1 00:00:05,240 --> 00:00:11,200 This is identity at the center. Welcome to the Identity at the 2 00:00:11,200 --> 00:00:13,000 Center podcast. I'm Jeff, and that's Jim. 3 00:00:13,000 --> 00:00:15,000 Hey, Jim. Hey, Jeff, how are you? 4 00:00:15,880 --> 00:00:17,760 So bad yourself. I'm great. 5 00:00:18,040 --> 00:00:20,440 You know, I sent you a text message on Friday. 6 00:00:20,440 --> 00:00:24,880 I think you ignored it, but it was about this idea of attack 7 00:00:24,880 --> 00:00:30,240 pass, identity attack pass, which really is just blown up as 8 00:00:30,240 --> 00:00:33,320 like a, you're looking at your text messages to see if I 9 00:00:33,320 --> 00:00:37,840 actually said it. I did or I sent it to somebody 10 00:00:37,840 --> 00:00:41,600 else who resembles you. And I said, this is a topic we 11 00:00:41,600 --> 00:00:43,840 need to dive into in the podcast. 12 00:00:44,120 --> 00:00:47,160 And lo and behold, we've got a guest today who's going to help 13 00:00:47,160 --> 00:00:51,800 us understand attack pass, identity attack pass, whatever 14 00:00:51,800 --> 00:00:53,760 you want to call them. It's a hot. 15 00:00:53,840 --> 00:00:56,440 It's a hot topic. Yeah, I'd say so. 16 00:00:56,440 --> 00:00:58,880 I mean, I think identity has taken on so many new forms now. 17 00:00:58,880 --> 00:01:02,240 It used to be humans and then we got non humans and AKA I gentic 18 00:01:02,240 --> 00:01:04,120 and a bunch of other stuff that's been going on. 19 00:01:04,120 --> 00:01:07,000 So sure, why not? That's what we're supposed to be 20 00:01:07,000 --> 00:01:08,320 doing, right? Identity security. 21 00:01:08,320 --> 00:01:12,640 That's kind of like the point. And I don't remember this text 22 00:01:12,640 --> 00:01:15,360 either, by the way. So I I ignore a lot of your 23 00:01:15,360 --> 00:01:15,920 text. That one. 24 00:01:15,920 --> 00:01:18,160 I specifically do you remember? Do not remember ignoring. 25 00:01:18,720 --> 00:01:21,880 OK, so when you ignore them, it's an intentional thing. 26 00:01:22,760 --> 00:01:23,840 Right. Yeah, that's it. 27 00:01:24,720 --> 00:01:26,040 Let's see. Yeah, go ahead. 28 00:01:26,480 --> 00:01:28,400 No, we've got a bunch of conferences. 29 00:01:28,400 --> 00:01:30,600 Probably exactly what you were going to say is that we got a 30 00:01:30,600 --> 00:01:34,160 bunch of conferences coming up and discount codes galore. 31 00:01:34,440 --> 00:01:37,960 I mean, if you haven't planned for, if you haven't thought 32 00:01:37,960 --> 00:01:41,080 about going to conferences this summer, I'm not sure if it's too 33 00:01:41,080 --> 00:01:42,720 late. But if you haven't, if you 34 00:01:42,720 --> 00:01:46,040 haven't booked anything yet, definitely jump on those 35 00:01:46,040 --> 00:01:48,440 conference codes. Yeah, save some money. 36 00:01:48,720 --> 00:01:50,840 Yeah, save some money. And that's on the website 37 00:01:50,840 --> 00:01:52,680 idacpodcast.com. Just Scroll down. 38 00:01:52,680 --> 00:01:55,800 I have the few listed there. I think we've got Ideniverse and 39 00:01:55,800 --> 00:01:58,560 EIC listed. Let's see, by the time people 40 00:01:58,560 --> 00:02:04,360 hear this one, I think it'll be February 23rd and I might be in 41 00:02:04,360 --> 00:02:06,520 New York later that week if my dates are right. 42 00:02:06,520 --> 00:02:08,560 I'm trying to think, remember the dates we have, but I'll be 43 00:02:08,560 --> 00:02:13,520 in New York for the Cyber Risk Alliance, the Ideniver, not 44 00:02:13,520 --> 00:02:15,720 Idiverse, but it's like a cybersecurity summit there. 45 00:02:15,880 --> 00:02:18,000 I'm monitoring a panel, and then I'm in Chicago the week after 46 00:02:18,000 --> 00:02:19,640 that too. So if you're interested in 47 00:02:19,640 --> 00:02:21,400 attending New York or Chicago, let me know. 48 00:02:21,880 --> 00:02:24,600 I can pass you along a a discount code via LinkedIn so. 49 00:02:25,960 --> 00:02:28,680 Yeah. So identity security, we're 50 00:02:28,680 --> 00:02:30,960 going to talk about it today. We've got our guest. 51 00:02:30,960 --> 00:02:32,800 He's been with us before, Simon Moffett. 52 00:02:32,960 --> 00:02:35,360 You probably already know him as the founder and analyst of the 53 00:02:35,360 --> 00:02:37,400 Cyber Hut. He's also a fellow. 54 00:02:37,400 --> 00:02:41,280 I am podcaster for the Analyst Brief podcasts. 55 00:02:41,280 --> 00:02:42,800 And welcome back to the show, Simon. 56 00:02:44,880 --> 00:02:48,320 You can hear that we're actually having a fire alarm just just as 57 00:02:48,360 --> 00:02:51,000 we start the podcast, we are having a fire alarm going off. 58 00:02:51,000 --> 00:02:55,000 So I don't know how whether that's real or not real, I guess 59 00:02:55,000 --> 00:02:58,760 we'll see how that evolves. But it's it's great to be back 60 00:02:58,760 --> 00:03:02,800 for as long as I can. I can be here for certainly. 61 00:03:03,680 --> 00:03:05,680 Well, I love the fact that the alarm went off because we are 62 00:03:05,680 --> 00:03:08,640 talking identity security and you know what better way to make 63 00:03:08,640 --> 00:03:10,600 an intro assignment. I think you planned this. 64 00:03:10,920 --> 00:03:13,800 It was literally the word security appeared there, just it 65 00:03:13,800 --> 00:03:16,120 started doing the thing. So let's give it a few seconds 66 00:03:16,120 --> 00:03:20,200 and hopefully it might disappear and the security situation may 67 00:03:20,200 --> 00:03:23,080 have resolved, but it's great to be back and great to be talking 68 00:03:23,080 --> 00:03:27,000 about something which I think is hugely important and hugely 69 00:03:27,200 --> 00:03:30,760 involved as well. Yeah, so there's a lot going on 70 00:03:30,760 --> 00:03:32,600 in the space. And, you know, safety is 71 00:03:32,600 --> 00:03:36,480 paramount here. So if if we detect heat in your 72 00:03:36,480 --> 00:03:39,640 area, feel free to drop. But we'll keep going on until 73 00:03:39,760 --> 00:03:42,360 until either you're charged to a crisp or decide to vacate the 74 00:03:42,360 --> 00:03:44,720 premises. Why don't we start with our last 75 00:03:44,720 --> 00:03:46,320 conversation? Because you were with us back in 76 00:03:46,320 --> 00:03:50,240 episode 347 and you were working on a book. 77 00:03:50,720 --> 00:03:52,760 How did that book go? And for people who aren't 78 00:03:52,760 --> 00:03:54,480 familiar with that conversation, go back and check it out. 79 00:03:54,480 --> 00:03:57,200 But maybe give a quick plug for what the book's about and how it 80 00:03:57,200 --> 00:03:58,520 went. Yeah, absolutely. 81 00:03:58,520 --> 00:04:02,880 I might have one here actually looking in colour on there. 82 00:04:02,880 --> 00:04:04,680 So this was this was my second book actually. 83 00:04:04,680 --> 00:04:10,240 So this was IAM at 2035. So the idea was to look at 84 00:04:10,240 --> 00:04:13,760 where's identity heading to 10 years from now, a decade from 85 00:04:13,760 --> 00:04:18,120 now, which is a long, a long time in any technology field. 86 00:04:18,240 --> 00:04:22,320 Technology is changing hugely with the advent of AI. 87 00:04:22,320 --> 00:04:24,880 So a decade seems a long, long time. 88 00:04:24,880 --> 00:04:28,600 And the idea of the book was to really try and not just give 89 00:04:28,600 --> 00:04:31,880 some pithy predictions around what may happen, but sort of 90 00:04:32,120 --> 00:04:36,000 educate not just identity practitioners, but all of the 91 00:04:36,000 --> 00:04:41,440 non identity world as well. So data, cyber, business owners, 92 00:04:41,440 --> 00:04:44,600 application owners, developers, all of these other stakeholders 93 00:04:44,600 --> 00:04:49,280 who are now really interested in what identity is, where it's 94 00:04:49,280 --> 00:04:54,160 been, what problems we have and obviously what technologies and 95 00:04:54,160 --> 00:04:55,960 solutions are going to exist 10 years from now. 96 00:04:55,960 --> 00:04:59,320 So that was a release. But yeah, about the sort of 97 00:04:59,320 --> 00:05:02,680 early part of 2025 which was, which was actually super. 98 00:05:03,400 --> 00:05:06,520 And as always, these things never a long burn. 99 00:05:06,520 --> 00:05:10,920 You know, the idea of, of any book is my, my first book was 100 00:05:10,920 --> 00:05:14,720 looking at consumer identity sort of five or six years ago. 101 00:05:15,080 --> 00:05:17,040 And I'm thinking, oh, that's, that was ages ago. 102 00:05:17,040 --> 00:05:19,400 People are interested in consumer identity. 103 00:05:19,400 --> 00:05:22,000 Obviously they are, it's still a huge, huge thing. 104 00:05:22,000 --> 00:05:26,000 So books tend to stick around for a long, long time. 105 00:05:26,000 --> 00:05:28,320 I'm very, very grateful for people who have bought it, 106 00:05:28,320 --> 00:05:31,000 people who are using it and, and getting in touch and, and 107 00:05:31,360 --> 00:05:33,200 thankfully saying very nice things about it. 108 00:05:33,200 --> 00:05:37,840 So it's, it is a, it's a labour of love at the time, but it's 109 00:05:37,840 --> 00:05:41,120 good to see see stuff out there and people using it and people 110 00:05:41,120 --> 00:05:43,360 getting in touch and commenting languages which is great. 111 00:05:44,480 --> 00:05:46,240 The books are kind of like a time capsule, right? 112 00:05:46,240 --> 00:05:48,160 Kind of was kind of like this podcast and I'm sure you know 113 00:05:48,160 --> 00:05:51,560 the podcast you do it day, Arthur and David, they will live 114 00:05:51,560 --> 00:05:54,080 forever. And you know, people are going 115 00:05:54,080 --> 00:05:57,920 to look back on this time and think, wow, what Neanderthals 116 00:05:57,920 --> 00:06:00,800 these people were when it came to identity Nexus management. 117 00:06:01,200 --> 00:06:03,120 But this is what we're this is what we're living right now. 118 00:06:03,120 --> 00:06:04,400 We can only kind of work around that. 119 00:06:04,840 --> 00:06:08,280 I think writing a book is interesting and maybe you and 120 00:06:08,280 --> 00:06:10,560 Jim can share some notes because Jim is working, you know, on one 121 00:06:10,560 --> 00:06:13,200 as well. But do you have other books sort 122 00:06:13,200 --> 00:06:15,400 of in progress or ideas like what's next? 123 00:06:16,520 --> 00:06:19,240 Oh. You always have ideas. 124 00:06:19,240 --> 00:06:22,000 I'm writing all obviously all the time is not list you writing 125 00:06:22,000 --> 00:06:25,480 reports and articles and sort of short form content. 126 00:06:25,480 --> 00:06:30,440 I haven't got any immediate plans for a third book, albeit 127 00:06:30,800 --> 00:06:35,400 sort of James Bond Never Say Never Again sort of saying it's 128 00:06:35,400 --> 00:06:38,360 not on the horizon right now. But it's that's not to say, you 129 00:06:38,560 --> 00:06:41,360 know, it seems change. There's sort of three or four 130 00:06:41,360 --> 00:06:45,000 years between book 1 and book 2. So I think you need a little bit 131 00:06:45,000 --> 00:06:49,680 of, of, of time off. And as I said in books, they do 132 00:06:49,680 --> 00:06:52,840 last a long time. So it's not a case of doing 133 00:06:52,840 --> 00:06:55,280 well, then you forget it. You're sort of like a musician 134 00:06:55,280 --> 00:06:58,160 really, sort of you do an album, then you have to then sort of 135 00:06:58,160 --> 00:07:01,760 tour the album, not maybe metaphorically is a book or two, 136 00:07:01,760 --> 00:07:05,440 but you're sort of talking about it and using it in constantly as 137 00:07:05,440 --> 00:07:08,840 part of your sort of narrative. So it's still very much fresh in 138 00:07:08,840 --> 00:07:11,000 sort of what I'm doing, I guess, day-to-day. 139 00:07:11,000 --> 00:07:14,200 But as you know, maybe ask me a year of a team's time. 140 00:07:14,200 --> 00:07:17,440 I've not, I've not got the I've not got the writing book just 141 00:07:17,440 --> 00:07:20,840 yet to to sit and do another sort of big, a big stint book. 142 00:07:20,840 --> 00:07:22,720 But you never know. There's plenty of plenty of 143 00:07:22,720 --> 00:07:24,440 great topics out there to to tackle. 