> 00:05:03,100 as convenience. That's kind of like a fallback 91 00:05:03,100 --> 00:05:05,700 plan right now. So hey Hey, we'd like a show. 92 00:05:05,900 --> 00:05:09,500 We want you to walk half an hour across this casino up into this 93 00:05:09,500 --> 00:05:12,100 sweet and then, you know, spend an hour there or 45 minutes, or 94 00:05:12,100 --> 00:05:14,800 15 minutes, whatever it is, and then walk another half hour back 95 00:05:14,800 --> 00:05:17,100 to work back to the show. It's just not the same. 96 00:05:17,100 --> 00:05:21,800 So, blending options and then again, we can't really record at 97 00:05:21,800 --> 00:05:25,300 the roulette table or Starbucks or anything like that. 98 00:05:26,000 --> 00:05:29,000 Yeah, there's some rules about recording and public spaces, and 99 00:05:29,200 --> 00:05:31,400 things like that. I wasn't even thinking about 100 00:05:31,400 --> 00:05:33,000 that. I just remember thinking about 101 00:05:33,000 --> 00:05:35,600 your thinking, always annoys you Oh, trust me. 102 00:05:35,600 --> 00:05:37,500 I was thinking about it too. But yeah, so if you're if you're 103 00:05:37,508 --> 00:05:39,800 a friend of the show or not even a friend of the show but you 104 00:05:39,800 --> 00:05:42,700 have a lead on some some breakout space that might be in 105 00:05:42,700 --> 00:05:46,000 the conference area or even something similar, you know, 106 00:05:46,000 --> 00:05:49,600 reach out to us on LinkedIn, would be happy to discuss and 107 00:05:49,600 --> 00:05:52,500 figure out if there's an option here that we can do something 108 00:05:52,500 --> 00:05:54,500 together to make event to take advantage of it. 109 00:05:54,700 --> 00:05:59,000 Yeah, that's Gartner. I think we're also looking at 110 00:05:59,000 --> 00:06:02,500 Octane coming up in the future which is a November. 111 00:06:02,500 --> 00:06:06,000 So yeah, we're sort of Of getting our our conference 112 00:06:06,000 --> 00:06:09,900 circuit, you know, back on the back on track, after a couple of 113 00:06:09,900 --> 00:06:12,700 years here of Hiatus. Yeah, never actually been to 114 00:06:12,700 --> 00:06:15,200 Octane. I think it was supposed to go to 115 00:06:15,200 --> 00:06:18,500 it. The first year of the pandemic, 116 00:06:18,500 --> 00:06:22,300 so, obviously that didn't happen, but it should be a 117 00:06:22,300 --> 00:06:26,200 fantastic conference. And again, you know, hopefully, 118 00:06:26,200 --> 00:06:30,200 we can set new records in terms of, you know, putting the 119 00:06:30,200 --> 00:06:34,500 podcasts out with a great frequency, maybe five. 120 00:06:34,700 --> 00:06:39,300 Six episodes in a week and I'm just putting in some crazy ideas 121 00:06:39,300 --> 00:06:41,700 on my plate. It's basically work on your 122 00:06:41,700 --> 00:06:45,100 plate, but hey, the scheduling side is now so easy. 123 00:06:45,800 --> 00:06:47,700 Yeah, that's true. Especially I don't know if 124 00:06:47,700 --> 00:06:51,900 you've seen your calendar early lately but it's a disaster. 125 00:06:52,800 --> 00:06:54,900 Well, everybody knows, right. Just just because you're 126 00:06:54,900 --> 00:06:57,200 traveling or you're taking time off or whatever. 127 00:06:57,200 --> 00:06:59,100 It may be, the work doesn't disappear. 128 00:06:59,100 --> 00:07:02,400 It just shifts from one area of your calendar to another. 129 00:07:02,900 --> 00:07:05,600 So yeah, my calendar was crazy earlier this week. 130 00:07:05,600 --> 00:07:07,200 It's today's been a little bit lighter. 131 00:07:07,200 --> 00:07:08,900 So it would kind of be able to catch up on some things. 132 00:07:08,900 --> 00:07:13,300 But yeah, availability is always a challenge in this crazy world, 133 00:07:13,400 --> 00:07:17,100 but why don't we get to our topic? 134 00:07:17,100 --> 00:07:21,100 Because I actually kind of interested in several of the 135 00:07:21,100 --> 00:07:22,100 things we're going to talk about today. 136 00:07:22,100 --> 00:07:26,200 So actually, this entire show is basically formed her on one, 137 00:07:26,200 --> 00:07:31,600 tweet from an individual named Chris power who tweeted us few 138 00:07:31,600 --> 00:07:34,500 days back with a bunch of topic suggestions. 139 00:07:34,600 --> 00:07:37,900 We're kind of going to go through somewhat of a surgery as 140 00:07:37,900 --> 00:07:40,100 you kind of put it as your kind of preparing here for the show 141 00:07:40,500 --> 00:07:43,200 to kind of dissect. At least what we think some of 142 00:07:43,200 --> 00:07:46,200 the questions were that he tweeted out or she I mean I 143 00:07:46,200 --> 00:07:48,700 guess I'm not sure no, it's okay. 144 00:07:49,300 --> 00:07:55,600 Is it okay what we think the intent is behind the question 145 00:07:55,600 --> 00:07:59,700 kind of work through that. So yeah, Chris Hildebrand sweet 146 00:08:00,000 --> 00:08:04,900 and Chris the defense Twitter limits us to 140 characters And 147 00:08:04,900 --> 00:08:09,800 he wanted to ask like ten questions in one tweet and so, 148 00:08:10,600 --> 00:08:13,200 yeah, he's just better, Twitter's money's worth for sure 149 00:08:13,200 --> 00:08:15,300 on this tweet. I think we it is like six or 150 00:08:15,300 --> 00:08:18,300 seven questions in here that will try to address, but why we 151 00:08:18,300 --> 00:08:20,900 just dive right into it. So Chris if you're listening, 152 00:08:20,900 --> 00:08:23,000 this one's for you. Hopefully others get value out 153 00:08:23,000 --> 00:08:25,600 of it too. If you do have questions, 154 00:08:25,600 --> 00:08:28,100 definitely tweet about us. We will try to build build an 155 00:08:28,100 --> 00:08:30,200 episode around it or weed them into other episodes that were 156 00:08:30,207 --> 00:08:34,100 working through but here we go. Alright, so topic suggestions 157 00:08:34,600 --> 00:08:39,100 Extracts management more or less job roles, how to build admin 158 00:08:39,100 --> 00:08:43,700 intelligence or IAI managing audit expectations, provisioning 159 00:08:43,700 --> 00:08:47,300 outside of sale point in parentheses, third-party apps, 160 00:08:47,600 --> 00:08:50,500 validating extracts, and you say she's got more if wanted. 161 00:08:50,600 --> 00:08:51,700 All right. Well, let's start with the first 162 00:08:51,700 --> 00:08:54,000 one. Let's talk through manual. 163 00:08:54,000 --> 00:08:56,500 Extracts Management's. First of all, what do you think 164 00:08:56,500 --> 00:08:59,000 he's referring to with that statement? 165 00:08:59,300 --> 00:09:04,400 Well, just judging on the Tweeter overall I think. 166 00:09:04,500 --> 00:09:07,800 This might be a set point user. Right? 167 00:09:07,800 --> 00:09:12,400 And so guessing I'm guessing. Yeah, so I'm kind of thinking of 168 00:09:12,400 --> 00:09:15,800 it from a sales Point architecture perspective, 169 00:09:15,800 --> 00:09:19,500 there's multiple ways to integrate with applications, and 170 00:09:19,500 --> 00:09:22,800 one way is kind of the quote-unquote, disconnected 171 00:09:22,800 --> 00:09:25,800 application. And so in that disconnected 172 00:09:25,800 --> 00:09:32,500 application, you could work simply with like file feeds to, 173 00:09:32,700 --> 00:09:37,800 you know, or file extract. To take them into cell point and 174 00:09:37,900 --> 00:09:43,000 build, you know, the data for the access catalog or for an 175 00:09:43,000 --> 00:09:48,200 access recertification. So, you know, I've always 176 00:09:48,300 --> 00:09:51,900 referred to this as the least common denominator integration. 177 00:09:51,900 --> 00:09:56,000 So, in other words, just like there's no reason you can't 178 00:09:56,000 --> 00:09:59,900 integrate into cell point from your application, even if it's 179 00:09:59,900 --> 00:10:05,100 like, the legacy of the Legacy, you should be able to Sport a 180 00:10:05,100 --> 00:10:09,200 flat file comment. Eliminator tabbed Eliminator or 181 00:10:09,200 --> 00:10:14,200 what have you and so what I think Chris is getting at here 182 00:10:14,200 --> 00:10:18,400 is like, how do you put a whole framework or process around 183 00:10:18,400 --> 00:10:21,000 that? And to me it kind of starts off 184 00:10:21,000 --> 00:10:25,100 with kind of trying to put some rules to the road in terms of 185 00:10:25,200 --> 00:10:28,600 what the format of that file should be when it should be 186 00:10:28,600 --> 00:10:33,300 uploaded, where should be uploaded things like that. 187 00:10:33,400 --> 00:10:37,800 Ideally Um there's not an opportunity for humans to touch 188 00:10:37,800 --> 00:10:42,000 the file so in other words the files being created on the 189 00:10:42,000 --> 00:10:44,300 system. So say we're talking about a 190 00:10:44,308 --> 00:10:49,100 Mainframe and as being, you know, somehow FTP or transfer to 191 00:10:49,100 --> 00:10:52,200 your file share. So, a lot of times what I've 192 00:10:52,200 --> 00:10:57,500 seen corporations do is they'll set up a SharePoint or OneDrive 193 00:10:57,700 --> 00:11:00,100 and have files put on that one drive. 