1 00:00:04,800 --> 00:00:11,160 This is identity at the center. Welcome to the Identity at the 2 00:00:11,160 --> 00:00:13,000 Center podcast. I'm Jeff, and that's Jim. 3 00:00:13,000 --> 00:00:15,120 Hey, Jim. Hey, Jeff, how are you? 4 00:00:15,520 --> 00:00:17,920 Oh, not so bad yourself. I'm doing great. 5 00:00:17,920 --> 00:00:20,040 I'm really excited about today's episode. 6 00:00:20,280 --> 00:00:23,920 Not too often that we find a company that's been in I am 7 00:00:24,120 --> 00:00:28,000 longer than we have, but I think we have one of those today. 8 00:00:28,280 --> 00:00:30,800 Also we have a fantastic guest from that company. 9 00:00:30,800 --> 00:00:35,840 Some we we met at Identverse DC. So I'm telling you, that 10 00:00:35,840 --> 00:00:39,840 Identverse DC conference was well worth our time. 11 00:00:40,240 --> 00:00:43,320 Yeah, it was a lot of fun and I, and I don't have it in front of 12 00:00:43,320 --> 00:00:46,880 me right now, but I do have a Rivera Security IDAC custom 13 00:00:48,200 --> 00:00:50,840 Tumblr or mug, whatever it is. So I definitely appreciate that. 14 00:00:51,240 --> 00:00:52,440 But yeah, let's get into it today. 15 00:00:53,040 --> 00:00:55,120 This is a sponsor spotlight episode, so this is where we 16 00:00:55,120 --> 00:00:57,640 find out, you know, perspectives and opinions on the identity 17 00:00:57,640 --> 00:01:00,120 space from the people who make this podcast possible. 18 00:01:00,120 --> 00:01:03,920 So we definitely appreciate that today we've got Rivera Security. 19 00:01:03,960 --> 00:01:06,440 You can find more. Find out more about them at 20 00:01:06,440 --> 00:01:14,320 riverasecurity.com/I DAC. That's BRAVURA security.com/I 21 00:01:14,320 --> 00:01:16,800 DAC and I want to Welcome to the show Bart Allen. 22 00:01:16,800 --> 00:01:18,560 He's a general manager with Rivera. 23 00:01:18,600 --> 00:01:21,200 Welcome to the show, Bart. Thanks, Jeff. 24 00:01:21,280 --> 00:01:24,360 Great to be here. Excited to kind of see the 25 00:01:24,360 --> 00:01:26,960 inside of how this is all made and comes together. 26 00:01:27,360 --> 00:01:28,680 Yeah. So you're seeing the remote 27 00:01:28,680 --> 00:01:30,480 version. I think you probably saw us 28 00:01:30,480 --> 00:01:33,040 doing some live episodes at the identifiers DC there, sort of 29 00:01:33,040 --> 00:01:37,280 the tail end of 2025. So you can see the sausage being 30 00:01:37,280 --> 00:01:41,440 made, the the chaos slash mess that is happening, but for 31 00:01:41,440 --> 00:01:43,080 whatever reason, people tune into that. 32 00:01:43,120 --> 00:01:45,240 Let's find out more about your background. 33 00:01:45,680 --> 00:01:47,800 My first question anytime that I meet some of the first time on 34 00:01:47,800 --> 00:01:50,040 the podcast is really kind of learn more about their 35 00:01:50,040 --> 00:01:52,080 background in identity and security. 36 00:01:52,080 --> 00:01:55,440 So let's start there. Bart, how did you get into the 37 00:01:55,440 --> 00:01:57,840 identity space? Yeah. 38 00:01:57,840 --> 00:02:02,200 I mean, it's been a little bit over a decade since I started my 39 00:02:02,200 --> 00:02:06,960 journey in identity. Before that, I was in kind of an 40 00:02:06,960 --> 00:02:10,039 adjacent space, enterprise content management, controlling 41 00:02:10,039 --> 00:02:13,560 who has access to what and surfacing the right information, 42 00:02:13,560 --> 00:02:15,080 but really from a different angle. 43 00:02:15,080 --> 00:02:20,520 So I actually started at almost 11 years ago in our consulting 44 00:02:20,520 --> 00:02:25,880 space helping customers solve identity problems and, you know, 45 00:02:25,880 --> 00:02:29,240 figuring out how to improve their security posture. 46 00:02:30,440 --> 00:02:33,840 And then, you know, through the years, kind of grew into more of 47 00:02:33,840 --> 00:02:37,760 a leadership role, spent a lot of time trying to figure out how 48 00:02:37,760 --> 00:02:42,040 we can make identity an easier problem to solve. 49 00:02:43,000 --> 00:02:47,280 So many, you know, difficult projects, long implementations, 50 00:02:47,280 --> 00:02:50,600 et cetera. And I think, you know, that's 51 00:02:50,600 --> 00:02:53,320 something that I've really brought to the leadership role 52 00:02:53,320 --> 00:02:56,160 as well as, you know, paying attention to our customers, 53 00:02:56,160 --> 00:02:59,680 prospects in the industry. But it's also what anchors me 54 00:02:59,680 --> 00:03:02,160 here. I think I love the fact that 55 00:03:02,520 --> 00:03:05,520 this is a space where the problem I was solving yesterday 56 00:03:05,520 --> 00:03:08,040 is different than the problem I'm going to be solving 57 00:03:08,040 --> 00:03:10,240 tomorrow. I mean, we've seen it in the 58 00:03:10,240 --> 00:03:13,360 past, you know, 12 months with the evolution of agentic 59 00:03:13,360 --> 00:03:15,400 identities. And I'm sure we're going to see 60 00:03:15,400 --> 00:03:19,120 another evolution here shortly. So, you know, that's, that's 61 00:03:19,120 --> 00:03:21,360 what got me into it. I don't necessarily know that it 62 00:03:21,360 --> 00:03:24,920 was a path I chose or if it chose me, but I'm here. 63 00:03:24,920 --> 00:03:29,000 I do enjoy it and look forward to talking more about it. 64 00:03:30,000 --> 00:03:32,040 Yeah, I feel like I Denny's one of those things like just when 65 00:03:32,040 --> 00:03:34,640 you've got it figured out, oh, here comes something new and 66 00:03:34,640 --> 00:03:36,840 interesting and you kind of have to restart and kind of figure 67 00:03:36,840 --> 00:03:39,600 things out and tap that background to try and say, OK, 68 00:03:39,680 --> 00:03:43,000 how do we address this problem? So I'm with you totally on that. 69 00:03:43,800 --> 00:03:46,520 For people who are not familiar with Brivera, why don't you give 70 00:03:46,520 --> 00:03:49,520 a sort of like the the rundown on, on who you guys are because 71 00:03:49,520 --> 00:03:52,080 you actually go way back, even before it was called Brivera, 72 00:03:52,080 --> 00:03:54,160 right? Yeah. 73 00:03:54,840 --> 00:03:59,280 So we were founded in 92. Back in the day, we really 74 00:03:59,280 --> 00:04:01,200 focused just on password management. 75 00:04:01,200 --> 00:04:05,240 I think our first product launched in 1997, which was just 76 00:04:05,240 --> 00:04:07,120 a self-service password reset tool. 77 00:04:08,280 --> 00:04:10,560 We've been through a number of different acquisitions and 78 00:04:10,560 --> 00:04:14,040 rebrands. So in the 20 tens we became part 79 00:04:14,040 --> 00:04:16,360 of Hitachi. A lot of people will know us as 80 00:04:16,360 --> 00:04:21,480 Hitachi ID systems. And then in twenty 20s and 2022 81 00:04:21,480 --> 00:04:25,240 specifically, we took on the name Rivera Security. 82 00:04:25,240 --> 00:04:28,920 So you know who we are and what we do. 83 00:04:29,760 --> 00:04:32,680 I mean we've been around for so long that password management 84 00:04:32,680 --> 00:04:35,560 actually started to evolve into identity management. 85 00:04:35,560 --> 00:04:38,720 We're managing, you know, passwords on Active Directory, 86 00:04:38,720 --> 00:04:42,080 unique systems, mainframes, AS4, hundreds, you name it. 87 00:04:43,720 --> 00:04:46,080 And at some point somebody thought, well, could we also 88 00:04:46,080 --> 00:04:49,000 start to create accounts? Could we start to deprovision 89 00:04:49,000 --> 00:04:50,560 accounts? Could we start to handle the 90 00:04:50,560 --> 00:04:54,840 identity life cycle? And so we started to do that. 91 00:04:54,840 --> 00:04:57,120 We were probably one of the first vendors in the space. 92 00:04:57,120 --> 00:05:01,160 I don't think, you know, it was something that we, it wasn't a 93 00:05:01,160 --> 00:05:02,960 space that existed at the time I guess. 94 00:05:04,040 --> 00:05:08,320 And then similarly fell into the problem of privileged access 95 00:05:08,320 --> 00:05:11,480 management had a couple of customers who were already using 96 00:05:11,480 --> 00:05:16,120 our password solution to reset passwords programmatically on a 97 00:05:16,120 --> 00:05:20,400 scheduled basis to secure privilege and so started to 98 00:05:20,400 --> 00:05:24,120 develop a solution around that. And that's evolved into kind of 99 00:05:24,120 --> 00:05:27,400 the company we are today. I describe ourselves as like an 100 00:05:27,400 --> 00:05:29,880 end to end identity security provider. 101 00:05:29,880 --> 00:05:32,960 We're one of the only players in the industry with a native 102 00:05:32,960 --> 00:05:36,040 platform and I think it gives us a unique advantage. 103 00:05:36,040 --> 00:05:38,920 Plus, these three decades of experience definitely can't 104 00:05:38,920 --> 00:05:41,240 hurt. So talk about tapping at history 105 00:05:41,240 --> 00:05:43,360 just to make sure you're doing right by the future. 106 00:05:44,280 --> 00:05:47,360 I almost curious how names of companies come to be. 107 00:05:47,360 --> 00:05:49,040 So tell me about the name Rivera. 108 00:05:49,240 --> 00:05:52,160 How did you and the rest of the people there kind of come up 109 00:05:52,160 --> 00:05:54,320 with the name Rivera for the organization? 110 00:05:55,600 --> 00:05:59,720 Yeah. So you know in 22, we knew that 111 00:05:59,720 --> 00:06:01,680 an acquisition was kind of nearing. 112 00:06:02,160 --> 00:06:05,160 We took the opportunity to do a bit of a product rebrand in 113 00:06:05,160 --> 00:06:07,680 advance of the company rebrand because we knew that was going 114 00:06:07,680 --> 00:06:11,680 to be very quick leaving the Hitachi ecosystem that we had to 115 00:06:11,680 --> 00:06:15,400 leave that name behind as well, which is, you know, a very 116 00:06:15,400 --> 00:06:17,640 trusted brand. It revolves around, you know, 117 00:06:17,640 --> 00:06:20,000 quality and everything like that. 118 00:06:20,000 --> 00:06:22,960 So when we're thinking about it, you know, one of the things that 119 00:06:22,960 --> 00:06:26,560 came to light is our deep technical expertise. 120 00:06:26,560 --> 00:06:30,160 We have people who are still here today, who've been here for 121 00:06:30,160 --> 00:06:34,440 almost 25 years. 