1 00:00:05,280 --> 00:00:11,000 This is identity at the center. If it has anything to do with I 2 00:00:11,120 --> 00:00:17,960 AM, This is the go to podcast now your hosts Jim McDonald and 3 00:00:17,960 --> 00:00:21,200 Jeff Steadman. Welcome to the Identity at the 4 00:00:21,200 --> 00:00:23,280 Center podcast. I'm Jeff and that's Jim. 5 00:00:23,280 --> 00:00:24,840 Hey, Jim. Hey, Jeff. 6 00:00:24,840 --> 00:00:26,600 How are you? Not so bad yourself. 7 00:00:27,490 --> 00:00:28,690 Good. Hey man, I'm going to throw it 8 00:00:28,690 --> 00:00:32,250 back to you today because you just opened my eyes to a new 9 00:00:32,250 --> 00:00:35,570 product and we're not a commercial for any one product, 10 00:00:35,570 --> 00:00:37,210 but this thing looks kind of cool. 11 00:00:37,210 --> 00:00:40,290 Flipper 0. Yeah, I you know it's it's been 12 00:00:40,290 --> 00:00:43,210 out for a while. I don't, I'm not technical 13 00:00:43,210 --> 00:00:44,450 enough to know all the ins and outs of it. 14 00:00:44,450 --> 00:00:48,330 It literally just came into my mailbox like less than an hour 15 00:00:48,330 --> 00:00:52,410 ago so but I eagerly ran down to it to grab it once I got the 16 00:00:52,410 --> 00:00:55,650 notification. It's a little like multi tool 17 00:00:55,730 --> 00:00:59,980 for. Variety of different tasks if 18 00:00:59,980 --> 00:01:03,220 you think about it like from I don't want to say hacking 19 00:01:03,220 --> 00:01:05,620 because that's probably not the like the best way to do it but 20 00:01:06,140 --> 00:01:08,780 you know it's designed to do like wireless signals, 21 00:01:10,140 --> 00:01:13,900 Bluetooth, infrared it's called Flipper 0. 22 00:01:13,900 --> 00:01:15,700 Don't ask me any more questions about it because they literally 23 00:01:15,700 --> 00:01:18,100 just opened up but it's been making the the news for a little 24 00:01:18,100 --> 00:01:19,780 while now. I think it actually got like 25 00:01:20,540 --> 00:01:23,460 some sort of like maybe stop shipments into the US or 26 00:01:23,460 --> 00:01:25,100 something like that at some point while people trying to 27 00:01:25,100 --> 00:01:29,150 figure out what this. Thing is, but it's Flipper 0 I'm 28 00:01:29,150 --> 00:01:31,470 just reading for the website. Flipper 0 is a portable multi 29 00:01:31,470 --> 00:01:34,630 tool for pen testers and geeks in a toy like body. 30 00:01:34,630 --> 00:01:38,350 It loves hacking digital stuff such as radio protocols, access 31 00:01:38,350 --> 00:01:40,350 control systems, hardware and more. 32 00:01:40,670 --> 00:01:42,750 Fully open source and customizable. 33 00:01:42,870 --> 00:01:44,950 You had extended a bunch of ways, got a memory slot so you 34 00:01:44,950 --> 00:01:46,230 can put your memory card in there. 35 00:01:46,230 --> 00:01:49,110 So I saw the access control thing as they found interesting. 36 00:01:49,110 --> 00:01:51,750 Let me see you know what this is all about and kind of play 37 00:01:51,750 --> 00:01:54,630 around with it and see what interesting things. 38 00:01:55,150 --> 00:01:58,190 I can get in trouble with basically, yeah. 39 00:01:58,190 --> 00:02:01,270 Well, it looked like a like a little carry in your pocket 40 00:02:01,270 --> 00:02:07,190 buddy for geeks like us. And I I saw like the on the web 41 00:02:07,190 --> 00:02:10,229 page there's like a screen where it was like a little picture of 42 00:02:10,229 --> 00:02:12,870 a dolphin head. It reminded me of that toy that 43 00:02:12,870 --> 00:02:15,950 kids used to carry around, where it was like you had to feed your 44 00:02:15,950 --> 00:02:17,910 your friend. Oh, that. 45 00:02:17,910 --> 00:02:21,070 Yeah, that was it. Tamagotchis or like Neopets or 46 00:02:21,070 --> 00:02:24,050 things like that, yeah. I never had one of those. 47 00:02:24,050 --> 00:02:27,490 I just, I, I, I think I was like in that generation or age range 48 00:02:27,490 --> 00:02:31,490 where it was like after that. And so I was like kind of not 49 00:02:31,490 --> 00:02:33,730 right in the right age for that. Yeah. 50 00:02:34,170 --> 00:02:36,410 Well, I have mine right now and he's very hungry. 51 00:02:36,410 --> 00:02:40,450 So maybe we should get on with the show and I'll feed him and 52 00:02:40,450 --> 00:02:41,850 then I'll jump back in. Yeah. 53 00:02:41,930 --> 00:02:44,010 That's probably a good idea. We don't want your virtual pet 54 00:02:44,010 --> 00:02:46,210 to die. Who knows, maybe at some point 55 00:02:46,210 --> 00:02:49,090 that's like AI. We could talk about AI, but like 56 00:02:49,370 --> 00:02:50,530 the virtual assistant type thing. 57 00:02:52,220 --> 00:02:53,540 Yeah, we got a pretty interesting show today. 58 00:02:53,540 --> 00:02:56,940 I know we're going to talk about sort of how do we talk about 59 00:02:56,940 --> 00:02:59,100 identity with the board and stuff like that. 60 00:02:59,100 --> 00:03:02,900 But before we get to that, you and I have a lot of different 61 00:03:03,100 --> 00:03:05,700 engagements, speaking wise, conferences and things that will 62 00:03:05,700 --> 00:03:07,180 be at. So I've got a few. 63 00:03:07,180 --> 00:03:10,860 I've got one coming up in Cincinnati, OH on September 64 00:03:10,860 --> 00:03:13,060 14th. It's called the Cybersecurity 65 00:03:13,060 --> 00:03:16,620 Midwest Summit 2023. It's put on by COM Spark and 66 00:03:16,620 --> 00:03:18,460 CDO. So I'm not sure how large it is. 67 00:03:18,460 --> 00:03:19,860 Seems like kind of a regional thing. 68 00:03:20,310 --> 00:03:22,510 But I'll be there. I'm part of a panel to talk 69 00:03:22,510 --> 00:03:24,070 about identity and access management. 70 00:03:24,190 --> 00:03:26,390 Something you haven't figured out what the topic will be? 71 00:03:26,390 --> 00:03:28,310 What is I am? I don't know. 72 00:03:28,310 --> 00:03:31,950 It's the existential question, as always, So we'll figure that 73 00:03:31,950 --> 00:03:34,750 out probably as we get closer. But if you're in the Cincinnati 74 00:03:34,750 --> 00:03:38,230 area, come on down, Check out the link I'll have in the show 75 00:03:38,230 --> 00:03:41,310 notes to come say hello or show support or whatever it is. 76 00:03:41,870 --> 00:03:43,830 I don't know if I have any stickers left, so I think next 77 00:03:43,830 --> 00:03:46,210 time you and I connect. I'll need to get some stickers 78 00:03:46,210 --> 00:03:49,530 from you because I feel like I gave almost everything out I had 79 00:03:49,530 --> 00:03:52,250 at the at the Identifiers Conference. 80 00:03:52,290 --> 00:03:54,570 So, yeah, yeah. Well, we'll split them up. 81 00:03:54,570 --> 00:03:57,530 I don't think we're going to get into 2024 with very many. 82 00:03:57,850 --> 00:03:59,970 At the rate we're going, we're giving away pretty good. 83 00:04:00,370 --> 00:04:01,690 Yeah, we're going to have to add some more. 84 00:04:02,410 --> 00:04:05,290 We've got Identity Week, America that's coming up. 85 00:04:05,290 --> 00:04:08,850 I'm going to be out in Washington DC October 3rd and 86 00:04:08,850 --> 00:04:11,790 4th. And we're going to be, I, I, I'm 87 00:04:11,790 --> 00:04:15,030 going to be hosting a panel there around identity and access 88 00:04:15,030 --> 00:04:16,950 management pass keys. We kind of talked about that in 89 00:04:16,950 --> 00:04:20,990 our last episode with Andrew Shikiyar and sort of the 90 00:04:20,990 --> 00:04:22,710 conversation we'll just kind of have around that. 91 00:04:22,750 --> 00:04:25,790 Again, I still need to firm that up, but I'll be out there for a 92 00:04:25,790 --> 00:04:27,550 few days. We've got a discount code for 93 00:04:27,550 --> 00:04:28,590 that one, which is very exciting. 94 00:04:28,790 --> 00:04:30,870 You get 30% off of your conference pass. 95 00:04:30,870 --> 00:04:36,750 If you use the code Ida C30, you can hopefully, you know, use 96 00:04:36,750 --> 00:04:39,270 that, take advantage of it. It's Washington, DC. 97 00:04:39,820 --> 00:04:41,660 October 3rd and 4th, Identity Week America. 98 00:04:41,660 --> 00:04:45,060 I'll have a link in our show notes and then we've got you and 99 00:04:45,060 --> 00:04:47,100 I will be at the Authenticate conference. 100 00:04:48,100 --> 00:04:52,540 We've got a code for that one as well I D AC15 podcast that could 101 00:04:52,540 --> 00:04:54,420 shift 15% off of your registration. 102 00:04:55,020 --> 00:04:56,340 I'm really looking forward to that one. 103 00:04:56,380 --> 00:04:59,980 I I like it because it's, it feels like, I don't know, more 104 00:04:59,980 --> 00:05:03,600 like a community style event. I don't know if that's right, 105 00:05:03,600 --> 00:05:07,000 but it's in Carlsbad, which is just a little bit north of San 106 00:05:07,000 --> 00:05:08,600 Diego. It's on a nice resort. 107 00:05:08,600 --> 00:05:12,480 There's golf, there's the beach. That's gonna be a lot of fun, I 108 00:05:12,480 --> 00:05:15,360 think, and we're part of the keynote type thing. 109 00:05:15,360 --> 00:05:18,560 We're gonna end up doing something like a live show as 110 00:05:18,560 --> 00:05:21,720 part of the. Part of the festivities here, So 111 00:05:21,720 --> 00:05:25,880 that'll be interesting, nerve wracking, but hopefully people 112 00:05:25,880 --> 00:05:27,040 enjoy it and we put on a good show. 113 00:05:27,400 --> 00:05:30,320 It'll be the first keynote that I've been a part of and I don't 114 00:05:30,320 --> 00:05:32,880 have to be as nervous because I'll be up there with you. 115 00:05:32,960 --> 00:05:35,360 And we're just doing our thing. We do it every week. 116 00:05:35,360 --> 00:05:37,840 So, I mean, what to get nervous about? 117 00:05:38,200 --> 00:05:40,800 I mean, yeah, we talked to, you know, what millions of people 118 00:05:40,800 --> 00:05:44,160 every week about identity and access management all around the 119 00:05:44,160 --> 00:05:47,280 world and the universe. There's just something I think 120 00:05:47,360 --> 00:05:52,200 different about being on stage, the bright lights and, you know, 121 00:05:52,200 --> 00:05:56,080 microphones and hearing your own voice amplified, which nobody 122 00:05:56,080 --> 00:05:57,240 likes the sound of their own voice. 