1 00:00:00,240 --> 00:00:04,960 So the way that we've looked at it is, is that we'd look at it 2 00:00:04,960 --> 00:00:07,600 as a, or at least the way I've been looking at it, I'll say it 3 00:00:07,600 --> 00:00:13,600 that way is, is that if I have a function that is running on its 4 00:00:13,600 --> 00:00:17,280 own and it only has one purpose, to basically turn this one 5 00:00:17,280 --> 00:00:21,520 widget or turn this one wheel and it does it on its own, then 6 00:00:21,520 --> 00:00:24,600 that's a non, you know, that that's the non, that's non human 7 00:00:24,600 --> 00:00:29,560 identity, you know, at work. And that that's how we define 8 00:00:29,560 --> 00:00:30,720 it. So therefore, it's, you know, 9 00:00:30,720 --> 00:00:34,240 it's the Lambda that goes off and does the thing and then, you 10 00:00:34,240 --> 00:00:36,760 know, and then you get an end product and it can't do anything 11 00:00:36,760 --> 00:00:40,440 else other than that one thing. But that's the, you know, that's 12 00:00:40,440 --> 00:00:42,760 kind of the overall goal. And that's the, you know, that's 13 00:00:42,760 --> 00:00:44,120 where they access and everything. 14 00:00:44,120 --> 00:00:46,040 That's kind of the guardrails in which it sits on. 15 00:00:47,160 --> 00:00:50,000 So Chris, you picked a real easy one for your first topic. 16 00:00:51,360 --> 00:01:01,040 What do you have for number 2? This is identity at the center 17 00:01:01,720 --> 00:01:04,840 if it has anything to do with IAM. 18 00:01:04,840 --> 00:01:11,360 This is the go to podcast now your hosts Jim McDonald and Jeff 19 00:01:11,360 --> 00:01:19,280 Stedman. Welcome to the Identity at the 20 00:01:19,280 --> 00:01:21,360 Center podcast. I'm Jeff, and that's Jim. 21 00:01:21,360 --> 00:01:23,240 Hey, Jim. Hey, Jeff, how are you? 22 00:01:23,600 --> 00:01:27,320 Oh, not so bad yourself. Not bad for coming live to you 23 00:01:27,320 --> 00:01:30,040 on a Sunday morning. It is a Sunday morning, that's 24 00:01:30,040 --> 00:01:31,560 for sure. I think we're both struggling 25 00:01:31,560 --> 00:01:33,880 with like allergies or colds or something, I don't know. 26 00:01:34,240 --> 00:01:37,920 Yeah, I, you know, I, I figured by this point of the summer I 27 00:01:37,920 --> 00:01:40,360 wouldn't have to worry about allergies, but I checked The 28 00:01:40,360 --> 00:01:43,720 Weather Channel. We're high for ragweed, which is 29 00:01:43,720 --> 00:01:46,720 probably the thing that hits me the most. 30 00:01:47,040 --> 00:01:48,760 So I'm like breathing through my mouth. 31 00:01:48,760 --> 00:01:52,600 So if you hear me gasping, it's because I've been too talking 32 00:01:52,600 --> 00:01:55,880 too long. But what's a good reminder to 33 00:01:55,920 --> 00:01:57,840 shut up? What's that? 34 00:01:58,240 --> 00:01:59,520 That's a good reminder to shut up. 35 00:02:00,120 --> 00:02:02,760 Yeah, exactly. It's like if I'm gasping for air 36 00:02:02,760 --> 00:02:04,880 it means I've been talking for too long straight. 37 00:02:05,560 --> 00:02:09,280 Exactly. Yeah, so scoured LinkedIn last 38 00:02:09,280 --> 00:02:16,640 night and you know what a what a treasure trove of ideas. 39 00:02:16,840 --> 00:02:22,160 One thing that I, I got into was an article about the Oklahoma 40 00:02:22,520 --> 00:02:26,920 mobile driver's license. That wasn't even on my radar, 41 00:02:26,920 --> 00:02:29,120 right? Oklahoma's now moving forward 42 00:02:29,120 --> 00:02:32,760 the mobile driver's license. I feel like every state at some 43 00:02:32,760 --> 00:02:35,240 level is moving forward with mobile driver's license. 44 00:02:35,600 --> 00:02:39,280 And it definitely feels like it's in the lane of digital 45 00:02:39,280 --> 00:02:40,560 identity, don't you think? Well. 46 00:02:41,120 --> 00:02:42,160 Yeah. I mean, you're, you're 47 00:02:42,200 --> 00:02:44,120 presenting a credential to say this is who I am. 48 00:02:44,440 --> 00:02:46,120 That is absolutely digital identity. 49 00:02:46,720 --> 00:02:49,960 Yeah, it's a new area. I think that a lot of us are, 50 00:02:50,320 --> 00:02:54,200 you know, needing to learn. So this goes back to the digital 51 00:02:54,200 --> 00:02:57,760 identity versus IAM. You know, our foundation was 52 00:02:57,760 --> 00:03:02,320 more in the IAM space, which included customer IAM, so 53 00:03:02,320 --> 00:03:05,720 internal, external. But now there's this new newer 54 00:03:05,720 --> 00:03:09,120 area around like decentralized identity, blockchain, stuff like 55 00:03:09,120 --> 00:03:13,120 that, where, you know, most of us haven't specialized in, but 56 00:03:13,480 --> 00:03:17,000 understanding not only the use cases, but also the technology. 57 00:03:17,280 --> 00:03:22,200 I think is, is, is a real, you know, challenge, but 58 00:03:22,200 --> 00:03:24,080 opportunity. I kind of feel like overall, 59 00:03:24,080 --> 00:03:28,720 that's the that's the thing in the digital identity space is 60 00:03:28,720 --> 00:03:33,600 what makes this feel so exciting is the challenge is, is while 61 00:03:33,600 --> 00:03:37,800 you constantly things are coming up and things are moving forward 62 00:03:37,800 --> 00:03:41,320 where you're having to, to learn and figure things out. 63 00:03:41,560 --> 00:03:44,840 But that's also the exciting part is that it doesn't sit 64 00:03:44,840 --> 00:03:49,040 still and it's not static and we're having the opportunity to 65 00:03:49,040 --> 00:03:52,800 learn all these new things. Yeah, I mean, that's, I think 66 00:03:52,800 --> 00:03:56,640 that's the natural evolution of any, of any role anywhere. 67 00:03:56,640 --> 00:03:59,880 Anytime things move forward, you got to stay current. 68 00:04:00,320 --> 00:04:02,920 Unless you're a COBOL or mainframe programmer, apparently 69 00:04:03,240 --> 00:04:06,000 you can like do that work and then like go away for a while 70 00:04:06,000 --> 00:04:08,040 and then come back and make a ton of money because nobody 71 00:04:08,040 --> 00:04:11,440 knows how to do it anymore. Exact Well, that's that's the 72 00:04:11,440 --> 00:04:14,680 key as well as like sometimes sitting still can work to your 73 00:04:14,680 --> 00:04:18,920 benefit, but I don't know, that's never been my personality 74 00:04:18,920 --> 00:04:22,920 style. So yeah, but I, you know, we 75 00:04:22,920 --> 00:04:25,080 always talk about our conference discount codes. 76 00:04:25,080 --> 00:04:26,880 I think we should get into that in a minute. 77 00:04:27,120 --> 00:04:30,200 But that's a great way to stay current too, is just going to 78 00:04:30,200 --> 00:04:32,600 those conferences. You know, we always talk about 79 00:04:32,600 --> 00:04:35,960 the hallway conversations and that's such a great value. 80 00:04:35,960 --> 00:04:38,960 But actually sitting in the sessions and seeing how people 81 00:04:38,960 --> 00:04:44,360 are solving some of these new use cases for identity is a way 82 00:04:44,360 --> 00:04:47,200 to stay current. And so, you know, to the extent 83 00:04:47,200 --> 00:04:50,760 that you know, you can afford to be afford to take the time, 84 00:04:51,040 --> 00:04:54,040 spend the money to be out of conferences, especially looking 85 00:04:54,040 --> 00:04:58,800 for events that are local to you or local enough that it's not a 86 00:04:58,800 --> 00:05:01,600 major expenditure, I think it's great. 87 00:05:01,840 --> 00:05:05,520 And of course, you know, having a company that supports that is 88 00:05:05,520 --> 00:05:08,000 great as well. You know, our guest today kind 89 00:05:08,000 --> 00:05:11,040 of ties together the two points I was making because we see him 90 00:05:11,040 --> 00:05:14,320 in a lot of conferences. So obviously his organization 91 00:05:14,320 --> 00:05:19,360 has seen the value, sees the value in sending him to 92 00:05:19,360 --> 00:05:22,400 conferences. And that's how we've, you know, 93 00:05:22,680 --> 00:05:25,920 built a contact and I, I think a friendship as well. 94 00:05:27,080 --> 00:05:33,760 But also, you know, just the idea of like being out of 95 00:05:33,760 --> 00:05:37,280 conferences and, and learning all these new topics and then 96 00:05:37,280 --> 00:05:40,280 taking the position of, you know, wanting to share that 97 00:05:40,280 --> 00:05:42,080 information with the rest of the community. 98 00:05:42,280 --> 00:05:45,680 So I think that's, you know what you get all the conferences. 99 00:05:46,360 --> 00:05:48,480 Yeah, Let's talk about those conference discount codes. 100 00:05:48,480 --> 00:05:50,840 We've got Identity Week. We've got the America and the 101 00:05:50,840 --> 00:05:52,400 Asia conference both coming up here. 102 00:05:52,680 --> 00:05:55,360 You and I are going to be at the Identity Week America in 103 00:05:55,360 --> 00:05:58,160 Washington, DC on September 11th and 12th. 104 00:05:58,640 --> 00:06:00,760 We're going to be doing podcast stuff, but I'm actually also 105 00:06:00,840 --> 00:06:05,640 hosting like an hour of identity and access management talks and 106 00:06:05,640 --> 00:06:08,400 the panel and stuff like that. So still working through the 107 00:06:08,400 --> 00:06:11,560 details on that, but I have volunteered to do that. 108 00:06:11,960 --> 00:06:16,040 So if you use the Code Ida C30, you get 30% off of your 109 00:06:16,040 --> 00:06:17,640 registration. And that code works for both the 110 00:06:17,840 --> 00:06:20,800 US and the Asia shows. So if you're going to one or 111 00:06:20,800 --> 00:06:22,560 both, feel free to use that code. 112 00:06:22,560 --> 00:06:25,880 Good Freeway to save some money and show support for the show. 113 00:06:26,440 --> 00:06:28,520 The other one we've got coming up is the authenticate 114 00:06:28,520 --> 00:06:31,400 conference from the Fido Alliance that is October 14th 115 00:06:31,440 --> 00:06:35,240 through the 16th in Carlsbad, CA, which awesome weather. 116 00:06:35,240 --> 00:06:37,960 Love it. We were there last year and I 117 00:06:37,960 --> 00:06:39,920 think we've been to the last few authenticates at this point, but 118 00:06:39,920 --> 00:06:41,360 we have a discount code for that one as well. 119 00:06:41,760 --> 00:06:46,480 ID AC15I D AC15 gets you a 15% off of your registration. 120 00:06:46,480 --> 00:06:48,640 So you and I are going to be at that one too. 121 00:06:49,000 --> 00:06:50,880 I know there's a meeting, I think, I think we had to 122 00:06:50,880 --> 00:06:52,960 reschedule a couple times, but there's one probably next week 123 00:06:53,800 --> 00:06:55,560 to kind of talk through a little more kind of what we're going to 124 00:06:55,560 --> 00:06:58,520 be doing, some of the ideas we had for for doing shows there, 125 00:06:58,520 --> 00:07:00,280 but. Looking forward to Andrew 126 00:07:00,440 --> 00:07:02,640 Schicchiar as the guest on an upcoming episode. 