144 00:07:25,400 --> 00:07:28,160 We've referenced the podcast a couple times, the analyst brief 145 00:07:28,160 --> 00:07:30,080 and like I said, you do that with our friend David Mahdi 146 00:07:30,080 --> 00:07:32,840 who's who's awesome and typically see him at on a 147 00:07:32,840 --> 00:07:34,320 conference tour and things like that. 148 00:07:34,640 --> 00:07:37,240 Tell us a little bit about the podcast, how's it going and 149 00:07:37,320 --> 00:07:38,880 anything new that we should be looking forward to? 150 00:07:39,640 --> 00:07:41,040 It's no, it's great. We love it. 151 00:07:41,080 --> 00:07:43,920 It's not as it's not as you know, glamorous is is identity, 152 00:07:43,920 --> 00:07:45,920 the sensor. Of course, you guys have got 153 00:07:45,920 --> 00:07:47,560 that got that monster. But no, we do. 154 00:07:47,560 --> 00:07:49,000 We do, though. I think it's, you know, we try 155 00:07:49,000 --> 00:07:52,040 and tackle there's, there's so much happening, I think in 156 00:07:52,040 --> 00:07:54,480 identity and, and, and by that, you know, we're looking at 157 00:07:54,480 --> 00:07:58,240 things like mergers, acquisitions may be acquired 158 00:07:58,240 --> 00:08:01,960 next new topics emerging like a Gen. take. 159 00:08:01,960 --> 00:08:07,000 And we literally recorded the podcasts yesterday looking at a 160 00:08:07,280 --> 00:08:09,960 couple of acquisitions that happened in the identity 161 00:08:09,960 --> 00:08:12,640 resilience space. That's a new area which has 162 00:08:12,640 --> 00:08:14,360 emerged the last two or three years. 163 00:08:14,360 --> 00:08:17,640 So we are trying to try to look at those sort of contemporary 164 00:08:17,640 --> 00:08:21,440 events and acquisitions and the vendor sort of changes that are 165 00:08:21,440 --> 00:08:24,240 constantly happening there. So that is that's sort of where 166 00:08:24,240 --> 00:08:28,000 we say which we try and do it 2-3, four times a month. 167 00:08:28,000 --> 00:08:32,440 So it's, it is, it is good for we do, we do meander in lots of 168 00:08:32,440 --> 00:08:35,840 directions, mainly because there's there's so much we do 169 00:08:35,960 --> 00:08:38,480 try and try and cover as much as that as we can. 170 00:08:39,480 --> 00:08:41,520 Yeah. You guys are also both big 171 00:08:41,520 --> 00:08:44,560 thinkers, which I think kind of contributes to it. 172 00:08:44,560 --> 00:08:48,200 We could talk about one topic all day for sure, but kind of 173 00:08:48,200 --> 00:08:51,640 shifting into a lot of what you're working on now. 174 00:08:51,640 --> 00:08:55,040 I think of the the root level of what I see is that you're 175 00:08:55,040 --> 00:09:00,280 talking about how identity is shifted from more or less a back 176 00:09:00,280 --> 00:09:03,880 office function to a strategic priority. 177 00:09:03,880 --> 00:09:07,200 I'd like you to kind of expand on that a little bit. 178 00:09:08,400 --> 00:09:10,960 Yeah, 100%. And again, it's like one of 179 00:09:10,960 --> 00:09:14,720 these sort of 15 year overnight successes. 180 00:09:14,720 --> 00:09:18,680 I think there's been a perfect storm of change around identity. 181 00:09:18,680 --> 00:09:22,760 I think if you go back maybe 10-15 years, you have the, the 182 00:09:22,760 --> 00:09:25,680 sort of the technical change of cloud, which I think altered 183 00:09:25,680 --> 00:09:29,040 entirely how identity was delivered, how it was 184 00:09:29,040 --> 00:09:32,520 integrated, how it was measured and how it was really used from 185 00:09:32,520 --> 00:09:34,960 that perspective. But then simultaneously we had 186 00:09:34,960 --> 00:09:38,840 things like zero trust, you know, again, zero trust being 187 00:09:38,840 --> 00:09:42,400 around for a long, long time, yet organisations are still 188 00:09:42,480 --> 00:09:45,920 trying to to get there. So you have this on network 189 00:09:45,960 --> 00:09:49,600 change and that's it's a technical change, the budget 190 00:09:49,680 --> 00:09:52,400 change, how people develop and buy networks. 191 00:09:52,400 --> 00:09:55,400 You don't necessarily have offices anymore and routers. 192 00:09:55,400 --> 00:09:59,400 You have more of a software defined view to that endpoint. 193 00:09:59,400 --> 00:10:02,200 Security's changed, data security's changed and all of 194 00:10:02,200 --> 00:10:07,240 those technical pillars are hugely reliant upon identity 195 00:10:07,280 --> 00:10:11,160 being successful and identity being available, identity 196 00:10:11,160 --> 00:10:14,720 integrating effectively. So suddenly it's gone from being 197 00:10:14,720 --> 00:10:18,400 the the elder guy in the corner. And I was, I was the elder guy 198 00:10:18,400 --> 00:10:22,160 doing the valve 25 years ago and nobody cared about that stuff 199 00:10:22,160 --> 00:10:25,080 really unless it was not working effectively. 200 00:10:25,120 --> 00:10:29,080 And then nobody can log in. Where's the LDAP guy get this 201 00:10:29,080 --> 00:10:30,720 fixed? Whereas now it's actually, well, 202 00:10:31,440 --> 00:10:35,880 customer identity is, is really important and fraud and zero 203 00:10:35,880 --> 00:10:37,920 trust. And then we have data security. 204 00:10:37,920 --> 00:10:41,080 So there's all of these other areas which are massively 205 00:10:41,080 --> 00:10:43,720 reliance on identity being effective. 206 00:10:43,720 --> 00:10:47,360 So it's suddenly has changed from being tactical and 207 00:10:47,560 --> 00:10:52,360 reactionary to being strategic and an enabling technology that 208 00:10:52,360 --> 00:10:56,320 helps revenue, helps productivity, it helps staff 209 00:10:56,320 --> 00:10:59,680 gain access to the right things, helps with supply chains. 210 00:10:59,680 --> 00:11:02,880 So it just has more tentacles, I guess to it. 211 00:11:02,880 --> 00:11:06,840 And I think that's surreal. That's really exciting for those 212 00:11:06,840 --> 00:11:09,960 guys who all love identity. But I think it brings different 213 00:11:10,080 --> 00:11:13,600 responsibilities, different budget, different different 214 00:11:13,600 --> 00:11:16,400 stakeholders as well, different, different people involved in 215 00:11:16,800 --> 00:11:19,760 what is this identity stuff, you know, is it working effectively? 216 00:11:20,200 --> 00:11:21,960 What what can it do for me essentially? 217 00:11:21,960 --> 00:11:24,240 I think I know that's where that has changed. 218 00:11:24,240 --> 00:11:27,080 And but I guess to answer your question, it isn't just one 219 00:11:27,080 --> 00:11:29,560 single thing. I think there's a there's a set 220 00:11:29,560 --> 00:11:33,200 of forces happening which have essentially moved it to being 221 00:11:33,200 --> 00:11:36,720 this big sort of Super Bowl half time singer instead of being 222 00:11:36,720 --> 00:11:38,720 just the guy doing a few songs in a pub. 223 00:11:38,720 --> 00:11:42,720 It's like this. It's the massive attention on 224 00:11:42,720 --> 00:11:46,560 identity now which is brings brings some challenges I think. 225 00:11:47,440 --> 00:11:51,280 Yeah, I think that you've said identity as an enabler, and that 226 00:11:51,280 --> 00:11:55,000 to me is at the core of it being strategic. 227 00:11:56,880 --> 00:12:02,320 There's also the balance of a lot of companies to stay 228 00:12:02,320 --> 00:12:06,480 compliant, and in some companies it seems like that's all there 229 00:12:06,480 --> 00:12:09,080 is. What do you think the mistake is 230 00:12:09,080 --> 00:12:13,840 that they're making? Again, this is multi 231 00:12:13,840 --> 00:12:16,360 multifaceted. I think, you know, it's again, 232 00:12:16,360 --> 00:12:20,520 it's often back to the case of not really knowing what identity 233 00:12:20,520 --> 00:12:23,040 is doing, I think. And that's quite, that's quite a 234 00:12:23,040 --> 00:12:25,680 complicated question to try and unpick. 235 00:12:25,680 --> 00:12:29,880 And, and by that I mean, if you are say a retail bank pick 236 00:12:29,880 --> 00:12:34,600 something relatively benign, I suppose, how is identity helping 237 00:12:34,600 --> 00:12:38,320 and hindering that bank? Is it helping the staff do their 238 00:12:38,320 --> 00:12:39,600 job? Is it helping them being 239 00:12:39,600 --> 00:12:42,480 productive? Is it helping them sell more 240 00:12:42,720 --> 00:12:44,760 retail bank services to customers? 241 00:12:44,960 --> 00:12:48,440 So you sort of work out where identity is working and not 242 00:12:48,440 --> 00:12:51,400 working. And I think unless you do that, 243 00:12:51,400 --> 00:12:54,960 you end up with just these reactionary technical choices 244 00:12:54,960 --> 00:12:58,120 and technical investments, the same as, you know, used to buy, 245 00:12:58,120 --> 00:13:03,040 I don't know, something like daily basis maybe 25 years ago, 246 00:13:03,040 --> 00:13:05,560 you look for the cheapest one or the one that could store the 247 00:13:05,560 --> 00:13:09,680 most or it was often quite a small technical commodity sale. 248 00:13:09,760 --> 00:13:13,360 And I think if identity is sort of seen as just this 249 00:13:13,720 --> 00:13:17,520 infrastructure thing that we invest upon and then every 6-8 250 00:13:17,520 --> 00:13:22,000 years we'll redesign. I think that that is, is, is 251 00:13:22,000 --> 00:13:25,280 that sort of legacy mindset. I think we're not really seeing 252 00:13:25,560 --> 00:13:28,800 the benefits a successful identity program can, can 253 00:13:28,800 --> 00:13:29,800 develop. You end up being quite 254 00:13:29,800 --> 00:13:33,200 reactionary sort of constant reacting to cyber threats or 255 00:13:33,200 --> 00:13:36,040 reacting to business requirements or you're not 256 00:13:36,040 --> 00:13:39,560 really strategic in, in what identity trying to achieve. 257 00:13:39,560 --> 00:13:42,680 And that that can be quite, quite difficult to unpick, I 258 00:13:42,680 --> 00:13:43,080 think. Yeah. 259 00:13:43,080 --> 00:13:49,480 This idea of strategic identity, I mean, I think it's, it makes 260 00:13:49,520 --> 00:13:52,440 it really jumps off the page when you're talking about 261 00:13:52,440 --> 00:13:57,800 customer identity. So you know, creating a, an 262 00:13:57,800 --> 00:14:01,920 experience that is fully integrated based on the identity 263 00:14:01,920 --> 00:14:06,800 and kind of just knows what the person needs to access and kind 264 00:14:06,800 --> 00:14:09,480 of pulls it all together on the back end. 265 00:14:09,920 --> 00:14:15,600 The company can kind of see like what is this identity's full 266 00:14:15,600 --> 00:14:18,440 relationship with our organization. 267 00:14:19,080 --> 00:14:20,160 I'd like to bounce it back to you. 268 00:14:20,160 --> 00:14:24,000 What are some of the other things that strategic identity 269 00:14:24,000 --> 00:14:26,560 stand for? That's a really good, that's a 270 00:14:26,560 --> 00:14:30,240 really good concept there because you absolutely spot on 271 00:14:30,240 --> 00:14:34,080 because in, in, in that customer world, we were all customers, 272 00:14:34,080 --> 00:14:35,520 you see, and that's the quite interesting things. 273 00:14:35,520 --> 00:14:40,080 We all have opinions around interacting in a shop, buying 274 00:14:40,080 --> 00:14:44,960 something, customer service. If you like a product or a, or a 275 00:14:44,960 --> 00:14:46,680 experience, you tell your friends. 276 00:14:47,320 --> 00:14:49,480 If you don't like it, you also tell your friends. 277 00:14:49,480 --> 00:14:52,600 So you're going to be doing the sort of the recommendation sort 278 00:14:52,600 --> 00:14:55,400 of thing there. So we're all familiar with, with 279 00:14:55,400 --> 00:14:58,880 customers and consumers and even government services really. 280 00:14:59,560 --> 00:15:04,560 And identity in that ecosystem is quite, it's quite transparent 281 00:15:04,680 --> 00:15:07,200 if it's working or not working. You know, if you're trying to 282 00:15:07,200 --> 00:15:10,320 buy something online and you have that shopping cart 283 00:15:10,760 --> 00:15:14,400 experience, but then you're just about to pay and it asks you all 284 00:15:14,400 --> 00:15:17,800 this stuff about who you are and your favorite colour and your 285 00:15:17,800 --> 00:15:19,920 dog and your cat and your dress. And it's like, whoa, whoa, I 286 00:15:19,920 --> 00:15:21,920 just want to buy a pair of shoes or something. 287 00:15:22,240 --> 00:15:26,800 So identity in that instance is, is really transparent and it's 288 00:15:26,840 --> 00:15:29,360 really obvious if it's working or not working, you know, to the 289 00:15:29,360 --> 00:15:32,560 end user at least. And I think some of those ideas 290 00:15:32,560 --> 00:15:36,360 of transparency, I think, have now been placed into other parts 291 00:15:36,680 --> 00:15:40,040 of the sort of tech ecosystem. So you then think it is an 292 00:15:40,040 --> 00:15:45,120 employee, OK, what's helping and hindering me from a technical 293 00:15:45,120 --> 00:15:48,800 perspective to log into my laptop, gain access to the 294 00:15:48,800 --> 00:15:52,720 systems I need, work with my colleagues, complete my job. 295 00:15:53,040 --> 00:15:55,560 And suddenly again, you sort of look for that, that 296 00:15:55,560 --> 00:15:59,040 transparency. Where's identity helping or 297 00:15:59,040 --> 00:16:01,320 hindering? Is it Oh God, you know, I've got 298 00:16:01,520 --> 00:16:04,520 10 different passwords because I don't have single sign on. 299 00:16:05,400 --> 00:16:07,720 Or maybe you are using passwords, which is terrible. 