1 00:00:00,120 --> 00:00:02,520 Well, I definitely think higher Ed tends to be more one of the 2 00:00:02,520 --> 00:00:05,200 more complex use cases out there from a daddy's standpoint. 3 00:00:05,200 --> 00:00:07,600 I, I think we've probably talked about this in the past and yeah, 4 00:00:07,600 --> 00:00:10,280 not a lot of people I think are aware of of that and all the 5 00:00:10,280 --> 00:00:12,000 hats you're wearing, right? Think like a baseball cap. 6 00:00:12,000 --> 00:00:15,080 It's like, OK, I'm in this role. You've got like a baseball cap 7 00:00:15,080 --> 00:00:17,120 that has like 5-6 different bills. 8 00:00:17,520 --> 00:00:19,080 Yeah, you're like twisting it around. 9 00:00:19,640 --> 00:00:20,960 I went. And they're all on at the same 10 00:00:20,960 --> 00:00:22,880 time, right? You don't swap them out. 11 00:00:22,880 --> 00:00:25,080 They're literally there all the time, right? 12 00:00:25,080 --> 00:00:33,720 Yeah. This is identity at the center 13 00:00:34,160 --> 00:00:37,240 if it has anything to do with IAM. 14 00:00:37,240 --> 00:00:43,800 This is the go to podcast now your hosts Jim McDonald and Jeff 15 00:00:43,800 --> 00:00:51,480 Stedman. Welcome to the Identity at the 16 00:00:51,480 --> 00:00:53,280 Center podcast. I'm Jeff, and that's Jim. 17 00:00:53,280 --> 00:00:55,160 Hey, Jim. Hey, Jeff, how are you? 18 00:00:55,680 --> 00:00:58,600 Not so bad yourself. Great man, just getting back 19 00:00:58,600 --> 00:01:03,560 from Identivers 2024 Las Vegas since our first episode since 20 00:01:03,560 --> 00:01:09,240 we're back and and I figured I could make it seven days. 21 00:01:09,240 --> 00:01:11,080 I was exhausted by the end. How about you? 22 00:01:12,080 --> 00:01:13,840 I was good actually. I mean, I was tired when I got 23 00:01:13,840 --> 00:01:16,720 back, but I don't know, I enjoy that kind of stuff. 24 00:01:16,720 --> 00:01:19,800 So had a lot of good conversations with people, got 25 00:01:19,800 --> 00:01:22,680 to catch up with folks, lots of good meals. 26 00:01:22,920 --> 00:01:25,600 So I'm a I'm a fan of Vegas just for that sort of thing. 27 00:01:25,600 --> 00:01:28,240 And then Friday night got to hang out with my brother for a 28 00:01:28,240 --> 00:01:33,400 couple of that and went to Area 15, which was a very cool, I 29 00:01:33,400 --> 00:01:36,160 don't know how to describe it, kind of like a weird experience 30 00:01:36,160 --> 00:01:38,520 type place. Yeah, things to. 31 00:01:38,520 --> 00:01:42,560 Do yeah, it was fun. So I decided what I'd like to do 32 00:01:42,560 --> 00:01:44,840 today. Well, shout outs I wanted to 33 00:01:44,840 --> 00:01:46,320 make because we didn't make them last. 34 00:01:46,320 --> 00:01:47,880 I didn't get to make them last week. 35 00:01:47,960 --> 00:01:51,520 So see all this stuff on LinkedIn, right? 36 00:01:51,520 --> 00:01:56,400 There's the identity beer and there's the author of beer, and 37 00:01:56,400 --> 00:02:01,040 this is from Sebastian and Roland from Umbrella Associates 38 00:02:01,040 --> 00:02:04,480 in Germany. I'm not sure what I'm say, what 39 00:02:04,480 --> 00:02:09,000 event I'm saving it for, but there's a good German beer here. 40 00:02:09,000 --> 00:02:13,800 I'm assuming it's good, and I'm really happy about that. 41 00:02:14,040 --> 00:02:18,560 Another shot out to the folks at Sabian and our friends there, 42 00:02:18,560 --> 00:02:21,240 Jamie and Henrique in particular. 43 00:02:21,240 --> 00:02:26,040 But why am I shouting them out? They had the best Concord swag 44 00:02:26,440 --> 00:02:29,080 I've ever seen in my entire career. 45 00:02:29,320 --> 00:02:34,400 Look at these three shoes. These are van sneakers, you 46 00:02:34,400 --> 00:02:36,160 know. Hey, Enrique talked about him a 47 00:02:36,160 --> 00:02:38,800 little bit. But man, these are they're 48 00:02:38,800 --> 00:02:41,120 around like $3 shoes or something. 49 00:02:41,120 --> 00:02:42,920 These are ones like you would buy in the store. 50 00:02:42,920 --> 00:02:45,680 Other than the fact that they have the logo on it. 51 00:02:46,160 --> 00:02:48,520 What a cool swag. Swag. 52 00:02:48,680 --> 00:02:50,600 You're wearing their logo though, if you're if you're in 53 00:02:50,600 --> 00:02:53,280 their shoes. So yeah, it was a very cool 54 00:02:53,280 --> 00:02:54,440 thing. Henrika talked about it. 55 00:02:54,840 --> 00:02:57,480 I thought it was very clever. I think, you know, getting a 56 00:02:58,520 --> 00:03:01,640 customer of yours to also use their product as part of your 57 00:03:01,640 --> 00:03:02,960 swag. That's that's pretty genius 58 00:03:02,960 --> 00:03:04,600 play. I always talk about swag at 59 00:03:04,600 --> 00:03:07,480 conferences generally sucks, but that was a good one. 60 00:03:08,520 --> 00:03:10,320 I'll give a shout out to the tallest booth. 61 00:03:10,360 --> 00:03:13,480 I thought they had the best demo environment or experience, I 62 00:03:13,480 --> 00:03:16,600 should say, that I've seen from a vendor in a while kind of 63 00:03:16,600 --> 00:03:22,400 telling that story of enrollment and purchasing like a ticket and 64 00:03:22,400 --> 00:03:26,800 then, you know, getting access to a gated sort of event type 65 00:03:26,800 --> 00:03:28,440 thing, right? You went through it. 66 00:03:28,440 --> 00:03:30,640 I thought that was a pretty cool idea. 67 00:03:30,640 --> 00:03:32,640 You're kind of stuck. Through a soccer stadium, yeah. 68 00:03:33,120 --> 00:03:36,680 Very interactive you could feel like you're in like a real world 69 00:03:36,680 --> 00:03:40,760 use case and then at the end you have a cool pair of socks, which 70 00:03:40,760 --> 00:03:43,560 I know that's not your thing, but I like it. 71 00:03:43,720 --> 00:03:46,600 I also wanted to shout out RSM. I mean, they sent us there. 72 00:03:47,080 --> 00:03:51,800 They they'll, you know, a week in Vegas, you're exhausted and 73 00:03:51,800 --> 00:03:54,920 broke. And I don't believe a gamble, 74 00:03:54,920 --> 00:03:56,880 man. But that place is expensive. 75 00:03:56,880 --> 00:04:01,880 So, you know, for them to be able to sponsor us to be there, 76 00:04:02,200 --> 00:04:04,480 I thought was awesome. So I wouldn't be able to shout 77 00:04:04,480 --> 00:04:06,640 that out. I also wanted to shout out 78 00:04:06,640 --> 00:04:12,200 somebody named Jeff Sedmon, who took five episodes that we've 79 00:04:12,200 --> 00:04:16,079 recorded there and they're all dropping, I guess by the time 80 00:04:16,079 --> 00:04:17,839 this drops all dropped last week. 81 00:04:17,839 --> 00:04:20,480 So kudos to. You. 82 00:04:20,480 --> 00:04:24,040 Yeah, kudos to me. It was a challenge. 83 00:04:24,200 --> 00:04:28,320 I was working through some audio challenges, so, you know, 84 00:04:28,360 --> 00:04:31,920 probably not our best sounding material, but I think it came 85 00:04:31,920 --> 00:04:34,040 across decently enough. I think lesson learned. 86 00:04:34,040 --> 00:04:37,520 We added video for this time. So all these things are on 87 00:04:37,520 --> 00:04:40,000 YouTube, so the content was great. 88 00:04:40,800 --> 00:04:41,920 Lessons learned for the next time. 89 00:04:41,920 --> 00:04:43,760 I've got some ideas on how to kind of improve the audio 90 00:04:43,760 --> 00:04:47,440 quality and the video quality. But yeah, it was a very 91 00:04:47,440 --> 00:04:51,960 interesting weekend and last couple days getting things kind 92 00:04:51,960 --> 00:04:56,840 of set up and I think I have officially run out of storage on 93 00:04:56,840 --> 00:05:01,400 multiple drives and recording 4K video takes up a lot of space. 94 00:05:01,760 --> 00:05:03,240 It really does. Yeah. 95 00:05:03,280 --> 00:05:06,840 A lot of extra, a lot of extra work, too, just to get the room 96 00:05:06,840 --> 00:05:11,600 set up versus just doing audio. Yeah, I saved my last shout out 97 00:05:11,600 --> 00:05:13,720 to the people who were really doing the work. 98 00:05:13,760 --> 00:05:17,400 When folks like you and I are off, like having these 99 00:05:17,400 --> 00:05:22,360 conversations with really smart people and all the folks who got 100 00:05:22,360 --> 00:05:26,560 to go to the conferences because there's folks back home doing 101 00:05:26,560 --> 00:05:29,280 the real work. The I am practitioners of the 102 00:05:29,280 --> 00:05:32,240 world, you know, you often refer to them. 103 00:05:32,240 --> 00:05:36,480 And I love it by I still concern that I am heroes who are running 104 00:05:36,480 --> 00:05:39,880 around getting things done, getting the job done, often 105 00:05:39,880 --> 00:05:45,080 times with too little budget, too few resources and tools that 106 00:05:45,080 --> 00:05:48,760 really can't get the job done. So shout out to them. 107 00:05:49,120 --> 00:05:52,720 You know, hopefully they're able to at least carve out a little 108 00:05:52,720 --> 00:05:55,480 bit of time to listen to podcasts each week because we do 109 00:05:55,480 --> 00:05:58,200 this for them. Yeah, you sound like you're 110 00:05:58,200 --> 00:06:00,680 campaigning there for like the mayor of I Am Town or something 111 00:06:00,680 --> 00:06:04,000 like that. So vote for Jim. 112 00:06:05,600 --> 00:06:08,000 There you go. I'll give a shout out to Andy 113 00:06:08,000 --> 00:06:10,320 Handel and the Saber Risk Alliance, definitely, you know, 114 00:06:10,320 --> 00:06:14,120 appreciate them hooking us up with places to record and just 115 00:06:14,120 --> 00:06:16,240 for, you know, being so welcoming for us to come out 116 00:06:16,240 --> 00:06:17,640 there. So I think we've got a lot of 117 00:06:17,640 --> 00:06:19,600 thank yous. I'm sure, you know, we'll have 118 00:06:19,600 --> 00:06:23,680 missed somebody in the mix, but especially everyone who came up 119 00:06:23,840 --> 00:06:26,520 and said hello and introduce themselves and, you know, our 120 00:06:26,520 --> 00:06:27,920 listeners. I thought that was very cool. 121 00:06:28,840 --> 00:06:31,600 We, we continued to grow. It was just like more and more 122 00:06:31,600 --> 00:06:32,800 and more. There was one point where I was 123 00:06:32,800 --> 00:06:35,640 in the hallway probably for two or three hours just talking to 124 00:06:35,640 --> 00:06:38,640 people who were randomly stopping and saying hello. 125 00:06:38,640 --> 00:06:41,120 And it was, it was good temps. It was very cool. 126 00:06:41,680 --> 00:06:45,280 Yeah, and we were like a 5 minute walk from our recording 127 00:06:45,280 --> 00:06:48,560 room back to our hotel room, but you could count on it taking 128 00:06:48,560 --> 00:06:51,640 like 1/2 an hour to get there. Yeah, it was cool though. 129 00:06:51,640 --> 00:06:53,720 I enjoyed it. I do too, yeah. 130 00:06:54,800 --> 00:06:56,920 What else? So that was Identiverse. 131 00:06:57,000 --> 00:06:59,440 Now we're back to normal, relatively speaking, at least 132 00:06:59,440 --> 00:07:02,400 what's normal for us. We've got another conference 133 00:07:02,400 --> 00:07:05,360 coming up in just a few months at this point, and it'll be 134 00:07:05,360 --> 00:07:08,360 Identity Week, America. That's the one that we'll be at. 135 00:07:08,360 --> 00:07:10,800 But there is a few different identity weeks taking place. 136 00:07:10,800 --> 00:07:14,280 I think as we're recording this right now, which is what is 137 00:07:14,280 --> 00:07:19,280 today, I don't even know the date, June 4th, the Identity 138 00:07:19,280 --> 00:07:22,200 Week. Europe is starting right now 139 00:07:22,360 --> 00:07:24,600 'cause that's actually no, it's next week, June 11th and 12th 140 00:07:24,600 --> 00:07:27,160 now that I think about it. So by the time people listen to 141 00:07:27,160 --> 00:07:29,680 this, it will be starting as you're kind of listening to 142 00:07:29,680 --> 00:07:31,800 this. The one in America is the one 143 00:07:31,800 --> 00:07:34,080 that you and I will be at. That's September 11th and 12th. 144 00:07:34,400 --> 00:07:37,400 And then there's one in Singapore, October 22nd, 23rd. 145 00:07:37,880 --> 00:07:42,200 IDAC 30 gets you 30% off of your registration for any of those. 146 00:07:42,760 --> 00:07:44,360 If you're listening to this and you're planning on going to 147 00:07:44,360 --> 00:07:46,760 Europe, probably want to use that code 'cause you're playing 148 00:07:47,200 --> 00:07:49,240 probably the the short notice. All right. 