1
00:00:05,320 --> 00:00:10,840
This is identity at the center. 
If it has anything to do with I 

2
00:00:11,160 --> 00:00:17,960
Am, this is the go to podcast 
now your hosts Jim McDonald and 

3
00:00:17,960 --> 00:00:21,320
Jeff Steadman. 
Welcome to the Identity at the 

4
00:00:21,320 --> 00:00:23,480
Center podcast. 
I'm Jeff and that's Jim. 

5
00:00:23,480 --> 00:00:25,120
Hey, Jim. 
Hey, Jeff. 

6
00:00:25,120 --> 00:00:27,040
How are you? 
Not so bad yourself. 

7
00:00:28,030 --> 00:00:29,950
I'm doing great. 
I mean, there's been some 

8
00:00:30,150 --> 00:00:36,030
interesting news in the identity
space recently with Tom Abravo 

9
00:00:36,830 --> 00:00:40,310
closing their deal to acquire 
Ford Rock. 

10
00:00:41,790 --> 00:00:45,750
It seems to me, based on my 
LinkedIn, that people from 

11
00:00:45,750 --> 00:00:49,830
paying and from Ford Rock seem 
pretty excited about, you know, 

12
00:00:49,870 --> 00:00:52,870
the the future. 
I mean, I've only seen positive 

13
00:00:52,870 --> 00:00:56,790
come out. 
You know, I don't know that. 

14
00:00:56,910 --> 00:00:59,270
I mean, everybody's speculating.
What does this actually mean? 

15
00:00:59,270 --> 00:01:01,230
What is this going to look like 
in the future? 

16
00:01:02,710 --> 00:01:07,510
I'd like to extend an invitation
to anyone from Tom Bravo or Ping

17
00:01:07,510 --> 00:01:11,230
or Ford Rock who wants to come 
in and talk on the record on the

18
00:01:11,230 --> 00:01:14,470
podcast to please reach out to 
to me or Jeff. 

19
00:01:14,870 --> 00:01:18,790
And we'd love to have you on, 
because people, we all want to 

20
00:01:18,790 --> 00:01:22,750
know what's going on. 
Yeah, I think people been 

21
00:01:22,750 --> 00:01:24,270
thinking about this for a while 
ever since. 

22
00:01:24,910 --> 00:01:28,910
You know, the, the intent was 
announced several months back. 

23
00:01:28,910 --> 00:01:32,430
Now at this point we asked the 
question on stage at Gartner to 

24
00:01:32,430 --> 00:01:34,470
our, you know, our friends 
Henrique and Becky. 

25
00:01:35,710 --> 00:01:37,750
They didn't know, right, just 
like anyone else. 

26
00:01:38,390 --> 00:01:39,750
I think we're starting to see it
now, right. 

27
00:01:39,750 --> 00:01:41,870
So the deal is closed and I 
think almost immediately they 

28
00:01:41,870 --> 00:01:44,630
announced the, you know the the 
merging of the two companies for

29
00:01:44,630 --> 00:01:48,510
drag and Ping and Andre Duran 
has been announced as the the 

30
00:01:48,510 --> 00:01:49,860
leader for. 
For that. 

31
00:01:49,860 --> 00:01:52,620
So it's interesting times. 
You know, it's never a dull 

32
00:01:52,620 --> 00:01:55,460
moment in the identity space. 
I think we kind of saw, you 

33
00:01:55,460 --> 00:01:58,820
know, like Okay, like what's the
plan here, Be curious to see how

34
00:01:58,820 --> 00:02:00,700
things continue to evolve in the
space. 

35
00:02:00,700 --> 00:02:04,500
But yeah, definitely happy to 
talk with anybody from Ping or 

36
00:02:04,500 --> 00:02:05,900
Ford truck wants to come out and
talk about it. 

37
00:02:05,900 --> 00:02:07,860
They wouldn't get Eve. 
Eve's always been good with us. 

38
00:02:08,380 --> 00:02:09,699
He's been great. 
Yeah. 

39
00:02:09,699 --> 00:02:12,540
I just don't know how much, you 
know how much freedom she'll 

40
00:02:12,540 --> 00:02:15,500
have to talk about that kind. 
Of stuff, but I'm going to go 

41
00:02:15,500 --> 00:02:19,710
out of limb and say none. 
I mean, it's companies, it's 

42
00:02:19,710 --> 00:02:21,310
corporate, There's money 
involved, right? 

43
00:02:21,310 --> 00:02:24,110
Stocks maybe. 
I'm sure we'll get company lines

44
00:02:24,110 --> 00:02:26,110
and stuff like that. 
But it's seriously to see how 

45
00:02:26,110 --> 00:02:29,270
things will turn out. 
What's the plan here between 

46
00:02:29,270 --> 00:02:32,910
Ford Rock and Ping in certain 
areas? 

47
00:02:32,910 --> 00:02:36,110
They're definitely competitors. 
What's the plan to fold those 

48
00:02:36,110 --> 00:02:39,990
together and figure out how it 
makes each other better or 

49
00:02:39,990 --> 00:02:41,870
stronger or faster or something 
like that? 

50
00:02:42,610 --> 00:02:46,170
I mean the the, you know, the 
customer list of those two 

51
00:02:46,170 --> 00:02:49,490
companies now combined is just 
unreal. 

52
00:02:49,890 --> 00:02:52,130
But by the way, you did bring up
Andre Duran. 

53
00:02:52,810 --> 00:02:57,370
If I could mention his identity 
at the center alumni, I'm sure 

54
00:02:57,370 --> 00:02:59,170
that was the highlight of his 
career. 

55
00:02:59,170 --> 00:03:01,330
Of course, up to this moment 
anyway. 

56
00:03:01,610 --> 00:03:05,130
As it should be for anybody. 
Yeah, absolutely. 

57
00:03:05,450 --> 00:03:10,590
So that's cool, cool news. 
I'm sure this is going to be the

58
00:03:10,590 --> 00:03:13,110
biggest thing that folks are 
talking about at the upcoming 

59
00:03:13,110 --> 00:03:16,030
conferences. 
We've got quite a few of them 

60
00:03:16,030 --> 00:03:17,950
planned. 
I mean it's kind of hard. 

61
00:03:17,950 --> 00:03:20,950
It's it's the elephant in the 
room, the girl in the corner, 

62
00:03:20,950 --> 00:03:23,190
whatever the right analogy is. 
But I'm sure people are talking 

63
00:03:23,190 --> 00:03:24,670
about it, especially when we 
start talking about 

64
00:03:24,670 --> 00:03:26,230
authentication. 
So we've got a few things coming

65
00:03:26,230 --> 00:03:29,110
up like that. 
But yeah, we've got conferences 

66
00:03:29,110 --> 00:03:31,630
coming up. 
So I'm going to be at Identity 

67
00:03:31,630 --> 00:03:33,950
Week America. 
That's October 3rd and 4th. 

68
00:03:34,390 --> 00:03:36,710
That's in Washington DC I'm 
hosting a panel discussion on 

69
00:03:36,710 --> 00:03:38,940
pass keys. 
Actually starting to get the 

70
00:03:38,940 --> 00:03:41,500
panel together later this week, 
so we're actually starting to 

71
00:03:41,500 --> 00:03:44,220
figure out what it is we're 
going to talk about and try to 

72
00:03:44,220 --> 00:03:47,660
put together, you know, a good 
discussion around pass key and 

73
00:03:47,660 --> 00:03:48,900
authentications, things like 
that. 

74
00:03:48,900 --> 00:03:52,260
So we've got a discount code 
that the fine folks over there 

75
00:03:52,260 --> 00:03:54,700
have provided to us. 
This works for both Identity 

76
00:03:54,700 --> 00:03:58,460
Week America and also work for 
Identity Week Asia later this 

77
00:03:58,460 --> 00:04:02,380
year. 
So if you use the code ID AC30I 

78
00:04:02,380 --> 00:04:05,460
DA C30 you get 30% off of your 
conference pass. 

79
00:04:05,920 --> 00:04:07,680
Yeah, we're actually dividing in
conquering that week because I'm

80
00:04:07,680 --> 00:04:10,760
going to be on the East Coast at
DC at Identity Week America and 

81
00:04:10,760 --> 00:04:12,800
you're going to be on the West 
Coast over at Octane. 

82
00:04:13,440 --> 00:04:15,760
Yeah, I'll be at Octane. 
But one thing we will have in 

83
00:04:15,760 --> 00:04:20,680
common is we'll both have the 
new updated Identity Center 

84
00:04:20,680 --> 00:04:22,680
stickers and. 
What's the update? 

85
00:04:22,680 --> 00:04:24,280
You got to be clear what the 
update means. 

86
00:04:25,120 --> 00:04:27,800
The update doesn't mean that you
look, you know. 

87
00:04:27,800 --> 00:04:31,560
But the old stickers had a fatal
flaw, which was they were very 

88
00:04:31,560 --> 00:04:35,630
hard to get the backing off of. 
And so now the new and improved 

89
00:04:35,630 --> 00:04:39,070
stickers are super easy to get 
the backing off of. 

90
00:04:39,470 --> 00:04:42,070
And you look, it's like these 
little tweaks, it's like the 

91
00:04:42,110 --> 00:04:45,190
iPhone, you know, from iPhone 14
to iPhone 15. 

92
00:04:45,190 --> 00:04:47,630
I don't know what all the 
features are going to be sitting

93
00:04:47,630 --> 00:04:50,670
here today, but they're probably
going to seem like small 

94
00:04:50,670 --> 00:04:53,830
features that just make it so 
much nicer to have. 

95
00:04:54,110 --> 00:04:56,550
So anyway, well, you'll have 
stickers. 

96
00:04:56,550 --> 00:05:00,550
I'll have stickers. 
I'll be at Octane 2023 in San 

97
00:05:00,550 --> 00:05:03,870
Francisco October 3rd through 
the 5th and we have a discount 

98
00:05:03,870 --> 00:05:10,430
code for that conference as 
well, which is OKTNIDA C30 and 

99
00:05:10,430 --> 00:05:12,590
gets you 30% off your 
registration. 

100
00:05:12,870 --> 00:05:19,550
So the registration link is 
octa.com/octane and we're also 

101
00:05:19,550 --> 00:05:24,230
going to be Co hosting or Co 
organizing an event with our 

102
00:05:24,230 --> 00:05:27,600
friends from accents. 
We're going to be doing the 

103
00:05:27,960 --> 00:05:31,480
quote UN quote party bus, which 
shouldn't scare people, right. 

104
00:05:31,480 --> 00:05:34,400
It's not like we're going to be 
driving all over the city and 

105
00:05:34,720 --> 00:05:38,880
you know just going crazy. 
We're going to be doing some 

106
00:05:39,800 --> 00:05:44,040
cool sane fun things and 
networking and seeing some of 

107
00:05:44,040 --> 00:05:47,400
the highlights of San Francisco.
I mean it's tech town, right? 

108
00:05:47,400 --> 00:05:49,680
So a lot of the corporate 
headquarters are there. 

109
00:05:50,000 --> 00:05:52,240
I think we're going to do some 
of that. 

110
00:05:52,240 --> 00:05:57,310
I look, I'm not the not the 
consigliare of the of the party 

111
00:05:57,310 --> 00:06:02,430
bus, but I'm expecting it to be 
a lot of good scene fun. 

112
00:06:02,630 --> 00:06:05,990
So anybody who's interested in 
that, check out my LinkedIn. 

113
00:06:05,990 --> 00:06:11,110
I've reposted the link to get 
registered, and as we get closer

114
00:06:11,710 --> 00:06:14,070
I'll drop that more and we'll 
put it in the show notes as 

115
00:06:14,070 --> 00:06:15,710
well. 
Yeah, right on. 

116
00:06:15,710 --> 00:06:17,550
I saw pictures from the party 
bus in Vegas. 

117
00:06:17,550 --> 00:06:19,950
I didn't make it, but you were 
on there and. 

118
00:06:20,960 --> 00:06:22,600
It was interesting going around 
to see the sights. 

119
00:06:22,600 --> 00:06:24,800
It was a cool idea. 
I think it was kind of a a neat 

120
00:06:24,800 --> 00:06:27,640
thing that they did. 
So yeah, I mean we did things 

121
00:06:27,640 --> 00:06:30,720
like we went to the Welcome to 
Las Vegas sign, We all got to go

122
00:06:30,720 --> 00:06:35,840
out and take pictures. 
And yeah, it just added another 

123
00:06:35,840 --> 00:06:40,560
element to the the trip For all 
the times they've been to Vegas,

124
00:06:40,560 --> 00:06:43,560
which was like over 20 times, 
I'd never gotten to that sign 

125
00:06:43,560 --> 00:06:45,240
before. 
When you get there, you're just 

126
00:06:45,240 --> 00:06:48,520
like, Oh my gosh, it's just like
I'm just some Rando St. 

127
00:06:49,710 --> 00:06:51,030
Yeah, I I've never been to it 
either. 

128
00:06:51,030 --> 00:06:54,990
So maybe someday. 
So we got that octane. 

129
00:06:55,110 --> 00:06:57,430
We've also got the Authenticate 
conference that we're going to 

130
00:06:57,430 --> 00:06:59,510
be at the week after that or a 
couple weeks after that. 

131
00:06:59,510 --> 00:07:03,630
That is October 16th to the 18th
Carlsbad, CA and just north of 

132
00:07:03,630 --> 00:07:06,350
San Diego. 
We have a code for them as well.

133
00:07:06,390 --> 00:07:10,270
I D AC15 podcast, ID AC15 
podcast. 

134
00:07:10,270 --> 00:07:12,990
You get 15% off, which is very 
cool. 

135
00:07:12,990 --> 00:07:15,710
We're actually going to be on 
the mainstage part of the kind 

136
00:07:15,710 --> 00:07:17,630
of opening festivities and 
keynotes and. 

137
00:07:18,230 --> 00:07:21,830
We're going to do a live show in
front of a live studio audience 

138
00:07:22,030 --> 00:07:25,910
and also broadcasted to the 
Internet at large for guests and

139
00:07:25,910 --> 00:07:27,550
conference people and stuff like
that. 

140
00:07:27,910 --> 00:07:29,670
I still have no idea what we're 
going to talk about. 

141
00:07:29,670 --> 00:07:32,790
We got to figure that out. 
That's coming up, but that'll be

142
00:07:32,790 --> 00:07:35,110
exciting. 
Can't wait for that. 

143
00:07:35,110 --> 00:07:38,470
I mean, we are the official 
podcast for the Authenticate 

144
00:07:38,470 --> 00:07:42,390
conference and that that 
discount code of 15%, that's the

145
00:07:42,510 --> 00:07:45,430
best discount code available 
anywhere. 

146
00:07:45,590 --> 00:07:49,330
So if you use that code, in 
addition to getting 15% off, you

147
00:07:49,330 --> 00:07:55,490
get registered in a raffle of 
some sort that the conference 

148
00:07:55,490 --> 00:07:59,250
organizers are going to select 
one of the people and give them 

149
00:07:59,250 --> 00:08:03,850
a welcome gift of some sort. 
I don't know what the gift is 

150
00:08:03,850 --> 00:08:07,210
going to be, I don't know all 
the details, but use the darn 

151
00:08:07,210 --> 00:08:09,610
code because it's the best one 
out there anyway. 

152
00:08:10,050 --> 00:08:11,570
Yeah. 
And it supports us too, right? 

153
00:08:11,570 --> 00:08:13,370
Shows that people actually 
listen to the stuff and it's 

154
00:08:13,370 --> 00:08:16,380
worth our worth our time. 
And their time, right, to help 

155
00:08:16,380 --> 00:08:18,980
support that. 
So yeah, looking forward to 

156
00:08:18,980 --> 00:08:20,060
that. 
That's going to be a lot of fun.