123 00:05:58,400 --> 00:06:00,000 I think we'll have a good time. I think hopefully it's 124 00:06:00,000 --> 00:06:02,200 entertaining and hopefully, you know, people enjoy it. 125 00:06:02,200 --> 00:06:05,440 So that's why I'll be cautiously optimistic for. 126 00:06:05,440 --> 00:06:07,400 I think we'll do a good job. Yeah. 127 00:06:07,400 --> 00:06:11,040 And and the other thing is, if you're at that conference, we're 128 00:06:11,040 --> 00:06:15,040 going to be recording probably like six other podcasts. 129 00:06:15,480 --> 00:06:19,800 And the way The Room is going to be set up, the idea is that 130 00:06:19,800 --> 00:06:22,760 there's going to be able to be live studio audiences for all 131 00:06:22,760 --> 00:06:29,040 those episodes. Yeah, I'd love to have something 132 00:06:29,040 --> 00:06:31,480 where we can like engage with people, you know, in addition to 133 00:06:31,480 --> 00:06:25,760 our guests and stuff like that. So we have a opportunity to have 134 00:06:25,760 --> 00:06:34,320 a lot of fun that. Answer questions, you know, 135 00:06:34,360 --> 00:06:36,320 stuff like that. So hopefully people are there. 136 00:06:36,520 --> 00:06:38,880 Check us out. I'm gonna make signs to say 137 00:06:38,880 --> 00:06:42,680 like, applaud, applaud or laugh. Yeah, we have like something 138 00:06:42,680 --> 00:06:44,000 that comes down from like the top, right? 139 00:06:44,000 --> 00:06:46,960 And it lights up like when people should be doing their 140 00:06:46,960 --> 00:06:49,560 action like a talk show. Maybe we can set it up like 141 00:06:49,560 --> 00:06:53,040 Kramer when on that Seinfeld episode where he had like the 142 00:06:53,040 --> 00:06:55,920 couches and things like that. That would be a lot of fun. 143 00:06:56,680 --> 00:06:58,840 Yeah, right. He really got into that one. 144 00:07:00,140 --> 00:07:01,500 Okay. So that's all the stuff we got 145 00:07:01,500 --> 00:07:02,780 going on. Plenty of stuff. 146 00:07:02,820 --> 00:07:05,020 Over the next few weeks, hopefully people come and check 147 00:07:05,020 --> 00:07:06,460 us out. Hopefully people take advantage 148 00:07:06,460 --> 00:07:09,140 of all the different discounts we've been able to secure our 149 00:07:09,140 --> 00:07:10,540 show. We'll have all that information, 150 00:07:10,540 --> 00:07:14,340 links and codes and stuff in our show notes, but let's talk about 151 00:07:14,700 --> 00:07:19,620 how we talk about identity with the board or other kind of 152 00:07:19,620 --> 00:07:22,660 senior executives. I kind of loosely thinking the 153 00:07:22,660 --> 00:07:24,780 title of the show will probably something like Bored 154 00:07:24,780 --> 00:07:27,850 Conversations about I am. And when people hear that, 155 00:07:27,850 --> 00:07:33,010 they're like, you know, how do you spell board scenario, But, 156 00:07:33,090 --> 00:07:36,410 you know, try to be clever to help us with this conversation. 157 00:07:36,410 --> 00:07:38,970 Someone who has had a lot of conversation with boards, not 158 00:07:38,970 --> 00:07:42,850 boring conversations, but board conversations BOARD. 159 00:07:43,210 --> 00:07:45,650 We've got Bob Ramin. He's the chief product and 160 00:07:45,650 --> 00:07:48,490 operating officer at Viridium. Welcome to the show, Bobber. 161 00:07:48,690 --> 00:07:50,170 Thank you, Jeff. Thank you, Jim. 162 00:07:51,110 --> 00:07:53,590 Thank you for having me. It's great to join you guys and 163 00:07:53,590 --> 00:07:56,350 we're not going to have bored conversations. 164 00:07:56,910 --> 00:07:59,910 No, we we do our best to not be boring on this show. 165 00:07:59,910 --> 00:08:01,950 I think people, we kind of realized like, OK, we have some 166 00:08:01,950 --> 00:08:05,310 personality here and yeah, identity is a topic, but we try 167 00:08:05,310 --> 00:08:08,230 to be entertaining about it. You and I actually met through 168 00:08:08,230 --> 00:08:11,630 mutual friend Andy Hindel who introduced me to you at the 169 00:08:11,630 --> 00:08:13,710 Identifiers conference. So shout out to Andy for making 170 00:08:13,710 --> 00:08:15,750 this connection and we just start kind of talking in the 171 00:08:15,750 --> 00:08:16,670 hallways like, hey, you know what? 172 00:08:16,670 --> 00:08:19,390 We should probably record this. This would be a good one. 173 00:08:19,390 --> 00:08:21,180 So let's. Let's do that. 174 00:08:22,180 --> 00:08:25,820 Before we get into that, we always like to have the origin 175 00:08:25,820 --> 00:08:28,460 story of people who are in the identity business when they join 176 00:08:28,460 --> 00:08:30,980 us for the first time. So maybe you can kind of explain 177 00:08:30,980 --> 00:08:33,539 to us how did you get into the identity and access management 178 00:08:33,539 --> 00:08:35,740 field? Is it something that you chose 179 00:08:35,740 --> 00:08:43,659 or did it choose you? So I actually chose it pretty. 180 00:08:45,020 --> 00:08:48,060 Thoughtfully, I guess so. I've always, I've always liked 181 00:08:48,140 --> 00:08:52,260 security. I've always liked, you know, 182 00:08:52,700 --> 00:08:54,820 secret writings. So. 183 00:08:54,820 --> 00:08:59,060 So I was, I was a big fan of encryption and you know how it 184 00:08:59,060 --> 00:09:01,740 worked and you know, the whole, you know, that led me to 185 00:09:01,740 --> 00:09:04,220 authentication. And you remember the whole way 186 00:09:04,220 --> 00:09:05,820 people used to talk about authentication. 187 00:09:05,820 --> 00:09:08,700 Still, do you know there's the Bob and the Alice? 188 00:09:09,300 --> 00:09:13,420 Conversations that happened and then you know a colleague of 189 00:09:13,420 --> 00:09:17,140 mine introduced you know the the in the middle we call it the 190 00:09:17,140 --> 00:09:21,540 evil duck of darkness so that was the that was the that was 191 00:09:21,540 --> 00:09:23,460 the person in the middle who was trying to get in the middle of 192 00:09:23,460 --> 00:09:26,420 that communication. So so that's that's where I 193 00:09:26,420 --> 00:09:28,380 started. I started with the with 194 00:09:28,380 --> 00:09:33,460 authentication protocols and and had a great great mentor there 195 00:09:34,020 --> 00:09:39,920 Roger Shell and and he. You know, he's still pretty 196 00:09:39,920 --> 00:09:43,320 active in the industry. Amazing, amazing person and just 197 00:09:43,320 --> 00:09:45,320 a great mentor. And I learned so much from him. 198 00:09:46,760 --> 00:09:52,160 Fast forward from that, you know, eventually I decided to 199 00:09:52,160 --> 00:09:57,160 move up from just the technology side of things and I focus more 200 00:09:57,160 --> 00:10:01,170 on the business angle. And that's where I realized that 201 00:10:01,210 --> 00:10:05,290 a lot of people don't really understand, you know, what is it 202 00:10:05,290 --> 00:10:09,210 that we're doing? And partly because we make it so 203 00:10:09,210 --> 00:10:13,650 complicated, you know, people just want to, you know, 204 00:10:13,650 --> 00:10:17,290 understand things in simple terms and and how it relates to 205 00:10:17,290 --> 00:10:22,450 them and how it affects them. So the last few years, my focus 206 00:10:22,450 --> 00:10:27,290 is really to, you know, turn the whole process into storytelling 207 00:10:27,290 --> 00:10:30,020 and. And simplify the conversation, 208 00:10:30,020 --> 00:10:33,980 simplify the message and have people understand why something 209 00:10:33,980 --> 00:10:37,540 is important, especially cybersecurity and identity being 210 00:10:37,540 --> 00:10:39,780 a crucial aspect of cybersecurity now. 211 00:10:40,340 --> 00:10:42,900 And that's the conversations we're having at the C level, 212 00:10:42,900 --> 00:10:46,100 that's the conversations we're having with at the C level with 213 00:10:46,100 --> 00:10:51,220 our customers and also how to educating our customers how to 214 00:10:51,220 --> 00:10:54,340 have that conversation with their boards because. 215 00:10:55,130 --> 00:10:57,770 You know those those conversations need to happen for 216 00:10:57,770 --> 00:11:01,450 them to get the funding for them, to get the alignment for 217 00:11:01,450 --> 00:11:05,370 them, to get the support they need. 218 00:11:05,770 --> 00:11:07,850 So you're with an organization called Viridium. 219 00:11:07,850 --> 00:11:10,090 For people who aren't familiar with Viridium, can you give us 220 00:11:10,090 --> 00:11:13,730 sort of like the 30 to 62nd elevator ride? 221 00:11:13,730 --> 00:11:16,130 What do you guys do? What problems do you want to 222 00:11:16,130 --> 00:11:17,050 solve? That sort of thing? 223 00:11:18,130 --> 00:11:21,770 Yes. So, you know, going back to, I'd 224 00:11:21,770 --> 00:11:26,920 like to make things simple. At a high level, what we do is 225 00:11:27,680 --> 00:11:31,800 we make security invisible. What does that mean? 226 00:11:31,800 --> 00:11:34,720 Right? So invisible security is not bad 227 00:11:34,720 --> 00:11:39,280 security or less security. It basically just means that you 228 00:11:39,320 --> 00:11:43,240 remove the friction and make it less obvious and not in your 229 00:11:43,240 --> 00:11:46,240 face. We do that specifically for 230 00:11:46,440 --> 00:11:49,520 authentication for credentials. So we remove passwords from the 231 00:11:49,520 --> 00:11:52,600 user experience, right? So where we enable password less 232 00:11:52,600 --> 00:11:58,300 authentication? And we do that with a variety of 233 00:11:58,300 --> 00:12:02,700 factors And then we have two of those factors are our own in 234 00:12:02,700 --> 00:12:07,820 house factors that are developed for biometrics. 235 00:12:08,220 --> 00:12:10,180 We use computer vision for biometrics. 236 00:12:10,940 --> 00:12:15,820 So that's a key factor for us. But yeah, we make security 237 00:12:15,820 --> 00:12:21,140 invisible, remove anxiety from the login process. 238 00:12:22,380 --> 00:12:26,980 And and help organizations get you know stronger and and have 239 00:12:26,980 --> 00:12:31,100 better overall access control. OK. 240 00:12:31,100 --> 00:12:32,940 So the elevator doors just opened up. 241 00:12:33,020 --> 00:12:36,460 You've explained what you do or what we're idium, you know, does 242 00:12:36,900 --> 00:12:40,620 take us through sort of a week in the life of someone who's 243 00:12:40,620 --> 00:12:44,860 responsible for both product and operations, for an identity 244 00:12:44,860 --> 00:12:47,380 organization like yours. Can you just kind of help us 245 00:12:47,380 --> 00:12:49,220 walk us through and kind of appreciate you know, what are 246 00:12:49,220 --> 00:12:51,260 the types of things you do work on that sort of thing? 