194 00:11:00,100 --> 00:11:03,700 Now, typically what I've seen is that a human being like, pulls 195 00:11:03,700 --> 00:11:07,700 the file, And moves it but you know the more often you're doing 196 00:11:07,708 --> 00:11:11,900 that the more likely it is that you're going to create some 197 00:11:11,900 --> 00:11:15,800 automation around it. So I would say just keep that in 198 00:11:15,800 --> 00:11:19,200 your back pocket that if even if you're doing just quarterly at 199 00:11:19,200 --> 00:11:23,200 two stations or even annual attestations try to ramp up the 200 00:11:23,200 --> 00:11:29,100 frequency of that upload so that you start to drive the idea of 201 00:11:29,100 --> 00:11:31,900 automation of getting those files uploaded but a lot of 202 00:11:31,900 --> 00:11:33,900 times this is where you're starting to get into. 203 00:11:35,000 --> 00:11:38,000 The wild west of your it environment and you're just 204 00:11:38,000 --> 00:11:40,900 happy to have something. So again it's kind of like 205 00:11:40,900 --> 00:11:44,600 setting up the policy for what does that track should be like 206 00:11:44,600 --> 00:11:47,000 how they get uploaded things like that. 207 00:11:47,000 --> 00:11:51,100 And then I think the other thing that a lot of times what you 208 00:11:51,100 --> 00:11:54,700 need is like some kind of translation of the file, like, 209 00:11:54,800 --> 00:11:57,400 what is it, what are these columns that are in the file? 210 00:11:57,400 --> 00:12:00,000 What do they signify in the application? 211 00:12:00,200 --> 00:12:04,200 Because ultimately, you're going to design a campaign around the, 212 00:12:04,200 --> 00:12:06,900 the you Data that's that's in those files. 213 00:12:08,500 --> 00:12:10,700 Yeah, I like that analogy of the Wild West because I feel like 214 00:12:10,700 --> 00:12:13,500 it's is like the frontier. You're building an outpost, 215 00:12:13,600 --> 00:12:15,400 you're not sure what's going to come in the door. 216 00:12:15,800 --> 00:12:18,100 So I think your I agree with you. 217 00:12:18,100 --> 00:12:21,100 I think this is probably talking about those, those disconnected 218 00:12:21,100 --> 00:12:24,500 systems, so to speak that are not using like a formal 219 00:12:24,500 --> 00:12:26,900 connector right to like, read the data directly. 220 00:12:27,700 --> 00:12:29,800 I think part of the question that he also asked later is, 221 00:12:29,800 --> 00:12:33,000 that is like, validation of extracts, you talked about, you 222 00:12:33,000 --> 00:12:35,800 know what? What Asian of the file or file 223 00:12:35,800 --> 00:12:38,700 type is a coming in CSV some other version. 224 00:12:40,000 --> 00:12:43,600 What are the expected data attributes? 225 00:12:43,600 --> 00:12:45,700 And values? Is it Boolean? 226 00:12:45,700 --> 00:12:47,900 Is it a string? You know what, kind of string it 227 00:12:47,900 --> 00:12:49,300 may be like those sorts of things. 228 00:12:49,500 --> 00:12:52,900 I think this is where coordination with whoever is 229 00:12:52,900 --> 00:12:55,800 extracting that data, you're working with them to make sure 230 00:12:55,800 --> 00:12:58,800 that you're getting the data back in a, in a format, that is 231 00:12:59,500 --> 00:13:02,400 parsable. I think this is also an area 232 00:13:02,400 --> 00:13:05,700 where, yeah, I think his story Clearly, it would be done 233 00:13:05,700 --> 00:13:08,500 manually where someone will pick up the file from a SharePoint or 234 00:13:08,500 --> 00:13:12,000 OneDrive or any other file share and then run like an import 235 00:13:12,000 --> 00:13:15,300 into, for example, your IJ tool, let's call sale point in this 236 00:13:15,300 --> 00:13:18,500 case because I think that's what we're talking about here, I see 237 00:13:18,500 --> 00:13:21,400 more RPA. Now, robotic process Opera 238 00:13:21,500 --> 00:13:26,200 automation, taking up a lot of the stuff and doing some of that 239 00:13:26,300 --> 00:13:28,500 work for you. So there might be some 240 00:13:28,500 --> 00:13:32,500 opportunities to say, okay, well, you talked about like this 241 00:13:32,500 --> 00:13:35,400 integration pattern like the the lowest Common denominators, 242 00:13:35,400 --> 00:13:37,600 refer to was okay. Well, at least let's just get an 243 00:13:37,600 --> 00:13:42,400 extract of data so we can make our IG a platform at least aware 244 00:13:42,400 --> 00:13:43,900 of what's out there. Can't really do anything with 245 00:13:43,900 --> 00:13:45,400 it, but at least it's aware of it, right? 246 00:13:46,300 --> 00:13:50,200 And if you can leverage some sort of our PA to ingest that 247 00:13:50,200 --> 00:13:53,400 for you automatically, if you can't do it, you know, through 248 00:13:53,400 --> 00:13:58,300 the platform itself, then that might be sort of a another is 249 00:13:58,300 --> 00:14:02,500 there, a lower lower lower list, common denominator, to, to 250 00:14:02,500 --> 00:14:05,600 automate that. So that steps but I think that's 251 00:14:05,800 --> 00:14:08,300 you're really kind of looking again at that that Wild West. 252 00:14:08,300 --> 00:14:09,500 It's like you're not sure what's coming. 253 00:14:09,500 --> 00:14:12,600 If you're if that's all you have left from like an integration 254 00:14:12,600 --> 00:14:14,900 standpoint, you're probably doing pretty well like from a 255 00:14:14,900 --> 00:14:17,600 sales point perspective which is call it or any IGA perspective 256 00:14:17,900 --> 00:14:21,300 is if you're look if like you're down to just systems that there 257 00:14:21,300 --> 00:14:25,300 are not connectors for that's that's a problem that I think a 258 00:14:25,300 --> 00:14:28,600 lot of people would love to have because that means they probably 259 00:14:28,600 --> 00:14:31,200 moved pretty far down the maturity scale and gotten a lot 260 00:14:31,200 --> 00:14:33,400 of their, you know, bigger, maybe more well-known 261 00:14:33,400 --> 00:14:34,500 applications, that do have connections. 262 00:14:34,600 --> 00:14:38,200 Actors, you know, set up, I guess the alternative could be. 263 00:14:38,600 --> 00:14:41,300 You've got some sort of like, group that just for whatever 264 00:14:41,300 --> 00:14:43,800 reason, doesn't want to play ball, you know, be part of the I 265 00:14:43,800 --> 00:14:47,600 am program and be part of the, the, the, the IGA platform, 266 00:14:47,600 --> 00:14:49,200 whatever it looks like. It's probably more of a 267 00:14:49,200 --> 00:14:53,200 political battle, but that's kind of what I'm thinking from 268 00:14:53,200 --> 00:14:55,300 that perspective. Yeah. 269 00:14:55,300 --> 00:14:59,500 That that last point that you brought up is something in my 270 00:14:59,500 --> 00:15:03,800 experience of working with cell Point Architects, almost every 271 00:15:03,800 --> 00:15:07,400 time. I was in like you know advisory 272 00:15:07,400 --> 00:15:12,000 roles like we are not doing flat file Imports, there are such a 273 00:15:12,000 --> 00:15:15,000 pain in the butt and I think that's getting to the part of 274 00:15:15,000 --> 00:15:17,200 the question where Chris asked about validation. 275 00:15:17,200 --> 00:15:21,100 Like, imagine a comma-separated value where you have the 276 00:15:21,100 --> 00:15:25,200 person's name and it's comma, MD, or comma p h key or 277 00:15:25,200 --> 00:15:27,400 something like that. They'll like perk the file and 278 00:15:27,400 --> 00:15:30,800 now you have to figure out like what's causing the file to break 279 00:15:31,000 --> 00:15:34,500 and you're trying to imply automate this process what-if. 280 00:15:34,600 --> 00:15:37,300 You have 100 applications that are doing this and what if 281 00:15:37,300 --> 00:15:39,900 you're getting these extracts on a regular basis? 282 00:15:39,900 --> 00:15:43,300 Now I'm sure somebody sitting out there saying well then you 283 00:15:43,300 --> 00:15:47,700 know, through parentheses or not parentheses, but quotes around 284 00:15:47,700 --> 00:15:49,400 all the data or something like that. 285 00:15:49,400 --> 00:15:53,200 And I'm I'm sure somebody's got like a best practice. 286 00:15:53,200 --> 00:15:56,200 But if you can find a way to break it, somebody's out there, 287 00:15:56,200 --> 00:16:01,100 breaking it. I guess what I was also thinking 288 00:16:01,100 --> 00:16:06,300 is, you know, where these can be valuable Is on the big selling 289 00:16:06,300 --> 00:16:10,500 point of having an IGA system is building. 290 00:16:10,700 --> 00:16:15,700 Truly a Depot of one place to go to know who has access to what 291 00:16:16,100 --> 00:16:20,000 and that's, you know, when you use that statements like to who 292 00:16:20,000 --> 00:16:23,300 has access to what it means, everything like, what's all the 293 00:16:23,300 --> 00:16:25,700 access they have? If you're in a big Enterprise, 294 00:16:25,700 --> 00:16:30,200 with thousands of applications? That's a lot of applications, 295 00:16:30,400 --> 00:16:33,100 right? And so if you get one place to 296 00:16:33,100 --> 00:16:38,300 go to know who has Access to our top 125 applications. 297 00:16:38,600 --> 00:16:42,100 That's not really as compelling as well as access to all of our 298 00:16:42,100 --> 00:16:45,800 data writer. All of our data that is of some 299 00:16:45,800 --> 00:16:51,300 relevance and so there's got to be some velocity in terms of you 300 00:16:51,300 --> 00:16:54,400 know when you implement one of these systems getting all of 301 00:16:54,400 --> 00:16:59,300 your your applications integrated and so you know flat 302 00:16:59,300 --> 00:17:01,600 files while I don't like them either. 