25 years ago, the identity space didn't really 122 00:06:34,440 --> 00:06:37,800 exist. So it really comes from the root 123 00:06:37,960 --> 00:06:41,280 of, you know, a word that describes technical brilliance 124 00:06:41,280 --> 00:06:43,200 or expertise in a specific space. 125 00:06:43,200 --> 00:06:46,520 And we thought it was kind of fitting, differentiates us from 126 00:06:46,880 --> 00:06:49,960 some of the others so. I love hearing stories like 127 00:06:49,960 --> 00:06:50,640 that. It's like, all right, it's 128 00:06:50,640 --> 00:06:52,080 already interesting. So that's like an Easter egg. 129 00:06:52,080 --> 00:06:54,120 If somebody reaches out to Bart, it's like, hey, I know where the 130 00:06:54,120 --> 00:06:57,080 name Rivera came from. Now that was the friendly 131 00:06:57,080 --> 00:06:58,400 question. Now I'm going to put my jaded 132 00:06:58,400 --> 00:07:00,760 CSO hat on because I feel like there's so many different 133 00:07:00,760 --> 00:07:04,520 products in this space and, and, and identity at large just has, 134 00:07:04,520 --> 00:07:07,320 you know, hundreds, if not thousands of products. 135 00:07:07,720 --> 00:07:10,160 So I'm going to ask you the question like, what is it that 136 00:07:10,160 --> 00:07:13,520 you think makes Provera unique? Like what do you bring to the 137 00:07:13,520 --> 00:07:15,080 table that people should be thinking about? 138 00:07:15,080 --> 00:07:17,000 It's like, oh, maybe I haven't quite seen that before. 139 00:07:17,000 --> 00:07:18,680 Or what do you think is like that special sauce? 140 00:07:20,400 --> 00:07:24,320 You know, our special sauce is the fact that we built this up 141 00:07:24,480 --> 00:07:29,160 natively across 3 decades. So that means we have a unified 142 00:07:29,160 --> 00:07:33,720 set of connectors for identity privilege pass or password reset 143 00:07:34,800 --> 00:07:39,160 and we can do things that require a lot of integration in 144 00:07:39,160 --> 00:07:41,680 other scenarios, right? You might pick a best of breed 145 00:07:41,680 --> 00:07:44,320 identity tool and a best privileged access tool. 146 00:07:44,320 --> 00:07:46,960 And then you're posed with the question, well, where does 147 00:07:46,960 --> 00:07:48,800 privilege identity management happen? 148 00:07:48,800 --> 00:07:50,400 Does it happen in the identity tool? 149 00:07:50,400 --> 00:07:52,040 Does it happen in the privilege tool? 150 00:07:52,320 --> 00:07:55,000 And then if we want to go certify those things or, you 151 00:07:55,000 --> 00:07:58,320 know, do deeper analysis, you know, where does all of that 152 00:07:58,320 --> 00:08:00,320 happen? And often times we find 153 00:08:00,320 --> 00:08:03,560 customers say, well, it happens in, you know, service now or 154 00:08:03,560 --> 00:08:08,280 some other platform where, you know, we're not truly managing 155 00:08:08,280 --> 00:08:11,840 these things. So that's really, you know, the 156 00:08:11,840 --> 00:08:14,240 core of the secret sauce. I think, you know, what we're 157 00:08:14,240 --> 00:08:17,520 going to talk a little bit about today is, is again, another one 158 00:08:17,520 --> 00:08:22,600 of those solutions that arises from having this native suite, 159 00:08:22,640 --> 00:08:24,960 right? We can, you know, not only 160 00:08:26,160 --> 00:08:30,160 manage password resets, but we can maybe shift the paradigm on 161 00:08:30,160 --> 00:08:31,320 that as well. So. 162 00:08:33,720 --> 00:08:37,240 I'm going to steal Jeff's jaded C so hat I'm going to put it on 163 00:08:37,240 --> 00:08:39,960 backwards and I'm going to ask you this question. 164 00:08:39,960 --> 00:08:43,440 I mean, I'll be honest with you most of the episode, we've had 165 00:08:43,440 --> 00:08:48,200 way more episodes about the password dying and going away 166 00:08:48,200 --> 00:08:51,560 than we've had about how to manage passwords better, how to 167 00:08:51,560 --> 00:08:54,760 have a a tool and a methodology and approach. 168 00:08:55,040 --> 00:08:58,920 So one, I want to ask you, you know, why is there still a need 169 00:08:58,920 --> 00:09:03,480 for a password manager? And then #2 I guess I'm going to 170 00:09:03,480 --> 00:09:07,040 help you out a little bit with this one, which is, look, as 171 00:09:07,040 --> 00:09:09,520 much as we might want to say the password is dead. 172 00:09:09,520 --> 00:09:12,400 And I think the first person to declare that, or at least the 173 00:09:12,400 --> 00:09:15,280 one that we've made fun of the most, that Bill Gates said it in 174 00:09:15,280 --> 00:09:19,320 like 2006, the password is dead. And like I think he was before 175 00:09:19,320 --> 00:09:22,640 even the Crest of the importance of the password, right? 176 00:09:22,640 --> 00:09:25,800 That probably happened a few years later at least. 177 00:09:27,640 --> 00:09:34,440 But you know, it's 2025 or 2026, it's 2025 and previous years. 178 00:09:34,440 --> 00:09:39,880 It's like breach after breach tied back to passwords, either 179 00:09:40,080 --> 00:09:45,080 fish passwords or socially engineered passwords or password 180 00:09:45,080 --> 00:09:47,640 spraying. I mean, it keeps coming back to 181 00:09:47,640 --> 00:09:51,120 passwords, right? So I guess that's my my question 182 00:09:51,120 --> 00:09:54,440 is like, why is a password manager important now? 183 00:09:54,720 --> 00:09:56,280 And then why does this keep happening? 184 00:09:58,320 --> 00:10:02,360 Yeah, I mean, I think password manager alone is important, but 185 00:10:02,920 --> 00:10:05,600 talking about like, why passwords? 186 00:10:05,720 --> 00:10:09,120 You know, I, I think the uncomfortable truth about 187 00:10:09,120 --> 00:10:12,360 passwords, in my opinion, is we've been trying to get rid of 188 00:10:12,360 --> 00:10:16,440 them for the better part of a decade, probably even closer to 189 00:10:16,440 --> 00:10:20,320 a decade and 1/2 through one way or another. 190 00:10:21,440 --> 00:10:24,120 And we love talking about all of the things that are going to 191 00:10:24,120 --> 00:10:26,640 replace passwords. But I feel like that story 192 00:10:26,640 --> 00:10:28,880 continues to change and evolve, which is good. 193 00:10:28,880 --> 00:10:33,080 The industry does too. But I think we often ignore all 194 00:10:33,080 --> 00:10:35,560 of the things that are going to use passwords for the next 195 00:10:35,560 --> 00:10:37,800 decade or maybe even longer, right? 196 00:10:37,800 --> 00:10:41,800 There's legacy systems, there's platforms that don't support 197 00:10:41,800 --> 00:10:45,320 single sign on flows or don't support standards based single 198 00:10:45,320 --> 00:10:50,760 sign on at least. And you know, when we talked to 199 00:10:50,760 --> 00:10:54,280 organizations, a lot of them might get 80% of the way there, 200 00:10:54,280 --> 00:10:56,640 right. You know, 80% of their systems 201 00:10:56,640 --> 00:11:01,640 are newer, modern enough to support some sort of single sign 202 00:11:01,640 --> 00:11:04,320 on flow or standard, which is great. 203 00:11:04,440 --> 00:11:06,360 Then you can eliminate the passwords there. 204 00:11:07,400 --> 00:11:11,360 But then what about the 20%? And I think where organizations 205 00:11:11,360 --> 00:11:16,640 get stuck is in this last 20% where you don't really reap the 206 00:11:16,640 --> 00:11:20,600 benefit of being password less and being, you know, breach 207 00:11:20,600 --> 00:11:24,080 proof. If you can even say that until 208 00:11:24,080 --> 00:11:28,520 you actually eliminate the user in the password flow or in the 209 00:11:28,520 --> 00:11:31,360 credential flow, which is what you know, pass keys and password 210 00:11:31,360 --> 00:11:34,640 lists are really aiming to do. I think it aims to solve the 211 00:11:34,640 --> 00:11:38,880 problem of humans are bad at forgetting passwords, setting 212 00:11:38,880 --> 00:11:41,800 passwords and remembering to reset them when they need to. 213 00:11:42,600 --> 00:11:47,840 So you know, our on that is really well, there's multiple 214 00:11:47,840 --> 00:11:50,800 ways to solve that problem. And so if we think about using a 215 00:11:50,800 --> 00:11:54,440 password manager that's connected to your other systems 216 00:11:54,440 --> 00:11:57,760 and can automatically have passwords distributed that are 217 00:11:57,760 --> 00:12:00,000 very similar to how we would tackle privileged access 218 00:12:00,000 --> 00:12:04,840 management, then you're removing the user from that journey. 219 00:12:04,880 --> 00:12:07,280 They don't have to reset it, they don't have to set it 220 00:12:07,280 --> 00:12:09,640 initially and they're not going to set a bad one that can be 221 00:12:09,640 --> 00:12:10,800 breached. So. 222 00:12:12,000 --> 00:12:13,520 Yeah, I think that's a really good answer. 223 00:12:13,520 --> 00:12:17,440 I mean, I use the password manager because even though I 224 00:12:17,440 --> 00:12:22,000 have passkeys available for certain applications that I use 225 00:12:22,400 --> 00:12:26,400 throughout through applications that don't have passkeys, they 226 00:12:26,400 --> 00:12:29,920 still rely on passwords, right? So I don't know my to do this 227 00:12:29,920 --> 00:12:33,880 passwords writing down the notepad or just reset my 228 00:12:33,880 --> 00:12:36,720 password every time. Obviously we haven't the 229 00:12:36,720 --> 00:12:40,480 password is not dead. Even if we've beaten it to a 230 00:12:40,480 --> 00:12:42,320 bloody pulp, it's not dead, right? 231 00:12:42,640 --> 00:12:46,280 So that makes sense to me. You know, I'm just kind of like 232 00:12:46,280 --> 00:12:48,440 thinking back through my experience. 233 00:12:48,720 --> 00:12:52,520 And I think the password manager I have, I've always thought of 234 00:12:53,080 --> 00:12:55,560 termed as like a personal password manager. 235 00:12:55,840 --> 00:12:58,480 And then there's enterprise password managers. 