300 00:16:07,720 --> 00:16:09,880 You should be using pass keys or whatever MFA. 301 00:16:10,280 --> 00:16:14,080 So you suddenly you start to see that that transparency where 302 00:16:14,240 --> 00:16:17,400 identity is either frictionless and in the background or it's 303 00:16:17,400 --> 00:16:20,760 suddenly I've got to do a big access request form because I 304 00:16:20,920 --> 00:16:23,920 can't get access to this whatever SharePoint site. 305 00:16:23,920 --> 00:16:29,120 Chinese do my job and I think the customer world is it is it 306 00:16:29,280 --> 00:16:33,440 is allowing identity to sort of periphery to the top. 307 00:16:33,440 --> 00:16:37,360 And I think some of those ideas are now applicable in the sort 308 00:16:37,360 --> 00:16:39,960 of beta we and sort of supply chain area as well. 309 00:16:39,960 --> 00:16:44,280 And that I think again it amplifies and places greater 310 00:16:44,280 --> 00:16:47,600 attention on those identity journeys and what they are. 311 00:16:48,040 --> 00:16:49,440 Are they helping? Are they hindering? 312 00:16:49,680 --> 00:16:53,520 Yeah, just it puts more light on to what identity can achieve, I 313 00:16:53,520 --> 00:16:56,720 think. So we hear this term out thrown 314 00:16:56,720 --> 00:17:00,960 a lot identity security and I'm curious how you define it. 315 00:17:01,120 --> 00:17:04,200 Is it identities? Is it access, is it behaviour 316 00:17:04,200 --> 00:17:07,599 like what is it specifically that we are, you know, securing 317 00:17:07,720 --> 00:17:10,160 when you hear identity security? All, all of that, all of that, 318 00:17:10,160 --> 00:17:13,240 I'm more, I'm more, I think this it's a really good question. 319 00:17:13,240 --> 00:17:17,200 I think, I think we, we side who we talk about, I think it's 320 00:17:17,200 --> 00:17:23,079 about 80 plus vendors who we all talk about identity security in 321 00:17:23,079 --> 00:17:25,640 some in some part of their description or narrative or 322 00:17:25,640 --> 00:17:28,960 whatever. An interesting part being not 323 00:17:28,960 --> 00:17:30,640 all of those vendors are competitive. 324 00:17:31,040 --> 00:17:32,760 So that's, that's quite interesting. 325 00:17:32,760 --> 00:17:35,240 So it means that I mean, the definition is too broad or 326 00:17:35,240 --> 00:17:38,120 there's some pretty odd marketing stuff going on around 327 00:17:38,120 --> 00:17:41,520 what it is and what it's not. And I guess my, my position 328 00:17:41,520 --> 00:17:45,480 would be if you think about the sort of core pillars, A 329 00:17:45,680 --> 00:17:49,720 specifically B to E workforce identity, but so 5 or 6 big 330 00:17:49,720 --> 00:17:53,320 building blocks that we have is like identity verification, 331 00:17:54,720 --> 00:17:58,400 identity provider and sort of strong authentication, IGA 332 00:17:58,400 --> 00:18:01,960 governance and administration, Pam privileged access, probably 333 00:18:01,960 --> 00:18:05,680 some sort of storage directory saying probably some sort of 334 00:18:05,680 --> 00:18:08,440 access control authorization aspect in there as well. 335 00:18:08,440 --> 00:18:12,400 You have these sort of 5 or 6 core pillars and some of those 336 00:18:12,400 --> 00:18:16,080 are more mature than others, but they're often historically quite 337 00:18:16,080 --> 00:18:20,080 siloed, quite independent, quite isolated, different vendors, 338 00:18:20,120 --> 00:18:23,400 different standards, maybe a lack of standards in some. 339 00:18:23,680 --> 00:18:27,000 And organizations often invest in all of these technologies, 340 00:18:27,000 --> 00:18:30,280 yet they still get breached. And I think there's probably 341 00:18:30,280 --> 00:18:34,440 maybe 456 years ago there was this trend of, well, we've done 342 00:18:34,440 --> 00:18:37,480 MFA and we've we've got privileged access management 343 00:18:38,160 --> 00:18:41,120 pick on the vendors who deliver all this stuff isn't necessarily 344 00:18:41,120 --> 00:18:43,360 the vendors fault. And it's like, well, we still 345 00:18:43,360 --> 00:18:46,040 got breached and we've had a data breach, we've had insider 346 00:18:46,040 --> 00:18:49,720 threats or we've had some sort of automated cyber cry or a 347 00:18:49,720 --> 00:18:53,320 nation state attack. And when you unpick what those 348 00:18:53,600 --> 00:18:57,800 attacks look like, somewhere in there was identity a credential 349 00:18:57,800 --> 00:19:00,400 breach. Sessions had been tampered with, 350 00:19:01,160 --> 00:19:03,760 access control hadn't been enforced correctly, access 351 00:19:03,760 --> 00:19:06,480 permissions, ghost accounts, privileged abuse. 352 00:19:06,480 --> 00:19:10,080 So all of the, I guess attack methodology was centring on 353 00:19:10,080 --> 00:19:11,920 identity. And it became quite clear that 354 00:19:11,920 --> 00:19:16,920 even if you have these core pillars in place, you you need 355 00:19:16,920 --> 00:19:19,440 more, need extra. And I think the identity 356 00:19:19,440 --> 00:19:22,960 security thing is it's a bit like zero trust in the sense 357 00:19:23,040 --> 00:19:25,720 it's not a product. It's again, it's a concept in a 358 00:19:25,720 --> 00:19:29,000 process. And looking at that end to end 359 00:19:29,000 --> 00:19:33,480 view of all of your identity flaws, your journeys, customers, 360 00:19:33,680 --> 00:19:37,440 employees, NHI Agentic, all of the different identity types we 361 00:19:37,440 --> 00:19:42,240 have are looking at the identity data side, the runtime and 362 00:19:42,240 --> 00:19:44,120 behaviour side. And just looking at that 363 00:19:44,120 --> 00:19:48,520 holistically across your IGA cross authorization, across Pam. 364 00:19:48,520 --> 00:19:52,400 Because all of these sort of pillars like you have and just 365 00:19:52,400 --> 00:19:55,280 essentially making sure there are no cracks in between them, 366 00:19:55,280 --> 00:19:58,080 which I think is ultimately often the problem. 367 00:19:58,080 --> 00:20:02,880 And I think identity security is going to say it's a bit of a 368 00:20:02,880 --> 00:20:06,560 change in thinking, definitely changing in investment in extra 369 00:20:06,560 --> 00:20:09,600 products, different products, but joining together I think 370 00:20:09,600 --> 00:20:12,760 some of those what have historically been quite isolated 371 00:20:13,400 --> 00:20:16,040 product stocks. So I think it brings up an 372 00:20:16,040 --> 00:20:19,520 interesting point here around products and but having the the 373 00:20:19,520 --> 00:20:23,480 mere presence of a product for identity security does not 374 00:20:23,480 --> 00:20:28,400 provide you a divine shield that absolves you from the risk 375 00:20:28,400 --> 00:20:31,920 that's out there. It's things will get through and 376 00:20:31,920 --> 00:20:34,600 just having a product isn't the solution, right? 377 00:20:34,600 --> 00:20:37,920 You have to have people, process and technology and you have to 378 00:20:37,920 --> 00:20:40,960 have layers. And even if you have everything 379 00:20:40,960 --> 00:20:44,280 in place, there is still a chance, maybe reduced, but there 380 00:20:44,280 --> 00:20:46,760 is still a chance that someone will get through. 381 00:20:46,920 --> 00:20:49,200 Is that fair? 100% fair. 382 00:20:49,240 --> 00:20:53,640 It's a process, it's a concept. I think absolute products help 383 00:20:53,680 --> 00:20:57,360 and you will need to invest in in products that can look at 384 00:20:57,360 --> 00:21:00,480 runtime behaviour monitoring or can look at improving 385 00:21:01,000 --> 00:21:03,880 verification services. Account takeover absolutely will 386 00:21:03,880 --> 00:21:06,800 need software, no question. But I think as well it's 387 00:21:06,800 --> 00:21:10,960 understanding the importance of identity and thinking about 388 00:21:10,960 --> 00:21:14,080 identity more of an end to end information flow. 389 00:21:14,360 --> 00:21:16,680 And again they do. The way to think about this is 390 00:21:17,240 --> 00:21:19,120 how how would an attacker think about this? 391 00:21:19,120 --> 00:21:22,960 You know, they don't care that you've invested in a really top 392 00:21:22,960 --> 00:21:26,600 notch privileged access management system or a nice 393 00:21:26,680 --> 00:21:28,600 governance system. You highly compliant. 394 00:21:28,600 --> 00:21:30,560 They just care. Well, I want to go from here to 395 00:21:30,560 --> 00:21:32,480 there. I don't really care which 396 00:21:32,520 --> 00:21:35,680 identities and accounts I use. I don't care whether there are, 397 00:21:36,040 --> 00:21:38,800 you know, whether it belongs to Simon, Jim, Jeff, the admin. 398 00:21:38,880 --> 00:21:41,800 I just need to get that data and I'm going to get to that data 399 00:21:41,800 --> 00:21:45,360 irregardless. And I think that those sort of a 400 00:21:45,360 --> 00:21:49,960 more flexible information flow ways of thinking like an 401 00:21:49,960 --> 00:21:53,800 attacker is not something identity has been familiar with. 402 00:21:53,800 --> 00:21:56,080 You know, the join and move a legal process. 403 00:21:56,080 --> 00:21:59,400 It wasn't built for security, It was built for productivity. 404 00:21:59,400 --> 00:22:03,720 It was built for automation, built to improve staff, getting 405 00:22:03,720 --> 00:22:07,800 access to downstream systems. So it wasn't built with that 406 00:22:07,840 --> 00:22:10,800 security mindset in play. And I think now because identity 407 00:22:10,800 --> 00:22:16,360 has become more important, more of this enabling tech, it's just 408 00:22:16,360 --> 00:22:19,920 absolutely natural evolution that the bad guys are just going 409 00:22:19,920 --> 00:22:23,400 to target identity because it's the effort reward ratio is 410 00:22:23,400 --> 00:22:24,320 massive. You know why? 411 00:22:24,720 --> 00:22:28,280 Why target a single database when I can target the directory 412 00:22:28,280 --> 00:22:31,800 in the directory contains whatever 50,000 identities and 413 00:22:31,800 --> 00:22:34,840 stuff like this. So I think as identity has 414 00:22:34,840 --> 00:22:37,800 become more important by design, it's going to attract 415 00:22:38,200 --> 00:22:41,520 adversarial activity, both insider and external adversarial 416 00:22:41,520 --> 00:22:42,640 activity. And I think that's where you 417 00:22:42,640 --> 00:22:44,960 suddenly start to need those different approaches. 418 00:22:44,960 --> 00:22:49,000 And one final thing allowed is, you know, it's we do have to 419 00:22:49,000 --> 00:22:50,960 explain what it is and how it works. 420 00:22:50,960 --> 00:22:55,440 But I think if you look back in time, but things like networks, 421 00:22:55,520 --> 00:22:58,280 you then have network security. If you look at endpoint 422 00:22:58,440 --> 00:23:01,040 management, you then have endpoint security. 423 00:23:01,040 --> 00:23:03,320 You look at data and data storage. 424 00:23:03,320 --> 00:23:07,120 You then had a huge multi $1,000,000 industry for securing 425 00:23:07,120 --> 00:23:09,640 Oracle databases and other. So it was all that tiered 426 00:23:09,640 --> 00:23:13,360 database security on top. I think it's this evolution now 427 00:23:13,360 --> 00:23:16,840 that we have this identity stuff which was infrastructure 428 00:23:16,840 --> 00:23:18,760 originally. So you need to protect it and 429 00:23:18,760 --> 00:23:21,600 now you have an identity security problem we need to need 430 00:23:21,600 --> 00:23:24,880 to deal with. So a lot of people, well, people 431 00:23:24,880 --> 00:23:27,360 may or may not know, Jim, that you and I actually do consulting 432 00:23:27,360 --> 00:23:29,440 during the day. And a lot of stuff that we focus 433 00:23:29,440 --> 00:23:32,520 on has been like strategy and sort of assessment. 434 00:23:32,560 --> 00:23:36,640 And I'm curious, Simon, what you know, what is a clear signal 435 00:23:36,640 --> 00:23:41,120 that you see that makes you question an organization's 436 00:23:41,120 --> 00:23:42,560 identity posture? Because I certainly have 437 00:23:42,560 --> 00:23:44,000 thoughts on this. And Jim, I'm sure you do too as 438 00:23:44,000 --> 00:23:45,320 well. But it's like, OK, what's 439 00:23:45,320 --> 00:23:48,480 something that like jumps out like, oh, OK, we definitely have 440 00:23:48,480 --> 00:23:52,000 concerns here. Is there a few, I think there's 441 00:23:52,000 --> 00:23:54,880 a few, a few sort of meta ones if you zoom out a little bit and 442 00:23:54,880 --> 00:23:57,680 one's just back to that reactionary angle around 443 00:23:58,640 --> 00:24:02,480 identity management. Not not necessarily IEM, but the 444 00:24:02,480 --> 00:24:04,640 management of the identity infrastructure if it ends up 445 00:24:04,640 --> 00:24:08,920 being quite, quite short term tactical, it's not necessarily 446 00:24:09,360 --> 00:24:12,280 in line with an In Sync with what the business is trying to 447 00:24:12,280 --> 00:24:15,560 achieve. I think is 1 quite big red flag 448 00:24:15,560 --> 00:24:19,040 because it shows that identity isn't seen either as being 449 00:24:19,040 --> 00:24:22,760 valuable or important or it's not being measured effectively. 