1 00:00:00,040 --> 00:00:02,800 So people don't have to remember a password, which eliminates a 2 00:00:02,800 --> 00:00:05,120 lot of identity attacks. Yeah, but everybody loves 3 00:00:05,120 --> 00:00:06,840 passwords. I mean, we should just have more 4 00:00:06,840 --> 00:00:09,000 of those, shouldn't we? Well, they were my bread and 5 00:00:09,000 --> 00:00:10,320 butter. Like when I was a little 6 00:00:10,320 --> 00:00:12,800 identity nerd like that was a lot of what I learned was how to 7 00:00:12,800 --> 00:00:15,600 secure password based systems and how often do you force 8 00:00:15,600 --> 00:00:18,680 people to rotate and what sorts of complexity do you require? 9 00:00:18,680 --> 00:00:21,280 All this stuff that I was an expert in, like now I don't need 10 00:00:21,280 --> 00:00:22,720 it all because we've gone past that. 11 00:00:23,880 --> 00:00:25,160 What do you see as a different shader? 12 00:00:25,160 --> 00:00:26,720 Because there's a there's a lot of players in this 13 00:00:26,720 --> 00:00:28,840 authentication space, I guess. What makes you know? 14 00:00:28,840 --> 00:00:32,600 Let me put my jaded CSO hat on. What makes Beyond Identity 15 00:00:32,600 --> 00:00:35,080 special or unique in this area? Yeah. 16 00:00:35,080 --> 00:00:37,480 So we were founded only five years ago. 17 00:00:37,560 --> 00:00:40,200 So we're fairly new to the identity space, which helped us 18 00:00:40,200 --> 00:00:43,920 kind of leapfrog a lot of the the legacy infrastructure. 19 00:00:43,920 --> 00:00:45,760 So we never had passwords in our system. 20 00:00:45,760 --> 00:00:48,280 There are no shared secrets anywhere in the beyond identity 21 00:00:48,280 --> 00:00:51,480 architecture. So we're fundamentally built on 22 00:00:51,480 --> 00:00:54,800 a on a foundation that is more secure and then we have that 23 00:00:54,800 --> 00:00:57,120 integration with security tooling. 24 00:00:57,120 --> 00:00:59,360 So we were actually not founded by identity nerds, we were 25 00:00:59,360 --> 00:01:01,880 founded by security nerds who said, hey, we can solve this 26 00:01:01,880 --> 00:01:06,160 identity problem better. And so it's a really different 27 00:01:06,160 --> 00:01:08,920 way of approaching the identity problem than you'll see from 28 00:01:08,920 --> 00:01:18,280 most legacy vendors. This is identity at the center 29 00:01:19,000 --> 00:01:22,080 if it has anything to do with IAM. 30 00:01:22,080 --> 00:01:28,640 This is the go to podcast now your hosts Jim McDonald and Jeff 31 00:01:28,640 --> 00:01:36,360 Stedman. Welcome to the Identity of the 32 00:01:36,360 --> 00:01:37,960 Center podcast. I'm Jeff, and that's Jim. 33 00:01:37,960 --> 00:01:39,800 Hey, Jim. Hey, Jeff, how are you? 34 00:01:39,800 --> 00:01:41,120 Oh. Not so bad yourself. 35 00:01:41,720 --> 00:01:43,400 I'm good. You can see my sweatshirt on. 36 00:01:43,400 --> 00:01:48,000 I'm beyond cold, beyond cold here in February in the South. 37 00:01:48,440 --> 00:01:50,240 I see what you did there. This is in reference to our 38 00:01:50,240 --> 00:01:51,640 sponsored episode we're doing today, right? 39 00:01:52,120 --> 00:01:55,280 That's right, we were having a beyond kind of day. 40 00:01:56,440 --> 00:01:57,680 All right, well, why don't we get to it? 41 00:01:58,440 --> 00:01:59,800 We do have a sponsored episode today. 42 00:01:59,840 --> 00:02:02,400 We've got Beyond Identity. They have been kind enough to 43 00:02:02,400 --> 00:02:05,160 come on the show, and we'll have Sarah Cicchetti on here in a 44 00:02:05,160 --> 00:02:06,520 minute. But just to make it clear, 45 00:02:06,520 --> 00:02:07,840 right, this is a sponsored episode. 46 00:02:08,440 --> 00:02:11,360 They have graciously donated to our nonprofit to help keep this 47 00:02:11,360 --> 00:02:13,880 thing running. And everything you hear today is 48 00:02:13,880 --> 00:02:17,600 going to be the truth as we see it from IDAC and Beyond 49 00:02:17,600 --> 00:02:18,960 Identity. But let me go ahead and 50 00:02:18,960 --> 00:02:21,840 introduce Beyond Identity, Beyond identity.com, Go there 51 00:02:21,840 --> 00:02:23,000 For more information. Actually, Beyond 52 00:02:23,000 --> 00:02:26,560 identity.com/idac, there'll be a special landing page for that. 53 00:02:26,920 --> 00:02:29,720 And then they've also got Beyond Con coming up in a couple weeks. 54 00:02:29,720 --> 00:02:32,040 By the time people hear this on March 20th, that'll be in Palo 55 00:02:32,040 --> 00:02:34,160 Alto. So definitely go to the website 56 00:02:34,160 --> 00:02:35,480 and check that out. I'll have links in our show 57 00:02:35,480 --> 00:02:37,160 notes as well. But let's get to it. 58 00:02:37,160 --> 00:02:39,200 We've got Sarah Cicchetti, she's been with us before. 59 00:02:39,440 --> 00:02:42,600 She's the director of product strategy at Beyond Identity. 60 00:02:42,920 --> 00:02:45,920 Sarah, welcome back to the show. Hey, great to see you guys 61 00:02:45,920 --> 00:02:47,920 again. It's been a while. 62 00:02:47,920 --> 00:02:51,480 I think I saw you in passing at Gartner's IM conference at the 63 00:02:51,480 --> 00:02:55,560 end of 2024. You were with us for episodes 64 00:02:55,560 --> 00:02:59,120 199 and one O 1, I believe, and now we're in the three hundreds. 65 00:02:59,120 --> 00:03:01,160 So we got to catch up a little bit. 66 00:03:01,160 --> 00:03:03,920 But I think the biggest changes, you've moved to a new 67 00:03:03,920 --> 00:03:05,680 organization. Why don't you tell us a little 68 00:03:05,680 --> 00:03:08,480 bit about Beyond Identity? And then you got to tell me, 69 00:03:08,480 --> 00:03:10,640 what does a director of product strategy mean? 70 00:03:10,800 --> 00:03:12,800 What does that mean to people in the real world? 71 00:03:13,360 --> 00:03:14,680 It's a completely meaningless title. 72 00:03:16,000 --> 00:03:18,920 Yeah. So I was at AWS for five years. 73 00:03:18,920 --> 00:03:23,640 So that was where I was the last two times I was on the show and 74 00:03:24,120 --> 00:03:29,240 being at AWSI, got the chance to talk to dozens of identity 75 00:03:29,240 --> 00:03:32,400 startups, hundreds of identity teams all over the world. 76 00:03:32,880 --> 00:03:36,640 And yeah, I was really floored by the technology that Beyond 77 00:03:36,640 --> 00:03:38,480 Identity had and wanted to come over. 78 00:03:38,960 --> 00:03:42,520 And little did I know that at the exact same time, my 79 00:03:42,520 --> 00:03:45,200 colleague Dean Sacks, also from AWS, was talking to Beyond 80 00:03:45,200 --> 00:03:46,960 Identity. So we both ended up moving over 81 00:03:46,960 --> 00:03:52,080 at the same time. And basically what what they 82 00:03:52,080 --> 00:03:55,720 needed me to do was do some product discovery and innovation 83 00:03:56,360 --> 00:04:01,240 as well as facilitate Dean and Monty Weissman to do all of our 84 00:04:01,240 --> 00:04:04,880 standards work. So we go to, we participate in 85 00:04:04,880 --> 00:04:07,840 the Open ID Foundation, the Internet Engineering Task Force, 86 00:04:08,360 --> 00:04:11,520 the Fido Alliance, all that work is done by my team. 87 00:04:11,520 --> 00:04:14,080 And so we figure out where we want to influence standards and 88 00:04:14,080 --> 00:04:15,520 how we want to move forward there. 89 00:04:16,279 --> 00:04:20,320 So we're a team of innovators, standards nerds and developers 90 00:04:20,320 --> 00:04:22,360 who are helping us bring new products to market. 91 00:04:23,320 --> 00:04:27,880 So what does Beyond identity do? Placing authentication space and 92 00:04:27,880 --> 00:04:30,880 to what degree and other things. We do. 93 00:04:30,960 --> 00:04:34,880 So it's a, it's an SSO or it can be only an MFA. 94 00:04:35,920 --> 00:04:39,000 So it's got kind of two different modes and it's sort of 95 00:04:39,000 --> 00:04:44,080 sits in the middle where it, it straddles both human and non 96 00:04:44,080 --> 00:04:48,960 human identity. So the way that we do SSO is not 97 00:04:49,040 --> 00:04:51,640 typical. So typically you would have 98 00:04:52,520 --> 00:04:54,680 multi factor authentication, you'd have a password and some 99 00:04:54,680 --> 00:04:58,520 sort of device where you are verifying that it's actually 100 00:04:58,520 --> 00:05:00,680 you. The way that Beyond Identity 101 00:05:00,680 --> 00:05:04,720 does it is we put an endpoint directly on the device itself so 102 00:05:04,720 --> 00:05:06,880 that we can look at the security posture of the device. 103 00:05:07,920 --> 00:05:12,520 And then we also integrate signals from all of your 104 00:05:12,520 --> 00:05:14,920 security tooling. So we can get signals from JF, 105 00:05:14,920 --> 00:05:18,880 from Z Scaler, from Intune and use those as part of your 106 00:05:18,880 --> 00:05:21,520 authentication policy to determine whether people get it 107 00:05:21,520 --> 00:05:24,280 or not. And we can do it continuously as 108 00:05:24,280 --> 00:05:27,840 people are working to say, hey, is this person still have the 109 00:05:27,840 --> 00:05:29,800 security posture that they did when they logged in. 110 00:05:30,960 --> 00:05:36,000 So it's a cool marriage of security and identity and data 111 00:05:36,200 --> 00:05:39,960 that all comes together with authorization and authentication 112 00:05:39,960 --> 00:05:43,040 and it's all in one very easy to use product. 113 00:05:43,520 --> 00:05:45,720 So that's the that's the non human part. 114 00:05:45,720 --> 00:05:48,040 And then the human part is just the local biometric on the 115 00:05:48,040 --> 00:05:49,880 machine. That's how we do it. 116 00:05:49,880 --> 00:05:52,120 So people do not have to remember a password, which 117 00:05:52,120 --> 00:05:53,840 eliminates a lot of identity attacks. 118 00:05:54,360 --> 00:05:56,720 But everybody loves passwords. I mean, we should just have more 119 00:05:56,720 --> 00:05:58,920 of those, shouldn't we? Well, they were my bread and 120 00:05:58,920 --> 00:06:00,200 butter. Like when I was a little 121 00:06:00,200 --> 00:06:02,680 identity nerd, like that was a lot of what I learned was how to 122 00:06:02,680 --> 00:06:05,480 secure a password based systems and how often do you force 123 00:06:05,480 --> 00:06:08,600 people to rotate and what sorts of complexity do you require? 