127 00:07:02,640 --> 00:07:05,400 I think the next episode. Yeah, I think he's the reigning 128 00:07:05,400 --> 00:07:09,800 champion right now on number of, you know, appearances on this 129 00:07:09,800 --> 00:07:12,000 and. We had him on during our dinner 130 00:07:12,000 --> 00:07:13,960 verse. We had him on during our dinner 131 00:07:13,960 --> 00:07:18,080 verse, and I think that was #8 so he's looking at episode #9 so 132 00:07:18,080 --> 00:07:21,080 it's not only in the lead, but he's got a couple. 133 00:07:21,080 --> 00:07:22,880 He's lapped people a few Times Now. 134 00:07:23,680 --> 00:07:26,000 Well, he, well, you know, Saturday Night Live does like a, 135 00:07:26,120 --> 00:07:28,640 you know, five timers club with like a, you know, like a smoking 136 00:07:28,640 --> 00:07:31,280 jacket type thing. And you're all about those, you 137 00:07:31,280 --> 00:07:34,360 know, flashy jackets. I want to know what you're going 138 00:07:34,360 --> 00:07:38,800 to do for if someone makes it to 10 episodes on what, what are we 139 00:07:38,800 --> 00:07:42,080 going to do about that? Take one of my class jackets and 140 00:07:42,080 --> 00:07:44,400 and throw an identity at the center sticker on it. 141 00:07:47,280 --> 00:07:50,120 That's that is a gym answer if I've ever heard one. 142 00:07:50,240 --> 00:07:53,400 That's weak soft, right? All right, well, we can come up 143 00:07:53,400 --> 00:07:55,120 with something. Come up with something. 144 00:07:55,120 --> 00:07:58,080 That all right. Well, why don't we get to our 145 00:07:58,080 --> 00:08:02,400 main topic and our main and only guest today, I guess his name is 146 00:08:02,400 --> 00:08:04,080 Chris Bauer. He's a senior manager of 147 00:08:04,080 --> 00:08:05,960 identity and access management at Sallie Mae. 148 00:08:05,960 --> 00:08:10,800 He's been with us before all the way back an episode 162 where I 149 00:08:10,800 --> 00:08:13,960 believe that's the first time at least I remember meeting Chris 150 00:08:14,320 --> 00:08:19,040 and we had a nice little kind of conversation up in the suite 151 00:08:19,040 --> 00:08:20,880 suite. If you remember that at Gartner 152 00:08:21,000 --> 00:08:23,400 at was at Caesar's a few years back. 153 00:08:23,800 --> 00:08:25,480 Got to know got to know Chris a little bit. 154 00:08:25,480 --> 00:08:26,880 But welcome back to the show, Chris. 155 00:08:27,240 --> 00:08:28,920 We'll say thanks, Jeff. Yeah. 156 00:08:28,920 --> 00:08:31,560 And I'll say it's it. It's been a long ride, but it's 157 00:08:31,560 --> 00:08:33,120 been a fun ride for the last two years. 158 00:08:33,120 --> 00:08:35,240 Getting, you know, getting, you know, going from that and 159 00:08:35,240 --> 00:08:37,039 getting to know you, you know, getting to know you too. 160 00:08:37,039 --> 00:08:39,760 And of course the the identity space A lot better over the last 161 00:08:39,760 --> 00:08:41,919 two years through those conferences. 162 00:08:42,559 --> 00:08:43,919 Yeah. And Speaking of conferences, 163 00:08:43,919 --> 00:08:47,960 this is actually technically your third appearance on the 164 00:08:47,960 --> 00:08:51,000 show because you, when we were at the Ideniverse conference 165 00:08:51,000 --> 00:08:53,680 earlier this year, we had kind of like AQ and A with Andrew 166 00:08:53,680 --> 00:08:56,440 Shikiar asking some questions about password lists and, and 167 00:08:56,440 --> 00:08:57,880 authentication, just Fido in general. 168 00:08:58,360 --> 00:09:01,600 And I believe you stepped up the microphone in our little kind of 169 00:09:01,600 --> 00:09:03,440 area that we're recording and actually asked a question. 170 00:09:03,440 --> 00:09:06,160 So if you recognize the voice, there you go. 171 00:09:06,520 --> 00:09:08,680 You This is technically your third time on the show. 172 00:09:08,920 --> 00:09:11,000 I'm shooting for 10. I'm shooting for 10, Jeff. 173 00:09:11,000 --> 00:09:13,440 I want, I want to, you know, I want to get AI want to get a 174 00:09:13,440 --> 00:09:14,680 jacket. That's that's when you know, 175 00:09:14,680 --> 00:09:17,520 that's my goal now. You want Jim's leftover jacket 176 00:09:17,520 --> 00:09:21,320 with a hastily applied identity center sticker applied to it. 177 00:09:22,560 --> 00:09:24,760 A marker of writing #10 on the back. 178 00:09:25,880 --> 00:09:30,800 That's right, Chris. People in the US might be 179 00:09:30,800 --> 00:09:34,320 familiar with Sallie Mae, but I always like to talk about, you 180 00:09:34,320 --> 00:09:36,520 know, we're talking about this as a global audience. 181 00:09:36,840 --> 00:09:38,680 Not everyone's familiar with what Sallie Mae does. 182 00:09:38,680 --> 00:09:41,360 Why don't we start with that? Tell us a little bit about what 183 00:09:41,360 --> 00:09:44,040 Sallie Mae does, and then I'd love to just kind of hear about 184 00:09:44,040 --> 00:09:47,400 your role at Sallie Mae. You know, what does a senior 185 00:09:47,400 --> 00:09:49,920 manager of Identity and access management do for an 186 00:09:49,920 --> 00:09:53,040 organization like that? Well, Sallie Mae is a, you know, 187 00:09:53,040 --> 00:09:55,680 Sallie Mae is a private student loan provider. 188 00:09:55,680 --> 00:09:58,400 We, you know, we help, you know, we help individuals get through, 189 00:09:58,400 --> 00:10:00,920 you know, get through their journey of, you know, getting a 190 00:10:00,920 --> 00:10:03,280 better education through various, you know, through 191 00:10:03,280 --> 00:10:06,400 various colleges and universities by providing ways 192 00:10:06,400 --> 00:10:08,960 to get, you know, ways to get you, your, you know, the funding 193 00:10:08,960 --> 00:10:11,480 that you need to get from, you know, from one point in your 194 00:10:11,480 --> 00:10:15,560 journey to the next. From from an IAM standpoint, you 195 00:10:15,560 --> 00:10:18,240 know, standpoint, what I've been doing and what, you know, what I 196 00:10:18,240 --> 00:10:21,520 work with primarily is the, is on the inside of the house, the 197 00:10:21,520 --> 00:10:23,640 workforce management side of Sallie Mae. 198 00:10:24,080 --> 00:10:28,320 So everything from the B to B to B and to the individual 199 00:10:28,320 --> 00:10:31,560 employees to contractors that we use on a day-to-day basis, 200 00:10:32,000 --> 00:10:35,160 helping manage the, you know, helping manage their access is 201 00:10:35,160 --> 00:10:38,080 kind of is my, you know, is my bread and butter is what I focus 202 00:10:38,080 --> 00:10:41,960 on on a day-to-day basis. As a senior, you know, as a 203 00:10:41,960 --> 00:10:46,080 senior, you know, IAM operations manager, my role is to help 204 00:10:46,080 --> 00:10:50,280 manage a team of roughly 10 people who spend their days 205 00:10:50,280 --> 00:10:53,440 taking care of that, what I call the pillars of IAM from a 206 00:10:53,440 --> 00:10:55,040 workforce management side of things. 207 00:10:55,040 --> 00:10:58,320 That's, that's the governance of the house, you know, doing, you 208 00:10:58,320 --> 00:11:00,680 know, doing regular access certifications on a quarterly 209 00:11:00,680 --> 00:11:04,280 basis, taking care of, you know, taking care of the day-to-day 210 00:11:04,280 --> 00:11:08,960 provisioning of access joiners, movers, levers, all the, you 211 00:11:08,960 --> 00:11:11,160 know, basically through the entire life cycle. 212 00:11:11,800 --> 00:11:15,440 As well as taking care of just, you know, overall, just 213 00:11:15,440 --> 00:11:19,120 day-to-day aspects of what the workforce needs to be able to 214 00:11:19,120 --> 00:11:21,400 get into their, you know, to be able to get into their 215 00:11:21,400 --> 00:11:24,600 individual applications. Helping, you know, helping our, 216 00:11:24,600 --> 00:11:27,360 you know, helping our teams, you know, make those connections 217 00:11:27,360 --> 00:11:30,280 between new vendors and new applications, getting them, you 218 00:11:30,280 --> 00:11:32,280 know, getting them on boarded into our systems. 219 00:11:33,240 --> 00:11:36,360 So Chris, you, you're actually, you're really living the 220 00:11:36,360 --> 00:11:39,160 identity and access management life, right? 221 00:11:39,160 --> 00:11:44,440 So you're, you're in there and I saw your LinkedIn post last 222 00:11:44,440 --> 00:11:47,680 night, actually, I'm not sure how old it was at that point, 223 00:11:48,240 --> 00:11:54,360 but you're out there now committing to blog about 224 00:11:54,640 --> 00:11:57,720 identity access management topics for the betterment of 225 00:11:57,720 --> 00:12:00,520 kind of like paying it forward, right? 226 00:12:00,520 --> 00:12:03,600 I think it's the, the right, the, the fancy way to say it 227 00:12:03,600 --> 00:12:07,400 these days, getting this, you know, at least your opinions out 228 00:12:07,400 --> 00:12:11,480 there on many different topics. You started with your first 229 00:12:11,480 --> 00:12:13,880 blog, which is kind of just saying, I'm going to do this 230 00:12:13,880 --> 00:12:15,400 thing. So now the commitment's out 231 00:12:15,400 --> 00:12:18,560 there and I hit you up and said, Hey, the commitment's out there. 232 00:12:18,680 --> 00:12:22,680 How would you like to come on the Identity Center podcast and 233 00:12:22,680 --> 00:12:25,840 kind of talk about what some of these topics we can expect to 234 00:12:26,280 --> 00:12:30,000 see you blogging about? So maybe you could kind of walk 235 00:12:30,000 --> 00:12:32,160 us through a few of those. Let's start with the first one. 236 00:12:32,160 --> 00:12:35,560 What what's the hottest topic that you have in mind for for 237 00:12:35,560 --> 00:12:39,480 blog #1? So blog number one, I think is 238 00:12:39,480 --> 00:12:43,160 going to be around maturing the non human identity that, you 239 00:12:43,160 --> 00:12:46,680 know, we, you know, we've been going through a quite a process 240 00:12:46,680 --> 00:12:50,120 lately and been talking about it a lot internally for the, you 241 00:12:50,120 --> 00:12:53,160 know, for last several months, really through a little over a 242 00:12:53,160 --> 00:12:59,840 year on how to properly manage and maintain a, you know, you 243 00:13:00,040 --> 00:13:04,120 know, a listing of all of our access that doesn't belong to a 244 00:13:04,120 --> 00:13:07,160 human being, doesn't actually, you know, isn't connected to a 245 00:13:07,160 --> 00:13:10,080 contractor or an an employee here at Sally. 