236 00:12:58,840 --> 00:13:02,200 I'm wondering if you could for audience explain the difference 237 00:13:02,200 --> 00:13:07,400 between the two and then tell us what Pervora's solution is. 238 00:13:09,040 --> 00:13:10,920 Yeah. I mean, for me, the difference 239 00:13:10,920 --> 00:13:13,680 between a personal password manager and enterprise password 240 00:13:13,680 --> 00:13:17,120 managers really the paradigm of who has control over what's in 241 00:13:17,120 --> 00:13:20,440 that. You know, I think a lot of 242 00:13:20,640 --> 00:13:25,000 employees, staff contractors are using personal password managers 243 00:13:25,000 --> 00:13:29,120 for their business passwords, which creates an additional 244 00:13:29,120 --> 00:13:32,440 layer of business risk. And so an enterprise password 245 00:13:32,440 --> 00:13:36,400 managers, really just one that is geared towards an enterprise 246 00:13:36,400 --> 00:13:39,960 where they want to be able to maintain control of the 247 00:13:39,960 --> 00:13:45,240 credentials that are in that vault, even after that employee 248 00:13:45,240 --> 00:13:47,960 may have left and be assured that, you know, they're not 249 00:13:47,960 --> 00:13:52,000 getting leaked and have some ability to audit and see where 250 00:13:52,000 --> 00:13:55,720 they're used, what they're for. You know, I, I like to think of 251 00:13:55,720 --> 00:13:58,760 it as like the last mile to password list, right? 252 00:13:58,760 --> 00:14:02,280 So you, you hit this 80% adoption and you're like, OK, 253 00:14:02,280 --> 00:14:03,760 great. So what are we going to do with 254 00:14:03,760 --> 00:14:07,560 the rest of this 20%? And I think a lot of companies 255 00:14:07,560 --> 00:14:11,160 go down this complex digital transformation journey where all 256 00:14:11,160 --> 00:14:14,600 these systems are going to have to be upgraded or modified at 257 00:14:14,600 --> 00:14:17,920 some point, which is great, but that takes time. 258 00:14:17,920 --> 00:14:21,120 What they can do today is start to put those in a password 259 00:14:21,120 --> 00:14:23,960 vault. And then what our solution does 260 00:14:24,280 --> 00:14:28,800 that is a bit unique in the market as far as we can tell is 261 00:14:28,800 --> 00:14:32,160 from our lineage in managing self-service password reset, 262 00:14:32,160 --> 00:14:34,960 integrating with hundreds of different applications including 263 00:14:34,960 --> 00:14:38,520 legacy mainframes, etcetera. We can actually treat these 264 00:14:38,520 --> 00:14:41,720 credentials like we treated in privileged access management and 265 00:14:41,720 --> 00:14:47,920 we can rotate them nightly, every week, every 6090 days and 266 00:14:47,920 --> 00:14:51,640 we get to set them. So it gives IT the control of 267 00:14:51,640 --> 00:14:54,920 the password back and they no longer have to really be 268 00:14:54,920 --> 00:14:57,400 worried. The other thing that comes up a 269 00:14:57,400 --> 00:15:01,120 lot is, you know, we get in these scenarios where a company 270 00:15:01,120 --> 00:15:05,760 has a breach and they have to go reset hundreds or thousands of 271 00:15:05,760 --> 00:15:08,400 passwords. And that's really hard to do. 272 00:15:08,880 --> 00:15:13,800 It's a lot easier to do when you can do it programmatically and 273 00:15:13,800 --> 00:15:15,760 then you have a mechanism for distribution. 274 00:15:15,760 --> 00:15:18,160 Because while you might be able to write, you know, a PowerShell 275 00:15:18,160 --> 00:15:20,960 script or whatever that goes and resets all the passwords and 276 00:15:20,960 --> 00:15:24,520 enter ID, then you have the problem of, OK, well, how do I 277 00:15:24,520 --> 00:15:26,560 get Jeff and Jim their passwords? 278 00:15:26,880 --> 00:15:29,200 You know, how do I make sure that they are actually who they 279 00:15:29,200 --> 00:15:32,200 say they are and I'm not just letting bad actors back into the 280 00:15:32,200 --> 00:15:33,280 system. So. 281 00:15:34,040 --> 00:15:35,920 You know what you kind of described there is almost like a 282 00:15:36,040 --> 00:15:39,400 quasi password less type approach where you know you're 283 00:15:39,400 --> 00:15:43,160 letting you're letting the the wallet, the vault, whatever you 284 00:15:43,160 --> 00:15:46,040 want to call it, right? Manage that for you and me as a 285 00:15:46,040 --> 00:15:48,880 user. I don't have to know that, but I 286 00:15:48,880 --> 00:15:52,640 guess the, there's a little bit of a, of a, of a split here 287 00:15:52,640 --> 00:15:56,120 though, because a lot of organizations are spending and, 288 00:15:56,120 --> 00:15:59,800 and rightly so, money and time to get on to things like single 289 00:15:59,800 --> 00:16:03,200 sign on, you know, get MFA, get identity platforms in place, 290 00:16:03,200 --> 00:16:04,880 right, things like that. So the idea is like, hey, let's 291 00:16:04,880 --> 00:16:08,080 get everything centralized. Let's use one strong credential. 292 00:16:08,200 --> 00:16:11,440 But you talk there about sort of that last mile and I think 293 00:16:11,440 --> 00:16:14,080 that's where a lot of the operational reality still comes 294 00:16:14,080 --> 00:16:16,680 into it. Can you talk a bit more about 295 00:16:16,680 --> 00:16:18,560 what that breakdown is like? OK, great. 296 00:16:18,560 --> 00:16:21,320 We got 80%. What about the other 20%? 297 00:16:21,360 --> 00:16:23,720 Like that's, that's still the key part of it that you're 298 00:16:23,720 --> 00:16:26,760 looking to address, right? Yeah, exactly. 299 00:16:26,840 --> 00:16:30,760 I mean, I think you know again I'll, I'll kind of reassert the 300 00:16:30,760 --> 00:16:33,440 passwords not gone until you're not using it anywhere. 301 00:16:34,600 --> 00:16:37,680 We talked to an organization recently, I think had a 302 00:16:37,680 --> 00:16:42,520 identifiers DC who was doing exactly this and they took a 303 00:16:42,520 --> 00:16:46,560 different approach to it, which was they required people to 304 00:16:46,560 --> 00:16:50,400 reset their password in order to get access to their password, 305 00:16:50,840 --> 00:16:53,160 which is not super user friendly. 306 00:16:53,240 --> 00:16:55,720 But when when you talk about kind of the breakdown of 307 00:16:55,720 --> 00:16:59,840 systems, right, there's a lot of legacy technology. 308 00:16:59,840 --> 00:17:02,560 I mean, you know, there's still mainframes in existence. 309 00:17:02,560 --> 00:17:05,839 There probably will be for, you know, God knows how long until 310 00:17:05,839 --> 00:17:08,880 IBM stops manufacturing them perhaps and selling them. 311 00:17:09,359 --> 00:17:14,560 But you know, that's not going away as quickly as we need to 312 00:17:14,560 --> 00:17:16,560 address the security problem, right? 313 00:17:16,960 --> 00:17:21,520 And so I think this is like a pragmatic approach to, okay, 314 00:17:21,560 --> 00:17:24,440 well, look, we're still going to go on this path and this 315 00:17:24,440 --> 00:17:27,319 journey, which by the way, we believe in as well, right? 316 00:17:27,319 --> 00:17:30,400 Which is you want to eliminate passwords, you want to eliminate 317 00:17:30,400 --> 00:17:33,560 the human in them. But you know, what do we do in 318 00:17:33,560 --> 00:17:36,120 the meantime, right. So in the meantime, while we 319 00:17:36,120 --> 00:17:39,120 have a secure way to deal with them, the other piece of that 320 00:17:39,120 --> 00:17:42,520 breakdown that enterprises really don't think about is, OK, 321 00:17:42,520 --> 00:17:46,560 I've got these 150 applications in my ecosystem that I'm going 322 00:17:46,560 --> 00:17:52,080 to manage access to. Well, what about the 150 to 500 323 00:17:52,080 --> 00:17:55,520 applications that your staff are using for business purposes or 324 00:17:55,520 --> 00:18:00,120 otherwise where they're still setting bad passwords because 325 00:18:00,120 --> 00:18:03,520 those systems haven't evolved to use pass keys or the users 326 00:18:03,520 --> 00:18:05,480 aren't comfortable with them? You know, I think about, we 327 00:18:05,480 --> 00:18:07,240 talked about Identiversity C, right? 328 00:18:07,680 --> 00:18:10,320 All these events you go to, you create an account on some 329 00:18:10,320 --> 00:18:13,440 platform, be it like, you know, Cvent or something else. 330 00:18:14,320 --> 00:18:18,040 And it's just the proliferation of more and more accounts. 331 00:18:18,040 --> 00:18:22,360 I think the last time I checked in my vault for work, I have 332 00:18:22,360 --> 00:18:26,920 about, you know, 11:50 managed credentials, ID things that are 333 00:18:26,920 --> 00:18:29,240 like really truly owned by the business. 334 00:18:29,720 --> 00:18:34,440 But I have over 300 items in my vault that are work related. 335 00:18:34,520 --> 00:18:37,920 And you know, I might be in a unique role, but those roles 336 00:18:37,920 --> 00:18:40,680 exist everywhere, you know, marketing or people who are in 337 00:18:40,680 --> 00:18:44,560 consulting with access to customer systems, etcetera. 338 00:18:44,560 --> 00:18:48,320 So I think there's a lot more to it than what we actually see at 339 00:18:48,320 --> 00:18:51,160 the surface. Yeah, that's what I was thinking 340 00:18:51,160 --> 00:18:52,040 too. As you were talking. 341 00:18:52,040 --> 00:18:56,480 I'm thinking like, OK, talk about like your GitHub password 342 00:18:56,840 --> 00:19:01,200 and things like that. That's in that 300 where the 343 00:19:01,200 --> 00:19:08,080 work related with their personal accounts, if you will, that I 344 00:19:08,080 --> 00:19:12,760 think an enterprise identity person might say here might be 345 00:19:12,760 --> 00:19:13,960 the challenge that you would get. 346 00:19:14,000 --> 00:19:17,600 It's like, well, we've got tools we've got, I'm going to pick on 347 00:19:17,600 --> 00:19:19,320 Octa even though I'm not picking on Octa. 348 00:19:19,600 --> 00:19:25,080 It can save these passwords, It can store the password. 349 00:19:25,800 --> 00:19:28,360 Is that enough storing the password? 350 00:19:30,920 --> 00:19:33,480 You know, I would say no, because you're not taking the 351 00:19:33,480 --> 00:19:36,200 human element out of creation, right? 352 00:19:37,080 --> 00:19:39,160 And what do I mean by that? Right. 353 00:19:39,960 --> 00:19:45,000 We look at passwords and we look at the password dumps and we 354 00:19:45,000 --> 00:19:46,800 look at all the spreadsheets that people store their 355 00:19:46,800 --> 00:19:50,200 passwords in. And what you inevitably find is 356 00:19:50,200 --> 00:19:53,920 a pattern. You know, it's not uncommon to 357 00:19:53,920 --> 00:20:00,560 see like my dog's name, 2026 or, you know, 78 because it's the 358 00:20:00,560 --> 00:20:04,560 78th password they've set in their lifetime at that company. 