303 00:17:01,900 --> 00:17:04,500 To me it's better if you could you know. 304 00:17:04,800 --> 00:17:10,300 Just set up a connector to hit a relational database and pull the 305 00:17:10,300 --> 00:17:13,599 data from the database. Because I think that the point 306 00:17:13,599 --> 00:17:16,500 then is that you run into much fewer these errors. 307 00:17:17,099 --> 00:17:21,500 But if that's not available or to the point that you're making 308 00:17:21,500 --> 00:17:24,900 because this I've been seeing as long as I've been in I as 309 00:17:24,900 --> 00:17:27,800 actually, as long as I've been in it, there's some people who 310 00:17:27,800 --> 00:17:30,300 just don't want to play nice. They just don't want to be 311 00:17:30,600 --> 00:17:33,400 bothered by what you're doing, because their job is way too 312 00:17:33,400 --> 00:17:36,100 important. They can't have you screwing 313 00:17:36,100 --> 00:17:40,000 around with their system, but if you just need a file dumped on 314 00:17:40,000 --> 00:17:42,000 an FTP site, yeah, we can do that. 315 00:17:43,700 --> 00:17:47,400 Sometimes that file is sort of like the first step you might do 316 00:17:47,400 --> 00:17:51,600 that initially with the goal of eventually using a connector or 317 00:17:52,100 --> 00:17:54,900 maybe that maybe that system gets deprecated or is no longer 318 00:17:54,900 --> 00:17:59,200 strategic, the organization goes away but not the ideal way that 319 00:17:59,200 --> 00:18:03,400 I would look at the creation I think, you know, at that point 320 00:18:03,400 --> 00:18:06,500 maybe the question is, is the juice worth the squeeze? 321 00:18:06,600 --> 00:18:08,500 Is it something you really want to spend time on or are there 322 00:18:08,500 --> 00:18:10,300 other things that maybe provide more value? 323 00:18:10,400 --> 00:18:11,700 That could be another way to look at it too. 324 00:18:11,800 --> 00:18:15,700 So Let's move on to the next one. 325 00:18:15,900 --> 00:18:20,600 It is more or less job roles. I certainly have an opinion on 326 00:18:20,600 --> 00:18:22,400 this one. What do you think? 327 00:18:22,400 --> 00:18:26,100 Jim now I think what we decided beforehand was that we're going 328 00:18:26,100 --> 00:18:28,400 to go every other one. So now it's your turn to go 329 00:18:28,400 --> 00:18:30,400 first. So, let's see what that opinion 330 00:18:30,400 --> 00:18:33,500 that I get to. I get to leverage some of your 331 00:18:33,500 --> 00:18:35,500 answer. All right. 332 00:18:35,600 --> 00:18:39,700 I like to keep things simple. So I'm more of a fan of less job 333 00:18:39,700 --> 00:18:43,700 roles, at least to start with, I prefer more of an attribute 334 00:18:43,700 --> 00:18:47,100 based approach to and having more roles. 335 00:18:47,100 --> 00:18:50,500 But more consistent roles, what I mean by that, is taking a few 336 00:18:50,500 --> 00:18:52,500 attributes from like your authoritative Source. 337 00:18:52,800 --> 00:18:56,200 I'm an employee in North Carolina, I'm all set. 338 00:18:56,200 --> 00:19:00,200 Chicago Old Habits, will die and employee in North Carolina and I 339 00:19:00,200 --> 00:19:05,300 work in information security. Those three attributes might 340 00:19:05,300 --> 00:19:07,200 drive three different roles that. 341 00:19:07,200 --> 00:19:11,800 Give me what I need, if I change, maybe I am an employee. 342 00:19:11,800 --> 00:19:14,400 Who moves back to Chicago? But I still stayed information 343 00:19:14,400 --> 00:19:16,100 security. Two of those attributes. 344 00:19:16,100 --> 00:19:18,700 Stay the same and maybe that third attribute that was 345 00:19:18,700 --> 00:19:20,200 controlling other axis change as well. 346 00:19:20,200 --> 00:19:23,200 So I prefer less job roles themselves. 347 00:19:23,200 --> 00:19:26,700 They feel like they're pretty volatile and it's a lot of work 348 00:19:26,700 --> 00:19:30,400 to keep them up to date, especially the coordination that 349 00:19:30,400 --> 00:19:33,300 needs to go along with what happens if you have shared job 350 00:19:33,300 --> 00:19:36,500 titles between different groups and analysts. 351 00:19:36,500 --> 00:19:39,100 And one group might be different than analysts and other support 352 00:19:39,100 --> 00:19:43,000 support, you know, whatever it may be and the coordination. 353 00:19:43,000 --> 00:19:46,200 The you To also have with whoever is the owner of the 354 00:19:46,200 --> 00:19:49,500 authoritative Source. Typically, like HR or maybe 355 00:19:49,500 --> 00:19:51,900 Finance, if maybe its contractors, are not employees 356 00:19:51,900 --> 00:19:53,200 involved, right? Things like that. 357 00:19:53,200 --> 00:19:56,600 So I'd rather keep things simple at least to start again. 358 00:19:56,600 --> 00:19:58,900 I think this is another area where I go out of organizations 359 00:19:59,300 --> 00:20:02,500 say they want to be you know, fully role-based, you know, 360 00:20:02,500 --> 00:20:06,400 Access Control in place and it's really hard to do especially if 361 00:20:06,400 --> 00:20:09,500 you don't have good data and good tools to actually make it 362 00:20:09,500 --> 00:20:11,600 happen. All right, your turn. 363 00:20:12,000 --> 00:20:16,200 Okay, I'm going to generally agree with you, fewers better. 364 00:20:16,700 --> 00:20:21,100 I'm going to in a put a spin on it, which is that, you know, 365 00:20:21,100 --> 00:20:26,900 I've been involved with kind of building an are back from the 366 00:20:26,900 --> 00:20:31,200 ground up. And so to me this is my opinion. 367 00:20:31,200 --> 00:20:34,200 I think that there's so many folks out there who have 368 00:20:34,200 --> 00:20:36,600 experience with roles and have a different perspective. 369 00:20:36,600 --> 00:20:41,700 But to me, it's you want to start out with What can we Grant 370 00:20:41,700 --> 00:20:46,000 access to automatically? So when we onboard somebody, can 371 00:20:46,000 --> 00:20:48,300 we create the Ada account? Can we put them in the right 372 00:20:48,300 --> 00:20:54,000 groups based on attributes in their, you know, their identity 373 00:20:54,200 --> 00:20:58,700 data authoritative file. So, for employees and be an HR 374 00:20:58,700 --> 00:21:03,500 System or for a non-employee, it might be some other system, but 375 00:21:03,600 --> 00:21:06,600 if there's data attributes are or even if you're creating them 376 00:21:06,600 --> 00:21:11,400 in your IGA system, but identifying those at You see, he 377 00:21:11,400 --> 00:21:15,100 off of like, they're in Chicago, so they have access to the 378 00:21:15,100 --> 00:21:18,900 Chicago lunch menu. And, you know, that's our silly 379 00:21:18,900 --> 00:21:21,300 example. We always point to, but the idea 380 00:21:21,300 --> 00:21:25,200 being that, you know, there you can onboard somebody, give them 381 00:21:25,200 --> 00:21:30,500 email accounts. Give them, you know, VPN, I'm 382 00:21:30,500 --> 00:21:32,200 sorry. Were you were you wanted to say 383 00:21:32,200 --> 00:21:35,300 something? Okay, now, I was just clapping 384 00:21:35,300 --> 00:21:40,200 at the lunch menu, example, just We also use it all the time but 385 00:21:40,300 --> 00:21:42,800 yeah, I know. I want to say for the record. 386 00:21:42,800 --> 00:21:46,300 I Am pro watch. Yeah, yeah. 387 00:21:46,700 --> 00:21:50,300 Everybody should have lunch so All right. 388 00:21:50,300 --> 00:21:51,800 I think that's the starting point. 389 00:21:51,900 --> 00:21:56,600 I think then on top of it, you know, one of my other major 390 00:21:56,700 --> 00:22:02,000 rules drivers is that the business has to own the roles. 391 00:22:02,000 --> 00:22:04,100 They have to get behind the roles that doesn't mean they 392 00:22:04,100 --> 00:22:08,700 have to create them in a silo or create some of that it's-- help, 393 00:22:08,800 --> 00:22:12,200 but they can't be so disconnected from the process 394 00:22:12,200 --> 00:22:16,500 that they don't have any skin in the game and so that's where I 395 00:22:16,500 --> 00:22:22,300 start to dial it back to, you know, Identifying somebody in 396 00:22:22,300 --> 00:22:25,500 the business, in a business departments, a finance or say 397 00:22:25,500 --> 00:22:30,200 HR, who understands enough about technology be dangerous or is 398 00:22:30,200 --> 00:22:34,700 involved with the provisioning of users that they work with 399 00:22:35,300 --> 00:22:39,700 your, it rolls administrator, your IGA rolls administrator to 400 00:22:39,700 --> 00:22:44,500 design the roles and then I think, the area where you start 401 00:22:44,500 --> 00:22:48,500 is where you have people who basically do the same thing. 402 00:22:48,800 --> 00:22:52,100 So if you have something like A call center or you have 403 00:22:52,100 --> 00:22:56,300 something like you know, people who do nursing now. 404 00:22:56,300 --> 00:22:59,100 All nurses, don't do the same job as I've learned from working 405 00:22:59,100 --> 00:23:02,100 with Healthcare clients but they have a lot of the same 406 00:23:02,100 --> 00:23:04,700 responsibilities you need access to the same system. 407 00:23:04,900 --> 00:23:09,200 So there may be a baseline nursing role and then based on 408 00:23:09,600 --> 00:23:12,500 the type of nurse they are, it can Branch off from there. 