246 00:13:11,640 --> 00:13:14,280 With that. We've, you know, we've had, you 247 00:13:14,280 --> 00:13:16,680 know, we've actually had our own database that we've been using 248 00:13:16,680 --> 00:13:19,720 for quite some time to basically kind of we've homegrown our own 249 00:13:19,720 --> 00:13:21,760 system, so to speak, to basically take care of that for 250 00:13:21,760 --> 00:13:24,160 the, you know, for the, you know, for the last several 251 00:13:24,160 --> 00:13:27,760 years. And lovingly we would like to, 252 00:13:27,760 --> 00:13:31,000 you know, we would like to kind of put that to bed and actually 253 00:13:31,120 --> 00:13:33,600 try to see what the next level of, you know, what the next 254 00:13:33,600 --> 00:13:36,280 level of that looks like. So much like when we, you know, 255 00:13:36,280 --> 00:13:38,640 when we saw each other at a dinner verse that's, that was 256 00:13:38,640 --> 00:13:41,960 kind of one of my main purposes of being there was, is to stroll 257 00:13:41,960 --> 00:13:45,080 the vendor hall and kind of get, you know, you know, get a better 258 00:13:45,080 --> 00:13:47,600 feeling of what, what was out there in that space. 259 00:13:48,800 --> 00:13:53,280 And what I found was, is that it's, it's a lot more mature 260 00:13:53,280 --> 00:13:56,360 than I thought it was. But yet I also, yeah, but 261 00:13:56,360 --> 00:13:58,680 talking to them, I also recognize that there was a lot 262 00:13:58,680 --> 00:14:01,120 of room for, you know, that they, they all know that there's 263 00:14:01,120 --> 00:14:04,040 still a lot of room for growth. There's still a lot of room for, 264 00:14:04,720 --> 00:14:07,160 for standardization and for governance around it. 265 00:14:08,160 --> 00:14:10,600 And that's, I'm going to say that's what I've been, you know, 266 00:14:10,600 --> 00:14:12,280 really that's what I've been researching lately. 267 00:14:12,280 --> 00:14:14,320 And that's kind of that's where my, you know, that's where my 268 00:14:14,320 --> 00:14:17,120 next set of articles are going to go towards is, is basically 269 00:14:17,120 --> 00:14:19,840 that research and kind of the, you know, what I've acknowledged 270 00:14:19,840 --> 00:14:22,640 or what I picked up to, like Jim said, pay it forward. 271 00:14:24,280 --> 00:14:27,320 So in, you know, in line with that, you know, Jim, I'm going 272 00:14:27,320 --> 00:14:29,120 to kind of throw this back at you a little bit. 273 00:14:29,760 --> 00:14:32,640 When you think about non human identity, what do you you know? 274 00:14:32,640 --> 00:14:35,480 What do you think is probably the most important things to 275 00:14:35,480 --> 00:14:39,480 look forward to or look into? So you're talking about the the 276 00:14:39,480 --> 00:14:41,600 non identity space right at the moment. 277 00:14:41,600 --> 00:14:51,160 So, you know, I want to first kind of put put on the table a 278 00:14:51,160 --> 00:14:54,600 thought that I've been having recently, which was around this 279 00:14:54,600 --> 00:14:59,040 crowd strike outage that we all kind of like experienced at some 280 00:14:59,040 --> 00:15:01,480 level. And I'm not sure how how badly 281 00:15:01,480 --> 00:15:04,040 that hit you. But one thing that I thought 282 00:15:04,040 --> 00:15:07,560 about is that we have all these machines now going out and 283 00:15:07,560 --> 00:15:09,960 performing updates. And it got me thinking about, 284 00:15:10,280 --> 00:15:13,120 you know, the the whole SolarWinds thing that happened 285 00:15:13,560 --> 00:15:18,240 or was it a year and a half two years ago now where we have 286 00:15:18,800 --> 00:15:23,560 powerful machine accounts in the environment that we just say, 287 00:15:23,560 --> 00:15:27,920 OK, they have a legitimate requirement to exist and they do 288 00:15:27,920 --> 00:15:30,440 these things. And so from an identity and 289 00:15:30,440 --> 00:15:35,400 access management standpoint, we say they're legitimate and the 290 00:15:35,400 --> 00:15:36,960 business tells us they need them. 291 00:15:36,960 --> 00:15:41,320 So we're OK with that. And that's that. 292 00:15:42,600 --> 00:15:47,640 I think as cybersecurity professionals as a whole, we 293 00:15:47,640 --> 00:15:53,240 need to know what our risk is relative to those items right to 294 00:15:53,240 --> 00:15:58,080 those non human accounts. I don't know that we necessarily 295 00:15:58,080 --> 00:16:02,760 have the technology right now to catch something like that on the 296 00:16:02,760 --> 00:16:09,000 fly, to necessarily have controls that could prevent a 297 00:16:09,000 --> 00:16:12,680 solar gate or prevent what happened with crowd strike. 298 00:16:13,000 --> 00:16:16,800 But I certainly think we need to do a better job of inventory 299 00:16:17,040 --> 00:16:20,680 where our risks are relative to these accounts. 300 00:16:21,240 --> 00:16:24,680 I don't think that a lot of people even understand all the 301 00:16:25,160 --> 00:16:29,920 accounts that exist and you know, have a way to kind of 302 00:16:29,920 --> 00:16:34,240 like, all right, well, you know, it again, it's kind of like what 303 00:16:34,240 --> 00:16:36,960 I say is it's hard to manage what you can't measure. 304 00:16:37,880 --> 00:16:41,200 Do we have that measurement of those accounts of the risk 305 00:16:41,200 --> 00:16:45,800 relative to these powerful non human identity accounts? 306 00:16:45,920 --> 00:16:50,360 So I think that's one big topic that I've been thinking on that 307 00:16:50,360 --> 00:16:54,160 I'm out there looking for. You know, people tell me, no, 308 00:16:54,160 --> 00:16:57,760 you're wrong, Jim, we are doing that or that's not important to 309 00:16:57,760 --> 00:17:02,640 do or yes, you're right. That is something we need to get 310 00:17:02,640 --> 00:17:05,599 our arms around and here's a framework for doing it. 311 00:17:06,960 --> 00:17:10,680 I think the second thing overall that makes non human accounts, 312 00:17:11,160 --> 00:17:13,760 you know, one of the things we keep hearing in the industry is 313 00:17:13,760 --> 00:17:17,000 that non human accounts now outnumber human accounts. 314 00:17:17,000 --> 00:17:22,640 So I think you're very much on to a a topic that is, you know, 315 00:17:22,640 --> 00:17:25,480 absolutely critical. And I don't see that going back 316 00:17:25,480 --> 00:17:28,000 the other way. I only see you getting, you 317 00:17:28,000 --> 00:17:32,080 know, bigger and becoming bigger and bigger of a problem to solve 318 00:17:32,400 --> 00:17:36,160 in terms of we're doing more and more automation and that 319 00:17:36,160 --> 00:17:41,000 requires more and more non human accounts that can go about, you 320 00:17:41,000 --> 00:17:42,840 know, carrying out these activities. 321 00:17:43,160 --> 00:17:47,080 And so I think you have the traditional Windows service 322 00:17:47,080 --> 00:17:50,480 accounts. And if what I'd encourage people 323 00:17:50,480 --> 00:17:56,040 to do is like not look at like that as the entire problem 324 00:17:56,280 --> 00:18:00,200 because I'm, you know, I feel like in the past I gained access 325 00:18:00,200 --> 00:18:03,240 management and said, OK, you've got these Windows service 326 00:18:03,240 --> 00:18:05,440 accounts and that's 75% of the problem. 327 00:18:05,680 --> 00:18:09,720 And then you've got these applications in Linux situations 328 00:18:09,720 --> 00:18:13,440 where, you know, maybe somebody hard coded an account and it's 329 00:18:13,440 --> 00:18:15,200 like that's 10 year old thinking. 330 00:18:15,720 --> 00:18:18,640 You've got to also think now about the whole DevOps 331 00:18:18,640 --> 00:18:22,320 environment and how accounts are being used to build 332 00:18:22,320 --> 00:18:26,040 infrastructure and deploy applications and what is the 333 00:18:26,040 --> 00:18:31,920 risk of those accounts and then robotic process automation. 334 00:18:31,920 --> 00:18:36,680 So there there's just like a much bigger picture of non human 335 00:18:36,680 --> 00:18:38,560 accounts. And I think the the first thing 336 00:18:38,560 --> 00:18:43,800 is really understanding the landscape and then the second is 337 00:18:43,920 --> 00:18:48,520 understanding the use cases for those accounts and then applying 338 00:18:48,520 --> 00:18:52,920 controls in a proper way. So I'll stop there and kind of 339 00:18:52,920 --> 00:18:56,600 see what what Jeff is thinking. But this isn't a new problem. 340 00:18:56,720 --> 00:18:58,080 These accounts have been here forever. 341 00:18:58,400 --> 00:19:03,200 Since the dawn of IT, there's been service accounts. 342 00:19:03,600 --> 00:19:09,080 I think yes, it's going to get peril for 8:00, but to I don't, 343 00:19:09,080 --> 00:19:10,480 I just don't see this as a new problem. 344 00:19:10,600 --> 00:19:14,480 This is this is forever now, the technology has probably gotten 345 00:19:14,480 --> 00:19:17,200 better to the point where it's easier to manage and track these 346 00:19:17,200 --> 00:19:19,680 things. But I still believe this is a 347 00:19:19,800 --> 00:19:24,040 governance first issue. These didn't just start popping 348 00:19:24,040 --> 00:19:26,960 up when AI was invented, right? Or things like that. 349 00:19:27,720 --> 00:19:29,720 There's been service counts for, for as far back. 350 00:19:30,400 --> 00:19:33,760 I think this is where we fall back on policy and standards and 351 00:19:33,760 --> 00:19:36,800 procedures to say, OK, we've created a service account. 352 00:19:36,880 --> 00:19:39,480 Here is the purpose for it. Do we have good metadata around 353 00:19:39,480 --> 00:19:41,280 it? Who's responsible for it? 354 00:19:41,760 --> 00:19:45,200 You know, is it being used for its intended purpose or did we 355 00:19:45,200 --> 00:19:48,000 share it and use it for another service that, oh, this looks 356 00:19:48,000 --> 00:19:50,520 like it's similar. You know, let's let's just reuse 357 00:19:50,520 --> 00:19:53,320 it for that kind of thing. I'm hopeful that some of these 358 00:19:53,320 --> 00:19:55,720 new technologies in the non human identity space will be 359 00:19:55,720 --> 00:19:59,120 able to dissect that a little bit, but I find that really 360 00:19:59,120 --> 00:20:04,080 difficult onion to kind of peel to say, OK, you know, how is it 361 00:20:04,080 --> 00:20:05,960 going to know who it really belongs to? 362 00:20:05,960 --> 00:20:07,800 Right? There's no human identifier tag 363 00:20:07,800 --> 00:20:08,440 to it. You're going to have. 364 00:20:08,440 --> 00:20:10,000 You're still going to have to go through a process. 365 00:20:10,480 --> 00:20:13,720 To say, OK, Chris, you've got these, you know, 50 different 366 00:20:13,720 --> 00:20:16,360 service accounts that you're using to run your, your 367 00:20:16,360 --> 00:20:18,480 applications or your services and your environment. 368 00:20:18,720 --> 00:20:20,480 Tell me about them. What do they do? 369 00:20:20,880 --> 00:20:23,080 Are they scoped correctly from a permission standpoint? 