157
00:08:20,620 --> 00:08:23,860
Anything else you want to bring 
up before we get to our main 

158
00:08:23,860 --> 00:08:25,300
topic because we're going to 
talk a little about 

159
00:08:25,300 --> 00:08:28,780
authorizations? 
Well, yeah, I do want to bring 

160
00:08:28,780 --> 00:08:31,900
up one thing, just the thought 
that I have and usually I bring 

161
00:08:31,900 --> 00:08:35,179
this up at the end, which is if 
folks can get out there, if they

162
00:08:35,179 --> 00:08:40,179
like the podcast, subscribe to 
it, leave us a 5 star review 

163
00:08:40,179 --> 00:08:42,940
would be appreciated. 
Let people know because that's 

164
00:08:42,940 --> 00:08:46,170
how people get to know about it.
That's how when you go into the 

165
00:08:46,170 --> 00:08:50,810
podcast search feature of your 
your podcast app, we show up 

166
00:08:50,810 --> 00:08:55,650
first when someone types an 
identity and it's really, you 

167
00:08:55,650 --> 00:08:58,970
know, that's nothing that Jeff 
and I can do to improve the that

168
00:08:58,970 --> 00:09:02,450
algorithm. 
It's really not yet, you know, I

169
00:09:02,450 --> 00:09:05,050
got figured out. 
Maybe I could use the Flipper 0 

170
00:09:05,050 --> 00:09:09,490
somehow to to do that. 
Yeah, so far all you're able to 

171
00:09:09,490 --> 00:09:12,170
do is copy your hotel keys, but 
that's still a nice little 

172
00:09:12,170 --> 00:09:14,180
feature. 
Yeah, copied a hotel. 

173
00:09:14,260 --> 00:09:20,020
I've copied hotel keys and also 
the the badge system for my 

174
00:09:20,020 --> 00:09:24,260
inlaws housing complex. 
So definitely some things that 

175
00:09:24,260 --> 00:09:28,340
could be done there, but if I 
saw you at Starbucks, I would 

176
00:09:28,340 --> 00:09:32,260
not connect to the Wi-Fi. 
I did get the Wi-Fi dev board, 

177
00:09:32,300 --> 00:09:34,020
so I have been playing around 
with that. 

178
00:09:34,020 --> 00:09:36,180
There's a couple of, you know, 
interesting things you can do 

179
00:09:36,180 --> 00:09:39,220
set up like an evil portal. 
You can do a Rickroll attack, 

180
00:09:39,220 --> 00:09:42,060
which basically creates a whole 
bunch of fake access points that

181
00:09:42,060 --> 00:09:48,340
are Rickroll lyrics. 
So I'm definitely not a hacker 

182
00:09:48,340 --> 00:09:51,380
in quotation works, but there's 
some neat things you can kind of

183
00:09:51,380 --> 00:09:55,300
do that are fun and explain to 
people just why they should be 

184
00:09:55,300 --> 00:09:57,340
using things like MFA and things
like that. 

185
00:09:57,820 --> 00:10:00,660
I think you are a hacker. 
I mean, you might be very green 

186
00:10:00,660 --> 00:10:03,100
in the hacker stack, but you're 
doing hacker things. 

187
00:10:04,840 --> 00:10:06,440
Okay. 
Well, I don't want this to be 

188
00:10:06,440 --> 00:10:07,880
evidence, so let's just keep 
going. 

189
00:10:08,760 --> 00:10:11,600
Let's talk about authorization 
and kind of calling this 

190
00:10:11,600 --> 00:10:14,560
authorization 2.0. 
I don't know if that will stick 

191
00:10:14,560 --> 00:10:16,560
or not. 
But to help us with this 

192
00:10:16,560 --> 00:10:18,440
conversation, we've got Rich. 
Dan Liker. 

193
00:10:18,440 --> 00:10:20,480
He's the chief strategist with 
Vasa. 

194
00:10:20,800 --> 00:10:23,360
Welcome to the show, Rich. 
Thanks, Jeff. 

195
00:10:24,200 --> 00:10:25,760
It's great to be here. 
How you doing, Jim? 

196
00:10:26,120 --> 00:10:28,640
Great to have you here. 
First of all, I love the radio 

197
00:10:28,640 --> 00:10:30,320
Pipes. 
You got a great voice for 

198
00:10:30,320 --> 00:10:33,130
podcasts. 
I will try my best to keep up. 

199
00:10:33,130 --> 00:10:34,370
I might, actually. 
I usually. 

200
00:10:34,370 --> 00:10:36,650
I'm trying to like, bring 
people's voices up, make the 

201
00:10:36,770 --> 00:10:39,330
sound, you know, sparkling, you 
know, right in the editing. 

202
00:10:39,930 --> 00:10:42,810
I might have to, like, do the 
opposite for you, so that there 

203
00:10:42,810 --> 00:10:45,330
isn't such a disparity between 
you, me and Jim. 

204
00:10:45,370 --> 00:10:47,810
But. 
Well, usually people only tell 

205
00:10:47,810 --> 00:10:50,250
me that I have a face for radio,
but now now I also have the 

206
00:10:50,250 --> 00:10:51,650
voice. 
Well, that's what we always say.

207
00:10:51,650 --> 00:10:54,970
We got faces for radio and 
voices for a silent movie, 

208
00:10:54,970 --> 00:10:57,600
something like that. 
Well, thanks for joining us and 

209
00:10:57,600 --> 00:10:59,000
spend some time with us here 
today. 

210
00:10:59,560 --> 00:11:02,760
We like to hit to really learn 
about the identity journey that 

211
00:11:02,760 --> 00:11:04,840
people have been on. 
And it's kind of tradition 

212
00:11:04,840 --> 00:11:07,240
around here when we have someone
on for the first time to 

213
00:11:07,240 --> 00:11:09,400
understand what their identity 
origin story is. 

214
00:11:09,400 --> 00:11:11,920
So maybe you just spend just a 
minute or two kind of talking 

215
00:11:11,920 --> 00:11:15,080
about how did you get into the 
space of identity and access 

216
00:11:15,080 --> 00:11:17,840
management or digital identity 
or whatever the heck we're 

217
00:11:17,840 --> 00:11:22,900
calling this field today? 
Yeah, it actually started when I

218
00:11:22,900 --> 00:11:28,900
was at Octa and I actually back 
in 2014, I went and joined them 

219
00:11:28,900 --> 00:11:31,420
and I led the product management
team for about 4 1/2 years 

220
00:11:31,420 --> 00:11:34,220
through the IPO period. 
And so, you know, I think 

221
00:11:34,220 --> 00:11:38,460
Identity had definitely, you 
know, struck A chord with me and

222
00:11:38,460 --> 00:11:41,500
that was one of the things I 
would did a stint in data loss 

223
00:11:41,500 --> 00:11:43,690
prevention. 
And really seeing how, you know,

224
00:11:43,690 --> 00:11:47,050
sort of network based security 
tools were just not the thing 

225
00:11:47,050 --> 00:11:49,410
you really wanted to see. 
You wanted you needed to get 

226
00:11:49,410 --> 00:11:51,010
down to the person and that was 
really hard. 

227
00:11:51,010 --> 00:11:53,850
You had to go through proxy. 
You had to do all sorts of fancy

228
00:11:53,850 --> 00:11:57,130
dancing to get there And so 
that, you know Identity was 

229
00:11:57,130 --> 00:11:59,130
definitely something that was 
like top of my list. 

230
00:11:59,130 --> 00:12:00,850
And then Ochter really cemented 
that for me. 

231
00:12:01,810 --> 00:12:04,730
And I think it was, it was a 
it's it's been a fantastic 

232
00:12:04,730 --> 00:12:08,490
journey and you know my my early
on in my career, I definitely 

233
00:12:08,490 --> 00:12:10,770
said wow, this is a lot more 
complex than I thought it was 

234
00:12:10,770 --> 00:12:13,000
when I started. 
It always is. 

235
00:12:13,000 --> 00:12:15,400
I think the definition too, of 
kind of being an identity has 

236
00:12:15,400 --> 00:12:16,800
changed. 
A lot of people find themselves,

237
00:12:17,200 --> 00:12:20,040
they just were in it all of a 
sudden, they didn't like, pick 

238
00:12:20,040 --> 00:12:21,960
it. 
It was just, oh, I I guess I'm 

239
00:12:21,960 --> 00:12:26,000
in identity now and now you're a
chief strategist for an identity

240
00:12:26,000 --> 00:12:29,440
company. 
So I love titles because some of

241
00:12:29,440 --> 00:12:30,920
them are very cool. 
Some of them like okay. 

242
00:12:30,920 --> 00:12:32,040
What the heck does that even 
mean? 

243
00:12:32,480 --> 00:12:36,040
What does a chief strategist for
an identity company like Visa 

244
00:12:36,040 --> 00:12:38,430
do? 
That's a great question because 

245
00:12:38,430 --> 00:12:41,470
I definitely find it a strategy 
means lots of different things 

246
00:12:41,470 --> 00:12:43,910
at lots of different places. 
It could mean a whole lot and it

247
00:12:43,910 --> 00:12:47,910
can mean a whole lot of nothing.
But for us at Vasa, I tend to 

248
00:12:47,910 --> 00:12:50,870
split my time between a number 
of different pillars. 

249
00:12:51,150 --> 00:12:53,950
First is really around sort of 
high level product marketing and

250
00:12:53,950 --> 00:12:57,230
messaging. 
So I think a lot about how we 

251
00:12:57,310 --> 00:13:00,190
position the solution that we 
provide, how we talk about our 

252
00:13:00,190 --> 00:13:02,270
customers, how we talk about the
space that we're in. 

253
00:13:02,630 --> 00:13:05,350
So that bleeds into a lot of 
analyst relations and speaking 

254
00:13:05,350 --> 00:13:09,030
to the folks like Gartner and 
speaking to Enrique as well as 

255
00:13:09,030 --> 00:13:11,390
sort of looking at the market as
a whole and you know, so we're 

256
00:13:11,390 --> 00:13:14,150
kind of getting into a 
competitive analysis as well. 

257
00:13:14,310 --> 00:13:17,150
So that bleeds into the second 
pillar which is helping out our 

258
00:13:17,150 --> 00:13:18,910
sales team. 
So you know, really being sort 

259
00:13:18,910 --> 00:13:23,030
of more out on the front lines, 
helping to, you know, to guide 

260
00:13:23,350 --> 00:13:26,310
the folks that are actually 
talking directly to prospects 

261
00:13:26,550 --> 00:13:29,470
about sort of how to talk about 
things, how to, how to position 

262
00:13:29,470 --> 00:13:32,270
things, what people care about 
and and what identity folks. 

263
00:13:32,630 --> 00:13:36,750
Really wanna you know what's top
of their list And then the third

264
00:13:36,750 --> 00:13:39,030
is on product strategies. 
So actually building new 

265
00:13:39,030 --> 00:13:42,550
product, working on some of the 
advanced things that we wanna 

266
00:13:42,550 --> 00:13:45,750
get done that are critical for 
sort of that long term 

267
00:13:46,550 --> 00:13:49,870
positioning in the market and 
sort of really helping take us 

268
00:13:49,870 --> 00:13:51,630
where we wanna go in the long 
term. 

269
00:13:52,470 --> 00:13:55,790
So Speaking of products, you've 
got this company called Vasa 

270
00:13:55,910 --> 00:13:59,100
VEZA. 
I'm sure you get confused with 

271
00:13:59,100 --> 00:14:00,300
Visa. 
A lot people saying it. 

272
00:14:00,300 --> 00:14:01,540
So let's get the word out there,
right? 

273
00:14:01,900 --> 00:14:05,540
It's pronounced Vasa. 
For those people who are not 

274
00:14:05,540 --> 00:14:08,940
familiar with what Vasa does, 
what's the elevator? 

275
00:14:08,940 --> 00:14:12,060
Pitch 30, let's say 62nd 
elevator ride up. 

276
00:14:12,620 --> 00:14:16,060
What do you guys do? 
Yeah, I think the way I like to 

277
00:14:16,060 --> 00:14:17,940
talk about it is really that we 
help. 

278
00:14:18,720 --> 00:14:20,640
The company's operationalized 
least privilege. 

279
00:14:20,840 --> 00:14:25,240
So we do that by really putting 
together a graph around 

280
00:14:25,240 --> 00:14:28,880
authorization that shows you not
just what you have across all 

281
00:14:28,880 --> 00:14:31,960
your different systems, but 
where it's wrong, where you need

282
00:14:31,960 --> 00:14:35,400
to fix it right. 
So we have a core technology 

283
00:14:35,400 --> 00:14:37,800
which is our authorization 
metadata graph, where we really 

284
00:14:37,800 --> 00:14:41,040
put together all the different 
pieces of information about 

285
00:14:41,040 --> 00:14:44,400
authorization from users to 
groups to roles, all the way 

286
00:14:44,400 --> 00:14:48,240
down to specific resources that 
might be in a particular system.

287
00:14:48,660 --> 00:14:51,260
And the permissions down to you 
know can you read, can you 

288
00:14:51,260 --> 00:14:54,180
write, can you head it, can you 
delete and putting that together

289
00:14:54,340 --> 00:14:57,180
and I think I think that 
combination makes a really a 

290
00:14:57,180 --> 00:15:00,860
really powerful solution to both
see what you've got as I said 

291
00:15:00,860 --> 00:15:03,260
fix it and also get to 
compliance, right. 

292
00:15:03,260 --> 00:15:05,740
And that's a that's a frequent 
driver for a lot of customers 

293
00:15:06,020 --> 00:15:08,900
and we have a, you know we're we
came out of stealth last year. 

294
00:15:08,900 --> 00:15:11,820
We've got a number of big 
customers like Wynn Resorts, 

295
00:15:11,820 --> 00:15:16,420
AMD, Intuit, Blackstone. 
Amex Global business Travel and 

296
00:15:16,420 --> 00:15:19,380
Zoom. 
So it's something that's really,

297
00:15:19,380 --> 00:15:22,660
I think resonated in the market 
because it's so hard just to see

298
00:15:22,860 --> 00:15:26,300
what you've got and that's often
where customers start with us. 

299
00:15:27,060 --> 00:15:28,940
Yeah, I think a lot of people 
think identity, they think 

300
00:15:28,940 --> 00:15:30,900
authentication, it's the next 
step. 

301
00:15:30,900 --> 00:15:32,420
After that, it's really where 
you're going. 

302
00:15:32,420 --> 00:15:36,580
It's the authorization side. 
So where does the name Vasa come

303
00:15:36,580 --> 00:15:39,030
from? 
Yeah, well, actually it's an 

304
00:15:39,070 --> 00:15:42,230
interesting, interesting story. 
When I first joined the company,

305
00:15:42,390 --> 00:15:45,190
we had a different name. 
We were called Cookie dot A I, 

306
00:15:45,910 --> 00:15:47,750
and this is even before Chachi 
BT. 

307
00:15:47,750 --> 00:15:51,710
So it was prescient in one way 
about, you know, having the A I,

308
00:15:52,590 --> 00:15:56,470
the, the the the dot A I there. 
But you know, obviously Cookie 

309
00:15:56,470 --> 00:15:58,670
dot A I has a lot of, has a lot 
of baggage. 

310
00:15:58,670 --> 00:16:00,590
So that was one where I was 
like, yeah, I don't know if 

311
00:16:00,590 --> 00:16:02,310
that's going to really fly long 
term. 