124 00:06:08,600 --> 00:06:11,200 All this stuff that I was an expert in, like now I don't need 125 00:06:11,200 --> 00:06:12,600 it all because we've gone past that. 126 00:06:13,760 --> 00:06:15,040 What do you see as a different shader? 127 00:06:15,040 --> 00:06:16,640 Because there's a there's a lot of players in this 128 00:06:16,640 --> 00:06:18,720 authentication space, I guess. What makes you know? 129 00:06:18,720 --> 00:06:22,480 Let me put my jaded CSO hat on. What makes Beyond Identity 130 00:06:22,480 --> 00:06:24,960 special or unique in this area? Yeah. 131 00:06:24,960 --> 00:06:27,400 So we were founded only five years ago. 132 00:06:27,440 --> 00:06:30,120 So we're fairly new to the identity space, which helped us 133 00:06:30,120 --> 00:06:33,840 kind of leapfrog a lot of the the legacy infrastructure. 134 00:06:33,840 --> 00:06:35,680 So we never had passwords in our system. 135 00:06:35,680 --> 00:06:38,200 There are no shared secrets anywhere in the Beyond identity 136 00:06:38,200 --> 00:06:41,400 architecture. So we're fundamentally built on 137 00:06:41,400 --> 00:06:44,680 a on a foundation that is more secure and then we have that 138 00:06:44,680 --> 00:06:47,000 integration with security tooling. 139 00:06:47,000 --> 00:06:49,280 So we were actually not founded by identity nerds, we were 140 00:06:49,280 --> 00:06:51,760 founded by security nerds who said, hey, we can solve this 141 00:06:51,760 --> 00:06:56,080 identity problem better. And so it's a really different 142 00:06:56,080 --> 00:06:58,800 way of approaching the identity problem then you'll see from 143 00:06:58,800 --> 00:07:02,880 most legacy vendors. So let's talk about the name 144 00:07:02,880 --> 00:07:05,760 beyond identity. Is there any significance to it? 145 00:07:05,760 --> 00:07:08,720 Is it just it's a cool name? First of all, the the the domain 146 00:07:08,720 --> 00:07:10,400 name was available. Tell me about the history there. 147 00:07:11,000 --> 00:07:14,800 So as I understand it, I was not at the company at the time, but 148 00:07:15,080 --> 00:07:17,600 the Google Beyond Corp white paper had just come out. 149 00:07:18,000 --> 00:07:19,880 There was a company called Beyond Trust and a company 150 00:07:19,880 --> 00:07:22,160 called Beyond ID. And so we decided to just, we 151 00:07:22,160 --> 00:07:24,640 wanted to add more confusion to the identity marketplace. 152 00:07:24,640 --> 00:07:27,720 And so we decided to call ourselves Beyond Identity, and 153 00:07:27,720 --> 00:07:30,160 that's kind of how it went. I love it. 154 00:07:30,160 --> 00:07:32,680 It's simple and plus, you know, it's, it's, it's there's all the 155 00:07:32,680 --> 00:07:34,800 vowels are there in the name. So you can actually spell out 156 00:07:34,800 --> 00:07:39,200 beyond identity.com/IDAC. Go there, visit that For more 157 00:07:39,200 --> 00:07:40,960 information. So it makes it easy for that. 158 00:07:41,400 --> 00:07:43,520 I want to turn it over to Jim here in a second because I know 159 00:07:43,520 --> 00:07:46,400 we want to get into more details kind of around how this works. 160 00:07:46,400 --> 00:07:50,400 But one of the questions that I get asked a lot to ask vendors 161 00:07:50,400 --> 00:07:55,360 when they come on is tell me how your customers measure success. 162 00:07:55,960 --> 00:07:58,360 In this case, authentication. I'm assuming it's things like, 163 00:07:58,880 --> 00:08:02,400 you know, MFA availability or risk reduction, but how do you 164 00:08:02,400 --> 00:08:05,400 how do beyond identity customers measure success with your 165 00:08:05,400 --> 00:08:07,000 product? Yeah. 166 00:08:07,000 --> 00:08:09,520 So a lot of it has to do with risk mitigation. 167 00:08:09,520 --> 00:08:12,960 So when they go to their board, their C-Suite, their 168 00:08:12,960 --> 00:08:16,560 cybersecurity insurers, they can say with a completely straight 169 00:08:16,560 --> 00:08:19,880 face that they have eliminated entire categories of attack 170 00:08:19,880 --> 00:08:23,640 factors and that they can guarantee that because that that 171 00:08:23,640 --> 00:08:26,040 infrastructure simply doesn't exist in their identity 172 00:08:26,040 --> 00:08:28,680 solution. So that's a huge win. 173 00:08:28,680 --> 00:08:34,320 And then on the on the usability side, we actually have the 174 00:08:34,320 --> 00:08:37,400 customers of our customers. So employees of people who who 175 00:08:37,400 --> 00:08:40,840 use Beyond Identity raving about the user experience. 176 00:08:40,840 --> 00:08:42,240 They don't have to remember passwords. 177 00:08:42,240 --> 00:08:44,360 They don't have to get out their phone. 178 00:08:44,360 --> 00:08:47,160 They can just use the biometric that's right on their laptop or 179 00:08:47,160 --> 00:08:51,000 right on their device. And we were just you, as you 180 00:08:51,000 --> 00:08:52,520 said, we were down in Dallas for Gartner. 181 00:08:52,520 --> 00:08:54,440 We presented with Inspire Brands. 182 00:08:54,440 --> 00:09:02,800 So Inspire is Buffalo Wild Wings and Dunkin' Donuts. 183 00:09:02,800 --> 00:09:08,400 So a whole bunch of restaurants and like, they don't have a 184 00:09:08,400 --> 00:09:11,320 whole lot of attackers trying to get into Dunkin' Donuts, but 185 00:09:11,320 --> 00:09:13,840 they do need their employees to get in quickly and easily. 186 00:09:14,160 --> 00:09:16,600 And so after they implemented Beyond Identity, they actually 187 00:09:16,600 --> 00:09:19,640 had employees coming to them and they're a Texas based company. 188 00:09:20,040 --> 00:09:24,120 And so the employee said yeehaw, Hallelujah, because they love 189 00:09:24,120 --> 00:09:26,160 the solutions so much. They loved how easy it was to 190 00:09:26,160 --> 00:09:29,120 log in. Well, and I love the doughnuts, 191 00:09:29,240 --> 00:09:31,600 so let's not forget, let's not forget about that. 192 00:09:31,600 --> 00:09:36,120 But I think this this whole line of what you're talking about 193 00:09:36,120 --> 00:09:40,760 there with it's kind of the balance between security and 194 00:09:40,760 --> 00:09:42,680 user experience. It's kind of the classic 195 00:09:42,680 --> 00:09:46,520 conundrum that we learned in our first days in information 196 00:09:46,520 --> 00:09:50,120 security. As you ramp up the security of a 197 00:09:50,120 --> 00:09:54,320 system or a process, the usability, there's more hurdles, 198 00:09:54,320 --> 00:09:58,760 there's it's harder to use. How do you balance that? 199 00:09:58,760 --> 00:10:03,200 How do you make sure that you're not going too far in One 200 00:10:03,200 --> 00:10:08,160 Direction or you know, is that just kind of core built into the 201 00:10:08,160 --> 00:10:11,520 platform? So it's different for every 202 00:10:11,520 --> 00:10:14,080 customer, right. So some customers have a really 203 00:10:14,280 --> 00:10:18,160 high amount of risk tolerance and they are willing to make the 204 00:10:18,160 --> 00:10:25,560 system a little bit more open to more flexible in order to get 205 00:10:25,560 --> 00:10:27,920 that usability and that that quick response. 206 00:10:27,920 --> 00:10:30,960 And we have other customers who are very security conscious who 207 00:10:30,960 --> 00:10:34,400 really want to lock down the system and say, no, we only want 208 00:10:34,400 --> 00:10:37,000 these type of biometrics. We only want to get signals from 209 00:10:37,000 --> 00:10:39,360 these security vendors. And we want to make sure that 210 00:10:39,360 --> 00:10:41,920 every single authentication respect all these things. 211 00:10:41,920 --> 00:10:43,800 We want to know these things about the machine that the 212 00:10:43,800 --> 00:10:47,360 person is logging in on. And so it, it really varies. 213 00:10:47,560 --> 00:10:50,680 We have a wide variety of customers ranging from high 214 00:10:50,680 --> 00:10:52,840 usability to very high security use cases. 215 00:10:53,600 --> 00:10:56,120 I like that a lot. So you kind of there is that 216 00:10:56,200 --> 00:11:00,200 ability for the customer to kind of like move those levers back 217 00:11:00,200 --> 00:11:03,640 and forth. But I from what I understand, 218 00:11:03,640 --> 00:11:07,120 you know, you and I rubbed elbows at the Fido Authenticate 219 00:11:07,120 --> 00:11:10,480 conference last year. I think you guys are pretty 220 00:11:10,480 --> 00:11:16,720 heavy into the use of pass keys. Is that kind of part of what's 221 00:11:16,720 --> 00:11:20,760 baked in? And you know what's different 222 00:11:20,760 --> 00:11:22,960 about your solution of pass keys? 223 00:11:23,760 --> 00:11:28,640 Yeah. So we use a, we use cryptography 224 00:11:28,640 --> 00:11:31,560 that is based on the machine. So if you want to call that a 225 00:11:31,560 --> 00:11:33,880 pass key, you absolutely can. Lots of people do. 226 00:11:34,400 --> 00:11:36,640 You could also call that a form of a certificate. 227 00:11:36,640 --> 00:11:38,240 You could call that a verifiable credential. 228 00:11:38,240 --> 00:11:40,720 Like there's a whole bunch of ways to describe what we do, but 229 00:11:40,720 --> 00:11:44,560 essentially we put down a key pair on the machine and that key 230 00:11:44,560 --> 00:11:46,920 pair is locked into the secure enclave of that machine. 231 00:11:46,920 --> 00:11:50,680 So unlike say, a Google or an Apple Pass key, it is not 232 00:11:50,680 --> 00:11:52,720 syncable across multiple machines. 233 00:11:52,720 --> 00:11:56,960 You can have multiple machines registered to one person and 234 00:11:56,960 --> 00:11:59,840 that and you can change your settings so that that person can 235 00:11:59,840 --> 00:12:03,760 add machines to their account. But there is no way to take the 236 00:12:03,760 --> 00:12:06,720 key, the the cryptographic key pair that's on the machine 237 00:12:06,720 --> 00:12:09,000 itself and move it somewhere else. 238 00:12:09,480 --> 00:12:11,320 So that's a key security property. 