370 00:20:23,080 --> 00:20:26,040 Or did we just say, well, let's give them domain admin and they 371 00:20:26,040 --> 00:20:29,920 can do whatever they want. So I think there will be a lot 372 00:20:29,920 --> 00:20:34,720 of business conversations and helping the business and the 373 00:20:34,720 --> 00:20:40,360 business in this case might be IT understand, you know how what 374 00:20:40,360 --> 00:20:42,200 you know, what is the risk associated with these accounts? 375 00:20:42,760 --> 00:20:46,000 What are you using them for? Do we still need them? 376 00:20:46,280 --> 00:20:48,480 Because a lot of times these service accounts or other types 377 00:20:48,480 --> 00:20:52,200 of non humanity stick around forever because we're afraid to 378 00:20:52,200 --> 00:20:54,440 remove them or disable them because oh, it might break 379 00:20:54,440 --> 00:20:55,840 something. And the next thing you know, 380 00:20:56,280 --> 00:20:58,400 you've got a whole bunch of little, you know, micro 381 00:20:58,400 --> 00:21:01,640 perforations in your identity wall where if one of these 382 00:21:01,640 --> 00:21:03,120 accounts were to get breached, you'd be able to come through 383 00:21:03,120 --> 00:21:06,920 and do whatever you need to do. So I, it is interesting, I think 384 00:21:06,920 --> 00:21:10,320 this is a topic that is definitely becoming more 385 00:21:10,320 --> 00:21:12,640 important, especially with, you know, the more automation we do 386 00:21:12,640 --> 00:21:14,320 some things. But I'm curious to see, Chris, 387 00:21:14,320 --> 00:21:16,480 where, where do you think this is heading? 388 00:21:16,480 --> 00:21:19,400 And if you've seen any specific products or things like that, 389 00:21:19,400 --> 00:21:23,360 that or capabilities, maybe that might be like, Oh yeah, that's I 390 00:21:23,360 --> 00:21:26,880 need that to to make my program more effectively. 391 00:21:27,240 --> 00:21:29,480 If I could, Jeff, I just wanted to follow up with one other 392 00:21:29,480 --> 00:21:33,080 point that I forgot to mention, which is, you know, service 393 00:21:33,080 --> 00:21:38,560 accounts traditionally have weak authentication controls, right? 394 00:21:38,560 --> 00:21:42,440 They're not eligible for multi factor authentication. 395 00:21:42,800 --> 00:21:47,120 So if somebody could enter the network with those accounts, 396 00:21:47,120 --> 00:21:49,880 that's a big problem. And then of course, they have 397 00:21:49,880 --> 00:21:54,680 very simple passwords that you know, if you're relying on 398 00:21:54,680 --> 00:21:59,560 password only or certificate only, but let's say password 399 00:21:59,560 --> 00:22:05,360 only, you know, you've got to make that as difficult and not 400 00:22:05,360 --> 00:22:10,440 guessable as possible and be rotating those passwords if 401 00:22:10,440 --> 00:22:14,840 possible so that no human being, it was the even within your 402 00:22:14,840 --> 00:22:18,560 organization knows the password. So I agree with everything that, 403 00:22:18,560 --> 00:22:20,680 you know, that Jim and Jeff, you're saying they're going to 404 00:22:20,680 --> 00:22:23,600 say we're definitely, you know, we're definitely taking a look 405 00:22:23,600 --> 00:22:26,120 at it from a governance point of view first, you know, first and 406 00:22:26,120 --> 00:22:28,280 foremost to kind of go along with what Jeff was, you know, 407 00:22:28,280 --> 00:22:30,920 talking about. We've been, you know, I've been 408 00:22:30,920 --> 00:22:33,200 doing research. There's, you know, you know, not 409 00:22:33,200 --> 00:22:36,720 the name drop too much, but like on LinkedIn, there's actually a 410 00:22:36,720 --> 00:22:40,200 non human identity organization that's kind of being founded, 411 00:22:40,240 --> 00:22:42,440 you know, founded out there. They have their own website that 412 00:22:42,440 --> 00:22:45,560 basically kind of is, is beginning to bring awareness up 413 00:22:45,560 --> 00:22:49,160 to, you know, up on what what a non human identity is and how to 414 00:22:49,160 --> 00:22:52,160 kind of how to start building controls around it. 415 00:22:52,600 --> 00:22:54,760 And I, you know, I really appreciate what they, you know, 416 00:22:54,760 --> 00:22:58,480 the work that they've been doing as well as I think that NIST 417 00:22:58,480 --> 00:23:01,200 actually is beginning to take their first swings at it to 418 00:23:01,200 --> 00:23:03,200 trying to, you know, trying to get, you know, trying to get the 419 00:23:03,200 --> 00:23:07,080 details down of what, you know, a what up a not they call it, I 420 00:23:07,080 --> 00:23:12,920 believe they call it an NPEA non person, you know, entity is and 421 00:23:12,920 --> 00:23:14,360 try to go in, try to get into that. 422 00:23:14,360 --> 00:23:16,240 So there's been, you know, that's the research that I've 423 00:23:16,240 --> 00:23:19,320 been looking into on that end, as well as knowing full well 424 00:23:19,320 --> 00:23:23,040 that the, you know, the auditors, you know, the auditors 425 00:23:23,040 --> 00:23:26,160 and the GRC groups that we work with are very, very, very 426 00:23:26,160 --> 00:23:28,840 interested in trying to, you know, trying to figure out how 427 00:23:28,840 --> 00:23:32,760 to, how to say that, you know, how to build controls around it. 428 00:23:32,760 --> 00:23:36,760 In the sense of saying, can we get to the points of an, an 429 00:23:36,760 --> 00:23:40,560 application identity only having one, one select purpose. 430 00:23:40,560 --> 00:23:43,000 So therefore, you know when it, you know when it kind of leaves 431 00:23:43,000 --> 00:23:46,360 its boundaries or leaves its area of expertise or it gets 432 00:23:46,360 --> 00:23:48,400 over scoped or overused in some way. 433 00:23:48,720 --> 00:23:51,440 Again, bringing us back to identity and that into the whole 434 00:23:51,440 --> 00:23:53,880 space of least privileged. How do we just cut, How do we 435 00:23:53,880 --> 00:23:55,880 keep it in its own swim lane to keep it going? 436 00:23:56,120 --> 00:23:58,760 Hey Chris, let me follow up with one more thing because you just 437 00:23:58,760 --> 00:24:02,840 trigger something. So you talked about governing 438 00:24:02,840 --> 00:24:05,760 these non human identities, which brings me to the question 439 00:24:05,760 --> 00:24:10,960 is, is there such a thing as a non human identity? 440 00:24:11,880 --> 00:24:15,640 And I think most people answer the question yes, but is it a 441 00:24:15,640 --> 00:24:18,560 non human identity or they're non human accounts? 442 00:24:19,040 --> 00:24:22,080 Because from a governance standpoint, I think somebody's 443 00:24:22,080 --> 00:24:26,760 got to own these accounts. I don't really think they are 444 00:24:26,760 --> 00:24:29,560 identities. I think identities are like the 445 00:24:29,560 --> 00:24:33,000 people process. And and now maybe with AI we get 446 00:24:33,000 --> 00:24:35,440 into the point where there's actually intelligence enough to 447 00:24:35,440 --> 00:24:40,160 you say, OK, that's an identity. It can do the activities that a 448 00:24:40,160 --> 00:24:43,840 human being would do an intelligent enough way to say 449 00:24:44,080 --> 00:24:45,840 yes, this account is still required. 450 00:24:45,840 --> 00:24:50,040 Yes, that is still least privilege for this account, but 451 00:24:50,040 --> 00:24:51,800 I think that's what an identity does. 452 00:24:51,880 --> 00:24:56,600 I think an account is really what we're what exists for the 453 00:24:56,600 --> 00:25:00,960 most part today and those accounts or the process that 454 00:25:00,960 --> 00:25:04,920 creates those accounts needs to be owned by human being. 455 00:25:04,920 --> 00:25:08,000 What are your thoughts are? I absolutely agree. 456 00:25:08,000 --> 00:25:10,200 I mean, the way that we, you know, the way that we currently 457 00:25:10,200 --> 00:25:12,840 manage them and the way we're, we'll manage them in the future, 458 00:25:12,840 --> 00:25:15,800 absolutely that there will be owners involved and, you know, 459 00:25:15,800 --> 00:25:18,400 owners for each of those individual applications, be it 460 00:25:18,400 --> 00:25:21,800 an IT business owner or an IT technical owner in some way. 461 00:25:22,400 --> 00:25:25,480 You know, and, and they do, you know, and they get, they get 462 00:25:25,480 --> 00:25:28,080 applied through certification processes just like it, you 463 00:25:28,080 --> 00:25:30,400 know, just like any, you know, any other account that we, you 464 00:25:30,400 --> 00:25:31,800 know, any other account that we handle. 465 00:25:31,800 --> 00:25:34,680 So they they get reviewed for what they can do. 466 00:25:35,800 --> 00:25:37,920 So I have for topic. Number hold on. 467 00:25:37,960 --> 00:25:43,680 I I slightly disagree here. So I think absolutely any 468 00:25:43,680 --> 00:25:45,560 account can have an identity associated with it. 469 00:25:45,920 --> 00:25:48,160 So if we're talking about a, let's just call it machine 470 00:25:48,160 --> 00:25:50,360 account, right? Non human, it's in the name non 471 00:25:50,360 --> 00:25:51,880 human identity. This is what we're talking 472 00:25:51,880 --> 00:25:54,800 about. So we're saying, OK, this 473 00:25:54,800 --> 00:25:58,720 account belongs to some entity that is performing some sort of 474 00:25:58,720 --> 00:26:03,080 transaction or action. That entity can be human or 475 00:26:03,080 --> 00:26:06,480 cannot be human. And in the case of a non human 476 00:26:06,640 --> 00:26:10,240 entity or identity that we we definitely need to have 477 00:26:10,240 --> 00:26:12,880 ownership assigned to that. But I don't know if it's 478 00:26:12,880 --> 00:26:16,920 necessarily a person. It may be another entity that is 479 00:26:16,920 --> 00:26:22,120 responsible for that account. IT is responsible for this non 480 00:26:22,120 --> 00:26:24,080 human identity. The identity and access 481 00:26:24,080 --> 00:26:28,120 management team is responsible for this specific identity or 482 00:26:28,400 --> 00:26:31,440 marketing or e-commerce or whatever it may be. 483 00:26:31,800 --> 00:26:35,680 And I think as these non human identities start to evolve and 484 00:26:35,680 --> 00:26:39,680 become more, well, dare I say it, self aware, there may be 485 00:26:39,680 --> 00:26:43,600 some associate with that to say, OK, well Cortana, right, let's 486 00:26:43,600 --> 00:26:45,320 call it that or the Microsoft parlance. 487 00:26:45,320 --> 00:26:47,720 If you're a Halo fan or whatever, you know, there's 488 00:26:47,720 --> 00:26:50,320 probably a whole bunch of different service accounts that 489 00:26:50,320 --> 00:26:53,920 run underneath the non human identity called Cortana. 