312
00:16:02,890 --> 00:16:07,690
And so I actually helped drive 
that the new naming and Vasa 

313
00:16:07,970 --> 00:16:11,690
comes from the Zulu word meaning
to reveal. 

314
00:16:11,930 --> 00:16:13,290
So I was like wow that's pretty 
cool. 

315
00:16:13,290 --> 00:16:16,170
If I had to pick a language that
I, I based the name on Zulu's 

316
00:16:16,170 --> 00:16:19,410
probably Yep that's about the 
the peak of it and it has like a

317
00:16:19,490 --> 00:16:22,970
it has a good meaning you we 
could we could get the.com 

318
00:16:23,170 --> 00:16:27,570
domain for not an outrageous 
amount of money and the ticker 

319
00:16:27,570 --> 00:16:29,170
symbol was available. 
You know, you always got to be 

320
00:16:29,170 --> 00:16:33,740
thinking ahead. 
Hey, rich, authorizations really

321
00:16:33,740 --> 00:16:35,860
seem to have blown up in the 
past year or so. 

322
00:16:35,860 --> 00:16:40,380
And if someone asked me, you 
know, what's hot in identity 

323
00:16:40,380 --> 00:16:44,860
right now, I run down a list of,
you know, converged identity, 

324
00:16:44,860 --> 00:16:50,740
which I don't think is that 
exciting decentralized Kim, ITDR

325
00:16:50,740 --> 00:16:55,560
Pastor list and authorization. 
And it's like that whole list I 

326
00:16:55,560 --> 00:16:57,200
went through until I got the 
authorization. 

327
00:16:57,200 --> 00:16:59,680
Those are all new things, right?
They're all things that have 

328
00:16:59,680 --> 00:17:03,560
kind of happened in the past 
several years, but 

329
00:17:03,560 --> 00:17:07,960
authorization's been around for 
pretty much the beginning of 

330
00:17:08,119 --> 00:17:11,160
identity. 
And so I'm wondering, what do 

331
00:17:11,160 --> 00:17:15,839
you attribute this blowing up of
authorization, as I put it? 

332
00:17:16,040 --> 00:17:20,270
What do you attribute that to? 
I really think it's a 

333
00:17:20,270 --> 00:17:24,270
consequence of most 
organizations really pushing 

334
00:17:24,270 --> 00:17:29,150
forward with authentication and 
props to Octa, props to 

335
00:17:29,190 --> 00:17:34,470
Microsoft really for driving 
forward the world of SSO with 

336
00:17:34,470 --> 00:17:39,070
SAML and OIDC and getting MFA 
implemented and driving forward 

337
00:17:39,070 --> 00:17:42,350
on password lists. 
So most companies that I talked 

338
00:17:42,350 --> 00:17:44,750
to have really you know how 
they've kind of gone through 

339
00:17:44,750 --> 00:17:47,950
that and they've said Yep, we've
done, you know we've done the 

340
00:17:47,950 --> 00:17:51,710
lion's share what we need to do 
around authentication and wow 

341
00:17:51,830 --> 00:17:53,870
things aren't fixed yet. 
We still, we still have all 

342
00:17:53,870 --> 00:17:56,350
these issues. 
We're still getting either we 

343
00:17:56,350 --> 00:17:59,030
have security tax, we still 
don't really have a handle on 

344
00:17:59,030 --> 00:18:00,510
identity. 
It's not just a, it's not a 

345
00:18:00,510 --> 00:18:03,190
solved problem yet. 
And so it's just as you said, 

346
00:18:03,190 --> 00:18:05,910
it's a very natural thing when 
you after you've you've gone and

347
00:18:05,910 --> 00:18:08,830
tackled authentication, 
authorization is the next step. 

348
00:18:09,080 --> 00:18:10,920
Right. 
And so I think that that natural

349
00:18:10,920 --> 00:18:12,960
sort of like you know what do we
do next. 

350
00:18:12,960 --> 00:18:16,360
We know there's something here. 
We know how core identity is to 

351
00:18:16,360 --> 00:18:18,440
all these different things to 
the you know to the IT stack to 

352
00:18:18,440 --> 00:18:21,520
the security stack and yet you 
know it's it's not we. 

353
00:18:21,600 --> 00:18:25,000
We know we're not done. 
Now Rich, when we talk about 

354
00:18:25,000 --> 00:18:28,520
frameworks for authentication 
some of the the ones that our 

355
00:18:28,520 --> 00:18:33,960
listeners may be familiar with 
our our back a back P back, some

356
00:18:33,960 --> 00:18:36,720
some of those people might not 
be familiar with. 

357
00:18:36,720 --> 00:18:40,620
Could you help us define each 
one of those and helps which 

358
00:18:40,620 --> 00:18:45,340
one's the best one? 
What a loaded question. 

359
00:18:45,340 --> 00:18:48,740
That's awesome. 
So yeah, RBAC is a role based 

360
00:18:48,740 --> 00:18:51,260
assets control. 
So this is, this is probably 

361
00:18:51,260 --> 00:18:53,060
what I see as the most commonly 
used one. 

362
00:18:53,060 --> 00:18:55,460
And you'll be, you know, you'll 
be used to this in an enterprise

363
00:18:55,460 --> 00:18:58,060
scenario where you'll have some 
sort of description. 

364
00:18:58,060 --> 00:19:01,700
You know, I might be like a, you
know, W marketing or you know, 

365
00:19:01,700 --> 00:19:05,860
I'm a super admin and that sort 
of gives you based on a role. 

366
00:19:06,340 --> 00:19:09,220
There's some, ideally there's 
some commonality across an 

367
00:19:09,220 --> 00:19:12,100
organization that collects up a 
bunch of different permissions 

368
00:19:12,100 --> 00:19:14,900
that's organized in sort of your
function at the organization 

369
00:19:14,900 --> 00:19:16,860
into a role that's the ideal 
state. 

370
00:19:17,500 --> 00:19:20,500
Then you have things like a 
back, which attribute based 

371
00:19:21,340 --> 00:19:24,300
access control and that's where 
you're not doing it necessarily 

372
00:19:24,300 --> 00:19:27,900
in a role, but typically more 
dynamically like you can think 

373
00:19:27,900 --> 00:19:29,700
of. 
I think the best analogy is. 

374
00:19:30,100 --> 00:19:33,220
You're used to this around sort 
of, you know, attribute based 

375
00:19:33,220 --> 00:19:36,300
authentication, right? 
It might be geolocation based 

376
00:19:36,300 --> 00:19:39,100
right, where you actually you're
pulling in some attributes, 

377
00:19:39,420 --> 00:19:42,580
oftentimes dynamically and 
making a decision about, all 

378
00:19:42,580 --> 00:19:45,580
right, is this person actually 
allowed to get to certain 

379
00:19:45,580 --> 00:19:47,900
resources and take certain 
actions and certain resources 

380
00:19:48,100 --> 00:19:49,940
based on the value of those 
attributes? 

381
00:19:49,940 --> 00:19:53,420
So there's it's typically done 
more at runtime and more 

382
00:19:53,420 --> 00:19:55,880
dynamically. 
And then policy based access 

383
00:19:55,880 --> 00:19:58,640
control where you're it's a it's
a pretty similar kind of thing 

384
00:19:58,640 --> 00:20:02,160
and a lot of similarities to a 
back, but it tends to be a bit 

385
00:20:02,160 --> 00:20:07,040
more around design so that you 
can actually make broad policy 

386
00:20:07,040 --> 00:20:09,840
based changes across the 
organization without having to 

387
00:20:09,840 --> 00:20:12,120
go through and rejigger all your
roles, right. 

388
00:20:12,120 --> 00:20:16,440
So it's sort of more, you know, 
a goal and A and a target 

389
00:20:16,440 --> 00:20:17,720
design. 
From. 

390
00:20:17,720 --> 00:20:22,680
From what I've seen RBAC is the 
most commonly used one and you 

391
00:20:22,680 --> 00:20:24,460
know. 
And I know we, we talked about 

392
00:20:24,460 --> 00:20:28,020
this, it's like for for being, 
for me being in in in the 

393
00:20:28,020 --> 00:20:31,020
authorization space. 
I'm amazingly not opinionated 

394
00:20:31,020 --> 00:20:33,260
about which one is best. 
So that's a tough question for 

395
00:20:33,260 --> 00:20:35,980
me. 
But I know that my my favorite 

396
00:20:35,980 --> 00:20:38,940
one was like that's I was 
listening to one of this one of 

397
00:20:38,940 --> 00:20:41,420
the C shows I was talking to. 
He says our back, yeah really 

398
00:20:41,420 --> 00:20:45,380
bad access control. 
And I think I have a strong 

399
00:20:45,380 --> 00:20:48,660
resonance with that because even
though that's the most commonly 

400
00:20:48,660 --> 00:20:51,300
used one that's you know that's 
the one I see most often. 

401
00:20:51,340 --> 00:20:53,860
It's just has so many gaps and 
so many holes. 

402
00:20:54,300 --> 00:20:56,540
Can you have least privilege 
without RBAC? 

403
00:20:58,620 --> 00:21:01,020
You know least privilege is 
obviously it's a you know it's a

404
00:21:01,020 --> 00:21:04,660
big slope. 
And I think really that the 

405
00:21:04,660 --> 00:21:07,620
trick is like you know, and this
and this is also, you know, I'm 

406
00:21:07,620 --> 00:21:09,020
don't want to, don't want to 
pitch. 

407
00:21:09,020 --> 00:21:11,660
But you know it's like everybody
agrees least privilege is 

408
00:21:11,660 --> 00:21:15,100
something you need to get to. 
But getting it in practice and 

409
00:21:15,100 --> 00:21:16,980
and you know, how do you 
actually get an operational 

410
00:21:16,980 --> 00:21:19,420
program. 
You know we've we've all gone 

411
00:21:19,420 --> 00:21:21,460
through those compliance surveys
and said, hey do you follow 

412
00:21:21,460 --> 00:21:23,700
least privilegedly? 
Yes we do. 

413
00:21:24,220 --> 00:21:26,300
But what does that mean? 
Like you know and how do you 

414
00:21:26,300 --> 00:21:29,460
know and where is it off and how
can you get better. 

415
00:21:29,740 --> 00:21:31,900
Those are the, you know, when 
the rubber meets the road. 

416
00:21:31,900 --> 00:21:34,340
I think those are the most 
important questions. 

417
00:21:34,340 --> 00:21:38,420
So I I see it as less of a, you 
know, are you using RBAC or A 

418
00:21:38,420 --> 00:21:41,580
back or P back? 
It's more around do you have the

419
00:21:41,580 --> 00:21:45,540
tools and the processes and the 
people to actually get to least 

420
00:21:45,540 --> 00:21:47,100
privilege? 
Least privilege is the goal, no 

421
00:21:47,100 --> 00:21:49,380
matter which of these frameworks
you're trying to do. 

422
00:21:50,180 --> 00:21:53,020
Jeff Rich refuses to answer my 
question. 

423
00:21:56,300 --> 00:21:53,980
It's baby back. 
What's the best back? 

424
00:21:54,180 --> 00:21:59,300
What is the best? 
I mean, without question. 

425
00:22:00,680 --> 00:22:05,240
Got back and that is the winner 
folks. 

426
00:22:06,320 --> 00:22:08,920
OK. 
So Rich, it seems like that in 

427
00:22:08,920 --> 00:22:13,920
the past at least in my 
experience authorization was an 

428
00:22:13,920 --> 00:22:20,200
area focused on for CIM customer
I M and less so for enterprise. 

429
00:22:20,520 --> 00:22:24,920
But it seems like this blowing 
up that I refer to is really a 

430
00:22:24,920 --> 00:22:29,520
reversal of that trend and it's 
becoming more of a shift toward.

431
00:22:30,030 --> 00:22:35,950
Enterprises doing more advanced 
authorization projects or taking

432
00:22:35,950 --> 00:22:39,110
that authorization focus, is 
that right? 

433
00:22:39,110 --> 00:22:42,270
Do you agree with that? 
Yep, I do. 

434
00:22:42,310 --> 00:22:44,790
And I think I think 
traditionally authorization has 

435
00:22:44,790 --> 00:22:48,950
been sort of front and center of
a of a CI AM project because 

436
00:22:48,950 --> 00:22:51,310
when you're building a custom 
application which is typically 

437
00:22:51,310 --> 00:22:54,630
with those things, what's 
involved there, you you can't 

438
00:22:54,630 --> 00:22:56,510
not build authorization in, 
right. 

439
00:22:56,510 --> 00:22:59,690
You've got to have something and
so you you have to build some 

440
00:22:59,690 --> 00:23:01,330
sort of structure or some sort 
of componentry. 

441
00:23:01,770 --> 00:23:06,930
I think to be fair I'd say that 
you know the the the CIAM types 

442
00:23:06,930 --> 00:23:09,370
of projects haven't gone away 
and actually we're seeing a 

443
00:23:09,370 --> 00:23:14,770
really strong push here, not so 
much in terms of sort of the 

444
00:23:14,770 --> 00:23:17,570
bulk users that are going into 
an application. 

445
00:23:17,610 --> 00:23:20,010
For instance, if you're, you 
know, if you're a customer, a 

446
00:23:20,010 --> 00:23:23,490
consumer facing company and have
a CIM application, you've 

447
00:23:23,490 --> 00:23:27,170
generally done a pretty good job
of separating and isolating 

448
00:23:27,370 --> 00:23:30,250
customer one from customer two. 
Like I if I'm going into 

449
00:23:30,250 --> 00:23:33,610
Expedia, I can't get to Jeff's 
travel profile and access Jeff's

450
00:23:33,610 --> 00:23:36,090
credit cards and then for the 
most part that's a well 

451
00:23:36,090 --> 00:23:39,770
understood problem. 
The trick and I think the sort 

452
00:23:39,770 --> 00:23:43,930
of the frontier for that on the 
CIAM side is really things like 

453
00:23:44,310 --> 00:23:48,190
help desk people, right? 
If you have or you have admins 

454
00:23:48,190 --> 00:23:52,590
or DevOps people who are logging
in and sort of getting access to

455
00:23:52,590 --> 00:23:58,070
customer data, getting 
privileged permissions into some

456
00:23:58,070 --> 00:24:00,190
of these things, potentially 
cutting across multiple 

457
00:24:00,190 --> 00:24:03,470
customers, doing some sort of 
operational management. 

458
00:24:03,510 --> 00:24:07,790
And of that, I think I find a 
lot of customers are really 

459
00:24:08,240 --> 00:24:09,640
weren't they weren't thinking 
about that. 

460
00:24:09,640 --> 00:24:12,080
That's not sort of the primary 
use case of authorization in 

461
00:24:12,080 --> 00:24:15,040
that custom app. 
And so it's they often have very

462
00:24:15,040 --> 00:24:17,360
little visibility, especially 
when you get to the security 

463
00:24:17,360 --> 00:24:19,280
team, you've got the developers,
you're kind of, you know, 

464
00:24:19,320 --> 00:24:21,600
there's one guy who knows 
exactly how it all works. 

465
00:24:21,800 --> 00:24:23,960
But then when you go to the 
security team, they don't have 

466
00:24:23,960 --> 00:24:25,920
visibility, they don't have 
logins, they don't know how it 

467
00:24:25,920 --> 00:24:30,290
works and that that's a real, 
real gap there in the CIM side. 

468
00:24:30,290 --> 00:24:34,250
But to your, to your point, I 
think it's now also hitting on 

469
00:24:34,250 --> 00:24:36,050
this sort of the enterprise 
application side. 