409 00:23:12,800 --> 00:23:17,000 But even if you, you know, if you take that 80/20 perspective, 410 00:23:17,000 --> 00:23:19,100 that was the other thing I was going to say is I think you need 411 00:23:19,100 --> 00:23:22,200 to take a detour. Any perspective like rolls isn't 412 00:23:22,200 --> 00:23:27,000 going to get you to 100% automation of access assignment 413 00:23:27,000 --> 00:23:28,800 at least. I've never seen anywhere come 414 00:23:28,800 --> 00:23:31,400 even close to 100%. So if you kind of come to a 415 00:23:31,408 --> 00:23:34,300 point where you're saying, we're trying to get to a point where 416 00:23:34,700 --> 00:23:39,200 we've either automated or simplify the axis assignment, 417 00:23:39,200 --> 00:23:44,500 for 80% of the access that needs to be provisioned, you win, you 418 00:23:44,500 --> 00:23:48,900 win big time. And so to me, focus on people 419 00:23:48,900 --> 00:23:52,600 that do the same job. Or do portions of the job. 420 00:23:52,600 --> 00:23:56,700 The same don't focus on like it administrators and folks like 421 00:23:56,700 --> 00:23:59,300 that. They're so hard to get a role 422 00:23:59,300 --> 00:24:03,700 for that basically or and have one roll per person and then you 423 00:24:03,700 --> 00:24:08,900 lose It sounds unlikely. We agree for the most part. 424 00:24:08,900 --> 00:24:12,800 Keep it simple. Less is more 80/20. 425 00:24:13,400 --> 00:24:14,800 All right, let's move on the next one. 426 00:24:14,800 --> 00:24:16,100 I'll be honest. This one had helped me a little 427 00:24:16,100 --> 00:24:19,100 bit stumped. I wasn't quite sure, but but 428 00:24:19,200 --> 00:24:24,300 it's how to build admin intelligence or IAI, okay? 429 00:24:24,300 --> 00:24:25,900 And then you and I were talking as I could maybe it has 430 00:24:25,900 --> 00:24:28,700 something to do with like intelligence within specifically 431 00:24:28,700 --> 00:24:30,900 like the IGA platform maybe sell Point. 432 00:24:31,000 --> 00:24:33,700 What I guess, what are you inferring from this question? 433 00:24:34,100 --> 00:24:38,800 Yeah, I mean this is like Over the past few years. 434 00:24:38,800 --> 00:24:43,500 This is an area where the IGA platforms have really invested 435 00:24:43,500 --> 00:24:49,200 to start to try to differentiate their products and from an 436 00:24:49,200 --> 00:24:53,700 intelligence standpoint, I think a lot of the focus has been put 437 00:24:53,700 --> 00:25:00,500 on trying to predictively either assign or recommend access. 438 00:25:01,000 --> 00:25:04,800 Be assigned to certain people. So, in other words, hey, where 439 00:25:04,800 --> 00:25:08,400 you're assigning Access to Jeff. We see there. 440 00:25:08,400 --> 00:25:13,900 Everybody else who's on the security and privacy team also 441 00:25:13,900 --> 00:25:18,700 has access to XYZ application? Do you want to go ahead and give 442 00:25:18,700 --> 00:25:22,000 it to Jeff as well? So in other words it somehow is 443 00:25:22,000 --> 00:25:25,100 analyzing the data to make these predictions. 444 00:25:25,100 --> 00:25:31,300 I make things, you know, using artificial intelligence to make 445 00:25:31,300 --> 00:25:33,600 sure that Jeff has the access he needs. 446 00:25:33,600 --> 00:25:37,500 I think that the best way to To kind of go about building. 447 00:25:37,500 --> 00:25:42,400 That is, I think from the first and point, it's this very 448 00:25:42,400 --> 00:25:44,900 product-specific, there's something that products are 449 00:25:44,900 --> 00:25:46,700 using to differentiate themselves. 450 00:25:46,700 --> 00:25:51,600 So it's proprietary. I think you have to look at what 451 00:25:51,600 --> 00:25:56,100 the vendors recommending in terms of what their product can 452 00:25:56,100 --> 00:26:00,000 do and how to configure it. I think, you know, in terms of 453 00:26:00,300 --> 00:26:04,500 of best practices for me, it's like dip your toe in the water 454 00:26:04,500 --> 00:26:08,300 like enter into the This area slowly because what you don't 455 00:26:08,300 --> 00:26:12,900 want to have happen, is artificial intelligence, which 456 00:26:12,900 --> 00:26:16,500 is essentially computer program, kind of deciding who should get 457 00:26:16,500 --> 00:26:20,100 what access when somebody's actually should be taken away, 458 00:26:20,400 --> 00:26:23,300 because then you don't even really know. 459 00:26:23,400 --> 00:26:25,600 You're getting much further away from that kind of eye. 460 00:26:25,600 --> 00:26:31,500 Till ticket based methodology, and you're trusting a computer 461 00:26:31,500 --> 00:26:34,600 program that you don't really know how it works behind the 462 00:26:34,600 --> 00:26:38,400 scenes to decide. Guess what access and I think 463 00:26:38,400 --> 00:26:41,900 that I think most audit groups wouldn't really like that and I 464 00:26:41,908 --> 00:26:44,100 don't think I would feel comfortable with that either. 465 00:26:46,000 --> 00:26:49,300 Yeah, I think if this is, if this is the direction you're 466 00:26:49,300 --> 00:26:52,600 going down, you know, AI for example, it's only as good as 467 00:26:52,600 --> 00:26:56,000 the data that you're giving it is only as good as the a model 468 00:26:56,000 --> 00:26:58,300 that's built around. I think. 469 00:26:58,300 --> 00:27:02,200 Generally right now, I am relatively skeptical that this 470 00:27:02,200 --> 00:27:06,000 stuff actually works in the real world in the way that, you know, 471 00:27:06,000 --> 00:27:09,400 vendors portray that at will. I think a lot of times it's 472 00:27:09,400 --> 00:27:13,300 based on sort of this ideal state of 0, we have all of our 473 00:27:13,300 --> 00:27:16,600 systems connected. All of Our data is clean, all of 474 00:27:16,600 --> 00:27:20,800 our users are in our sources and I think anybody who's been an 475 00:27:20,800 --> 00:27:23,000 identity for more than, you know, 10 minutes probably 476 00:27:23,000 --> 00:27:26,400 realizes that that's not true. You know, the majority of the 477 00:27:26,400 --> 00:27:31,800 time. I'm, I'm, I'm skeptical. 478 00:27:31,800 --> 00:27:34,800 Let me just leave it that I think it's a data point to be 479 00:27:34,800 --> 00:27:39,500 used by somebody, to then help decide whether that information 480 00:27:39,900 --> 00:27:43,700 is valid as part of the decision-making process. 481 00:27:44,300 --> 00:27:47,300 I don't think We're yet at the spot where is completely 482 00:27:47,300 --> 00:27:50,700 hands-off. And you know, we're letting you 483 00:27:50,708 --> 00:27:54,800 know, some agent Smith run around inside your your IGA 484 00:27:54,800 --> 00:27:59,900 system making decisions on who has access to what that is 485 00:27:59,900 --> 00:28:02,100 definitely not. What I've seen out there is 486 00:28:02,100 --> 00:28:05,400 generally more of a tool to be able to say okay well we're 487 00:28:05,400 --> 00:28:08,200 trying to build roles and we see that 80% of the people have this 488 00:28:08,200 --> 00:28:11,700 access or hey Everett you know a hundred percent of the people in 489 00:28:11,700 --> 00:28:13,300 your team have access to this thing. 490 00:28:13,300 --> 00:28:16,700 We think it's okay like Like that, you know, maybe add some 491 00:28:16,700 --> 00:28:19,500 value but again it's is only as good as the data that's coming 492 00:28:19,500 --> 00:28:23,000 into it. And it's judges should just be 493 00:28:23,300 --> 00:28:26,900 part of the decision-making process, not the decision making 494 00:28:26,900 --> 00:28:30,300 process, if that makes sense. Yeah, the one thing that I'm 495 00:28:30,300 --> 00:28:35,900 going to see here thinking about it, the one area where I think 496 00:28:36,400 --> 00:28:39,900 artificial intelligence could really help is kind of that, 497 00:28:40,500 --> 00:28:44,400 that key model, which is where you're analyzing, what access 498 00:28:44,400 --> 00:28:48,100 to. An account has and how much 499 00:28:48,100 --> 00:28:51,700 they're using that I've access. So, in other words because to me 500 00:28:51,700 --> 00:28:57,000 authorizations are kind of like that next Frontier of the attack 501 00:28:57,000 --> 00:28:59,500 surface. So now, if I look at Jeff's 502 00:28:59,500 --> 00:29:04,500 account and he has 500 authorizations via the roles 503 00:29:04,500 --> 00:29:08,300 that he's in. But over the past 12 months, 504 00:29:08,700 --> 00:29:13,100 he's only used two hundred of them. well, then I have an 505 00:29:13,100 --> 00:29:18,200 over-provision to count, most likely So I can see that. 506 00:29:18,300 --> 00:29:19,900 Like that's, that's interesting to me. 507 00:29:19,900 --> 00:29:23,400 Like, you're not, you're using really Behavior analytics, 508 00:29:23,700 --> 00:29:25,800 right? To sort of enrich the 509 00:29:25,800 --> 00:29:28,200 notification process. I actually have a pretty good 510 00:29:28,200 --> 00:29:32,300 real life example of this is I have a Apple iPhone. 511 00:29:32,400 --> 00:29:36,300 I have an Apple Watch and over the last few weeks since I've 512 00:29:36,300 --> 00:29:40,600 moved from to Chicago area, which is relatively flat to, 513 00:29:40,600 --> 00:29:44,500 Western North Carolina, which is the opposite, very hilly. 514 00:29:45,000 --> 00:29:47,000 Apple is telling me. Hey you're A lot more 515 00:29:47,000 --> 00:29:49,400 stair-climbing than you normally do. 516 00:29:50,500 --> 00:29:54,100 I am, I'm walking up a lot of Hills compared to what I used to 517 00:29:54,108 --> 00:29:56,500 do. And I think that sort of trend 518 00:29:56,500 --> 00:29:59,400 indicator might be helpful from an analyst perspective to say, 519 00:29:59,400 --> 00:30:01,400 hey, that is, that is interesting. 