450 00:24:22,760 --> 00:24:25,080 So people don't really know what identity is doing. 451 00:24:25,480 --> 00:24:28,160 And I think that those two are quite, sort of metal, quite 452 00:24:28,240 --> 00:24:31,640 quite high level and not necessarily security centric. 453 00:24:31,640 --> 00:24:34,960 But if, if the business doesn't know what identity does, it's 454 00:24:34,960 --> 00:24:37,640 probably quite unlikely it's going to have the correct levels 455 00:24:38,040 --> 00:24:41,280 of protection against it. And then if you then sort of 456 00:24:41,280 --> 00:24:43,720 look at the day-to-day management of the identity 457 00:24:43,720 --> 00:24:47,880 world, if it is being quite reactionary and quite, you know, 458 00:24:47,960 --> 00:24:51,560 it is responding to to things in that short term basis, I think 459 00:24:51,560 --> 00:24:55,360 that that is equally quite a, quite a big, a big giveaway. 460 00:24:55,360 --> 00:24:58,760 But you know, you want to be looking really at the end to end 461 00:24:58,760 --> 00:25:02,560 flow of identity where, where do identities start, where they've 462 00:25:02,560 --> 00:25:04,440 been stored? How are they being used? 463 00:25:05,360 --> 00:25:08,240 What systems do they access? What systems have been 464 00:25:08,240 --> 00:25:10,040 integrated to the identity world? 465 00:25:10,040 --> 00:25:12,960 So it's a lot of a lot of sort of mind mapping. 466 00:25:12,960 --> 00:25:16,160 You feel like I'm planning out what the identity landscape 467 00:25:16,400 --> 00:25:18,600 looks like, which is it is going to be infrastructural 468 00:25:18,600 --> 00:25:23,480 components, but also the systems involved on where identity is is 469 00:25:23,480 --> 00:25:26,240 working and not working. I think being able to just have 470 00:25:26,240 --> 00:25:29,400 those types of discussions, they're really good indicators 471 00:25:29,400 --> 00:25:33,880 around how identity is seen within the organization and how 472 00:25:34,080 --> 00:25:37,320 how it's working effectively. And is there a sort of strategic 473 00:25:37,320 --> 00:25:41,280 view around protecting it and making it, making it have a 474 00:25:41,280 --> 00:25:46,200 level of security it needs? You know, you brought up attack 475 00:25:46,200 --> 00:25:50,720 paths and the attack life cycle, but you're not going to pull me 476 00:25:50,720 --> 00:25:53,200 away because I do want to ask a question about identity 477 00:25:53,200 --> 00:25:59,560 security, which is I think we're starting to design as 478 00:25:59,560 --> 00:26:05,080 practitioners our strategic plan, our investments around 479 00:26:05,080 --> 00:26:10,120 identity security tools, and we need a way to show the metrics 480 00:26:10,120 --> 00:26:12,120 that is actually making things better. 481 00:26:12,560 --> 00:26:16,800 So my question to you is, you know, what should that be and 482 00:26:17,280 --> 00:26:21,720 are there often overlooked areas where we're not showing that 483 00:26:21,720 --> 00:26:26,560 ROI? Yes, unfortunately I think so. 484 00:26:26,560 --> 00:26:30,200 We built something at the side about two years ago I guess 485 00:26:30,200 --> 00:26:32,360 called the identity security scorecard. 486 00:26:33,120 --> 00:26:36,280 And it's, it's about 50-60 different sort of data points 487 00:26:36,280 --> 00:26:38,920 where we sort of go through and it's part of its 488 00:26:38,920 --> 00:26:41,160 self-assessment. So the organization or whoever 489 00:26:41,160 --> 00:26:43,640 the admin can go through and they can fill in some some 490 00:26:43,640 --> 00:26:46,200 responses that are around basically how well do they 491 00:26:46,200 --> 00:26:48,680 understand their identity security posture. 492 00:26:49,000 --> 00:26:52,160 And this is looking at things around visibility, you know, do 493 00:26:52,160 --> 00:26:54,720 you understand where your identities are located? 494 00:26:55,400 --> 00:26:59,280 Can you tell me your high risk identities as well? 495 00:26:59,600 --> 00:27:01,080 First of all, what's a high risk identity? 496 00:27:01,080 --> 00:27:03,560 And so there's lots of little nuance in there around 497 00:27:03,560 --> 00:27:07,240 visibility, understanding the where identities located, how 498 00:27:07,240 --> 00:27:10,160 they've been used, what systems are being interacted with. 499 00:27:10,880 --> 00:27:13,440 Then there's areas around protection, you know, how do you 500 00:27:13,440 --> 00:27:17,120 protect your core identity world and that's looking at all the 501 00:27:17,120 --> 00:27:20,160 standard sort of best practices that so we guys know around 502 00:27:20,400 --> 00:27:24,120 strong MFA, these privilege, removal of ghost accounts, all 503 00:27:24,120 --> 00:27:26,720 the stuff which is sort of good, good practice there. 504 00:27:26,960 --> 00:27:28,800 But then you start looking at detection. 505 00:27:28,800 --> 00:27:32,720 You can, you detect malicious behaviour, whether it's end 506 00:27:32,720 --> 00:27:35,280 users doing bad stuff, whether it's administration 507 00:27:35,280 --> 00:27:37,400 misconfiguration. So you don't want to try and 508 00:27:37,400 --> 00:27:39,800 detect things. Then there's a whole set of 509 00:27:39,800 --> 00:27:43,200 areas looking at response. If you do find something which 510 00:27:43,200 --> 00:27:46,440 looks unusual. Maybe it's a misaligned policy, 511 00:27:46,440 --> 00:27:50,000 maybe it's Simon who's authenticated correctly, but I'm 512 00:27:50,000 --> 00:27:53,040 certainly doing something strange at 10:00 at night on 513 00:27:53,200 --> 00:27:55,440 Salesforce or whatever. Can you, if can you detect it? 514 00:27:55,440 --> 00:27:57,720 And if you can, what can you do about it? 515 00:27:57,720 --> 00:28:01,800 Can you change my access? Can you flag and raise a ticket? 516 00:28:01,800 --> 00:28:05,360 Can you flag my account? Can you direct me to a honeypot 517 00:28:05,360 --> 00:28:07,680 and, you know, feed me fake information? 518 00:28:07,680 --> 00:28:10,720 So there's all of that nuance around being able to protect 519 00:28:10,720 --> 00:28:13,120 stuff. Can you detect anomalies? 520 00:28:13,240 --> 00:28:17,720 If you can, can you respond? And then you have this, then the 521 00:28:17,720 --> 00:28:21,120 feedback loop around, OK, you found some bad stuff. 522 00:28:21,120 --> 00:28:24,840 Can you change policy? Can you update your security 523 00:28:24,840 --> 00:28:27,880 policies and procedures and controls to make sure that those 524 00:28:28,200 --> 00:28:31,280 and identity vulnerabilities are not going to get exposed again 525 00:28:31,320 --> 00:28:33,680 in the future? So I think to answer your 526 00:28:33,680 --> 00:28:38,200 question is, again, it's that broad sort of set of areas to 527 00:28:38,200 --> 00:28:40,840 look at. You're looking at that level of 528 00:28:41,200 --> 00:28:44,200 both technical and process understanding. 529 00:28:44,200 --> 00:28:49,600 And I think with metrics, it is always good to not use them in a 530 00:28:49,600 --> 00:28:52,440 scary way, but use them to identify where risk is in the 531 00:28:52,440 --> 00:28:54,800 business. Is it risk in technology? 532 00:28:54,800 --> 00:28:58,800 Is it risk around a lack of coverage in visibility? 533 00:28:58,800 --> 00:29:02,200 Is it lack of coverage with multi factor authentication? 534 00:29:02,200 --> 00:29:06,000 Is it you have a poor understanding of your non human 535 00:29:06,000 --> 00:29:07,840 identities? So it's it's not trying to 536 00:29:07,840 --> 00:29:11,840 understand what you don't know. I think is is is actually quite 537 00:29:11,840 --> 00:29:15,000 an important part of that and that there's no shame in that. 538 00:29:15,000 --> 00:29:17,840 I think that's part of that risk risk analysis process and it's 539 00:29:17,840 --> 00:29:20,560 it's part of that. OK, this is what we know. 540 00:29:21,160 --> 00:29:23,800 This is stuff we don't know. That to me is a risk. 541 00:29:23,840 --> 00:29:26,600 And then you can obviously go and sort of manage that and do 542 00:29:26,600 --> 00:29:29,680 something I. Feel like it's important that we 543 00:29:29,680 --> 00:29:33,160 don't end up with this FUD factor right there. 544 00:29:33,480 --> 00:29:37,400 I've heard this in the boardroom where it's like other they're 545 00:29:37,400 --> 00:29:40,440 afraid of that you're just throwing FUD at them. 546 00:29:40,440 --> 00:29:43,240 Like you talk about things like we're going to talk about in a 547 00:29:43,240 --> 00:29:48,280 minute the attack life cycle and potential negative outputs that 548 00:29:48,560 --> 00:29:53,680 come along with that. How do you avoid it being looked 549 00:29:53,680 --> 00:29:58,640 at as just fun? As far look, you have to realize 550 00:29:58,640 --> 00:30:03,360 that that any, any technology is going to be competing with other 551 00:30:03,360 --> 00:30:07,640 technologies around spend and budget And and you know, the 552 00:30:07,640 --> 00:30:11,080 data security world and the Network World and the identity 553 00:30:11,080 --> 00:30:12,680 world. They're all trying to, I guess, 554 00:30:13,080 --> 00:30:16,160 take a take a slice of the AI world, which is now emerging 555 00:30:16,160 --> 00:30:19,440 around how we can protect that and the data team to say, oh, we 556 00:30:19,440 --> 00:30:21,600 can protect that. So there's always that 557 00:30:21,600 --> 00:30:25,640 competition for budget and attention in the strategic 558 00:30:26,000 --> 00:30:27,640 technological narrative in there. 559 00:30:27,640 --> 00:30:31,640 So you actually spawn about foot around the fear factor around, 560 00:30:31,640 --> 00:30:35,040 you know, authentication is the biggest problem, or maybe it's 561 00:30:35,040 --> 00:30:37,920 post quantum cryptos, the biggest problem or not clouds 562 00:30:37,920 --> 00:30:39,640 the problem. So there's always going to be 563 00:30:39,640 --> 00:30:42,280 that that competition. But I think when it comes to 564 00:30:42,280 --> 00:30:45,880 identity, I always sort of bring it back into a couple of things 565 00:30:45,880 --> 00:30:49,760 is, you know what, what, what can identity not allow the 566 00:30:49,760 --> 00:30:51,120 business to do today? No. 567 00:30:51,200 --> 00:30:53,600 Where's it stopping the business from doing stuff? 568 00:30:53,600 --> 00:30:57,760 And it could be supply chain, it could be staff gaining access to 569 00:30:57,760 --> 00:31:00,760 the right systems, being able to share data with the correct 570 00:31:00,840 --> 00:31:03,840 people. It could be digital teams being 571 00:31:03,840 --> 00:31:06,960 unable to launch mobile applications fast enough, so 572 00:31:06,960 --> 00:31:10,000 they're losing competitive positioning in the market. 573 00:31:10,000 --> 00:31:12,600 So where's identity not doing the right stuff? 574 00:31:12,960 --> 00:31:16,160 And then if you have a strategic change and say, well, if we do 575 00:31:16,160 --> 00:31:19,920 zero trust and we do this identity security stuff and we 576 00:31:19,920 --> 00:31:24,120 do a bit of B to C external identity, what will that allow 577 00:31:24,120 --> 00:31:27,200 the business to achieve? And that's back to that enabling 578 00:31:27,200 --> 00:31:30,040 technology. So you start to have like this 579 00:31:30,040 --> 00:31:32,360 is what we're stuck with here. This is what we're limited. 580 00:31:32,720 --> 00:31:35,960 But actually, if we do this cool stuff that allows the business 581 00:31:35,960 --> 00:31:41,080 to go on this sort of time progress adoption curve and do 582 00:31:41,080 --> 00:31:44,920 different things, maybe we can sell more, maybe we can keep our 583 00:31:44,920 --> 00:31:47,880 staff happier, maybe we can make our staff more productive, maybe 584 00:31:47,880 --> 00:31:51,560 we can make our supply chain more efficient. 