239 00:12:11,320 --> 00:12:13,800 That is a a big difference between the way that Fido 240 00:12:13,800 --> 00:12:16,320 credentials work today and the way that Beyond Identity 241 00:12:16,320 --> 00:12:19,440 credentials work. OK, so similar but different. 242 00:12:20,320 --> 00:12:24,680 Similar but different and we're actually we're like we are Fido 243 00:12:24,680 --> 00:12:28,440 member alliance, we are part of the technical committee there 244 00:12:28,440 --> 00:12:31,320 and we would love it if Fido would adopt the way that we do 245 00:12:31,320 --> 00:12:34,240 things and standardize it. We are not trying to make this a 246 00:12:34,240 --> 00:12:38,040 proprietary protocol. We absolutely embrace standards 247 00:12:38,040 --> 00:12:40,920 and we want to see this level of security within Fido. 248 00:12:40,920 --> 00:12:44,600 So we are pushing. For that, that idea of the of 249 00:12:44,600 --> 00:12:47,120 the key pair sitting on the device and not being able to 250 00:12:47,120 --> 00:12:50,760 sync those to other devices is really what I'm hearing is kind 251 00:12:50,760 --> 00:12:53,000 of like the differentiator here and where you'd like to see this 252 00:12:53,000 --> 00:12:55,040 go is that, is that fair that I describe that accurately? 253 00:12:56,000 --> 00:12:57,960 Absolutely. So the the problem with synced 254 00:12:57,960 --> 00:13:01,400 passkeys is that the user can share them, and there's no 255 00:13:01,400 --> 00:13:02,520 evidence that they've been shared. 256 00:13:02,520 --> 00:13:05,480 There's no evidence that that wasn't the original user who had 257 00:13:05,480 --> 00:13:08,720 that passkey. There's no chain of custody for 258 00:13:08,720 --> 00:13:11,840 where that passkey came from or where it originated or how it 259 00:13:11,840 --> 00:13:14,640 originated. And we would love for those 260 00:13:14,640 --> 00:13:16,960 things to exist within the Fido standards. 261 00:13:17,160 --> 00:13:20,840 They don't exist today, but for right now we have to do it in a 262 00:13:20,840 --> 00:13:23,160 proprietary way. And that's also outside the 263 00:13:23,160 --> 00:13:25,560 browser. So that has usability aspects to 264 00:13:25,560 --> 00:13:28,280 it as well. Where if Google or Apple wants 265 00:13:28,280 --> 00:13:31,520 to change something about the way that the interface works 266 00:13:31,520 --> 00:13:33,920 with users for how they store their pass keys, how they 267 00:13:33,920 --> 00:13:37,720 originate pass keys, that obviously if you're using those 268 00:13:37,720 --> 00:13:40,720 pass keys for your enterprise, that'll change your whole user 269 00:13:40,720 --> 00:13:43,880 experience out from under you where you don't have a chance to 270 00:13:43,880 --> 00:13:46,920 have a say. And so because we're using a 271 00:13:46,920 --> 00:13:49,800 proprietary mechanism for this, we can make that user experience 272 00:13:49,800 --> 00:13:52,680 really consistent and secure. Yeah. 273 00:13:52,680 --> 00:13:57,280 So with Beyond Identity, does it matter if you're coming in on a 274 00:13:57,280 --> 00:14:00,360 corporate controlled device or bring your own device? 275 00:14:00,640 --> 00:14:06,200 It does, but we have a lot of customers who use us 276 00:14:06,200 --> 00:14:08,120 specifically for bring your own device. 277 00:14:08,600 --> 00:14:12,880 So if it is a corporate controlled device, if it has an 278 00:14:12,880 --> 00:14:17,360 MDM on it, we can query that MDM in real time and we can say, 279 00:14:18,080 --> 00:14:20,000 sorry, not real time. We'll be able to query in real 280 00:14:20,000 --> 00:14:22,400 time once everyone adopts shared signals, which everyone should 281 00:14:22,400 --> 00:14:26,280 do, but we query it every 15 minutes. 282 00:14:26,440 --> 00:14:30,480 So we will talk to your MDM and we will say, look, what's the 283 00:14:30,480 --> 00:14:32,520 security posture supposed to be? Is it there? 284 00:14:32,760 --> 00:14:34,840 What are the policy settings for this company? 285 00:14:35,480 --> 00:14:37,400 And then if it's a bring your own device, obviously we can 286 00:14:37,400 --> 00:14:39,600 look at different things on the device, but it won't have an MDM 287 00:14:39,600 --> 00:14:42,440 that we can query. Typically though, if you're 288 00:14:42,440 --> 00:14:46,320 doing BYOD for like a personal device into a work environment, 289 00:14:46,720 --> 00:14:49,320 they're probably putting some policies or something on your on 290 00:14:49,320 --> 00:14:50,600 your device. It's pretty rare that I see 291 00:14:50,600 --> 00:14:54,640 these days a unmanaged personal device with access to company 292 00:14:54,640 --> 00:14:56,920 resources. But I don't know is, is that an 293 00:14:56,920 --> 00:15:00,000 accurate assessment, Sarah, of kind of my view of it or do you 294 00:15:00,000 --> 00:15:03,000 see kind of the Wild West still out there for when it comes to 295 00:15:03,000 --> 00:15:05,720 managing personal devices on a corporate network? 296 00:15:05,880 --> 00:15:08,720 Well, when you say bring your own, like you think of someone's 297 00:15:08,720 --> 00:15:10,560 like, oh, I've got my personal cell phone, right? 298 00:15:10,720 --> 00:15:13,480 That is a use case we see where we can say, you know, we want to 299 00:15:13,480 --> 00:15:15,400 make sure that that phone is not jailbroken. 300 00:15:15,400 --> 00:15:18,840 We want to make sure that it's OS is up to date so we can see 301 00:15:18,840 --> 00:15:21,640 certain security aspects of that phone that people bring 302 00:15:21,640 --> 00:15:24,240 themselves. But often BYOD is just 303 00:15:24,240 --> 00:15:26,520 contractors, right? So it is a managed device, it's 304 00:15:26,520 --> 00:15:28,120 just not managed by your company. 305 00:15:28,920 --> 00:15:31,520 And so there are different things we can query in that 306 00:15:31,520 --> 00:15:34,480 case, but we can make sure that there is a security bar that's 307 00:15:34,480 --> 00:15:39,440 met by all devices that access the access the systems in your 308 00:15:39,440 --> 00:15:42,840 company. I want to get back to something 309 00:15:42,840 --> 00:15:44,920 you mentioned earlier, because you mentioned two of my favorite 310 00:15:44,920 --> 00:15:48,560 food groups of wings and doughnuts, the other being 311 00:15:48,600 --> 00:15:51,320 chocolate and nachos. So don't you know, don't come at 312 00:15:51,320 --> 00:15:52,880 me. That's that's the, that's the 313 00:15:52,880 --> 00:15:54,520 real food square. Don't. 314 00:15:54,520 --> 00:15:55,680 Judge. Yeah, that's right. 315 00:15:56,040 --> 00:15:58,280 Do you have? You told me it was potatoes. 316 00:15:58,320 --> 00:15:59,640 I thought it was potatoes. Come on. 317 00:16:00,960 --> 00:16:04,480 There are, I'm sure, a lot of good stories, but do you have 318 00:16:04,480 --> 00:16:07,880 any kind of stand out stories of how your customers are using 319 00:16:07,880 --> 00:16:11,400 beyond it Any today that might be either unique or hey, that 320 00:16:11,400 --> 00:16:15,280 was really cool or just like the yeehaw moment as you kind of put 321 00:16:15,280 --> 00:16:17,120 before earlier? Yeah. 322 00:16:17,120 --> 00:16:20,840 So just as just as an aside, because you mentioned Hot Wings, 323 00:16:21,480 --> 00:16:25,920 both our CEO and our Principal Security engineer, Dean Sachs 324 00:16:25,920 --> 00:16:29,960 are big Hot Wings fans. And so we did like a little Hot 325 00:16:29,960 --> 00:16:33,400 Ones imitation episode while we were at Gardner that's going to 326 00:16:33,400 --> 00:16:37,560 be coming out on our social media soon, where I kind of 327 00:16:37,560 --> 00:16:39,760 quizzed them about different standards things and made them 328 00:16:39,760 --> 00:16:41,920 eat increasingly hot hot sauces as we went. 329 00:16:41,920 --> 00:16:44,960 So that'll be fun to lodge. But your question was about use 330 00:16:44,960 --> 00:16:49,880 cases. So yeah, one of the primary use 331 00:16:49,880 --> 00:16:52,480 cases we see is people who have multiple ID. 332 00:16:52,480 --> 00:16:56,520 PS So either because of acquisition or because different 333 00:16:56,520 --> 00:16:59,480 departments in in the company were allowed to do identity in 334 00:16:59,480 --> 00:17:02,520 different ways, identity islands have formed. 335 00:17:02,680 --> 00:17:05,319 And that's true of almost every company. 336 00:17:05,920 --> 00:17:07,440 There's a great quote from Brian Poole. 337 00:17:07,440 --> 00:17:09,800 He used to do identity at Microsoft that says there there 338 00:17:09,800 --> 00:17:11,359 are two kinds of identity administrators. 339 00:17:11,359 --> 00:17:14,040 There's the kinds that administer more than one systems 340 00:17:14,040 --> 00:17:16,160 and the kinds that do not yet know that they administer more 341 00:17:16,160 --> 00:17:19,880 than one system, right. And so one of the benefits of 342 00:17:19,880 --> 00:17:23,880 using Beyond Identity just as an MFA level is to say, you know, 343 00:17:23,880 --> 00:17:26,920 I've got two different ID PS here, or I've got three or five 344 00:17:26,920 --> 00:17:30,200 different ID PS here. I want one consistent security 345 00:17:30,200 --> 00:17:35,600 bar across them so that I as the CSO know that there is a 346 00:17:35,600 --> 00:17:38,440 consistent level of security across my company without having 347 00:17:38,440 --> 00:17:41,560 to dive into the config of each IDP and make sure that things 348 00:17:41,560 --> 00:17:44,960 are are identical. So that's one use case we see 349 00:17:44,960 --> 00:17:47,520 and then the other use case is just straight up SSO. 350 00:17:48,200 --> 00:17:52,600 It's a really great user experience as a as a single sign 351 00:17:52,600 --> 00:17:54,880 on. And obviously because we're 352 00:17:54,880 --> 00:18:00,680 newer, because we have that more secure code base, we are in a 353 00:18:00,680 --> 00:18:04,080 much better place than companies who have been building up their 354 00:18:04,080 --> 00:18:07,480 code base for 10 or 20 years. And it's getting getting a 355 00:18:07,480 --> 00:18:10,600 little rusty and a little creaky and who knows what's going to 356 00:18:10,600 --> 00:18:12,480 happen? We didn't mean code. 357 00:18:14,360 --> 00:18:16,280 That's right. Well, you mentioned too having 358 00:18:16,280 --> 00:18:18,200 that, that, that user experience, right? 