149 00:07:49,240 --> 00:07:51,200 But feel free to use that code anywhere on the world. 150 00:07:51,200 --> 00:07:54,040 We'll have a link in our show notes so people can check that 151 00:07:54,040 --> 00:07:57,400 out as well. What other business do you want 152 00:07:57,400 --> 00:07:58,760 to take care of, Jim, before we get things started? 153 00:07:58,760 --> 00:08:00,640 Well. We don't have our discount code 154 00:08:00,640 --> 00:08:03,720 for authenticate yet, right? That should be coming along 155 00:08:03,720 --> 00:08:06,840 anytime soon, and I think we jump right into it. 156 00:08:07,200 --> 00:08:10,080 Yeah, Why don't we do it? We've got a repeat guest. 157 00:08:10,080 --> 00:08:11,960 He's been with us before, Adam. Michael. 158 00:08:12,000 --> 00:08:14,600 He's the chief information security officer and adjunct 159 00:08:14,600 --> 00:08:17,120 professor at Texas A&M University. 160 00:08:17,120 --> 00:08:20,480 Welcome back to the show, Adam. Thank you very much for having 161 00:08:20,480 --> 00:08:21,520 me. Good to be here. 162 00:08:22,120 --> 00:08:26,880 So Adam, I noticed that there is a new SISO title as part of your 163 00:08:26,880 --> 00:08:30,600 introduction. How much credit do you give the 164 00:08:30,600 --> 00:08:34,200 identity at the Center podcast for obtaining that since since 165 00:08:34,200 --> 00:08:36,200 the last time you were on our show? 166 00:08:36,440 --> 00:08:39,720 Well, I think clearly that was the deciding factor for my 167 00:08:39,720 --> 00:08:42,120 institution. They they saw I was a guest and 168 00:08:42,120 --> 00:08:44,360 they said gotta have this. Guy, right? 169 00:08:45,320 --> 00:08:47,000 I mean, it's worth its weight in gold now. 170 00:08:47,560 --> 00:08:50,280 Yeah. What's been new with you since 171 00:08:50,280 --> 00:08:52,360 the last time we chatted? I think that, you know, there's 172 00:08:52,360 --> 00:08:53,840 a lot of things probably going on in flight. 173 00:08:53,840 --> 00:08:55,840 You're you're teaching. I think we're going to get into 174 00:08:55,840 --> 00:08:59,240 a little of a conversation around like DevOps and probably 175 00:08:59,240 --> 00:09:01,960 some AI and things like that. But give us an update. 176 00:09:01,960 --> 00:09:05,400 What's what's Adam been up to? Well, so I think last time we 177 00:09:05,400 --> 00:09:08,880 talked we focused mainly on what I had been doing. 178 00:09:08,880 --> 00:09:14,000 My role at the time was managing identity security and we had 179 00:09:14,000 --> 00:09:18,600 taken over the identity management office from at, at 180 00:09:18,600 --> 00:09:20,520 our institution. Historically it had been part of 181 00:09:20,520 --> 00:09:23,840 the infrastructure team. And we've kind of gone through 182 00:09:23,840 --> 00:09:26,280 this transition where we're stopped. 183 00:09:26,280 --> 00:09:29,120 We're not really referring to identity as identity management. 184 00:09:29,320 --> 00:09:32,880 We're talking about identity security and we focused those 185 00:09:32,880 --> 00:09:37,120 efforts on the security related platforms and tools that we 186 00:09:37,120 --> 00:09:39,600 provide to others across the institution. 187 00:09:40,360 --> 00:09:42,800 The, the management part of identity, right? 188 00:09:42,800 --> 00:09:47,000 Like adding people to groups and does this person belong here or 189 00:09:47,000 --> 00:09:48,440 not? Should they have access to this 190 00:09:48,440 --> 00:09:51,200 thing or not? That's not really what my team 191 00:09:51,200 --> 00:09:53,480 does. So in the office of the CSO, 192 00:09:53,680 --> 00:09:57,120 we've tried to shift the focus to identity as a security 193 00:09:57,120 --> 00:10:01,480 function. You know, like many universities 194 00:10:01,600 --> 00:10:05,360 and anyone who has a federal partnership, we are dealing with 195 00:10:05,360 --> 00:10:09,120 the federal zero trust mandate. I, I mean, it's a good idea, 196 00:10:09,120 --> 00:10:12,080 right? So this idea of zero trust, I, I 197 00:10:12,080 --> 00:10:16,960 describe it as try to avoid the, the buzzword. 198 00:10:16,960 --> 00:10:22,600 But you know, zero trust to us just means we have less baked in 199 00:10:22,600 --> 00:10:25,720 implicit access. And everywhere we can we try to 200 00:10:25,720 --> 00:10:30,800 explicitly define access. So we apply these ideas across a 201 00:10:30,800 --> 00:10:35,720 lot of different domains, networking, data, device 202 00:10:35,720 --> 00:10:38,240 security. But when you move to a zero 203 00:10:38,240 --> 00:10:41,400 trust world, there's a a very real aspect to which identity 204 00:10:41,400 --> 00:10:43,000 becomes your new boundary, right? 205 00:10:43,200 --> 00:10:46,600 Because if you're talking about no implicit access, you 206 00:10:46,600 --> 00:10:50,320 explicitly grant access whenever appropriate. 207 00:10:50,480 --> 00:10:54,120 You have to know the identity of the person or the thing that 208 00:10:54,120 --> 00:10:57,440 you're dealing with. And so identity has become very 209 00:10:57,440 --> 00:11:02,000 much a security focused effort for us here at Texas A&M. 210 00:11:03,240 --> 00:11:07,520 Yeah, I kind of feel like from a university perspective, zero 211 00:11:07,520 --> 00:11:09,720 trust has kind of always been a thing. 212 00:11:09,720 --> 00:11:13,680 Right Before you were calling it zero trust, you just you're 213 00:11:13,680 --> 00:11:17,360 putting your services on the network that are accessible by 214 00:11:17,360 --> 00:11:21,720 so many people, in some cases maybe everybody in the world. 215 00:11:21,960 --> 00:11:26,120 So when you do that, really identity becomes not only your 216 00:11:26,120 --> 00:11:29,040 center, but it becomes your perimeter as well. 217 00:11:30,760 --> 00:11:34,120 That's exactly right. You know, historically here at 218 00:11:34,120 --> 00:11:36,760 Texas A&M, we've had a very flat network. 219 00:11:36,760 --> 00:11:39,520 So like our campus network was very open. 220 00:11:39,520 --> 00:11:42,440 Once you were on it, you had access to a lot of things. 221 00:11:42,640 --> 00:11:48,360 Similarly for identity, for SSO, you know, we've had a, a 222 00:11:48,360 --> 00:11:53,600 centralized identity function and but once you have 223 00:11:53,600 --> 00:11:57,040 authenticated, oh, I'm me and I'm, this is my net ID. 224 00:11:57,560 --> 00:12:00,200 There are many, many applications on campus that 225 00:12:00,200 --> 00:12:05,440 basically say as far as they go to check access, it's just do 226 00:12:05,440 --> 00:12:08,760 they have a net ID, is it valid, is it current? 227 00:12:09,400 --> 00:12:11,480 And then OK, I'll just give you access now. 228 00:12:11,640 --> 00:12:14,800 So we're trying to move away from that perspective to look 229 00:12:14,800 --> 00:12:17,560 just because someone has validated their identity, that's 230 00:12:17,560 --> 00:12:20,080 stage one. Now we know who they are, but we 231 00:12:20,080 --> 00:12:24,800 need an explicit grant of access before you give them access to 232 00:12:24,800 --> 00:12:28,600 this device or this data. Yeah, I mean the, the way you 233 00:12:28,600 --> 00:12:33,320 framed it up digital security or I'm sorry, identity security 234 00:12:33,320 --> 00:12:36,120 versus identity and access management is more than just 235 00:12:36,120 --> 00:12:39,320 marketing, right. You, you're kind of living it. 236 00:12:40,000 --> 00:12:45,680 I also see and hear that a lot like we're at the identity verse 237 00:12:45,680 --> 00:12:49,760 conference last week and we're the identity security company 238 00:12:50,160 --> 00:12:53,880 and I chose to prove the question like this. 239 00:12:53,880 --> 00:13:01,240 So if you're AC SO or an IM program manager out in the world 240 00:13:03,000 --> 00:13:06,040 and you're thinking about making this switch to saying I'm an 241 00:13:06,040 --> 00:13:12,400 identity security group for my organization, what kind of like 242 00:13:12,480 --> 00:13:15,680 makes you make that shift? What are the things that have to 243 00:13:15,680 --> 00:13:19,680 be behind that to make it real and not just marketing buzz? 244 00:13:21,480 --> 00:13:24,720 Right. So I, I think that it, it is 245 00:13:24,720 --> 00:13:26,920 important to distinguish, you know, is it real or is it 246 00:13:26,920 --> 00:13:30,880 marketing? I think it is there is a real 247 00:13:30,880 --> 00:13:33,920 marketing aspect, right? So marketing in the truest sense 248 00:13:33,920 --> 00:13:36,760 of why did why is it important to name things? 249 00:13:36,760 --> 00:13:40,800 You know, there's an old joke about, you know, one of the only 250 00:13:40,800 --> 00:13:43,880 hard things in computer sciences naming things, right? 251 00:13:44,200 --> 00:13:46,760 And it's true, right? I mean, we can look at Microsoft 252 00:13:46,760 --> 00:13:49,280 in there. They put copilot on everything, 253 00:13:49,280 --> 00:13:50,840 right? And we we gripe about the fact 254 00:13:50,840 --> 00:13:53,160 that it's hard to talk about their products and what they're 255 00:13:53,160 --> 00:13:56,280 trying to do in this space because of the names they pick. 256 00:13:56,640 --> 00:14:01,960 So the name is a signal to the rest of the organization about 257 00:14:01,960 --> 00:14:04,080 what you think about the activity you're doing. 258 00:14:04,520 --> 00:14:08,720 So when I renamed from identity management office to Identity 259 00:14:08,720 --> 00:14:13,080 Security, part of what we were doing was signalling to my 260 00:14:13,080 --> 00:14:16,600 security team and the other security practitioners within IT 261 00:14:16,640 --> 00:14:19,600 security and risk. And then we were signalling to 262 00:14:19,600 --> 00:14:22,080 the rest of our technology services organization. 263 00:14:22,560 --> 00:14:25,160 This is the important thing we care about, right? 264 00:14:25,440 --> 00:14:28,680 The, the focus needs to be on the security aspects of identity 265 00:14:28,680 --> 00:14:33,440 and identity has a security role to play. 266 00:14:34,440 --> 00:14:36,640 And then we're of course, signaling to the rest of the 267 00:14:36,640 --> 00:14:40,920 institution, to the university itself, although that's probably 268 00:14:40,920 --> 00:14:43,840 the less important signal because our users just simply, 269 00:14:43,840 --> 00:14:47,080 you know, they, they don't really see those subtleties. 270 00:14:47,280 --> 00:14:50,680 They're just, OK, I need to set my password, I need to deal with 271 00:14:50,680 --> 00:14:52,840 my net ID, right? Their their branded 272 00:14:52,840 --> 00:14:56,480 organizational ID, So we deal with them at at the level that 273 00:14:56,480 --> 00:14:59,320 they understand. But I do think that that signal 274 00:14:59,320 --> 00:15:04,680 that we send to our peers and to other IT pros that's important. 275 00:15:05,160 --> 00:15:08,600 And So what I would argue is, you know, if you want to call 276 00:15:08,600 --> 00:15:12,880 that marketing, OK, but I think that that's that's marketing 277 00:15:12,880 --> 00:15:15,840 that has a purpose and has reality behind it. 278 00:15:17,000 --> 00:15:20,160 Well, we shouldn't use marketing here as a, you know, a as a term 279 00:15:20,200 --> 00:15:24,040 of in a negative context, right? You should be marketing like 280 00:15:24,040 --> 00:15:26,760 here are the things that we do, here's the benefits we provide, 281 00:15:26,760 --> 00:15:28,720 etcetera. And I guess that's sort of what 282 00:15:28,720 --> 00:15:30,640 you mean. My next, my next question here 283 00:15:30,640 --> 00:15:34,440 for you would be so you're, you're AC so now and you talked 284 00:15:34,440 --> 00:15:38,240 about identity security. Do you have a list of services 285 00:15:38,360 --> 00:15:42,440 that you provide for identity security to the organization? 286 00:15:42,440 --> 00:15:44,200 Are there is that something in flight? 287 00:15:44,200 --> 00:15:45,760 I mean, obviously it's always going to be something that's 288 00:15:45,760 --> 00:15:48,440 kind of building out. But when you say identity 289 00:15:48,440 --> 00:15:52,520 security, you know, what exactly do you provide as a service or 290 00:15:52,520 --> 00:15:53,960 you provide guidance, those sorts of things? 