247 00:12:51,980 --> 00:12:57,580 Yeah, so you know it is and you and I were talking about this 248 00:12:58,700 --> 00:13:02,300 earlier it it is wearing a two different hats. 249 00:13:02,900 --> 00:13:06,540 So the product side is really focused on you know what is it 250 00:13:06,540 --> 00:13:09,740 that we're doing on the product itself, how are we, how are we 251 00:13:09,740 --> 00:13:13,060 advancing the state of of the product, how are we, you know 252 00:13:13,060 --> 00:13:18,260 making sure that you know we're we're supporting standards and 253 00:13:18,660 --> 00:13:21,380 and we're doing all the integrations with the existing. 254 00:13:21,540 --> 00:13:24,180 I am infrastructure that our customers have in their 255 00:13:24,180 --> 00:13:26,780 environments how we're supporting legacy applications, 256 00:13:26,780 --> 00:13:33,060 cloud applications. The operational side focuses 257 00:13:33,060 --> 00:13:39,140 more on demand generation, marketing, go to market, channel 258 00:13:39,140 --> 00:13:46,620 development, the other areas that are also touch points for a 259 00:13:46,620 --> 00:13:50,660 customer. But they're not directly related 260 00:13:50,660 --> 00:13:54,860 to the product. So the overall goal really is to 261 00:13:54,860 --> 00:13:59,820 remove the friction from every touch point you have with the 262 00:13:59,820 --> 00:14:02,700 customer, right? That means when a customer comes 263 00:14:02,700 --> 00:14:05,540 to your website, or when a customer engages with you, or 264 00:14:05,540 --> 00:14:08,020 when a customer is trying to buy something, or when you're trying 265 00:14:08,020 --> 00:14:13,500 to explain to them you know the value of what you're providing 266 00:14:13,500 --> 00:14:15,690 to them. When a customer is trying to do 267 00:14:15,690 --> 00:14:20,010 procurement, when they're trying to do a renewal, all of those 268 00:14:20,010 --> 00:14:23,770 are touch points and you can have the greatest product 269 00:14:23,770 --> 00:14:27,690 experience, but you can have the worst procurement experience. 270 00:14:29,170 --> 00:14:32,210 We've all seen that in our normal lives. 271 00:14:33,050 --> 00:14:40,450 So the operational part of the job is to smooth that aspect 272 00:14:40,450 --> 00:14:42,750 out. And make sure that the business 273 00:14:42,750 --> 00:14:48,230 is able to scale as as we grow. And since you bring up all those 274 00:14:48,230 --> 00:14:51,510 facets of it, I think everyone probably has a story of like, 275 00:14:51,510 --> 00:14:54,950 oh, this is a great product, but oh, procurement was a real pain 276 00:14:55,310 --> 00:14:58,430 or, you know, the sales team wasn't responsive or, you know, 277 00:14:58,430 --> 00:15:01,110 whatever it may be. And that can really kill the 278 00:15:01,110 --> 00:15:03,470 experience, overall experience, right, with an organization. 279 00:15:03,470 --> 00:15:05,030 So it's interesting to hear you talk about that. 280 00:15:05,430 --> 00:15:08,910 Do you ever find yourself in conflict where? 281 00:15:08,950 --> 00:15:11,210 Because you own? You know, responsible for the 282 00:15:11,210 --> 00:15:14,770 product side and the operations where you know, I think most 283 00:15:14,770 --> 00:15:17,450 product managers are like, yes, it's going to do all these great 284 00:15:17,450 --> 00:15:20,330 things and the budget's unlimited and you know, we don't 285 00:15:20,330 --> 00:15:23,010 have to worry about support, you know, this other stuff. 286 00:15:23,010 --> 00:15:25,690 But obviously in the operations side, you've got to be able to 287 00:15:25,690 --> 00:15:27,890 smooth that stuff out and make sure you actually can deliver a 288 00:15:27,890 --> 00:15:31,050 product that not only works but works well and has all those 289 00:15:31,050 --> 00:15:33,090 other different parts. Do you ever find yourself sort 290 00:15:33,090 --> 00:15:38,020 of in a conflict like that? No, I I think just like what you 291 00:15:38,020 --> 00:15:42,300 just said it, it actually it actually forces me to think 292 00:15:42,460 --> 00:15:49,300 holistically in a 360 way and you know look at things from the 293 00:15:49,300 --> 00:15:51,540 most pragmatic point of view, right. 294 00:15:51,540 --> 00:15:56,620 It's not about the shiny toy, it's about how much value and 295 00:15:56,620 --> 00:15:59,580 what's the fastest way the customer can achieve value from 296 00:15:59,580 --> 00:16:02,710 that. That is the number one focus, 297 00:16:02,910 --> 00:16:05,390 right. So, so for everything we do that 298 00:16:05,390 --> 00:16:08,070 is the number one focus is how do, how does the customer 299 00:16:08,070 --> 00:16:11,590 achieve value in the fastest possible way because if there's 300 00:16:12,030 --> 00:16:15,350 just sit on the shelf then it's doing nobody any good. 301 00:16:15,750 --> 00:16:18,630 So Bobber, I've been thinking about these, you know, bringing 302 00:16:18,630 --> 00:16:23,710 these topics to the board and I think it's two things, right? 303 00:16:24,910 --> 00:16:27,750 Kind of classified as like you're selling an idea. 304 00:16:28,700 --> 00:16:30,980 And the second thing is by the time you get to the board, 305 00:16:31,220 --> 00:16:33,900 you've already had this conversation. 306 00:16:33,900 --> 00:16:36,860 You've already done this presentation a number of times. 307 00:16:36,860 --> 00:16:40,020 So now you're refining your story. 308 00:16:40,500 --> 00:16:43,140 And I think that that word intentionally picked that word 309 00:16:43,380 --> 00:16:46,300 story. I think you're telling a story, 310 00:16:46,300 --> 00:16:48,260 right? You're talking about we have the 311 00:16:48,260 --> 00:16:52,860 problem, we have a solution and then here's what we need in 312 00:16:52,860 --> 00:16:55,300 order to implement that solution. 313 00:16:55,580 --> 00:16:59,710 So I guess what I want to do is throw out some of those ideas to 314 00:16:59,710 --> 00:17:04,750 see, do you think that's the effective way to approach that 315 00:17:04,750 --> 00:17:07,750 board conversation? We have some other thoughts that 316 00:17:07,750 --> 00:17:10,349 need to be added or in place of that. 317 00:17:10,829 --> 00:17:14,270 I think the first thing and and I think Jeff and I spoke about 318 00:17:14,270 --> 00:17:20,310 this, The first thing to do is to really make the board 319 00:17:20,310 --> 00:17:24,470 understand and and educate them as. 320 00:17:24,950 --> 00:17:26,710 You know, they don't know what they don't know. 321 00:17:27,069 --> 00:17:32,110 In fact there was a survey and we'll we'll put a link in there 322 00:17:32,590 --> 00:17:37,670 from diligent survey as to what directors think. 323 00:17:38,350 --> 00:17:42,190 And you know they they ranked, you know different things that a 324 00:17:42,190 --> 00:17:46,270 board member is concerned about. And board members in that survey 325 00:17:46,270 --> 00:17:50,830 ranked cybersecurity, which you know identity and access, is a 326 00:17:50,910 --> 00:17:54,550 critical part of, as the most challenging. 327 00:17:54,980 --> 00:17:59,780 Issue to oversee right. This came ahead of digital 328 00:17:59,780 --> 00:18:04,180 transformation, this came ahead of innovation, capital 329 00:18:04,180 --> 00:18:08,500 allocation and and why is that right. 330 00:18:08,660 --> 00:18:13,100 So, so that becomes really the the biggest issue because most 331 00:18:13,100 --> 00:18:18,100 people don't really understand what that means and and I 332 00:18:18,260 --> 00:18:24,280 frankly, I blame our, you know. Profession for not doing a good 333 00:18:24,280 --> 00:18:29,200 job in explaining that we use too many acronyms. 334 00:18:30,760 --> 00:18:33,240 I've had conversations where, you know, it's like the whole 335 00:18:33,240 --> 00:18:36,640 sentence is full of three letter acronyms with a proposition 336 00:18:36,640 --> 00:18:39,400 thrown in there just so you know, it sounds like a sentence. 337 00:18:40,920 --> 00:18:44,780 So really, it's. Educating the board on 338 00:18:44,820 --> 00:18:47,260 cybersecurity on identity and access, right. 339 00:18:47,420 --> 00:18:50,100 So first of all, you have to explain to them, and by the way, 340 00:18:50,420 --> 00:18:52,500 a good way to do that is board decks. 341 00:18:53,300 --> 00:18:56,860 Board decks are always provided up front to the board, and it's 342 00:18:56,860 --> 00:19:00,260 a great place for them to get educated on with a lot of 343 00:19:00,260 --> 00:19:04,500 material and data they can read up on beforehand so that they 344 00:19:04,500 --> 00:19:08,780 come to the conversation more prepared and they're not feeling 345 00:19:08,780 --> 00:19:11,700 on the spot asking questions that they don't want to ask or 346 00:19:11,700 --> 00:19:13,450 you know, you're. Being put on the spot either, 347 00:19:14,130 --> 00:19:18,130 but helping them understand that, one, cybersecurity is much 348 00:19:18,130 --> 00:19:23,530 more than data protection. So if you ask 10 board members 349 00:19:23,530 --> 00:19:27,530 out there, I'm making this number up, you know, what does 350 00:19:27,530 --> 00:19:30,970 cybersecurity mean? Most of them will say, oh, it's 351 00:19:30,970 --> 00:19:32,890 data protection. Well, you know what? 352 00:19:32,930 --> 00:19:36,050 It's more than data protection because and I didn't a 353 00:19:36,050 --> 00:19:38,930 cybersecurity attack, you know, that is you know. 354 00:19:39,640 --> 00:19:42,200 Basically an identity breach or something like that. 355 00:19:42,960 --> 00:19:48,360 It can be way more than data extraction. 356 00:19:49,040 --> 00:19:54,880 It can affect your supply chain. If it affects your supply chain, 357 00:19:55,200 --> 00:20:00,640 it affects your ability to deliver product if it, that is 358 00:20:00,640 --> 00:20:04,120 going to your bottom line immediately, right? 359 00:20:04,320 --> 00:20:06,360 So if you can't deliver product, you can't. 360 00:20:06,480 --> 00:20:08,060 You can't. Sell thing. 361 00:20:08,060 --> 00:20:10,580 You can't make revenue, Your customers will go to somebody 362 00:20:10,580 --> 00:20:13,460 else, your customers will find an alternate product. 