359 00:20:05,080 --> 00:20:09,840 And so I think. One of the issues is that we use 360 00:20:09,840 --> 00:20:12,880 these passwords, and we use these patterns as humans because 361 00:20:12,880 --> 00:20:16,040 they're easy to remember. But we don't just use them at 362 00:20:16,040 --> 00:20:17,960 work. We use them in other platforms. 363 00:20:17,960 --> 00:20:20,600 And those other platforms occasionally get breached and, 364 00:20:20,600 --> 00:20:23,000 you know, password hashes get dumped in places. 365 00:20:23,560 --> 00:20:26,840 But once we can figure out what somebody's pattern might be, 366 00:20:26,840 --> 00:20:30,000 it's not all that hard to run a very targeted, you know, 367 00:20:30,000 --> 00:20:32,240 stuffing attempt to say, OK, great. 368 00:20:32,240 --> 00:20:35,320 I know that, you know, this person uses the password and 369 00:20:35,320 --> 00:20:39,560 it's their dog's name, Fluffy. And, you know, they've probably 370 00:20:39,560 --> 00:20:42,520 been there for, you know, 50 password change cycles. 371 00:20:42,520 --> 00:20:45,760 So let's try everything from 25 to 75, right? 372 00:20:45,760 --> 00:20:48,960 It creates a very targeted way to attack individuals. 373 00:20:48,960 --> 00:20:53,680 And so I think active management is really the only way to 374 00:20:53,680 --> 00:20:57,440 address that. So when you can reset it and 375 00:20:57,440 --> 00:21:00,800 also actively manage it, that's kind of the Nirvana I think. 376 00:21:01,360 --> 00:21:04,400 Yeah, that's the same part I think is pretty important. 377 00:21:04,400 --> 00:21:07,480 So that's what you had mentioned earlier that kind of triggered 378 00:21:07,480 --> 00:21:13,160 me was so you have the ability to go in and manage the 379 00:21:13,160 --> 00:21:16,920 password, reset the password on a periodic basis, things like 380 00:21:16,920 --> 00:21:18,440 that. Is that what I'm hearing? 381 00:21:19,960 --> 00:21:20,760 Exactly. Yeah. 382 00:21:20,760 --> 00:21:23,680 I mean, we treat it basically like you would treat it in 383 00:21:23,680 --> 00:21:29,240 privileged access management. So you talk about passwords 384 00:21:29,240 --> 00:21:32,760 being breached and you know, I think social engineering is 385 00:21:32,760 --> 00:21:34,760 another way that people get into accounts. 386 00:21:34,760 --> 00:21:37,120 You know, service does have issues with validating colors, 387 00:21:37,120 --> 00:21:38,120 right? All kinds of stuff like that. 388 00:21:38,840 --> 00:21:43,440 And what I go back my, my background and identity is I am 389 00:21:43,440 --> 00:21:47,360 operations taking phone calls from people on January 1st, well 390 00:21:47,360 --> 00:21:50,240 probably January 2nd. We forgot their passwords over 391 00:21:50,240 --> 00:21:55,280 the holiday break, right? And you're trying to really get 392 00:21:55,280 --> 00:21:58,200 them in. And you know, back then it 393 00:21:58,240 --> 00:22:01,800 really wasn't security. It was just like a process you 394 00:22:01,800 --> 00:22:05,080 followed and it was like customer service versus a 395 00:22:05,080 --> 00:22:08,880 security control. And I'm curious, do you still 396 00:22:08,880 --> 00:22:11,120 see that taking place today and what are your thoughts and sort 397 00:22:11,120 --> 00:22:15,320 of that approach? You know, I think help desks are 398 00:22:15,320 --> 00:22:19,400 evolving, but they're evolving out of pure necessity and based 399 00:22:19,400 --> 00:22:21,160 on what's happening in the market, right? 400 00:22:22,160 --> 00:22:25,600 It feels like 50% of the attacks, and this is not an 401 00:22:25,600 --> 00:22:30,040 actual statistic, are helped desk social engineering related. 402 00:22:31,040 --> 00:22:35,760 In kind of the ones that I've investigated or looked at, you 403 00:22:35,760 --> 00:22:40,200 know, thinking of like Caesars and MGM, that was help desk 404 00:22:40,200 --> 00:22:43,160 engineering. There was another one, you know, 405 00:22:43,160 --> 00:22:46,560 locally here that was also help desk social engineering. 406 00:22:46,960 --> 00:22:51,360 Again, it's kind of like, you know, the human element is the 407 00:22:51,360 --> 00:22:54,320 risk, right? And so if you give, you know, 408 00:22:54,520 --> 00:22:58,000 admin rights, even delegated admin rights to your help desk 409 00:22:58,000 --> 00:23:00,320 to be able to go reset passwords, I mean that again, 410 00:23:00,320 --> 00:23:03,000 they're following a process with the best of intention. 411 00:23:03,000 --> 00:23:07,320 But if there's nothing in the middle kind of enforcing that, 412 00:23:07,320 --> 00:23:11,280 you know, we actually validated through like an IDV, for 413 00:23:11,280 --> 00:23:15,920 example, which is identity verification software that you 414 00:23:15,920 --> 00:23:18,800 know, this person is who they say they are or like a simple 415 00:23:18,800 --> 00:23:22,960 push notification or something like that, then helped us are 416 00:23:22,960 --> 00:23:27,680 going to continually fall fall to kind of those attempts. 417 00:23:28,440 --> 00:23:32,720 And so, you know, again, thinking about the solution, 418 00:23:32,720 --> 00:23:37,800 right, if we can have a situation where users no longer 419 00:23:37,800 --> 00:23:40,600 have to forget their password because it's just stored 420 00:23:40,600 --> 00:23:42,880 somewhere for them, which is probably what they should be 421 00:23:42,880 --> 00:23:46,640 doing anyways, is using a password manager. 422 00:23:47,720 --> 00:23:51,120 But if we can get them there, then, you know, a lot of the 423 00:23:51,120 --> 00:23:53,480 help desk problem goes away. Not all of it. 424 00:23:53,480 --> 00:23:56,320 I mean, you're still going to have first login scenarios and 425 00:23:56,320 --> 00:24:00,160 other situations where, hey, you know, I, I lost my phone on a 426 00:24:00,160 --> 00:24:03,720 beach in Hawaii and I no longer have access to anything, you 427 00:24:03,720 --> 00:24:06,560 know, my MFA devices swept into the ocean. 428 00:24:07,680 --> 00:24:11,240 But, you know, if you can kind of put controls in place that 429 00:24:11,240 --> 00:24:14,800 technically, you know, validate that the user is who they say 430 00:24:14,800 --> 00:24:18,240 they are before distributing access to their vault or their 431 00:24:18,240 --> 00:24:21,200 credential. And I think you can eliminate a 432 00:24:21,200 --> 00:24:25,680 lot of that social engineering issue that we're seeing. 433 00:24:25,680 --> 00:24:27,600 Right. And so it really comes down to 434 00:24:27,960 --> 00:24:30,840 removing the human from the problem, you know? 435 00:24:32,040 --> 00:24:34,840 Yeah. Yeah, Yeah, I think so. 436 00:24:35,520 --> 00:24:39,000 I'm writing a book, by the way, and one of it's a book of short 437 00:24:39,000 --> 00:24:43,560 stories about identity practitioners in the trenches, 438 00:24:43,560 --> 00:24:45,280 right. And so one of the stories is 439 00:24:45,280 --> 00:24:50,720 about a scatter spider type breach, right, where they call 440 00:24:50,720 --> 00:24:55,760 the help desk and more or less socially engineer the help desk 441 00:24:55,760 --> 00:24:58,560 person. And the, the moral of the story 442 00:24:58,560 --> 00:25:05,240 is that they, the identity verification or the process 443 00:25:05,240 --> 00:25:09,960 wasn't designed to kind of think about that type of scenario 444 00:25:09,960 --> 00:25:12,560 where the person on the other end of the phone is saying, 445 00:25:12,560 --> 00:25:15,840 look, if I don't get access, I'm going to be fired. 446 00:25:16,160 --> 00:25:20,040 I, I think from a governance standpoint, we need to think 447 00:25:20,040 --> 00:25:21,400 like that. It's almost like putting 448 00:25:21,400 --> 00:25:23,280 together a disaster recovery plan. 449 00:25:23,600 --> 00:25:27,160 Like nobody wants to think about like these awful disasters 450 00:25:27,160 --> 00:25:29,400 taking place and taking out your infrastructure. 451 00:25:29,400 --> 00:25:34,320 But, you know, it's part of what we're paid to do, frankly. 452 00:25:34,520 --> 00:25:38,760 But I think, you know, in a scenario like that, you know, 453 00:25:38,760 --> 00:25:44,680 having a password management tool seems like it could make a 454 00:25:44,680 --> 00:25:50,640 lot of sense. Yeah, I mean, even just kind of 455 00:25:50,640 --> 00:25:52,600 thinking of more basic scenarios, right? 456 00:25:52,600 --> 00:25:55,960 Maybe your phone doesn't get swept away in the ocean, but it 457 00:25:55,960 --> 00:25:59,000 came up on its two year term and you traded it in for a new phone 458 00:25:59,000 --> 00:26:03,240 without thinking about, you know, Oh my, my MFA 459 00:26:03,240 --> 00:26:06,600 authenticator is on there, which is something we see a lot of. 460 00:26:06,600 --> 00:26:09,840 I think you can see it in the data patterns in the cycles. 461 00:26:09,840 --> 00:26:14,240 But yeah, I mean, having a password manager in those cases, 462 00:26:14,240 --> 00:26:18,400 I think really addresses not only, you know, forgotten 463 00:26:18,400 --> 00:26:20,920 passwords, but password strength. 464 00:26:22,560 --> 00:26:25,440 The other aspect of that you talk about scattered spider, 465 00:26:25,440 --> 00:26:27,800 right? And I mean, these things are 466 00:26:28,160 --> 00:26:31,480 always maybe not always hopefully one day not going to 467 00:26:31,480 --> 00:26:33,800 happen, but that seems kind of unlikely. 468 00:26:34,840 --> 00:26:37,480 So if we accept that we're going to, you know, have to deal with 469 00:26:37,480 --> 00:26:38,920 these. I think you talked about 470 00:26:38,920 --> 00:26:42,920 building resilience and thinking about this as like a disaster 471 00:26:42,920 --> 00:26:46,280 recovery plan. I think when you engineer your 472 00:26:46,280 --> 00:26:49,440 help desk processes, you need to be able to accommodate for the 473 00:26:49,440 --> 00:26:51,880 what ifs, right? It's hey, you know, I can't 474 00:26:51,880 --> 00:26:54,920 authenticate them by push. I can't authenticate them by, 475 00:26:55,360 --> 00:26:59,920 you know, XY or Z, you know, what are the fall back options? 476 00:26:59,920 --> 00:27:03,120 And we see a lot of companies now looking at identity 477 00:27:03,120 --> 00:27:06,680 verification as one technique for that, you know, doing, you 478 00:27:06,680 --> 00:27:10,160 know, driver's license or passport recognition with 479 00:27:10,160 --> 00:27:13,800 liveliness checks, which I think is generally a good practice. 