291 00:15:54,120 --> 00:15:55,560 Right. Yeah, No, absolutely. 292 00:15:55,560 --> 00:15:58,560 We, we certainly have a portfolio of products and 293 00:15:58,560 --> 00:16:01,840 services that we offer in our our service catalog, if you 294 00:16:01,840 --> 00:16:03,600 will. It is in flight. 295 00:16:03,600 --> 00:16:07,720 We're still building it out. We are trying to focus our 296 00:16:07,720 --> 00:16:11,960 efforts on things where we're going to be able to have the 297 00:16:11,960 --> 00:16:13,480 ability to make a difference, right. 298 00:16:13,480 --> 00:16:15,760 Where can we move the needle versus where can we do things 299 00:16:15,760 --> 00:16:18,800 that maybe we should lead to someone else in the org or 300 00:16:18,800 --> 00:16:21,040 within the technology services group? 301 00:16:22,120 --> 00:16:28,760 I I, we look at identity security as the group that 302 00:16:28,760 --> 00:16:32,400 provides platforms to other IT pros, right? 303 00:16:32,400 --> 00:16:35,520 So we talk about this a lot, the necessity of creating good 304 00:16:35,520 --> 00:16:39,240 platform documentation. You know, there's this middle 305 00:16:39,240 --> 00:16:41,440 ground. We write documentation and 306 00:16:41,440 --> 00:16:44,760 explain to our users how they engage with the products and the 307 00:16:44,760 --> 00:16:48,640 things that mean identity to them, passwords and usernames 308 00:16:48,640 --> 00:16:50,640 and things. And then we have internal team 309 00:16:50,640 --> 00:16:54,200 documentation we have to write to let us do our jobs for 310 00:16:54,200 --> 00:16:57,040 business continuity when we have turnover and our staff. 311 00:16:57,360 --> 00:17:00,760 But there's this middle layer, right, which is my team provides 312 00:17:00,760 --> 00:17:05,680 a service that is consumed by another team, by another IT pro, 313 00:17:05,800 --> 00:17:07,599 right? So I usually call that a 314 00:17:07,599 --> 00:17:09,640 platform. That's the term we tend to use 315 00:17:09,640 --> 00:17:14,079 for IT platforms and services, and we're writing tools that 316 00:17:14,079 --> 00:17:16,920 they can use. Often AP is that they're 317 00:17:16,920 --> 00:17:20,880 programming against or consuming maybe some sample code, maybe 318 00:17:20,880 --> 00:17:23,280 good documentation so they understand what's happening. 319 00:17:23,599 --> 00:17:26,599 There's training and education, All that layer in the middle 320 00:17:26,880 --> 00:17:30,320 where my team's a service provider for another team and 321 00:17:30,640 --> 00:17:33,160 not necessarily directly to a customer. 322 00:17:34,720 --> 00:17:38,400 Really well thought out. So one of the services that you 323 00:17:38,440 --> 00:17:41,960 provide is Miss Deb OPS area. That's what we really want to 324 00:17:41,960 --> 00:17:45,840 dive into today. So can you describe what is the 325 00:17:45,840 --> 00:17:51,400 service this DevOps service for or I am for DevOps, yeah. 326 00:17:51,400 --> 00:17:54,560 However, you want to determine the service that you provide to 327 00:17:54,560 --> 00:17:56,200 the university. Can you describe that? 328 00:17:56,640 --> 00:17:58,320 Yeah, yeah. Well, let me take a step back a 329 00:17:58,320 --> 00:18:00,560 little bit. And you know, this kind of ties 330 00:18:00,560 --> 00:18:03,640 into my other role as an adjunct professor. 331 00:18:03,640 --> 00:18:07,360 I've been teaching in a program here that does technology 332 00:18:07,360 --> 00:18:12,080 management and IT service management for about 7 years at 333 00:18:12,080 --> 00:18:14,880 the university. And I helped to develop with a, 334 00:18:14,880 --> 00:18:18,240 a colleague of mine, a class that to our knowledge, it was 335 00:18:18,240 --> 00:18:23,000 one of the earliest first classes in higher Ed and 336 00:18:23,000 --> 00:18:25,080 undergrad that focused on DevOps. 337 00:18:26,320 --> 00:18:29,280 We'll, we can talk more about that class later if you guys are 338 00:18:29,280 --> 00:18:31,800 interested. But so that's a little bit of 339 00:18:31,800 --> 00:18:33,560 background. I've been interested in this for 340 00:18:33,560 --> 00:18:36,400 a little while and have some, you know, expertise in this to 341 00:18:36,400 --> 00:18:40,600 teach it in my different roles throughout that same time 342 00:18:40,600 --> 00:18:43,520 period, sometimes I was working at an academic college or I was 343 00:18:43,520 --> 00:18:44,960 working in IT risk and compliance. 344 00:18:44,960 --> 00:18:47,400 And then eventually I've moved into the the Cecil role. 345 00:18:47,920 --> 00:18:54,160 I've tried to bring that background and experience into 346 00:18:54,160 --> 00:18:57,120 that role, right. So when appropriate, I've tried 347 00:18:57,120 --> 00:19:00,280 to advocate for and make changes that will allow us to deliver 348 00:19:00,280 --> 00:19:03,480 our services from the perspective or using the 349 00:19:03,480 --> 00:19:06,160 cultural practices of DevOps, right? 350 00:19:06,160 --> 00:19:08,800 DevOps is really a sort of a cultural movement more than 351 00:19:08,800 --> 00:19:11,360 anything else. It's not about a particular 352 00:19:11,360 --> 00:19:13,800 technology or tool. It's not about a job title. 353 00:19:14,200 --> 00:19:18,000 DevOps is about how you go about doing your your work. 354 00:19:18,440 --> 00:19:23,920 And it's about emphasizing things like agility and velocity 355 00:19:24,120 --> 00:19:29,560 and the ability to scale. And I think a big part of it is 356 00:19:29,560 --> 00:19:33,080 about the humanity of how your team interacts with itself and 357 00:19:33,080 --> 00:19:37,040 with other teams, with empathy and with trust and trying to 358 00:19:37,040 --> 00:19:40,800 interact in a way that recognizes that we're all humans 359 00:19:40,800 --> 00:19:43,600 and we have to get work done and stuff happens and, and let's 360 00:19:43,600 --> 00:19:46,520 give each other a break, right? Let's try to work well together. 361 00:19:46,760 --> 00:19:50,360 So this idea of team affinity, I think is a really core piece of 362 00:19:50,360 --> 00:19:52,840 what DevOps is about. Now, a lot of people are going 363 00:19:52,840 --> 00:19:55,520 to approach DevOps in a different way. 364 00:19:55,560 --> 00:19:57,320 That's, that's great. Everybody's got an idea of what 365 00:19:57,320 --> 00:20:00,320 that means. But I would argue very strongly 366 00:20:00,320 --> 00:20:03,720 that right DevOps isn't a job title or a team title. 367 00:20:03,960 --> 00:20:07,120 It's a way of approaching business. 368 00:20:07,120 --> 00:20:08,920 It's a way of approaching service delivery. 369 00:20:09,600 --> 00:20:15,160 So in that respect, anytime I've had the ability or the the need 370 00:20:15,160 --> 00:20:18,760 to, to lead A-Team, I try to bring those ideas to it. 371 00:20:18,880 --> 00:20:21,640 Some teams, it aligns better than others, right? 372 00:20:21,840 --> 00:20:24,120 If you got a team of developers and you're building a product 373 00:20:24,120 --> 00:20:27,760 that's really clearly aligned with these ideas around DevOps. 374 00:20:28,400 --> 00:20:31,600 If you've got a team that's maybe managing a help desk, 375 00:20:31,680 --> 00:20:35,160 that's harder, right? So DevOps isn't truly around. 376 00:20:35,600 --> 00:20:39,520 It doesn't quite square up with sort of service delivery in that 377 00:20:39,520 --> 00:20:42,080 sense. And I've developed a lot of 378 00:20:42,080 --> 00:20:44,960 teams that we have, it spans this spectrum. 379 00:20:45,480 --> 00:20:48,960 And so sometimes DevOps concepts and ideas are more applicable 380 00:20:48,960 --> 00:20:52,080 and sometimes they're less. But I think a lot of these ideas 381 00:20:52,080 --> 00:20:55,840 are, they're always available there, right? 382 00:20:55,840 --> 00:20:59,160 To make a difference and make a change and get you closer to 383 00:20:59,160 --> 00:21:02,960 this idea of being able to deliver services at scale and 384 00:21:02,960 --> 00:21:07,880 with velocity, and treating your team with humanity and empathy. 385 00:21:09,200 --> 00:21:12,920 And now we think that when it comes to a large universe, I 386 00:21:12,920 --> 00:21:17,920 mean, look, granted Texas A&M is I think #1 in terms of the 387 00:21:17,920 --> 00:21:20,800 status of the undergrad Class A talking about a huge 388 00:21:20,800 --> 00:21:24,480 institution, yeah, you've got so much going on in terms of 389 00:21:24,480 --> 00:21:26,560 DevOps. Now you're providing services. 390 00:21:26,800 --> 00:21:30,400 This should kind of the core identity services that folks 391 00:21:30,400 --> 00:21:33,680 think of, right? Like authentication, 392 00:21:34,000 --> 00:21:39,440 authorization, identity provisioning. 393 00:21:39,800 --> 00:21:44,480 Yes, the IGA, the identity governance, so we have several 394 00:21:44,560 --> 00:21:47,160 very large scale projects in flight right now. 395 00:21:47,160 --> 00:21:52,800 We are currently replacing our entire identity infrastructure 396 00:21:53,080 --> 00:21:56,440 for that IGA function with a commercial product. 397 00:21:56,440 --> 00:22:01,520 We've had a a homegrown legacy code base that grew up over 20 398 00:22:01,520 --> 00:22:04,280 or 25 years. And so we finally, you know, 399 00:22:04,280 --> 00:22:07,040 taken the time to step back and invest and try to replace that 400 00:22:07,040 --> 00:22:10,200 with a commercial product. And that's going well. 401 00:22:10,200 --> 00:22:13,080 But it's a big project, right? We're a year into it. 402 00:22:13,080 --> 00:22:15,520 We're on schedule, but it takes time. 403 00:22:15,840 --> 00:22:20,520 This is sort of rationalizing all those upstream data sources 404 00:22:20,520 --> 00:22:24,320 from the like things like work day, where do we get that 405 00:22:24,320 --> 00:22:27,800 information about our employees and our students, etcetera. 406 00:22:28,120 --> 00:22:30,880 And then making sure that all the business logic's happening 407 00:22:30,880 --> 00:22:35,120 to provision accounts correctly. And that's where it gets really 408 00:22:35,480 --> 00:22:37,640 tricky in an academic environment because we all wear 409 00:22:37,640 --> 00:22:41,160 so many hats and we wear multiple hats at the same time. 410 00:22:41,360 --> 00:22:44,600 And a staff member can also enroll in classes and a student 411 00:22:44,600 --> 00:22:47,920 is also going to get employed and a faculty member, right, 412 00:22:47,920 --> 00:22:49,960 might also be a full time staff member like me. 413 00:22:49,960 --> 00:22:54,200 And I'm an adjunct professor. And so we just have this, you 414 00:22:54,200 --> 00:22:59,600 know, diffusion of roles and overlap of roles and juggling 415 00:22:59,600 --> 00:23:05,680 the, the number of different roles. 416 00:23:05,680 --> 00:23:11,040 And yeah, I'm not saying this well, juggling, I'll let you 417 00:23:11,040 --> 00:23:13,680 correct that in post, right. Juggling all the different roles 418 00:23:13,680 --> 00:23:16,680 and how they interact together and overlap all the the 419 00:23:16,680 --> 00:23:21,120 different permutations, that is probably one of the things that 420 00:23:21,120 --> 00:23:26,480 makes identity in a higher Ed environment unique as opposed to 421 00:23:26,880 --> 00:23:30,000 other industries. I definitely think higher Ed 422 00:23:30,000 --> 00:23:32,480 tends to be more. One of the more complex use 423 00:23:32,480 --> 00:23:34,600 cases out there from identity standpoint, I, I think we've 424 00:23:34,600 --> 00:23:37,320 probably talked about this in the past and not a lot of people 425 00:23:37,320 --> 00:23:39,680 I think are aware of of that. And all the hats you're wearing, 426 00:23:39,680 --> 00:23:40,840 right? You think like a baseball cap, 427 00:23:40,840 --> 00:23:43,880 It's like, OK, I'm in this role. You've got like a baseball cap 428 00:23:43,880 --> 00:23:45,960 that has like 5-6 different bills. 429 00:23:46,320 --> 00:23:47,920 Yeah, you're like twisting it around. 430 00:23:48,640 --> 00:23:50,320 And they're all on at the same time, right? 