490 00:26:54,400 --> 00:26:59,400 Now Cortana might belong to, you know, an IT organization or an 491 00:26:59,400 --> 00:27:03,120 AI department within it. So I, I can see the argument to 492 00:27:03,120 --> 00:27:06,080 be made to say, no, these are these are identities. 493 00:27:06,520 --> 00:27:08,960 The it's just that we have to wrap our head around a different 494 00:27:08,960 --> 00:27:11,200 way to think about it. It's not just human or or non 495 00:27:11,200 --> 00:27:13,720 human. It's there is an account. 496 00:27:14,440 --> 00:27:17,200 What is its identity? Certainly if we don't have a 497 00:27:17,200 --> 00:27:19,000 strategy around it, it, you know, just might be a loose 498 00:27:19,000 --> 00:27:21,960 collection of accounts that are just, you know, these belong to 499 00:27:21,960 --> 00:27:23,920 IT. You whoever runs Active 500 00:27:23,920 --> 00:27:26,040 Directory, here you go. You guys figure it out, right. 501 00:27:26,360 --> 00:27:30,200 But I can I, I can I feel like I have to make the case for we 502 00:27:30,200 --> 00:27:32,840 need to think about this more strategically in broader terms, 503 00:27:32,840 --> 00:27:38,240 OK, we're talking about logical constructs here, an identity, an 504 00:27:38,240 --> 00:27:41,920 account, you know, ownership or responsible party, right? 505 00:27:41,920 --> 00:27:43,560 Things like that. And it is. 506 00:27:43,560 --> 00:27:46,520 I don't always see a one to one match that it's human to non 507 00:27:46,520 --> 00:27:50,400 human or vice versa. So the way that we've looked at 508 00:27:50,400 --> 00:27:54,720 it is, is that we look at it as a, or at least the way I've been 509 00:27:54,720 --> 00:27:59,360 looking at it, I'll say it that way is, is that if I have a 510 00:27:59,440 --> 00:28:04,160 function that is running on its own and it only has one purpose 511 00:28:04,160 --> 00:28:07,000 to basically turn this one widget or turn this one wheel 512 00:28:07,000 --> 00:28:10,320 and it does it on its own, then that's a non. 513 00:28:10,320 --> 00:28:13,320 You know, that that's the non that's non human identity get 514 00:28:13,320 --> 00:28:17,600 you at work. And that that's how we define 515 00:28:17,600 --> 00:28:18,760 it. So therefore it's, you know, 516 00:28:18,760 --> 00:28:22,280 it's the Lambda that goes off and does the thing and then, you 517 00:28:22,280 --> 00:28:24,800 know, and then you get an end product and it can't do anything 518 00:28:24,800 --> 00:28:28,480 else other than that one thing. But that's the, you know, that's 519 00:28:28,480 --> 00:28:30,840 kind of the overall goal and that's the, you know, that's 520 00:28:30,840 --> 00:28:32,160 where they access and everything. 521 00:28:32,160 --> 00:28:34,080 That's kind of the guardrails in which it sits on. 522 00:28:35,200 --> 00:28:38,040 So Chris, you picked a real easy one for your first topic. 523 00:28:39,400 --> 00:28:45,200 What do you have for number 2? Well #2 I want to say I would be 524 00:28:45,200 --> 00:28:50,120 interested in hearing more about the another topic that's, you 525 00:28:50,120 --> 00:28:56,680 know, top of mind to me is, is, is the identity, is the IAM 526 00:28:56,680 --> 00:29:02,720 space moving away from RBAC? Is RBAC something that I, I 527 00:29:02,720 --> 00:29:05,520 recognize that RBAC is going to be around for quite some time. 528 00:29:05,520 --> 00:29:09,080 This is not like, you know, I forget, I forget the particular 529 00:29:09,080 --> 00:29:12,640 tool like, you know, you know, Samuel that, that we talked 530 00:29:12,640 --> 00:29:15,560 about is getting ready to die or Samuel's dead when we, when we 531 00:29:15,560 --> 00:29:18,960 go to the EI Identiverse. But instead of that, you know, 532 00:29:18,960 --> 00:29:23,120 instead of in that instance, is the hourglass turned over on our 533 00:29:23,120 --> 00:29:26,480 back in which we are now kind of working our way to sunsetting 534 00:29:26,480 --> 00:29:28,400 our back. Are we at the beginning of that 535 00:29:28,720 --> 00:29:31,520 and moving towards a policy, you know, moving more towards a 536 00:29:31,520 --> 00:29:36,280 policy access control instead? Personally, what I run into is, 537 00:29:36,280 --> 00:29:41,080 is that, you know, is what I run into is, is that we've been too 538 00:29:41,080 --> 00:29:46,680 connected and too heavily reliant on our, for example, HR, 539 00:29:46,680 --> 00:29:49,160 you know, basically our HR systems and our HR data. 540 00:29:49,560 --> 00:29:53,480 So therefore it is, it's great that you know that, that is the 541 00:29:53,480 --> 00:29:55,040 beginning of, you know, identity. 542 00:29:55,600 --> 00:29:59,160 But using, you know, but using that, you know, using that 543 00:29:59,160 --> 00:30:03,360 identity information as kind of the foundational layer has 544 00:30:03,360 --> 00:30:07,480 become, has become more challenging because HR systems 545 00:30:07,480 --> 00:30:12,320 and HR groups and benefits groups and all the other groups 546 00:30:12,320 --> 00:30:14,360 that are out there that basically interact, that 547 00:30:14,360 --> 00:30:17,760 interact with that data have decided to start architecturing 548 00:30:17,760 --> 00:30:19,520 it differently. Have, you know, have started 549 00:30:19,520 --> 00:30:22,160 using it in different ways and have put a different lens on it. 550 00:30:22,880 --> 00:30:27,480 So I, you know, so when they decide to make big sweeping 551 00:30:27,480 --> 00:30:31,240 changes, it affects my, you know, it affects my R back. 552 00:30:31,760 --> 00:30:35,160 So therefore, at this point, I'm looking at it more in a curious 553 00:30:35,160 --> 00:30:39,040 state of should we, you know, should, you know, has the 554 00:30:39,040 --> 00:30:41,640 industry kind of acknowledged that, you know, those things do 555 00:30:41,640 --> 00:30:45,480 happen or those things are beginning to happen and maybe we 556 00:30:45,480 --> 00:30:48,640 should start bread crumbing? Basically our policy, you know, 557 00:30:48,640 --> 00:30:51,760 our policy engine to, you know, to basically take care of these 558 00:30:51,760 --> 00:30:54,920 things instead. Sure, still use that, that 559 00:30:54,920 --> 00:30:58,120 workforce management application or that human, you know, human 560 00:30:58,120 --> 00:31:01,120 resources, you know, data that comes in, but use it as a 561 00:31:01,120 --> 00:31:05,440 metadata or use it as an attribute on top of it to or as 562 00:31:05,440 --> 00:31:09,920 a, you know, as a, as a note to it to be able to say, OK, if 563 00:31:09,920 --> 00:31:12,720 you're, you know, if you belong to this department, you get this 564 00:31:12,720 --> 00:31:15,920 limited amount of access and then you work for this manager, 565 00:31:15,920 --> 00:31:18,160 you get this little bit more access. 566 00:31:18,160 --> 00:31:21,680 And then your title says this. OK, you get this. 567 00:31:22,280 --> 00:31:24,720 Now that you have those things, then we start talking about the 568 00:31:24,720 --> 00:31:27,320 denies. We start talking about because 569 00:31:27,320 --> 00:31:29,520 you have you, because you are in these departments and in these 570 00:31:29,520 --> 00:31:32,160 things, maybe you don't need to see all this other types of 571 00:31:32,160 --> 00:31:35,120 access that's out there and maybe you shouldn't because of 572 00:31:35,120 --> 00:31:37,320 toxic combinations, you shouldn't be able to get into 573 00:31:37,320 --> 00:31:40,840 these things at all either. I'm curious if you're seeing 574 00:31:40,840 --> 00:31:47,320 more growth in that space? I think the the RBAC hourglass 575 00:31:47,560 --> 00:31:51,440 has been perpetually tipped on its side, cracked with little 576 00:31:51,440 --> 00:31:54,360 pieces of sand falling out of it for a very long time. 577 00:31:55,440 --> 00:32:00,640 I can't think of too many IAM constructs that have such a, a 578 00:32:02,560 --> 00:32:06,480 positive that could have a positive thing on access that 579 00:32:06,480 --> 00:32:11,640 has been so poorly implemented and just addressed by not only 580 00:32:11,640 --> 00:32:13,160 the market, but the organizations that try to 581 00:32:13,160 --> 00:32:15,520 leverage as well. I see so many organizations that 582 00:32:15,520 --> 00:32:19,960 struggle with RBAC in general because it's become way too 583 00:32:19,960 --> 00:32:26,480 complicated for organizations to actively, you know, perform the 584 00:32:26,720 --> 00:32:31,040 exercise of creating the roles in a way that makes sense, is 585 00:32:31,040 --> 00:32:33,960 scalable, and they can actually keep up with it. 586 00:32:34,400 --> 00:32:37,720 Most organizations that I've talked to and I've seen got down 587 00:32:37,720 --> 00:32:41,280 the road of maybe six months to a year into it and we're like, 588 00:32:41,320 --> 00:32:43,840 oh, this sucks, forget it, go do something else. 589 00:32:44,800 --> 00:32:46,560 So I think there are, and I think this is, this is where 590 00:32:46,560 --> 00:32:50,040 things like policy based, attribute based, you know, other 591 00:32:50,040 --> 00:32:54,520 types of, you know, back have come along to try and fill in 592 00:32:54,520 --> 00:32:58,000 the cracks around this. The, the, the idea of RBAC 593 00:32:58,000 --> 00:33:01,360 sounds great on paper until it hits the real world and you have 594 00:33:01,360 --> 00:33:05,120 a real organization that has hundreds of applications, 595 00:33:05,560 --> 00:33:09,520 hundreds of different types of metadata available at your 596 00:33:09,520 --> 00:33:15,400 people, job titles, you know, physical location, you know, job 597 00:33:15,400 --> 00:33:17,360 codes that don't match with titles. 598 00:33:17,840 --> 00:33:20,240 The, you know, the organization doesn't recognize the difference 599 00:33:20,240 --> 00:33:23,680 between a manager, a supervisor or a director or an analyst in 600 00:33:23,680 --> 00:33:27,440 one for or one part of the, of the company versus an analyst in 601 00:33:27,440 --> 00:33:30,200 another. And So what are you left with? 602 00:33:30,680 --> 00:33:33,440 You're left with these alternatives to try and fill in 603 00:33:33,440 --> 00:33:36,600 the cracks or on RBAC. Now when I look at RBAC, I 604 00:33:36,600 --> 00:33:39,360 think, OK, that's a great, that's a great goal to have, but 605 00:33:39,360 --> 00:33:41,320 why don't we start with something easier like attribute 606 00:33:41,320 --> 00:33:44,480 based? Are you an employee or not? 607 00:33:45,240 --> 00:33:48,240 That should be hopefully a very simple question and answer. 