480 00:27:13,800 --> 00:27:17,280 TBD on whether AI allows us to break that. 481 00:27:17,280 --> 00:27:21,520 But it seems like, you know, those two are evolving in 482 00:27:21,520 --> 00:27:24,400 tandem, sort of, you know, one step ahead of each other 483 00:27:24,400 --> 00:27:27,240 perhaps. At least until AI has driving 484 00:27:27,240 --> 00:27:29,440 license, driver's licenses, and then and then we've got 485 00:27:29,440 --> 00:27:31,280 problems, maybe driverless cars, I don't know. 486 00:27:31,280 --> 00:27:34,440 That's, that's a whole different probably topic. 487 00:27:35,080 --> 00:27:37,720 I want to go back to what you said earlier about password 488 00:27:37,720 --> 00:27:39,240 vaults. And I'm thinking, and I'm 489 00:27:39,240 --> 00:27:41,240 sitting here and I'm like, OK, I've got a password vault. 490 00:27:41,360 --> 00:27:42,840 Jim, you mentioned you've got a password vault. 491 00:27:42,840 --> 00:27:45,760 I'm sure Bart, you've got one. But I feel like we're still in 492 00:27:45,760 --> 00:27:48,880 the minority. Like for whatever reason, a lot 493 00:27:48,880 --> 00:27:50,800 of people don't use password vaults. 494 00:27:51,320 --> 00:27:54,880 Why do you think that is? Like is it, is it like a user 495 00:27:54,880 --> 00:27:57,880 experience thing? Like how do we, how do we 496 00:27:57,880 --> 00:28:01,200 educate people say, hey, you really should be using a 497 00:28:01,200 --> 00:28:05,200 password vault and here's why And what is how do we, how do we 498 00:28:05,200 --> 00:28:07,280 help communicate that out there, I guess is what I'm saying. 499 00:28:09,760 --> 00:28:13,080 Yeah. I mean, I think part of it is 500 00:28:13,080 --> 00:28:17,120 education. Part of it is, you know, people 501 00:28:17,120 --> 00:28:21,040 do what they're used to. And you, you know, you saw this 502 00:28:21,040 --> 00:28:24,880 a lot like 20 years ago in terms of how people would manage their 503 00:28:24,880 --> 00:28:29,080 like, personal PCs at home very differently than how they did 504 00:28:29,080 --> 00:28:31,280 things at work. But, you know, as things 505 00:28:31,280 --> 00:28:34,360 evolved, it was more common for like home users to have any 506 00:28:34,360 --> 00:28:38,920 virus. And so I think, you know, one of 507 00:28:38,920 --> 00:28:42,560 the approaches really is enterprise password managers are 508 00:28:42,560 --> 00:28:45,560 not all that common across enterprises either. 509 00:28:45,560 --> 00:28:49,640 I think there's still kind of a slow adoption there as 510 00:28:49,720 --> 00:28:52,360 practitioners. I think recommending that or 511 00:28:52,360 --> 00:28:57,440 looking at, you know, how that can plug a gap is 1 important 512 00:28:57,440 --> 00:29:00,000 piece. I think also just dispelling the 513 00:29:00,000 --> 00:29:02,360 myth that it makes things harder, right? 514 00:29:02,360 --> 00:29:06,920 Like I can't think of a world where I don't have a password 515 00:29:06,920 --> 00:29:10,560 manager on every device. Like, you know, remembering that 516 00:29:10,560 --> 00:29:15,760 I used some unique thing for this website, maybe some pseudo 517 00:29:15,760 --> 00:29:21,200 algorithm to figure out a a solid password, Just yeah, I 518 00:29:21,200 --> 00:29:22,520 don't think I could ever do that. 519 00:29:22,520 --> 00:29:26,760 So I think some of it is awareness, others is, you know, 520 00:29:26,760 --> 00:29:28,840 adoption. I think once we see adoption in 521 00:29:28,840 --> 00:29:33,000 enterprise and it becomes a more common day-to-day use case for 522 00:29:33,000 --> 00:29:37,400 people, then it becomes easier. The other thing we're seeing as 523 00:29:37,400 --> 00:29:41,320 kind of a, a side effect of doing what we're talking about 524 00:29:41,320 --> 00:29:47,040 and taking your entry ID, your ACTA or your AD credential and 525 00:29:47,040 --> 00:29:49,880 actively managing it is that we're building a habit. 526 00:29:50,480 --> 00:29:52,800 We're building the habit that you'd never know your your 527 00:29:52,800 --> 00:29:56,200 password and you're constantly going to your safe to get it. 528 00:29:56,560 --> 00:30:00,080 And then, you know, people naturally start to put other 529 00:30:00,080 --> 00:30:02,760 things in there because they get used to that workflow. 530 00:30:02,760 --> 00:30:04,920 So I think a lot of it is familiarity. 531 00:30:04,920 --> 00:30:09,360 I mean, as with anything changes a scary topic for people talking 532 00:30:09,360 --> 00:30:11,920 about, you know, we're going to change the way people log in. 533 00:30:11,920 --> 00:30:17,120 I think you know when password list was opt in, a lot of people 534 00:30:17,120 --> 00:30:19,720 opted out until they realized that it made their lives easier 535 00:30:19,720 --> 00:30:22,480 and they could just scan their fingerprint or look at their 536 00:30:22,560 --> 00:30:27,440 camera, right? Jeff, I think I have the answer 537 00:30:27,440 --> 00:30:31,280 for you. So if politics comes up the 538 00:30:31,280 --> 00:30:34,920 Thanksgiving dinner table, bring up password management. 539 00:30:35,160 --> 00:30:37,880 You will never see the divide get worse, right? 540 00:30:38,320 --> 00:30:41,720 Of course it's the identity people who care about good 541 00:30:41,720 --> 00:30:43,920 password hygiene and good practices. 542 00:30:44,200 --> 00:30:45,200 But everybody else? You really. 543 00:30:45,200 --> 00:30:47,320 I'm so sick of changing my password. 544 00:30:47,880 --> 00:30:52,280 If there's something that ruins lives, it's having to keep up 545 00:30:52,280 --> 00:30:55,640 with passwords. And you'll meet total strangers 546 00:30:55,640 --> 00:30:58,840 and they will unload on you when they find out what you do. 547 00:31:00,320 --> 00:31:02,320 Yeah, you're the reason why I have to change my password. 548 00:31:02,320 --> 00:31:04,720 That's what I get from like my Barber and other people say, 549 00:31:04,720 --> 00:31:07,120 what do you do? Yeah, sorry about that, but 550 00:31:07,160 --> 00:31:08,440 we're trying to make it better, I swear. 551 00:31:09,640 --> 00:31:12,840 We're trying to make it better. That's the the best answer you 552 00:31:12,840 --> 00:31:16,800 can give Bart, help me out with my book here, man. 553 00:31:17,000 --> 00:31:23,320 So I'm I'm trying to put myself in the mindset of that 554 00:31:23,320 --> 00:31:28,200 operations team, right? And Joe from the health desk 555 00:31:28,200 --> 00:31:33,360 unfortunately just potentially gave out the password to the 556 00:31:33,360 --> 00:31:37,640 scatter spiker people, right? So we we now know like, hey, we 557 00:31:37,640 --> 00:31:40,360 may have a compromise credential on our hands. 558 00:31:40,560 --> 00:31:43,960 Hopefully he didn't give like the domain administrator away or 559 00:31:43,960 --> 00:31:48,240 something like that, but he just coughed up a credential. 560 00:31:50,200 --> 00:31:51,960 Talk to us about this first few hours. 561 00:31:51,960 --> 00:31:55,840 What is happening? Yeah. 562 00:31:56,120 --> 00:32:00,560 I mean, I describe it as like the fog of war sets in and then 563 00:32:00,560 --> 00:32:04,840 you just all of a sudden lose sight of a lot of things. 564 00:32:06,400 --> 00:32:10,120 But I think a lot of teams get bogged down in the first couple 565 00:32:10,120 --> 00:32:13,440 of hours simply because they have a lack of visibility. 566 00:32:13,880 --> 00:32:17,040 And to your point earlier, they've never done this. 567 00:32:17,040 --> 00:32:19,440 They don't have a process for this. 568 00:32:20,440 --> 00:32:23,880 They don't even know, you know, whether they should disable all 569 00:32:23,880 --> 00:32:27,880 accounts, a specific few, because hopefully they have some 570 00:32:27,880 --> 00:32:32,600 visibility tools or whether they should reset them or you know 571 00:32:32,680 --> 00:32:37,640 what, where to start, I guess. And so I think a large part of 572 00:32:37,640 --> 00:32:41,080 that is, you know, making sure that you have tools which allow 573 00:32:41,080 --> 00:32:44,280 you to actually have good visibility into your 574 00:32:44,280 --> 00:32:47,640 environment. Understanding that, you know, 575 00:32:48,680 --> 00:32:50,920 user X was potentially compromised. 576 00:32:50,920 --> 00:32:53,400 Yes, they have logged in using that new password. 577 00:32:53,400 --> 00:32:57,400 Yeah, it does look like they're logging in from, you know, X 578 00:32:57,400 --> 00:33:00,480 country instead of, you know, Canada or the United States 579 00:33:00,480 --> 00:33:02,440 where they're they usually reside. 580 00:33:03,600 --> 00:33:06,440 But then also being able to understand what that person has 581 00:33:06,440 --> 00:33:08,640 access to. You said, you know, hopefully 582 00:33:08,640 --> 00:33:11,640 not a domain administrator account, but I'll play devil's 583 00:33:11,640 --> 00:33:13,880 advocate. What if it was because I think 584 00:33:13,880 --> 00:33:17,320 in one of the scenarios that I was thinking of in my head, it, 585 00:33:17,600 --> 00:33:20,840 it wasn't immediate access to a domain administrator account, 586 00:33:20,840 --> 00:33:26,040 but it was access to an IAM practitioner account, which 587 00:33:26,040 --> 00:33:30,120 didn't directly have domain admin, but they weren't far off. 588 00:33:30,120 --> 00:33:31,720 And that's what they ended up getting. 589 00:33:32,800 --> 00:33:36,840 But so when you get into that situation and you need to, you 590 00:33:36,840 --> 00:33:40,040 know, potentially disable or reset those hundreds or 591 00:33:40,040 --> 00:33:43,640 thousands of accounts and in your directory, I mean, then 592 00:33:43,640 --> 00:33:44,400 what? Right. 593 00:33:44,720 --> 00:33:49,000 A lot of companies we see you get to that point and then 594 00:33:49,000 --> 00:33:51,520 they're like, OK, well, you know, we can reset them. 595 00:33:51,880 --> 00:33:54,480 That's maybe the easy part. I said this earlier, right? 596 00:33:54,480 --> 00:33:56,160 You can write the PowerShell script. 597 00:33:56,160 --> 00:33:59,560 It's probably only a few lines if you do it efficiently. 