431 00:23:50,760 --> 00:23:52,960 You don't swap them out. They're literally there all the 432 00:23:53,000 --> 00:23:55,920 time, right? Yeah, I want to pull real 433 00:23:55,920 --> 00:24:00,240 quickly on the thread about the custom code and then switching 434 00:24:00,240 --> 00:24:05,560 to a commercial product because what I found is, yes, I think 435 00:24:05,560 --> 00:24:09,840 there's sometimes, you know, issues with custom code and you 436 00:24:09,840 --> 00:24:12,920 know, people generally are building products in their own 437 00:24:12,920 --> 00:24:15,560 environment that they are, that there are commercial solutions 438 00:24:15,560 --> 00:24:17,720 for. But sometimes it's difficult to 439 00:24:17,720 --> 00:24:21,240 make a move from custom. We've built it, we know how it 440 00:24:21,240 --> 00:24:24,400 works and whatever and now we want to go commercial. 441 00:24:24,720 --> 00:24:29,000 And what I find sometimes is the custom product that the 442 00:24:29,000 --> 00:24:32,800 organization has built. There is no comparison to a 443 00:24:32,840 --> 00:24:35,440 commercial product, right? You've built it, it meets all 444 00:24:35,440 --> 00:24:38,080 your needs and you will never find something that is apples to 445 00:24:38,080 --> 00:24:43,040 apples and equal or even better maybe than what you've already 446 00:24:43,040 --> 00:24:46,000 built. But still, maybe it's the right 447 00:24:46,000 --> 00:24:48,440 idea to shift to a commercial product because, you know, do 448 00:24:48,440 --> 00:24:51,440 you really want to be? You'd be in the business of now 449 00:24:51,440 --> 00:24:54,600 maintaining an application in addition to, oh, the primary 450 00:24:54,600 --> 00:24:57,000 mission of whatever your organization is, in your case, 451 00:24:57,080 --> 00:24:58,840 education. But it could be manufacturing, 452 00:24:58,840 --> 00:25:01,200 it could be retail. You know, unless it's a 453 00:25:01,200 --> 00:25:03,440 competitive advantage, I'm not sure why you would build a 454 00:25:03,440 --> 00:25:07,120 product in the space. That you, you exactly expressed 455 00:25:07,120 --> 00:25:10,920 the thought process here, right? True, right. 456 00:25:10,920 --> 00:25:14,960 You spend 20 years fine tuning a bunch of custom code, you're 457 00:25:14,960 --> 00:25:17,560 never going to find something that does exactly that. 458 00:25:17,560 --> 00:25:20,360 But that's your dilemma. You get yourself to this place 459 00:25:20,360 --> 00:25:22,720 where you expect that level of customization. 460 00:25:23,200 --> 00:25:27,640 OK, but now I have to balance that against the risk that 461 00:25:27,640 --> 00:25:35,120 exists because of the level of expertise needed to maintain it. 462 00:25:35,600 --> 00:25:39,920 And for higher Ed, it's hard for us to find staff. 463 00:25:39,920 --> 00:25:44,200 It's hard for us to compete to, you know, with a start up or 464 00:25:44,200 --> 00:25:47,120 another company to hire staff that have that expertise. 465 00:25:47,600 --> 00:25:50,600 And so we found ourselves in a place where it was very risky. 466 00:25:50,600 --> 00:25:54,280 We had a handful of people that understood this code and then 467 00:25:54,280 --> 00:25:56,920 eventually it trickled down to one engineer, right? 468 00:25:57,360 --> 00:26:02,440 That's not a great way to to plan for your business. 469 00:26:03,040 --> 00:26:06,960 And you know, everyone always talks about the what if somebody 470 00:26:06,960 --> 00:26:09,480 get hit by a bus? It's kind of morbid. 471 00:26:09,480 --> 00:26:12,120 So I like to say, what if, what if that person won the lottery 472 00:26:12,440 --> 00:26:17,240 and then they quit the next day? We would have been in a very bad 473 00:26:17,240 --> 00:26:18,800 place. And so that's that amount of 474 00:26:18,800 --> 00:26:21,880 risk needs to be mitigated out of the organization. 475 00:26:22,080 --> 00:26:25,720 And one way to do that is to take a step back and say, yeah, 476 00:26:25,880 --> 00:26:28,760 we're going to have to modify our customized process. 477 00:26:28,760 --> 00:26:33,800 It won't be, as you know, catered to our exact needs. 478 00:26:34,000 --> 00:26:36,920 We have to change the way we do business a little bit and 479 00:26:36,920 --> 00:26:41,960 conform to a standard workflow. But you know what, The rest of 480 00:26:41,960 --> 00:26:43,840 the world's doing it and it's working for them, so it'll 481 00:26:43,840 --> 00:26:48,000 probably work for us too. And then we've changed to this 482 00:26:48,320 --> 00:26:51,720 element where now we can go hire someone who understands this 483 00:26:51,720 --> 00:26:53,360 commercial product. There's lots of people out there 484 00:26:53,360 --> 00:26:55,800 that do. Yeah. 485 00:26:55,800 --> 00:26:58,360 I think one thing you have to be careful of is it'll take the 486 00:26:58,360 --> 00:27:02,400 commercial product and somehow like make it into a Frankenstein 487 00:27:02,400 --> 00:27:05,800 beast, right? Oh yes, yeah, that's, I have 488 00:27:05,800 --> 00:27:08,920 seen that happen multiple times at large organizations. 489 00:27:08,920 --> 00:27:13,400 I've seen it happen here at the university, which is I have my 490 00:27:13,400 --> 00:27:17,360 way of doing business right my, my workflow and I'll twist this 491 00:27:17,360 --> 00:27:21,680 commercial product to fit rather than let's change the way I'm 492 00:27:21,680 --> 00:27:25,080 doing business to a more conventional standard format. 493 00:27:26,960 --> 00:27:29,560 Yeah. So when I going back to kind of 494 00:27:29,800 --> 00:27:35,120 the DevOps piece, what we talked about the way I kind of framed 495 00:27:35,120 --> 00:27:38,400 it up, I'm maybe made it sound too simple like you're providing 496 00:27:38,600 --> 00:27:41,440 like these services, right? And so everybody should just 497 00:27:41,440 --> 00:27:45,640 snap in. But traditional approach I think 498 00:27:45,640 --> 00:27:49,840 is just handled that all within the tools that you have now 499 00:27:49,840 --> 00:27:51,720 you're integrating to a central service. 500 00:27:51,720 --> 00:27:55,480 So how do you take the central service and you've got all these 501 00:27:55,480 --> 00:28:01,480 consumer teams that are running the rank technology stack and 502 00:28:01,480 --> 00:28:03,840 have to integrate. I mean, what are you doing to 503 00:28:03,840 --> 00:28:09,280 make that consumable and for and is the feedback positive? 504 00:28:09,280 --> 00:28:12,080 Are people glad there's a central service, or do they feel 505 00:28:12,080 --> 00:28:15,160 like you're twisting their arm into doing those? 506 00:28:16,400 --> 00:28:17,840 Wow. Have you been sitting in on our 507 00:28:17,840 --> 00:28:21,120 meetings? Right. 508 00:28:21,120 --> 00:28:27,080 So historically universities are highly decentralized and and 509 00:28:27,080 --> 00:28:31,120 there is a lot of autonomy and control given out at the edge in 510 00:28:31,120 --> 00:28:33,440 the embedded units in the colleges and departments. 511 00:28:34,400 --> 00:28:36,520 Our university has been going through a rather unique 512 00:28:36,520 --> 00:28:38,920 experiment over the past two years and we have been 513 00:28:38,920 --> 00:28:42,120 centralizing all IT. We had a president who came in, 514 00:28:42,120 --> 00:28:44,840 they did an assessment, they wanted to centralized a lot of 515 00:28:44,840 --> 00:28:48,200 these functions like HR and business and finance and ITIT 516 00:28:48,200 --> 00:28:51,280 was snap of the fingers all centralized. 517 00:28:52,000 --> 00:28:59,240 And we have been struggling with that decision ever since. 518 00:28:59,240 --> 00:29:04,680 In this in this sense, right that that was a big massive 519 00:29:04,680 --> 00:29:09,120 organizational change. But practically, pragmatically, 520 00:29:09,240 --> 00:29:12,360 the management of the technology is still very decentralized 521 00:29:12,600 --> 00:29:16,200 because we had 40 different groups that all had chosen 522 00:29:16,200 --> 00:29:18,520 different tech stacks and all had chosen different tools and 523 00:29:18,520 --> 00:29:21,960 platforms. That didn't change with the 524 00:29:21,960 --> 00:29:24,000 stroke of a pen. What changed was now everyone's 525 00:29:24,000 --> 00:29:28,040 reporting into the same leadership structure, OK, But we 526 00:29:28,040 --> 00:29:31,160 still have these computers that have to be managed, right? 527 00:29:31,280 --> 00:29:34,920 And we still have this data and these services and these, you 528 00:29:34,920 --> 00:29:38,880 know, servers and data centers. So that stuff has been changing 529 00:29:38,880 --> 00:29:41,760 slowly over time. And yeah, of course, you had a 530 00:29:41,760 --> 00:29:43,920 group that had a lot of autonomy, and they got to pick 531 00:29:43,920 --> 00:29:45,760 their tech stack. And now they're being told, now 532 00:29:45,760 --> 00:29:47,840 you report to somebody else and someone else is picking your 533 00:29:47,840 --> 00:29:52,320 tech stack, you're gonna have people that aren't really happy 534 00:29:52,320 --> 00:29:53,920 about that, right? I mean, they don't appreciate 535 00:29:53,920 --> 00:30:01,160 that exactly right. So trying to engage with that 536 00:30:02,040 --> 00:30:05,640 idea with empathy and get everyone on the same page, 537 00:30:05,880 --> 00:30:09,040 that's hard. And we want to try to bring 538 00:30:09,040 --> 00:30:10,880 everybody along. Sometimes you don't have time, 539 00:30:10,880 --> 00:30:12,400 though. Sometimes you're being told by 540 00:30:12,400 --> 00:30:17,080 leadership, get this done right. And so trying to balance that is 541 00:30:17,080 --> 00:30:20,400 a big challenge. I think one of the ways we took 542 00:30:20,400 --> 00:30:23,800 this approach, right, we go back to this idea of DevOps and 543 00:30:23,800 --> 00:30:29,200 delivering a platform. You know, we try to create tools 544 00:30:29,200 --> 00:30:32,120 and platforms that we can offer and say, all right, here's what 545 00:30:32,120 --> 00:30:35,520 it's going to look like, right? We're going to give you more 546 00:30:35,520 --> 00:30:36,680 control. We're going to give you 547 00:30:36,680 --> 00:30:40,080 self-service. Come to this tool and you're not 548 00:30:40,080 --> 00:30:43,200 going to have to wait on us or ask us, mother, may I or put a 549 00:30:43,200 --> 00:30:45,160 ticket in and then wait for something to happen. 550 00:30:45,280 --> 00:30:47,960 We want to enable you to continue to move as fast as you 551 00:30:47,960 --> 00:30:50,720 did before when you had that autonomy. 552 00:30:50,720 --> 00:30:53,000 And we're going to do it in this way. 553 00:30:53,000 --> 00:30:55,360 We're going to create a platform or an API that you could just 554 00:30:55,360 --> 00:30:57,160 consume. And then we're going to put some 555 00:30:57,160 --> 00:31:00,160 monitoring on the backside so that we see what's happening, 556 00:31:00,680 --> 00:31:04,640 but we're not going to get in the way or or upfront stop you 557 00:31:04,640 --> 00:31:09,280 from from making a move forward. We are still struggling to make 558 00:31:09,280 --> 00:31:10,880 this happen all across our org, right? 559 00:31:10,880 --> 00:31:13,000 This is. We haven't solved this problem, 560 00:31:13,160 --> 00:31:16,520 but I think we've taken some steps and shown in certain areas 561 00:31:16,680 --> 00:31:20,240 that it's possible to do it in this way and and be effective. 562 00:31:21,760 --> 00:31:28,680 I think that, you know, your legacy will be you're going to 563 00:31:28,680 --> 00:31:34,560 move the university forward in the centralization journey, if 564 00:31:34,560 --> 00:31:39,640 you will, for a lot of other universities, and they're just 565 00:31:39,640 --> 00:31:41,720 stringing further and further from that. 566 00:31:42,200 --> 00:31:48,760 And it just makes doing certain things darn near impossible, 567 00:31:48,760 --> 00:31:51,280 right? So your legacy will be that, you 568 00:31:51,280 --> 00:31:54,600 know you move the ball in the right direction for as many 569 00:31:54,600 --> 00:32:00,840 years as you're at it, and the next generation of leaders will 570 00:32:01,560 --> 00:32:03,640 be able to pick up from a better place. 571 00:32:04,000 --> 00:32:06,640 That's a good point. You know, our CIO has really 572 00:32:06,640 --> 00:32:10,640 charted the strategy about how we handle this consolidation and 573 00:32:10,640 --> 00:32:13,760 he's been very careful to try to get us to this place where we 574 00:32:13,760 --> 00:32:18,680 can continue to deliver services to our customers and bring along 575 00:32:18,680 --> 00:32:21,840 our staff so that they feel like that they've got a stake in 576 00:32:21,840 --> 00:32:24,640 what's happening and they're involved and engaged. 