363 00:20:14,860 --> 00:20:19,900 The other aspect is what happens from a reputation damage and a 364 00:20:19,900 --> 00:20:24,420 business disruption perspective. So again, talking in the 365 00:20:24,420 --> 00:20:28,700 language of business becomes really, really important, right. 366 00:20:30,060 --> 00:20:33,300 Does your board understand what are the different disclosure 367 00:20:33,300 --> 00:20:35,700 acts? Because each disclosure act for 368 00:20:35,700 --> 00:20:42,060 your industry is going to cost X amount of time, effort and money 369 00:20:42,740 --> 00:20:45,620 to to process that and to make that happen. 370 00:20:45,980 --> 00:20:48,380 So what is happening that you don't have a set of people 371 00:20:48,380 --> 00:20:51,700 sitting there that are doing nothing waiting for, you know, a 372 00:20:51,700 --> 00:20:55,380 disclosure act or a disclosure to happen so that they can do 373 00:20:55,380 --> 00:20:57,580 their job. These are the same people who 374 00:20:57,580 --> 00:21:00,660 haven't nine to five job and now you're asking him to prepare 375 00:21:00,660 --> 00:21:03,540 information because there was a breach and you have to do some 376 00:21:03,540 --> 00:21:05,180 disclosure. So. 377 00:21:05,260 --> 00:21:08,100 So it's taking away from somebody else. 378 00:21:09,340 --> 00:21:11,300 Does that does that make sense Jim? 379 00:21:11,300 --> 00:21:14,140 Does that, is that what you're hearing also? 380 00:21:14,940 --> 00:21:17,980 Yeah, absolutely. I think one one thing that a 381 00:21:17,980 --> 00:21:22,140 trap people fall into is they look at these Board of director 382 00:21:22,140 --> 00:21:24,700 meetings where they're going to get up and speak about a topic, 383 00:21:25,220 --> 00:21:27,620 something like I did in the access management, which could 384 00:21:27,620 --> 00:21:30,070 be. Tremendously technical or like 385 00:21:30,070 --> 00:21:34,070 you said, you could tie it to the business speak, but all you 386 00:21:34,070 --> 00:21:38,150 know the business outcomes and rather than thinking of it in 387 00:21:38,150 --> 00:21:43,110 terms of I'm here to make this understandable and to inform 388 00:21:43,110 --> 00:21:46,630 people they think of it as this is my opportunity to show that 389 00:21:46,630 --> 00:21:50,950 I'm the right guy for the job. I really understand this issue. 390 00:21:51,190 --> 00:21:53,510 That is the wrong way to look at something like that. 391 00:21:55,670 --> 00:21:59,190 You know, kind of one of the things I was thinking was, you 392 00:21:59,190 --> 00:22:02,990 know, what are you, what are you hearing when you go to board 393 00:22:02,990 --> 00:22:05,710 meetings or when you work with people who are presenting to the 394 00:22:05,710 --> 00:22:08,270 board? What are, what's the board 395 00:22:08,270 --> 00:22:10,070 asking about in terms of identity? 396 00:22:10,070 --> 00:22:13,510 What is kind of that that understanding level that they 397 00:22:13,510 --> 00:22:18,550 have today Or what do I, I think kind of going in there with like 398 00:22:18,550 --> 00:22:22,710 that that understanding of here's what I'm here's the level 399 00:22:22,710 --> 00:22:24,870 of knowledge that I'm likely to be dealing with. 400 00:22:25,530 --> 00:22:29,610 So that you're not trying to make it so basic that OK, you're 401 00:22:29,610 --> 00:22:33,450 boring the heck out of me. Or you're making it to advance 402 00:22:33,450 --> 00:22:36,130 that they're not understanding what you want to do. 403 00:22:36,130 --> 00:22:39,690 When you say we're going to use SAML to connect to our Idp to 404 00:22:39,690 --> 00:22:43,690 issue a token, yeah, and you said it right. 405 00:22:44,170 --> 00:22:49,130 They don't really care that level of detail because board 406 00:22:49,130 --> 00:22:53,410 members are not operators. Board members are a governance 407 00:22:53,410 --> 00:22:57,650 function that is helping an organization steer 408 00:22:57,650 --> 00:23:03,530 strategically. So for board members, it is more 409 00:23:03,530 --> 00:23:07,570 important to understand how cybersecurity identity and 410 00:23:07,570 --> 00:23:16,170 access affect the organization at a global or at a company wide 411 00:23:16,490 --> 00:23:20,170 at an organizational level. So when you look at it from that 412 00:23:20,170 --> 00:23:25,830 perspective, what is, how does, how does any of this affect an 413 00:23:25,830 --> 00:23:28,830 organization at an organizational level? 414 00:23:29,350 --> 00:23:35,150 Well, the first thing is, is it going to disrupt my business? 415 00:23:36,270 --> 00:23:39,990 Like the business continuity becomes really, really 416 00:23:39,990 --> 00:23:44,310 important. It doesn't matter if you're 417 00:23:44,310 --> 00:23:50,430 using tool A, Tool B or tool C What's more important is 418 00:23:51,470 --> 00:23:55,030 business continuity and the disruption to the business. 419 00:23:55,310 --> 00:23:58,870 That could be from supply chain, that could be from people not 420 00:23:58,870 --> 00:24:02,190 being able to access something. That could be people, employees 421 00:24:02,190 --> 00:24:06,110 not being able to log in. Or that could be your data is 422 00:24:06,110 --> 00:24:09,550 locked up because somebody encrypted everything. 423 00:24:10,630 --> 00:24:13,950 So then the conversation happens, OK. 424 00:24:13,950 --> 00:24:19,470 So it's not a matter of, it's not a matter of if, it's a 425 00:24:19,470 --> 00:24:23,990 matter of when, because cyber attacks are opportunistic. 426 00:24:25,150 --> 00:24:35,150 So what is the mitigation plan? What happens when it happens? 427 00:24:35,550 --> 00:24:40,950 So what is the mitigation plan? Another thing to do there is to, 428 00:24:40,950 --> 00:24:44,510 I don't know if you're familiar with tabletop exercises. 429 00:24:44,990 --> 00:24:48,870 So do a tabletop exercise with your board. 430 00:24:50,180 --> 00:24:56,340 Because what that allows it is to that everybody is you know 431 00:24:56,340 --> 00:24:58,500 it's a non threatening environment because you know 432 00:24:58,780 --> 00:25:00,700 it's a collaborative exercise at that point. 433 00:25:01,260 --> 00:25:07,340 And it also identifies if there are gaps between what is it that 434 00:25:07,580 --> 00:25:12,340 is going to happen in case of a disaster, in case of a problem. 435 00:25:12,620 --> 00:25:15,340 And everybody understands what their role is and you find out 436 00:25:15,340 --> 00:25:18,930 if there's a gap and then who is going to fill that gap and what 437 00:25:18,930 --> 00:25:20,930 kind of people we need to bring in to fill that gap. 438 00:25:21,730 --> 00:25:24,730 Does that make sense, Jim? Yeah, that's good. 439 00:25:24,730 --> 00:25:30,730 I think another thing that is helpful is working with people 440 00:25:30,730 --> 00:25:34,810 who maybe know the individuals on the board, what angle they're 441 00:25:34,810 --> 00:25:40,210 coming from, because it might be somebody on the board Golfs with 442 00:25:40,210 --> 00:25:43,760 the CEO of Super Platform. And they want to know why aren't 443 00:25:43,760 --> 00:25:47,360 we just using Super platform? It can solve all of the problems 444 00:25:47,360 --> 00:25:49,960 that we have. We should use Super Platform. 445 00:25:51,200 --> 00:25:56,800 I think the other thing is, you know, and I knew this more, 446 00:25:59,880 --> 00:26:04,240 maybe not as a fact, but I hear it a lot, is that board members 447 00:26:04,240 --> 00:26:08,680 tend to get wrapped around certain industry buzz terms like 448 00:26:08,680 --> 00:26:12,900 zero trust or a I. And they might not really know 449 00:26:12,900 --> 00:26:15,660 what those things mean like zero trust almost. 450 00:26:15,660 --> 00:26:19,820 You feel like the the way it works is implied by the name, 451 00:26:19,820 --> 00:26:24,340 like we don't trust anybody so it must be bad or something like 452 00:26:24,340 --> 00:26:26,180 that. But I wanted to get your 453 00:26:26,180 --> 00:26:29,780 perspective, especially around the second point, Like how do 454 00:26:29,980 --> 00:26:36,100 Zero trust or a I or some of these industry buzzwords wind up 455 00:26:36,100 --> 00:26:38,940 getting ingrained to people's thinking and. 456 00:26:39,740 --> 00:26:42,580 Do we have to like kind of get ahead of that, debunk some of 457 00:26:42,580 --> 00:26:46,780 those things or explain some of those things ahead of those 458 00:26:46,780 --> 00:26:50,460 questions coming? So that's a great question. 459 00:26:52,940 --> 00:26:57,620 One way to actually elevate the conversation is to attach the 460 00:26:57,620 --> 00:27:02,800 conversation to larger initiatives which you know zero 461 00:27:02,800 --> 00:27:05,480 trust digital transformation. Those are you know some of the 462 00:27:05,760 --> 00:27:09,280 some of the some of the major initiatives that that happen at 463 00:27:09,680 --> 00:27:13,240 at at a board level. Zero Trust is extremely 464 00:27:13,240 --> 00:27:14,760 important to everybody right now. 465 00:27:15,360 --> 00:27:21,600 So and and it's OK that you know people they they might have 466 00:27:21,600 --> 00:27:24,800 slightly different understanding of what Zero Trust is, right. 467 00:27:24,800 --> 00:27:28,440 That's less important. The more important aspect is 468 00:27:28,600 --> 00:27:36,380 that you can tie the everything that organization is doing from 469 00:27:36,380 --> 00:27:39,340 a cyber security perspective, from an identity and access 470 00:27:39,340 --> 00:27:44,140 perspective. You can tie that to the work 471 00:27:44,140 --> 00:27:47,580 that is going on to the work going on around zero trust. 472 00:27:47,860 --> 00:27:50,960 And you can say, well, you know what, this is what we have to 473 00:27:50,960 --> 00:27:53,960 report. Like if zero trust becomes part 474 00:27:54,000 --> 00:27:59,880 of the messaging, if zero trust becomes part of the reason that 475 00:28:00,160 --> 00:28:05,480 your customers and your partners feel more confident about what 476 00:28:05,480 --> 00:28:09,360 you're doing, then that's great, right? 477 00:28:10,120 --> 00:28:13,480 So it's less about, it's less about that they have to 478 00:28:13,480 --> 00:28:16,320 understand all the nuances of zero trust. 