598 00:34:00,440 --> 00:34:02,720 But then what? What is the rest of the process 599 00:34:02,720 --> 00:34:05,600 look like? You know, if you're at a, you 600 00:34:05,600 --> 00:34:09,400 know, fifty person organization and you're in person, yeah, OK, 601 00:34:09,400 --> 00:34:11,280 fine. You know, hand it out on 602 00:34:11,800 --> 00:34:14,480 hopefully not sticky notes, but you know what I mean, right? 603 00:34:14,480 --> 00:34:16,960 It's easier to distribute it because you're going to have 604 00:34:16,960 --> 00:34:19,960 that personal relationship and you can vet that everybody is 605 00:34:19,960 --> 00:34:23,360 who they say they are. But even if you're a small 606 00:34:23,360 --> 00:34:27,600 organization that's remote, how do you know that, you know, 607 00:34:29,280 --> 00:34:32,520 somebody from finance is actually who they say they are 608 00:34:32,520 --> 00:34:35,360 and Oh yeah, they need to reset their password because we reset 609 00:34:35,360 --> 00:34:40,199 everybody's password. So what we think of is actually 610 00:34:40,199 --> 00:34:43,679 kind of closing that again. You know, the last mile metaphor 611 00:34:44,000 --> 00:34:47,960 to breach recovery as well is something that you can do with 612 00:34:47,960 --> 00:34:52,120 this kind of unique combination. We can look at, you know, 613 00:34:52,120 --> 00:34:55,679 resetting hundreds or thousands of accounts, not only on a 614 00:34:55,679 --> 00:34:59,120 scheduled basis, but on like an event by event basis. 615 00:34:59,120 --> 00:35:01,360 You, you have a breach. OK, great. 616 00:35:01,520 --> 00:35:06,960 Go reset all of the accounts you know and make sure that they no 617 00:35:06,960 --> 00:35:10,640 longer have potential breach credentials or that you're at 618 00:35:10,640 --> 00:35:12,640 least trying to walk out threat actors. 619 00:35:13,920 --> 00:35:18,600 But I'm kind of coming to the conclusion hearing you talk that 620 00:35:20,560 --> 00:35:26,720 we might be going and pitching a solution for password lists 621 00:35:26,720 --> 00:35:30,280 where pass keys cross the enterprise, but we're still 622 00:35:30,280 --> 00:35:34,760 going to have that final mile for the 20%, let's call it 20%. 623 00:35:34,760 --> 00:35:39,240 It might be more or less depending on your situation, but 624 00:35:39,240 --> 00:35:42,400 there's it's going to be something where you can't do 625 00:35:42,400 --> 00:35:49,240 that. And I what, what, where do we 626 00:35:49,240 --> 00:35:52,600 stand then? Like do we put forward a 627 00:35:52,600 --> 00:35:56,000 solution then? Is password manager really like 628 00:35:56,000 --> 00:35:59,680 the only viable option at that point? 629 00:36:02,120 --> 00:36:04,640 I mean, you can take different approaches. 630 00:36:04,640 --> 00:36:07,240 Like I said, there was one organization who was forcing 631 00:36:07,240 --> 00:36:11,000 their users to go to like their password reset tool and reset 632 00:36:11,000 --> 00:36:14,400 their password, you know, every couple of days when they needed 633 00:36:14,400 --> 00:36:18,560 access to those 20% of systems that actually required a 634 00:36:18,560 --> 00:36:23,080 password for a login. That sounds terrible, yeah. 635 00:36:23,320 --> 00:36:25,640 I agree you could build your own. 636 00:36:25,640 --> 00:36:27,560 I talked to another business who built their own. 637 00:36:27,560 --> 00:36:31,240 I mean it, if it were me, I wouldn't really want to build my 638 00:36:31,240 --> 00:36:34,120 own because it's kind of sensitive and you know, how to 639 00:36:34,240 --> 00:36:37,400 how do I know that it's actually been built properly and so. 640 00:36:37,440 --> 00:36:39,920 You're not trying to jam this down anyone's throat, but 641 00:36:39,920 --> 00:36:43,800 basically the answer is like, this is the only sensible 642 00:36:43,800 --> 00:36:47,440 solution, right? I think it's the only solution 643 00:36:47,440 --> 00:36:51,400 on the market right now that tackles the entire problem. 644 00:36:51,480 --> 00:36:54,320 You can bring in a password manager, and there's a lot of 645 00:36:54,320 --> 00:36:58,400 good password managers on the market and you can encourage 646 00:36:58,400 --> 00:37:02,640 credential hygiene. But I think until you can 647 00:37:02,640 --> 00:37:07,880 actually, you know, control user behavior or push user behavior 648 00:37:07,880 --> 00:37:12,560 in a certain direction, that's really where those solutions 649 00:37:12,560 --> 00:37:14,760 lack, right? You're never going to get 100% 650 00:37:14,760 --> 00:37:17,520 of adoption of a password manager solution unless you 651 00:37:17,520 --> 00:37:19,760 force the user to go into the password manager to get their 652 00:37:19,760 --> 00:37:23,480 password. I mean, we did this two years 653 00:37:23,480 --> 00:37:27,080 ago now, and I have no idea what any of my passwords are, and I 654 00:37:27,080 --> 00:37:31,840 haven't for a long time. And, you know, it took us a 655 00:37:31,840 --> 00:37:36,440 while to get everybody on board, but immediately we saw adoption 656 00:37:36,440 --> 00:37:39,840 of the pastor management tool really uptick quite quickly. 657 00:37:39,840 --> 00:37:46,680 So, yeah, I think it's a good solution to a problem that the 658 00:37:46,680 --> 00:37:51,800 alternative is to wait years, maybe another decade, until 659 00:37:51,800 --> 00:37:57,400 everything universally supports pass keys or Fido or some good 660 00:37:57,400 --> 00:38:01,560 appropriate standard. And by the way, I mean, pastor 661 00:38:01,560 --> 00:38:04,400 managers solve another problem with pass keys, which is 662 00:38:04,400 --> 00:38:08,480 portability, right? And so I think whether we see 663 00:38:08,480 --> 00:38:12,720 them now in the enterprise OR in five years in the enterprise, I 664 00:38:12,720 --> 00:38:15,240 think they're still coming. And it's a necessity. 665 00:38:15,240 --> 00:38:19,760 But it might be from a different angle of, you know, a pass key 666 00:38:19,760 --> 00:38:22,240 manager rather than a password manager. 667 00:38:23,240 --> 00:38:25,120 I'm glad you brought that up because, you know, I think it 668 00:38:25,120 --> 00:38:28,320 was probably five years ago, I didn't see a future for password 669 00:38:28,320 --> 00:38:30,640 managers because it's like, oh, password was here, we're not 670 00:38:30,640 --> 00:38:32,760 going to need that. But you're absolutely right. 671 00:38:32,920 --> 00:38:36,400 Like you need to be able to have a cross-platform sort of vendor 672 00:38:36,400 --> 00:38:40,200 neutral wallet of some sort, vault, whatever you want to call 673 00:38:40,200 --> 00:38:41,440 it, right? It's all kind of the same thing. 674 00:38:41,920 --> 00:38:45,680 And that's where pass keys are really powerful was if you can 675 00:38:45,680 --> 00:38:50,680 sync it from 1 device to another and still retain control from a 676 00:38:50,680 --> 00:38:53,040 management standpoint, right? Because obviously you don't want 677 00:38:53,040 --> 00:38:57,040 to sync work credentials with private credentials and you know 678 00:38:57,040 --> 00:38:58,760 that mess. But if you've got a way to solve 679 00:38:58,760 --> 00:39:02,720 for that, there is absolutely a place I see for, you know, bolts 680 00:39:02,720 --> 00:39:05,160 and wallets and managers and things like that to be able to 681 00:39:05,160 --> 00:39:08,120 do that pass key synchronization and and that portability. 682 00:39:08,120 --> 00:39:10,840 So I'm glad you brought that up. Yeah, yeah. 683 00:39:10,840 --> 00:39:14,320 I mean, I think it's like A, it's a, you know, I hope 684 00:39:14,320 --> 00:39:18,000 passwords go away in the next decade, but I think the reality 685 00:39:18,000 --> 00:39:20,400 in the data shows that they probably won't. 686 00:39:20,400 --> 00:39:23,360 I think I looked at a report earlier today that said we're 687 00:39:23,360 --> 00:39:28,760 only at 20% adoption of pass keys and that's probably mostly 688 00:39:28,760 --> 00:39:32,520 B to C applications, not within the enterprise. 689 00:39:32,520 --> 00:39:35,680 It's probably much lower. So I think we're going to have 690 00:39:35,680 --> 00:39:39,400 passwords around for a while, but we can still encourage users 691 00:39:39,400 --> 00:39:42,440 to do the most secure thing, and I think that's ultimately what 692 00:39:42,440 --> 00:39:46,720 we want to do. So let's talk about deployment 693 00:39:46,720 --> 00:39:48,920 here if we can for a second, because you've got a lot of 694 00:39:48,920 --> 00:39:52,480 experience in this space. I think you've highlighted some 695 00:39:52,480 --> 00:39:54,200 of the usability challenges around this. 696 00:39:54,480 --> 00:39:56,680 There's people probably think of it as like, yeah, I'd love to to 697 00:39:56,680 --> 00:40:00,560 roll out a password vault, you know, for my users. 698 00:40:00,920 --> 00:40:06,320 What are some tips or some guidance to make life easier for 699 00:40:06,520 --> 00:40:10,480 for us to to help with that? Yeah. 700 00:40:10,960 --> 00:40:15,920 You know, I think part of it is, you know, not trying to do this 701 00:40:15,920 --> 00:40:19,200 perfectly. And probably I scared a lot of 702 00:40:19,200 --> 00:40:22,120 practitioners off saying, oh, my God, but it's got to be 703 00:40:22,120 --> 00:40:24,360 seamless. It's got to work for everybody 704 00:40:24,360 --> 00:40:27,960 all the time. But I think, you know, setting a 705 00:40:27,960 --> 00:40:30,400 benchmark to improve your governance through that 706 00:40:30,400 --> 00:40:33,600 deployment is, you know, Step 1. So getting by and from a 707 00:40:33,600 --> 00:40:38,480 stakeholder in terms of practical implementation, start 708 00:40:38,480 --> 00:40:40,480 small. Start with the teams that are 709 00:40:40,480 --> 00:40:43,280 probably already using a password manager, but it's 710 00:40:43,280 --> 00:40:45,120 probably their personal one, right? 711 00:40:45,120 --> 00:40:49,160 So, yeah, I'm talking about people like us, the identity 712 00:40:49,160 --> 00:40:53,640 practitioners, the folks that are in cybersecurity or the 713 00:40:53,640 --> 00:40:56,120 folks that are in IT more broadly. 