520 00:30:01,800 --> 00:30:04,800 What do we do about that? And I think that's an area that, 521 00:30:04,800 --> 00:30:06,600 you know, you and I have been talking about for years, we've 522 00:30:06,600 --> 00:30:09,200 seen sort of players in the space like EXA Beam, for 523 00:30:09,200 --> 00:30:13,100 example, and other sort of this, what people call like this Sim 524 00:30:13,100 --> 00:30:20,900 2.0, that is taking these owls and surfacing up to platforms, 525 00:30:20,900 --> 00:30:22,200 to be able to make decisions with, right? 526 00:30:22,200 --> 00:30:24,700 We see this a little bit in the access management platform where 527 00:30:25,300 --> 00:30:28,200 the impossible travel scenario. Well, you know, Jeff just logged 528 00:30:28,200 --> 00:30:30,700 in from Chicago and then three minutes later he logs in from 529 00:30:30,700 --> 00:30:33,000 North Carolina, that doesn't make any sense. 530 00:30:33,000 --> 00:30:36,300 Let's do something about it. Throw up an MFA prompt or, you 531 00:30:36,300 --> 00:30:38,000 know, some other challenge, whatever that looks like. 532 00:30:38,500 --> 00:30:41,600 The same thing could be done from a identity governance 533 00:30:41,600 --> 00:30:44,500 perspective, or a privileged access management perspective, 534 00:30:44,500 --> 00:30:47,900 where you taking those sorts of Ada, and you're leveraging a eye 535 00:30:47,900 --> 00:30:51,700 to spot those Trends and do something with it. 536 00:30:51,900 --> 00:30:54,200 You know, if it's just surfacing it up in a ticket, that's better 537 00:30:54,200 --> 00:30:56,200 than it being lost in some sort of log somewhere. 538 00:30:56,200 --> 00:30:59,000 That, you know, no one looks at for six months and then by then, 539 00:30:59,000 --> 00:31:02,300 it's too late. Yeah, you know, part of what my 540 00:31:02,300 --> 00:31:07,800 concern is with, this AI is like the teams that I think would be 541 00:31:07,900 --> 00:31:11,900 we get the most benefit from. It are the ones who are the most 542 00:31:11,900 --> 00:31:14,200 vulnerable to what if it goes Haywire. 543 00:31:14,600 --> 00:31:19,900 So you know My concern is a lot of the companies that have 544 00:31:20,400 --> 00:31:23,800 scaled back the size of 13 teams. 545 00:31:24,300 --> 00:31:28,200 It's like, oh yeah, that's where using AI to get more efficient 546 00:31:28,200 --> 00:31:31,400 would be really helpful but they get further and further away 547 00:31:31,400 --> 00:31:33,800 from you actually knowing how the system works. 548 00:31:34,800 --> 00:31:38,100 And so to me it's a little bit of a scary combination. 549 00:31:38,100 --> 00:31:42,600 But you know, also counterbalance that with the 550 00:31:42,600 --> 00:31:46,300 fact that more and more these things are moving to the cloud. 551 00:31:46,700 --> 00:31:50,900 And you have even less until it's just about what's going on 552 00:31:50,900 --> 00:31:54,900 behind the curtain truly as the software as a service, like 553 00:31:54,900 --> 00:31:58,300 these are proprietary systems are not open source, you don't 554 00:31:58,300 --> 00:32:03,600 always know how they're working behind the scenes and your urine 555 00:32:03,600 --> 00:32:08,100 kind of a trust model that you know that system is going to 556 00:32:08,100 --> 00:32:11,300 stay secure. And it's secure until it's not, 557 00:32:11,300 --> 00:32:15,100 I guess. Yeah, I think I might humans 558 00:32:15,100 --> 00:32:20,900 going to have flaws in it. So I want to bridge that part of 559 00:32:20,900 --> 00:32:24,000 the AI and being able to explain it with the managing audit 560 00:32:24,000 --> 00:32:25,700 expectations. Because one of the things that I 561 00:32:25,700 --> 00:32:28,700 think about is like, okay, well hey, we're leveraging a auditor, 562 00:32:28,700 --> 00:32:33,500 we're leveraging AI to do these things for us and then the next 563 00:32:33,500 --> 00:32:35,900 question, I would have it. An honor is okay, tell me how 564 00:32:35,900 --> 00:32:39,800 your AI works. Can you can you actually explain 565 00:32:39,800 --> 00:32:42,100 it, right? The algorithms is it documented 566 00:32:42,100 --> 00:32:43,700 things like that? Are you going to be able to 567 00:32:43,700 --> 00:32:48,500 produce the evidence that your AI is actually effective in 568 00:32:48,508 --> 00:32:50,700 making that decision? So I think that goes along with 569 00:32:50,700 --> 00:32:54,600 sort of the question next on the list was managing audit 570 00:32:54,600 --> 00:32:59,200 expectations which is definitely near and dear to my heart from a 571 00:32:59,500 --> 00:33:03,400 former operation side of things. I will go first as we kind of go 572 00:33:03,400 --> 00:33:06,500 back and forth here, I think this is let's start with a. 573 00:33:06,500 --> 00:33:08,500 Let's start with Our expectations. 574 00:33:08,500 --> 00:33:11,300 The first one I think is you have to have a relationship with 575 00:33:11,300 --> 00:33:14,200 your Auditors. You cannot just treat them at 576 00:33:14,200 --> 00:33:18,500 arm's length as like the cops and they come in and check you 577 00:33:18,500 --> 00:33:23,300 and your the bad guys. More generally speaking, most 578 00:33:23,300 --> 00:33:26,200 Auditors, especially the internal Auditors are the check 579 00:33:26,200 --> 00:33:30,600 before the external Auditors come in is much better to have 580 00:33:30,700 --> 00:33:33,300 things found from an internal audit perspective than from an 581 00:33:33,300 --> 00:33:35,700 external audit perspective. So if you've got the 582 00:33:35,700 --> 00:33:37,400 relationships there that is helpful. 583 00:33:37,800 --> 00:33:40,800 I think the other thing too is at least in my experience is 584 00:33:40,800 --> 00:33:44,100 that audit doesn't actually tell you what to do. 585 00:33:44,600 --> 00:33:48,100 They are there to check on what you say you are going to do or 586 00:33:48,100 --> 00:33:52,800 what are you've documented from a process procedure, whatever it 587 00:33:52,808 --> 00:33:55,200 might be to validate that what you're doing. 588 00:33:55,200 --> 00:33:58,000 From a process perspective, is actually what's taking place in 589 00:33:58,000 --> 00:34:00,300 real life. Now, you could argue, they might 590 00:34:00,300 --> 00:34:02,900 find that a process is ineffective and then you have to 591 00:34:02,900 --> 00:34:08,000 update the process or whatever it may be, but in the Is that 592 00:34:08,000 --> 00:34:11,600 I've been a part of and worked with generally, speaking audit 593 00:34:11,600 --> 00:34:15,199 is merely an advisor, they advise on risk. 594 00:34:15,199 --> 00:34:19,100 And they say, okay, here is what we think should be taking place, 595 00:34:19,100 --> 00:34:22,500 but it's still up to the business to make a decision on 596 00:34:22,500 --> 00:34:24,300 what they want to do about that risk. 597 00:34:24,300 --> 00:34:27,600 And a lot of times what you'll see is, you know, an audit 598 00:34:27,600 --> 00:34:30,400 findings document that has the auditor the audit, you know, 599 00:34:30,400 --> 00:34:32,000 whatever are finding that they say they have. 600 00:34:32,000 --> 00:34:35,400 And then there's like this Blank Spot called management response. 601 00:34:35,400 --> 00:34:37,600 I've written enough of these in the past. 602 00:34:37,600 --> 00:34:40,600 A stores like okay, they're just telling me what the problem is 603 00:34:40,600 --> 00:34:43,199 or what they, what they see as the problem now. 604 00:34:43,199 --> 00:34:45,900 It's up to me as the person who's going to write that 605 00:34:45,900 --> 00:34:49,000 management response to say here's what we're going to do to 606 00:34:49,000 --> 00:34:52,100 fix it. Or here's why I don't think that 607 00:34:52,100 --> 00:34:56,699 it is a risk and we will focus on other things instead. 608 00:34:57,500 --> 00:35:01,000 So I think understanding those expectations and making sure 609 00:35:01,000 --> 00:35:05,000 that the Auditors understand what they're you know what it is 610 00:35:05,000 --> 00:35:06,700 that they're looking at because sometimes you have to help them, 611 00:35:06,700 --> 00:35:10,900 they may not be as you 100 percent Identity or 100% tool 612 00:35:10,900 --> 00:35:13,400 base, or whatever. That maybe is making sure that 613 00:35:13,400 --> 00:35:16,300 they understand how the platform works, whatever you're doing 614 00:35:16,300 --> 00:35:20,600 from any perspective and how the processes work and bringing them 615 00:35:20,600 --> 00:35:22,400 into the fold. I like to include them as part 616 00:35:22,400 --> 00:35:25,300 of program management as part of rolling things out. 617 00:35:25,300 --> 00:35:26,500 I think they're a key stakeholder. 618 00:35:26,500 --> 00:35:29,100 When it comes to, you know, designing, huh? 619 00:35:29,100 --> 00:35:31,900 Services work. You want to make it audit 620 00:35:31,900 --> 00:35:34,600 friendly and audit compliance as much as possible at front rather 621 00:35:34,600 --> 00:35:37,700 than try to do that stuff later. So, sometimes that makes Sense 622 00:35:37,700 --> 00:35:41,600 to invite them to a steering meeting or invite them into a 623 00:35:42,000 --> 00:35:44,900 you know and I vendor demonstration of a tool that 624 00:35:44,900 --> 00:35:47,900 might be considering, right? Let them ask their questions as 625 00:35:47,900 --> 00:35:50,300 well and help provide some of their input. 