470
00:24:36,450 --> 00:24:39,210
And I think there's a lot of 
crossover because some of the 

471
00:24:39,210 --> 00:24:42,450
data storage systems like going 
to the cloud platforms of AWS 

472
00:24:42,530 --> 00:24:46,530
and Azure and Google Cloud, 
those are now sort of crossing 

473
00:24:46,530 --> 00:24:49,210
over where they're being used 
for enterprise data. 

474
00:24:49,210 --> 00:24:52,520
They're also being used for 
customer data and so you know 

475
00:24:52,520 --> 00:24:55,520
you, you really see a lot of 
commonality in leveraging 

476
00:24:55,520 --> 00:24:59,400
similar platforms across the the
internal enterprise, traditional

477
00:25:00,080 --> 00:25:02,640
internal enterprise applications
and consumer applications and 

478
00:25:02,640 --> 00:25:05,960
customer applications. 
So when I talk about 

479
00:25:05,960 --> 00:25:09,440
authorization with people, I my 
mind shifts back to the 

480
00:25:09,440 --> 00:25:12,880
framework around the 
insaccharable standard and you 

481
00:25:12,880 --> 00:25:16,840
know, Policy Decision Point, 
Policy Enforcement Point, and 

482
00:25:16,840 --> 00:25:21,280
again like my reference point is
a lot on customer I am. 

483
00:25:21,610 --> 00:25:25,170
And I've always thought like, 
OK, externalizing and 

484
00:25:25,170 --> 00:25:29,890
centralizing the policy decision
point is pretty drastic. 

485
00:25:30,170 --> 00:25:34,250
You know, if you've got a couple
of, you know, business portals 

486
00:25:34,250 --> 00:25:39,490
for transacting, whether it's 
placing orders or warranty, it 

487
00:25:39,490 --> 00:25:42,210
depends on what business you 
happen to be in. 

488
00:25:42,570 --> 00:25:45,610
But a lot of times those 
applications were built 

489
00:25:45,890 --> 00:25:46,890
individually. 
They're right. 

490
00:25:46,890 --> 00:25:50,250
They're not just one big portal 
that does it all. 

491
00:25:50,670 --> 00:25:54,830
And to centralize all that, I 
always thought to myself like 

492
00:25:55,150 --> 00:25:59,350
okay, that probably makes sense 
for like the FBI or something 

493
00:25:59,350 --> 00:26:02,990
like that where they want to 
have a centralized log of those 

494
00:26:02,990 --> 00:26:05,710
policy decisions. 
So to me, the policy decision 

495
00:26:05,710 --> 00:26:11,750
point was always like the the 
big most important component of 

496
00:26:11,750 --> 00:26:14,830
that framework. 
The way of thinking about 

497
00:26:15,110 --> 00:26:18,910
Zackamal and I'm wondering like 
does that. 

498
00:26:19,500 --> 00:26:23,780
Framework still hold value. 
Do you still use that framework 

499
00:26:23,780 --> 00:26:31,780
and that type of those terms, 
Policy Decision point, Policy 

500
00:26:31,780 --> 00:26:33,380
Enforcement point, things like 
that? 

501
00:26:33,820 --> 00:26:38,460
And you know, is the policy 
decision point still the most 

502
00:26:38,460 --> 00:26:42,420
important concept of that 
standard or is this something 

503
00:26:42,420 --> 00:26:45,380
else now? 
Yeah, that's a great, a great 

504
00:26:45,380 --> 00:26:46,220
question. 
I think. 

505
00:26:46,220 --> 00:26:50,330
I think those especially those 
concepts are very valid today as

506
00:26:50,330 --> 00:26:53,010
valid as they as they were when 
the, you know when the standards

507
00:26:53,010 --> 00:26:55,650
were being developed there. 
And I I think that that sort of 

508
00:26:55,650 --> 00:26:59,210
methodology and that that 
conceptual division makes a ton 

509
00:26:59,210 --> 00:27:02,770
of sense. 
And I find that you know it's a,

510
00:27:02,770 --> 00:27:05,930
it's a still a small fraction of
folks we we tend to not talk 

511
00:27:05,930 --> 00:27:10,320
about those things as explicitly
in today like in our in our 

512
00:27:10,320 --> 00:27:12,000
marketing and documentation 
materials. 

513
00:27:12,000 --> 00:27:14,680
But I definitely run across 
plenty of customers who still 

514
00:27:14,680 --> 00:27:16,760
talk about it and say hey you 
know give me know tell me how 

515
00:27:16,760 --> 00:27:19,640
this fits into that world. 
And so I think it's they're 

516
00:27:19,640 --> 00:27:21,920
definitely folks out there who 
still think about it this way 

517
00:27:21,920 --> 00:27:25,040
and I think if you explain it to
them it, it makes a ton of 

518
00:27:25,040 --> 00:27:27,080
sense. 
Here's one where I actually am 

519
00:27:27,080 --> 00:27:30,240
opinionated and this is 1 where 
I'm actually, I'll put in my 

520
00:27:30,240 --> 00:27:34,040
vote for my favorite, my 
favorite component is the, the 

521
00:27:34,040 --> 00:27:37,850
policy administration point. 
And that's one where I think the

522
00:27:37,850 --> 00:27:41,170
issue with the with sort of 
centralizing as you pointed out 

523
00:27:41,170 --> 00:27:46,050
with the decision point, you 
know it's it's really, you know 

524
00:27:46,330 --> 00:27:49,410
you have there's a performance 
issue you you're generally 

525
00:27:49,410 --> 00:27:52,650
you're looking at that with the 
with the enforcement point 

526
00:27:52,650 --> 00:27:55,250
potentially and putting those 
things together I think tends to

527
00:27:55,250 --> 00:27:57,450
make a lot of sense. 
But trying to reroute the 

528
00:27:57,450 --> 00:28:00,850
network and trying to you know 
channel everything to A to a 

529
00:28:00,850 --> 00:28:04,510
single choke point, that's not 
how, that's not how the modern 

530
00:28:04,510 --> 00:28:07,230
cloud architecture and modern 
day, modern day systems are 

531
00:28:07,230 --> 00:28:09,150
working. 
And as you said like once you've

532
00:28:09,150 --> 00:28:12,470
got it up and running no one 
wants to rearchitect that stuff.

533
00:28:12,470 --> 00:28:16,110
No one wants to put a new a new 
component in the middle of 

534
00:28:16,110 --> 00:28:19,190
something especially when you're
talking about sort of customers 

535
00:28:19,190 --> 00:28:22,230
and you know and production data
or actually getting transactions

536
00:28:22,230 --> 00:28:24,390
done. 
It's a really hard pill for 

537
00:28:24,390 --> 00:28:26,390
folks to swallow. 
So I think you know. 

538
00:28:26,470 --> 00:28:28,470
Multiple applications that could
be. 

539
00:28:29,000 --> 00:28:32,480
Posted around the world you can 
have scalability, reliability, 

540
00:28:32,800 --> 00:28:35,240
network type issues. 
That's right. 

541
00:28:35,280 --> 00:28:36,640
That's right there. 
Just there's so many other 

542
00:28:36,640 --> 00:28:39,880
things that sort of drive that. 
And you know and you know I can 

543
00:28:39,880 --> 00:28:42,520
imagine like an enterprise 
architect trying to go say hey 

544
00:28:42,520 --> 00:28:44,800
we want to centralize all this 
to a single point and get thrown

545
00:28:44,800 --> 00:28:46,640
out of the room because it's 
just like it. 

546
00:28:46,640 --> 00:28:49,320
There's so many other factors in
there that that drive it. 

547
00:28:49,320 --> 00:28:52,040
And so I think my personal take 
is attacking it at the 

548
00:28:52,040 --> 00:28:54,320
administration point is the is 
the right way to go. 

549
00:28:55,960 --> 00:28:57,600
We've been talking a lot about, 
I guess. 

550
00:28:58,020 --> 00:29:00,380
Theory, for lack of a better 
word, right. 

551
00:29:00,580 --> 00:29:02,820
How things should work. 
I always like to hear like 

552
00:29:02,820 --> 00:29:05,340
what's the real world doing in 
this space? 

553
00:29:05,780 --> 00:29:07,620
You mentioned some of the 
clients that you've worked with 

554
00:29:07,620 --> 00:29:09,220
in the past and some customers 
you've got. 

555
00:29:10,140 --> 00:29:13,860
What are some of the use cases 
you know that you've seen where 

556
00:29:13,860 --> 00:29:17,060
an authorization tool has helped
solve some of these real world 

557
00:29:17,060 --> 00:29:20,700
problems that we're seeing out? 
Because, you know, I think 

558
00:29:20,700 --> 00:29:22,900
everyone points back and say, oh
we're we're a role based access 

559
00:29:22,900 --> 00:29:24,700
control company. 
Okay, Are you really? 

560
00:29:25,590 --> 00:29:27,550
And how good is it? 
It usually sucks and it's a 

561
00:29:27,550 --> 00:29:29,630
pain, pain in the butt to 
maintain and you know they kind 

562
00:29:29,630 --> 00:29:32,510
of gave up maybe after. 
Oh yeah, we have 5 rules, right?

563
00:29:32,510 --> 00:29:35,390
Something like that. 
And I feel like it's it's a 

564
00:29:35,390 --> 00:29:37,950
struggle for a lot of 
organizations out there. 

565
00:29:38,030 --> 00:29:41,190
They every every company that I 
talked to says that they are or 

566
00:29:41,190 --> 00:29:45,110
they want to be role based and 
it's hard in the real world, 

567
00:29:45,150 --> 00:29:47,710
especially when you have these 
applications that are using 

568
00:29:47,710 --> 00:29:50,510
their own authorization schemes 
and they have not moved to. 

569
00:29:51,050 --> 00:29:54,290
You know a centralized policy, 
decision point or access point 

570
00:29:54,290 --> 00:29:58,690
or engine or whatever it may be.
What are you seeing in the real 

571
00:29:58,690 --> 00:30:01,530
world around this space? 
How are you know these? 

572
00:30:01,770 --> 00:30:03,090
How are these things moving 
forward? 

573
00:30:04,250 --> 00:30:07,250
Yeah, I I find that you know one
of the big issues and I 

574
00:30:07,250 --> 00:30:10,330
mentioned this before about you 
know the the really bad access 

575
00:30:10,330 --> 00:30:13,290
control crack. 
But that one of the one of the 

576
00:30:13,290 --> 00:30:15,730
challenges is you know you can 
you can do it at a point in 

577
00:30:15,730 --> 00:30:18,300
time. 
And typically I what I hear is 

578
00:30:18,300 --> 00:30:21,500
like you know hire a systems 
integrator like Accenture to 

579
00:30:21,500 --> 00:30:25,900
come in and get you know and get
like a whole raft of you know 

580
00:30:26,260 --> 00:30:30,380
warm warm bodies from from the 
consulting or to go and have 

581
00:30:30,380 --> 00:30:33,220
tons of interviews with every 
organization across you know 

582
00:30:33,380 --> 00:30:35,860
across the company. 
And that's a tremendous amount 

583
00:30:35,860 --> 00:30:38,100
of work and they. 
Better yet, hire our son to do 

584
00:30:38,100 --> 00:30:40,020
it. 
There you go. 

585
00:30:40,180 --> 00:30:42,780
There you go. 
But then you get drift over 

586
00:30:42,780 --> 00:30:44,700
time. 
And then you get, you know, you 

587
00:30:44,700 --> 00:30:47,820
get people you know and say, 
well, you know, maybe I'll use 

588
00:30:47,820 --> 00:30:50,020
this role for something it 
wasn't quite intended for, but 

589
00:30:50,020 --> 00:30:53,060
it sounds about right. 
Or things get tacked onto the 

590
00:30:53,060 --> 00:30:56,100
role and so the permissions 
change and actually what's in 

591
00:30:56,100 --> 00:30:59,580
that role changes the use and 
the and the and what it's what's

592
00:30:59,580 --> 00:31:02,700
being applied for changes. 
And you know, essentially, you 

593
00:31:02,700 --> 00:31:05,140
know, then then you're going or 
you, you know, you get someone 

594
00:31:05,140 --> 00:31:07,940
who says, you know, oh, I need 
this new role for this new 

595
00:31:07,940 --> 00:31:10,940
purpose. 
And this sounds about right, but

596
00:31:11,210 --> 00:31:12,730
man, I don't really know what 
that role does. 

597
00:31:12,730 --> 00:31:15,610
Let me create a new role. 
And so then you get this 

598
00:31:15,610 --> 00:31:18,730
proliferation. 
And So what I find is that most 

599
00:31:18,730 --> 00:31:21,250
organizations, even when they 
want to be a role based access 

600
00:31:21,250 --> 00:31:24,890
control company, they're trying 
to manage it just on the name of

601
00:31:24,890 --> 00:31:27,170
the role. 
Like when you're trying to say, 

602
00:31:27,170 --> 00:31:29,770
hey, is this right? 
It's like the role is named 

603
00:31:29,970 --> 00:31:34,330
super secret admin #2 okay. 
Like what does that mean? 

604
00:31:34,410 --> 00:31:37,660
And people have no idea. 
And so the thing that surprises 

605
00:31:37,660 --> 00:31:41,300
me I think around all this and 
the real world customer examples

606
00:31:41,300 --> 00:31:44,300
that I see is that oftentimes 
the things that customers are 

607
00:31:44,300 --> 00:31:47,220
struggling with is so much 
simpler than you would ever 

608
00:31:47,220 --> 00:31:48,980
imagine. 
And you know, so one example we 

609
00:31:48,980 --> 00:31:53,820
have a, you know a very large 
Fortune 500 company and they 

610
00:31:53,820 --> 00:31:56,380
actually went through this and 
that, you know they came to us 

611
00:31:56,380 --> 00:31:59,940
and said hey you know can you 
tell tell us when a new admin is

612
00:31:59,940 --> 00:32:03,710
created in Salesforce, We're 
like yes, we can chew that. 

613
00:32:03,750 --> 00:32:08,030
And what it turned out to be is 
that they had an IGA, a very 

614
00:32:08,030 --> 00:32:11,830
large IGA company that you would
the name you would know as a 

615
00:32:11,830 --> 00:32:14,550
leader in the IGA space and they
were using that to provision 

616
00:32:14,870 --> 00:32:18,110
Salesforce. 
And yet they found that when 

617
00:32:18,110 --> 00:32:20,190
someone went around that 
provisioning process, the 

618
00:32:20,190 --> 00:32:22,270
approved process and went 
directly into the Salesforce 

619
00:32:22,270 --> 00:32:26,110
console or create a new admin in
there, their IGA solution 

620
00:32:26,110 --> 00:32:29,220
couldn't tell them And they 
would go around this and they 

621
00:32:29,260 --> 00:32:31,500
tried to actually custom code 
some solutions to do it. 

622
00:32:31,500 --> 00:32:33,620
And there were just so many 
different ways to do it. 

623
00:32:33,980 --> 00:32:35,900
They couldn't find that. 
They could plug all the holes. 

624
00:32:35,900 --> 00:32:40,660
And what it turned out was that 
they had failed two socks on it 

625
00:32:41,300 --> 00:32:44,820
because of that, right. 
And so it sounds so simple and 

626
00:32:44,860 --> 00:32:47,460
you take someone outside of 
identity or peripheral identity 

627
00:32:47,460 --> 00:32:51,060
and say you know, do you know, 
how can you not know when a new 

628
00:32:51,060 --> 00:32:53,980
admin is created in Salesforce? 
Like how is that possible and 

629
00:32:53,980 --> 00:32:57,500
yet that's the thing that these 
very large, very sophisticated 

630
00:32:57,500 --> 00:33:01,260
companies are struggling with. 
And so you know, so that's what 

631
00:33:01,260 --> 00:33:03,740
we hear, see is sometimes it's a
compliance driver. 