608 00:33:48,240 --> 00:33:52,280 Sometimes it's not. But can we at least agree on who 609 00:33:52,280 --> 00:33:57,880 is an employee versus a, you know, a contractor or a customer 610 00:33:57,920 --> 00:34:00,400 or whatever that, you know, the persona might be? 611 00:34:00,920 --> 00:34:03,720 And I think if you can layer different attributes together, 612 00:34:03,720 --> 00:34:05,920 then he had a little bit better chance of starting to put 613 00:34:05,920 --> 00:34:10,400 together a axis control model that is actually effective, 614 00:34:10,800 --> 00:34:14,840 scalable, and an IM or an IT team who's responsible for this 615 00:34:14,840 --> 00:34:16,320 type of stuff can actually live with it. 616 00:34:16,880 --> 00:34:21,719 So I feel like this is a soapbox I get on a lot, but I, I, I just 617 00:34:21,719 --> 00:34:26,400 feel like RBAC is one of the, you know, under underutilized 618 00:34:26,400 --> 00:34:28,920 because it was so difficult and such a good idea. 619 00:34:28,920 --> 00:34:31,880 And the promise was, well, I'm just going to put my IJ tool in 620 00:34:31,880 --> 00:34:34,320 there and it's going to do role scanning for me and fix all this 621 00:34:34,320 --> 00:34:36,800 for us. I haven't seen it work that 622 00:34:36,800 --> 00:34:38,920 well. And I live and breathe this 623 00:34:38,920 --> 00:34:41,639 stuff all the time. So I, I feel like that's my, my 624 00:34:41,639 --> 00:34:42,960 two cents on it. So I'm going to stop off my 625 00:34:42,960 --> 00:34:44,400 soapbox and ask Jim what he thinks. 626 00:34:45,560 --> 00:34:48,199 I think authorization is a difficult topic. 627 00:34:48,520 --> 00:34:53,320 I mean, you know, authentication used to be a difficult topic, 628 00:34:53,320 --> 00:34:56,679 right when you had all these web applications and FAT 629 00:34:56,679 --> 00:35:01,680 applications and, you know, they were using different 630 00:35:01,680 --> 00:35:05,160 technologies for managing authentication. 631 00:35:05,160 --> 00:35:09,120 Different authentication was being mixed with coarse grained 632 00:35:09,120 --> 00:35:13,480 authorization. And then along came Samuel and 633 00:35:14,120 --> 00:35:17,480 it just became a standard that it was just easier to live by, 634 00:35:17,480 --> 00:35:20,280 like let's get people into the application, then let the 635 00:35:20,280 --> 00:35:23,200 application handle authorization. 636 00:35:23,600 --> 00:35:29,360 So now, now we kind of think authentication is way easier 637 00:35:29,360 --> 00:35:33,200 than authorization. And I do, I think even before 638 00:35:33,360 --> 00:35:37,760 Samuel that was true. Now when you take authorization, 639 00:35:37,760 --> 00:35:41,120 you have some applications where it's like there's a list of 640 00:35:41,120 --> 00:35:45,160 finite, a finite list of roles and you put a person into those 641 00:35:45,160 --> 00:35:47,360 roles. Then you have other applications 642 00:35:47,360 --> 00:35:52,000 take your ERP platforms or take custom built applications where 643 00:35:52,240 --> 00:35:55,720 the authorization model is tremendously complex. 644 00:35:56,440 --> 00:36:01,920 Now, you know, when you take something like RBAC, which, you 645 00:36:01,920 --> 00:36:06,560 know, I think our tendency is to say, well, how can I solve all 646 00:36:06,560 --> 00:36:09,400 this problem with RBAC? And I don't think that's the 647 00:36:09,400 --> 00:36:12,120 answer, but I do think there is a place for RBAC. 648 00:36:12,120 --> 00:36:17,960 I think especially for, and I think RBAC and ABAC, they kind 649 00:36:17,960 --> 00:36:20,720 of combine because you can get into the same conversation with 650 00:36:20,720 --> 00:36:23,680 what Jeff was saying is like, are you an employee or not? 651 00:36:23,680 --> 00:36:28,480 Well, you can create roles that trigger off of that attribute in 652 00:36:28,480 --> 00:36:31,600 your IGA system, for example, and say, all right, we're 653 00:36:31,600 --> 00:36:35,440 getting the this feed from the HR system that you are 654 00:36:35,680 --> 00:36:38,760 employees, we're going to create a role called employees and 655 00:36:38,760 --> 00:36:42,880 we're going to provision certain birthright access for employees. 656 00:36:43,080 --> 00:36:46,400 So I still think whether it's ABAC or RBAC, it kind of 657 00:36:46,400 --> 00:36:50,000 accomplishes the same thing. But when it gets to some of 658 00:36:50,000 --> 00:36:55,920 these real complex applications, I think the the utility of RBAC 659 00:36:55,920 --> 00:37:00,040 breaks down. Now could PBAC help solve this 660 00:37:00,040 --> 00:37:02,200 problem? Potentially. 661 00:37:04,120 --> 00:37:10,560 But I think even when you get to these BERP systems really 662 00:37:10,560 --> 00:37:17,920 becomes a matter of people caring about homogenizing the 663 00:37:17,920 --> 00:37:23,320 different types of access that can be provision, right, So that 664 00:37:23,480 --> 00:37:27,040 there are different types of people within that system. 665 00:37:27,280 --> 00:37:32,040 So you can get closer to that finite list of roles rather than 666 00:37:32,040 --> 00:37:38,040 everybody having an ad hoc, you know, access to that 667 00:37:38,040 --> 00:37:42,680 application, an ad hoc compilation of attributes and 668 00:37:43,040 --> 00:37:46,640 permissions within that app. As long as you're allowing that, 669 00:37:46,840 --> 00:37:51,800 I don't think any back model will really work. 670 00:37:52,200 --> 00:37:57,160 So it it the hard work is also on the application or platform 671 00:37:57,160 --> 00:38:03,360 side in terms of homogenizing authorization so they can fit 672 00:38:03,360 --> 00:38:06,560 some type of model. So you say homogenizing 673 00:38:06,760 --> 00:38:09,240 application that you know, the obligations together. 674 00:38:09,560 --> 00:38:14,000 My curiosity there kind of peaks a little bit because with the 675 00:38:14,000 --> 00:38:16,600 new with SAS applications and with all the different 676 00:38:16,600 --> 00:38:19,000 applications coming in from different areas, it's 677 00:38:20,040 --> 00:38:23,400 homogenizing doesn't seem to be the thing that is happening. 678 00:38:23,600 --> 00:38:26,080 You know, they're, they're, that's the part that we're 679 00:38:26,080 --> 00:38:27,600 that's the part that we're missing. 680 00:38:28,080 --> 00:38:31,640 I you know, there we spend a, you know, we've been working on 681 00:38:31,640 --> 00:38:34,280 RBAC for six plus years at this point. 682 00:38:34,280 --> 00:38:36,520 We, you know, and been, you know, been building it out as 683 00:38:36,520 --> 00:38:42,160 best we can and it's, it always still comes down to you will 684 00:38:42,160 --> 00:38:45,000 know that application doesn't, you know, doesn't have that type 685 00:38:45,000 --> 00:38:47,360 of granularity to it. It's that's not an option. 686 00:38:47,800 --> 00:38:50,760 So there's a, there's a balancing act that has to happen 687 00:38:50,760 --> 00:38:54,840 between systems that allow you to handle front door access 688 00:38:54,840 --> 00:38:58,000 essentially that that that, you know, that entry level access to 689 00:38:58,000 --> 00:39:02,280 the application. But then does doesn't have the 690 00:39:02,280 --> 00:39:06,600 APIs or doesn't have the connectors to do individual, you 691 00:39:06,600 --> 00:39:08,880 know, to get into the granularity, you actually have 692 00:39:08,880 --> 00:39:12,480 to go to the you actually have to go to a portal or whatnot to 693 00:39:12,480 --> 00:39:16,040 be able to get that access, you know, get that access figured 694 00:39:16,040 --> 00:39:20,840 out further. Do you with, you know, in those 695 00:39:20,840 --> 00:39:24,080 scenarios, are you, are you still seeing a situation where 696 00:39:24,080 --> 00:39:28,680 you want to bring in, you know, where you where you want to 697 00:39:28,680 --> 00:39:31,600 actually have, you know, where you want to actually have 698 00:39:31,600 --> 00:39:35,360 somebody build out, you know, you know, basically like 699 00:39:35,360 --> 00:39:37,920 business owners build out that access or build out, you know, 700 00:39:37,920 --> 00:39:39,640 build out how that works, I think. 701 00:39:39,640 --> 00:39:41,920 It's ultimately what it comes down to, right? 702 00:39:41,920 --> 00:39:45,760 So if you're implementing something like an ERP system 703 00:39:46,360 --> 00:39:50,040 within your organization, even though the ERP system might be 704 00:39:50,040 --> 00:39:55,640 able to handle, you know, thousands or hundreds of 705 00:39:55,640 --> 00:40:00,120 thousands of permutations of what a full set of 706 00:40:00,120 --> 00:40:03,800 authorizations could be, you can still have the discipline within 707 00:40:03,800 --> 00:40:07,800 your organization to say we're only going to do these. 708 00:40:08,240 --> 00:40:12,480 This ten types or these hundred types, which really like these 709 00:40:12,480 --> 00:40:15,480 are the important fields that we want to drive access based on. 710 00:40:15,800 --> 00:40:21,680 Now understand I'm that might not be appropriate in all cases 711 00:40:22,000 --> 00:40:28,560 because I think the biggest thing playing against any kind 712 00:40:28,560 --> 00:40:34,400 of role model or you know, when you try to make authorization 713 00:40:34,400 --> 00:40:37,960 simpler and by making it simpler, you're going to say, 714 00:40:37,960 --> 00:40:42,800 well, you know, 90% of the people that need this access 715 00:40:42,800 --> 00:40:47,040 need these things, so let's just give it to 100%. 716 00:40:47,840 --> 00:40:51,120 That is not least privilege. You know, at least it's not a 717 00:40:51,120 --> 00:40:53,480 black and white view of what least privilege is, because 718 00:40:53,480 --> 00:40:57,080 black and white view of least privilege is you only get the 719 00:40:57,080 --> 00:40:59,800 access that you need. So if we're giving you access 720 00:40:59,800 --> 00:41:04,480 that you don't need because it's more convenient, I'm sorry, 721 00:41:04,480 --> 00:41:08,640 that's not least privilege. I know that it might be just the 722 00:41:08,640 --> 00:41:14,040 academic argument, but I mean that's the reality in my 723 00:41:14,040 --> 00:41:16,800 opinion. Since there isn't going to be 724 00:41:16,800 --> 00:41:20,800 that you know that that standard for the next, you know that 725 00:41:20,800 --> 00:41:24,120 won't that won't occur for the next 5-10 fifteen years if we're 726 00:41:24,120 --> 00:41:27,800 being optimistic. I think that's what's driving me 727 00:41:27,800 --> 00:41:33,520 to policy because policies more customized policies more a Jason 728 00:41:33,520 --> 00:41:36,640 statement or an XLML statement of some sort that I can take and 729 00:41:36,640 --> 00:41:41,000 I can actually put in my if and then's and whiles into the into 730 00:41:41,000 --> 00:41:43,200 it. I hope that, you know, I hope 731 00:41:43,200 --> 00:41:46,640 maybe in the future in that, you know, in that standardization 732 00:41:46,640 --> 00:41:49,360 that you're talking about, we'll actually, you know, we'll take 733 00:41:49,360 --> 00:41:51,720 that into consideration and use, you know, going to use that as 734 00:41:51,720 --> 00:41:54,480 kind of the the backbone of it. Gee, gross. 