585 00:31:51,560 --> 00:31:55,520 So I think it's really important to try and again, always get it 586 00:31:55,520 --> 00:31:58,280 back to where's identity working, where's it a 587 00:31:58,280 --> 00:32:01,000 bottleneck? What can we do in the future if 588 00:32:01,080 --> 00:32:03,960 if it's working effectively. And I think if you get on to 589 00:32:03,960 --> 00:32:07,720 that sort of vision, you can then you sort of become self 590 00:32:08,120 --> 00:32:10,600 sort of self fulfilling because you can then enable and tell the 591 00:32:10,600 --> 00:32:12,520 business and they go, wow, we can do that. 592 00:32:12,520 --> 00:32:15,640 You know, we can, we can sell more, do more, We can remove all 593 00:32:15,640 --> 00:32:19,600 of these inefficiencies and then suddenly that opens a lot of 594 00:32:19,600 --> 00:32:22,880 doors, I think. I started out talking about 595 00:32:23,400 --> 00:32:29,000 identity attack path. You call it identity attack life 596 00:32:29,000 --> 00:32:30,920 cycle. I think they're one of the same. 597 00:32:31,880 --> 00:32:34,920 Tell me if they're different or tell me you know what they are. 598 00:32:34,920 --> 00:32:39,240 And then also you talk about the importance of stopping an attack 599 00:32:39,640 --> 00:32:43,320 in his tracks, right? So maybe just continue on a 600 00:32:43,320 --> 00:32:45,520 little bit with that. Yeah, yeah, for sure. 601 00:32:45,560 --> 00:32:47,840 So yeah, I don't need to attack life cycles. 602 00:32:47,840 --> 00:32:50,080 It's interesting stuff. So I think you're back to what 603 00:32:50,080 --> 00:32:53,160 was saying earlier around as the importance of identity is 604 00:32:53,160 --> 00:32:56,240 increased, the bad guys know that so that they they home in 605 00:32:56,240 --> 00:32:59,440 on that by the effort versus award ratio is the highest. 606 00:32:59,440 --> 00:33:03,480 And the the attack you've got to think of the attack coming from 607 00:33:03,480 --> 00:33:06,400 both internal staff. Unfortunately that does happen 608 00:33:06,440 --> 00:33:11,440 inside a threat fraud so on as also the external adversary. 609 00:33:11,440 --> 00:33:14,840 And that could be anything from the automated sort of script 610 00:33:14,840 --> 00:33:17,640 kiddy stuff, right the way through to nation state 0, to 611 00:33:17,640 --> 00:33:20,320 exploits and advanced persistent threats and the like. 612 00:33:20,320 --> 00:33:24,760 So soon as identity becomes this target, you need to think about 613 00:33:24,800 --> 00:33:27,320 what does that really mean? And if you look at things like 614 00:33:27,320 --> 00:33:30,840 MITRE attack, which is the sort of general cyber way of thinking 615 00:33:30,840 --> 00:33:33,880 about that cyber attack life circle, you apply that to the 616 00:33:33,880 --> 00:33:37,400 identity world. It's exactly very similar sort 617 00:33:37,400 --> 00:33:39,280 of concept. It's going to have a start. 618 00:33:39,280 --> 00:33:40,520 There's going to be a dwell time. 619 00:33:40,520 --> 00:33:43,680 There's going to be some sort of privilege abuse or privilege 620 00:33:43,680 --> 00:33:48,760 escalation, multiple different credential thefts or stealings 621 00:33:48,760 --> 00:33:51,640 within that particular flow. Then there's going to be some 622 00:33:51,760 --> 00:33:55,040 sort of data exfiltration or some sort of execution of 623 00:33:55,040 --> 00:33:57,840 something would be a ransomware or the stealing of data. 624 00:33:58,480 --> 00:34:01,120 And obviously, hopefully the bad guys are caught and found and 625 00:34:01,120 --> 00:34:03,840 they disappear. Now, historically that life 626 00:34:03,840 --> 00:34:07,320 cycle has often been focused upon logs. 627 00:34:07,880 --> 00:34:10,400 Now, the reason I say that is that people, you know, but once 628 00:34:10,400 --> 00:34:13,960 it's in the logs, ultimately the stuff has already happened. 629 00:34:14,040 --> 00:34:15,560 The bad guys have done that bad stuff. 630 00:34:15,560 --> 00:34:18,280 It's in, it's in Splunk or whatever your logging system, 631 00:34:18,280 --> 00:34:21,040 syslog, all this carry on. If it's in the logs, stuff 632 00:34:21,440 --> 00:34:23,679 already happened. And I think we're sort of 633 00:34:23,679 --> 00:34:27,239 conditioned to think about stuff post event. 634 00:34:27,520 --> 00:34:30,679 Retrospective attacks happened, ransomware has happened, we've 635 00:34:30,679 --> 00:34:33,360 had a daily breach, customer records have been stolen. 636 00:34:33,840 --> 00:34:36,679 You're looking at forensics, you're looking at retrospective 637 00:34:36,679 --> 00:34:38,560 analysis. So stuff's happened. 638 00:34:38,639 --> 00:34:42,080 How can we find out what happened and maybe change it for 639 00:34:42,080 --> 00:34:44,520 next time? Well, we can't. 640 00:34:44,520 --> 00:34:46,280 We can't live like that all the time. 641 00:34:46,280 --> 00:34:48,520 We can't, we can't wait till this stuff's happened and then, 642 00:34:48,840 --> 00:34:50,679 you know, try and fix it for next time. 643 00:34:51,080 --> 00:34:53,400 Attacks are happening all the time continually. 644 00:34:53,400 --> 00:34:57,480 And I think the idea of the as a life cycle is in OK, but where 645 00:34:57,480 --> 00:35:01,920 can identity help here? Maybe it's through identity 646 00:35:01,920 --> 00:35:05,960 hygiene, best practice of, of cleaning up permissions 647 00:35:05,960 --> 00:35:08,840 policies, ghost accounts, orphaned accounts, all of this 648 00:35:08,840 --> 00:35:11,160 sort of carry on, which is quite preventative is trying to 649 00:35:11,160 --> 00:35:13,560 prevent something from happening. 650 00:35:13,960 --> 00:35:17,480 But obviously that isn't enough. Something's going to get through 651 00:35:17,480 --> 00:35:19,800 the through the net there. So then we start needs looking 652 00:35:19,800 --> 00:35:24,360 at runtime and behaviours and the intent of identity or the 653 00:35:24,360 --> 00:35:26,560 account itself. And I guess the idea with the 654 00:35:26,560 --> 00:35:28,880 attack life cycle is trying to say, look, let's try and 655 00:35:29,640 --> 00:35:32,840 identify the bad stuff before it gets to the end, before it gets 656 00:35:32,840 --> 00:35:35,280 into the logs. And can we do something just 657 00:35:35,280 --> 00:35:38,560 before it completes really, and trying to say look with our 658 00:35:38,560 --> 00:35:42,680 detection engineering, with our ability to look at runtime, can 659 00:35:42,680 --> 00:35:46,720 we find suspicious activity, malicious things, use composite 660 00:35:46,720 --> 00:35:50,120 risk scoring and try and find that actually that looks dodgy. 661 00:35:50,280 --> 00:35:53,800 So let's do something about it. Let's remove the session 662 00:35:54,320 --> 00:35:55,640 entirely. I'll reduce the session 663 00:35:55,640 --> 00:35:58,160 lifetime. Maybe if I had read and write 664 00:35:58,160 --> 00:36:01,600 access would just give me read access because whatever may be 665 00:36:01,600 --> 00:36:04,200 on a strange network or a strange device or something. 666 00:36:04,200 --> 00:36:08,520 So it is just trying to find those little small that triggers 667 00:36:08,520 --> 00:36:11,720 it of information and then being able to do something about just 668 00:36:11,720 --> 00:36:15,280 before I've sort of run off with the bag of digital swag and 669 00:36:15,600 --> 00:36:18,840 disappeared into the sunset. So I think we're getting there. 670 00:36:18,920 --> 00:36:22,080 And by this I mean we have we have so much information now 671 00:36:22,080 --> 00:36:25,280 from a digital perspective around networks, devices, 672 00:36:25,280 --> 00:36:29,320 behaviours, identities, what I'm trying to access, what I've done 673 00:36:29,320 --> 00:36:33,800 in the past, comparing myself to to other colleagues and peers 674 00:36:33,800 --> 00:36:37,480 and all this sort of stuff. So I think we're we are building 675 00:36:37,480 --> 00:36:40,920 this mindset of, of being able to try and prevent stuff. 676 00:36:41,120 --> 00:36:43,760 That's brilliant. But if we do need to look at the 677 00:36:43,760 --> 00:36:47,000 runtime, having the weaponry to say actually there's something 678 00:36:47,000 --> 00:36:50,920 strange happening, let's respond and hopefully respond before the 679 00:36:50,920 --> 00:36:52,840 attack happens. So I think that's, I think 680 00:36:52,840 --> 00:36:54,600 that's maturing I think for sure. 681 00:36:56,280 --> 00:36:58,680 What I'm hearing like we are building the mindset. 682 00:36:58,680 --> 00:37:04,680 Totally agree with that. It feels like it there are some, 683 00:37:05,080 --> 00:37:07,920 like we probably have the data questions. 684 00:37:07,920 --> 00:37:11,200 Do we have the tools that can interpret the data to take 685 00:37:11,200 --> 00:37:17,960 action to prevent an attack in his tracks or stop an attack in 686 00:37:17,960 --> 00:37:21,320 his tracks? In your view, what are some of 687 00:37:21,320 --> 00:37:24,320 the promising tools? I mean, we've talked a lot about 688 00:37:24,680 --> 00:37:28,600 like continuous identity, shared signals, framework, things like 689 00:37:28,600 --> 00:37:31,840 that on the show. I think there's a lot of promise 690 00:37:31,840 --> 00:37:33,520 there. It seems like it's more than 691 00:37:33,520 --> 00:37:38,000 just one tool to kind of solve this problem holistically when 692 00:37:38,000 --> 00:37:41,200 the approach has got to be that it's multi pronged. 693 00:37:41,200 --> 00:37:43,840 You're looking not only at authentication logs, but you're 694 00:37:43,840 --> 00:37:46,960 looking at other things as well for your thoughts. 695 00:37:47,600 --> 00:37:49,960 Yes, but on yeah, no, I couldn't agree more that I think the cap 696 00:37:49,960 --> 00:37:53,200 and this signaling is a really, really important part of this. 697 00:37:53,200 --> 00:37:56,720 I think that's a really good example of saying first of all 698 00:37:56,720 --> 00:37:59,200 we need non identity data signals here. 699 00:37:59,200 --> 00:38:03,120 It isn't just about the identity world as important as it is 700 00:38:03,640 --> 00:38:07,560 obviously, but we we need to introduce other factors or the 701 00:38:07,600 --> 00:38:10,760 other data points to this. It could be configuration 702 00:38:10,760 --> 00:38:14,440 management systems to give you visibility of your application 703 00:38:14,440 --> 00:38:17,560 world. It could be ServiceNow or Jira 704 00:38:17,560 --> 00:38:20,440 or ticketing systems to give you information about what what are 705 00:38:20,440 --> 00:38:23,800 people requesting and why and how and what context does that 706 00:38:23,800 --> 00:38:27,960 have, Endpoint management systems, threat intelligence 707 00:38:27,960 --> 00:38:29,400 systems. And there's lots of different 708 00:38:29,400 --> 00:38:33,000 non identity parts. And I think to me it's a little 709 00:38:33,000 --> 00:38:36,400 bit like this sort of asymmetric information problem around 710 00:38:36,720 --> 00:38:40,080 trying to navigate through a maze in the dark and you're not 711 00:38:40,200 --> 00:38:43,720 quite sure which, which of those rooms are good rooms, bad rooms. 712 00:38:43,720 --> 00:38:46,200 You've got a small torch and you're sort of just trying to 713 00:38:46,200 --> 00:38:48,360 build a picture of what's happening. 714 00:38:48,360 --> 00:38:51,960 And the more information you have, the more Intel you have, 715 00:38:52,560 --> 00:38:54,160 just the more informed you become. 716 00:38:54,160 --> 00:38:56,600 So I think, I think that the cap thing is a good example, but 717 00:38:56,600 --> 00:38:59,520 you're absolutely right in the sense that's just one aspect to 718 00:38:59,520 --> 00:39:02,240 it. So apply that concept to your 719 00:39:02,240 --> 00:39:06,680 identity data world and start saying, well, OK, I understand 720 00:39:06,680 --> 00:39:10,040 about ghost accounts and access permissions, but, and honestly, 721 00:39:10,040 --> 00:39:12,600 those aren't new concepts. That's stuff that's been around 722 00:39:12,600 --> 00:39:16,440 25 years yet organizations still haven't fixed the problem. 723 00:39:16,440 --> 00:39:19,680 So how can you help fixing the problem? 724 00:39:19,680 --> 00:39:23,360 How can how can you identify excessive permissions or 725 00:39:23,360 --> 00:39:26,440 accounts that aren't being used or mis correlated accounts? 726 00:39:26,440 --> 00:39:29,680 What other data might you need? So again, thinking, OK, how can 727 00:39:29,680 --> 00:39:33,680 I expand my sort of data net and look at instead of looking at 728 00:39:33,680 --> 00:39:36,400 permissions that's been assigned, look at maybe the 729 00:39:36,400 --> 00:39:40,400 permissions that have been used or look at HR information 730 00:39:40,400 --> 00:39:43,720 coupled with ticketing information coupled with laptop 731 00:39:44,080 --> 00:39:46,080 usage information. So you just start to cover it 732 00:39:46,080 --> 00:39:47,560 and pull in different information points. 733 00:39:47,560 --> 00:39:53,040 So I think it's just important to broaden those data signals at 734 00:39:53,120 --> 00:39:56,720 all parts of that identity life cycle from identity 735 00:39:56,720 --> 00:40:00,400 verification, authentication, authorization, governance, and 736 00:40:00,400 --> 00:40:02,440 obviously that runtime sort of stuff as well. 737 00:40:02,440 --> 00:40:06,280 And it's just spreading that that concept of saying we need 738 00:40:06,280 --> 00:40:09,560 more information to help us become better informed. 