632
00:33:03,740 --> 00:33:06,300
It's like when, you know, when 
your auditor gets the the taste 

633
00:33:06,300 --> 00:33:09,180
of that and they know that you 
don't have controls, you can't 

634
00:33:09,180 --> 00:33:12,820
demonstrate controls like that 
is a big deal and they will, 

635
00:33:12,820 --> 00:33:15,060
they will drive that and 
companies are very, very 

636
00:33:15,060 --> 00:33:18,390
motivated to fix that. 
Other times it's just a 

637
00:33:18,390 --> 00:33:21,550
visibility thing. 
And I know there was a former 

638
00:33:21,710 --> 00:33:25,230
SISO of a very large telco that 
was telling me a story about 

639
00:33:25,230 --> 00:33:29,990
sort of when he came to believe 
in, in authorization as sort of 

640
00:33:30,030 --> 00:33:32,670
a really key thing. 
It was actually after an 

641
00:33:32,670 --> 00:33:34,390
incident. 
And so they had, They'd had an 

642
00:33:34,390 --> 00:33:36,350
intruder come in. 
They'd had an account takeover. 

643
00:33:36,880 --> 00:33:40,400
And they ended up being able to 
block that and and locked out 

644
00:33:40,400 --> 00:33:43,000
that account before they they 
lost a lot of data. 

645
00:33:43,000 --> 00:33:46,720
But he was doing a postmortem 
with all of his direct reports. 

646
00:33:46,760 --> 00:33:48,040
And so he had them. 
We were all in a room. 

647
00:33:48,040 --> 00:33:50,280
And he says, all right, here's 
the first account that got taken

648
00:33:50,280 --> 00:33:51,680
over. 
What did that have? 

649
00:33:51,760 --> 00:33:53,360
What did this account have 
access to? 

650
00:33:53,720 --> 00:33:56,400
And they all look at each other 
and they say, we don't know. 

651
00:33:56,600 --> 00:33:58,400
He's like, okay, here's the 
second account. 

652
00:33:58,400 --> 00:34:00,200
How about this one? 
We don't know. 

653
00:34:00,440 --> 00:34:04,440
He's like, how is this possible?
How can we not do this thing 

654
00:34:04,910 --> 00:34:07,510
that's so fundamental to 
security and being able to 

655
00:34:07,510 --> 00:34:09,469
respond to these types of 
incidents. 

656
00:34:09,469 --> 00:34:12,469
So I find it, you know different
different organizations and 

657
00:34:12,469 --> 00:34:14,230
people come at it from different
sides. 

658
00:34:14,230 --> 00:34:18,030
But inevitably when they dig 
down and really see what's there

659
00:34:18,030 --> 00:34:21,550
and see what they know and what 
they don't know, it's a little 

660
00:34:21,550 --> 00:34:25,150
terrifying and and you know it's
it's such a basic thing you 

661
00:34:25,150 --> 00:34:28,110
imagine like you know how how is
this possible that we can't do 

662
00:34:28,110 --> 00:34:30,870
this and yet it's incredibly 
hard it's made it's been a lot 

663
00:34:30,870 --> 00:34:36,530
harder with the with the cloud. 
Rich, just thinking like you 

664
00:34:37,050 --> 00:34:39,370
just told the story. 
I'm thinking, man, this folks 

665
00:34:39,370 --> 00:34:41,330
who are in that room said, we 
don't know. 

666
00:34:41,929 --> 00:34:44,969
That must have been just like 
such an embarrassing and painful

667
00:34:44,969 --> 00:34:48,889
moment for them. 
It's like it's your job, you 

668
00:34:48,929 --> 00:34:50,730
know? 
I mean, look, I'm not saying, 

669
00:34:50,730 --> 00:34:52,050
like I would have gotten it 
right. 

670
00:34:52,050 --> 00:34:55,130
I'm just saying that I'm sure, 
I'm sure glad I wasn't in their 

671
00:34:55,130 --> 00:34:58,850
shoes at that moment. 
Because, you know, when you 

672
00:34:58,850 --> 00:35:02,370
think about identity, it's 
ensuring that the right people 

673
00:35:02,370 --> 00:35:06,680
have the right access. 
You know, knowing who has access

674
00:35:06,680 --> 00:35:09,680
to what and when you can't 
answer that question, like, wow,

675
00:35:09,800 --> 00:35:12,280
that's that's downright 
embarrassing. 

676
00:35:12,640 --> 00:35:13,760
It. 
It really is. 

677
00:35:13,760 --> 00:35:15,200
And I think I think it's, you 
know, it. 

678
00:35:15,200 --> 00:35:18,720
It underscores the fact that 
like just the the tool set has 

679
00:35:18,720 --> 00:35:21,680
just hasn't been there. 
Like, you know, it's like we've 

680
00:35:21,680 --> 00:35:23,920
done all these advances and you 
know, like we were talking about

681
00:35:23,920 --> 00:35:26,920
before, authentication has come 
a long way in the last five, 

682
00:35:26,920 --> 00:35:29,960
five, 6-7 years. 
The tools that we got available 

683
00:35:29,960 --> 00:35:33,790
are so much better. 
And I think, you know, that's 

684
00:35:33,790 --> 00:35:36,430
another common thread is that 
the tools for authorization have

685
00:35:36,430 --> 00:35:39,430
been pretty stagnant. 
There just hasn't been a lot. 

686
00:35:39,430 --> 00:35:42,870
And so, you know, I think back 
to another, another guy who was 

687
00:35:43,070 --> 00:35:45,870
in, he actually leads the 
engineering team at his at his 

688
00:35:45,870 --> 00:35:47,830
organization. 
He was telling me a story about,

689
00:35:48,350 --> 00:35:50,470
you know, when they didn't have 
any tools. 

690
00:35:50,910 --> 00:35:53,870
He said, yeah, the auditors 
asked me for, you know, everyone

691
00:35:53,870 --> 00:35:55,670
who could access this one 
database. 

692
00:35:56,030 --> 00:35:58,630
We had to really get in and the 
auditor was like would not let 

693
00:35:58,630 --> 00:36:01,180
it go. 
And in order to answer that 

694
00:36:01,180 --> 00:36:03,460
question of like who has access 
to this database, what can they 

695
00:36:03,460 --> 00:36:06,700
do in this database, He said he 
had to take his best developer 

696
00:36:06,900 --> 00:36:09,940
off for a week of custom 
scripting to go answer it for 

697
00:36:09,940 --> 00:36:12,580
one database. 
So now multiply that across, you

698
00:36:12,580 --> 00:36:16,020
know your entire environment and
you just can't do it. 

699
00:36:16,100 --> 00:36:18,460
Like, you know you can get the 
answer, you can figure it out. 

700
00:36:18,460 --> 00:36:21,500
But the amount of time and 
effort and energy it takes to do

701
00:36:21,500 --> 00:36:23,740
it without a good tool set is 
brutal. 

702
00:36:24,860 --> 00:36:27,020
Well, I think this is where the 
fundamental question that. 

703
00:36:27,580 --> 00:36:30,220
I always ask folks is you know, 
can you answer this question? 

704
00:36:30,300 --> 00:36:35,300
It's very simple. 
Who has access to what and how 

705
00:36:35,300 --> 00:36:37,260
quickly can you pull that answer
together? 

706
00:36:37,580 --> 00:36:39,980
And how accurate do you think 
that data is? 

707
00:36:40,500 --> 00:36:43,700
Because if you can't answer that
question, my mind your identity 

708
00:36:43,700 --> 00:36:45,060
and access management program is
failing. 

709
00:36:45,860 --> 00:36:48,780
It's a basic question, right? 
And it's. 

710
00:36:48,780 --> 00:36:51,740
I also find you really need to 
dig down because most people 

711
00:36:51,740 --> 00:36:53,860
will say, well, yeah, I know you
know these, the people in these 

712
00:36:53,860 --> 00:36:57,810
groups, OK. 
But you know, like, dig it. 

713
00:36:57,810 --> 00:36:59,850
Let's dig a little deeper, like.
Nested groups? 

714
00:36:59,850 --> 00:37:02,090
What does it even mean? 
It's been you know, that group 

715
00:37:02,090 --> 00:37:04,730
is used for eight different 
things, one of which was the 

716
00:37:04,730 --> 00:37:08,210
original intention, right? 
Stuff like that, that's right. 

717
00:37:08,210 --> 00:37:10,330
And you know, it comes down to, 
you know, to brass tacks. 

718
00:37:10,330 --> 00:37:12,970
Usually it's like, you know, 
pick your, you know, your most 

719
00:37:12,970 --> 00:37:15,570
sensitive, you know, data 
element, whether you know it's a

720
00:37:15,570 --> 00:37:19,130
table, maybe it's a box folder, 
you know, maybe it's a, you 

721
00:37:19,130 --> 00:37:21,530
know, a data lake, you know, in 
Snowflake or something like 

722
00:37:21,530 --> 00:37:23,490
that. 
And say like who can get to that

723
00:37:23,880 --> 00:37:26,320
and exactly what they, what can 
they do, right. 

724
00:37:26,320 --> 00:37:28,520
And like it's going, but it's 
going down to these data 

725
00:37:28,520 --> 00:37:30,080
elements. 
Because you like, I think 

726
00:37:30,080 --> 00:37:33,200
everybody has somewhat of a 
handle around users and groups 

727
00:37:33,200 --> 00:37:36,640
and some connection to role. 
But I find the biggest gap is 

728
00:37:36,840 --> 00:37:39,280
what does that role actually do?
What does that mean? 

729
00:37:39,600 --> 00:37:41,840
Like what can you actually get 
to with permissions? 

730
00:37:42,120 --> 00:37:44,680
And then you get all these other
things like what about local 

731
00:37:44,680 --> 00:37:46,080
permissions, what about local 
users? 

732
00:37:46,080 --> 00:37:48,120
What about system accounts and 
machine identities? 

733
00:37:48,160 --> 00:37:51,360
And like you know now it's 
pulling on all those threads 

734
00:37:51,840 --> 00:37:55,200
where you know it's not in the 
70 or 80% solution, but it's at 

735
00:37:55,200 --> 00:37:57,160
the edges. 
And those are typically the 

736
00:37:57,160 --> 00:37:59,560
biggest issues when you when it 
comes to security and 

737
00:37:59,560 --> 00:38:01,240
compliance. 
Those are the ones that you 

738
00:38:01,240 --> 00:38:03,120
really need to worry about are 
those ones that you? 

739
00:38:03,160 --> 00:38:03,840
You. 
You know you. 

740
00:38:03,920 --> 00:38:05,760
Most of the time you don't. 
You have no idea. 

741
00:38:06,800 --> 00:38:09,440
Well, you've got the point in 
time definition. 

742
00:38:09,880 --> 00:38:12,400
And then what are you doing to 
make sure that that definition 

743
00:38:12,400 --> 00:38:14,320
stays the same? 
Because things change, right? 

744
00:38:15,320 --> 00:38:17,000
Exactly. 
Do you find that there is a 

745
00:38:17,000 --> 00:38:19,600
particular platform or system or
something? 

746
00:38:20,010 --> 00:38:22,450
That is like the hardest thing 
to include when we start talking

747
00:38:22,450 --> 00:38:25,010
about authorization, maybe even 
as a program. 

748
00:38:25,010 --> 00:38:26,810
I think people think of identity
as a program. 

749
00:38:28,610 --> 00:38:32,170
Authorization as a program might
might need to be a thing as well

750
00:38:32,730 --> 00:38:34,730
considering you know that's 
that's really the keys of the 

751
00:38:34,730 --> 00:38:36,650
castle, whatever, you know, what
are people getting access to. 

752
00:38:36,650 --> 00:38:40,010
But I know I found you know 
doing integrations different, 

753
00:38:40,050 --> 00:38:42,970
you know technologies out there.
There are some platforms or 

754
00:38:42,970 --> 00:38:45,730
systems that are just. 
Of real pain that you know what 

755
00:38:45,930 --> 00:38:49,450
and it's either not well 
documented or you can't do 

756
00:38:49,450 --> 00:38:51,570
certain things because API's 
aren't available, whatever it 

757
00:38:51,570 --> 00:38:53,730
may be. 
But what kinds of platforms do 

758
00:38:53,730 --> 00:38:57,130
you see as, like the hardest to 
include as part of this, this 

759
00:38:57,130 --> 00:38:59,730
capturing of who has access to 
what? 

760
00:39:00,930 --> 00:39:03,970
Yeah, from a from a tactical 
standpoint, the hardest ones are

761
00:39:03,970 --> 00:39:08,010
definitely the, you know, the 
old and crusty on Prem ERP 

762
00:39:08,050 --> 00:39:09,730
systems. 
You know, those are the ones you

763
00:39:09,730 --> 00:39:13,250
know there's no Restful API like
they've been, you know they've 

764
00:39:13,250 --> 00:39:16,170
been cut, they've been you've 
had an SI come in for eight 

765
00:39:16,170 --> 00:39:18,850
years and is you know is custom 
fine tuning it. 

766
00:39:18,890 --> 00:39:22,530
And so it ends up being 
something that has very little 

767
00:39:22,890 --> 00:39:25,010
commonality with anyone else's 
deployment. 

768
00:39:25,050 --> 00:39:27,690
And so it's just a tremendous 
amount of customization and the 

769
00:39:27,690 --> 00:39:30,210
hooks are not there. 
So from a tactical standpoint, 

770
00:39:30,530 --> 00:39:33,170
those are the hardest ones or 
custom applications as well. 

771
00:39:33,170 --> 00:39:34,610
They're just, you know, they're 
kind of, there's snowflakes, 

772
00:39:34,610 --> 00:39:36,170
right. 
Nobody else has it And so there 

773
00:39:36,170 --> 00:39:38,410
it aren't a lot of common tools 
that still like you to 

774
00:39:38,410 --> 00:39:41,210
integrate. 
But from a program perspective 

775
00:39:41,570 --> 00:39:44,330
actually find it's the other way
where you see that you know a 

776
00:39:44,330 --> 00:39:46,690
lot of times when you look at 
you know identity governance 

777
00:39:46,690 --> 00:39:50,170
programs they've got like the 
ERP system that was always the 

778
00:39:50,210 --> 00:39:52,210
number one thing that was so 
that's priority one. 

779
00:39:52,210 --> 00:39:55,210
So they've actually this you 
know gutted it through and you 

780
00:39:55,210 --> 00:39:58,290
know by you know really you know
brutal house to house search 

781
00:39:58,290 --> 00:40:00,170
they've they've gone and figured
that out. 

782
00:40:00,570 --> 00:40:03,530
But then you say well you know 
how many apps do you need for 

783
00:40:03,530 --> 00:40:05,690
socks or relevance for socks 
compliance and are subject to 

784
00:40:05,690 --> 00:40:07,930
that And and you know those is 
like well it's like you know 

785
00:40:07,930 --> 00:40:10,170
it's like 30 apps. 
How many do you have covered in 

786
00:40:10,170 --> 00:40:11,250
your Identity governance 
program? 

787
00:40:11,560 --> 00:40:14,080
Three. 
And what are you doing about all

788
00:40:14,080 --> 00:40:15,720
the rest? 
And so from a program 

789
00:40:15,720 --> 00:40:17,400
perspective, it's actually that 
longer tail. 