735 00:41:54,480 --> 00:41:57,880 It looks like you're picking some real easy ones to start off 736 00:41:57,880 --> 00:42:02,640 with, so I know you had at least three in mind already. 737 00:42:04,080 --> 00:42:06,560 Sure. So let's take a step back. 738 00:42:06,800 --> 00:42:10,160 So I know that I, you know, I've, I've, I've hit you with, 739 00:42:10,280 --> 00:42:12,840 you know, I did, you know, with the non human identities and got 740 00:42:12,840 --> 00:42:15,280 into the granularity there. I know we've been and then we 741 00:42:15,280 --> 00:42:18,680 just got done talking about, you know, about policy and our back. 742 00:42:19,880 --> 00:42:22,560 Why don't we talk about the team for a little bit, you know, you 743 00:42:22,560 --> 00:42:26,560 know, a little bit at this point, what, you know, going to 744 00:42:26,560 --> 00:42:28,760 Identiverse and going to different conferences and 745 00:42:28,760 --> 00:42:32,280 talking, you know, you know, talking to dozens and dozens of 746 00:42:32,280 --> 00:42:34,800 people at this point and kind of getting into their stories and 747 00:42:34,800 --> 00:42:38,240 getting into what the, you know, how their I, their IAM teams 748 00:42:38,240 --> 00:42:41,480 work. What I find most interesting is, 749 00:42:41,480 --> 00:42:44,760 is how different we really all are. 750 00:42:45,160 --> 00:42:47,320 We all feel like we're doing the same thing. 751 00:42:47,320 --> 00:42:49,920 We all feel like we're basically heading in the same direction 752 00:42:49,920 --> 00:42:51,680 and trying to go after the same things. 753 00:42:52,440 --> 00:42:56,760 But our, you know, our mode of transportation or our, you know, 754 00:42:56,760 --> 00:43:00,440 our group that we're using to get there is so vastly 755 00:43:00,440 --> 00:43:03,960 different. And another article that I'm 756 00:43:03,960 --> 00:43:06,600 going to be working up is, is going into, you know, kind of 757 00:43:06,600 --> 00:43:08,480 going into that. There is, you know, there are 758 00:43:08,480 --> 00:43:11,400 groups, there are, there are businesses out there that of 759 00:43:11,400 --> 00:43:14,000 course focus on all the different pieces. 760 00:43:14,600 --> 00:43:17,320 But you know, they, you know, that in the end you have to kind 761 00:43:17,320 --> 00:43:18,840 of have all the different elements. 762 00:43:18,920 --> 00:43:22,760 But the question is, is do you have a dedicated team to anyone 763 00:43:22,760 --> 00:43:25,160 particular area? How how heavyweight or 764 00:43:25,160 --> 00:43:29,360 lightweight do you go and into, into each one Personally, we're 765 00:43:29,360 --> 00:43:30,840 a, you know, we're a governance shop. 766 00:43:31,200 --> 00:43:33,920 We're, you know, we're very much there to help the business and 767 00:43:33,920 --> 00:43:38,440 they're very much there to enact what, you know, you know, kind 768 00:43:38,440 --> 00:43:40,760 of, you know, enact whatever, you know, enact whatever 769 00:43:40,760 --> 00:43:43,520 controls that are around it. That's kind of where our 770 00:43:43,520 --> 00:43:46,840 heavyweight is. And then we work toward then, 771 00:43:46,840 --> 00:43:50,040 you know, and then we do, yeah, we help facilitate that through 772 00:43:50,160 --> 00:43:51,720 taking care of the day-to-day provision. 773 00:43:52,840 --> 00:43:56,160 But with that, I'm learning, you know, I'm learning that there's 774 00:43:56,160 --> 00:43:58,720 not just, you know, there are teams out there or there are 775 00:43:58,720 --> 00:44:02,280 departments out there and other organizations that solely focus 776 00:44:02,280 --> 00:44:05,480 on governance and then solely focus on provisioning. 777 00:44:06,160 --> 00:44:09,080 And then I'm finding out about new groups that are being spun 778 00:44:09,080 --> 00:44:11,640 up, especially with this latest, you know, this latest trip to 779 00:44:11,640 --> 00:44:14,880 identifiers that are focusing on the cybersecurity side. 780 00:44:14,880 --> 00:44:18,200 You know, the more cybersecurity focus side of it, being able to 781 00:44:18,560 --> 00:44:21,560 find fishing, you know, trying to define and trying to build 782 00:44:21,560 --> 00:44:25,040 out fishing resistant IAM accounts or, you know, identity 783 00:44:25,040 --> 00:44:28,360 accounts. And then there's the cloud teams 784 00:44:28,360 --> 00:44:30,960 that are trying to help the dev OPS groups keep their 785 00:44:30,960 --> 00:44:33,240 infrastructure up and running and keeping this, you know, the 786 00:44:33,240 --> 00:44:36,520 spin up and spin down and the keys that go along with it up 787 00:44:36,520 --> 00:44:40,560 and, you know, up and running. These are all things that, you 788 00:44:40,560 --> 00:44:42,960 know, I'm, I'm at the kind of the beginning of that journey of 789 00:44:42,960 --> 00:44:47,160 understanding that they're, you know, we don't as an operations 790 00:44:47,160 --> 00:44:48,640 team, we don't have to do it all. 791 00:44:49,000 --> 00:44:51,680 We have to do what's most important to our, you know, 792 00:44:51,680 --> 00:44:54,120 what, what's most important to our individual groups. 793 00:44:54,560 --> 00:44:57,640 And then, you know, but making sure that each one of those are 794 00:44:57,640 --> 00:45:00,960 touched in some way, form or fashion by someone within the 795 00:45:00,960 --> 00:45:05,680 organization. How do you, you know, do we feel 796 00:45:05,680 --> 00:45:09,000 as though that that's the way you know, you know, I, I'm so 797 00:45:09,000 --> 00:45:11,680 used to the idea of, you know, everybody kind of just knows 798 00:45:11,680 --> 00:45:13,520 where they're going. You knows, you know, knows the 799 00:45:13,520 --> 00:45:15,600 mode that they're running in, sure. 800 00:45:15,720 --> 00:45:18,160 You know whether or not you want pepperoni on your pizza or 801 00:45:18,160 --> 00:45:20,720 whether or not you want sausage. You kind of like, you make some, 802 00:45:20,720 --> 00:45:23,440 you make some little variations, but for the most part, it's 803 00:45:23,440 --> 00:45:26,760 still pizza in the end. You're using a bad analogy at 804 00:45:26,760 --> 00:45:29,360 this point, I admit. Especially around lunch. 805 00:45:29,560 --> 00:45:31,800 Especially around lunch. But a delicious one. 806 00:45:33,560 --> 00:45:37,320 But is that is there going to be different, is there going to be 807 00:45:37,320 --> 00:45:40,840 bigger changes than this or is it you know, or do you see this 808 00:45:40,840 --> 00:45:44,200 being or you see those being still being the core, you know, 809 00:45:44,200 --> 00:45:46,120 the core pieces of it going forward? 810 00:45:46,200 --> 00:45:50,680 Is there where? What should I be looking out for 811 00:45:50,680 --> 00:45:53,400 as far as as an operations manager of IAM? 812 00:45:53,560 --> 00:45:56,480 Kind of the doers of IAM what what should I be looking out 813 00:45:56,480 --> 00:46:00,280 for? I think I'll go first. 814 00:46:00,280 --> 00:46:05,560 So I think you're getting into organizational design, which is 815 00:46:06,480 --> 00:46:10,600 somewhat or very specific to the organization, which has a lot to 816 00:46:10,600 --> 00:46:15,880 do with the size of the organization, how geographically 817 00:46:17,160 --> 00:46:22,720 dispersed whether or not I am is completely essential service or 818 00:46:22,720 --> 00:46:25,760 if it's more localized to where the people are. 819 00:46:27,160 --> 00:46:29,800 But I think we can make some general assumptions or talk 820 00:46:29,800 --> 00:46:34,760 about some general topics there. You know, I think that one thing 821 00:46:34,760 --> 00:46:38,200 you have to look out for is because especially in this 822 00:46:38,360 --> 00:46:41,720 identity space, if you design your organization around all 823 00:46:41,720 --> 00:46:48,320 right, this is the product that we use for governance and start 824 00:46:48,320 --> 00:46:51,600 just fixating on, OK, the product can solve these 825 00:46:51,600 --> 00:46:54,120 problems. And now there's another team 826 00:46:54,120 --> 00:46:57,640 that is really focused on another product that handles 827 00:46:59,040 --> 00:47:04,360 authentication maybe or another product that handles privileged 828 00:47:04,360 --> 00:47:06,480 access management. So I think those are the big 829 00:47:06,480 --> 00:47:10,880 three with it when it comes to internal identity or workforce 830 00:47:10,880 --> 00:47:14,640 identity. Now the products will shorten it 831 00:47:14,680 --> 00:47:16,720 to encroach in each other's space. 832 00:47:16,720 --> 00:47:20,040 And what you you had the potential for is that if you 833 00:47:20,040 --> 00:47:25,360 take a product view of the world that then you start doing 834 00:47:25,360 --> 00:47:29,200 things, doing the same services within each other. 835 00:47:29,480 --> 00:47:31,320 And I think that's a real danger. 836 00:47:31,320 --> 00:47:34,880 So I think the teams, if you have separate teams supporting 837 00:47:34,880 --> 00:47:39,960 those that you're doing all site workshops or something, so those 838 00:47:39,960 --> 00:47:43,400 teams are collaborating on OK, what is our strategy going 839 00:47:43,400 --> 00:47:47,400 forward for each of these teams to support and where do we know 840 00:47:47,400 --> 00:47:49,720 where our lines of demarcation are? 841 00:47:50,040 --> 00:47:53,120 I think that's very important in a very large organization where 842 00:47:53,360 --> 00:47:56,840 these different domains are being covered by different 843 00:47:56,840 --> 00:48:00,760 groups. I think what I see more often is 844 00:48:00,760 --> 00:48:05,240 smaller teams where people are cross trained across the groups 845 00:48:05,600 --> 00:48:09,200 and they're working within those groups, especially on the not as 846 00:48:09,200 --> 00:48:11,800 much on the operation side necessarily, even though I do 847 00:48:11,800 --> 00:48:16,080 see that on the operation side as well, but build side. 848 00:48:16,080 --> 00:48:19,520 And certainly like the architect level where they're doing the 849 00:48:19,560 --> 00:48:23,160 the big time planning of how all these tools work together. 850 00:48:23,280 --> 00:48:25,160 But I think that is very important. 851 00:48:25,160 --> 00:48:29,800 It's not to get just locked into too focused of a picture. 