359 00:18:18,200 --> 00:18:21,600 The consistency of the MFA experience is pretty important 360 00:18:21,600 --> 00:18:24,880 because that's one of the areas that we see users tend to 361 00:18:24,880 --> 00:18:27,840 struggle with the most of. OK, now we've got a new MFA. 362 00:18:27,840 --> 00:18:31,120 If we have the similar experience across all of our 363 00:18:31,120 --> 00:18:34,120 different authentication services, that goes a long way, 364 00:18:34,120 --> 00:18:36,840 not only for just the use of it, but also support, right? 365 00:18:36,840 --> 00:18:39,040 It's everybody's using the same thing. 366 00:18:39,600 --> 00:18:42,640 Documentation can be streamlined to focus on one thing, so they 367 00:18:42,640 --> 00:18:44,080 have like 8 different ways to do it. 368 00:18:44,080 --> 00:18:46,280 I got to imagine that plays into the calculus as well, right? 369 00:18:47,200 --> 00:18:49,880 Absolutely. And you can modify the SSO so 370 00:18:49,880 --> 00:18:52,360 that different applications have different policies. 371 00:18:52,360 --> 00:18:54,880 So you can say, look, if you're paying for lunch in the 372 00:18:54,880 --> 00:18:58,120 cafeteria, if you're registering your car in the garage, like 373 00:18:58,480 --> 00:19:00,360 that requires almost no policy whatsoever. 374 00:19:00,360 --> 00:19:02,760 Like like anybody in the company can go do that. 375 00:19:03,200 --> 00:19:06,840 But if you are touching the HR system, if you are touching the 376 00:19:06,840 --> 00:19:09,920 production database, right, then we've got a whole boatload of 377 00:19:09,920 --> 00:19:13,080 policies that you have to satisfy from all sorts of 378 00:19:13,080 --> 00:19:15,120 different places where we're getting security signals. 379 00:19:15,240 --> 00:19:19,120 So I have a follow up question, Sarah, with regard to the 380 00:19:19,120 --> 00:19:21,440 devices. So let's say I'm using an 381 00:19:21,440 --> 00:19:25,480 iPhone, that's one of the devices that has the Beyond 382 00:19:25,480 --> 00:19:29,160 Identity Secure Enclave. So it's keeping my 383 00:19:29,960 --> 00:19:33,360 authentication, my biometric data there locally. 384 00:19:33,720 --> 00:19:39,040 Is it leveraging the the capability within the iPhone 385 00:19:39,040 --> 00:19:44,760 platform or whatever device I'm using to, you know, in other 386 00:19:44,760 --> 00:19:48,840 words, is it using Face ID from my iPhone? 387 00:19:49,040 --> 00:19:53,880 Is it kind of operating the same way or is it a second interface 388 00:19:53,880 --> 00:19:59,040 for, you know doing that that face match? 389 00:20:00,160 --> 00:20:02,280 Yeah. So to be clear, it doesn't use 390 00:20:02,280 --> 00:20:06,160 your Apple account at all, but it does use the biometrics that 391 00:20:06,160 --> 00:20:09,640 are registered to the phone as well as the secure enclave, the 392 00:20:09,640 --> 00:20:13,200 TPM in the phone. So Monty Weissman, who's the 393 00:20:13,200 --> 00:20:17,720 father of the TPM is on my team, on our on our staff to help us 394 00:20:17,720 --> 00:20:21,320 understand how we interface securely with the TPM for each 395 00:20:21,320 --> 00:20:24,000 device. And then on our board is Taher 396 00:20:24,000 --> 00:20:28,040 Agamal, who will be speaking at Beyond Con on March 20th coming 397 00:20:28,040 --> 00:20:32,520 up and he's the father of SSL. And so we have a lot of people 398 00:20:32,520 --> 00:20:37,600 who are well versed in crypto and those APIs to get into the, 399 00:20:37,600 --> 00:20:40,680 the secure enclave of the iPhone actually didn't exist before 400 00:20:40,680 --> 00:20:43,800 this company was founded. So like when Octo was founded, 401 00:20:43,800 --> 00:20:47,440 when Ping was founded, this was not a way that people could do 402 00:20:47,440 --> 00:20:50,200 identity. It just the, the technology 403 00:20:50,200 --> 00:20:52,440 wasn't there yet. And so it's because we were 404 00:20:52,440 --> 00:20:56,280 founded later that we are able to to utilize these technologies 405 00:20:56,720 --> 00:20:59,800 and say, yes, we can lock those key pairs into the secure 406 00:20:59,800 --> 00:21:04,000 enclave of the phone. And that's a much more secure 407 00:21:04,000 --> 00:21:05,800 way to do it. And it's completely localized 408 00:21:06,040 --> 00:21:09,360 along with the biometrics. So let me put a scenario out 409 00:21:09,360 --> 00:21:11,080 there. So one of the things that always 410 00:21:11,080 --> 00:21:14,200 happens with my phone is that if it doesn't recognize my face, 411 00:21:14,200 --> 00:21:18,800 they'll say enter your PIN and so that I'm entering A6 digit 412 00:21:18,800 --> 00:21:23,120 numeric value, which you know is knowledge based authentication 413 00:21:23,120 --> 00:21:26,480 essentially. So does the beyond, did any 414 00:21:26,480 --> 00:21:30,320 platform have the ability to say, well, it has to be the 415 00:21:30,320 --> 00:21:33,640 biometric or is it going to fail back to the PIN or is that kind 416 00:21:33,640 --> 00:21:38,480 of a configuration that your client gets to make? 417 00:21:39,320 --> 00:21:41,680 Yeah, that can be configured by application actually. 418 00:21:41,680 --> 00:21:45,320 So you can say look for the parking application, they can 419 00:21:45,320 --> 00:21:47,600 fall back to a pin. We don't care if they're trying 420 00:21:47,600 --> 00:21:49,960 to get into the HR database, they have to have a biometric 421 00:21:49,960 --> 00:21:51,880 and they have to have a biometric that was registered 422 00:21:52,960 --> 00:21:56,520 since the time, like before the time that the app was installed, 423 00:21:56,520 --> 00:21:58,120 right? So if somebody gets their phone 424 00:21:58,120 --> 00:22:00,240 and registers a new biometric because it's unlocked or 425 00:22:00,240 --> 00:22:02,440 something, that biometric won't work for that application. 426 00:22:02,440 --> 00:22:05,680 So there's a, there's a wide variety of policy that you can 427 00:22:05,680 --> 00:22:08,760 put into the into the engine to do cool authentication and 428 00:22:08,760 --> 00:22:10,640 authorization. Stuff that's awesome. 429 00:22:10,800 --> 00:22:14,920 That's a neat trick of of screening and no pun intended I 430 00:22:14,920 --> 00:22:19,160 guess biometrics that were created after a certain point 431 00:22:19,200 --> 00:22:22,240 you can distinguish timestamp of the biometric itself. 432 00:22:22,440 --> 00:22:24,400 Did I hear that right? Of the creation of the 433 00:22:24,400 --> 00:22:25,000 biometric. Yeah. 434 00:22:25,280 --> 00:22:26,320 OK, interesting. OK. 435 00:22:27,040 --> 00:22:29,720 You mentioned shared signals earlier and I know we did an 436 00:22:29,720 --> 00:22:33,480 episode recently with my friend Sean from Disney about this idea 437 00:22:33,480 --> 00:22:36,320 of continuous identity and kind of threat detection etcetera. 438 00:22:36,880 --> 00:22:41,320 You mentioned shared signals Cape is part of that continuous 439 00:22:41,320 --> 00:22:44,480 access evaluation profile. I, I struggle to get that one 440 00:22:44,480 --> 00:22:47,760 right sometimes. Where is beyond ID fitting in 441 00:22:47,760 --> 00:22:52,640 with SSF and Cape and sort of this idea of, you know, being 442 00:22:52,640 --> 00:22:55,680 able to communicate with other technologies in the security 443 00:22:55,680 --> 00:22:57,320 apparatus or the organizational apparatus? 444 00:22:58,120 --> 00:23:00,720 Yeah, we're huge investors in SSF and Cape. 445 00:23:00,720 --> 00:23:04,080 So we'll be part of the Gartner Interop in, in London in March. 446 00:23:04,640 --> 00:23:09,520 And basically we were doing this before it was cool, right? 447 00:23:09,520 --> 00:23:14,760 So we, we have always exchanged events with security vendors. 448 00:23:14,760 --> 00:23:17,720 So you have the ability in your beyond identity settings to say, 449 00:23:18,120 --> 00:23:21,120 hey, if something changes on the machine, go tell this vendor, 450 00:23:21,440 --> 00:23:23,760 the security vendor that I'm already invested in that that's 451 00:23:23,760 --> 00:23:25,480 happening. And you can go the other way as 452 00:23:25,480 --> 00:23:27,800 well and say, hey, after something happening in Zscaler, 453 00:23:28,160 --> 00:23:29,720 I want to know about it. And I want to block 454 00:23:29,720 --> 00:23:32,520 authentications based on that or I want to suspend users based on 455 00:23:32,520 --> 00:23:35,200 that. And so we haven't kind of always 456 00:23:35,200 --> 00:23:37,360 done this, but we have proprietary tool like we built 457 00:23:37,360 --> 00:23:39,880 that all ourselves. That was all a build out between 458 00:23:39,880 --> 00:23:43,480 US and Z Scaler. It's all proprietary and it only 459 00:23:43,480 --> 00:23:47,600 pulls every 15 minutes. And so we love this idea of, 460 00:23:47,880 --> 00:23:49,640 hey, we can actually make this a standard. 461 00:23:49,640 --> 00:23:51,320 We don't have to make it proprietary. 462 00:23:51,880 --> 00:23:54,680 You can hook up any security vendor you want just like that. 463 00:23:54,680 --> 00:23:58,200 And it can be in real time because you have that Cape 464 00:23:58,200 --> 00:24:00,040 Highway transferring stuff back and forth. 465 00:24:01,000 --> 00:24:02,600 So we think that that's really valuable. 466 00:24:02,600 --> 00:24:07,680 We're investing in it and we're really excited to see some some 467 00:24:07,680 --> 00:24:10,760 relying parties get on board. So we would love to be able to 468 00:24:10,760 --> 00:24:12,000 because we sit in the middle, right? 