577 00:32:25,920 --> 00:32:29,040 Yeah. I mean, I think in the higher Ed 578 00:32:29,040 --> 00:32:32,480 environment, you've learned leadership because there's 579 00:32:32,480 --> 00:32:35,640 difference between leadership and management, right? 580 00:32:35,640 --> 00:32:39,160 If you manage somebody, you can tell them go do this thing. 581 00:32:39,880 --> 00:32:45,280 If you don't manage them, you have to coerce the OR coerce 582 00:32:45,280 --> 00:32:48,120 them, or build a better mousetrap, whatever. 583 00:32:48,320 --> 00:32:50,400 You have to get them to still do the thing. 584 00:32:53,000 --> 00:32:55,760 Incentives and we sometimes call it the carrot and stick, but I, 585 00:32:55,760 --> 00:32:59,200 I think that in higher Ed there's definitely a tradition 586 00:32:59,200 --> 00:33:04,280 that you see more leadership through influence than 587 00:33:04,280 --> 00:33:08,240 leadership through direct management or supervision in 588 00:33:08,240 --> 00:33:12,040 that that concept. I wanted to pull this back into 589 00:33:12,040 --> 00:33:14,080 this. I am from Del Ostrich. 590 00:33:14,080 --> 00:33:19,000 I think it's a real interesting topic and I want to kind of get 591 00:33:19,000 --> 00:33:23,840 into your journey from where you started to where you are today, 592 00:33:23,840 --> 00:33:27,440 where you're heading. But I think kind of getting an 593 00:33:27,440 --> 00:33:31,080 understanding of your IT environment would be a good 594 00:33:31,080 --> 00:33:33,640 starting point. So are you guys in the cloud? 595 00:33:33,640 --> 00:33:38,160 Are you using on Prem hosting? What's the situation? 596 00:33:38,960 --> 00:33:42,000 So we have, yes, all of it, all the above. 597 00:33:42,720 --> 00:33:46,160 We have a multi cloud strategy. We've been moving into the cloud 598 00:33:46,160 --> 00:33:50,880 for a number of years. We are engaged with all three of 599 00:33:50,880 --> 00:33:55,560 the major cloud providers, Amazon, Azure and GCP. 600 00:33:55,880 --> 00:33:59,280 I'd say probably we have more enterprise technology in Amazon 601 00:33:59,280 --> 00:34:03,120 and Azure, but we see a lot of researchers that are interested 602 00:34:03,120 --> 00:34:08,719 in using GCP. I, I used GCP in my class when 603 00:34:08,719 --> 00:34:12,760 we do DevOps and we, you know, have the kids write code and 604 00:34:12,760 --> 00:34:15,920 they containerize code and they, you know, deploy it in a, in a 605 00:34:15,920 --> 00:34:18,760 pipeline. We usually use GCP for that. 606 00:34:20,159 --> 00:34:22,400 There's pros and cons to all three of those platforms. 607 00:34:22,400 --> 00:34:25,080 We also have a lot of infrastructure still on premise. 608 00:34:25,520 --> 00:34:28,719 Now we've been moving that into an environment that is 609 00:34:29,040 --> 00:34:32,360 virtualized and containerized as much as we can, but we still 610 00:34:32,360 --> 00:34:34,080 have a long way to go there, right. 611 00:34:34,080 --> 00:34:40,199 So we've, we're making progress, but I, I wouldn't want to 612 00:34:40,719 --> 00:34:43,159 pretend that we've sort of solved this problem, right? 613 00:34:43,159 --> 00:34:45,840 This is a journey for us and it's a a maturity. 614 00:34:46,840 --> 00:34:49,760 So you're the services that you're providing from a DevOps 615 00:34:49,760 --> 00:34:53,600 perspective, are they independent of where the 616 00:34:53,600 --> 00:34:56,760 applications are hosted or? Yeah. 617 00:34:56,760 --> 00:34:59,200 So, well, there's, there's a couple things going on, right. 618 00:34:59,200 --> 00:35:02,800 So there are services that security participates in with 619 00:35:03,280 --> 00:35:10,800 other groups, things like GitHub and GitHub Actions and, you 620 00:35:10,800 --> 00:35:13,280 know, containers, containerization, hosting and 621 00:35:13,280 --> 00:35:16,040 container security and scanning. We're building some of those. 622 00:35:16,040 --> 00:35:17,680 Some of them we've had where they're pretty mature and 623 00:35:17,680 --> 00:35:21,120 they're working pretty well. And that's independent of any of 624 00:35:21,120 --> 00:35:23,360 these different groups or different tech stacks, right? 625 00:35:23,360 --> 00:35:26,360 So anyone, no matter what they're writing and they can use 626 00:35:26,360 --> 00:35:28,800 GitHub. And we've got a, a GitHub 627 00:35:29,000 --> 00:35:33,400 enterprise, you know, license agreement with Microsoft and we 628 00:35:33,400 --> 00:35:36,600 make that available to developers or to researchers and 629 00:35:36,600 --> 00:35:37,920 grad students who want to use that. 630 00:35:38,640 --> 00:35:42,320 So that works well. We've got tools like that and 631 00:35:42,320 --> 00:35:49,120 other DevOps like services. We also have elements where we 632 00:35:49,120 --> 00:35:51,120 try to go in and work with the team. 633 00:35:51,120 --> 00:35:54,560 They're like, they want consulting or they want advice. 634 00:35:54,560 --> 00:35:58,360 How do I change the way we've been writing code and delivering 635 00:35:58,360 --> 00:36:00,240 this? How can we be more agile? 636 00:36:00,240 --> 00:36:04,440 How can we deliver this in a more cloud native application 637 00:36:04,760 --> 00:36:08,520 type of way? And so we've got a a large group 638 00:36:08,680 --> 00:36:13,000 of developers and we have a wide range of experiences there. 639 00:36:13,200 --> 00:36:18,200 Some are doing more traditional waterfall style, waterfall style 640 00:36:18,200 --> 00:36:22,200 development and some are really advanced along this, you know, 641 00:36:22,200 --> 00:36:27,360 serverless and containerized applications and very much cloud 642 00:36:27,360 --> 00:36:29,560 native software application deployment. 643 00:36:30,800 --> 00:36:34,760 So that there is a spectrum like you would expect across any 644 00:36:34,760 --> 00:36:38,560 large organization. Spectrum sounds like it's A to 645 00:36:38,560 --> 00:36:41,000 Z. Well give you some idea of the 646 00:36:41,000 --> 00:36:44,040 scale. I mean how many teams or 647 00:36:44,040 --> 00:36:49,080 applications are you supporting this DevOps environment? 648 00:36:49,080 --> 00:36:51,640 I am for DevOps. Right. 649 00:36:53,800 --> 00:36:56,800 I mean, again, the spectrum, it really dominates here, right. 650 00:36:56,800 --> 00:37:06,400 So we have probably 25, 100 to 3000 applications that are 651 00:37:06,400 --> 00:37:11,400 consuming IAM services for SSO at a minimum. 652 00:37:12,160 --> 00:37:19,080 We have probably, when I think about teams that are writing 653 00:37:19,080 --> 00:37:23,800 code and deploying custom code for applications that aren't 654 00:37:23,800 --> 00:37:26,800 just commercial applications that have been purchased, I 655 00:37:26,800 --> 00:37:30,480 would say on the order of hundreds, multiple hundreds. 656 00:37:31,160 --> 00:37:34,440 And some of that code, you know, is older and hasn't really been 657 00:37:34,440 --> 00:37:36,120 touched in a while. It just was written and then 658 00:37:36,120 --> 00:37:39,160 deployed and then left. Some of that code is active 659 00:37:39,160 --> 00:37:40,880 right now under active development. 660 00:37:41,200 --> 00:37:45,240 Some of it it's commercial products that have heavy 661 00:37:45,240 --> 00:37:47,800 customization. So we write code to customize a 662 00:37:47,800 --> 00:37:52,160 commercial product. It's a big spectrum again, 663 00:37:52,160 --> 00:37:54,320 right? And the scale is pretty large, 664 00:37:54,400 --> 00:37:57,840 right? So we think about the number of 665 00:37:58,560 --> 00:38:00,680 Amazon accounts that we're dealing with, right? 666 00:38:00,920 --> 00:38:04,760 And again, we're up into the hundreds because, you know, we 667 00:38:04,760 --> 00:38:09,040 have researchers in labs that are doing their own research and 668 00:38:09,040 --> 00:38:12,560 they kind of need to isolate the work that they do in the cloud 669 00:38:12,560 --> 00:38:15,760 in that way. So we have a model where we have 670 00:38:15,760 --> 00:38:20,400 these master agreements with the cloud providers and we provide 671 00:38:20,400 --> 00:38:25,280 access to the cloud through this mechanism. 672 00:38:26,520 --> 00:38:29,280 It allows us to have some type of telemetry and oversight into 673 00:38:29,320 --> 00:38:31,520 what's happening. We can ensure that we've got 674 00:38:31,520 --> 00:38:34,920 firewall set up and we've got network boundaries correctly 675 00:38:34,920 --> 00:38:37,960 implemented. We can watch security and 676 00:38:37,960 --> 00:38:41,600 compliance functions. But it allows the developer who 677 00:38:41,600 --> 00:38:44,400 needs to like just spin something up and try something 678 00:38:44,400 --> 00:38:47,080 in the cloud. It gives them, you know, as much 679 00:38:47,080 --> 00:38:51,560 degree of freedom as we can give them to continue to move in the 680 00:38:51,560 --> 00:38:57,040 cloud with agility. Yeah, so massive scale and it 681 00:38:57,040 --> 00:39:01,200 kind of in a way was expecting that answer setting you up to 682 00:39:01,200 --> 00:39:05,160 this next question, which is you really want to understand your 683 00:39:05,160 --> 00:39:10,800 journey of providing IM services for Gov OPS because I'm thinking 684 00:39:10,800 --> 00:39:15,320 you weren't there saying me, I see this coming in a few years 685 00:39:15,320 --> 00:39:16,720 we're going to have all this needs. 686 00:39:16,720 --> 00:39:20,800 Let's send up a team to support it and get every new 687 00:39:20,800 --> 00:39:23,760 application. No, I would assume at some point 688 00:39:23,760 --> 00:39:27,800 you came along and said we've had hundreds of apps that are 689 00:39:28,800 --> 00:39:32,480 performing identity and access management services for 690 00:39:32,520 --> 00:39:38,480 themselves and that creates all this risk for the institution. 691 00:39:39,040 --> 00:39:40,480 Yeah. Talk to us a little bit about 692 00:39:40,480 --> 00:39:42,880 that journey. When the when did you have the 693 00:39:42,880 --> 00:39:47,280 light bulb moment that happened that way and talk to us about 694 00:39:47,440 --> 00:39:53,520 what it was like before that and then after you stood up well. 695 00:39:55,320 --> 00:39:58,320 I think the light bulb moment, I'm not even sure we had one, 696 00:39:58,320 --> 00:40:00,800 right. So it was as we were looking at 697 00:40:00,960 --> 00:40:04,360 the necessity to do a pretty significant upgrade to our 698 00:40:05,320 --> 00:40:07,680 infrastructure, our identity infrastructure. 699 00:40:08,000 --> 00:40:12,200 The second piece of that was the SSO components and the auth C 700 00:40:12,200 --> 00:40:14,200 auth and then happens at the app layer. 701 00:40:14,440 --> 00:40:17,400 And we knew these were tied. We needed the infrastructure to 702 00:40:17,400 --> 00:40:22,240 be handled and a good solid foundation so that we could do. 703 00:40:22,440 --> 00:40:26,120 The things we want to accomplish at the app layer and to do the 704 00:40:26,120 --> 00:40:28,800 type of access authorization that we want to have happen. 705 00:40:29,080 --> 00:40:32,840 So we're building that foundation now and we've been 706 00:40:32,840 --> 00:40:36,480 making plans and sort of positioning ourselves to do more 707 00:40:36,480 --> 00:40:38,240 of that work. We've been calling it phase two. 708 00:40:38,360 --> 00:40:40,480 It's going to be focusing on the applications. 709 00:40:42,200 --> 00:40:45,240 You know, we've talked, we keep using this phrase like DevOps 710 00:40:45,240 --> 00:40:49,480 for IAM or IAM in DevOps. You know, I think it's really 711 00:40:49,480 --> 00:40:53,120 more for us, we've been tackling the problems that exist and are 712 00:40:53,120 --> 00:40:57,280 adjacent to IAM, right, and identity and identity security. 