739 00:40:10,480 --> 00:40:12,280 Yeah. And it also feels like 740 00:40:12,280 --> 00:40:16,200 organizationally speaking, I am in the past have been treated 741 00:40:16,200 --> 00:40:20,880 more like, you know, an efficiency driver. 742 00:40:20,880 --> 00:40:24,720 I mean, yes, there was a security angle to it all along, 743 00:40:24,720 --> 00:40:27,640 but it was kind of an administrative feature on, you 744 00:40:27,640 --> 00:40:31,560 know, back end administration who gets access to what single 745 00:40:31,560 --> 00:40:34,960 sign on more or less was treated as like just that single sign 746 00:40:34,960 --> 00:40:38,200 on, not defense against being attacked. 747 00:40:38,920 --> 00:40:41,840 And that's what identity security is all about is you're 748 00:40:41,840 --> 00:40:45,520 being attacked and how do you use identity? 749 00:40:45,880 --> 00:40:50,640 So now it becomes a 24 by 7 operations activity. 750 00:40:51,040 --> 00:40:54,640 Can you talk a little bit about how you see that manifesting and 751 00:40:54,840 --> 00:40:58,760 does that mean there are additional stakeholders in the 752 00:40:58,760 --> 00:41:03,200 identity world? Yeah, yes, in short, absolutely 753 00:41:03,200 --> 00:41:05,200 spot on. It does become, it does become 754 00:41:05,200 --> 00:41:09,160 more omnipresent constantly on and and not just from the 755 00:41:09,160 --> 00:41:12,640 security side as well, constantly on because it's going 756 00:41:12,640 --> 00:41:15,640 to be constantly changing. So administrative functions need 757 00:41:15,640 --> 00:41:18,920 to be constantly on. And by this I mean not just 758 00:41:19,120 --> 00:41:23,400 24/7, but being able to make changes from a, a whole host of 759 00:41:23,400 --> 00:41:27,320 different sources, you know, API command line, you know, 760 00:41:27,560 --> 00:41:30,840 policies, code, infrastructures, code, all of that sort of 761 00:41:30,840 --> 00:41:33,800 automation needs to be always on as well. 762 00:41:33,800 --> 00:41:36,000 I think the security blanket absolutely. 763 00:41:36,000 --> 00:41:39,400 And and this brings some interesting challenges, I think 764 00:41:39,400 --> 00:41:43,400 because, you know, spot on, the identity wasn't seen as as 765 00:41:43,400 --> 00:41:47,680 security enabling. It was it was 9 till 5 join, 766 00:41:47,680 --> 00:41:51,440 move a lever productivity. But now it has to take on the 767 00:41:51,680 --> 00:41:54,840 some of the constructs of the security world, namely, you 768 00:41:55,200 --> 00:41:57,920 know, can you discover and have visibility of all of your 769 00:41:57,920 --> 00:42:00,600 identity stuff. And you sort of, it's quite 770 00:42:00,600 --> 00:42:02,480 interesting when you sort of often speak to see. 771 00:42:02,480 --> 00:42:05,200 So as they go working, I just press the discovery button on 772 00:42:05,200 --> 00:42:06,960 the identity thing. You just tell me where all your 773 00:42:06,960 --> 00:42:10,040 identities are and it will. Yeah, not really because we've 774 00:42:10,040 --> 00:42:12,800 got directories everywhere. They're not connected. 775 00:42:12,800 --> 00:42:15,360 You have different identity providers not connected. 776 00:42:15,760 --> 00:42:19,560 You probably have accounts and identities embedded within core 777 00:42:19,560 --> 00:42:22,680 systems that are just not even managed entirely. 778 00:42:22,680 --> 00:42:26,200 So you know, it's inherent to things like network technology 779 00:42:26,200 --> 00:42:28,560 that you have discovery and that's how networks work. 780 00:42:28,560 --> 00:42:31,240 You know, reading protocols, open shorts, path first, all 781 00:42:31,240 --> 00:42:32,960 this sort of stuff. It's all discovery. 782 00:42:32,960 --> 00:42:36,800 LED identity is not like that. It was process and structure and 783 00:42:36,800 --> 00:42:40,400 waterfall and it's a different, different sort of mindset. 784 00:42:40,400 --> 00:42:43,320 So you're absolutely right. It is 24/7 and I think it does 785 00:42:43,320 --> 00:42:48,520 introduce security operations. It looks at not only responding 786 00:42:48,520 --> 00:42:52,440 to security incidents and how you can fix identity as part of 787 00:42:52,440 --> 00:42:54,160 that. But obviously as I was saying 788 00:42:54,160 --> 00:42:57,560 earlier, what can we do during the attack, you know who's going 789 00:42:57,560 --> 00:43:00,160 to be involved in that? It is going to be that security 790 00:43:00,160 --> 00:43:04,680 focused layer and again, security architecture, how can 791 00:43:04,680 --> 00:43:07,560 identity help with the confidentiality, integrity 792 00:43:07,560 --> 00:43:09,160 availability? So I'll try out as well. 793 00:43:09,160 --> 00:43:11,520 So different stakeholders, they're all going to have 794 00:43:11,520 --> 00:43:13,480 slightly different needs. I think that's positive. 795 00:43:13,480 --> 00:43:17,360 I think it helps identity become more much fit if you like more 796 00:43:17,360 --> 00:43:20,400 much fit for the modern world and be more adaptive and 797 00:43:20,400 --> 00:43:22,800 responsive and integratable and things like this. 798 00:43:24,160 --> 00:43:28,800 OK, so let's pivot to the AI at thecenter.com question. 799 00:43:29,760 --> 00:43:32,400 We joke awful lot about AI and yes, that's a real URL. 800 00:43:32,400 --> 00:43:36,880 And yes, it will point you to this podcast where it's I guess 801 00:43:37,000 --> 00:43:40,560 with agentic AI, right? This has been sort of the the 802 00:43:40,560 --> 00:43:44,800 hot button thing for probably for a while, but I think really 803 00:43:44,800 --> 00:43:48,240 sort of in the consciousness of identity for probably the sick 804 00:43:48,240 --> 00:43:54,360 last six months or so. What does that mean for identity 805 00:43:54,360 --> 00:43:58,920 strategy, identity security and and other similar terms? 806 00:44:00,040 --> 00:44:02,920 Yeah, it's, it's a great one. It's just like this huge nuclear 807 00:44:02,920 --> 00:44:05,880 explosion if if stuff like that's come along and just sort 808 00:44:05,880 --> 00:44:10,160 of detonated upon all of our ways of, of working, our ways of 809 00:44:10,160 --> 00:44:12,920 thinking about tech and and certainly security for sure. 810 00:44:12,920 --> 00:44:17,800 I think it's the the best way I think I could describe it is we, 811 00:44:17,800 --> 00:44:20,840 we haven't fixed the human stuff really from from an identity 812 00:44:20,840 --> 00:44:22,600 point of view. And by that I mean, we, we're 813 00:44:22,600 --> 00:44:26,000 still plagued with some of the core problems of, I don't know, 814 00:44:26,000 --> 00:44:30,520 our back ghost accounts, excess permissions, nobody does MFA 815 00:44:30,520 --> 00:44:31,880 properly and all these sorts of things. 816 00:44:32,280 --> 00:44:36,240 And then three or four years ago, we had the the more bit of 817 00:44:36,240 --> 00:44:39,520 a more focus on machine identity service accounts, looking at 818 00:44:39,520 --> 00:44:43,520 sort of APIs and workloads and a bit of privileged access stuff 819 00:44:43,520 --> 00:44:45,160 in there as well. And machine to machine cons. 820 00:44:45,960 --> 00:44:48,680 That wasn't let me fix that either because that's got this 821 00:44:48,680 --> 00:44:52,760 big hockey stick curve of numbers and huge issues with the 822 00:44:52,760 --> 00:44:56,080 credential rotation and there's there's no HR system for 823 00:44:56,080 --> 00:44:57,760 workloads and non human identities. 824 00:44:58,640 --> 00:45:00,680 So we've got these two problems which we haven't solved. 825 00:45:00,680 --> 00:45:02,800 And then you've got cloud to deal with and then suddenly 826 00:45:02,800 --> 00:45:06,640 someone drops this agentic EI sort of Megatron on everything 827 00:45:06,640 --> 00:45:08,440 else. It's like, wow, OK, it's the 828 00:45:08,440 --> 00:45:11,000 worst of both worlds. And by this I mean there's a 829 00:45:11,000 --> 00:45:13,680 huge scale problem in the sense of agentic EI. 830 00:45:14,000 --> 00:45:17,360 The adoptions can be huge, 50-60 hundred times the number of 831 00:45:17,360 --> 00:45:21,160 human identities, for example. But then it also has issues 832 00:45:21,160 --> 00:45:26,040 around it isn't deterministic like workloads and basic API to 833 00:45:26,040 --> 00:45:29,600 API cons, the nice Jason payload and it's this big and it works 834 00:45:29,640 --> 00:45:33,040 between 9:00 to 5:00 and it has a job that used to authenticate. 835 00:45:33,040 --> 00:45:36,920 It's quite predictable in what it does, whereas the agentic 836 00:45:36,920 --> 00:45:39,160 world is actually non terministic. 837 00:45:39,160 --> 00:45:41,680 It's very, it's geared towards optimization. 838 00:45:41,680 --> 00:45:44,680 So what it does, it's actually going to be quite unusual and 839 00:45:44,680 --> 00:45:47,000 how it behaves. And often that's quite 840 00:45:47,000 --> 00:45:50,640 legitimate because it's there to optimize and improve and learn 841 00:45:50,640 --> 00:45:54,080 and everything else. So it's generating requirements 842 00:45:54,080 --> 00:45:58,000 that we haven't even solved for, for human and non human. 843 00:45:58,000 --> 00:45:59,400 And then certainly we've got a deeper agentic. 844 00:45:59,400 --> 00:46:03,160 So there's a whole host of different ways to to to deal 845 00:46:03,160 --> 00:46:06,000 with that. I think absolutely it's, it 846 00:46:06,000 --> 00:46:08,520 looks like it's going to get characterized as a, as a 847 00:46:08,520 --> 00:46:12,280 different identity type. So it's neither human nor non 848 00:46:12,280 --> 00:46:13,800 human. First of all, I think that's a 849 00:46:13,800 --> 00:46:15,800 nice, quite a nice concept to consider. 850 00:46:16,400 --> 00:46:19,760 And also the sort of paradigm that's emerging is to treat it 851 00:46:19,760 --> 00:46:23,720 like a digital employee. Now that that is subtly quite 852 00:46:23,720 --> 00:46:26,520 interesting because you wouldn't, well, maybe you would 853 00:46:26,520 --> 00:46:29,640 trust your colleagues with your passkey and your credentials and 854 00:46:29,640 --> 00:46:31,640 your Active Directory logins I've posted, you probably 855 00:46:31,640 --> 00:46:34,800 wouldn't. But suddenly when this mindset 856 00:46:34,800 --> 00:46:38,040 of we're having to sort of trust and give all of our credentials 857 00:46:38,040 --> 00:46:40,960 and permissioning and everything else to these agents who perhaps 858 00:46:40,960 --> 00:46:44,160 don't have accountability, you don't have behaviour monitoring, 859 00:46:44,160 --> 00:46:47,280 aren't necessarily using strong authentication and just in time 860 00:46:47,280 --> 00:46:49,320 permissions and and all this sort of carry on. 861 00:46:49,320 --> 00:46:52,800 So it's it's a hugely interesting space. 862 00:46:52,800 --> 00:46:56,200 I think one final sort of comment, there will be the 863 00:46:56,760 --> 00:47:00,760 innovation adoption of AI and the genetic AI is absolutely off 864 00:47:00,760 --> 00:47:04,480 the scale, whereas the adoption and innovation of identity and 865 00:47:04,480 --> 00:47:06,480 security is, is quite flat still. 866 00:47:06,480 --> 00:47:09,160 So we're ending up with this sort of gap between this hockey 867 00:47:09,160 --> 00:47:12,480 stick curve adoption of AI and security and identity sort of 868 00:47:12,480 --> 00:47:14,560 plowing along. And yeah, it's doing some good 869 00:47:14,560 --> 00:47:16,240 stuff and it's improving all the time. 870 00:47:16,240 --> 00:47:19,360 But there's this big massive gap, security gap around, well, 871 00:47:19,360 --> 00:47:21,560 how do we do just in time permissioning for agents? 872 00:47:21,560 --> 00:47:25,000 How we do, do we do strong off? How do we do process at the 873 00:47:25,000 --> 00:47:27,080 station? How do we do compensation 874 00:47:27,080 --> 00:47:30,880 computing with these agents who are operating as ephemeral 875 00:47:31,120 --> 00:47:33,760 things which come and go within a few seconds. 876 00:47:33,760 --> 00:47:39,480 So it generates some huge non non functional functional 877 00:47:39,840 --> 00:47:42,240 challenges really which we're not not quite there yet. 878 00:47:42,240 --> 00:47:46,320 I think we think end to end it needs a whole host of data 879 00:47:46,320 --> 00:47:50,360 security, identity security and governance to to get that stuff 880 00:47:50,360 --> 00:47:53,200 right, I think. So I think I heard you describe 881 00:47:53,200 --> 00:47:56,760 that there might be this 3rd type of identity, right, agentic 882 00:47:56,800 --> 00:47:59,920 versus human versus machine. And I don't know. 883 00:48:00,160 --> 00:48:03,160 I mean, I think a lot of the problems you described that, 884 00:48:03,720 --> 00:48:06,680 I'll call it that identity chaos that happens, right? 