790
00:40:17,400 --> 00:40:19,720
It's the stuff that's still 
relevant for compliance and it 

791
00:40:19,720 --> 00:40:21,440
knows there's critical data in 
it. 

792
00:40:21,440 --> 00:40:25,520
But usually the lift is so heavy
to get these things integrated 

793
00:40:25,520 --> 00:40:29,000
into an identity governance 
platform that they have huge 

794
00:40:29,000 --> 00:40:30,880
gaps and they know that. 
Yeah. 

795
00:40:30,920 --> 00:40:34,520
You know, I kind of, I think one
of the things about 

796
00:40:34,520 --> 00:40:38,950
authorization is. 
You have to make a decision on 

797
00:40:39,190 --> 00:40:42,070
how far you take your 
authorization program. 

798
00:40:42,590 --> 00:40:46,310
So let's say we take one of 
those apps that you just 

799
00:40:46,310 --> 00:40:49,510
mentioned, custom build. 
App developers have been 

800
00:40:49,510 --> 00:40:52,310
hammering away on it for 
decades. 

801
00:40:52,310 --> 00:40:56,430
Maybe building like, oh this 
view and that view and like 

802
00:40:56,550 --> 00:40:59,670
things that are not standard. 
Or take something that's 

803
00:40:59,670 --> 00:41:02,070
out-of-the-box that I thought 
you might. 

804
00:41:02,730 --> 00:41:06,330
Answer that question with which 
is like ERP systems where 

805
00:41:06,330 --> 00:41:09,410
especially older ERP systems 
where you say you have access to

806
00:41:09,410 --> 00:41:12,610
this table, this screen, this 
business unit. 

807
00:41:12,610 --> 00:41:15,970
So now it's like 
multidimensional access and it's

808
00:41:15,970 --> 00:41:21,010
like that's just you know if you
spend your IEM program focus on 

809
00:41:21,410 --> 00:41:24,730
nailing the authorization for 
that, that is all you're going 

810
00:41:24,730 --> 00:41:27,850
to get done like you might have 
an IM program with. 

811
00:41:28,420 --> 00:41:31,660
A handful of people. 
So to me it's kind of been like 

812
00:41:31,660 --> 00:41:34,740
okay, so, So what is our I am 
program going to do? 

813
00:41:35,060 --> 00:41:38,500
It's going to take it this far. 
It's going to provision a person

814
00:41:38,820 --> 00:41:43,980
into these right groups or it's 
going to in real time present 

815
00:41:43,980 --> 00:41:47,900
the application with some 
assertions of authorizations. 

816
00:41:48,100 --> 00:41:49,420
But they're going to be at this 
level. 

817
00:41:49,420 --> 00:41:52,140
It's not going to be like they 
should be able to see all these 

818
00:41:52,140 --> 00:41:56,100
tables and things like that, so.
I guess to translate that back 

819
00:41:56,100 --> 00:42:00,980
into your real world story where
this uses like Okay, we're going

820
00:42:00,980 --> 00:42:03,700
to take this application, take 
this account that got 

821
00:42:03,700 --> 00:42:06,340
compromised. 
What did they have access to in 

822
00:42:06,340 --> 00:42:10,660
our ERP system? 
I would say the I M team should 

823
00:42:10,660 --> 00:42:14,380
say, well, we sent these 
authorizations or we put the 

824
00:42:14,380 --> 00:42:18,420
person into these roles in these
groups and then somebody from 

825
00:42:18,420 --> 00:42:20,780
the ERP side should said be able
to say. 

826
00:42:21,520 --> 00:42:24,840
And that gives them access to 
these screens and these database

827
00:42:24,840 --> 00:42:26,440
tables or things like that, 
right? 

828
00:42:26,720 --> 00:42:30,760
But somewhere along the way. 
So do you have a rule of thumb 

829
00:42:30,760 --> 00:42:37,000
or is it really just having that
that knowledge should be able to

830
00:42:37,000 --> 00:42:39,880
say, all right, here's a couple 
of rules of thumb that we're 

831
00:42:39,880 --> 00:42:42,300
going to apply. 
Yeah. 

832
00:42:42,300 --> 00:42:44,860
The, the rule of thumb that I 
find is, is sort of the 

833
00:42:44,860 --> 00:42:46,740
commonality. 
If I look at customers who have 

834
00:42:46,740 --> 00:42:50,020
been the most successful at 
doing this kind of thing, it 

835
00:42:50,020 --> 00:42:52,420
it's absolutely prioritization 
is the name of the game. 

836
00:42:52,420 --> 00:42:54,540
I mean, that's the first thing 
is you cannot do everything 

837
00:42:54,620 --> 00:42:55,740
right. 
And so you have to pick your 

838
00:42:55,740 --> 00:42:58,220
battles. 
And I find that the one of the 

839
00:42:58,220 --> 00:43:01,100
most valuable things is actually
going, you know, you know, 

840
00:43:01,100 --> 00:43:03,980
starting at the end, right. 
And like looking at like, OK, 

841
00:43:03,980 --> 00:43:06,750
what's the most critical data we
need to protect, right. 

842
00:43:06,750 --> 00:43:10,150
And that that's typically the 
thing that's fundamentally like 

843
00:43:10,150 --> 00:43:14,310
the board cares about, you know 
the see, so the CIO care about 

844
00:43:14,630 --> 00:43:18,950
and so hey let's figure out like
what roles give access to that 

845
00:43:18,950 --> 00:43:21,550
and what can they do, right. 
And so typically that's that's 

846
00:43:21,550 --> 00:43:24,590
where I found it, it's most 
valuable is kind of starting at 

847
00:43:24,590 --> 00:43:27,070
the end. 
But to your point, Jim, I think 

848
00:43:27,070 --> 00:43:29,910
a rate you raised a great point 
is like a lot of times this data

849
00:43:29,910 --> 00:43:32,790
to put that whole story together
and to get their true visibility

850
00:43:32,790 --> 00:43:35,400
all the way down to the data 
level, It's on different teams, 

851
00:43:35,560 --> 00:43:36,840
right. 
It's in different systems, 

852
00:43:37,000 --> 00:43:40,080
they're different groups. 
And you know, does the identity 

853
00:43:40,080 --> 00:43:43,280
group really understand the 
inner workings of the ERP system

854
00:43:43,280 --> 00:43:46,200
authorization scheme? 
Like heck no, right. 

855
00:43:46,200 --> 00:43:49,280
And so and every single system 
is different, right. 

856
00:43:49,280 --> 00:43:51,680
You know, just because you know,
one system like you, you got to 

857
00:43:51,680 --> 00:43:54,920
kind of be an expert in each one
And that it's that that 

858
00:43:54,920 --> 00:43:58,000
translation across systems, 
that's also really, really hard.

859
00:43:58,000 --> 00:44:01,840
So now you think about, you 
know, now you boil it back up 

860
00:44:01,840 --> 00:44:05,180
and now you're a see so and you 
say, hey, you know I just want 

861
00:44:05,180 --> 00:44:08,460
to make sure that no contractor 
in China gets access to my 

862
00:44:08,460 --> 00:44:10,660
customer data. 
Let me make that happen. 

863
00:44:11,060 --> 00:44:12,900
Now you think about like what do
you have to do in terms of 

864
00:44:12,900 --> 00:44:15,740
technical controls on every 
system that might have customer 

865
00:44:15,740 --> 00:44:17,340
data. 
What do you, what knob do you 

866
00:44:17,340 --> 00:44:19,780
actually tweak, what's the JSON 
actually look like for that? 

867
00:44:20,020 --> 00:44:22,420
That's a really hard thing to 
answer, although that's, again, 

868
00:44:22,420 --> 00:44:25,220
it seems like a very simple kind
of thing that's, you know, that 

869
00:44:25,220 --> 00:44:27,900
that's would be very reasonable 
for a SISO to want. 

870
00:44:28,220 --> 00:44:30,860
And yet bringing that and 
actually putting that into 

871
00:44:30,860 --> 00:44:34,320
action is super, super hard. 
That's a great answer. 

872
00:44:35,080 --> 00:44:39,080
You know the other thing that 
was as we're talking about, we 

873
00:44:39,080 --> 00:44:41,600
kept talking about authorization
as a program. 

874
00:44:42,040 --> 00:44:46,440
And I'm not recommending that 
folks go out there and spin up a

875
00:44:46,440 --> 00:44:48,800
program and have an 
authorization program manager, 

876
00:44:49,160 --> 00:44:54,960
but it reminded me the of the 
impact that authorization has to

877
00:44:55,320 --> 00:44:57,960
humans. 
I'm also sure that the impacts 

878
00:44:57,960 --> 00:45:01,670
on the end user. 
But definitely the application 

879
00:45:01,670 --> 00:45:05,470
owners and these application 
teams and making sure people are

880
00:45:05,470 --> 00:45:09,270
clear on roles and 
responsibilities and to make 

881
00:45:09,270 --> 00:45:12,670
sure that where I drop it, you 
pick it up, etcetera. 

882
00:45:13,270 --> 00:45:15,350
What are your thoughts on that 
impact? 

883
00:45:15,350 --> 00:45:19,430
Is there an impact to end users?
And then the app owners, who are

884
00:45:19,430 --> 00:45:22,710
app owners, developers and 
database administrators, all 

885
00:45:22,710 --> 00:45:26,850
those folks, yeah, absolutely. 
There's impact on end users 

886
00:45:26,850 --> 00:45:30,050
because usually it's like, hey, 
I need access to this thing. 

887
00:45:30,050 --> 00:45:32,290
I need to get my job done and I 
need more access. 

888
00:45:32,370 --> 00:45:35,490
That's typically how it goes. 
So you know, obviously you start

889
00:45:35,490 --> 00:45:38,850
off with birthright access, you 
get a bunch of stuff right out 

890
00:45:38,850 --> 00:45:40,970
of the gate, but it's never 
enough. 

891
00:45:40,970 --> 00:45:42,050
And it's designed not to be 
enough. 

892
00:45:42,050 --> 00:45:46,470
You gotta go typically and ask 
for more and so then the trick 

893
00:45:46,470 --> 00:45:49,430
is okay, how fast can I get that
done, right. 

894
00:45:49,430 --> 00:45:52,190
If you're a developer that's 
working on a critical project 

895
00:45:52,190 --> 00:45:55,710
like I guarantee you got a, you 
have a lot of organizational 

896
00:45:55,710 --> 00:45:58,390
push behind you to get that 
access quickly, right. 

897
00:45:58,390 --> 00:46:01,110
It's like if it, you know, if 
it's a revenue facing project 

898
00:46:01,430 --> 00:46:04,030
and you know they need to get it
done like they you will, they 

899
00:46:04,030 --> 00:46:05,950
will push and they will get a 
lot of backing you. 

900
00:46:06,030 --> 00:46:08,310
It's really hard to say, hey 
hold on, we got to figure out 

901
00:46:08,310 --> 00:46:11,030
our role structure. 
That's not going to work right. 

902
00:46:11,030 --> 00:46:13,270
You got to get access. 
That reminded me. 

903
00:46:13,270 --> 00:46:17,750
I actually have another customer
example where they started using

904
00:46:18,070 --> 00:46:21,070
better tools, right? 
And just having more insight 

905
00:46:21,470 --> 00:46:25,870
into what roles actually did can
be extremely powerful even in 

906
00:46:25,870 --> 00:46:28,950
the provisioning process, right?
So their problem was they had 

907
00:46:28,950 --> 00:46:31,470
Snowflake and they had 
developers that would come in 

908
00:46:31,830 --> 00:46:34,470
and actually ask for additional 
access to something. 

909
00:46:34,470 --> 00:46:36,630
It might be a table, it might be
a database in Snowflake. 

910
00:46:37,300 --> 00:46:39,020
And so the challenge that they 
had and actually the 

911
00:46:39,020 --> 00:46:41,620
provisioning was done by the 
Snowflake team just for this 

912
00:46:41,620 --> 00:46:43,900
very reason because they were 
the only ones who sort of 

913
00:46:43,900 --> 00:46:46,060
understood the inner workings of
snowflakes. 

914
00:46:46,060 --> 00:46:48,380
So the IT team couldn't do it 
right then. 

915
00:46:48,380 --> 00:46:50,420
So they actually had to take 
down on themselves. 

916
00:46:51,020 --> 00:46:53,300
Back to your other second part 
of your question is how does 

917
00:46:53,300 --> 00:46:57,980
this actually impact app owners 
and and and data owners. 

918
00:46:58,500 --> 00:47:01,460
They were actually the ones 
doing provisioning and more than

919
00:47:01,460 --> 00:47:04,420
not because it was typically 
such a mission critical thing 

920
00:47:04,420 --> 00:47:07,620
that was time sensitive, They 
over permissioned right. 

921
00:47:07,620 --> 00:47:10,220
And that's the reality is like, 
well it's like gosh, I got all 

922
00:47:10,220 --> 00:47:11,620
these roles. 
I got like 80 roles. 

923
00:47:11,780 --> 00:47:14,380
I don't know which one gives 
access to this table. 

924
00:47:14,380 --> 00:47:16,980
Let me just give them the real, 
you know, let me give them the 

925
00:47:16,980 --> 00:47:18,860
good stuff. 
Let me you know, let me let me 

926
00:47:18,860 --> 00:47:22,780
give high level access. 
And So what they were able to do

927
00:47:22,780 --> 00:47:25,900
when they actually had some 
tools that were that allowed 

928
00:47:25,900 --> 00:47:28,580
them to see what these roles 
actually did, like what did this

929
00:47:28,580 --> 00:47:31,380
role actually give permissions 
to and had that that sort of 

930
00:47:31,420 --> 00:47:34,850
instant level of visibility, 
they were able to reduce that 

931
00:47:34,850 --> 00:47:37,650
down. 
So once they granted a new role,

932
00:47:37,650 --> 00:47:40,290
they could really find the one 
that best conformed the least 

933
00:47:40,290 --> 00:47:42,090
privilege, right? 
They could find the one that 

934
00:47:42,090 --> 00:47:45,650
gave access to that table but as
little else as possible. 

935
00:47:45,690 --> 00:47:48,210
And just by sort of implementing
that, by having the tools around

936
00:47:48,210 --> 00:47:51,370
visibility, they were able to 
reduce the total number of 

937
00:47:51,370 --> 00:47:54,210
permissions on Snowflake by 80%.
That's what they told us. 

938
00:47:54,210 --> 00:47:56,690
I mean, so it's you can really 
see the effect of that. 

939
00:47:57,060 --> 00:47:59,420
It's not just, hey, does someone
have access to Snowflake or not,

940
00:47:59,420 --> 00:48:01,940
but what role do they have and 
is it enough for them to do 

941
00:48:01,940 --> 00:48:04,180
their job? 
This is least privileged at its 

942
00:48:04,180 --> 00:48:06,260
heart. 
All right. 

943
00:48:06,260 --> 00:48:09,060
One last question around 
authorization for wrap things 

944
00:48:09,060 --> 00:48:12,220
up, but it wouldn't be an 
Identity at the center podcast 

945
00:48:12,220 --> 00:48:14,540
without mentioning of AI at this
point. 

946
00:48:14,540 --> 00:48:19,380
So what do you, how do you see 
AI impacting this space of 

947
00:48:19,380 --> 00:48:23,280
authorization? 
Yeah, I mean, I I think about 

948
00:48:23,280 --> 00:48:26,160
this a lot as everybody, 
everybody who listens to this 

949
00:48:26,160 --> 00:48:28,440
podcast does. 
And I think, you know, there's 

950
00:48:28,440 --> 00:48:31,240
certainly going to be a lot, 
some good stuff into like role 

951
00:48:31,240 --> 00:48:33,680
mining and cluster analysis. 
And I think there's a lot, 

952
00:48:33,680 --> 00:48:35,600
there's a lot of of goodness 
there. 