479 00:28:17,330 --> 00:28:22,810 But it's more important is that they understand that there are 480 00:28:23,010 --> 00:28:26,250 well thought out frameworks like there's a NIST framework for 481 00:28:26,250 --> 00:28:29,970 zero trust. So attaching, you know what 482 00:28:30,050 --> 00:28:33,770 everything that is going on inside the organization and you 483 00:28:33,770 --> 00:28:37,130 know saying that look, this is attaching it to this framework, 484 00:28:37,130 --> 00:28:40,410 this framework is already defining what is 0 trust. 485 00:28:40,730 --> 00:28:44,810 So we're doing XY&Z or we're using these tool sets to attach 486 00:28:44,810 --> 00:28:48,450 to that. That's the more important aspect 487 00:28:48,570 --> 00:28:50,850 because they don't really need to understand the nuances, but 488 00:28:50,850 --> 00:28:53,370 they need to understand that you're thinking about it in the 489 00:28:53,370 --> 00:28:58,770 right way and framework thinking is the right way because then 490 00:28:58,770 --> 00:29:01,370 you're not hung up on a single tool, you're not hung up on a 491 00:29:01,370 --> 00:29:03,810 single vendor, but you're looking at things more 492 00:29:03,810 --> 00:29:07,050 holistically. That's been my experience. 493 00:29:07,050 --> 00:29:10,690 That's my advice to everybody is to use frameworks. 494 00:29:11,670 --> 00:29:13,030 I'm with you on the framework thing. 495 00:29:13,030 --> 00:29:16,190 I think 2 areas where if you can attach your thinking to a 496 00:29:16,190 --> 00:29:19,710 framework where it's kind of shows that, all right, this 497 00:29:19,710 --> 00:29:24,630 isn't just some you know idea that we're we're throwing in to 498 00:29:24,630 --> 00:29:28,470 the mix or replacing everything we've always done, but it's 499 00:29:28,470 --> 00:29:32,710 actually is part of a bigger ecosystem of a way of attacking 500 00:29:32,710 --> 00:29:37,550 the problem. I I also think that Board of 501 00:29:37,550 --> 00:29:40,390 Directors are also very interested in what are our peers 502 00:29:40,390 --> 00:29:42,810 doing. So if you can collect that 503 00:29:42,810 --> 00:29:47,730 information and say, Oh yes, our peers are going down the zero 504 00:29:47,730 --> 00:29:54,730 trust route and we have a, you know folks that are focused on 505 00:29:55,250 --> 00:29:57,290 identity at these peer organizations. 506 00:29:57,290 --> 00:30:01,090 We have a a monthly touch point or a quarterly touch point where 507 00:30:01,090 --> 00:30:04,930 we just talk about some of these issues and this is the general 508 00:30:04,930 --> 00:30:06,930 direction that we're heading. I think that's. 509 00:30:07,390 --> 00:30:09,110 That buys a lot of value as well. 510 00:30:09,310 --> 00:30:12,230 I actually wanted to shift the discussion a little bit to an 511 00:30:12,230 --> 00:30:15,950 idea that was talked pretty heavily about at Identiverse, 512 00:30:15,950 --> 00:30:20,150 which was the idea of the Chief Identity Officer. 513 00:30:20,150 --> 00:30:23,430 We had Ian Glazer on the podcast during Identiverse. 514 00:30:23,430 --> 00:30:26,950 He talked to us about this and we we joked around. 515 00:30:26,950 --> 00:30:30,030 So what is how do you shorten the name of Chief Identity 516 00:30:30,030 --> 00:30:33,510 Officer? We came up with Cheeto CHIDO. 517 00:30:34,750 --> 00:30:37,010 Joking all joking aside. I. 518 00:30:37,050 --> 00:30:38,210 Love your. Vote that. 519 00:30:38,770 --> 00:30:40,530 Let's make this a thing. Let's make this a thing. 520 00:30:40,530 --> 00:30:42,490 It's Cheeto. It's Cheeto. 521 00:30:42,690 --> 00:30:45,090 It's Cheeto. You heard it here first. 522 00:30:45,290 --> 00:30:49,210 So Bobber is your vote. That organization should have a 523 00:30:49,210 --> 00:30:52,650 Cheeto. That's an interesting question. 524 00:30:54,410 --> 00:30:58,610 Without thinking about it too much, I think that yes, 525 00:30:59,050 --> 00:31:02,450 organizations should have a Chief Digital Officer. 526 00:31:02,490 --> 00:31:06,680 And the reason behind that is that, you know, everything that 527 00:31:06,680 --> 00:31:12,400 organizations do nowadays is in some way, you know, associated 528 00:31:12,840 --> 00:31:15,640 with digital, for lack of a better word, right? 529 00:31:15,880 --> 00:31:18,920 So Cheeto would be Chief Identity Officer, just for 530 00:31:18,920 --> 00:31:24,200 clarity, fair enough to me. To me they are, they're, they're 531 00:31:24,600 --> 00:31:28,080 similar, right. And the reason I say that is 532 00:31:28,640 --> 00:31:35,890 that identity becomes the gate and becomes the, you know, the 533 00:31:35,930 --> 00:31:39,610 the front door before you can really do anything, before you 534 00:31:39,610 --> 00:31:42,290 can access anything, before you can give somebody access, before 535 00:31:42,290 --> 00:31:45,610 you can know what is going on in your organization. 536 00:31:46,050 --> 00:31:51,970 So identities started in the HR system because identity was used 537 00:31:52,050 --> 00:31:55,410 to make sure that people got paid so you knew who to pay. 538 00:31:57,090 --> 00:32:02,330 But now because we've got so much, you know, digital 539 00:32:02,330 --> 00:32:09,400 transformation and we've got so much digital stuff, identity 540 00:32:09,480 --> 00:32:13,720 becomes crucial to interaction, you know, day-to-day 541 00:32:13,720 --> 00:32:17,840 interaction. So my vote and my opinion really 542 00:32:17,840 --> 00:32:20,720 is that you know, Chief Identity Officer and Chief Digital 543 00:32:20,720 --> 00:32:24,040 Officer are two sides of the same coin. 544 00:32:25,060 --> 00:32:27,220 Obviously the Digital Officer has slightly more 545 00:32:27,220 --> 00:32:31,660 responsibility, but but they are two sides of the same coin. 546 00:32:31,660 --> 00:32:34,420 I don't think you can have a Chief Digital Officer without 547 00:32:34,420 --> 00:32:37,980 understanding identity and I don't think a Chief Identity 548 00:32:37,980 --> 00:32:41,540 Officer without you know how this is going to affect the rest 549 00:32:41,540 --> 00:32:46,980 of the organization, which is more and more digital is also 550 00:32:46,980 --> 00:32:52,340 not not going to be very useful. Yeah, I mean, the heck we call 551 00:32:52,340 --> 00:32:54,230 it. Identity at the Center for a 552 00:32:54,230 --> 00:32:58,190 reason. So to kind of close this 553 00:32:58,470 --> 00:33:02,070 conversation out around communicating to the board, I 554 00:33:02,070 --> 00:33:05,350 think the most nervous you get when you're going to speak to 555 00:33:05,350 --> 00:33:10,030 the board is the first time. So what are your tips for that 556 00:33:10,030 --> 00:33:14,110 individual who's getting, you're getting ready to do their first 557 00:33:14,110 --> 00:33:15,910 time in front of the board? Yeah. 558 00:33:15,910 --> 00:33:19,550 So I'll come down to the really the basics. 559 00:33:21,180 --> 00:33:24,260 The Board first of all is there to help the organization. 560 00:33:25,380 --> 00:33:31,700 So you know they the more information they have the better 561 00:33:31,740 --> 00:33:34,340 they can help and the better they can help make that 562 00:33:34,340 --> 00:33:38,260 decision. Now knowing that you know and 563 00:33:38,260 --> 00:33:41,220 knowing that the Board is there for governance and not 564 00:33:41,220 --> 00:33:43,980 day-to-day operations, that's important also because that's 565 00:33:43,980 --> 00:33:48,100 how you frame the conversation and frame the frame the 566 00:33:48,140 --> 00:33:52,460 information to them. So what does the board care 567 00:33:52,460 --> 00:33:54,500 about, right, That's important. So you have to frame the 568 00:33:54,500 --> 00:33:59,940 conversation in those terms and that comes down to, you know, 569 00:34:00,260 --> 00:34:03,500 risk assessment. What are you going to do if 570 00:34:03,500 --> 00:34:05,380 there is an incident? How are you going to respond to 571 00:34:05,380 --> 00:34:07,220 it? What kind of measures you're 572 00:34:07,220 --> 00:34:14,739 going to put to protect me from an incident and then you know 573 00:34:15,179 --> 00:34:19,659 that can go you know break down into you know how is this 574 00:34:19,659 --> 00:34:23,540 affecting my supply chain, How is this affecting you know and 575 00:34:23,540 --> 00:34:25,300 supply chain can go to vendor management. 576 00:34:25,940 --> 00:34:30,380 How is this you know affecting employees because if you start 577 00:34:30,380 --> 00:34:33,860 putting too much friction on the employees then that creates you 578 00:34:33,860 --> 00:34:37,340 know, people, people you know find ways around things. 579 00:34:37,340 --> 00:34:41,900 We've all seen that. And then, you know, what is the 580 00:34:41,900 --> 00:34:46,659 investment that you're going to need and how is that investment 581 00:34:46,659 --> 00:34:49,909 going to, you know, give me a payback. 582 00:34:50,989 --> 00:34:55,870 So, so that's what the board is really caring about because if 583 00:34:55,870 --> 00:34:58,630 you go in there and you say, hey, the sky is falling, the sky 584 00:34:58,630 --> 00:35:02,230 is falling, the sky is falling, I need, you know, $20 million to 585 00:35:02,230 --> 00:35:06,070 make sure I shore it up. And then you say, well, yeah, 586 00:35:06,070 --> 00:35:07,870 it's showed up. But now, you know, the other 587 00:35:07,870 --> 00:35:12,190 part of the sky is falling. You know, it's, it's 588 00:35:12,190 --> 00:35:14,910 reactionary, right? It's not proactive. 589 00:35:15,270 --> 00:35:21,840 So the best advice I have for that is that you provide upfront 590 00:35:21,840 --> 00:35:23,640 information, lots of information. 591 00:35:23,760 --> 00:35:26,120 And so that that's the education aspect. 592 00:35:26,680 --> 00:35:29,840 But then tie what you're trying to achieve there. 593 00:35:29,840 --> 00:35:32,920 Why is cybersecurity important? Why is identity and access 594 00:35:32,920 --> 00:35:36,880 important? Tie that to the business and 595 00:35:36,880 --> 00:35:40,760 business continuity, increasing the top line, increasing the 596 00:35:40,760 --> 00:35:44,660 bottom line, customer satisfaction, making sure that 597 00:35:44,860 --> 00:35:47,540 you're going to pass your audit, make sure that you're going to 598 00:35:47,540 --> 00:35:51,580 be, you know, pass your regulatory requirements. 599 00:35:52,740 --> 00:35:54,580 That's how you have that conversation. 