885 00:48:07,200 --> 00:48:09,400 Yes, you're right, right. API to API, it's a very 886 00:48:09,400 --> 00:48:12,160 predictable transmission and you know what it's doing. 887 00:48:12,160 --> 00:48:15,920 But humans don't do that. Humans today are interacting 888 00:48:15,920 --> 00:48:19,600 with accounts in any variety of number of ways, standard and non 889 00:48:19,600 --> 00:48:21,240 standard. That's why we have things like 890 00:48:21,240 --> 00:48:24,040 conditional access, right? And rules and things like that. 891 00:48:24,720 --> 00:48:28,120 Now I understand the scalability is the big challenge right, when 892 00:48:28,120 --> 00:48:32,800 it comes to agentic identity, but the behaviors of an identic 893 00:48:32,800 --> 00:48:35,720 identity are much more similar to a human identity than they 894 00:48:35,720 --> 00:48:38,920 are to a machine identity. So do we really need a third 895 00:48:38,920 --> 00:48:42,680 classification to, to further muddy the waters, which I think 896 00:48:42,680 --> 00:48:46,240 is what I am is really good at, is creating new acronyms for 897 00:48:46,240 --> 00:48:49,040 things. If it's truly needed, great, but 898 00:48:49,040 --> 00:48:54,800 I'm not sure yet if it really is like a subset of something, or 899 00:48:54,800 --> 00:48:58,040 if it really is strong enough to stand on its own as a type. 900 00:48:59,160 --> 00:49:01,560 I guess, I guess the counterpoint is we're still 901 00:49:01,560 --> 00:49:04,400 struggling with solving those human problems, aren't we? 902 00:49:04,400 --> 00:49:07,600 I think, I think if we'd solved them and we had a really good 903 00:49:08,440 --> 00:49:11,320 sort of a mature way of saying actually, yeah, it is just a 904 00:49:11,320 --> 00:49:14,200 subset of what we do and it's fine, I think because that isn't 905 00:49:14,200 --> 00:49:16,520 the case. It's almost like a cascading 906 00:49:16,520 --> 00:49:19,520 problem. So you have a a ghost account in 907 00:49:19,520 --> 00:49:23,200 the human world multiplied by a long lived credential in the NHI 908 00:49:23,360 --> 00:49:26,920 rule that cascades into a much bigger thing. 909 00:49:26,920 --> 00:49:30,400 And I think the agentic, the big agentic question mark at the 910 00:49:30,400 --> 00:49:33,480 minute is all about accountability and traceability 911 00:49:33,480 --> 00:49:37,000 and and directing that back to a some sort of carbon life form. 912 00:49:37,000 --> 00:49:40,240 And I think because we haven't been great at solving these 913 00:49:40,240 --> 00:49:43,160 problems for other areas, it's like, do you know what, I think 914 00:49:43,320 --> 00:49:45,280 we need to have a really grown up conversation. 915 00:49:45,280 --> 00:49:47,720 How do we do manage this? Because you're going to need 916 00:49:47,720 --> 00:49:49,240 different tools. You're going to need different 917 00:49:49,400 --> 00:49:51,880 architectural patterns because the architectural patterns we've 918 00:49:51,880 --> 00:49:56,560 had in the past, even the sort of PDPPEP just in time, serious 919 00:49:56,560 --> 00:49:58,320 time and privileges. We're not, we're not quite there 920 00:49:58,320 --> 00:50:02,720 yet because if we were, a lot of these issues in that tack life 921 00:50:02,720 --> 00:50:05,080 cycle stuff would would probably disappear. 922 00:50:05,080 --> 00:50:07,000 And I'm an advocate for saying we should. 923 00:50:07,000 --> 00:50:10,160 I'm just based on observations around, you know, how, how this 924 00:50:10,160 --> 00:50:11,200 sort of industry is heading there. 925 00:50:11,200 --> 00:50:15,240 And I think we need some real conversations around who who 926 00:50:15,240 --> 00:50:17,440 needs to be involved in protecting AI. 927 00:50:17,440 --> 00:50:20,280 And it's isn't just tech, It's going to be governance, it's 928 00:50:20,280 --> 00:50:23,600 going to be ethics, it's going to be legal data security and 929 00:50:23,600 --> 00:50:27,440 data, the data science people that have a really good point to 930 00:50:27,440 --> 00:50:29,600 make in there as well. And I just think there's, 931 00:50:29,600 --> 00:50:32,400 there's a, there's a lot of unanswered questions currently 932 00:50:32,400 --> 00:50:34,600 around what protection angle looks like. 933 00:50:34,600 --> 00:50:37,800 And yeah, there's, there's a newest different startups trying 934 00:50:37,800 --> 00:50:41,120 to provide some guidance there. So it's, I think it's, it is 935 00:50:41,120 --> 00:50:43,560 moving very fast. It's early days though, I think. 936 00:50:47,480 --> 00:50:51,320 What needs to change from an identity standpoint to address 937 00:50:51,320 --> 00:50:53,560 the explosion of agentic identity? 938 00:50:53,960 --> 00:50:57,120 Because I feel like, you know, we've we've spent decades trying 939 00:50:57,120 --> 00:51:00,960 to solve for humans, but now the problem is that scale, right? 940 00:51:00,960 --> 00:51:05,720 For everyone human, there are 10101 thousand, 1,000,000 gentic 941 00:51:05,720 --> 00:51:08,760 identities that are spawning and they're spawning their own 942 00:51:09,080 --> 00:51:12,400 agents, right to do things. So what is it that you see over 943 00:51:12,400 --> 00:51:14,600 the next maybe like three to five years where it's like, OK, 944 00:51:15,080 --> 00:51:18,800 we really need to think about the way we are addressing 945 00:51:18,800 --> 00:51:22,280 identity and access management as a whole to counter that? 946 00:51:24,080 --> 00:51:26,720 There are some positives though. I sort of painted a big gloomy 947 00:51:26,720 --> 00:51:27,880 picture. I think it was some huge 948 00:51:27,880 --> 00:51:29,400 positives. I think the first, the first one 949 00:51:29,400 --> 00:51:34,120 is, is actually use AI to fix some of those human problems 950 00:51:34,120 --> 00:51:37,000 I've been describing. So using AI in a much more 951 00:51:37,000 --> 00:51:39,560 focused and condensed way to say actually, you know what our 952 00:51:40,200 --> 00:51:43,040 identity and access management world is good. 953 00:51:43,160 --> 00:51:47,040 It's growing, it's incrementally improving, but we could use AI 954 00:51:47,040 --> 00:51:50,880 to actually fix a lot of the governance issues, fix a lot of 955 00:51:50,880 --> 00:51:54,760 the broken groups in active direction, don't have 956 00:51:54,760 --> 00:51:58,560 descriptions, fix all of the access requests, access review 957 00:51:59,560 --> 00:52:02,080 compliance issues we've had for decades and decades because 958 00:52:02,080 --> 00:52:04,120 nobody does that properly and it's ineffective. 959 00:52:04,760 --> 00:52:08,800 And use use AI to sort of let me fix and tighten up that human 960 00:52:08,800 --> 00:52:10,480 centric stuff, make that match fit. 961 00:52:10,880 --> 00:52:15,360 I think by doing that, that actually frees us up as industry 962 00:52:15,360 --> 00:52:17,960 experts to say actually, you know, what conceptually we can 963 00:52:17,960 --> 00:52:21,640 then start to apply some of this stuff to to how we do strong 964 00:52:21,640 --> 00:52:25,760 authentication just in time, you know, runtime policy enforcement 965 00:52:26,000 --> 00:52:28,040 for agents. So I think I think the concepts 966 00:52:28,040 --> 00:52:29,360 are there. I think there's, there's 967 00:52:29,360 --> 00:52:32,720 definitely a bit of issue around technically what that looks 968 00:52:32,720 --> 00:52:35,400 like, which I think it honestly is, it's probably quite an easy 969 00:52:35,400 --> 00:52:38,280 thing to fix. But I think currently the big 970 00:52:38,280 --> 00:52:41,360 issue is that the discovery visibility, ownership thing, you 971 00:52:41,360 --> 00:52:44,680 know what's happening with AI in my organization, where's it 972 00:52:44,680 --> 00:52:46,640 being used, why is it being used? 973 00:52:46,880 --> 00:52:49,880 What's the value? And then look at the doing that 974 00:52:49,880 --> 00:52:52,360 sort of security on that. And hopefully you mentioned 975 00:52:52,360 --> 00:52:54,520 three or five years, think maybe hopefully five years from now. 976 00:52:54,880 --> 00:52:56,440 It's a much more proactive thing. 977 00:52:56,440 --> 00:53:00,040 And it isn't just a case of sort of wrapping security on stuff 978 00:53:00,040 --> 00:53:02,920 afterwards. It's more about adding in those 979 00:53:02,920 --> 00:53:06,000 core concepts every time you build an agent or deploy an 980 00:53:06,000 --> 00:53:07,640 agent. And it has struggled. 981 00:53:07,800 --> 00:53:11,520 Process attestation trusted work environment doesn't have access 982 00:53:11,520 --> 00:53:14,400 permissions or you can identify when it does. 983 00:53:14,680 --> 00:53:17,800 So I think the concepts we we all know, I think the concepts 984 00:53:18,120 --> 00:53:19,680 exist. I think it's just applying them 985 00:53:19,680 --> 00:53:22,560 in a in a slightly different different sort of environment I 986 00:53:22,560 --> 00:53:26,320 think. I mean, I've when you've 987 00:53:26,320 --> 00:53:31,560 released your book, I am in 2035, I just was like, this 988 00:53:31,560 --> 00:53:37,560 guy's got guts, he's got guts. So I've always kind of had the 989 00:53:38,320 --> 00:53:43,600 the base premise that identity follows the technology. 990 00:53:44,160 --> 00:53:48,680 And I'll give you another premise that I think I've I'm 991 00:53:48,680 --> 00:53:53,320 coming to, which is that we're constantly head faked by what 992 00:53:53,320 --> 00:53:55,920 can AI do today? And then there's some assumption 993 00:53:55,920 --> 00:53:58,400 that it's going to be a while before us. 994 00:53:58,840 --> 00:54:01,280 But yeah, that's not what we've experienced. 995 00:54:01,280 --> 00:54:03,840 We had the ChatGPT moment, right? 996 00:54:03,840 --> 00:54:06,920 And look at where we are now, where it's like it's blowing it 997 00:54:06,920 --> 00:54:11,040 away already. And if the real futurist, of 998 00:54:11,040 --> 00:54:16,160 which I don't consider myself one, are right, we reach kind of 999 00:54:16,160 --> 00:54:20,400 the singularity moment in the near future, Singularity for 1000 00:54:20,400 --> 00:54:23,680 people who don't listen to this garbage all the time. 1001 00:54:23,680 --> 00:54:29,320 It's when the AIS are as smart as the people, right? 1002 00:54:29,560 --> 00:54:31,280 Generally speaking, that's the term. 1003 00:54:32,280 --> 00:54:35,560 And, and Jeff's nodding no, so he can correct me. 1004 00:54:35,560 --> 00:54:38,040 But that was my understanding anyway. 1005 00:54:38,520 --> 00:54:43,520 What I'm getting through with this is, you know, I, it feels 1006 00:54:43,520 --> 00:54:49,440 like it shakes the core of what enterprise IT might be 3 to five 1007 00:54:49,440 --> 00:54:51,560 years from now. In fact, it might shake the core 1008 00:54:51,560 --> 00:54:54,560 of what an enterprise is 3 to five years from now, right. 1009 00:54:54,560 --> 00:54:58,800 We have this assumption that all these thousands of people are 1010 00:54:58,800 --> 00:55:03,000 going to come to work for a company when the futurists are 1011 00:55:03,000 --> 00:55:06,760 saying 50% of the white collar workforce is going to be 1012 00:55:06,760 --> 00:55:09,440 eliminated. And when you think about a lot 1013 00:55:09,440 --> 00:55:14,120 of enterprise IT applications, let's just call them SAS. 1014 00:55:14,360 --> 00:55:16,040 You know, I'm thinking I'm oversimplifying. 1015 00:55:16,200 --> 00:55:18,440 Doesn't really matter what the delivery model is. 1016 00:55:19,560 --> 00:55:23,280 They're mostly built around people doing a job, right? 1017 00:55:23,520 --> 00:55:26,720 And if you're talking about agents doing a job, do they need 1018 00:55:26,720 --> 00:55:29,520 these tools? Do they need an HR system? 1019 00:55:29,520 --> 00:55:35,080 Do they need ACRM system external to the large language 1020 00:55:35,120 --> 00:55:40,880 model itself? To a pick that Jim Mccrakey, I 1021 00:55:40,880 --> 00:55:43,600 think nobody knows where it's heading. 1022 00:55:43,880 --> 00:55:46,080 I do think that's a little bit scary as well. 1023 00:55:46,080 --> 00:55:49,280 I think, I'm not necessarily saying it's all, all doom and 1024 00:55:49,280 --> 00:55:52,240 gloom, but I think the potential is unknown. 1025 00:55:52,240 --> 00:55:54,320 And I think that itself is quite, quite scary thing. 1026 00:55:55,640 --> 00:56:00,200 I think it, I think it will transform lots and lots of lots 1027 00:56:00,200 --> 00:56:02,960 and lots of jobs will, will change and alter, absolutely. 