953
00:48:35,880 --> 00:48:38,000
And also, you know what we were 
talking about before, we're 

954
00:48:38,000 --> 00:48:40,440
getting to the human component. 
When you're doing things like 

955
00:48:40,720 --> 00:48:44,240
access reviews, which is almost 
always a component of any sort 

956
00:48:44,240 --> 00:48:47,450
of governance program around 
authorization, it's really 

957
00:48:47,450 --> 00:48:49,410
alleviating that that human 
burden. 

958
00:48:49,410 --> 00:48:51,970
And I think A, I can do a really
good job there where A, I, A I 

959
00:48:51,970 --> 00:48:54,050
might not be able to do that, 
give you the full answer, but it

960
00:48:54,050 --> 00:48:56,650
can at least guide you and say, 
hey, you probably don't need to 

961
00:48:56,650 --> 00:48:59,570
spend a lot of time on these. 
Here are the ones that really, 

962
00:48:59,570 --> 00:49:02,450
you know, look suspicious, 
right, or look like you should 

963
00:49:02,450 --> 00:49:05,530
give it a little more time. 
I think you were using it for in

964
00:49:05,530 --> 00:49:09,320
those kind of those kind of 
situations are really great. 

965
00:49:09,440 --> 00:49:13,320
And you know, I think the best 
example I heard about the power 

966
00:49:13,320 --> 00:49:17,440
of a I was really, it's like 
having unlimited interns, right?

967
00:49:17,440 --> 00:49:19,720
And so you can do things that 
are sort of like this, these 

968
00:49:19,720 --> 00:49:23,680
sort of relatively relatively 
menial tasks, but you could do 

969
00:49:23,680 --> 00:49:25,520
it really fast. 
You can do it really cheaply. 

970
00:49:26,160 --> 00:49:29,480
But there still are things 
where, you know, humans are 

971
00:49:29,480 --> 00:49:32,440
still better at doing the, you 
know, the, the outliers, right. 

972
00:49:32,440 --> 00:49:34,040
The, the really edge case 
things. 

973
00:49:34,440 --> 00:49:36,680
You've got to have some humans 
involved in a lot of those 

974
00:49:36,680 --> 00:49:39,000
cases. 
But A I can take a lot of the 

975
00:49:39,000 --> 00:49:41,280
burden there. 
The other component and the 

976
00:49:41,280 --> 00:49:44,240
other side of it is, you know, 
is what, you know, what's what's

977
00:49:44,240 --> 00:49:46,800
going to be the bigger security 
concerns around authorization, 

978
00:49:46,800 --> 00:49:49,400
protecting a I programs, right. 
And so that's another 

979
00:49:49,400 --> 00:49:53,920
interesting one where you now 
see all these things around, you

980
00:49:53,920 --> 00:49:56,080
know, the, you know, like like 
the weights like after the, you 

981
00:49:56,080 --> 00:49:58,360
know these training runs that 
some of these really large 

982
00:49:58,360 --> 00:50:02,000
frontier AIAI companies are 
doing. 

983
00:50:02,470 --> 00:50:05,190
You know it costs like a billion
dollars to run some of these 

984
00:50:05,190 --> 00:50:07,470
training things. 
And so that you know the weights

985
00:50:07,470 --> 00:50:11,270
that file that records all the 
essentially the results of that 

986
00:50:11,270 --> 00:50:14,750
training that is incredibly 
valuable intellectual property, 

987
00:50:14,830 --> 00:50:17,870
right, you know, perhaps bigger 
than anything we've ever seen in

988
00:50:17,870 --> 00:50:21,880
history. 
And so and then you have nation 

989
00:50:21,880 --> 00:50:25,760
states that have stated goals 
around becoming a I leaders and 

990
00:50:26,040 --> 00:50:29,040
that combination of having these
treasure troves. 

991
00:50:29,040 --> 00:50:32,000
I think it's going to be a, you 
know, it's going to really bring

992
00:50:32,000 --> 00:50:35,760
security to a whole new level 
because the value of the thing 

993
00:50:35,760 --> 00:50:38,360
that we're trying to protect is 
so large and it's going to be 

994
00:50:38,360 --> 00:50:41,560
way beyond even customer data 
and credit card numbers. 

995
00:50:41,840 --> 00:50:45,720
And so I think what we'll see is
it's really going to force 

996
00:50:45,960 --> 00:50:49,520
security providers and identity,
identity people, identity teams 

997
00:50:49,930 --> 00:50:54,370
to think about securing this 
stuff beyond just typical IT 

998
00:50:54,370 --> 00:50:56,730
level security, but really 
break, you know, bringing it up 

999
00:50:56,730 --> 00:51:01,330
to physical security, getting it
closer, closer with a lot of 

1000
00:51:01,330 --> 00:51:04,170
sort of the three letter 
agencies that are actually 

1001
00:51:04,170 --> 00:51:05,450
protecting it. 
I think there's going to be a 

1002
00:51:05,450 --> 00:51:09,970
lot of more crossover between 
typical espionage scenarios and 

1003
00:51:09,970 --> 00:51:13,690
risk profiles and what's 
normally been IT security, not 

1004
00:51:13,690 --> 00:51:15,730
having to worry as much about 
physical security. 

1005
00:51:15,730 --> 00:51:18,330
I think those things are really 
going to converge around a I. 

1006
00:51:19,280 --> 00:51:22,680
And I feel like we're headed to 
a future where an organization's

1007
00:51:23,000 --> 00:51:26,720
a I become sort of like their OS
and is their secret sauce 

1008
00:51:27,240 --> 00:51:32,000
hopefully not as bad as like I 
robot goes a little bit nuts has

1009
00:51:32,040 --> 00:51:36,080
your definition of a I changed 
within the last couple of years 

1010
00:51:36,080 --> 00:51:38,360
because I feel like mine has and
I've talked about this before 

1011
00:51:38,880 --> 00:51:43,400
where pre you know ChatGPT pre 
large language model being 

1012
00:51:43,400 --> 00:51:46,470
available to the general public.
I thought of AI as okay. 

1013
00:51:46,470 --> 00:51:48,590
That's cool. 
It's it's like machine learning 

1014
00:51:48,590 --> 00:51:50,070
and pattern matching and stuff 
like that. 

1015
00:51:50,630 --> 00:51:53,830
And then you get something like,
you know, ChatGPT or similar, 

1016
00:51:53,870 --> 00:51:56,070
you know, functionality where 
now it's available to the public

1017
00:51:56,070 --> 00:51:58,350
and it's this conversational 
interface. 

1018
00:51:58,830 --> 00:52:03,590
I find myself using it more and 
more and more for important 

1019
00:52:03,590 --> 00:52:08,150
things and not important things.
And my thought process now is 

1020
00:52:08,230 --> 00:52:10,630
that's AI. 
I don't think of AI as 

1021
00:52:10,670 --> 00:52:12,750
necessarily just machine 
learning and padding matching. 

1022
00:52:13,770 --> 00:52:16,290
And I'm curious if if if you've 
thought about this from a 

1023
00:52:16,290 --> 00:52:19,010
definition standpoint of, OK, 
you know, what is AI? 

1024
00:52:19,050 --> 00:52:21,210
Because they feel like no 
offense. 

1025
00:52:21,330 --> 00:52:24,370
You know, a lot of vendors have 
thrown the word AI on the box of

1026
00:52:24,370 --> 00:52:28,010
their product for years now. 
And now we're going to the point

1027
00:52:28,010 --> 00:52:29,330
is like, oh, OK, well that's 
interesting. 

1028
00:52:29,530 --> 00:52:31,250
You know, what is, what do you 
mean by AI? 

1029
00:52:31,250 --> 00:52:34,210
I'm just curious if your 
definition has changed since the

1030
00:52:34,210 --> 00:52:35,690
advent and the availability of 
these things. 

1031
00:52:36,370 --> 00:52:38,650
Yeah, I I think it has. 
And certainly the way I think 

1032
00:52:38,650 --> 00:52:42,890
about it, you know, I think 
before ChatGPT, the ChatGPT sort

1033
00:52:42,890 --> 00:52:46,290
of evolution, you know, I was 
just, you know, I was always 

1034
00:52:46,290 --> 00:52:48,770
felt embarrassed about using the
term A I that's what that's what

1035
00:52:48,770 --> 00:52:50,930
it felt like it was marketing. 
It felt like it was you know 

1036
00:52:50,930 --> 00:52:53,770
something in the future and not 
here yet where ML sounded you 

1037
00:52:53,770 --> 00:52:56,250
know much more reasonable and 
like yes, that's a much more 

1038
00:52:56,250 --> 00:52:59,410
precise term. 
I think now I feel very 

1039
00:52:59,410 --> 00:53:04,170
comfortable using the term a I 
and I think maybe it it's just 

1040
00:53:04,170 --> 00:53:07,930
that it's still so new and still
revolutionary that it feels very

1041
00:53:07,930 --> 00:53:11,400
very different and you know and 
that's I've I've seen that quote

1042
00:53:11,400 --> 00:53:14,800
before where it's you know AI is
anything that's just new and and

1043
00:53:14,800 --> 00:53:16,160
not in the current capability 
set. 

1044
00:53:16,200 --> 00:53:19,800
And it it feels like we're still
getting our heads around what 

1045
00:53:19,800 --> 00:53:22,840
this really implies. 
And really I mean it's it is 

1046
00:53:22,840 --> 00:53:26,000
mind blowing even though it's a,
you know it, you know a next 

1047
00:53:26,000 --> 00:53:28,920
word prediction model. 
It feels like so much more and 

1048
00:53:28,920 --> 00:53:32,200
it and it looks like so much 
more from every every angle. 

1049
00:53:32,710 --> 00:53:37,030
It looks startlingly like you 
know an intelligence behind it. 

1050
00:53:37,030 --> 00:53:41,350
So it certainly has changed the 
way that that I I treat things 

1051
00:53:41,350 --> 00:53:45,070
and I talk about it. 
We're going to start to wrap 

1052
00:53:45,070 --> 00:53:48,630
things up here and I guess kind 
of going on the lines of when I 

1053
00:53:48,630 --> 00:53:50,590
think of AI and where things are
going as well. 

1054
00:53:51,150 --> 00:53:54,390
I think about the word longevity
because I could see a point 

1055
00:53:54,390 --> 00:53:59,190
where you know, everyone's got 
their their own AI and maybe 

1056
00:53:59,190 --> 00:54:02,010
there is a. 
You know, Jeff, A I at some 

1057
00:54:02,010 --> 00:54:04,810
point in the future, that list 
that you know exists long after 

1058
00:54:04,810 --> 00:54:06,450
I'm gone, right. 
And it's this, you know, 

1059
00:54:07,010 --> 00:54:10,130
facsimile of what, you know, my 
personality is like or whatever 

1060
00:54:10,130 --> 00:54:14,130
it may be. 
What's one of the most important

1061
00:54:14,130 --> 00:54:16,810
things that you think you've 
learned about longevity? 

1062
00:54:18,210 --> 00:54:22,010
Yeah, I think it's, you know, 
my, I know we talked about this 

1063
00:54:22,010 --> 00:54:23,170
before. 
This has definitely been a 

1064
00:54:23,170 --> 00:54:26,650
passionate of mine to to think 
about this and and and learn 

1065
00:54:26,650 --> 00:54:29,050
about it. 
And I think it's really, you 

1066
00:54:29,050 --> 00:54:31,890
know, in the end longevity is 
important and longevity is 

1067
00:54:31,890 --> 00:54:33,890
great. 
But you know what really matters

1068
00:54:33,890 --> 00:54:35,570
is what you do with that time, 
right? 

1069
00:54:35,570 --> 00:54:38,010
It's like it's not about just 
living longer, but it's like you

1070
00:54:38,050 --> 00:54:40,130
you've got to put it to some 
use, you got to put it to some 

1071
00:54:40,130 --> 00:54:42,530
value. 
And I think it's that, that 

1072
00:54:42,530 --> 00:54:45,850
perspective combined with the 
fact that, you know, if you look

1073
00:54:45,850 --> 00:54:50,160
into there are few, you know, 
very simple worms out there that

1074
00:54:50,160 --> 00:54:54,360
actually don't have programmed 
cellular death, right. 

1075
00:54:54,360 --> 00:54:56,800
And so you look at this, he's 
like how can that be? 

1076
00:54:56,800 --> 00:54:59,760
And you look across all these 
different species and 

1077
00:54:59,760 --> 00:55:02,560
organizations and I've actually 
come to the personal perspective

1078
00:55:02,560 --> 00:55:05,440
and I've never really heard it 
stated this way but that, you 

1079
00:55:05,440 --> 00:55:10,570
know, that a limited lifespan is
is actually a it's a it's a 

1080
00:55:10,570 --> 00:55:13,050
feature, not a bug. 
And it's actually something that

1081
00:55:13,050 --> 00:55:16,130
we've evolved. 
And so you know and you can, you

1082
00:55:16,130 --> 00:55:18,050
know, you can look at it from an
evolutionary standpoint, it 

1083
00:55:18,050 --> 00:55:19,810
makes perfect sense. 
It's like you know you got to 

1084
00:55:19,810 --> 00:55:22,970
make room for the new the new 
era for the new folks, for the 

1085
00:55:22,970 --> 00:55:26,930
young people. 
And and so I that's that's come 

1086
00:55:26,930 --> 00:55:29,410
and that's been a that's a bit 
of a shock to say like wow. 

1087
00:55:29,410 --> 00:55:32,570
I'm sort of you know thinking 
about myself is supposed to have

1088
00:55:32,570 --> 00:55:36,170
a limited shelf life and I think
it just puts a a finer point on 

1089
00:55:36,250 --> 00:55:37,650
on that. 
You know like if we if we all 

1090
00:55:37,650 --> 00:55:40,330
knew we were going to live 
forever would we really get get 

1091
00:55:40,330 --> 00:55:43,010
anything done what we needed to 
get done today Like if like well

1092
00:55:43,010 --> 00:55:46,090
I can always do it tomorrow. 
I think it's it's really, you 

1093
00:55:46,090 --> 00:55:49,690
know, thinking about it that 
way, I think, I think makes you,

1094
00:55:50,250 --> 00:55:53,690
you know makes you use your time
that you that you have better 

1095
00:55:53,690 --> 00:55:55,450
and I think that's it. 
That's a good perspective from 

1096
00:55:55,490 --> 00:55:58,200
from my my point of view. 
Well, time's one of the only 

1097
00:55:58,200 --> 00:56:00,040
resources that you can't make 
more of. 

1098
00:56:00,520 --> 00:56:02,360
Really, right? 
Everyone's got a only scarce 

1099
00:56:02,360 --> 00:56:03,080
resource. 
This time. 

1100
00:56:03,320 --> 00:56:05,120
Yeah, that's right. 
And I think, you know, it's one 

1101
00:56:05,120 --> 00:56:07,280
of those things I think is, you 
know, as I get older, right, I 

1102
00:56:07,280 --> 00:56:09,080
think about how much time do I 
have left? 

1103
00:56:09,080 --> 00:56:11,160
Am I going to get all the things
accomplished that I want? 

1104
00:56:11,440 --> 00:56:14,440
And you're right, if I live 
forever and I would just keep 

1105
00:56:14,440 --> 00:56:16,440
kicking that can down the curb, 
right? 

1106
00:56:16,800 --> 00:56:20,680
And, you know, play video games 
all day or, you know, I don't 

1107
00:56:20,680 --> 00:56:22,560
know, set up evil portals, 
whatever it may be. 