626 00:35:50,300 --> 00:35:53,700 I think that's, I think it's an easy way to help sort of get 627 00:35:53,700 --> 00:35:56,900 them into the fold and help manage those expectations. 628 00:35:57,100 --> 00:35:59,400 Yeah, what do you think? Well, I think that the way 629 00:35:59,400 --> 00:36:01,400 you're talking about that, the way you're addressing, you're 630 00:36:01,400 --> 00:36:03,600 talking about internal external audit. 631 00:36:03,800 --> 00:36:07,500 Some work is a job bigger, more complex structures, like that. 632 00:36:07,700 --> 00:36:10,800 T risk? That those are your teammates, 633 00:36:10,800 --> 00:36:12,300 right? They're the ones who are to 634 00:36:12,300 --> 00:36:17,300 advise you in terms of how to pass the audit, I'm going to 635 00:36:17,308 --> 00:36:21,300 throw out another perspective, which is that, I think the audit 636 00:36:21,300 --> 00:36:24,900 process that I see the most of the time is very reactive. 637 00:36:25,100 --> 00:36:30,000 In other words, it's assessing how things are done and then, 638 00:36:30,000 --> 00:36:36,100 you know, inspecting the data looking for, you know, controls 639 00:36:36,100 --> 00:36:39,500 that are broken. And identifying those think 640 00:36:39,600 --> 00:36:43,200 going out for so, in other words, if a control, if they 641 00:36:43,200 --> 00:36:48,000 don't find bad data or they don't find an exception to it, 642 00:36:48,000 --> 00:36:52,200 then the control works fine. So to me that's kind of like 643 00:36:52,300 --> 00:36:55,800 that's not necessarily the spirit of what you're trying to 644 00:36:55,800 --> 00:36:59,200 achieve with the these regulations are trying to 645 00:36:59,200 --> 00:37:04,400 achieve is that you've got a more secure environment, not 646 00:37:04,400 --> 00:37:09,100 just that you pass the audit and So here's an example where I see 647 00:37:09,100 --> 00:37:12,000 that. So around user experience and 648 00:37:12,000 --> 00:37:14,700 what we talk a lot about with user experience, when it comes 649 00:37:14,700 --> 00:37:20,000 to the detective control of reviewing access is that 650 00:37:20,200 --> 00:37:24,800 sometimes people get overwhelmed as like here's your 50 users 651 00:37:24,800 --> 00:37:27,800 that report to you and therefore hundred entitlements do you 652 00:37:27,800 --> 00:37:32,100 should they have and they're named XYZ 1, 2 3. 653 00:37:32,600 --> 00:37:38,500 And The managers like, you know, I'm afraid to take away access 654 00:37:38,800 --> 00:37:41,200 for this person because what if they can't do their job? 655 00:37:41,200 --> 00:37:44,200 Last time I tried to get somebody access, it took 10 656 00:37:44,200 --> 00:37:46,800 days. There's no way I'm going to take 657 00:37:46,800 --> 00:37:49,400 access away, unless the person has left the organization. 658 00:37:49,700 --> 00:37:53,000 So I'm just going to approve. Everything is what we call a 659 00:37:53,008 --> 00:37:55,700 rubber stamp. And I mean, how many clients do 660 00:37:55,707 --> 00:37:57,700 we go into? Are like yeah, reverse a 661 00:37:57,700 --> 00:37:59,500 problem. You get audited? 662 00:37:59,500 --> 00:38:01,200 Yeah, we get audited you pasteurize. 663 00:38:01,200 --> 00:38:02,300 Yeah. We pass our audits. 664 00:38:02,500 --> 00:38:05,500 So, in other words, even though you have a Can process you pass 665 00:38:05,500 --> 00:38:08,700 your audit. So that's part of my 666 00:38:08,700 --> 00:38:10,700 perspective. I wanted to bring up one other 667 00:38:10,700 --> 00:38:16,300 thing which is I see some you know some identity governance 668 00:38:16,500 --> 00:38:21,100 tools that are kind of early in their maturity, which I think 669 00:38:21,100 --> 00:38:28,000 our focus more on organizations that maybe don't have as steep 670 00:38:28,000 --> 00:38:32,700 of a compliance curve to overcome as a where I'm getting 671 00:38:32,700 --> 00:38:36,000 at by that, like few, Think back to very early in variety 672 00:38:36,000 --> 00:38:41,300 careers, the way that audit evidence would take places that 673 00:38:41,300 --> 00:38:47,000 the administrator would take screenshots of the user list or 674 00:38:47,000 --> 00:38:51,500 they print it out on, you know, the the dot matrix printer and 675 00:38:51,500 --> 00:38:53,700 like that wood and then they scan it in. 676 00:38:53,700 --> 00:38:56,900 That would be the evidence that would end up in somebody's email 677 00:38:56,900 --> 00:39:00,000 box to say yes there's the right people or they'd actually 678 00:39:00,000 --> 00:39:02,700 physically write notes. I mean, I know this make it 679 00:39:02,700 --> 00:39:06,100 sound like a dinosaur. That is so essentially what that 680 00:39:06,100 --> 00:39:10,200 was coming from is that what we're auditing is not what your 681 00:39:10,200 --> 00:39:14,000 single sign-on system says that if you have access to or your 682 00:39:14,000 --> 00:39:17,900 IGA system says people have access to we're talking about 683 00:39:17,900 --> 00:39:19,700 that, what the source system has. 684 00:39:19,800 --> 00:39:24,400 Now if you can prove to me that nobody can access that system, 685 00:39:24,400 --> 00:39:27,200 unless they go through your single sign-on system or that 686 00:39:27,200 --> 00:39:31,500 the data in your IGA system is airtight that nobody could have 687 00:39:31,500 --> 00:39:35,500 like deleted a few accounts. Then okay, maybe I can go with 688 00:39:35,500 --> 00:39:39,900 that but for the most part we're trying to get to the system of 689 00:39:39,900 --> 00:39:42,000 record which is the end point system. 690 00:39:42,200 --> 00:39:47,100 And if there's a counts there that aren't on your system, you 691 00:39:47,100 --> 00:39:51,500 know, like service accounts for example, the audit has to be 692 00:39:51,500 --> 00:39:56,300 done a fact data of the data on the system, not on your central, 693 00:39:56,300 --> 00:40:02,100 I am system. So I don't know that every audit 694 00:40:02,100 --> 00:40:07,000 Department looks at it like, you know, that Black and white like 695 00:40:07,000 --> 00:40:10,100 I'm talking about. But to me, that's really what 696 00:40:10,100 --> 00:40:13,500 you're auditing it, what you should be auditing is the system 697 00:40:13,500 --> 00:40:18,500 where the data exists. Yeah, I'm I'm talking to myself 698 00:40:18,500 --> 00:40:22,900 because I'm a very long time ago setting with an auditor and they 699 00:40:22,900 --> 00:40:26,700 were asking me to prove a negative show me that this 700 00:40:26,700 --> 00:40:31,100 account does not exist. Okay, I run a search in a duck. 701 00:40:32,000 --> 00:40:34,800 Not found will do you have any proof that that's not found. 702 00:40:35,200 --> 00:40:40,900 Like it's not found it's not their me to wait and I had to 703 00:40:40,900 --> 00:40:43,700 take screenshots of you know it was like a sample of like 704 00:40:43,700 --> 00:40:47,100 onboarding rock whirring since I got samples 50 people take 705 00:40:47,100 --> 00:40:50,300 screenshots of 50 searches showing that the account is not 706 00:40:50,300 --> 00:40:52,100 there. I always got a chuckle out of 707 00:40:52,100 --> 00:40:53,900 that. That's one of the really laughs. 708 00:40:53,900 --> 00:40:56,300 I were talking to be or not to be. 709 00:40:56,300 --> 00:40:59,500 That is the question. Exactly. 710 00:41:01,100 --> 00:41:04,900 All right, let's get to the last one on his tweet and that is 711 00:41:05,100 --> 00:41:08,800 provisioning outside of sale Point, third-party apps. 712 00:41:09,800 --> 00:41:13,100 Your turn to go first. Alright, so what I think he's 713 00:41:13,100 --> 00:41:16,900 getting at here is like what is the best practice for handling 714 00:41:17,600 --> 00:41:21,200 provisioning when you can't automate the provisioning. 715 00:41:22,800 --> 00:41:27,800 So there are is a scenario where a lot of aij systems have kind 716 00:41:27,800 --> 00:41:33,000 of a ticketing management system within themselves for the 717 00:41:33,000 --> 00:41:37,400 purposes of creating a ticket to it administrators to go create 718 00:41:37,400 --> 00:41:39,500 that access or than they're supposed to close that. 719 00:41:39,600 --> 00:41:44,400 It when they are done, you know, maybe there are, you know, 720 00:41:44,400 --> 00:41:46,800 posting some evidence that they did the work. 721 00:41:46,900 --> 00:41:50,200 Usually not from what I've seen to me. 722 00:41:50,200 --> 00:41:56,700 The best practice is sending creating a ticket in the itsm 723 00:41:56,700 --> 00:41:58,700 system. In the reason I say that is 724 00:41:59,000 --> 00:42:03,700 usually when let's say we're onboarding somebody, right? 725 00:42:03,700 --> 00:42:07,800 And they hit six axis is and five of them are systems that we 726 00:42:07,800 --> 00:42:12,600 ought to meet the 61 Is a system where it's some Linux 727 00:42:12,600 --> 00:42:16,900 application and an account needs to be manually provision. 728 00:42:17,800 --> 00:42:23,500 And so, ultimately, the Linux administrator is the person that 729 00:42:23,600 --> 00:42:26,200 is going to have to go and create that account and assign 730 00:42:26,200 --> 00:42:30,600 the entitlements and everything. They don't only do, you know, 731 00:42:30,600 --> 00:42:33,500 they're not waiting around for these tickets to come through. 