600 00:35:55,020 --> 00:35:56,660 I think it's helpful too that when we're having those 601 00:35:56,660 --> 00:36:00,940 conversations is that hopefully it's not the first time people 602 00:36:00,940 --> 00:36:03,660 are hearing it. Everyone in the room, if you can 603 00:36:04,180 --> 00:36:07,820 brief somebody ahead of time, you know, someone to be aware of 604 00:36:07,820 --> 00:36:10,220 that and kind of bounce things off of whether it's. 605 00:36:10,760 --> 00:36:13,120 Be a member of the board itself or maybe somebody at the 606 00:36:13,120 --> 00:36:15,920 C-Suite. I find it helpful to have 607 00:36:15,920 --> 00:36:19,360 already talked about it and have an ally going in to the 608 00:36:19,360 --> 00:36:22,000 conversation. At least it understands sort of 609 00:36:22,000 --> 00:36:24,600 the, you know, what the direction is rather than just 610 00:36:24,600 --> 00:36:28,000 walking into, you know, this I imagine like the cold corporate 611 00:36:28,000 --> 00:36:31,680 board room, right? It's all steel and glass and you 612 00:36:31,680 --> 00:36:36,280 know, frowny faces and you know it's it's a difficult spot to 613 00:36:36,280 --> 00:36:39,480 walk in cold right off the street, right, without any sort 614 00:36:39,520 --> 00:36:42,420 of. Relationship ahead of time or at 615 00:36:42,420 --> 00:36:43,980 least prep. And I think that's where the 616 00:36:43,980 --> 00:36:45,380 board deck comes into play as well. 617 00:36:45,820 --> 00:36:49,180 Sending pre preread information is always helpful, right? 618 00:36:49,180 --> 00:36:51,660 They'll probably get better, come better armed with questions 619 00:36:51,660 --> 00:36:54,220 and things like that. I imagine one of the things that 620 00:36:54,220 --> 00:36:58,620 comes up is around cyber insurance because it's getting 621 00:36:58,620 --> 00:37:02,140 more and more expensive. The questionnaires that are 622 00:37:02,140 --> 00:37:04,580 coming out are far more comprehensive than they have 623 00:37:04,580 --> 00:37:06,140 been in the past. It used to be. 624 00:37:06,540 --> 00:37:08,300 Oh, do you have MFA? Check the box. 625 00:37:08,780 --> 00:37:12,030 Right now it's. You know, do you have MFA? 626 00:37:12,190 --> 00:37:14,870 What kind of MFA? What are your rule sets? 627 00:37:14,870 --> 00:37:15,870 Who's using it? Right. 628 00:37:15,870 --> 00:37:18,030 They've gone a lot more detail and think we're starting to see 629 00:37:18,030 --> 00:37:21,390 things more around privilege access management starting, 630 00:37:21,510 --> 00:37:23,630 starting to make its way into those sort of questionnaires. 631 00:37:24,190 --> 00:37:28,390 What are boards and other C-Suite type executives asking 632 00:37:28,390 --> 00:37:32,270 about this and how the organization is going to be able 633 00:37:32,270 --> 00:37:35,310 to, you know, retain those insurances or things like that? 634 00:37:35,950 --> 00:37:37,550 And I guess maybe even more importantly, what are they 635 00:37:37,550 --> 00:37:40,610 actually doing about it? Yeah, so there's a couple of 636 00:37:40,610 --> 00:37:44,050 things happening there. You're absolutely correct that 637 00:37:44,810 --> 00:37:48,890 cyber insurance companies and reinsurance companies are asking 638 00:37:48,890 --> 00:37:53,290 the question, hey, what are your, you know, what steps do 639 00:37:53,290 --> 00:37:57,050 you have put in place, right. And and some of those steps are 640 00:37:57,050 --> 00:37:58,650 just simple blocking and tackling. 641 00:38:00,130 --> 00:38:02,730 One of you know you mentioned questions changing. 642 00:38:02,730 --> 00:38:06,370 So one of the questions that used to be asked was do you have 643 00:38:06,370 --> 00:38:10,020 a password manager in place And if you replied yes to that 644 00:38:10,020 --> 00:38:12,620 question, that was considered good. 645 00:38:13,780 --> 00:38:17,020 Now the same question is being asked, but if you reply yes to 646 00:38:17,020 --> 00:38:20,380 it, that's considered a point against you, right? 647 00:38:20,780 --> 00:38:23,820 Because if you have a password manager in place, that means 648 00:38:23,820 --> 00:38:27,820 that you know you're you're, you don't have, you know, a 649 00:38:27,820 --> 00:38:31,900 Federated single sign on. That means that you still are 650 00:38:31,900 --> 00:38:34,420 relying on password. That means that you probably 651 00:38:34,420 --> 00:38:38,820 don't have MFA in place either. So so there's a lot of 652 00:38:38,860 --> 00:38:44,100 implications you know from that perspective and passwords as we 653 00:38:44,100 --> 00:38:49,900 all know are the are the, you know the most you know fishable 654 00:38:50,300 --> 00:38:55,340 credential out there. So, so that is that is extremely 655 00:38:55,340 --> 00:38:59,460 important for the Board to understand that hey, if I need 656 00:38:59,460 --> 00:39:02,300 to continue getting cyber insurance, you know, sometimes 657 00:39:02,460 --> 00:39:06,590 your underwriters will actually stop underwriting or try to 658 00:39:06,590 --> 00:39:09,790 manage my premiums. What are the things I need to 659 00:39:09,790 --> 00:39:10,830 do? What are the things the 660 00:39:10,830 --> 00:39:15,510 organization needs to do? And some of those things are 661 00:39:16,030 --> 00:39:19,990 that you put the right cyber security policies in place and 662 00:39:19,990 --> 00:39:22,750 the tools in place. And it's not just getting the 663 00:39:22,750 --> 00:39:27,110 tools in place, but also the practices in place, because you 664 00:39:27,110 --> 00:39:31,110 can have a tool in place, but if nobody's using that tool, then 665 00:39:31,350 --> 00:39:35,050 it's not useful, it's not really helping. 666 00:39:35,450 --> 00:39:39,090 And this is where, you know, cyber insurance companies and 667 00:39:39,090 --> 00:39:44,370 their questionnaires are becoming more detailed. 668 00:39:44,930 --> 00:39:48,330 So they're not just asking, hey, do you have this, they're asking 669 00:39:48,330 --> 00:39:52,290 how you are implementing it and how, what is your processes and 670 00:39:52,290 --> 00:39:57,300 procedures around this, right. A certain aspect and and a board 671 00:39:57,300 --> 00:40:01,060 plays, you know, a larger role in that because most boards are 672 00:40:01,060 --> 00:40:04,620 involved in, you know, if you have to pay ransomware for 673 00:40:04,620 --> 00:40:08,980 example, or if there's a breach, they're involved in talking to 674 00:40:08,980 --> 00:40:11,740 the large customers. They're involved in having the 675 00:40:11,740 --> 00:40:14,780 conversation from a mitigation perspective, from a reputation 676 00:40:14,780 --> 00:40:18,540 and a risk perspective. Another angle there is that 677 00:40:19,420 --> 00:40:23,180 another thing that is happening is board members could 678 00:40:23,180 --> 00:40:28,820 personally be targeted. You know for cyber, cyber from 679 00:40:28,820 --> 00:40:33,340 cyber incident perspective because they have access to a 680 00:40:33,340 --> 00:40:36,540 lot more information. So business e-mail compromise 681 00:40:36,740 --> 00:40:40,380 targets, C-Suite. They also target boards. 682 00:40:41,860 --> 00:40:48,580 So making sure that you know, your board understands, hey you 683 00:40:48,580 --> 00:40:52,020 know these things are not just happening, this is not just a 684 00:40:52,020 --> 00:40:56,330 vague or a hypothetical situation, but this is actually 685 00:40:56,330 --> 00:41:00,650 real and it's affecting me and especially when it comes to 686 00:41:00,650 --> 00:41:04,290 cyber insurance as you're talking about Jeff, this is 687 00:41:04,370 --> 00:41:06,490 affecting the bottom line. This is affecting business 688 00:41:06,490 --> 00:41:09,410 continuity because if you don't give, you know it is possible 689 00:41:09,410 --> 00:41:12,250 that without cyber insurance you might not be able to continue 690 00:41:12,250 --> 00:41:14,970 your, you know business and continue your operations. 691 00:41:15,410 --> 00:41:17,130 You might not be able to pay your ransomware. 692 00:41:17,610 --> 00:41:24,040 So, so this is this is affecting continuity and and and 693 00:41:24,040 --> 00:41:26,960 operations of a business and the ability for that business to 694 00:41:26,960 --> 00:41:31,680 survive when something happens. Yeah, I think, you know nobody 695 00:41:31,680 --> 00:41:34,280 wants to get breached insurance is there hopefully as a 696 00:41:34,280 --> 00:41:37,920 backstop, but it's getting harder and harder and you know I 697 00:41:37,920 --> 00:41:41,080 think people because the the, the pricing look insurance 698 00:41:41,080 --> 00:41:42,480 companies don't want to pay this, right. 699 00:41:42,480 --> 00:41:45,720 So they're doing their part to make sure that organizations are 700 00:41:45,720 --> 00:41:49,760 doing their part from a security standpoint as best as they can 701 00:41:49,880 --> 00:41:51,970 and. You know, you don't want any 702 00:41:51,970 --> 00:41:53,410 position where you're uninsurable. 703 00:41:53,730 --> 00:41:56,330 It's not a great spot to be in, Bob. 704 00:41:56,370 --> 00:41:57,650 This has been a great conversation. 705 00:41:57,650 --> 00:42:00,690 I want to start to kind of wrap things up, but I'm curious where 706 00:42:00,690 --> 00:42:04,410 do you see AI just taking the identity space overall? 707 00:42:04,810 --> 00:42:08,490 I think so. I'm pretty excited about AI. 708 00:42:10,010 --> 00:42:15,330 It it is going to be extremely helpful in everything from 709 00:42:15,330 --> 00:42:25,870 discovery to forensic analysis to you know, mitigating, you 710 00:42:25,870 --> 00:42:28,430 know, attacks that, you know, we might not have even thought of 711 00:42:29,550 --> 00:42:34,150 because you know, the first thing it can do is to figure out 712 00:42:34,790 --> 00:42:38,350 where everything is like where's your data right now. 713 00:42:38,350 --> 00:42:43,230 Organizations spend a lot of time, effort, manpower, 714 00:42:43,350 --> 00:42:47,710 resources, money to identify where everything is, who has 715 00:42:47,710 --> 00:42:52,340 access to what and they do that over and over and over and over 716 00:42:52,340 --> 00:42:54,460 again, right? I mean they have to provide that 717 00:42:54,460 --> 00:42:57,140 for audit reasons. They have to provide that maybe 718 00:42:57,140 --> 00:42:59,300 to their cyber insurance companies. 