713 00:40:57,560 --> 00:41:01,480 And we try to bring to the table when we tackle these problems, 714 00:41:01,880 --> 00:41:07,840 an approach that incorporates DevOps concepts and ideas 715 00:41:08,040 --> 00:41:12,240 because that allows us to deliver these things with 716 00:41:12,240 --> 00:41:15,280 agility at scale, right? So when we deliver these 717 00:41:15,280 --> 00:41:18,560 platforms and services, my identity security team is doing 718 00:41:18,560 --> 00:41:24,680 these things in a way that is DevOps oriented, even if you 719 00:41:24,680 --> 00:41:28,520 mightn't call them a DevOps team at likewise, we have teams that 720 00:41:28,520 --> 00:41:31,240 are delivering cloud tech and they are doing things with a 721 00:41:31,240 --> 00:41:35,080 DevOps orientation toward how they're delivering the work. 722 00:41:35,480 --> 00:41:38,840 And that's spreading into our development teams and our other 723 00:41:38,840 --> 00:41:41,280 operations teams. And it's sort of this thing that 724 00:41:41,280 --> 00:41:45,040 is sort of gradually diffusing across our organization in 725 00:41:45,040 --> 00:41:47,360 pockets. And again, it's a maturity 726 00:41:47,840 --> 00:41:51,320 level, right? So we're not, oh, we're a great 727 00:41:51,320 --> 00:41:54,280 DevOps shop everywhere you go. Look, oh, no, of course that's 728 00:41:54,280 --> 00:41:56,240 not true. But we have pockets where you'd 729 00:41:56,240 --> 00:41:58,960 say, oh, they're doing, they're, they're very much a DevOps shop. 730 00:41:58,960 --> 00:42:03,200 All the things they do look like they conform to these DevOps 731 00:42:03,200 --> 00:42:05,120 ideals. And then you've got groups over 732 00:42:05,120 --> 00:42:08,680 here that might look a much more traditional approach to systems 733 00:42:08,680 --> 00:42:11,600 development and operations and then everything in between. 734 00:42:12,320 --> 00:42:15,480 Yeah. So, so in this scope that we're 735 00:42:15,480 --> 00:42:19,000 talking about is not just like CSDD pipeline and 736 00:42:19,280 --> 00:42:24,120 infrastructures code, it might be applications that need to 737 00:42:24,560 --> 00:42:27,600 authenticate service accounts. I mean, is that also within? 738 00:42:28,000 --> 00:42:30,720 Absolutely. And how do you consume the APIs 739 00:42:30,720 --> 00:42:33,840 that let you do these things? So these things you mentioned, 740 00:42:33,840 --> 00:42:37,520 right, infrastructures, code, but all those principles, those 741 00:42:37,520 --> 00:42:41,680 approaches that I think we've definitely incorporated that in 742 00:42:41,680 --> 00:42:44,680 security in a deeper way than we'd ever done before, right? 743 00:42:44,680 --> 00:42:48,480 So over the last two years, we've had a very mindful 744 00:42:48,480 --> 00:42:52,600 approach to take those DevOps concepts and apply them to how 745 00:42:52,600 --> 00:42:54,320 are we delivering these platforms. 746 00:42:54,560 --> 00:42:58,600 I think also, as we've changed our, our thinking of we just, 747 00:42:58,600 --> 00:43:02,480 we're running security, right? So there's one way to look at 748 00:43:02,480 --> 00:43:05,400 security function, which is, oh, I sit here and look at 749 00:43:05,400 --> 00:43:08,360 dashboards and I respond and detect and then go take an 750 00:43:08,360 --> 00:43:11,400 action versus building a platform and delivering that 751 00:43:11,400 --> 00:43:14,000 platform to other people that they can write against and 752 00:43:14,000 --> 00:43:17,720 consume. When you forced yourself to 753 00:43:17,720 --> 00:43:21,880 think about being a platform provider to other teams, well, 754 00:43:21,880 --> 00:43:25,200 now I'm responsible to build out and maintain this platform. 755 00:43:25,480 --> 00:43:30,640 Obviously, bringing along some types of DevOps approaches to 756 00:43:30,640 --> 00:43:35,560 that platform delivery is going to have big impact. 757 00:43:36,200 --> 00:43:39,360 I would imagine you if you're delivering this to other 758 00:43:39,960 --> 00:43:43,600 parties, you have to establish some sort of SLA or SLO to those 759 00:43:43,600 --> 00:43:44,800 parties. Yeah, that's right. 760 00:43:45,920 --> 00:43:49,480 I don't, I don't think we've gotten to the maturity level 761 00:43:49,480 --> 00:43:52,400 where we formalize that. But we do talk about it between 762 00:43:52,400 --> 00:43:54,880 ourselves. So I'm delivering it to another 763 00:43:54,880 --> 00:43:56,200 group. That's my peer. 764 00:43:56,200 --> 00:43:59,920 So my title is associate vice president and Chief Information 765 00:43:59,920 --> 00:44:02,200 Security Officer. There's maybe an associate vice 766 00:44:02,200 --> 00:44:05,280 president for enterprise operations and so we deliver 767 00:44:05,280 --> 00:44:08,480 things their group consumes or another associate vice president 768 00:44:08,480 --> 00:44:10,280 who's over all the development operations. 769 00:44:10,560 --> 00:44:13,520 We a lot of our stuff is consumed by their group, right? 770 00:44:13,520 --> 00:44:16,200 The developers that are building the apps and they need to 771 00:44:16,200 --> 00:44:20,040 consume these APIs and these tools and platforms to set up 772 00:44:20,120 --> 00:44:21,680 authentication and authorization. 773 00:44:22,480 --> 00:44:26,160 So we talk between ourselves about what are our agreements 774 00:44:26,160 --> 00:44:29,880 about what we provide, what can they expect from this platform 775 00:44:29,880 --> 00:44:33,040 that we deliver and we're getting better about that. 776 00:44:33,040 --> 00:44:34,840 But it's something we have to develop over time. 777 00:44:36,920 --> 00:44:39,320 Yes. So I was wondering, adding like 778 00:44:39,920 --> 00:44:42,760 how did you figure out how to do this right? 779 00:44:42,760 --> 00:44:47,560 Nobody comes out of the womb and knowing how to do identity 780 00:44:47,560 --> 00:44:51,280 security for dev OPS. But not only that, just 781 00:44:51,280 --> 00:44:53,520 understanding the dev OPS process. 782 00:44:55,160 --> 00:44:58,200 Did you learn it out of necessity or is this you know, 783 00:44:58,360 --> 00:45:00,560 how did you find your way into it? 784 00:45:01,080 --> 00:45:04,120 I think this probably goes back to my teaching, right? 785 00:45:04,120 --> 00:45:09,040 So before I got into security, even when I was an IT director 786 00:45:09,280 --> 00:45:14,600 at a college here on campus, the College of Architecture, we 787 00:45:14,600 --> 00:45:19,840 moved strongly into a DevOps model of delivering services to 788 00:45:19,840 --> 00:45:21,280 our customers. And some of the custom 789 00:45:21,280 --> 00:45:24,880 application development that we were doing there, much smaller 790 00:45:24,880 --> 00:45:28,680 scale, 'cause it's one of the smaller colleges, we were 791 00:45:28,680 --> 00:45:32,960 frustrated with our inability to sort of constantly fighting 792 00:45:32,960 --> 00:45:34,440 fires. We couldn't catch up. 793 00:45:34,440 --> 00:45:37,280 We couldn't, you know, stay ahead of all the problems that 794 00:45:37,280 --> 00:45:42,560 we had. And one of my engineers, one day 795 00:45:42,560 --> 00:45:45,480 he walked into my office and he put this book down, slammed it 796 00:45:45,480 --> 00:45:47,040 on the table. Have you seen this? 797 00:45:47,360 --> 00:45:50,400 I'm like, no, what is it? And he brought me The Phoenix 798 00:45:50,400 --> 00:45:53,600 Project by Gene Kim. So if you guys are familiar with 799 00:45:53,600 --> 00:45:56,840 that, anyone who's done any reading in dev OPS, it's a great 800 00:45:56,840 --> 00:45:58,440 book. And he's like, you got to read 801 00:45:58,440 --> 00:45:59,960 this. And I was like, OK, I'll, I'll 802 00:45:59,960 --> 00:46:01,680 read it. He's like, no, I mean, like 803 00:46:01,680 --> 00:46:03,520 right now you have to read it like. 804 00:46:03,560 --> 00:46:04,920 And he stood there. And watched you read. 805 00:46:04,920 --> 00:46:08,160 I like I started reading it and and he, no, he didn't stand 806 00:46:08,160 --> 00:46:11,520 there, but I started reading it and it hooked me immediately. 807 00:46:11,720 --> 00:46:14,680 And I, this was like, I don't know, two in the afternoon. 808 00:46:14,920 --> 00:46:18,360 And so I just got up and I left the office and I went to a 809 00:46:18,360 --> 00:46:20,240 coffee shop and I sat there and I read the book. 810 00:46:20,360 --> 00:46:23,880 I read the whole book start to cover right to the to the end. 811 00:46:24,280 --> 00:46:27,640 And I came back in the next day and I said this was amazing. 812 00:46:27,840 --> 00:46:31,600 And I bought like 12 copies for all the other full time 813 00:46:31,600 --> 00:46:33,560 staffers. And I said everybody has to read 814 00:46:33,560 --> 00:46:35,720 this. And you got two weeks. 815 00:46:35,760 --> 00:46:37,600 And then we're going to go off site and we're going to have a 816 00:46:37,600 --> 00:46:40,320 little like all day retreat and we're going to talk about it 817 00:46:40,600 --> 00:46:43,520 'cause this is the answer that I think we've been looking for. 818 00:46:43,840 --> 00:46:46,080 There's something about it just resonated with me, right? 819 00:46:46,480 --> 00:46:49,200 And that was the beginning of my DevOps journey. 820 00:46:49,520 --> 00:46:52,000 And from that point, couple years after that, I started 821 00:46:52,000 --> 00:46:54,720 teaching. I wrote a curriculum, actually 822 00:46:54,720 --> 00:46:56,960 talked to Gene Kim. He came and spoke to my class 823 00:46:56,960 --> 00:47:00,240 the first semester I taught. He told me I have all my 824 00:47:00,240 --> 00:47:02,400 students read his book. That's the first thing they do. 825 00:47:02,400 --> 00:47:05,440 They read the Phoenix Project and it sort of sets the stage 826 00:47:05,440 --> 00:47:12,040 for the entire semester. And, you know, I just continued 827 00:47:12,040 --> 00:47:17,960 to sort of get into this idea of what does it take to build a 828 00:47:17,960 --> 00:47:21,720 team that operates effectively according to these ideas and 829 00:47:21,720 --> 00:47:24,000 principles. It, it just resonated with me 830 00:47:24,000 --> 00:47:26,200 really well. And so as I've continued to 831 00:47:26,200 --> 00:47:29,640 teach and develop and sort of gotten deeper into that, I think 832 00:47:29,640 --> 00:47:33,040 that just prepped me. So when I took this role as Siso 833 00:47:33,040 --> 00:47:35,680 and I looked at these things we were delivering and how we're 834 00:47:35,680 --> 00:47:40,600 going to deliver platforms to campus and then to our fellow IT 835 00:47:40,600 --> 00:47:44,000 pros and other teams, it seems natural that we would want to 836 00:47:44,000 --> 00:47:48,120 use some of these ideas as much as we could. 837 00:47:48,120 --> 00:47:52,800 Infrastructures, code, you know, telemetry and measurement baked 838 00:47:52,800 --> 00:47:57,360 in that observability idea, the ability that we should be 839 00:47:57,360 --> 00:47:59,320 automating everything we possibly can. 840 00:47:59,960 --> 00:48:03,200 These are just natural extensions of these ideas. 841 00:48:04,040 --> 00:48:06,920 And someone who's good with note cards to be able to organize it 842 00:48:06,920 --> 00:48:09,320 on the wall. You know, you laugh about that. 843 00:48:09,320 --> 00:48:11,160 But that day we did that little retreat. 844 00:48:11,480 --> 00:48:14,320 I brought note cards, four different colors for the four 845 00:48:14,320 --> 00:48:16,600 types of work he talks about in the venues project. 846 00:48:16,840 --> 00:48:19,320 I had everyone write down all the work that we did. 847 00:48:19,680 --> 00:48:22,160 I said bring this. Yeah, you, that's one of your 848 00:48:22,280 --> 00:48:25,160 homework assignments. And they brought stacks and we 849 00:48:25,160 --> 00:48:29,360 put them up all over the wall to get a visual idea of where is 850 00:48:29,360 --> 00:48:32,240 all the work happening, where are our bottlenecks. 851 00:48:32,440 --> 00:48:35,800 For the first time ever, we had a picture of the amount of work 852 00:48:35,800 --> 00:48:39,120 we had in flight and what our work capacity was and where we 853 00:48:39,120 --> 00:48:42,760 were over or under capacity. It was a very instructive. 