732 00:42:33,500 --> 00:42:37,100 They're doing all kinds of work and they manage their work and 733 00:42:37,100 --> 00:42:41,100 itsm system usually. And so when you create a ticket 734 00:42:41,100 --> 00:42:46,200 for them in their itsm system, it gets in there Q with all the 735 00:42:46,200 --> 00:42:49,100 other work that they have to do now in terms of priority and 736 00:42:49,100 --> 00:42:52,300 might come to the top or go to the bottom whatever. 737 00:42:52,900 --> 00:42:55,700 But to me, that's why you want to put it there. 738 00:42:55,700 --> 00:42:58,300 As like you don't want there to be one other place. 739 00:42:58,300 --> 00:43:01,000 They have to check to see if they have work order. 740 00:43:01,600 --> 00:43:04,000 You know, stack all the work that they have to do it. 741 00:43:04,000 --> 00:43:08,800 Be preferable that they clock, all their work in the itsm 742 00:43:08,800 --> 00:43:11,000 system. And that there, I am tests are 743 00:43:11,000 --> 00:43:13,300 in there as well. So I think that's what Chris is 744 00:43:13,300 --> 00:43:19,100 asking about there. Yeah, and I have one spot to go. 745 00:43:19,100 --> 00:43:22,200 I think to have that provisioning track makes sense. 746 00:43:22,500 --> 00:43:25,400 I'm not a fan of using the built-in ticketing. 747 00:43:25,600 --> 00:43:28,700 You know, that there were process that might be built an 748 00:43:28,700 --> 00:43:31,000 IG perform unless that's the only thing you have. 749 00:43:31,000 --> 00:43:33,500 I think you're better off strategically, who averaging 750 00:43:33,500 --> 00:43:36,200 whatever your it standard is servicenow share. 751 00:43:36,200 --> 00:43:38,800 Well, freshdesk, you know, whatever. 752 00:43:38,800 --> 00:43:40,800 It might be like that sort of approach. 753 00:43:41,100 --> 00:43:44,100 I think the other thing that I will add on to this is it could 754 00:43:44,100 --> 00:43:46,500 be a scenario where you've got the Third-party apps. 755 00:43:46,500 --> 00:43:48,700 They might be like ass a space app and you don't have a 756 00:43:48,700 --> 00:43:50,800 connection for example, from sale point. 757 00:43:51,200 --> 00:43:55,000 But you could do, is, if you have a relatively modern access 758 00:43:55,000 --> 00:43:58,800 management tool something like an OCTA or an Azure is, you 759 00:43:58,800 --> 00:44:01,700 could leverage them to do the provisioning for that third 760 00:44:01,700 --> 00:44:04,700 party app, maybe it's controlled the in Active Directory Group, 761 00:44:04,700 --> 00:44:07,400 or maybe it is a entitlement within the octave Universal 762 00:44:07,400 --> 00:44:09,100 directory or something like that. 763 00:44:09,400 --> 00:44:12,600 You basically stage the account into one of those directories 764 00:44:12,600 --> 00:44:16,700 via sale point and then you let the access management tool that 765 00:44:16,700 --> 00:44:20,800 has probably the appropriate SAS connector to that app to then 766 00:44:21,000 --> 00:44:24,200 facilitate the provisioning of that through the same process. 767 00:44:24,200 --> 00:44:27,600 So you're kind of like, chaining your lifecycle management from 768 00:44:28,000 --> 00:44:31,000 IGA to the access management platform to do that as well. 769 00:44:31,000 --> 00:44:32,300 So that could be an option as well. 770 00:44:33,300 --> 00:44:34,700 Hopefully were inferring some content. 771 00:44:34,700 --> 00:44:37,200 Some of the appropriate context out of this from a tweet which 772 00:44:37,200 --> 00:44:39,700 is always dangerous but we're giving it our best. 773 00:44:40,100 --> 00:44:43,600 Yeah I'm sure Crystal follow-up after here's the episode and let 774 00:44:43,600 --> 00:44:48,300 us know how much how much we I mean, hey, if we 80/20, if we 775 00:44:48,300 --> 00:44:52,300 got 4 out of 5, I'm happy, yeah, I'm happy. 776 00:44:52,300 --> 00:44:55,000 We got half of them, right. So I'll set the bar a little bit 777 00:44:55,000 --> 00:44:58,600 lower for us. Okay, so I think that really 778 00:44:58,600 --> 00:45:00,700 kind of covered everything from his tweet, which is really cool. 779 00:45:00,700 --> 00:45:03,300 I love to get like stuff like this because Jim and I can 780 00:45:03,300 --> 00:45:05,500 ramble on about anything, but we'd rather talk about stuff 781 00:45:05,500 --> 00:45:07,000 that people actually have questions about. 782 00:45:07,000 --> 00:45:10,000 So thanks Chris for sending that tweet out. 783 00:45:10,300 --> 00:45:13,200 If you got questions and you're listening, drop them in a tweet. 784 00:45:13,200 --> 00:45:15,600 Sent them to us via LinkedIn. We're happy to kind of like I 785 00:45:15,607 --> 00:45:19,400 said build a show around it. Anything you want to bring up 786 00:45:19,400 --> 00:45:22,500 around anything that we talked about so far before we start to 787 00:45:22,500 --> 00:45:25,000 close things out. No, I'm kind of excited to get 788 00:45:25,000 --> 00:45:30,600 into this lighter note, question, I actually I had a 789 00:45:30,600 --> 00:45:35,700 because I'm new with my company. I had an introduction and I was 790 00:45:35,700 --> 00:45:39,000 supposed to come up with a legendary question for everybody 791 00:45:39,000 --> 00:45:41,900 else. And yeah, instead what up? 792 00:45:42,000 --> 00:45:44,900 I messed it up. I thought that there should be a 793 00:45:44,900 --> 00:45:47,400 lighter note. Question presented to me and I 794 00:45:47,400 --> 00:45:50,000 was going to answer it. So the question I asked the 795 00:45:50,000 --> 00:45:53,500 group that I came up with on the Fly, was, what's your favorite 796 00:45:53,500 --> 00:45:56,900 podcast and you got some really good answers. 797 00:45:59,000 --> 00:46:01,100 Yeah, so for those who missed it, Jim and I are working 798 00:46:01,100 --> 00:46:04,000 together again, both part of our SMS identity practice. 799 00:46:04,000 --> 00:46:08,200 So, come seek us out if you need help with something but yeah, we 800 00:46:08,200 --> 00:46:10,800 have like a think we do. When we have people who start, 801 00:46:10,800 --> 00:46:13,500 they have liked to give like a little intrude for themselves. 802 00:46:13,500 --> 00:46:16,800 And I remember looking at that That's line you're working with 803 00:46:16,800 --> 00:46:19,700 with Ben and it was completely blank and he's like, no, you 804 00:46:19,700 --> 00:46:21,800 were supposed to come up with the questions and they're like, 805 00:46:22,900 --> 00:46:27,400 okay I got it now. Fortunately wasn't like a real 806 00:46:27,400 --> 00:46:32,000 Mindbender kind of, if right. All right, let's get to the 807 00:46:32,000 --> 00:46:34,500 lighter note. So here's the scenario. 808 00:46:34,900 --> 00:46:37,000 They're making a movie about your life. 809 00:46:37,000 --> 00:46:42,000 Jim What actor would you want to play you in that movie? 810 00:46:42,800 --> 00:46:45,700 No, so Jeff, you know, me for a little while and you know, that 811 00:46:46,000 --> 00:46:49,000 one of the things that's happened to me since I was a 812 00:46:49,000 --> 00:46:53,700 very young person was, people would always say, do you know, 813 00:46:53,700 --> 00:46:56,900 do you have a twin brother? Because you look exactly like 814 00:46:56,900 --> 00:47:00,700 dot dot dot. And based on my different looks 815 00:47:00,700 --> 00:47:02,300 that I've had throughout my life. 816 00:47:02,300 --> 00:47:05,000 It would change for a while. There it was a few different 817 00:47:05,000 --> 00:47:07,800 looks to, I've only known you for seven or eight years at this 818 00:47:07,800 --> 00:47:10,900 point. And I know two of those looks I 819 00:47:10,900 --> 00:47:14,800 changed my look like every I have changed my look like every 820 00:47:14,800 --> 00:47:18,100 two years when I was younger, you know, go from long hair or 821 00:47:18,100 --> 00:47:21,600 short hair, facial hair, no facial, hair, different 822 00:47:21,600 --> 00:47:28,400 hairstyles, things like that. Anyway, used to be Kid Rock and 823 00:47:28,400 --> 00:47:34,800 then it was Bradley Cooper from A Star is Born. 824 00:47:35,200 --> 00:47:40,800 And I've gotten he look like Aquaman You know, Jason, Momoa 825 00:47:40,800 --> 00:47:42,900 Samoa. Yeah, I don't like that one. 826 00:47:43,000 --> 00:47:44,200 That what? I don't see at all? 827 00:47:44,200 --> 00:47:45,600 I'm sorry. Well, I do. 828 00:47:45,600 --> 00:47:49,700 I like, I feel like, I feel like even embarrassed saying that 829 00:47:49,700 --> 00:47:51,500 one, right? I like, I'm like, I don't look 830 00:47:51,500 --> 00:47:55,400 anything like him, but I had at least three people say it and I 831 00:47:55,408 --> 00:47:59,200 think what it is like, you know, I have longer hair, facial hair 832 00:47:59,500 --> 00:48:05,200 and I work out and so people are like, oh yeah, your long haired 833 00:48:05,200 --> 00:48:08,400 guy, who works out, you look like Jason Momoa, that's He's 834 00:48:08,400 --> 00:48:13,000 like, that's how he looks. But the most recent one, I got 835 00:48:13,000 --> 00:48:16,800 was Goldberg and I want I was just like, no, I don't, I don't 836 00:48:16,800 --> 00:48:20,400 see if I, you know, I mean, everybody sees what they see 837 00:48:21,000 --> 00:48:24,900 and, so, anyway, I could see the Goldberg maybe if you like, 838 00:48:24,900 --> 00:48:28,200 shaved your head and your beard, but then I think that kind of 839 00:48:28,200 --> 00:48:29,700 like defeats some of the purpose. 