719 00:43:01,500 --> 00:43:03,620 AI can definitely help from that perspective. 720 00:43:04,260 --> 00:43:07,900 So discovery is a very important aspect of that. 721 00:43:08,540 --> 00:43:14,380 The other aspect around AI is the being able to query and 722 00:43:14,380 --> 00:43:17,540 being able to surface information using natural 723 00:43:17,540 --> 00:43:21,430 language. Up to this point you've seen 724 00:43:21,430 --> 00:43:25,070 like when we create policies, policy creation is not for the 725 00:43:25,070 --> 00:43:28,030 faint of heart. And sometimes you know when 726 00:43:28,030 --> 00:43:30,470 different organizations when you create, when you distribute 727 00:43:30,470 --> 00:43:33,030 policy creation, one of the problems organizations run into 728 00:43:33,030 --> 00:43:37,230 is the policies might be interfering with each other or 729 00:43:37,230 --> 00:43:39,790 canceling each other, right? These are security policies I'm 730 00:43:39,790 --> 00:43:43,230 talking about and Identity and access policies. 731 00:43:43,720 --> 00:43:48,320 So AI can play a really important role in that aspect 732 00:43:48,400 --> 00:43:53,800 because it can make sure that you know one your policies are 733 00:43:54,040 --> 00:43:56,960 not interfering with each other or canceling each other's out or 734 00:43:56,960 --> 00:44:01,880 creating orphan orphan legs. And at the same time, it can 735 00:44:01,880 --> 00:44:04,680 also help create policy because you can explain in natural 736 00:44:04,680 --> 00:44:07,200 language what is it that you want to do and it can create the 737 00:44:07,200 --> 00:44:09,840 security policy that that is most relevant. 738 00:44:10,280 --> 00:44:14,730 So that allows you to take that whole process closest to the 739 00:44:14,730 --> 00:44:18,850 business that you know, the application owner, the business 740 00:44:18,930 --> 00:44:22,250 owner, the person who is, you know, taking the product to the 741 00:44:22,250 --> 00:44:24,690 market or trying to do something. 742 00:44:25,090 --> 00:44:29,930 They can make that policy by explaining in simple, you know, 743 00:44:30,330 --> 00:44:35,530 English terms, you know, simple language, natural language, what 744 00:44:35,530 --> 00:44:37,610 is it that they're trying to achieve and the policy can be 745 00:44:37,610 --> 00:44:41,050 done automatically. Those are those are probably the 746 00:44:41,550 --> 00:44:47,230 two most important things I think AI can can help a business 747 00:44:47,430 --> 00:44:49,150 from an identity and security perspective. 748 00:44:50,310 --> 00:44:51,790 Yeah. I'm real excited to see where 749 00:44:52,070 --> 00:44:53,430 and how this is going to affect everybody. 750 00:44:54,470 --> 00:44:56,910 Obviously, selfishly the identity space, that's what I 751 00:44:56,990 --> 00:44:59,710 pretty much care about, but I'm very bullish on it. 752 00:44:59,950 --> 00:45:04,670 Well, you know, this shows moniker or we've been told it's 753 00:45:04,670 --> 00:45:08,480 getting started to be called. A I at the center. 754 00:45:08,800 --> 00:45:11,760 So we have to have the obligatory a I question every. 755 00:45:11,760 --> 00:45:16,400 Week you got to you got to adapt, evolve, overcome, right? 756 00:45:16,400 --> 00:45:19,440 I mean, so as things change, who knows, right? 757 00:45:19,440 --> 00:45:22,400 Maybe I a I goes away and it's less important, but right? 758 00:45:22,400 --> 00:45:23,880 Certainly it's in the zeitgeist right now. 759 00:45:24,320 --> 00:45:26,320 I don't think it will. But who knows, right? 760 00:45:26,440 --> 00:45:29,920 We can always adjust. Barbara, let's end on a lighter 761 00:45:29,920 --> 00:45:32,280 note. I wanted to ask you about an 762 00:45:32,320 --> 00:45:36,360 Iron Man that you just competed in and lost. 763 00:45:36,900 --> 00:45:39,060 To somebody. Do you want to talk briefly 764 00:45:39,060 --> 00:45:40,540 about that? Because I also know I want to 765 00:45:40,540 --> 00:45:44,700 talk about candy after that. Well, I wouldn't say last, last, 766 00:45:44,740 --> 00:45:47,700 last, last. I'm just impressed that you 767 00:45:47,700 --> 00:45:50,140 actually did it. We were talking about this and I 768 00:45:50,140 --> 00:45:54,060 think explain Iron Man because I started asking about what are 769 00:45:54,060 --> 00:45:58,300 the different fractions of Iron Man and how can I watch them. 770 00:45:58,380 --> 00:45:59,940 Not necessarily participate. Watch. 771 00:46:01,340 --> 00:46:05,980 Yeah. So Iron Man is is really a brand 772 00:46:05,980 --> 00:46:14,380 for for a triathlon. We just did the Iron Man 70.3 in 773 00:46:14,380 --> 00:46:17,060 Oregon. It's a beautiful venue. 774 00:46:17,060 --> 00:46:19,340 I encourage everybody to do that one. 775 00:46:19,780 --> 00:46:25,060 Amazing, you know Salem OR amazing town, amazing people and 776 00:46:25,220 --> 00:46:28,870 and an amazing venue. So so the three legs of a 777 00:46:28,870 --> 00:46:32,470 triathlon are you know swimming, biking and running and they 778 00:46:32,470 --> 00:46:35,830 always do it in that order because you know you don't want 779 00:46:35,830 --> 00:46:37,430 to do the swim when you're really tired. 780 00:46:37,430 --> 00:46:44,310 The, the, the, you know prospect of drowning increases as as you 781 00:46:44,310 --> 00:46:46,070 get tired. So they always start with the 782 00:46:46,390 --> 00:46:50,430 most dangerous aspect first. So start with the swim, then you 783 00:46:50,430 --> 00:46:51,750 do the bike, then you do the run. 784 00:46:51,790 --> 00:46:54,830 Because you know when you get, when you when you fall over, 785 00:46:54,830 --> 00:46:59,070 when you're running, it's much, much closer to the ground than 786 00:46:59,070 --> 00:47:04,070 even from a bike. So 70.3 is is what used to be 787 00:47:04,070 --> 00:47:08,750 called half iron, and that means the 1.2 mile swim, 56 mile bike 788 00:47:08,750 --> 00:47:13,630 ride and then a 13.1 mile run which is half a marathon. 789 00:47:14,110 --> 00:47:17,030 And that's what we just did in in Oregon. 790 00:47:17,510 --> 00:47:24,590 And yes, I was, I was behind considerably like hour and a 791 00:47:24,590 --> 00:47:32,230 half behind me and my partner. But you know, she deserved it 792 00:47:32,630 --> 00:47:36,510 because she actually focused on the training and I kind of 793 00:47:36,510 --> 00:47:41,390 goofed off a lot. So, so the results book for for 794 00:47:41,390 --> 00:47:44,150 how we how we trained for it. All right. 795 00:47:44,150 --> 00:47:47,910 Well, I like I said, I'm impressed that even, you know, 796 00:47:47,950 --> 00:47:51,030 got out there and did it. I certainly should not be 797 00:47:51,030 --> 00:47:52,030 involved with any of that right now. 798 00:47:52,030 --> 00:47:54,150 I would probably die of a heart attack like 30 seconds in. 799 00:47:55,790 --> 00:47:57,430 I want to talk. You should try it, Jeff. 800 00:47:58,190 --> 00:48:03,710 Start with the start with the Sprint and the and the Olympics 801 00:48:04,510 --> 00:48:06,310 length triathlons. Right. 802 00:48:06,390 --> 00:48:10,550 Don't jump into the Ironman, but you'd be amazed. 803 00:48:10,550 --> 00:48:15,590 You'd be amazed of the support, the community, the, the fellow 804 00:48:15,590 --> 00:48:21,970 athletes and and the and the feeling of accomplishment as you 805 00:48:21,970 --> 00:48:26,410 go through that finish line. It is absolutely amazing. 806 00:48:26,730 --> 00:48:30,170 You're thankful for being able to do those things right. 807 00:48:31,210 --> 00:48:34,450 We don't think about those things normally, but when you do 808 00:48:34,450 --> 00:48:36,890 all those things and you're able to do that, you're like, you 809 00:48:36,890 --> 00:48:40,010 know what? Yeah, the universe is. 810 00:48:40,010 --> 00:48:45,290 The universe is helping me. I find sports like running and. 811 00:48:46,040 --> 00:48:48,760 Lifting weights. Boring for me because I like 812 00:48:48,920 --> 00:48:52,480 competition and team sports. It's like I'll play basketball 813 00:48:52,520 --> 00:48:56,240 all day long, like literally all day long if I if I could. 814 00:48:57,120 --> 00:48:58,800 It's just something about like running. 815 00:48:58,840 --> 00:49:00,920 I find it boring. It just doesn't like mentally 816 00:49:00,920 --> 00:49:02,640 stimulate me. But like I said, I'll play 817 00:49:02,640 --> 00:49:05,480 basketball, football, you know, stuff like that. 818 00:49:06,240 --> 00:49:08,840 You know, all the time we're running short. 819 00:49:08,840 --> 00:49:12,080 But I want to ask about candy, and this stems from a 820 00:49:12,080 --> 00:49:16,270 conversation. That Jim and the team here at 821 00:49:16,270 --> 00:49:20,270 RSM had earlier this week. We try to do like a team 822 00:49:20,270 --> 00:49:23,310 building sort of thing every other week or so. 823 00:49:23,310 --> 00:49:26,630 It's just we call it the the mandatory Chuckle club or 824 00:49:26,630 --> 00:49:29,110 something like that. We used a I to come up with a 825 00:49:29,110 --> 00:49:32,870 name and it's basically just like an open door where we have 826 00:49:32,870 --> 00:49:37,630 like a meeting invite set up and we can you know, have people 827 00:49:37,630 --> 00:49:39,950 kind of come in and just kind of talk whatever, if they can make 828 00:49:39,950 --> 00:49:40,870 it great. If you can't, whatever. 829 00:49:40,870 --> 00:49:42,630 And we start talking about candy. 830 00:49:43,040 --> 00:49:49,600 And Jim has some serious serious, I don't know, thoughts, 831 00:49:50,080 --> 00:49:51,560 likes just likes. Candy. 832 00:49:51,600 --> 00:49:54,040 Finally, a subject that I'm an expert on. 833 00:49:55,840 --> 00:49:57,280 Yeah. So he had a whole like we. 834 00:49:57,440 --> 00:50:00,000 So I was like, all right, let's let's get serious about about 835 00:50:00,000 --> 00:50:01,240 this. We put together like a tier 836 00:50:01,240 --> 00:50:03,200 ranking we had. We showed Jim a bunch of 837 00:50:03,200 --> 00:50:06,600 different candy pieces and had him rank them. 838 00:50:07,840 --> 00:50:11,640 Snickers was on top as like S tier along with Reese's. 839 00:50:12,420 --> 00:50:15,620 Peanut butter cups. And then we started talking 840 00:50:15,620 --> 00:50:18,540 about candies that we don't like, and Jim had some opinions 841 00:50:18,540 --> 00:50:20,460 about that. So that's today's lighter note. 842 00:50:20,860 --> 00:50:27,460 What is a piece of candy or whatever it is that is just your 843 00:50:27,460 --> 00:50:30,500 least favorite? The least favorite for me would 844 00:50:30,500 --> 00:50:34,580 be any kind of gummy Berry type things. 