1108
00:56:22,560 --> 00:56:25,120
Jim, what do you think about 
longevity? 

1109
00:56:26,280 --> 00:56:28,600
Well, I. 
I really enjoyed listening to 

1110
00:56:28,600 --> 00:56:32,320
what Rich had to say, because I 
think perspective about 

1111
00:56:32,320 --> 00:56:36,240
longevity is so important. 
I think it changes over time 

1112
00:56:36,240 --> 00:56:38,320
too. 
You know, I have in my mind I'd 

1113
00:56:38,320 --> 00:56:42,520
like to live to about 80, feel 
like that's where the human body

1114
00:56:42,520 --> 00:56:45,080
wears out. 
But on my 80th birthday, am I 

1115
00:56:45,080 --> 00:56:47,240
going to say, well, I'd like to 
die tomorrow? 

1116
00:56:47,520 --> 00:56:49,720
Heck no. 
I'm going to set a new goal. 

1117
00:56:49,720 --> 00:56:54,040
I'm going to find new reasons 
why, a new ways to find meaning 

1118
00:56:54,040 --> 00:56:56,640
out of my life. 
But I will say. 

1119
00:56:56,940 --> 00:57:03,420
You know had a a passing away 
happen in my family recently and

1120
00:57:03,420 --> 00:57:08,460
it got me onto a YouTube worm 
which was watching or rabbit 

1121
00:57:08,460 --> 00:57:11,780
hole watching these videos. 
They were frontline videos. 

1122
00:57:11,780 --> 00:57:15,660
Frontline has like some really 
great content on YouTube, but it

1123
00:57:15,660 --> 00:57:21,500
was you know about the aging 
process and going into like you 

1124
00:57:21,500 --> 00:57:24,900
know when people die if they 
don't have a living will like. 

1125
00:57:25,530 --> 00:57:28,090
Someone can decide, like keep 
this person alive for as long as

1126
00:57:28,090 --> 00:57:31,050
possible, and they're, they're a
vegetable in a bed for five, 

1127
00:57:31,330 --> 00:57:35,090
five years or whatever until 
there's nothing that can be done

1128
00:57:35,090 --> 00:57:37,810
to keep them alive anymore. 
So I know I don't want to be 

1129
00:57:37,810 --> 00:57:39,530
there, right? 
I don't. 

1130
00:57:39,810 --> 00:57:43,250
I also see, like, people in the 
nursing homes that just like 

1131
00:57:43,250 --> 00:57:45,610
staring off into space. 
I don't want to be there. 

1132
00:57:45,610 --> 00:57:51,210
So I want to live life to the 
point where I'm enjoying life. 

1133
00:57:52,870 --> 00:57:57,350
And I think everybody has to 
kind of like assign to assign 

1134
00:57:57,350 --> 00:58:00,710
meeting to like, yes, that's the
kind of life I want to live or I

1135
00:58:00,710 --> 00:58:01,870
don't want to live that kind of 
life. 

1136
00:58:01,870 --> 00:58:05,270
I don't know. 
But leave it to me to take the 

1137
00:58:05,270 --> 00:58:06,990
lighter note and bring it there,
Jeff. 

1138
00:58:08,230 --> 00:58:10,150
Yeah, you're you're you're a 
real expert at that. 

1139
00:58:10,150 --> 00:58:12,830
I was going to say I could pull 
a Seinfeld and like, you know, 

1140
00:58:12,950 --> 00:58:15,630
grab the pillow And when you say
it's ready, okay. 

1141
00:58:16,160 --> 00:58:18,480
You know, put it over the face 
like, all right, we had a good 

1142
00:58:18,480 --> 00:58:20,800
run, Jim. 
Years and one day. 

1143
00:58:21,840 --> 00:58:25,360
I'm like, I set my calendar now.
All right, here's a bonus 

1144
00:58:25,360 --> 00:58:26,480
question. 
Let's see if we can try to 

1145
00:58:26,480 --> 00:58:30,200
revive the lighter part of it. 
There's a lot of different items

1146
00:58:30,200 --> 00:58:32,720
out there where people are 
trying to live longer and with 

1147
00:58:32,720 --> 00:58:34,960
the expectation that something 
in the future might help them. 

1148
00:58:34,960 --> 00:58:38,080
And I'm thinking specifically on
things like cryogenics, right? 

1149
00:58:38,080 --> 00:58:40,800
There's, I don't know, Arizona 
or something like there's a a 

1150
00:58:40,800 --> 00:58:42,720
warehouse full of people who 
have been frozen. 

1151
00:58:43,210 --> 00:58:45,370
With the hopes that it's someday
they'll be able to be woken up 

1152
00:58:45,370 --> 00:58:47,770
to cure whatever, you know, 
issue that they had. 

1153
00:58:48,330 --> 00:58:49,850
Some people, it's their entire 
body. 

1154
00:58:49,850 --> 00:58:53,170
Some people, it's just the head,
which I find kind of creepy and 

1155
00:58:53,170 --> 00:58:58,610
very Futurama to some degree. 
Would you consider that? 

1156
00:58:58,890 --> 00:59:01,530
I don't. 
I don't think I would. 

1157
00:59:01,530 --> 00:59:06,170
I mean it's it's those things 
where again it's it. 

1158
00:59:06,570 --> 00:59:08,570
Maybe it'll work. 
That's possible. 

1159
00:59:08,570 --> 00:59:13,020
But you know, well, I guess 
maybe another good question is 

1160
00:59:13,020 --> 00:59:15,300
like, yeah, would you upload 
your consciousness if you could,

1161
00:59:15,340 --> 00:59:16,780
Would you upload that into the 
computer? 

1162
00:59:16,780 --> 00:59:18,900
Or just, you know, just save it 
as a backup somewhere? 

1163
00:59:20,540 --> 00:59:22,940
Maybe I would do that somehow. 
That seems a little less creepy,

1164
00:59:22,940 --> 00:59:25,260
but when I think about it, it's 
probably just equally creepy. 

1165
00:59:26,580 --> 00:59:29,780
Jim would you freeze yourself or
I was thinking personally too 

1166
00:59:29,820 --> 00:59:33,500
like that the you know the the 
Jeff A I right, the backing up 

1167
00:59:33,500 --> 00:59:36,780
your personality somehow right 
where it's it's good but. 

1168
00:59:37,500 --> 00:59:39,780
Would you? 
I wouldn't do that, but I I want

1169
00:59:39,780 --> 00:59:41,520
to. 
Store a few things out there, 

1170
00:59:41,520 --> 00:59:44,200
some some such a an expert on 
this topic. 

1171
00:59:44,760 --> 00:59:51,360
One is I think from like a 
supplement perspective, should 

1172
00:59:51,360 --> 00:59:57,280
be taking vitamin D3 every day 
and in concert with vitamin K2. 

1173
00:59:57,760 --> 01:00:03,160
I also think that there is a 
supplement called N acetyl, L 

1174
01:00:03,160 --> 01:00:06,080
cystine or N A/C for short. 
It's very cheap. 

1175
01:00:06,640 --> 01:00:08,320
It's. 
It's one of the. 

1176
01:00:08,910 --> 01:00:12,990
The great advances and great 
findings in the area of 

1177
01:00:12,990 --> 01:00:15,630
longevity. 
So check those out. 

1178
01:00:15,630 --> 01:00:18,310
Do a little research, Watch 
longevity videos. 

1179
01:00:18,310 --> 01:00:21,550
Man, there's so much out there. 
But it is another rabbit hole. 

1180
01:00:21,550 --> 01:00:26,670
We're not a medical show. 
I take my Col. system is cheap. 

1181
01:00:26,670 --> 01:00:28,590
I don't think anybody's making a
lot of money on that. 

1182
01:00:29,470 --> 01:00:31,150
Yeah, I'll make my pitch for 
fish oil too. 

1183
01:00:31,190 --> 01:00:33,750
Like I have a hard time eating 
enough fish. 

1184
01:00:33,750 --> 01:00:35,430
I think that's that's one of the
best. 

1185
01:00:36,250 --> 01:00:39,250
Best researched and most clear 
advantages you know. 

1186
01:00:39,250 --> 01:00:42,090
Get your get your Omega 3S, take
a take a couple tablespoons. 

1187
01:00:42,090 --> 01:00:43,370
It's good for you. 
Agree on that. 

1188
01:00:43,770 --> 01:00:48,330
I want somebody to create the 
brownie sundae that is healthy, 

1189
01:00:48,570 --> 01:00:51,130
that I can eat a lot of. 
Then I'll be a happy person. 

1190
01:00:51,570 --> 01:00:52,690
Nice. 
So Jeff, do you want to be 

1191
01:00:52,690 --> 01:00:54,970
frozen or what? 
I don't know if I would be 

1192
01:00:54,970 --> 01:00:57,850
frozen, but this idea of being 
able to somehow come up with 

1193
01:00:57,850 --> 01:01:00,730
sort of an AI intrigues me. 
I would do that. 

1194
01:01:02,800 --> 01:01:03,920
I think that would be 
interesting. 

1195
01:01:03,920 --> 01:01:06,760
I think I would like to do it 
while I'm still alive to see how

1196
01:01:06,760 --> 01:01:09,400
it would work and kind of tune 
it right. 

1197
01:01:09,400 --> 01:01:12,520
I don't know what would go into 
it other than, you know, I mean 

1198
01:01:12,520 --> 01:01:15,960
at some point I'm guessing 
somebody could take all these 

1199
01:01:15,960 --> 01:01:19,760
episodes we've done 200 + 231 I 
think is this one. 

1200
01:01:20,920 --> 01:01:23,960
That's a lot of audio content 
that kind of shows, Jim, you and

1201
01:01:23,960 --> 01:01:26,360
I are personality and at least 
with, you know, the one that we 

1202
01:01:26,360 --> 01:01:29,880
put out on the podcast, somebody
could very easily take that, 

1203
01:01:30,280 --> 01:01:32,240
dump it into a large language 
model and. 

1204
01:01:32,600 --> 01:01:37,120
Create a, you know, replica 
based on what it understands. 

1205
01:01:37,120 --> 01:01:38,400
I'm sure you know. 
Obviously there'd be gaps and 

1206
01:01:38,400 --> 01:01:41,440
stuff like that, but I don't 
think it's too far off where you

1207
01:01:41,440 --> 01:01:45,640
know you'll be able to talk to 
yourself or a famous person, 

1208
01:01:45,640 --> 01:01:47,720
right? 
Or whatever it may be where 

1209
01:01:47,720 --> 01:01:52,960
there is enough audio or written
or visual content that can be 

1210
01:01:52,960 --> 01:01:56,260
consumed to create something. 
Well, then you just need to ask 

1211
01:01:56,260 --> 01:01:58,260
Alexa to start recording all 
your conversations. 

1212
01:01:58,260 --> 01:01:59,540
And you'll have more. 
There'll be more data. 

1213
01:01:59,700 --> 01:02:01,140
Isn't she already doing that? 
I don't know. 

1214
01:02:01,140 --> 01:02:03,780
I guess I thought that was 
already par for the course. 

1215
01:02:04,180 --> 01:02:06,020
All right, let's go ahead and 
wrap up for this week. 

1216
01:02:06,500 --> 01:02:08,420
Rich, thank you so much for 
being part of this. 

1217
01:02:08,420 --> 01:02:11,980
It was a great conversation. 
We're gonna have links in our 

1218
01:02:11,980 --> 01:02:13,740
show notes to a whole bunch of 
different stuff. 

1219
01:02:13,740 --> 01:02:17,220
We'll have links to Rich on 
LinkedIn so you can connect with

1220
01:02:17,220 --> 01:02:18,460
him. 
Ask him questions. 

1221
01:02:18,870 --> 01:02:20,910
Compliment him on his radio 
pipes, you know, whatever it may

1222
01:02:20,910 --> 01:02:25,190
be, we'll have a link to 
vasa.com VEZ a.com so you can 

1223
01:02:25,190 --> 01:02:29,150
learn more and more about what 
those guys are sold over there. 

1224
01:02:29,470 --> 01:02:30,910
We'll have a whole bunch of 
links to all the different 

1225
01:02:30,910 --> 01:02:32,190
conferences that Jim and I 
mentioned. 

1226
01:02:32,190 --> 01:02:35,390
Identity Week America, Octane 
Authenticate Conference. 

1227
01:02:35,390 --> 01:02:37,110
We've got a bunch of discount 
codes. 

1228
01:02:37,550 --> 01:02:40,110
If you're planning on attending 
any of those, use our codes. 

1229
01:02:40,390 --> 01:02:42,350
They should be the best. 
And it also shows support for 

1230
01:02:42,350 --> 01:02:45,470
the show, that sort of thing. 
And you can find us on the 

1231
01:02:45,470 --> 01:02:49,190
Internet. 
Idacpodcast.com We're on Twitter

1232
01:02:49,190 --> 01:02:53,630
or X or whatever at IDAC podcast
We're on Mastodon at IDAC 

1233
01:02:53,630 --> 01:02:57,030
Podcast at infosec dot exchange.
Of course we're in all different

1234
01:02:57,030 --> 01:02:59,030
podcast stores, like subscribe, 
all that good stuff. 

1235
01:02:59,030 --> 01:03:01,590
That's what it keeps. 
Jim and I encouraged to keep 

1236
01:03:02,230 --> 01:03:04,630
Keep this thing running along. 
Share it with a friend, share it

1237
01:03:04,630 --> 01:03:05,710
with an enemy. 
Don't care. 

1238
01:03:05,790 --> 01:03:08,230
As long as someone's listening, 
we'll keep doing our thing. 

1239
01:03:08,590 --> 01:03:11,390
And Jim, I didn't tell you this 
yet, but I am working on 

1240
01:03:11,390 --> 01:03:12,750
figuring out how we get on 
YouTube. 

1241
01:03:13,290 --> 01:03:16,690
So YouTube has made some podcast
announcements recently, and so 

1242
01:03:16,690 --> 01:03:21,610
I'm starting to slowly upload 
hundreds of episodes when I get 

1243
01:03:21,610 --> 01:03:23,850
time. 
To have them on YouTube at some 

1244
01:03:23,850 --> 01:03:26,490
point as well. 
So not ready yet, but it's 

1245
01:03:26,490 --> 01:03:27,610
coming. 
It's in the future. 

1246
01:03:28,090 --> 01:03:31,010
And I did recently create find a
way LinkedIn page for the show. 

1247
01:03:31,010 --> 01:03:32,810
I think right now you and I are 
the only people on it, but I'm 

1248
01:03:32,810 --> 01:03:35,010
starting to tag it and sort of 
build it out and figure out how 

1249
01:03:35,010 --> 01:03:37,530
that all that stuff works. 
So there we go. 

1250
01:03:38,570 --> 01:03:40,210
All right, we'll leave it there 
for this week. 

1251
01:03:40,250 --> 01:03:43,120
Thanks everybody for listening. 
And we'll talk with everyone in 

1252
01:03:43,120 --> 01:03:45,880
the next one. 
You've been listening to 

1253
01:03:45,880 --> 01:03:49,800
Identity at the center. 
We hope you've enjoyed the show.

1254
01:03:50,000 --> 01:03:54,160
Make sure to like, rate and 
review and we'll be back soon. 

1255
01:03:54,360 --> 01:03:56,600
But in the meantime, hit the 
website at 

1256
01:03:56,600 --> 01:04:03,720
identity@thecenter.com and find 
us on Twitter at IDAC Podcast. 

1257
01:04:04,160 --> 01:04:08,280
See you next time on identity at
the center.