840 00:48:31,000 --> 00:48:33,700 I'm gonna go Jason Momoa though, even though I don't look like, 841 00:48:33,700 --> 00:48:36,300 I'm the question was like, who would you have play you? 842 00:48:36,700 --> 00:48:41,000 And I mean, I like that one. I'm going with that, I feel like 843 00:48:41,000 --> 00:48:43,600 it's going to be with those movies where it's like, why did 844 00:48:43,600 --> 00:48:46,300 they cast this person? Like that person doesn't look 845 00:48:46,300 --> 00:48:48,200 anything like them. And maybe, you know, that's a 846 00:48:48,200 --> 00:48:49,500 that Jason knows on, a great actor. 847 00:48:49,500 --> 00:48:53,400 I enjoy his work, Bubba, blah. But I'm just, I'm just not 848 00:48:53,400 --> 00:48:54,300 seeing it, man. I'm sorry. 849 00:48:54,400 --> 00:48:56,100 Yeah, that's okay. Sorry. 850 00:48:58,400 --> 00:49:01,000 I think as far as myself I don't look like any I don't get 851 00:49:01,000 --> 00:49:02,900 anything like that. Like I don't like anybody else. 852 00:49:02,900 --> 00:49:05,300 I guess we're better for something that's good or bad, 853 00:49:05,300 --> 00:49:09,000 but no one's ever said, hey you look like so and so, and I've 854 00:49:09,000 --> 00:49:13,000 had relatively consistent look now for like 30 years. 855 00:49:13,000 --> 00:49:15,500 I used a long here when I was younger, but it's been pretty 856 00:49:15,500 --> 00:49:20,600 short since my, I guess, early early 20s or late teens. 857 00:49:21,400 --> 00:49:23,600 So, I don't know who would play me. 858 00:49:23,800 --> 00:49:26,800 I would say back in the day, maybe somebody like a Tom Cruise 859 00:49:26,800 --> 00:49:29,600 or something like that. Just like the the short hair 860 00:49:29,600 --> 00:49:32,700 from what was it Mission Impossible? 861 00:49:32,700 --> 00:49:34,400 I think would probably have been like, the probably the closest 862 00:49:34,400 --> 00:49:37,700 match, but you know, who would I want to play me? 863 00:49:37,700 --> 00:49:41,600 I would love to have like Paul Rudd or somebody like that or 864 00:49:42,100 --> 00:49:44,100 Ryan Reynolds I think. Both of those guys would be 865 00:49:44,100 --> 00:49:48,300 amazing in my role but in the story that is Jeff and his in 866 00:49:48,300 --> 00:49:51,200 his life. But I don't I don't, I have not 867 00:49:51,200 --> 00:49:55,800 been either fortunate or cursed to have somebody say, Hey you 868 00:49:55,800 --> 00:50:00,000 look like so and so so I'm going to be positive and say that's a 869 00:50:00,000 --> 00:50:03,300 good thing but that's just how I'm going to read into it. 870 00:50:03,600 --> 00:50:09,100 Yeah, well, I mean, he's, you know, when it changes every 871 00:50:09,100 --> 00:50:10,600 couple of years you're like okay. 872 00:50:10,600 --> 00:50:13,100 Well I guess I can look like whoever I want to look like 873 00:50:13,100 --> 00:50:15,300 then. It's true. 874 00:50:16,300 --> 00:50:19,600 Occasionally, I'll grow the facial hair, a little bit out 875 00:50:19,600 --> 00:50:21,800 for maybe a week or two. I'm fortunate, enough to be able 876 00:50:21,800 --> 00:50:25,500 to grow a nice beard if I wanted to, but about two weeks is my 877 00:50:25,500 --> 00:50:27,200 limit before. It starts to bother me and it's 878 00:50:27,200 --> 00:50:28,800 ready to go. Yeah, you are. 879 00:50:28,800 --> 00:50:34,500 I've always said you've got like a full beard of 5:00, but so get 880 00:50:34,500 --> 00:50:36,600 this one. So, my brother, and I were on 881 00:50:36,600 --> 00:50:39,200 the cab in New York City, a few years back. 882 00:50:39,600 --> 00:50:44,100 And we told the cab driver, Were brothers. 883 00:50:44,700 --> 00:50:50,200 And No, I don't see it. And it's like, really, why is 884 00:50:50,200 --> 00:50:52,100 that? Well, you have facial hair and 885 00:50:52,100 --> 00:50:56,500 he doesn't like and you look like Jason Momoa and he doesn't 886 00:50:59,000 --> 00:51:01,600 look like Jason Momoa. He looks like Kid Rock. 887 00:51:02,400 --> 00:51:04,000 Now, I think that's just a magic. 888 00:51:04,000 --> 00:51:05,400 It's genetics. I mean I have four younger 889 00:51:05,400 --> 00:51:07,900 brothers and I don't feel like I look like any of them. 890 00:51:08,400 --> 00:51:10,700 I think my middle brother. Alex is probably the closest 891 00:51:10,700 --> 00:51:13,800 one, but if you put like, the four of us are five of us into a 892 00:51:13,800 --> 00:51:18,000 room, I think one person would be like oh yeah I can kind of 893 00:51:18,000 --> 00:51:19,400 see the resemblance but the rest of us all. 894 00:51:19,400 --> 00:51:20,600 Look different. Yeah. 895 00:51:20,600 --> 00:51:23,000 Well what I was going to say is like your one brother. 896 00:51:23,000 --> 00:51:27,200 Looks like you with glasses on then I was thinking, I thought I 897 00:51:27,200 --> 00:51:31,200 think the only time I ever see him is like a LinkedIn picture 898 00:51:31,200 --> 00:51:35,400 which is about the size of a penny, you know. 899 00:51:35,400 --> 00:51:36,900 So I don't really know what he looks like. 900 00:51:36,900 --> 00:51:39,800 I just know he looks. It looks like you kind of. 901 00:51:40,600 --> 00:51:44,000 Yeah I think you know Alex I have very similar, you know, 902 00:51:44,100 --> 00:51:46,100 personalities. Tris things like that. 903 00:51:46,100 --> 00:51:48,300 We're definitely probably the most similar looking as well. 904 00:51:49,000 --> 00:51:51,500 Although he has shaved his head, and I have not yet been that 905 00:51:51,500 --> 00:51:55,100 that brave to do it. So, when he had hair, we 906 00:51:55,100 --> 00:51:57,600 definitely look a lot closer. Well, you have plenty of her, 907 00:51:58,400 --> 00:52:03,000 I'm doing so far so good. So we'll ride that wagon as long 908 00:52:03,000 --> 00:52:04,700 as we can. Yeah, that's right. 909 00:52:04,800 --> 00:52:07,900 Absolutely. Alright, let's go ahead and wrap 910 00:52:07,900 --> 00:52:09,900 it up for this week. Chris. 911 00:52:09,900 --> 00:52:13,300 Hopefully hopefully we covered what you're looking for, if not 912 00:52:13,300 --> 00:52:16,200 I'm sure you'll tweet at us. If Got other topics out there. 913 00:52:16,200 --> 00:52:20,000 You're listening, feel free to drop them into a tweet at IDC 914 00:52:20,000 --> 00:52:22,400 podcast or send us a message on LinkedIn. 915 00:52:23,700 --> 00:52:26,800 You will be at Gartner again the week of August 22nd. 916 00:52:27,100 --> 00:52:29,600 If you've got a spot that we can podcast from, so we're not 917 00:52:30,400 --> 00:52:33,000 homeless podcasters and the halls of Gartner, that would be 918 00:52:33,000 --> 00:52:35,800 great, sync up with us. We'd love to try to figure out a 919 00:52:35,808 --> 00:52:37,100 way. We can maybe share some space 920 00:52:37,100 --> 00:52:41,400 with somebody and I think that'll do it for us. 921 00:52:41,400 --> 00:52:44,100 I got one more time centered, I got one more thing. 922 00:52:45,400 --> 00:52:50,000 Good news is next week, we're going back to having gas now, we 923 00:52:50,000 --> 00:52:51,400 don't know. Yes, lined up for, like the 924 00:52:51,408 --> 00:52:53,500 next, you know, few months or whatever. 925 00:52:53,500 --> 00:52:57,300 So it could just, you know, works way back to Jim and Geoff, 926 00:52:57,300 --> 00:53:01,200 but there's so much interest in being on the show and I don't 927 00:53:01,200 --> 00:53:02,500 think it's going to be that hard to fill. 928 00:53:02,500 --> 00:53:05,900 But next week we're going to have our friend Robert Snodgrass 929 00:53:05,900 --> 00:53:13,200 on talk about State and Municipal I am and citizen I am 930 00:53:13,200 --> 00:53:17,100 so pretty excited about that. I'm he's super knowledgeable in 931 00:53:17,100 --> 00:53:19,400 that area. Yeah, for sure. 932 00:53:19,400 --> 00:53:22,900 That'll be a good one. I always hate to put next week 933 00:53:22,900 --> 00:53:24,800 because we never know what the schedule will put out there. 934 00:53:24,800 --> 00:53:27,100 But if it's not next week, it'll be an upcoming. 935 00:53:27,100 --> 00:53:29,700 I'm so so that's how that's how I will copy out that. 936 00:53:29,700 --> 00:53:31,200 How about that? I'm good with that. 937 00:53:31,200 --> 00:53:33,800 That's your ass trick. Yeah, it's coming. 938 00:53:33,800 --> 00:53:35,400 It's coming up. We're just working on 939 00:53:35,700 --> 00:53:37,300 calendaring and scheduling. All the good stuff. 940 00:53:37,900 --> 00:53:39,000 All right. We're going to leave it there. 941 00:53:39,100 --> 00:53:41,000 We're on the web identity at the center.com. 942 00:53:41,000 --> 00:53:43,600 We're on Twitter at idac podcasts. 943 00:53:43,900 --> 00:53:46,900 If you'll be at Gartner ping us. We'd love to do a fist bump or 944 00:53:46,900 --> 00:53:49,100 something. And with that, Go ahead and 945 00:53:49,100 --> 00:53:51,800 leave it for this week. Thanks all for listening and 946 00:53:51,800 --> 00:53:53,400 we'll talk with you all in the next one. 947 00:53:56,800 --> 00:53:59,700 Thanks for listening to the identity at the center podcast. 948 00:53:59,700 --> 00:54:02,100 If you like what you heard, don't forget to subscribe and 949 00:54:02,100 --> 00:54:05,200 visit us on the web and identity at the center.com.