1028 00:56:02,960 --> 00:56:07,440 But I do think there's also that that more fundamental change and 1029 00:56:07,440 --> 00:56:11,040 shift around how we do business, how we work, how we interact 1030 00:56:11,040 --> 00:56:15,680 with people, how we do things. I'm not quite sure anybody knows 1031 00:56:15,800 --> 00:56:19,360 what that quite looks like yet, but I think a lot of it is going 1032 00:56:19,360 --> 00:56:22,000 to be based on trust. Can you trust this thing, 1033 00:56:22,000 --> 00:56:25,840 whatever it may be to, you know, be a friend, do something, act 1034 00:56:25,840 --> 00:56:28,960 on your behalf. Maybe you're interacting with it 1035 00:56:28,960 --> 00:56:33,760 on with this whatever combined set of agents and then trust is 1036 00:56:33,760 --> 00:56:36,120 a huge part of that. And to get trust to work, you 1037 00:56:36,120 --> 00:56:38,560 need to have identity in there, both physical and digital 1038 00:56:38,560 --> 00:56:41,800 identity for that to work. So I think identity has a real 1039 00:56:42,160 --> 00:56:45,840 fundamental part to play, irregardless of what that looks 1040 00:56:45,840 --> 00:56:47,400 like. I don't think it's going to look 1041 00:56:47,400 --> 00:56:50,720 like the identity of right now with the stuff we have. 1042 00:56:51,200 --> 00:56:54,680 But I think the concepts, the physical concepts that we have 1043 00:56:55,040 --> 00:56:58,240 as people, how we interact with each other, how we trust each 1044 00:56:58,240 --> 00:57:03,680 other, how we respect and listen and interact, somehow you'd have 1045 00:57:03,680 --> 00:57:05,840 to try and translate that to the digital world. 1046 00:57:05,840 --> 00:57:08,440 And I have no idea what that looks like. 1047 00:57:08,440 --> 00:57:11,480 I mean, it sounds a little bit scary, but I think it is coming 1048 00:57:11,480 --> 00:57:14,640 very rapidly. I think that's probably the only 1049 00:57:14,640 --> 00:57:18,320 thing we can predict that it's coming quickly, too quickly, and 1050 00:57:18,400 --> 00:57:20,520 we probably won't be fully prepared and we'll have to do 1051 00:57:20,520 --> 00:57:23,000 what humans always do and that's adapt and figure it out. 1052 00:57:24,600 --> 00:57:28,080 Yeah, I mean, I'm, I'm, I'm always an eternal optimist. 1053 00:57:28,080 --> 00:57:31,520 I, I hope, I don't think it'll ends up in, in sort of robot 1054 00:57:31,520 --> 00:57:35,040 wars, but one thing I will add actually is that maybe AI is the 1055 00:57:35,080 --> 00:57:38,520 only thing that can secure AI. If you think about where that 1056 00:57:38,520 --> 00:57:43,320 singularity goes to and the way you design and define systems 1057 00:57:43,520 --> 00:57:45,600 and maybe isn't a human that has to be able to do that. 1058 00:57:45,720 --> 00:57:49,720 It may be an AI system is the only thing which can operate on 1059 00:57:49,720 --> 00:57:53,080 the same frequency. I guess to to be able to protect 1060 00:57:53,080 --> 00:57:55,120 that. So that that'd be my not my 1061 00:57:55,120 --> 00:57:56,880 prediction If I was going to ever write another book. 1062 00:57:57,040 --> 00:57:59,520 I didn't see a 2055. If we're all here, then who 1063 00:57:59,520 --> 00:58:02,440 knows? Well, it worked for the Matrix, 1064 00:58:02,440 --> 00:58:04,240 so I'm trying to work, you know, for real life. 1065 00:58:04,240 --> 00:58:07,760 So we're good with that. I always learned so much, Simon, 1066 00:58:07,760 --> 00:58:10,800 when when we talk. And, you know, I want to wrap up 1067 00:58:10,800 --> 00:58:13,200 this conversation with maybe learning a little bit more on 1068 00:58:13,200 --> 00:58:16,840 the conference side of things because Jim and I are headed to 1069 00:58:16,840 --> 00:58:19,680 EIC in Berlin in May. And then we've got another 1070 00:58:19,680 --> 00:58:21,600 conference in Las Vegas with Ideniverse. 1071 00:58:21,640 --> 00:58:25,800 And you know, last year was my first time going to Berlin and 1072 00:58:25,800 --> 00:58:27,960 really enjoyed it. And I hit Amsterdam after that, 1073 00:58:27,960 --> 00:58:31,400 really enjoyed that as well. And I'm curious if you have any 1074 00:58:31,400 --> 00:58:37,600 tips for Jim and I, our second time going to Berlin and maybe 1075 00:58:37,600 --> 00:58:42,480 parts unknown throughout EU. What should we be thinking about 1076 00:58:42,480 --> 00:58:45,680 as we head out this summer? Enjoy it. 1077 00:58:45,840 --> 00:58:49,160 Europe is fabulous. Europe is it's, it's, it's very 1078 00:58:49,160 --> 00:58:51,480 small in some respects. And by that I mean within sort 1079 00:58:51,480 --> 00:58:54,800 of two hours, you can, you can have a multitude of different 1080 00:58:54,880 --> 00:58:58,880 cultural experiences, languages, drinking and other. 1081 00:58:58,880 --> 00:59:02,840 And it's, I think that is this the absolute beauty of of being 1082 00:59:03,040 --> 00:59:05,720 living in Europe and in the UK obviously, but Europe is, is a 1083 00:59:05,720 --> 00:59:09,000 real big part of of my view and vision of the world and it's 1084 00:59:09,000 --> 00:59:12,240 multiple, multiple things. I would take every opportunity 1085 00:59:12,240 --> 00:59:15,520 that you counted and sample all of that culture because it is 1086 00:59:15,600 --> 00:59:19,160 fabulous, fabulous history of Europe and it's it's good in 1087 00:59:19,160 --> 00:59:21,560 Germany, Berlin, yeah, there's some great, great bars in 1088 00:59:21,560 --> 00:59:23,240 Berlin. You know, there's some, there's 1089 00:59:23,240 --> 00:59:25,960 some good, good bars in Berlin. I'm sure we can do that offline. 1090 00:59:25,960 --> 00:59:28,320 But yeah, it's embrace it all. It's brilliant. 1091 00:59:29,480 --> 00:59:31,720 Well, give me something specific, like what's a hidden 1092 00:59:31,720 --> 00:59:36,440 gem that you want to promote or let people be aware of? 1093 00:59:36,440 --> 00:59:39,000 Like, hey, this place is great. And, you know, maybe not a lot 1094 00:59:39,000 --> 00:59:40,520 of people know about it. I mean, we have people all over 1095 00:59:40,520 --> 00:59:42,880 the world who listen and, you know, maybe maybe they're 1096 00:59:42,880 --> 00:59:44,760 familiar with it or maybe they're getting ideas like, oh, 1097 00:59:44,760 --> 00:59:46,720 next time I'm in that area, Simon said. 1098 00:59:46,720 --> 00:59:49,520 We got to go here. If I'm I'm not going to be AICI 1099 00:59:49,520 --> 00:59:52,920 hasten to have this year. So I guess my if it is in Berlin 1100 00:59:52,920 --> 00:59:55,120 this year, is it? It's in Berlin. 1101 00:59:56,280 --> 01:00:00,640 A German Keller beer or a wheat beer is, is will be my, my gun 1102 01:00:00,640 --> 01:00:05,440 gun hunt out a really good vice beer in a, in a German cellar 1103 01:00:05,440 --> 01:00:06,880 bar. So it's got to be an underground 1104 01:00:06,880 --> 01:00:09,400 bar. It's got it can't be on on paper 1105 01:00:09,400 --> 01:00:12,520 level underground. I'm not going to give a 1106 01:00:12,520 --> 01:00:15,520 particular name, but there are, there are some some that exist 1107 01:00:15,520 --> 01:00:17,760 with and they'll have little candles on the tables and 1108 01:00:17,760 --> 01:00:21,360 they'll be very small and they'll be open from about 5:00 1109 01:00:21,360 --> 01:00:24,960 PM onwards in the afternoon and. They're the best places. 1110 01:00:24,960 --> 01:00:27,840 They're the best ones. German, German vice beer in 1111 01:00:27,840 --> 01:00:31,720 underground bar with a bit of that's not old fashioned techno 1112 01:00:31,720 --> 01:00:35,240 music going on on the speakers that that to me will be you'll 1113 01:00:35,240 --> 01:00:38,080 probably find me somewhere in one of the somewhere share your 1114 01:00:38,080 --> 01:00:42,040 little bar like and that'll be my end of conference day. 1115 01:00:42,080 --> 01:00:43,920 I think that'd be like not be like tip. 1116 01:00:44,800 --> 01:00:46,800 Sounds a little bit similar to a place that I went. 1117 01:00:46,800 --> 01:00:49,640 So shout out to John and Matthias who I went out with and 1118 01:00:49,640 --> 01:00:54,880 it was a bar, you know, pub type place underneath the train 1119 01:00:54,880 --> 01:00:59,640 tracks. And you know, we had wheat fears 1120 01:01:00,200 --> 01:01:02,240 twice is typically what if I'm going to drink a beer? 1121 01:01:02,240 --> 01:01:04,040 Typically this could be like a vice, stuff like that. 1122 01:01:05,360 --> 01:01:09,520 And then pretzel and sausages and just kind of sat in this pub 1123 01:01:10,040 --> 01:01:12,560 and just hung out and relaxed. And it was. 1124 01:01:12,560 --> 01:01:14,320 Was it an underground pub? It wasn't. 1125 01:01:14,520 --> 01:01:16,840 It wasn't underground, but it was directly underneath the 1126 01:01:16,840 --> 01:01:19,320 train tracks in Alexander Plots kind of area. 1127 01:01:19,320 --> 01:01:23,040 I don't remember the name of it, but it was it was a similar type 1128 01:01:23,040 --> 01:01:24,280 vibe. Not directly underground 1129 01:01:24,280 --> 01:01:26,520 obviously, but. I'm but that's good. 1130 01:01:27,200 --> 01:01:28,560 It is close. That's a good. 1131 01:01:28,560 --> 01:01:30,600 That's a good starting point. That's a good starting point, 1132 01:01:30,600 --> 01:01:31,840 yeah. OK, so that's like the newbie 1133 01:01:31,840 --> 01:01:34,920 version of that. To progress to the underground 1134 01:01:34,920 --> 01:01:37,480 and then you would have ticked all of the, all of. 1135 01:01:37,480 --> 01:01:39,440 The I think if you drink too much you might progress too far 1136 01:01:39,440 --> 01:01:40,920 underground and then you got a different problem. 1137 01:01:42,360 --> 01:01:43,520 That's tomorrow's problem, though. 1138 01:01:45,520 --> 01:01:47,120 Jim, you want anything to weigh on here? 1139 01:01:47,960 --> 01:01:51,200 I mean, I would just say that, you know, I'm thinking about our 1140 01:01:51,200 --> 01:01:54,840 trip to Europe and I'm thinking the culture and the lifestyle. 1141 01:01:55,280 --> 01:01:57,280 I mean, they've got it in spades. 1142 01:01:57,640 --> 01:02:02,320 I think our trip to Vegas is going to be very different. 1143 01:02:02,840 --> 01:02:07,800 Vegas and the Berlin scene are very different, but I enjoy them 1144 01:02:07,800 --> 01:02:10,760 both. I find Vegas relaxing and I 1145 01:02:10,760 --> 01:02:14,280 don't know if that's because I'm weird or something else. 1146 01:02:15,600 --> 01:02:20,080 I like the people watching. I've given up a lot of the vices 1147 01:02:20,080 --> 01:02:23,280 that make Vegas a problem for most people. 1148 01:02:23,560 --> 01:02:28,360 Don't gamble and but it is a good time. 1149 01:02:28,360 --> 01:02:31,560 But it's super expensive there. Yeah, I'm, I'm probably going to 1150 01:02:31,560 --> 01:02:33,440 try to make it this sphere again. 1151 01:02:33,720 --> 01:02:37,760 They've got Wizard of Oz playing, which might sound a 1152 01:02:37,760 --> 01:02:41,280 little bit nerdy, but I'm looking forward to it. 1153 01:02:41,880 --> 01:02:43,800 At the sphere, I mean, you can see anything. 1154 01:02:43,800 --> 01:02:45,400 You can watch paint dry at the sphere and I'm sure it'll be 1155 01:02:45,400 --> 01:02:47,640 interesting. Would make it, yeah. 1156 01:02:49,000 --> 01:02:50,800 All right, let's go ahead and wrap it up there for this 1157 01:02:50,800 --> 01:02:52,520 episode. Simon, thank you so much for 1158 01:02:52,520 --> 01:02:54,280 joining us as always, it's a pleasure. 1159 01:02:54,280 --> 01:02:56,600 We'll have links in our show notes for people to check out. 1160 01:02:56,600 --> 01:03:00,240 So we'll have a link to you in LinkedIn so people can reach out 1161 01:03:00,240 --> 01:03:03,560 with either recommendations for underground bars or, you know, 1162 01:03:03,720 --> 01:03:07,680 AI tomfoolery or whatever it may be how we want to work for that. 1163 01:03:08,160 --> 01:03:10,160 I'll have a link to the Analyst Brief podcast as well in our 1164 01:03:10,160 --> 01:03:12,360 show notes, be able to check that out that so that you and 1165 01:03:12,360 --> 01:03:14,320 David continue to do a great job with that one. 1166 01:03:14,320 --> 01:03:16,800 And yeah, we'll have links to us. 1167 01:03:16,960 --> 01:03:19,400 Well, so reach out to Jim and I. We're always looking for ideas 1168 01:03:19,400 --> 01:03:23,040 for shows and questions, comments, concerns and all that 1169 01:03:23,040 --> 01:03:26,040 good stuff. So IDAC, podcast.com, don't 1170 01:03:26,040 --> 01:03:29,560 forget our discount codes. And yeah, that's it. 1171 01:03:29,560 --> 01:03:32,320 So leave it there. Thanks everyone for watching and 1172 01:03:32,320 --> 01:03:34,320 or listening and we'll talk with you all on the next one. 1173 01:03:35,160 --> 01:03:36,560 Guys, thank you. Talk to you soon. 1174 01:03:39,240 --> 01:03:42,200 You've been listening to Identity at the Center. 1175 01:03:42,680 --> 01:03:46,640 We hope you've enjoyed the show. Make sure to like, rate and 1176 01:03:46,640 --> 01:03:50,280 review, and we'll be back soon. But in the meantime, hit the 1177 01:03:50,280 --> 01:03:53,680 website at identity@thecenter.com. 1178 01:03:54,320 --> 01:03:58,400 See you next time on Identity at the Center.