469 00:24:12,000 --> 00:24:13,840 Because we're an SSO and an endpoint. 470 00:24:14,200 --> 00:24:17,480 Like we have stuff to tell people we are a transmitter, but 471 00:24:17,480 --> 00:24:19,480 we also like want to hear stuff from people. 472 00:24:19,480 --> 00:24:22,680 We are also a receiver because we're the SSO and so we would 473 00:24:22,680 --> 00:24:26,840 love to see like a GitHub or an AWS or something like that, get 474 00:24:26,840 --> 00:24:29,480 on board with shared signals so that we can tell them, hey, 475 00:24:29,480 --> 00:24:33,800 something about the posture of this device changed and we don't 476 00:24:33,800 --> 00:24:36,160 know what your customer's policy is, but we can tell you what 477 00:24:36,160 --> 00:24:39,240 changed so that your customer can write policy around that in 478 00:24:39,240 --> 00:24:42,920 the RP itself. I think a lot of people are 479 00:24:42,920 --> 00:24:46,600 still figuring out how to make this work. 480 00:24:46,880 --> 00:24:48,960 What does this mean in the real world when we start talking 481 00:24:48,960 --> 00:24:51,880 about shared signals and communication between apps? 482 00:24:52,160 --> 00:24:54,400 You mentioned a couple of examples there, but for people 483 00:24:54,400 --> 00:24:57,440 who just haven't kind of gotten their their heads around, can 484 00:24:57,440 --> 00:25:02,080 you walk me through just a very basic scenario and kind of maybe 485 00:25:02,080 --> 00:25:04,200 hopefully make this real for people to help them understand 486 00:25:04,200 --> 00:25:06,160 kind of the art of the possible? Because I think we're still 487 00:25:06,640 --> 00:25:08,960 heading that direction and we're not quite there yet. 488 00:25:10,320 --> 00:25:13,680 Yeah, sure. So we might see a Crowd Strike 489 00:25:13,680 --> 00:25:18,240 score that suddenly drops. And so we know that there's 490 00:25:18,240 --> 00:25:20,440 something about that machine that may have been compromised. 491 00:25:21,160 --> 00:25:23,960 And so we get that message from crowd Strike saying, hey, this 492 00:25:23,960 --> 00:25:25,960 machine just went from a 99 to A50. 493 00:25:26,640 --> 00:25:30,880 And you can write policy within Beyond Identity that says, hey, 494 00:25:30,880 --> 00:25:35,240 if this score drops below 60, you know, they can park, they 495 00:25:35,240 --> 00:25:37,800 can buy things in the cafeteria, but they can't get to the HR 496 00:25:37,800 --> 00:25:39,720 systems. They can't get to the databases 497 00:25:40,640 --> 00:25:42,520 or like, we don't want to see them at all. 498 00:25:42,520 --> 00:25:45,960 We want to suspend them and have a, have someone from our SoC 499 00:25:45,960 --> 00:25:48,400 actually look at what's going on with that machine before we 500 00:25:48,400 --> 00:25:51,920 reinstate this account, right? So that those are the kinds of 501 00:25:51,920 --> 00:25:56,720 use cases that Shared Signals enables between security vendors 502 00:25:56,720 --> 00:26:01,200 and ID PS and then between ID PS and relying parties. 503 00:26:02,000 --> 00:26:05,960 We would love to see something like, so GitHub today has like 504 00:26:05,960 --> 00:26:08,800 pseudo actions of like, hey, I want to delete this production 505 00:26:08,800 --> 00:26:11,800 repo or I want to add an admin to this production repo. 506 00:26:12,240 --> 00:26:15,920 And they can do step up authentication for those things. 507 00:26:16,240 --> 00:26:20,320 But that's a very course tool, right? 508 00:26:20,760 --> 00:26:24,640 So you as all you as a, as a customer can say is, yes, I want 509 00:26:24,640 --> 00:26:27,880 to step up when this happens, but there's no more fine grained 510 00:26:27,880 --> 00:26:29,840 policy you can write around that. 511 00:26:30,480 --> 00:26:33,800 Whereas if we had shared signals in place, we could send all 512 00:26:33,800 --> 00:26:35,760 sorts of signals about what's happening with that machine, 513 00:26:35,760 --> 00:26:37,320 what's happening with that account, what's happening with 514 00:26:37,320 --> 00:26:39,720 that user. Maybe they just recovered. 515 00:26:39,760 --> 00:26:41,920 Maybe they just recovered their account in a way that's a little 516 00:26:41,920 --> 00:26:45,760 bit sketchy and GitHub might want to do something with that 517 00:26:45,760 --> 00:26:48,040 that is more interesting than just re authenticating. 518 00:26:48,160 --> 00:26:51,120 Before Jeff asked, I follow up, I wanted to make the comment 519 00:26:51,120 --> 00:26:54,160 that, you know, one of the things that you know, you 520 00:26:54,160 --> 00:26:57,520 brought it up a few times where you're kind of wanting these 521 00:26:57,520 --> 00:26:59,760 things to be open standard, you're supporting the open 522 00:26:59,760 --> 00:27:01,800 standard. So I just wanted to say good on 523 00:27:01,800 --> 00:27:05,440 you for that. Then I also, as you're just kind 524 00:27:05,440 --> 00:27:10,120 of describing how you could use shared signals to secure beyond 525 00:27:10,120 --> 00:27:15,760 identity product. I, I started thinking, OK, well, 526 00:27:16,160 --> 00:27:21,040 how do I know that a drop of 10 points in the crowd strike is 527 00:27:21,040 --> 00:27:24,320 where I should, you know, drop people from being able to access 528 00:27:24,320 --> 00:27:27,800 the HR system? So the way I formulated the 529 00:27:27,800 --> 00:27:32,000 question was this, do you have some way that like people run 530 00:27:32,320 --> 00:27:36,560 this in kind of learning mode for a while like that they start 531 00:27:36,560 --> 00:27:40,800 to pick these things up to say, OK, that is the the bending 532 00:27:40,800 --> 00:27:42,600 point. And then here's the breaking 533 00:27:42,600 --> 00:27:47,200 point where we start to block all access for example. 534 00:27:48,080 --> 00:27:50,280 Absolutely. So people often think of us as 535 00:27:50,400 --> 00:27:53,200 an authentication company, but we're also an authorization 536 00:27:53,200 --> 00:27:54,720 company. And one of the things you have 537 00:27:54,720 --> 00:27:57,640 to do when you are an authorization vendor and you 538 00:27:57,640 --> 00:28:01,240 have a lot of policy and a fine grained policy engine like we do 539 00:28:01,240 --> 00:28:03,000 is you have to have an audit mode, right? 540 00:28:03,000 --> 00:28:06,000 So you have to let customers write policy but not enact it 541 00:28:06,520 --> 00:28:09,680 and just say, OK, what's going to happen to my infrastructure 542 00:28:09,680 --> 00:28:12,640 if I do this? And also do policy simulation 543 00:28:12,640 --> 00:28:15,200 of, hey, I've got a fleet of 3000 machines. 544 00:28:15,520 --> 00:28:18,880 If I wrote this policy, how many of them would get locked out, 545 00:28:19,040 --> 00:28:21,920 right? And so doing auditing on your 546 00:28:21,920 --> 00:28:24,560 real data as well as simulation on things we know about your 547 00:28:24,560 --> 00:28:29,880 fleet will help you understand what impact those policies have 548 00:28:29,880 --> 00:28:32,120 and are and are going to have. Yeah. 549 00:28:32,760 --> 00:28:37,760 So I think you're talking about these identity based threats and 550 00:28:37,760 --> 00:28:40,960 I'm kind of wondering like what where are they originating from? 551 00:28:41,040 --> 00:28:44,120 Where the majority of them originating from? 552 00:28:44,120 --> 00:28:47,080 Are they these things like you said, like the crowd strike 553 00:28:47,080 --> 00:28:52,720 scores are dropping or is it that you're getting, you're 554 00:28:52,720 --> 00:28:57,360 finding jail, broken devices or is it even something more simple 555 00:28:57,360 --> 00:29:00,720 than that? Well, I mean, a majority of 556 00:29:00,720 --> 00:29:04,080 identity based threats today are password based, right? 557 00:29:04,080 --> 00:29:06,920 They're phishing, they are password compromised. 558 00:29:06,920 --> 00:29:09,520 And so we eliminate those all together. 559 00:29:09,520 --> 00:29:14,680 So most people who adopt Beyond Identity see a a huge drop in 560 00:29:14,680 --> 00:29:18,360 their risk level in their in their chance of breach to begin 561 00:29:18,360 --> 00:29:19,840 with. That's because you just, you 562 00:29:19,840 --> 00:29:22,400 just don't have passwords. We just don't have passwords. 563 00:29:22,400 --> 00:29:24,840 That's not even a setting that's allowed, right? 564 00:29:25,200 --> 00:29:27,240 And so that's. Not there, right? 565 00:29:28,000 --> 00:29:29,680 You're. Putting us all out of business, 566 00:29:29,680 --> 00:29:30,680 Sarah. I'm sick of those. 567 00:29:31,440 --> 00:29:34,000 Cut, cut, cut. Yeah. 568 00:29:34,000 --> 00:29:36,280 So we're moving on to more sophisticated attacks like hey, 569 00:29:36,280 --> 00:29:39,360 I've jailbroken the phone, I've stolen the laptop, I've somehow 570 00:29:39,360 --> 00:29:42,200 compromised the operating system, I've gotten that user to 571 00:29:42,200 --> 00:29:45,720 install malware, those kinds of identity based attacks or I've 572 00:29:45,720 --> 00:29:49,320 compromised the browser itself. Those kinds of attacks we have 573 00:29:49,320 --> 00:29:52,040 to detect now that we've now that we've gotten rid of all the 574 00:29:52,040 --> 00:29:54,160 password based attacks, those are the more sophisticated ones 575 00:29:54,160 --> 00:29:56,320 that we're going after. Yeah. 576 00:29:56,320 --> 00:29:58,280 And I. I've run into this question 577 00:29:58,280 --> 00:30:05,000 before of, you know, is password list more secure than MFA? 578 00:30:05,280 --> 00:30:11,800 Using MFA you've got, you know, possession based, probably might 579 00:30:11,800 --> 00:30:15,960 even be, you know, biometric, but you also have a password. 580 00:30:16,400 --> 00:30:18,640 So does the password add any value? 581 00:30:18,640 --> 00:30:22,520 Does it is it important to get as many factors as possible? 