854 00:48:43,160 --> 00:48:45,240 Exercise. It's a great book, definitely 855 00:48:45,240 --> 00:48:47,280 recommend it for folks. If I remember, I'll put it in 856 00:48:47,280 --> 00:48:49,280 our show notes. So, Oh, yeah, you get a link to 857 00:48:49,280 --> 00:48:55,000 it as well. How do you define the ROI for 858 00:48:55,360 --> 00:48:58,600 all this work you've been doing? I guess, is there an ROI? 859 00:48:58,600 --> 00:49:00,400 Have you been able to figure out what that is? 860 00:49:00,520 --> 00:49:03,520 And I feel like that's one of the areas where, you know, you 861 00:49:03,520 --> 00:49:05,640 have to kind of justify the investments being made into 862 00:49:05,640 --> 00:49:07,080 this. You know you're getting your 863 00:49:07,080 --> 00:49:09,240 money's worth. That's a great question. 864 00:49:09,560 --> 00:49:13,280 That's a question my CIO encourages me to answer all the 865 00:49:13,280 --> 00:49:16,240 time, right. He is definitely pushed us to 866 00:49:16,240 --> 00:49:20,400 think about the work we do in terms of ROI. 867 00:49:20,640 --> 00:49:25,840 I think that many times IT leaders don't naturally think 868 00:49:25,840 --> 00:49:27,760 about that, right, If you don't have a business background. 869 00:49:28,640 --> 00:49:33,920 But in a very real way, anytime the university decides to spend 870 00:49:33,920 --> 00:49:36,560 money, if we're going to say we're going to take, you know, 871 00:49:37,000 --> 00:49:41,920 $2,000,000 and purchase a big new commercial identity system 872 00:49:42,600 --> 00:49:45,680 instead of something else, what is that something else? 873 00:49:45,760 --> 00:49:48,360 Instead of putting it into a scholarship for a student, 874 00:49:48,560 --> 00:49:52,520 instead of hiring a new faculty, instead of buying a new, you 875 00:49:52,520 --> 00:49:58,200 know, instrument that goes in a lab that lets us research this, 876 00:49:58,440 --> 00:50:04,000 these stem cells, anything that we spend our money on, we're not 877 00:50:04,000 --> 00:50:06,240 spending it somewhere else. That really makes you think, 878 00:50:06,240 --> 00:50:08,240 right, Is this important? Do we really need to do this? 879 00:50:08,240 --> 00:50:13,840 So, yeah, being able to explain ROI to university leadership is 880 00:50:13,840 --> 00:50:17,240 important. That's hard, particularly for 881 00:50:17,240 --> 00:50:21,200 something like security tools where the ROI as well. 882 00:50:21,200 --> 00:50:23,120 We didn't get hacked this week, right. 883 00:50:24,600 --> 00:50:28,080 You know, be that's not a great story, a negative story, right. 884 00:50:28,080 --> 00:50:31,160 You're trying to basically prove a negative right, right, right. 885 00:50:31,160 --> 00:50:34,280 So no, no one wants to do that. It's not a great way to tackle 886 00:50:34,280 --> 00:50:36,920 the problem. Building a narrative of what you 887 00:50:36,920 --> 00:50:40,240 gain is important. I think there is a story where 888 00:50:40,240 --> 00:50:45,240 you have to explain risk and we have to invest in tools that 889 00:50:45,240 --> 00:50:48,720 will mitigate that risk. We talked about earlier that our 890 00:50:48,720 --> 00:50:51,120 legacy code had gotten to a point where it was very risky 891 00:50:51,120 --> 00:50:52,920 because we only had one person that understood it. 892 00:50:53,080 --> 00:50:55,720 So that's a clear story. By replacing it with a 893 00:50:55,720 --> 00:50:59,200 commercial product, we have managed that risk better. 894 00:50:59,640 --> 00:51:02,000 You know, I'm able to hire people who understand the 895 00:51:02,000 --> 00:51:04,600 commercial product because it's out there in the world and it's 896 00:51:04,600 --> 00:51:08,240 a common tool. And worst case scenario, if I 897 00:51:08,240 --> 00:51:11,600 can't hire anyone, I can hire a consulting firm who specializes 898 00:51:11,600 --> 00:51:15,040 in this very common tool. And we know that we could pay 899 00:51:15,040 --> 00:51:16,960 them to come in and do some work if we needed to. 900 00:51:17,400 --> 00:51:21,040 So that's one part of the story. It's not a great story 'cause 901 00:51:21,040 --> 00:51:24,120 it's kind of a, that's a compliance and sort of risk 902 00:51:24,120 --> 00:51:27,440 story. But you know, our university 903 00:51:27,440 --> 00:51:29,720 leadership understands that they've got to manage risk. 904 00:51:30,640 --> 00:51:35,200 A better story is when you can't explain how this thing that 905 00:51:35,200 --> 00:51:39,040 you're doing enables the business the university's in, 906 00:51:39,040 --> 00:51:42,360 how does it enable teaching or enable research. 907 00:51:43,160 --> 00:51:46,640 So when we can create a story that talks about that this IT 908 00:51:46,640 --> 00:51:50,600 infrastructure makes it easier for our researchers to in 909 00:51:50,600 --> 00:51:53,520 interact with their federal partners because now we're 910 00:51:53,520 --> 00:51:57,520 meeting a standard for identity and we can share that identity 911 00:51:57,520 --> 00:52:01,680 or leverage our identities with a grant Funding Agency. 912 00:52:01,760 --> 00:52:06,760 And there are consortium that we are participating with in at 913 00:52:06,760 --> 00:52:11,520 higher end where we sort of exchange identity protocols we 914 00:52:11,520 --> 00:52:12,560 in. Common. 915 00:52:12,920 --> 00:52:14,640 In common is a great example, right? 916 00:52:14,920 --> 00:52:17,400 And so when we can do that, we have to maintain certain 917 00:52:17,400 --> 00:52:20,240 standards in order to participate in in common. 918 00:52:20,600 --> 00:52:24,440 So there are there are stories we can tell that talk about the 919 00:52:24,440 --> 00:52:26,280 benefits we can get from this as well. 920 00:52:29,320 --> 00:52:32,720 And Garrett can take a vacation or go to a conference or 921 00:52:32,720 --> 00:52:34,000 something like that. That's right. 922 00:52:35,440 --> 00:52:37,880 I want to wrap up the conversation with a quick dive 923 00:52:37,880 --> 00:52:39,640 into your teaching side of things. 924 00:52:39,640 --> 00:52:45,040 I'm curious, how has AI impacted the way that you approach your 925 00:52:45,040 --> 00:52:46,200 class? Cause you've been doing this for 926 00:52:46,200 --> 00:52:49,440 a number of years at this point and I have to imagine it's been 927 00:52:49,440 --> 00:52:53,120 pretty disruptive it it. Has it's been fun. 928 00:52:54,200 --> 00:52:59,440 This last semester, I decided to take a, a break from teaching my 929 00:52:59,440 --> 00:53:01,600 typical class, which is on DevOps. 930 00:53:01,920 --> 00:53:05,160 And I said, hey, let's do a class on machine learning and 931 00:53:05,160 --> 00:53:09,040 AI. And, you know, I'd gotten to the 932 00:53:09,040 --> 00:53:11,440 point where I knew my, my material pretty well. 933 00:53:11,440 --> 00:53:14,520 I could just kind of cruise in, teach the class, do the lecture, 934 00:53:14,960 --> 00:53:18,400 and halfway through or not even halfway through a month into the 935 00:53:18,400 --> 00:53:20,440 semester, I said, what have I done to myself? 936 00:53:20,760 --> 00:53:23,480 Because I felt like I was staying maybe two weeks ahead of 937 00:53:23,520 --> 00:53:25,320 my students. Oh yeah. 938 00:53:25,320 --> 00:53:28,400 It required a lot of reading and work on my part, but it was fun. 939 00:53:28,400 --> 00:53:33,680 We, I had the students learn about machine learning models, 940 00:53:33,680 --> 00:53:36,400 deep learning, all the different types of networks, you know, 941 00:53:36,400 --> 00:53:39,400 recombinant neural networks and convolutional neural networks 942 00:53:39,400 --> 00:53:41,800 and what they're used for and kind of how they work, the 943 00:53:41,800 --> 00:53:43,520 mathematics of them underneath the hood. 944 00:53:43,800 --> 00:53:47,280 I had them going through and building some of these things in 945 00:53:47,280 --> 00:53:50,040 code in very minimalist, sort of simplistic ways. 946 00:53:50,320 --> 00:53:54,600 Not, you know, these the students aren't in a advanced 947 00:53:54,600 --> 00:53:58,280 computer science program, They're not doing, you know, 948 00:53:58,280 --> 00:54:01,080 artificial intelligence engineering, but I wanted them 949 00:54:01,080 --> 00:54:04,840 to understand at a basic level what was going on. 950 00:54:05,240 --> 00:54:06,760 And they did and they got to do these things. 951 00:54:06,760 --> 00:54:10,120 And then until the last half of the semester, we did things like 952 00:54:10,120 --> 00:54:13,200 let's examine dark patterns in AI and what's going to be the 953 00:54:13,200 --> 00:54:16,960 impact on our economy and what are the impact on society and 954 00:54:16,960 --> 00:54:22,440 fake news and things like this. For the I've got a here's a 955 00:54:22,440 --> 00:54:27,680 funny story, right? So my final for this class was 956 00:54:27,760 --> 00:54:30,720 that I let them build something. So I didn't want them to write 957 00:54:30,720 --> 00:54:34,080 a, a paper or just do it like a final exam. 958 00:54:34,400 --> 00:54:35,920 We've done that all through the semester. 959 00:54:36,160 --> 00:54:41,480 And so I said, I want you to take an LLM or some other type 960 00:54:41,560 --> 00:54:44,520 of machine learning model and I want you to put something 961 00:54:44,520 --> 00:54:47,000 together. Maybe it's you stitch some 962 00:54:47,000 --> 00:54:49,440 things together and make an automation that does something 963 00:54:49,440 --> 00:54:51,520 in response to something and automates that. 964 00:54:52,200 --> 00:54:57,240 Maybe you train a chat bot and you have it, you know, just 965 00:54:57,240 --> 00:54:58,400 whatever you want to come up with. 966 00:54:58,400 --> 00:55:01,560 So I gave them some parameters, but I let them try to come up 967 00:55:01,560 --> 00:55:04,760 with their own thing. I had one of the teams, they 968 00:55:04,760 --> 00:55:08,480 trained like six or seven different chat bots with 969 00:55:08,480 --> 00:55:11,040 different personalities. And then they had them like go 970 00:55:11,040 --> 00:55:12,640 on Discord and talk to each other. 971 00:55:12,840 --> 00:55:14,960 So the chat bots were interacting with each other. 972 00:55:14,960 --> 00:55:19,240 So I had a number of things like this, right, Pretty creative 973 00:55:19,480 --> 00:55:22,480 types of final projects. And then one group got up and 974 00:55:22,480 --> 00:55:25,520 they, so they stood up to do their final presentation and 975 00:55:25,520 --> 00:55:28,040 they, they pulled up the PowerPoint and my picture was on 976 00:55:28,040 --> 00:55:30,120 the PowerPoint. And I thought, you know, boy, 977 00:55:30,120 --> 00:55:31,760 like, what are, what are we in for here? 978 00:55:32,120 --> 00:55:37,560 So this group found YouTube recordings of me like at a 979 00:55:37,560 --> 00:55:39,640 presentation at a conference or something. 980 00:55:39,920 --> 00:55:45,000 They extracted the audio. They cloned my voice using an AI 981 00:55:45,000 --> 00:55:47,640 cloning technique to create a voice, right? 982 00:55:47,960 --> 00:55:52,480 And then they stitched it up to Twilio and, and they pulled open 983 00:55:52,480 --> 00:55:55,360 their phone in class and they dialed a number and my voice 984 00:55:55,360 --> 00:55:58,320 answers and they start having a conversation with me. 985 00:55:59,560 --> 00:56:01,360 That's awesome. I know it was great. 986 00:56:01,360 --> 00:56:04,480 I was like, they got an A, you know, and then, and then they, 987 00:56:04,480 --> 00:56:07,440 so at first they set it up so that my voice was sort of acting 988 00:56:07,440 --> 00:56:10,480 like a, like a help desk. And they would say things like, 989 00:56:10,680 --> 00:56:13,320 can you explain the OSI model? And it would start talking about 990 00:56:13,320 --> 00:56:15,120 the seven layers of the OSI stack. 991 00:56:15,480 --> 00:56:16,960 And at some point he just like hung up. 992 00:56:16,960 --> 00:56:18,760 He's like, you got to cut it off. 993 00:56:18,760 --> 00:56:20,960 It'll just go for hours talking about whatever. 994 00:56:21,240 --> 00:56:24,120 I told him that if they ask my kids, they'd probably say that 995 00:56:24,120 --> 00:56:26,440 was the most realistic thing about the, the model. 996 00:56:27,840 --> 00:56:31,480 But but then he's decided to say, well, what could we do with 997 00:56:31,480 --> 00:56:36,040 this for, for evil, right? So they, they had it where it 998 00:56:36,040 --> 00:56:40,760 would call a student and it would say convince the student 999 00:56:41,000 --> 00:56:43,880 that the final exam schedule had been changed. 