714 00:40:56,160 --> 00:41:01,440 Start with those folks who probably want this anyways, and 715 00:41:01,440 --> 00:41:04,480 then move into some of the departments where there's solid 716 00:41:04,480 --> 00:41:08,080 use case, right? So we see, you know, a lot of 717 00:41:08,080 --> 00:41:12,320 use cases in marketing. They've got access to, you know, 718 00:41:12,400 --> 00:41:16,800 way more tools than the average knowledge worker does a lot of 719 00:41:16,800 --> 00:41:19,320 times. And many of those platforms go 720 00:41:19,680 --> 00:41:23,320 unintegrated because, you know, it's only 1% or less of the 721 00:41:23,320 --> 00:41:25,920 organization's employees who are accessing those tools. 722 00:41:25,920 --> 00:41:27,960 So marketing is good second stop. 723 00:41:29,240 --> 00:41:33,560 And, you know, creating a good education program, we saw one 724 00:41:33,560 --> 00:41:37,400 organization who actually started to gamify it. 725 00:41:38,000 --> 00:41:40,880 So gamification is always a good option. 726 00:41:41,400 --> 00:41:45,640 It'll definitely accelerate your early adopters and kind of that 727 00:41:45,640 --> 00:41:49,240 middle pack. And then you know, eventually 728 00:41:49,240 --> 00:41:52,760 you're going to get to those people who are slow to change. 729 00:41:53,480 --> 00:41:56,280 Those people take a little bit more work, a little bit more 730 00:41:56,280 --> 00:41:58,960 coaching. Sometimes they need the stick, 731 00:41:58,960 --> 00:42:01,520 right? And one of the tools that this 732 00:42:01,520 --> 00:42:05,120 gives you, not saying you should always use it as once you start 733 00:42:05,120 --> 00:42:10,080 to put managed credentials in the safe and actually start to 734 00:42:10,080 --> 00:42:13,680 actively rotate them, then you create a need, a necessity for 735 00:42:13,680 --> 00:42:18,440 people to start to use it. But the nice part I think about 736 00:42:18,440 --> 00:42:23,320 this is that you can go on this kind of journey of maturity and 737 00:42:23,360 --> 00:42:26,160 meet people where they're at for the most part until you get to 738 00:42:26,160 --> 00:42:29,600 the very end. That last, you know, 5 to 10% 739 00:42:29,680 --> 00:42:33,960 can always be tricky, but I think it's just, it's really as 740 00:42:33,960 --> 00:42:37,880 with any project in the identity space, you know, change 741 00:42:37,880 --> 00:42:40,080 management is a critical part of it. 742 00:42:40,080 --> 00:42:43,240 Training people on how to use it, helping them understand why 743 00:42:43,240 --> 00:42:45,320 it's going to make their job easier so. 744 00:42:47,200 --> 00:42:51,160 So how do you measure success for something like this? 745 00:42:51,160 --> 00:42:54,280 Because I think I was like, is it like number of vaults 746 00:42:54,280 --> 00:42:58,120 deployed actively being used? Is it number of credentials 747 00:42:58,120 --> 00:43:00,880 being managed by the password manager? 748 00:43:01,560 --> 00:43:04,880 Like what are some of the ways that you've seen people sort of 749 00:43:04,880 --> 00:43:08,880 measure like, yes, hey, we made an investment in Rivera and 750 00:43:08,880 --> 00:43:11,880 we're getting, you know what, what we what we hoped out of it. 751 00:43:14,000 --> 00:43:14,840 Yeah. OK. 752 00:43:14,840 --> 00:43:17,560 So when we're coming at this from like a, you're an 753 00:43:17,560 --> 00:43:20,320 organization is on this password, this journey, we've 754 00:43:20,320 --> 00:43:23,080 got 80%, but we're missing this 20%. 755 00:43:23,680 --> 00:43:26,560 We'll always look at OK, well, what are those 20%? 756 00:43:26,560 --> 00:43:28,680 Right. And that's one of the key 757 00:43:28,680 --> 00:43:32,360 measurements we look at for success is to say, OK, you know, 758 00:43:32,360 --> 00:43:37,000 by the end of this six month journey, there's not a whole lot 759 00:43:37,000 --> 00:43:38,720 of project work that goes into it. 760 00:43:38,720 --> 00:43:42,040 But at the end of this 6 to 12 month journey, you should have, 761 00:43:42,040 --> 00:43:45,720 you know, 100% of your applications either covered by a 762 00:43:45,720 --> 00:43:51,640 password list sign on mechanism or they should be managed by a 763 00:43:51,640 --> 00:43:54,880 tool like ours where you know, the users aren't having to set 764 00:43:54,880 --> 00:43:57,160 the passwords, reset the passwords, etcetera. 765 00:43:58,280 --> 00:44:00,600 There's a bunch of other metrics you can look at as well. 766 00:44:00,600 --> 00:44:04,000 I mean, this goes back to traditional like self-service 767 00:44:04,000 --> 00:44:07,160 password metrics, which is like look at your help desk call 768 00:44:07,160 --> 00:44:09,000 volume. How many password resets are 769 00:44:09,000 --> 00:44:11,040 they processing on a daily basis? 770 00:44:12,120 --> 00:44:15,680 You know, survey on like lockouts, how many people 771 00:44:15,680 --> 00:44:18,520 actually forgot their password and locked themselves out? 772 00:44:19,800 --> 00:44:23,280 So there's a lot of metrics that you can use, but I think really, 773 00:44:23,920 --> 00:44:27,440 you know, the core ones from a cybersecurity standpoint are 774 00:44:27,440 --> 00:44:30,360 really, you know, are you getting 100% coverage? 775 00:44:31,440 --> 00:44:35,120 The other nicety that you get with even just a house for 776 00:44:35,120 --> 00:44:37,880 manager, regardless of managing credentials is you can get 777 00:44:37,880 --> 00:44:40,720 insight into what else people are logging into. 778 00:44:40,720 --> 00:44:42,760 It's kind of the whole shadow IT problem. 779 00:44:43,680 --> 00:44:46,720 And then you can start to address those as well slowly. 780 00:44:46,720 --> 00:44:51,280 Maybe it's, you know, that one team in finance is using some 781 00:44:51,280 --> 00:44:55,400 tax solution nobody's ever heard of, and you had no idea that, 782 00:44:55,440 --> 00:44:58,720 you know, you've got 500 people in that department using that 783 00:44:58,720 --> 00:45:01,840 system, so can also help with that. 784 00:45:01,920 --> 00:45:03,880 And that can be another metric for success. 785 00:45:04,600 --> 00:45:06,800 That never happens. People using tools that aren't 786 00:45:06,800 --> 00:45:09,240 the IT standard. Come on, Bart, you're crazy. 787 00:45:10,080 --> 00:45:11,120 Yeah. Never right? 788 00:45:12,520 --> 00:45:14,800 This has been a pretty fascinating conversation and and 789 00:45:14,800 --> 00:45:17,960 you know, my mind has shifted on this quite a bit over the years. 790 00:45:17,960 --> 00:45:20,360 You know, I, I mentioned like I just didn't see a future for 791 00:45:20,360 --> 00:45:23,880 this type of space because you know, web auth N and and 792 00:45:23,880 --> 00:45:25,920 password list was going to solve all the problems. 793 00:45:26,480 --> 00:45:29,040 Here we are. And now something like this is 794 00:45:29,040 --> 00:45:31,920 absolutely vital to making sure that I have a good experience 795 00:45:31,920 --> 00:45:35,600 just as an end user. So if this gives me capability 796 00:45:35,600 --> 00:45:38,800 as AI am leader or security leader, say hey, now I can 797 00:45:38,800 --> 00:45:44,760 manage these credentials in a more secure but a a win from a 798 00:45:44,760 --> 00:45:47,920 usability standpoint, I think it it makes a lot of sense to look 799 00:45:47,920 --> 00:45:50,600 at. For sure agreed. 800 00:45:51,480 --> 00:45:54,680 So let's end the conversation here on a lighter note. 801 00:45:55,640 --> 00:45:58,200 You talked a little bit about risk management and it was kind 802 00:45:58,200 --> 00:45:59,920 of getting to know you before we hit record. 803 00:45:59,960 --> 00:46:02,760 And I'll kick down the 4th wall a little bit. 804 00:46:02,760 --> 00:46:04,720 Carolyn was on the call. We're kind of talking about 805 00:46:04,720 --> 00:46:06,720 you're being very modest about some of the risks that you've 806 00:46:06,720 --> 00:46:10,560 taken. And you mentioned that you like 807 00:46:10,560 --> 00:46:14,440 climbing mountain, you know, mountain climbing, skiing. 808 00:46:14,440 --> 00:46:16,960 You're up in the Calgary area, so you've got access to plenty 809 00:46:16,960 --> 00:46:20,040 of that stuff. I'm curious if you have any 810 00:46:20,680 --> 00:46:25,200 harrowing stories or things that are like, you know, for the, 811 00:46:25,240 --> 00:46:29,160 for, for someone like me who's an indoor cat, I'm not about 812 00:46:29,160 --> 00:46:31,480 going outdoors and climbing and and doing all that kind of 813 00:46:31,480 --> 00:46:33,560 stuff. Scare the heck out of me. 814 00:46:33,560 --> 00:46:35,440 Like, what's something that's like, Oh my gosh, can't believe. 815 00:46:35,440 --> 00:46:37,200 Like, you're here to tell that story, Bart. 816 00:46:39,320 --> 00:46:41,600 Yeah, I mean, I'm definitely an outdoor cat. 817 00:46:41,600 --> 00:46:44,720 I think like it comes naturally living in Calgary. 818 00:46:44,720 --> 00:46:48,360 We have, I like to say we have two seasons, We have summer that 819 00:46:48,360 --> 00:46:50,480 lasts about two months, and then we have winter. 820 00:46:51,480 --> 00:46:54,600 So if you can't get outside during the winter and actually 821 00:46:54,600 --> 00:46:57,800 enjoy everything that we have around us, I mean, we're just 45 822 00:46:57,800 --> 00:47:00,760 minutes from bands from like Louise, the Rockies, etcetera, 823 00:47:02,160 --> 00:47:04,960 then I think you're going to be very bored living in Gagri. 824 00:47:06,240 --> 00:47:10,160 So yeah, I do all the fun things that involve a lot of risk 825 00:47:10,160 --> 00:47:13,040 management because I apparently don't get enough of that during 826 00:47:13,040 --> 00:47:16,840 the day. One of those stories. 827 00:47:16,840 --> 00:47:21,920 So we were up in the Rogers Pass Beautiful place. 828 00:47:21,920 --> 00:47:26,160 There's a cabin up. It's like 2100 meters above sea 829 00:47:26,160 --> 00:47:28,880 level. For those of the viewers that 830 00:47:28,880 --> 00:47:31,160 are going to be in US, you'll have to convert that into feet. 831 00:47:31,160 --> 00:47:33,800 I don't do the conversion, but I think it's somewhere around 8000 832 00:47:33,800 --> 00:47:37,960 feet. And on the way into this cabin 833 00:47:38,960 --> 00:47:44,560 we were skiing in an area that's lovingly referred to as the most 834 00:47:44,560 --> 00:47:47,200 trap. And that's because there's a 835 00:47:47,200 --> 00:47:50,560 bunch of these different slopes that all funnel into this kind 836 00:47:50,560 --> 00:47:55,920 of Creek bed. And it's somewhat dangerous to 837 00:47:55,920 --> 00:47:59,880 be in there in the winter. But it, it's a risk management 838 00:47:59,880 --> 00:48:01,600 exercise. So you, you know, do all the 839 00:48:01,600 --> 00:48:04,000 right things and you space each other apart. 