582 00:30:22,520 --> 00:30:24,680 Does that make this process more secure? 583 00:30:25,800 --> 00:30:27,360 Oh gosh, I could write you a novel. 584 00:30:27,880 --> 00:30:29,520 I mean, you've been to authenticate conference. 585 00:30:29,520 --> 00:30:32,080 I'm sure you've seen Dean and Pam's great talk. 586 00:30:32,080 --> 00:30:35,280 If you haven't seen it, it's online about different factors 587 00:30:35,280 --> 00:30:37,800 and that really thinking about things as multi factor isn't 588 00:30:37,800 --> 00:30:40,600 serving us very well anymore. And we should be thinking about 589 00:30:40,600 --> 00:30:43,440 what kinds of threats we want to protect against and how well the 590 00:30:43,440 --> 00:30:45,680 different ways that we authenticate protect against 591 00:30:45,680 --> 00:30:47,960 them. And so even if you're using a 592 00:30:47,960 --> 00:30:50,320 password, there's a chance that your user is using a password 593 00:30:50,320 --> 00:30:52,520 manager, right? And so then it's not a something 594 00:30:52,520 --> 00:30:54,080 you know that it's a something you have. 595 00:30:54,800 --> 00:30:59,040 And so using passwords is, we know it's bad for usability. 596 00:30:59,040 --> 00:31:01,680 We know it's good for attackers who can compromise those 597 00:31:01,680 --> 00:31:03,000 passwords. And if you're not using a 598 00:31:03,000 --> 00:31:05,800 password manager, you're likely to reuse passwords, which means 599 00:31:05,800 --> 00:31:06,960 that they're going to get breached. 600 00:31:07,360 --> 00:31:09,960 And then all of the places that you use that password are then 601 00:31:10,000 --> 00:31:13,520 compromised, right. And so passwords are are not a 602 00:31:13,520 --> 00:31:17,840 great solution, which is why we we're moving more toward device 603 00:31:17,840 --> 00:31:22,560 and biometric so. Where are we at as an industry? 604 00:31:22,560 --> 00:31:25,520 Are we at the point where, you know, the attacks happen and 605 00:31:25,520 --> 00:31:28,800 then we've react to them? Is there a way that we can get 606 00:31:28,800 --> 00:31:32,320 smarter about it and kind of like get ahead of the attacks? 607 00:31:32,320 --> 00:31:35,680 Is that what this is all about? Is that what Beyond the identity 608 00:31:35,680 --> 00:31:40,400 is essentially trying to do is to be that intelligent platform 609 00:31:40,400 --> 00:31:45,240 so that you're not you're not having to constantly react to 610 00:31:45,640 --> 00:31:48,920 what just happened? It is like, that's one of the 611 00:31:48,920 --> 00:31:52,200 things that I loved about your show with Sean Adele was that he 612 00:31:52,200 --> 00:31:54,280 talks about like identity and security. 613 00:31:54,320 --> 00:31:57,240 It's one like it's all one thing. 614 00:31:57,240 --> 00:31:59,840 And right now the way that our vendors work is that you have 615 00:31:59,840 --> 00:32:02,800 security vendors and you have identity vendors and they don't 616 00:32:02,800 --> 00:32:04,400 really talk to each other, right? 617 00:32:04,400 --> 00:32:06,760 And so you have the the detection and the response on 618 00:32:06,760 --> 00:32:08,600 one side, and then you have the authentication on the other 619 00:32:08,600 --> 00:32:10,480 side. And that's not the way it should 620 00:32:10,480 --> 00:32:12,520 be, right? You should be able to detect and 621 00:32:12,520 --> 00:32:14,880 prevent, right? So as soon as you get the 622 00:32:14,880 --> 00:32:18,200 detection, you should be able to ban that authentication and make 623 00:32:18,200 --> 00:32:21,080 sure that the the attack never happens in the 1st place instead 624 00:32:21,080 --> 00:32:24,400 of trying to respond and mitigate afterwards. 625 00:32:26,080 --> 00:32:28,600 I think getting smarter as an industry is always helpful. 626 00:32:28,600 --> 00:32:32,240 If we have Smart Tools, we got smart people, we have the data. 627 00:32:32,240 --> 00:32:34,960 It seems to me like this has been something that's been a 628 00:32:34,960 --> 00:32:38,880 long time coming to actually take advantage of the 629 00:32:38,880 --> 00:32:41,560 capabilities and the standards development that have enabled 630 00:32:41,560 --> 00:32:43,960 this. What do you see as sort of like 631 00:32:43,960 --> 00:32:47,640 the thing that has been really the enabler to get where you're 632 00:32:47,640 --> 00:32:51,160 at today from a from a product standpoint to say, OK, yeah, we 633 00:32:51,160 --> 00:32:54,840 are actually at a spot where what password there isn't a 634 00:32:54,840 --> 00:32:58,000 password to take because I see a lot of password less and then 635 00:32:58,000 --> 00:33:00,800 password dash less where there's still a password float around 636 00:33:00,800 --> 00:33:02,880 somewhere. What do you think has been the 637 00:33:02,880 --> 00:33:06,920 the key to shift that way? I mean, I don't think we are 638 00:33:06,920 --> 00:33:09,760 fully shifted yet, right? Like we had to do this all 639 00:33:09,760 --> 00:33:11,880 proprietary, all of our connections with security 640 00:33:11,880 --> 00:33:14,960 vendors are proprietary the way that we do key pairs as 641 00:33:14,960 --> 00:33:16,800 proprietary, right? And we don't want it to be that 642 00:33:16,800 --> 00:33:19,040 way, right? We want this to be the standard 643 00:33:19,040 --> 00:33:21,840 for the industry. We want this to be the way that 644 00:33:21,840 --> 00:33:23,440 Fido does things. We want this to be the way that 645 00:33:23,440 --> 00:33:26,000 shared signals does things. And so I think we still have a 646 00:33:26,000 --> 00:33:28,640 long way to go in the identity industry to figure these things 647 00:33:28,640 --> 00:33:30,760 out. But it was absolutely like in 648 00:33:30,760 --> 00:33:33,160 terms of what made it even possible to do the proprietary 649 00:33:33,160 --> 00:33:37,360 part, like it was absolutely like phones now have a secure 650 00:33:37,360 --> 00:33:40,880 enclave that apps can access. Like that's a huge part of it. 651 00:33:41,600 --> 00:33:45,040 Security vendors now have very robust AP is that we can just go 652 00:33:45,040 --> 00:33:47,200 call and see if anything is going on. 653 00:33:47,560 --> 00:33:50,320 So a lot of that has been built out in the last five years and 654 00:33:50,320 --> 00:33:53,160 that's what enabled this to exist the way it does today. 655 00:33:53,160 --> 00:33:56,120 But there's so much more work to do to to get an industry wide. 656 00:33:56,280 --> 00:34:00,440 Sarah, what does the typical deployment of Beyond Identity 657 00:34:00,440 --> 00:34:04,840 look like in an organization? And what are some of the change 658 00:34:04,840 --> 00:34:09,480 management or adoption issues that, you know, you talk to the 659 00:34:09,480 --> 00:34:12,000 practitioners about like get out ahead of this? 660 00:34:12,480 --> 00:34:16,760 Is there a resistance from a user base of like, oh, you know, 661 00:34:17,040 --> 00:34:19,400 I don't want to use my biometrics for this thing 662 00:34:19,400 --> 00:34:22,480 because it could get, it's going to get put down on some server, 663 00:34:22,639 --> 00:34:25,199 which we know from this conversation that's not a 664 00:34:25,199 --> 00:34:27,840 realistic thing. But what are some of the the 665 00:34:27,840 --> 00:34:31,679 main challenges you see? Yeah, I mean, identity is 666 00:34:31,679 --> 00:34:35,440 extremely sticky, right? Doing a full IDP tear out and 667 00:34:35,719 --> 00:34:39,600 and reboot is like every Ciso's worst nightmare. 668 00:34:40,719 --> 00:34:45,360 And so the way that we see people deploying beyond identity 669 00:34:45,360 --> 00:34:48,760 is either as an MFA layer on top of their IDP and then they'll 670 00:34:48,800 --> 00:34:51,960 they'll pick certain applications that they think are 671 00:34:51,960 --> 00:34:54,239 their crown jewels to say, OK, we're actually going to switch 672 00:34:54,239 --> 00:34:58,600 to full IDP mode here for this application or for a pool of 673 00:34:58,600 --> 00:35:00,400 users. So we say, OK, we're actually 674 00:35:00,400 --> 00:35:03,480 going to switch out the IDP for our executive team, for our HR 675 00:35:03,480 --> 00:35:06,480 team, for our finance team, the teams where we're really worried 676 00:35:06,480 --> 00:35:09,200 about breach. And so they're not doing that 677 00:35:09,200 --> 00:35:11,560 full RIP and replace. That's really painful and 678 00:35:11,560 --> 00:35:15,360 expensive and time consuming, but they're kind of dipping a 679 00:35:15,360 --> 00:35:18,360 toe in and then they're saying, OK, this, this is going well. 680 00:35:18,360 --> 00:35:21,760 Let's expand this to another application, another team and 681 00:35:21,760 --> 00:35:24,760 slowly over time kind of moving it throughout the company. 682 00:35:25,680 --> 00:35:28,800 And we have seen some resistance to biometrics. 683 00:35:28,960 --> 00:35:32,120 There are a lot of biometrics laws all around the world. 684 00:35:32,800 --> 00:35:36,000 And obviously you can turn that off in the product if you feel 685 00:35:36,000 --> 00:35:39,560 like it's it's not what you want in your company. 686 00:35:40,120 --> 00:35:43,000 But the biometrics are local, so they are, there is no central 687 00:35:43,000 --> 00:35:45,000 thing to compromise with the biometrics. 688 00:35:45,000 --> 00:35:47,440 It is all stored on the on the phone or on the laptop. 689 00:35:47,600 --> 00:35:52,440 Is there a scenario where you could potentially selectively 690 00:35:52,440 --> 00:35:56,080 turn off the biometric for certain people and not other 691 00:35:56,080 --> 00:35:58,480 people? Sorry if I'm hitting you with a 692 00:35:58,480 --> 00:36:01,800 trick question here, but I'm wondering like, OK, if you had 693 00:36:02,000 --> 00:36:06,880 kind of a, a Workers Union, I can't even remember the right 694 00:36:06,880 --> 00:36:11,960 term in in France and those folks for some reason or 695 00:36:11,960 --> 00:36:15,240 another, you just have to exclude them from using that 696 00:36:15,440 --> 00:36:18,000 biometric. Is that possible? 