845 00:50:34,580 --> 00:50:39,220 You know, Swedish fish, gummy bears, any of those gelatinous 846 00:50:39,220 --> 00:50:47,100 things that that you know have that strange gluey structure? 847 00:50:47,460 --> 00:50:49,420 It's that unnatural. It's not. 848 00:50:49,420 --> 00:50:53,340 It's not from nature. All right, Jim, tell me, what's 849 00:50:53,340 --> 00:50:54,940 yours? Because you had a. 850 00:50:54,940 --> 00:50:58,540 Few so I have to explain. We have to explain scoping for a 851 00:50:58,540 --> 00:51:03,380 second, which is you're using this app which lets you create 852 00:51:03,380 --> 00:51:07,380 like a almost like a magic quadrant, but it was more more 853 00:51:07,380 --> 00:51:10,540 vertically oriented and the bottom. 854 00:51:11,120 --> 00:51:15,200 But you only had choice of the candies that they had there. 855 00:51:15,400 --> 00:51:19,640 There are more, but I think they picked some really solid losers. 856 00:51:19,880 --> 00:51:23,760 And let me pit tell you some of the real garbage candies that 857 00:51:23,760 --> 00:51:26,000 are out there. First off, Mike and Ikes, they 858 00:51:26,000 --> 00:51:30,000 are garbage. Jelly beans are disgusting. 859 00:51:31,120 --> 00:51:36,780 Whoppers are. Candy corns. 860 00:51:36,860 --> 00:51:40,100 I don't even consider them candy, so I had to pick what's 861 00:51:40,140 --> 00:51:42,420 what's up with that, right? Is it corn or is it candy? 862 00:51:43,420 --> 00:51:45,580 Both. I think it's neither. 863 00:51:45,780 --> 00:51:48,060 I'm with you, Jim. See, I like. 864 00:51:48,060 --> 00:51:49,980 Candy corn. You don't eat them, though. 865 00:51:49,980 --> 00:51:52,580 You like the football thing? I'll eat them, yeah. 866 00:51:52,580 --> 00:51:57,140 So I I use candy corn to explain football formations to my wife. 867 00:51:57,660 --> 00:52:00,580 So we would have the candy corns would be like receivers and 868 00:52:00,580 --> 00:52:02,900 running backs and quarterback and then. 869 00:52:03,660 --> 00:52:06,020 Around, you know Halloween, you've got the pumpkin candy 870 00:52:06,020 --> 00:52:08,020 corns. Those have become like defensive 871 00:52:08,020 --> 00:52:09,780 lineman or offensive lineman, right? 872 00:52:09,780 --> 00:52:12,260 Stuff like that. So I explained defensive 873 00:52:12,260 --> 00:52:16,020 formations when, you know, very early on in our relationship to 874 00:52:16,020 --> 00:52:18,540 help her kind of understand American football. 875 00:52:18,540 --> 00:52:20,300 I should probably be, you know, clear on that. 876 00:52:20,740 --> 00:52:23,500 So there is a spot and at least in our house for it and and I 877 00:52:23,500 --> 00:52:25,340 like candy corn. I I don't can't have too many of 878 00:52:25,340 --> 00:52:26,340 them. They're just way too sweet. 879 00:52:26,340 --> 00:52:29,580 But I don't detest them as Jim obviously does. 880 00:52:30,210 --> 00:52:32,010 Well, here's the thing about this conversation, right? 881 00:52:32,010 --> 00:52:35,450 This is one of the few areas where we can all sit down for a 882 00:52:35,450 --> 00:52:37,690 civil conversation, have strong opinions. 883 00:52:38,130 --> 00:52:40,210 It's not religion or politics, right? 884 00:52:40,210 --> 00:52:43,610 So you could This is fair game for any party. 885 00:52:43,890 --> 00:52:46,970 And I'm sure I'm saying some things that some people out 886 00:52:46,970 --> 00:52:49,250 there are like, no, you are wrong. 887 00:52:49,250 --> 00:52:52,930 Whoppers are not horrible. But guess what I'm going to say? 888 00:52:52,930 --> 00:52:56,570 Whoppers are my least favorite candy I could have. 889 00:52:57,540 --> 00:53:01,980 Packs and packs of Whoppers in my kitchen and nothing else. 890 00:53:02,140 --> 00:53:04,620 And I would go hungry. They're terrible. 891 00:53:05,860 --> 00:53:08,260 Interesting. I, you know, I don't mind a 892 00:53:08,260 --> 00:53:10,100 Whopper. It's not my favorite, but I it 893 00:53:10,100 --> 00:53:12,140 doesn't feel like it's in that category for me. 894 00:53:13,500 --> 00:53:15,380 I I don't really like peanut butter. 895 00:53:15,500 --> 00:53:19,660 So things like Reese's Pieces and Reese's Pieces Bits, that 896 00:53:19,660 --> 00:53:22,260 kind of stuff doesn't do it for me at all. 897 00:53:22,580 --> 00:53:26,300 I mean that's I like, I like peanut butter, but only on 898 00:53:26,300 --> 00:53:29,610 bread, right? I don't really like it when it's 899 00:53:30,010 --> 00:53:33,130 in it's solid form in a in a peanut butter a. 900 00:53:33,210 --> 00:53:36,370 Peanut. Yeah, which is crazy because I 901 00:53:36,370 --> 00:53:38,890 love a Snickers bar and that's packed full of peanuts, of 902 00:53:38,890 --> 00:53:41,530 course, right? So that's like my favorite 903 00:53:41,530 --> 00:53:43,410 thing. But I just don't like peanut 904 00:53:43,410 --> 00:53:46,090 butter. So like Reese's Pieces and those 905 00:53:46,090 --> 00:53:48,610 peanut butter cups, just, they don't do it for me at all. 906 00:53:48,610 --> 00:53:50,050 So those those are definitely favorites. 907 00:53:50,050 --> 00:53:52,850 I don't know if I would say I would go hungry if they were in 908 00:53:52,850 --> 00:53:55,890 the house and just not eat them, but. 909 00:53:56,520 --> 00:53:59,120 That was Jelly beans. I don't mind Jelly beans. 910 00:53:59,120 --> 00:54:01,760 I mean, the black ones are gross, but Jelly beans are fine. 911 00:54:03,040 --> 00:54:06,120 I'm not a I'm not a Jelly. I mean, they just don't appeal 912 00:54:06,120 --> 00:54:08,680 to me. Yeah, I would not go seek it 913 00:54:08,680 --> 00:54:10,360 out, but it was there and someone handed to me. 914 00:54:10,480 --> 00:54:12,240 You know, I'm taking candy from a stranger. 915 00:54:12,240 --> 00:54:13,120 I would. I would eat it. 916 00:54:14,040 --> 00:54:17,000 You know, if somebody gave me a Christmas present and it was a 917 00:54:17,000 --> 00:54:20,440 nicely wrapped box and there was like an ugly sweater inside a 918 00:54:20,440 --> 00:54:23,520 pig. Oh, beautiful sweater if someone 919 00:54:23,520 --> 00:54:26,340 gave me a box of. Jelly beans. 920 00:54:26,380 --> 00:54:29,380 I'll probably throw it at them. That's how much I hate Jelly 921 00:54:29,380 --> 00:54:31,140 beans. So I think we have. 922 00:54:31,140 --> 00:54:34,020 So Jim, there are these Jelly beans, and I just got them for 923 00:54:34,020 --> 00:54:38,340 Christmas from a vendor. They're champagne Jelly beans. 924 00:54:38,340 --> 00:54:40,580 Now. I still didn't eat them, but 925 00:54:40,660 --> 00:54:44,100 what do you think about those? Well, I've never had them, but 926 00:54:44,100 --> 00:54:45,340 I'm pretty sure I don't like them. 927 00:54:47,740 --> 00:54:50,260 All right, so here's a community challenge, if you feel like. 928 00:54:51,030 --> 00:54:53,830 I don't know sending Jim a LinkedIn picture of like Jelly 929 00:54:53,830 --> 00:54:56,390 beans or whoppers. I'm sure he would totally 930 00:54:56,390 --> 00:54:59,630 appreciate that. Not too many, you know, maybe 931 00:54:59,630 --> 00:55:02,310 just one or two here or there sprinkle throughout just to let 932 00:55:02,310 --> 00:55:04,550 you know that you know, you're thinking of him. 933 00:55:04,910 --> 00:55:08,830 Maybe next time you have either of them, I'm going to actually. 934 00:55:08,910 --> 00:55:13,310 So we have this tier list that we put together using some some 935 00:55:13,310 --> 00:55:16,030 web thing that I found to to help the conversation. 936 00:55:16,030 --> 00:55:20,350 I'll put it up on our Twitter. Probably before this episode 937 00:55:20,350 --> 00:55:23,750 airs as sort of like a teaser to stick it for people to stick 938 00:55:23,750 --> 00:55:27,510 around to the end and hear the the fascinating conversation and 939 00:55:27,510 --> 00:55:29,510 opinions that that Jim has around Candy. 940 00:55:30,190 --> 00:55:32,390 We're going to go ahead and wrap things up for this week. 941 00:55:32,390 --> 00:55:35,190 Bob or thank you so much for taking the time and spending 942 00:55:35,190 --> 00:55:36,910 with us. I'm glad that Andy hooked us up 943 00:55:36,990 --> 00:55:38,910 at the Identifiers Conference and we're able to. 944 00:55:39,530 --> 00:55:41,690 To have a conversation to get to know each other, I'm going to 945 00:55:41,690 --> 00:55:44,090 have a whole bunch of links in our show notes so people can 946 00:55:44,090 --> 00:55:45,530 connect with Bob around LinkedIn. 947 00:55:45,810 --> 00:55:52,010 We'll have a link to viridium.com, VERIDIUMI d.com so 948 00:55:52,010 --> 00:55:54,170 people can learn more about Viridium. 949 00:55:54,650 --> 00:55:57,090 We'll have a whole bunch of links around the Cybersecurity 950 00:55:57,090 --> 00:55:59,970 Midwest Summit, Identity Week America, the Authenticate 951 00:55:59,970 --> 00:56:02,690 Conference, the discount codes we have for those, and you can 952 00:56:02,690 --> 00:56:06,010 always find us on the web at IDAC podcast.com. 953 00:56:06,960 --> 00:56:09,600 We're on Twitter or X or whatever the heck it is. 954 00:56:09,800 --> 00:56:14,000 Idacpodcast. We're on Mastodon, idacpodcast, 955 00:56:14,000 --> 00:56:17,800 infosec, dot exchange, Like, subscribe, tell a friend, tell 956 00:56:17,800 --> 00:56:19,120 an enemy. We don't care. 957 00:56:19,120 --> 00:56:21,240 As long as somebody's listening. We'll keep doing what we're 958 00:56:21,240 --> 00:56:23,480 doing. Thanks everyone for listening 959 00:56:23,520 --> 00:56:25,560 and we'll talk with you all in the next one. 960 00:56:26,760 --> 00:56:29,680 You've been listening to Identity at the Center. 961 00:56:30,000 --> 00:56:34,080 We hope you've enjoyed the show. Make sure to like, rate and 962 00:56:34,080 --> 00:56:37,720 review and we'll be back soon. But in the meantime, hit the 963 00:56:37,720 --> 00:56:41,880 website at identity@thecenter.com and find 964 00:56:41,880 --> 00:56:49,280 us on Twitter at IDAC Podcast. See you next time on Identity at 965 00:56:49,280 --> 00:56:50,240 the Center.