1000 00:56:43,880 --> 00:56:47,480 Don't come to class on Monday. We've moved it till Wednesday 1001 00:56:47,720 --> 00:56:50,000 and he told, he hooked it up to an LLM in the background. 1002 00:56:50,000 --> 00:56:53,120 That was like the loop, right? And so he said you're a 1003 00:56:53,120 --> 00:56:56,320 professor and told the LLM you're a professor. 1004 00:56:56,320 --> 00:56:59,400 Just make up an excuse for why a final might be moved and it 1005 00:56:59,400 --> 00:57:01,320 would just make up new excuses every time. 1006 00:57:01,360 --> 00:57:04,240 And it called, right? It's pretty clever. 1007 00:57:05,200 --> 00:57:08,240 I love that idea. Yeah, that's that's very cool. 1008 00:57:08,360 --> 00:57:12,280 Jim, your son is in school. Has has, has he seen anything 1009 00:57:12,280 --> 00:57:14,320 from an AI perspective, from an education standpoint like that? 1010 00:57:14,720 --> 00:57:17,960 You know, he's he's very early he he just finished his freshman 1011 00:57:17,960 --> 00:57:19,720 year. So he's doing a lot of like the 1012 00:57:20,440 --> 00:57:25,120 the build up courses besides the fact that he's way too cool to 1013 00:57:25,120 --> 00:57:27,200 spend a whole lot of time telling me what he's doing in 1014 00:57:27,200 --> 00:57:29,400 his life. But we do talk about his past in 1015 00:57:29,400 --> 00:57:32,520 a little bit and he's enjoying it anyway. 1016 00:57:32,520 --> 00:57:36,600 But I actually had a question. I wanted to bounce off of Adam 1017 00:57:36,960 --> 00:57:39,480 and I don't know if you've given this thought right. 1018 00:57:40,600 --> 00:57:49,520 So my idea for how AI is going to fit into identity security 1019 00:57:49,520 --> 00:57:54,680 products in the future is very much like prompt driven 1020 00:57:54,920 --> 00:57:58,240 capabilities. So imagine you're an IGA system 1021 00:57:58,880 --> 00:58:02,640 and a prompt could come up and you could start it hitting it 1022 00:58:02,640 --> 00:58:06,640 with questions and iterating on those questions to find data 1023 00:58:06,640 --> 00:58:11,680 that you want. OK, so now a little bit easier 1024 00:58:11,680 --> 00:58:16,240 to picture if the software has the AI built into the software 1025 00:58:16,240 --> 00:58:20,400 stack and it's just one database, right, that's maybe 1026 00:58:20,400 --> 00:58:23,920 even physically contained. But now you think about the 1027 00:58:23,920 --> 00:58:29,560 scenario and can an identity company keep up with the likes 1028 00:58:29,560 --> 00:58:35,120 of Microsoft or Google or open AI, right? 1029 00:58:35,120 --> 00:58:37,800 Their their models just move way faster. 1030 00:58:38,040 --> 00:58:42,440 And if they were able to kind of lease their model and plug it 1031 00:58:42,440 --> 00:58:46,560 into their software through APIs, maybe, yeah, it could just 1032 00:58:46,560 --> 00:58:49,680 be way better than they could ever build themselves. 1033 00:58:49,680 --> 00:58:54,800 So I think it goes that model, but now you have the data 1034 00:58:54,800 --> 00:59:01,280 security, can you turn say you have a platform, you're an 1035 00:59:01,280 --> 00:59:04,520 identity security company, you have 1000 customers on it. 1036 00:59:04,760 --> 00:59:11,080 Some questions would be relevant to ask that made me spam all 1037 00:59:11,080 --> 00:59:14,000 1000 customers. Like how are other people doing 1038 00:59:14,000 --> 00:59:16,600 these things? What's a common practice? 1039 00:59:17,360 --> 00:59:20,800 What's setting are most most of your customers using now? 1040 00:59:21,080 --> 00:59:23,120 Maybe it's just you say no, sorry. 1041 00:59:23,240 --> 00:59:26,040 I think that's exactly, no, I think you're exactly right. 1042 00:59:26,240 --> 00:59:31,920 And I think I suspect that many companies right now are under so 1043 00:59:31,920 --> 00:59:36,040 much pressure to demonstrate to Wall Street and to their 1044 00:59:36,040 --> 00:59:39,680 customer base that they are integrating AI in a effective, 1045 00:59:39,680 --> 00:59:44,040 clever way that they are, I don't want to say skirting the 1046 00:59:44,040 --> 00:59:47,280 boundaries, but they are definitely pushing the 1047 00:59:47,280 --> 00:59:50,480 boundaries of maybe what's appropriate to use their 1048 00:59:50,480 --> 00:59:52,800 customers data for. And I think there's just saying, 1049 00:59:52,800 --> 00:59:54,960 well, this is going to be to their benefit and they're 1050 00:59:54,960 --> 00:59:58,560 convincing themselves that they can use the data in ways that if 1051 00:59:58,560 --> 01:00:01,000 their customers truly understood how their data was being used, 1052 01:00:01,000 --> 01:00:04,360 would they would not be happy. We've noticed over the past year 1053 01:00:04,360 --> 01:00:08,400 or two that. Many of our vendors are changing 1054 01:00:08,400 --> 01:00:12,000 the terms of their and the conditions, terms and conditions 1055 01:00:12,000 --> 01:00:14,880 to say what they can do with our data that they've never wanted 1056 01:00:14,880 --> 01:00:17,120 to do things with our data before, right? 1057 01:00:17,120 --> 01:00:19,840 But now suddenly that data is valuable in a way to them that 1058 01:00:19,840 --> 01:00:22,680 it's never been before because they can build these models and 1059 01:00:22,680 --> 01:00:24,920 train these models. It's a big concern for me. 1060 01:00:25,920 --> 01:00:27,960 And you agreed to it because you got the little thing that says, 1061 01:00:28,000 --> 01:00:30,000 you know, accept or declined. To just want to. 1062 01:00:30,160 --> 01:00:32,520 Use it. Yeah, declined me to just sum 1063 01:00:32,520 --> 01:00:34,080 your entire. Eye Well, sometimes you have a 1064 01:00:34,120 --> 01:00:35,720 choice, right? It's like you either have to 1065 01:00:35,720 --> 01:00:38,280 accept it or you can't use our service. 1066 01:00:38,920 --> 01:00:42,120 When I think about AI and I haven't, I haven't poked on this 1067 01:00:42,120 --> 01:00:43,760 very much, right. So you guys are kind of hearing 1068 01:00:43,760 --> 01:00:50,560 my first thoughts on this, but this project that my student did 1069 01:00:50,560 --> 01:00:54,640 right that illustrated how easy with just a couple of minutes of 1070 01:00:54,640 --> 01:00:58,480 recorded audio, he was able to create a completely legitimate 1071 01:00:58,840 --> 01:01:02,680 voice clone that my family when I played it to them said, yeah, 1072 01:01:02,680 --> 01:01:08,160 that sounds like you, right. So this takes me to this idea of 1073 01:01:08,160 --> 01:01:12,360 we are about to enter a a time period, a mode where 1074 01:01:12,560 --> 01:01:16,840 authentication of an identity is going to become very different 1075 01:01:16,840 --> 01:01:18,680 than what we have now, what we've had in the past. 1076 01:01:18,680 --> 01:01:21,440 The ability to say, yes, I really am who I say I am. 1077 01:01:21,920 --> 01:01:26,680 Video and audio is either if it hasn't happened already, it's 1078 01:01:26,680 --> 01:01:31,440 going to very rapidly going to lose its ability to prove that 1079 01:01:31,440 --> 01:01:34,240 something happened or that someone is actually who they say 1080 01:01:34,240 --> 01:01:35,120 they are. Right? 1081 01:01:35,120 --> 01:01:39,400 This idea, one of the things we do right now, if we doubt one of 1082 01:01:39,400 --> 01:01:41,400 our customers identity and they're trying to do something 1083 01:01:41,400 --> 01:01:45,800 like reset a password or reset multi factor auth, we make them 1084 01:01:46,160 --> 01:01:50,360 open up zoom and show a government ID live with a help 1085 01:01:50,360 --> 01:01:52,520 desk worker, right? That's that's what we do. 1086 01:01:53,960 --> 01:01:57,800 That is I'm not sure that's valid anymore, right? 1087 01:01:58,040 --> 01:02:00,960 I think that it is like I've seen technology. 1088 01:02:01,080 --> 01:02:05,720 We are very, very close, if not already in a place where that's 1089 01:02:06,200 --> 01:02:10,040 capable of being spoofed with, you know, consumer grade tech 1090 01:02:10,240 --> 01:02:12,440 with AI. So now what? 1091 01:02:12,440 --> 01:02:15,520 What are we going to do about authenticating the identity of 1092 01:02:15,520 --> 01:02:17,280 someone? I think we're about to see some 1093 01:02:17,280 --> 01:02:20,880 really interesting things happen in this space, and I'm not sure 1094 01:02:20,880 --> 01:02:23,400 what it's going to look like. It's going to be like secret 1095 01:02:23,400 --> 01:02:26,840 decoder rings and flash cards. And, you know, maybe even like 1096 01:02:27,080 --> 01:02:30,720 what I'm thinking is like this very unique value that we share 1097 01:02:30,960 --> 01:02:32,960 only with people we trust. I don't know. 1098 01:02:32,960 --> 01:02:35,000 We'll call it password. Password. 1099 01:02:36,160 --> 01:02:38,120 Well, you know, are we going to go back to do you guys remember 1100 01:02:38,120 --> 01:02:40,880 the old Ring of Trust model when people were trying to do like 1101 01:02:41,240 --> 01:02:44,200 they do public key signing parties where you get together 1102 01:02:44,200 --> 01:02:46,960 in the same room and then you chain off of that? 1103 01:02:47,160 --> 01:02:50,240 You know, I don't know where we're gonna we're gonna go with 1104 01:02:50,240 --> 01:02:52,600 this. Is this an Ave. for us to 1105 01:02:52,600 --> 01:02:56,400 finally see some decent real application of blockchain tech? 1106 01:02:57,360 --> 01:02:59,880 Maybe blockchain I? Feel like it's a solution in 1107 01:02:59,880 --> 01:03:01,520 search of an identity problem for a while. 1108 01:03:01,960 --> 01:03:05,160 Yeah, yeah. I don't know where we're going 1109 01:03:05,160 --> 01:03:06,560 with it. It's gonna be interesting. 1110 01:03:06,560 --> 01:03:08,280 Just when you think you know everything about identity, 1111 01:03:08,280 --> 01:03:10,600 something new comes along and totally blows it away. 1112 01:03:11,040 --> 01:03:12,520 So right. Yeah. 1113 01:03:13,480 --> 01:03:14,560 All right. Why don't we go ahead and wrap 1114 01:03:14,560 --> 01:03:17,480 it up there for this week? Adam, thank you so much for 1115 01:03:17,480 --> 01:03:18,640 spending time with us. Again. 1116 01:03:19,360 --> 01:03:21,000 Always appreciate our conversations. 1117 01:03:21,280 --> 01:03:23,160 Yeah, this has been fun. I you're going. 1118 01:03:23,240 --> 01:03:26,840 To come back, let's see what title you get after this one. 1119 01:03:27,320 --> 01:03:31,160 See how that goes. Let's see what else, Jim. 1120 01:03:31,160 --> 01:03:33,520 We've got our YouTube channel that we're still trying to build 1121 01:03:33,520 --> 01:03:37,200 up here, youtube.com slash at IDAC Podcast. 1122 01:03:37,840 --> 01:03:44,200 We got our website idacpodcast.com, XIDAC podcasts, 1123 01:03:44,480 --> 01:03:48,440 we've got Mastodon IDC podcast at infosec dot exchange. 1124 01:03:48,920 --> 01:03:52,160 I'll have LinkedIn connections for all three of us in our show 1125 01:03:52,160 --> 01:03:55,400 notes so people can reach out, you know, provide comments, 1126 01:03:55,400 --> 01:03:56,880 feedback, etcetera. All the good stuff we read 1127 01:03:56,880 --> 01:03:59,880 everyone that comes through and do us a favor, hit that like and 1128 01:03:59,880 --> 01:04:01,440 subscribe button. That's the best way you can help 1129 01:04:01,440 --> 01:04:04,400 us out, helps us have great conversations with great guests 1130 01:04:04,400 --> 01:04:08,120 like Adam and others. So do us a favor and and hit 1131 01:04:08,120 --> 01:04:10,160 that button, share it with a friend, share it with an enemy, 1132 01:04:10,200 --> 01:04:11,600 don't care as long as you share it with somebody. 1133 01:04:12,520 --> 01:04:14,120 So we'll leave it there for this week. 1134 01:04:14,440 --> 01:04:17,200 Thanks everyone for watching or listening and we'll talk with 1135 01:04:17,200 --> 01:04:21,520 you all in the next one. You've been listening to 1136 01:04:21,560 --> 01:04:25,440 Identity at the Center. We hope you've enjoyed the show. 1137 01:04:25,680 --> 01:04:29,720 Make sure to like, rate and review, and we'll be back soon. 1138 01:04:30,040 --> 01:04:32,320 But in the meantime, hit the website at 1139 01:04:32,320 --> 01:04:38,640 identity@thecenter.com. See you next time on Identity at 1140 01:04:38,640 --> 01:04:39,600 the Center.