697 00:36:18,920 --> 00:36:20,640 Absolutely. So that's just role based access 698 00:36:20,640 --> 00:36:22,000 control, right? So that's you. 699 00:36:22,120 --> 00:36:24,920 You make a role that says, hey, this is the crazy France union 700 00:36:25,000 --> 00:36:29,760 of people who hate fingerprints. And you make a policy that says, 701 00:36:29,760 --> 00:36:31,600 like, these people can get in without a fingerprint. 702 00:36:32,880 --> 00:36:34,920 Love the flexibility of the approach here because I think 703 00:36:34,920 --> 00:36:38,480 you're right where IDP surgery is a major surgery. 704 00:36:39,320 --> 00:36:41,560 And if you, and you know, there's a lot of legacy players 705 00:36:41,560 --> 00:36:43,200 out there. So the ability to add this 706 00:36:43,200 --> 00:36:45,920 capability to an existing Idpi think is a huge win. 707 00:36:46,080 --> 00:36:49,040 You know, for everybody. It's, it's the ability to be 708 00:36:49,040 --> 00:36:51,960 more granular with the approach for MFA, which is important. 709 00:36:51,960 --> 00:36:55,440 It's the flexibility and the models and you know, just the 710 00:36:55,440 --> 00:36:57,280 different ways to approach. I think it's a really smart way 711 00:36:57,280 --> 00:36:59,960 to approach it. So I I tip my cap for you. 712 00:37:02,040 --> 00:37:04,480 So exactly, yeah, I, I fell in love with the technology, which 713 00:37:04,480 --> 00:37:07,200 is why I moved to the company. And obviously the, the people 714 00:37:07,200 --> 00:37:10,520 who I work with at the company are, are all fantastic. 715 00:37:10,520 --> 00:37:13,760 So it's a really great team. If you get a chance to meet us 716 00:37:13,760 --> 00:37:16,680 at a conference, please say hello, stop by the booth. 717 00:37:17,560 --> 00:37:21,080 We're very friendly. And, and my team specifically 718 00:37:21,080 --> 00:37:25,160 will all be at the Internet Identity Workshop coming up in 719 00:37:25,160 --> 00:37:27,520 April. So we are excited to talk to you 720 00:37:27,520 --> 00:37:30,200 about anything innovative. If you have something that that 721 00:37:30,200 --> 00:37:33,200 you say, like God, I wish ID PS did this or God, I wish I had an 722 00:37:33,200 --> 00:37:38,320 endpoint that did that, come fly us down and tell us that that 723 00:37:38,320 --> 00:37:40,200 you want us to build new things because that's what we do. 724 00:37:40,640 --> 00:37:42,080 I say be careful what you asked for. 725 00:37:43,480 --> 00:37:45,040 I want my IDP to have a cup holder. 726 00:37:45,040 --> 00:37:48,440 Might not be a realistic. Hey, we can make it happen. 727 00:37:48,920 --> 00:37:50,840 Right. So before that though, you've 728 00:37:50,840 --> 00:37:53,960 got Bioncon and I'm, I guess I'm not familiar with Bioncon. 729 00:37:53,960 --> 00:37:56,240 Tell me about this, because this is coming up March 20th. 730 00:37:56,600 --> 00:37:59,880 It's in Palo Alto, CA. I assume you and your team will 731 00:37:59,880 --> 00:38:01,880 be there as well, but what is Bioncon for? 732 00:38:01,880 --> 00:38:03,000 For people who aren't familiar with? 733 00:38:03,600 --> 00:38:06,080 It yeah. So we first started Bioncon last 734 00:38:06,080 --> 00:38:08,120 year. We did it at our offices in New 735 00:38:08,120 --> 00:38:11,240 York. And basically it's a combination 736 00:38:11,240 --> 00:38:14,840 of a Broadway show and a whole bunch of identity nerds, some 737 00:38:14,840 --> 00:38:19,000 security nerds. We had a fantastic time. 738 00:38:19,000 --> 00:38:22,640 So Biancon is going to be. So we're doing one on the West 739 00:38:22,640 --> 00:38:26,400 Coast now in the spring, in two weeks on March 20th. 740 00:38:26,440 --> 00:38:29,640 And I will be there, our CEO will be there. 741 00:38:30,280 --> 00:38:34,960 We will have live demos, people on keyboards at stations who 742 00:38:34,960 --> 00:38:39,440 will be showing you things, who you can ask questions, you can 743 00:38:39,440 --> 00:38:43,240 touch the keyboard yourself, you can play with the console, but 744 00:38:43,240 --> 00:38:46,280 none of this is just for show. We want to make sure that the 745 00:38:46,280 --> 00:38:48,920 technology is ready for you and that you can come and play with 746 00:38:48,920 --> 00:38:53,120 it if you want to. So having that chance to both 747 00:38:53,160 --> 00:38:57,600 see some great speakers. So we're going to have Taher 748 00:38:57,600 --> 00:39:01,080 Elgamal, who I mentioned, who was the CTO of security for 749 00:39:01,080 --> 00:39:04,440 Salesforce for a long time and then switched over to VC and he 750 00:39:04,440 --> 00:39:08,280 was one of our founders who who founded and funded us as AVC. 751 00:39:09,480 --> 00:39:14,280 He will be speaking and Sam Curry from Z Scaler will be 752 00:39:14,280 --> 00:39:19,280 speaking about Zero Trust and how we kind of implement that 753 00:39:19,280 --> 00:39:21,720 given today's technologies and capabilities. 754 00:39:22,200 --> 00:39:24,680 And then a whole bunch of people from Beyond Identity obviously 755 00:39:24,680 --> 00:39:27,560 will be there talking about the product and doing demos. 756 00:39:27,560 --> 00:39:30,600 And then at the end of the day, we'll open up the bar and we've 757 00:39:30,600 --> 00:39:33,720 got Broadway singers coming 'cause we're a New York company 758 00:39:33,720 --> 00:39:36,760 and we love, we love singing. We actually do karaoke whenever 759 00:39:36,760 --> 00:39:38,760 we get together at at a company audience so. 760 00:39:39,480 --> 00:39:42,000 OK, you, you kind of preface my next question here because I was 761 00:39:42,000 --> 00:39:44,960 scrolling for the agenda and I see a, a private experience of 762 00:39:44,960 --> 00:39:48,680 Broadway jukebox hits and I see things from like Jersey boys, 763 00:39:48,800 --> 00:39:51,040 thank you, Valley, Four Seasons, etcetera. 764 00:39:52,080 --> 00:39:54,520 Tell me I'm, I'm, I'm interested in this because I don't think 765 00:39:54,520 --> 00:39:56,880 I've seen this at a conference, you know, before. 766 00:39:57,200 --> 00:39:59,400 What should people expect if they if they see this? 767 00:40:00,320 --> 00:40:03,440 Yeah, so when we were in New York, we had people from the 768 00:40:03,440 --> 00:40:07,040 original cast of Hamilton who came and sang songs from 769 00:40:07,040 --> 00:40:13,440 Hamilton and it was incredible. It was very moving and exciting 770 00:40:13,440 --> 00:40:16,280 and just allowed kind of the group to to bond and have a 771 00:40:16,280 --> 00:40:18,760 great experience. And this will be the same thing. 772 00:40:18,760 --> 00:40:21,280 It'll be very intimate. It will be Broadway singers and 773 00:40:21,840 --> 00:40:24,040 you will have a have a great time so. 774 00:40:25,440 --> 00:40:28,120 And you piqued my interest with the the karaoke. 775 00:40:28,120 --> 00:40:33,160 What's your karaoke song? So my favorite karaoke song is 776 00:40:33,520 --> 00:40:36,280 Let It Go from Frozen, but instead of singing Let It Go I 777 00:40:36,280 --> 00:40:38,600 say fuck it all. It's very cathartic. 778 00:40:39,880 --> 00:40:43,120 Highly recommended. All right, we earned the XLR 779 00:40:43,600 --> 00:40:45,440 rated on that one, but I'll we'll go. 780 00:40:45,440 --> 00:40:46,720 Yeah, you can bleep me if you right. 781 00:40:47,120 --> 00:40:51,440 Now I'm going to leave it in. Hey, we're all adults here, so. 782 00:40:51,440 --> 00:40:53,560 I certainly feel like there are no children who are so 783 00:40:53,600 --> 00:40:55,600 interested in my identity that they're listening to I. 784 00:40:55,640 --> 00:40:57,880 Didn't under 12 if you're listening to this? 785 00:40:57,920 --> 00:41:00,720 Oh my gosh. Go outside, touch grass. 786 00:41:02,320 --> 00:41:04,320 You've shared a lot of information with us here, so I 787 00:41:04,320 --> 00:41:08,760 hope people go check it out Beyond identity.com/I DACI 788 00:41:08,760 --> 00:41:11,080 mentioned early on. It's been a while since you've 789 00:41:11,080 --> 00:41:15,080 been with us on the show. And in that time I remember 790 00:41:15,080 --> 00:41:17,040 seeing a LinkedIn post, and it's probably a couple years ago at 791 00:41:17,040 --> 00:41:20,000 this point now, where you were heading off to Europe for a 792 00:41:20,000 --> 00:41:21,960 backpacking trip or, or something. 793 00:41:22,840 --> 00:41:26,840 Do I remember that correctly? Yeah, that was in April. 794 00:41:26,840 --> 00:41:32,040 So just about a year ago I went with my sister-in-law and we did 795 00:41:32,040 --> 00:41:35,440 the community of Santiago, which is walking across Spain. 796 00:41:35,440 --> 00:41:39,200 So it's a 600 mile trail. We just did the last 200 miles. 797 00:41:40,080 --> 00:41:41,600 But it was absolutely incredible. 798 00:41:41,600 --> 00:41:45,160 I highly recommend it. You take your little backpack of 799 00:41:45,160 --> 00:41:47,920 all your stuff with you and you stay in a different place every 800 00:41:47,920 --> 00:41:50,920 night. And for this one, you actually, 801 00:41:51,200 --> 00:41:53,400 you are making a pilgrimage to a cathedral. 802 00:41:53,400 --> 00:41:56,880 And so you get to the end and there's this huge Plaza and all 803 00:41:56,880 --> 00:41:59,160 of these people who have walked hundreds of miles and they are 804 00:41:59,160 --> 00:42:01,440 crying and they're singing and they're screaming. 805 00:42:01,440 --> 00:42:05,520 And it's, it is an incredible energy in that in that town, 806 00:42:05,520 --> 00:42:07,480 just to be there with all of these people who have 807 00:42:07,480 --> 00:42:10,240 accomplished what might be the most difficult thing in their 808 00:42:10,240 --> 00:42:12,200 lives. It's, it was an incredible 809 00:42:12,200 --> 00:42:13,680 experience. Highly recommended. 