840 00:48:04,000 --> 00:48:08,200 You you have the training, you have the gear, etcetera going in 841 00:48:08,200 --> 00:48:13,240 one year we actually had a situation where one of my skiing 842 00:48:13,240 --> 00:48:19,080 partners was actually behind me. I think I was in the lead and we 843 00:48:19,080 --> 00:48:21,920 had we call them like tree bombs. 844 00:48:22,320 --> 00:48:24,760 So basically just want a tree branch gets heavy enough with 845 00:48:24,760 --> 00:48:28,000 snow usually cuz it's melting and a piece of snow comes off of 846 00:48:28,000 --> 00:48:29,760 it. And I triggered this like little 847 00:48:29,760 --> 00:48:33,960 mini avalanche. It wasn't huge, but it was big 848 00:48:33,960 --> 00:48:36,760 enough to bring my partner up to his neck. 849 00:48:37,120 --> 00:48:40,080 And I heard all sorts of screaming behind me and I look 850 00:48:40,080 --> 00:48:43,960 back and I did not see my ski partner is like, oh, that's a 851 00:48:43,960 --> 00:48:45,840 problem. And then I quickly spotted him 852 00:48:45,840 --> 00:48:48,920 kind of breed next to a tree head above. 853 00:48:48,960 --> 00:48:51,880 But no no injuries. Everybody was fine. 854 00:48:51,880 --> 00:48:56,360 We all continued on and enjoyed the weekend but definitely a 855 00:48:56,360 --> 00:48:59,840 moment that had my heart palpating or racing a little bit 856 00:48:59,840 --> 00:49:02,960 faster than normal so. Mine's going a little bit now. 857 00:49:02,960 --> 00:49:05,200 Just hearing you describe that. I can't think of anything worse 858 00:49:05,200 --> 00:49:08,600 than be like being on the side of a mountain in the cold and 859 00:49:08,600 --> 00:49:11,120 being buried under the snow. Even if it's, you know, if I 860 00:49:11,440 --> 00:49:14,320 don't care, if it's just up to my knees, like I'm good, you say 861 00:49:14,360 --> 00:49:16,880 to your neck. It's like, OK, so like, how 862 00:49:16,880 --> 00:49:20,520 quickly does that event occur? Like I can, I can understand 863 00:49:20,520 --> 00:49:25,040 snow coming off the, you know, off the branch, but then how 864 00:49:25,040 --> 00:49:29,280 much time does it take to that turn into your friend, you know, 865 00:49:29,360 --> 00:49:31,720 buried neck deep in snow? Curious how quick that was. 866 00:49:33,040 --> 00:49:36,160 Yeah, it's so quick. I mean, if you look at like any 867 00:49:36,160 --> 00:49:39,040 footage of avalanches, the speed at which they move is 868 00:49:39,520 --> 00:49:42,360 astonishing. It's kind of like it's described 869 00:49:42,360 --> 00:49:46,680 like a, a mattress on like steel rollers. 870 00:49:46,680 --> 00:49:49,640 It just like slides without friction basically. 871 00:49:49,640 --> 00:49:54,840 So yeah, probably all told from, you know, the time little bit of 872 00:49:54,840 --> 00:49:58,200 snow dropped off the tree branch to the time that I look back was 873 00:49:58,200 --> 00:50:04,040 probably 1015 seconds at most. But, you know, then you have the 874 00:50:04,040 --> 00:50:07,560 training and the instincts kick in, and I don't think I've ever 875 00:50:07,560 --> 00:50:11,960 skied backwards so fast in my life to get back and unpack my 876 00:50:11,960 --> 00:50:13,760 shovel and start digging him out. 877 00:50:13,760 --> 00:50:17,920 And I mean, all was good. So happy to talk about the story 878 00:50:17,920 --> 00:50:19,680 and reflect on it. But yeah, yeah. 879 00:50:20,200 --> 00:50:23,160 We probably wouldn't bring it up on on a podcast if things turned 880 00:50:23,160 --> 00:50:25,120 out they wouldn't. Be a Ledger note. 881 00:50:25,680 --> 00:50:27,840 Right. Yeah, exactly. 882 00:50:28,800 --> 00:50:30,960 Jim, you're, I know you're a little bit of outdoorsy guy. 883 00:50:30,960 --> 00:50:33,280 You've done some cool stuff. Any heroin stories? 884 00:50:33,720 --> 00:50:34,840 I had my day. Yeah. 885 00:50:34,840 --> 00:50:37,520 So we started talking about this. 886 00:50:37,520 --> 00:50:42,240 I thought of a time whereas backpacking and Yosemite. 887 00:50:42,560 --> 00:50:45,040 So there's this area called Tuolumne Creek. 888 00:50:45,440 --> 00:50:49,640 It's like 15 miles from the Yosemite Valley, which is what 889 00:50:49,640 --> 00:50:54,240 everybody thinks of, but it was like a 15 mile hike. 890 00:50:54,240 --> 00:50:58,160 But it's there's so much up and down and you're, you started 891 00:50:58,160 --> 00:51:02,240 like a 10,000 foot elevation. I think the high point might be 892 00:51:02,240 --> 00:51:04,440 12,000. It's really high. 893 00:51:04,440 --> 00:51:07,720 There's not a lot of not the same level of oxygen up there, 894 00:51:07,720 --> 00:51:12,720 let's put it that way. And anyway, so you you hike 895 00:51:12,720 --> 00:51:17,000 about halfway and then you backpack or you set up camp 896 00:51:17,000 --> 00:51:20,080 somewhere. So we set up camp is in the 897 00:51:20,080 --> 00:51:22,920 woods. And it was like everything was 898 00:51:22,920 --> 00:51:26,240 bone dry. I mean, is what I would call 899 00:51:26,240 --> 00:51:30,840 like, I think the term tinderbox would fit this appropriately, 900 00:51:30,840 --> 00:51:33,880 right? Like there was no outdoor like 901 00:51:33,960 --> 00:51:37,400 no setting up a campfire. You have to be real careful with 902 00:51:37,680 --> 00:51:40,160 how you cooked everything like that. 903 00:51:40,760 --> 00:51:49,200 And so anyway, sun goes down, we're in our tent, and it's just 904 00:51:49,200 --> 00:51:51,600 like static electricity everywhere. 905 00:51:52,040 --> 00:51:55,680 Like you move your arm and like, you see these giant sparks 906 00:51:55,680 --> 00:51:58,920 arcing across the tent. And I'm like, I've never seen 907 00:51:58,920 --> 00:52:01,760 anything like this. And it was not raining, but 908 00:52:01,760 --> 00:52:04,080 there's a lightning storm all around us. 909 00:52:04,080 --> 00:52:07,160 I don't know. Usually now I see why people get 910 00:52:07,160 --> 00:52:09,160 struck by lightning. I'm not worried about bears 911 00:52:09,160 --> 00:52:11,880 attacking anymore. I'm worried about getting struck 912 00:52:11,880 --> 00:52:17,840 by lightning or this whole place going up in flames and us being 913 00:52:17,840 --> 00:52:22,080 in like, not a good place. So fortunately, none of that 914 00:52:22,080 --> 00:52:24,760 happened. That's why I can talk about it 915 00:52:24,760 --> 00:52:29,400 later. But yeah, it was really scary. 916 00:52:30,280 --> 00:52:34,000 But you guys have sufficiently not convinced me to go outside 917 00:52:34,400 --> 00:52:35,840 for either of these types of activities. 918 00:52:36,240 --> 00:52:38,160 Jimmy, you talked about like cooking and not be able to like 919 00:52:38,160 --> 00:52:40,040 have a fire. I mean the answer to that is 920 00:52:40,040 --> 00:52:42,080 simple. Just DoorDash something out into 921 00:52:42,080 --> 00:52:44,400 the OH. Yeah, sure, that would have 922 00:52:44,400 --> 00:52:47,600 worked perfectly. All right, let's go ahead and 923 00:52:47,600 --> 00:52:50,360 wrap up this conversation. Bart, it's been great getting to 924 00:52:50,360 --> 00:52:53,120 know you here and and what Provera brings to the table. 925 00:52:53,400 --> 00:52:55,520 Any final words you want to put out there for the audience 926 00:52:55,520 --> 00:52:58,400 that's listening? Yeah. 927 00:52:58,440 --> 00:53:03,880 I mean, I think as practitioners we often look for like the 928 00:53:03,880 --> 00:53:09,400 perfect silver bullet solution. I think a lot of the real world 929 00:53:09,400 --> 00:53:15,080 operational implementation is a lot less than a silver bullet, 930 00:53:15,080 --> 00:53:18,000 maybe a few. And so I'd really kind of 931 00:53:18,000 --> 00:53:20,960 encourage folks who are maybe on the password this journey to 932 00:53:20,960 --> 00:53:23,920 think, you know, OK, well what problem are we actually trying 933 00:53:23,920 --> 00:53:26,160 to solve? And, you know, there's multiple 934 00:53:26,160 --> 00:53:30,720 ways to slice and dice it and to still get the same net effect 935 00:53:30,720 --> 00:53:35,280 where you're increasing your, you know, cybersecurity posture. 936 00:53:35,360 --> 00:53:37,640 So I think that's what I'd leave them with. 937 00:53:38,960 --> 00:53:39,800 Don't be. Perfect. 938 00:53:40,240 --> 00:53:44,000 Yeah, meaning it's OK to get smarter, it's OK to get better. 939 00:53:44,000 --> 00:53:45,120 Doesn't have to be all in one jump. 940 00:53:46,400 --> 00:53:48,560 I'll have links in our show notes for people to connect with 941 00:53:48,560 --> 00:53:54,880 you on linkedincanfindoutmoreaboutriverathereyoucanalsofindoutmoreaboutrivera@riverasecurity.com/I 942 00:53:54,880 --> 00:53:57,440 DAC. Again, BRAVURA 943 00:53:58,240 --> 00:54:02,560 security.com/idac, reach out to Bart on LinkedIn, make the 944 00:54:02,560 --> 00:54:05,320 connection, you know, maybe share mousetrap stories from 945 00:54:05,320 --> 00:54:07,360 Rogers Pass. I think I got that right, you 946 00:54:07,360 --> 00:54:10,520 know, or, you know, commiserate with Jim and his static 947 00:54:10,520 --> 00:54:14,000 electricity stories or me, as you know, an indoor person who 948 00:54:14,000 --> 00:54:17,640 is probably by the fire with strong Wi-Fi and, or air 949 00:54:17,640 --> 00:54:20,520 conditioning. So we'll go ahead and leave it 950 00:54:20,520 --> 00:54:22,560 there for this week. I want to thank everyone for 951 00:54:22,560 --> 00:54:24,680 watching, listening. Thanks to Rivera for sponsoring 952 00:54:24,680 --> 00:54:26,920 this episode. Find us on the web, IDC 953 00:54:26,920 --> 00:54:29,440 podcast.com and we'll leave it there. 954 00:54:29,440 --> 00:54:31,560 So thanks everyone for watching and listening, and we'll talk to 955 00:54:31,560 --> 00:54:36,160 you all in the next one. You've been listening to 956 00:54:36,200 --> 00:54:40,120 Identity at the Center. We hope you've enjoyed the show. 957 00:54:40,320 --> 00:54:44,400 Make sure to like, rate and review, and we'll be back soon. 958 00:54:44,680 --> 00:54:46,960 But in the meantime, hit the website at 959 00:54:46,960 --> 00:54:49,480 identity@thecenter.com.