810 00:42:14,320 --> 00:42:16,520 So what was the impetus to to do this? 811 00:42:16,520 --> 00:42:18,520 Was it just something you saw? Are you, are you naturally a 812 00:42:18,520 --> 00:42:20,920 hiker or explorer? Adventurous like that. 813 00:42:21,240 --> 00:42:28,000 I really like wine and so and I like, I like my fitness kind of 814 00:42:28,000 --> 00:42:30,960 low impact. So there are there are 815 00:42:30,960 --> 00:42:33,760 restaurants and there are bars all along the trail and there 816 00:42:33,760 --> 00:42:36,240 are hotels, right. So it's you get the benefit of 817 00:42:36,240 --> 00:42:38,760 hiking, but unlike hiking in America where like you bring a 818 00:42:38,760 --> 00:42:43,920 tent and you don't shower, like you hike and then you have 819 00:42:43,920 --> 00:42:47,240 dinner and a bottle of wine and you sleep in a bed and you would 820 00:42:47,240 --> 00:42:50,800 take a shower and then you go walk the next day. 821 00:42:50,800 --> 00:42:54,720 And so this is, this is like a vastly better experience than 822 00:42:54,920 --> 00:42:57,640 than hiking in America. OK, you totally sold me 823 00:42:58,240 --> 00:43:00,240 everything you just said. Like that sounds definitely 824 00:43:00,240 --> 00:43:03,520 sounds like my kind of hiking. What was the what was the best 825 00:43:03,520 --> 00:43:09,680 meal or and or bottle of wine or just wine that you had on this 826 00:43:09,680 --> 00:43:12,280 trip? Oh, the the Riojas all 827 00:43:12,280 --> 00:43:14,320 throughout Spain were incredible. 828 00:43:14,840 --> 00:43:16,760 I managed to get some of them back to America. 829 00:43:16,760 --> 00:43:18,360 Not enough. So I'll have to, I'll have to go 830 00:43:18,360 --> 00:43:23,360 back at some point and get more. But actually by the end, we were 831 00:43:23,360 --> 00:43:28,000 so tired of Spanish food. Like we had one Chinese 832 00:43:28,040 --> 00:43:30,480 restaurant. We were like, Oh my God, thank 833 00:43:30,640 --> 00:43:32,960 God. I got to the point where I 834 00:43:32,960 --> 00:43:35,120 didn't want any more ham. And I love ham. 835 00:43:35,240 --> 00:43:40,160 So like that was that was a lot. It sounds like a lot of fun, 836 00:43:40,520 --> 00:43:44,320 Jim, would you do a 200 mile trek to go get to do that? 837 00:43:44,320 --> 00:43:45,720 I mean you're you work out all the time. 838 00:43:45,720 --> 00:43:49,120 For Chinese food. For Chinese food in Spain. 839 00:43:49,840 --> 00:43:54,160 Yeah, so I've I've done a fair amount of backpacking in the US 840 00:43:54,160 --> 00:43:56,960 and gone through the no shower thing. 841 00:43:56,960 --> 00:44:02,160 I actually remember one time backpacking in New Hampshire and 842 00:44:02,320 --> 00:44:06,400 going into a river to take a bath because it's been a couple 843 00:44:06,400 --> 00:44:10,840 days and the water was like just a degree or so away from 844 00:44:10,840 --> 00:44:14,960 freezing. It was not fun, but it it was 845 00:44:14,960 --> 00:44:17,240 good to be clean. But yeah, I've I've backpacked 846 00:44:17,240 --> 00:44:19,240 all over, but I've never backpacked in Europe. 847 00:44:19,640 --> 00:44:23,120 I think it would be a great experience, but I'm kind of more 848 00:44:23,120 --> 00:44:28,000 into the next level of luxury, which, you know, would be a nice 849 00:44:28,000 --> 00:44:32,480 hotel bed and maybe even like four and five star hotels and 850 00:44:32,640 --> 00:44:35,400 stuff like that. So I probably won't do it. 851 00:44:35,400 --> 00:44:38,800 I can't say it's on my bucket list, but I've always thought it 852 00:44:39,080 --> 00:44:42,520 was like kind of a romantic concept to backpack through 853 00:44:42,520 --> 00:44:45,600 Europe right after finishing college or right after finishing 854 00:44:45,600 --> 00:44:51,240 high school. So sounds dangerous, but I think 855 00:44:51,240 --> 00:44:54,240 backpacking anywhere for long periods of time can be 856 00:44:54,240 --> 00:44:57,120 dangerous. Well, wait to bring it down. 857 00:44:57,120 --> 00:44:58,360 Thanks, Jim. There's a lot of crazy. 858 00:44:58,600 --> 00:45:00,520 People out there. What about you, Jeff? 859 00:45:01,160 --> 00:45:02,080 I'm. Not a backpacker. 860 00:45:02,080 --> 00:45:04,120 I yeah, I'm, I'm, I'm not anything like that. 861 00:45:04,120 --> 00:45:08,240 But Sarah, you have sold me on this because I absolutely will 862 00:45:08,240 --> 00:45:12,120 walk from restaurant to restaurant to winery to winery. 863 00:45:12,360 --> 00:45:14,920 My wife has big into wine. She's been to Spain and Portugal 864 00:45:14,920 --> 00:45:18,000 and France and all those places and part of her job in the past. 865 00:45:18,000 --> 00:45:20,440 So this sounds. Like tell me when you want to 866 00:45:20,440 --> 00:45:22,600 go, I'll do it again. This sounds like right up my 867 00:45:22,600 --> 00:45:24,840 alley. For sure, let's do it. 868 00:45:25,600 --> 00:45:27,960 And you know, I think the hardest part about this is at 869 00:45:27,960 --> 00:45:30,880 least in the US, it doesn't seem like there's areas where you can 870 00:45:30,880 --> 00:45:34,360 go 200 miles on foot and have all those amenities kind of 871 00:45:34,840 --> 00:45:36,320 there, right? You're going from village to 872 00:45:36,320 --> 00:45:39,680 village or town to town. Like what was the give me just 873 00:45:39,680 --> 00:45:41,840 like a normal day as as you went through this. 874 00:45:42,440 --> 00:45:44,040 Yeah, you absolutely. You go from town to town. 875 00:45:44,040 --> 00:45:46,680 The towns are about 5 miles spaced out, so we would go 876 00:45:46,680 --> 00:45:51,080 through two or three towns in a day and it's, it's great. 877 00:45:51,080 --> 00:45:53,920 Like you stop for lunch and, you know, do you have whatever they 878 00:45:53,920 --> 00:45:55,600 have locally? So they might have a little bit 879 00:45:55,600 --> 00:45:59,200 of fried squid and some local beer or they might have 880 00:45:59,200 --> 00:46:02,360 sandwiches with lots of ham, obviously. 881 00:46:03,600 --> 00:46:06,360 So whatever happens to be in that town, that's what you have 882 00:46:06,360 --> 00:46:08,440 that day. And then you keep walking and 883 00:46:08,520 --> 00:46:10,720 you meet all sorts of people from all over the world doing 884 00:46:10,720 --> 00:46:12,360 this. And people have told me there 885 00:46:12,360 --> 00:46:15,000 are similar trails in the UK and in Japan. 886 00:46:15,000 --> 00:46:19,960 So I I might go explore what else there is across the world 887 00:46:20,720 --> 00:46:23,000 in this vein that. Sounds really exciting. 888 00:46:23,000 --> 00:46:25,400 I I'm sold. This is this is this is 889 00:46:25,400 --> 00:46:28,280 something yeah. I'm going to Berlin for EIC in a 890 00:46:28,280 --> 00:46:30,160 couple months. My wife and I are looking for 891 00:46:30,160 --> 00:46:32,000 something to do while we're out there. 892 00:46:32,200 --> 00:46:33,640 I think we're going to end up in Amsterdam. 893 00:46:33,640 --> 00:46:35,320 So I don't know, I'm sure we'll be doing plenty of walking and 894 00:46:35,320 --> 00:46:38,200 stuff like that, but maybe we can do something similar to that 895 00:46:38,200 --> 00:46:40,480 or maybe just sit on a train and go to the countryside and. 896 00:46:40,800 --> 00:46:44,040 Whatever it may be better. You've been very generous with 897 00:46:44,040 --> 00:46:45,720 your time. I want to make sure that we get 898 00:46:45,720 --> 00:46:48,920 you out of here on time. But any final thoughts or things 899 00:46:48,920 --> 00:46:52,240 that people should be listening, that are are watching, should 900 00:46:52,240 --> 00:46:53,880 know about Beyond Unity that you want to get out. 901 00:46:54,760 --> 00:46:56,760 I'm just really glad we could sponsor you guys. 902 00:46:56,760 --> 00:46:58,800 I really love the work that you're doing here with the 903 00:46:58,800 --> 00:47:01,040 podcast, the way that you're bringing the community together. 904 00:47:01,040 --> 00:47:04,560 I think it's awesome. I, I'm an avid listener, 905 00:47:04,560 --> 00:47:06,360 although it's weird to hear you guys at real speed because I 906 00:47:06,360 --> 00:47:08,120 normally listen to you at like 1.5. 907 00:47:08,120 --> 00:47:10,720 So like your voices are pitched. I'm like, oh, you're so 908 00:47:10,720 --> 00:47:13,920 masculine. Well, you know not. 909 00:47:13,920 --> 00:47:15,840 Really. But yeah, I, I really think that 910 00:47:16,360 --> 00:47:18,920 you guys are doing great work and thank you so much for giving 911 00:47:18,920 --> 00:47:20,680 us the opportunity to to support you. 912 00:47:21,400 --> 00:47:23,200 Well, we appreciate that flattery gets you everywhere in 913 00:47:23,200 --> 00:47:27,080 this show, so we'll have links in our show notes for people to 914 00:47:27,080 --> 00:47:28,680 check out. Again, website 915 00:47:28,680 --> 00:47:32,160 beyondidentity.com/I DAC, bunch of information there. 916 00:47:32,640 --> 00:47:35,160 It'll be in our show notes as well as links to Beyond Con, 917 00:47:35,160 --> 00:47:36,880 which is coming up. So I'll put people will go check 918 00:47:36,880 --> 00:47:38,560 that out and then share it for yourself. 919 00:47:38,560 --> 00:47:40,760 We'll have your LinkedIn connection information in our 920 00:47:40,760 --> 00:47:44,600 show notes so people can reach out with questions, comments, or 921 00:47:44,600 --> 00:47:47,560 maybe stories from backpacking across Europe or whatever it may 922 00:47:47,560 --> 00:47:50,720 be. So with that, we'll go ahead and 923 00:47:50,720 --> 00:47:53,480 leave it for this week. Thanks everyone for watching and 924 00:47:53,480 --> 00:47:55,760 or listening and we'll talk with you all in the next one. 925 00:47:57,920 --> 00:48:00,920 You've been listening to Identity at the Centre. 926 00:48:01,280 --> 00:48:05,360 We hope you've enjoyed the show. Make sure to like, rate and 927 00:48:05,360 --> 00:48:09,000 review and we'll be back soon. But in the meantime, hit the 928 00:48:09,000 --> 00:48:12,400 website at identity@thecenter.com. 929 00:48:13,000 --> 00:48:17,080 See you next time on Identity at the Center.