852 00:48:31,400 --> 00:48:32,680 Yeah. What do you have, Jeff? 853 00:48:33,800 --> 00:48:35,520 Yeah. And I agree with you, it's this 854 00:48:35,520 --> 00:48:38,560 is mostly organizational design. I think this is the classic 855 00:48:39,080 --> 00:48:42,320 centralized versus decentralized strategy that a lot of 856 00:48:42,320 --> 00:48:45,120 organizations might be looking at of, well, how do we handle 857 00:48:45,120 --> 00:48:47,440 our IM functions? Do we try to build a central 858 00:48:47,440 --> 00:48:50,520 team that kind of does it all and separate that from the 859 00:48:50,520 --> 00:48:53,800 business? Or do we allow the business to 860 00:48:53,800 --> 00:48:56,480 administrate their own applications as long as they 861 00:48:56,720 --> 00:49:00,360 hopefully adhere to whatever standards or policies have been 862 00:49:00,360 --> 00:49:01,880 set up by a central organization? 863 00:49:02,400 --> 00:49:04,680 And, and I don't think the answer is, you know, right or 864 00:49:04,680 --> 00:49:06,960 wrong either way. It really is a very personal 865 00:49:06,960 --> 00:49:09,600 decision for the organization. A lot of it comes down to the 866 00:49:09,600 --> 00:49:11,600 people from the organization itself. 867 00:49:12,000 --> 00:49:14,720 You know, where where do your skill sets lie? 868 00:49:15,080 --> 00:49:17,800 You know, is Active Directory an IM tool or is that IT 869 00:49:17,800 --> 00:49:20,840 infrastructure? Most organizations ADS been 870 00:49:20,840 --> 00:49:22,640 there forever. And so there is like an, you 871 00:49:22,640 --> 00:49:25,840 know, a general IT or network group that kind of handles the 872 00:49:25,840 --> 00:49:27,640 Active Directory stuff. And maybe you have a different 873 00:49:27,640 --> 00:49:31,560 team that does your IGA platform or privilege access or maybe. 874 00:49:31,560 --> 00:49:35,800 So I think it's an interesting, you know, discussion to have 875 00:49:35,800 --> 00:49:39,360 because I think this is one of those things where you have, if 876 00:49:39,360 --> 00:49:41,880 I had to guess, Chris, when you write this, the comments are 877 00:49:41,880 --> 00:49:45,360 going to kind of fall into two different camps of a more 878 00:49:45,360 --> 00:49:49,480 centralized approach and a more of a, you know, governance 879 00:49:49,480 --> 00:49:54,360 decentralized type of approach. And, you know, nobody's going to 880 00:49:54,360 --> 00:49:55,600 be wrong and nobody's going to be right. 881 00:49:55,600 --> 00:49:57,360 It's just like, well, here's what works for our organization 882 00:49:57,360 --> 00:49:59,520 or what hopefully it works for our organization. 883 00:49:59,520 --> 00:50:01,800 Some organizations that, you know, maybe they could stand to 884 00:50:01,800 --> 00:50:05,040 be a little more centralized and, you know, or at least put 885 00:50:05,040 --> 00:50:07,480 out together, you know, put better policies or standards or 886 00:50:07,480 --> 00:50:09,160 maybe anything. This is where I am. 887 00:50:09,160 --> 00:50:12,520 Program management becomes so much more important when you're 888 00:50:12,520 --> 00:50:15,720 dealing with multiple areas of the business that are not 889 00:50:15,720 --> 00:50:19,360 directly underneath, you know, your control as an identity 890 00:50:19,440 --> 00:50:22,800 person or even as an IT person. So I think it'll be, I'll be 891 00:50:22,800 --> 00:50:26,280 curious to see what, what feedback comes through for for, 892 00:50:26,320 --> 00:50:28,880 for that article. Yeah, I agree with you both as 893 00:50:28,960 --> 00:50:32,280 you know, not surprising. And let's say, and Jeff, I think 894 00:50:32,280 --> 00:50:35,680 you, you know, what you said really, you know, rings true to 895 00:50:35,680 --> 00:50:39,560 me is 'cause you know, Active Directory is an, you know, is an 896 00:50:39,560 --> 00:50:41,360 IT function. Is, you know, is, is, you know, 897 00:50:41,360 --> 00:50:43,880 in our cases is an IT, you know, is an IT function. 898 00:50:43,880 --> 00:50:46,760 But who takes care of the day, you know, the care and feeding 899 00:50:46,760 --> 00:50:49,560 of, you know, Active Directory. We do, you know, and we're on, 900 00:50:49,720 --> 00:50:51,800 we're underneath the, you know, we're underneath the security 901 00:50:51,800 --> 00:50:53,360 side of the, you know, side of the house. 902 00:50:54,200 --> 00:51:00,800 There's so much it's so, you know, it's so interesting to me. 903 00:51:00,800 --> 00:51:03,320 And, you know, in the last three years of being in this position 904 00:51:03,320 --> 00:51:08,640 of, of trying to learn that my, you know, that I have different 905 00:51:08,640 --> 00:51:11,520 audiences that I have to, you know that, yeah, that we have to 906 00:51:11,520 --> 00:51:15,760 work together with to be able to get, you know, to get identity 907 00:51:15,760 --> 00:51:17,520 handled, you know, handled properly. 908 00:51:17,800 --> 00:51:22,960 There's how do I, you know, how do I talk SL as to the business 909 00:51:23,320 --> 00:51:27,520 and then talk about, you know, how does single sign on actually 910 00:51:27,520 --> 00:51:30,280 work in the background to that, you know, to the IT side of the 911 00:51:30,280 --> 00:51:33,360 house and what you know and what you know and their concerns with 912 00:51:33,360 --> 00:51:35,840 it. While then keeping a balancing 913 00:51:35,840 --> 00:51:39,440 act of my, you know, my stakeholders insecurity. 914 00:51:39,440 --> 00:51:41,880 Asking the question of, well, can we make sure that we know 915 00:51:41,880 --> 00:51:45,720 that this guy really is in California or is he in New York? 916 00:51:45,920 --> 00:51:48,920 Let's let you know, let's let's know who were the right answer 917 00:51:48,920 --> 00:51:50,520 of that. You know, the location of these 918 00:51:50,520 --> 00:51:55,240 users are, it's a, it's a, It's an interesting, interesting 919 00:51:55,240 --> 00:51:56,920 challenge. You know, another thing you 920 00:51:56,920 --> 00:52:01,520 brought up in your question or your topic, Chris, was are some 921 00:52:01,520 --> 00:52:03,560 of these things going to go away? 922 00:52:03,640 --> 00:52:07,280 And I don't know if you were hinting at like, OK, AI is going 923 00:52:07,280 --> 00:52:12,560 to do these things for us. Because I look, if AI does, if 924 00:52:12,800 --> 00:52:17,040 five years down the road, we're not just allowing business users 925 00:52:17,040 --> 00:52:21,200 to go into AI and say, I need to rerun a recertificate 926 00:52:21,520 --> 00:52:26,080 recertification campaign of all of my users who use this 927 00:52:26,080 --> 00:52:30,240 application. And I want to send that to this 928 00:52:30,240 --> 00:52:33,960 manager or the person's manager or whatever and basically use 929 00:52:33,960 --> 00:52:39,600 prompt engineering to construct their own access certification. 930 00:52:40,000 --> 00:52:43,120 If that's not available in five years, like what is AI really 931 00:52:43,120 --> 00:52:45,560 done right? I mean, that should definitely 932 00:52:45,560 --> 00:52:50,160 be available in five years. And I got to think IGA companies 933 00:52:50,160 --> 00:52:53,440 know that if if they're not doing that, someone's going to 934 00:52:53,440 --> 00:52:58,320 come along and invent that. So, yeah, I think some of these 935 00:52:58,320 --> 00:53:03,400 jobs that you know, I remember when I ran the IAM program for a 936 00:53:03,400 --> 00:53:07,960 bank, we had a person completely dedicated to running access 937 00:53:07,960 --> 00:53:11,000 certifications and managing access certifications that were 938 00:53:11,000 --> 00:53:12,800 in flight. Once those were all done, 939 00:53:12,800 --> 00:53:16,120 generating the reports and getting the next round started 940 00:53:16,120 --> 00:53:20,840 so that we could attest to access on a quarterly basis, 941 00:53:21,080 --> 00:53:23,480 those things had better go away, right? 942 00:53:23,960 --> 00:53:26,760 I still do have that guy, that guy you're talking about who 943 00:53:26,760 --> 00:53:29,360 does the quarterly certifications that we do 944 00:53:29,360 --> 00:53:32,080 function as a bank. So therefore, you know, I do 945 00:53:32,080 --> 00:53:35,840 have that person on my team that that they really do or they do 946 00:53:35,840 --> 00:53:38,800 run access certifications day in and day out, night in and night 947 00:53:38,800 --> 00:53:41,520 out trying to trying to help manage, you know, trying to help 948 00:53:41,520 --> 00:53:45,640 manage that expectation. I've been, you know, we are of 949 00:53:45,640 --> 00:53:48,920 course, you know, interested in AI and kind of looking into 950 00:53:48,920 --> 00:53:52,880 what, you know, what AI can do. But as a side note or tangent, 951 00:53:52,880 --> 00:53:56,840 I've been looking at it as a, really as a, as a big data model 952 00:53:56,920 --> 00:53:59,680 kind of scenario more than a, you know, more than necessarily 953 00:53:59,680 --> 00:54:02,400 an AI one. It's how do I take the, yeah, 954 00:54:02,520 --> 00:54:08,080 you know, how do I take not only my IGA data, but my ServiceNow 955 00:54:08,080 --> 00:54:12,720 data and my cybersecurity applications data and my, you 956 00:54:12,720 --> 00:54:15,000 know, and other forms of data? And how do I put those things 957 00:54:15,000 --> 00:54:18,640 together to, you know, build a bigger picture of what, what's 958 00:54:18,640 --> 00:54:21,720 out there to be able to answer, you know, to be able to answer 959 00:54:21,720 --> 00:54:25,840 more concise questions of is that access really being used? 960 00:54:25,840 --> 00:54:28,360 Does that access? It does, is that access really 961 00:54:28,360 --> 00:54:32,000 appropriate anymore by by looking at the, the metadata 962 00:54:32,000 --> 00:54:36,200 around everything around it? It's a it's a great question and 963 00:54:36,200 --> 00:54:39,920 I would love, I would love an AI to help me do that, but I'm I'm 964 00:54:39,920 --> 00:54:42,800 not there yet. It's going to get better, right? 965 00:54:42,800 --> 00:54:45,480 I think AI, this is the worst it's ever going to be. 966 00:54:45,920 --> 00:54:47,200 It's going to keep getting better from here. 967 00:54:47,200 --> 00:54:48,240 And it's already pretty darn cool. 968 00:54:48,240 --> 00:54:51,760 I mean, I'm a I'm a fan of it. And the good news is you picked 969 00:54:51,760 --> 00:54:55,040 three really easy blog topics to get into. 970 00:54:55,400 --> 00:54:59,240 So I'm sure it'll be super easy to to come up with different 971 00:54:59,240 --> 00:55:00,840 viewpoints. And I'm curious to see, you 972 00:55:00,840 --> 00:55:01,960 know, the comments and the feedback. 973 00:55:01,960 --> 00:55:03,280 So I'll be looking forward to those. 974 00:55:04,160 --> 00:55:07,040 You've been very generous with your time and it is a Sunday, so 975 00:55:07,040 --> 00:55:08,720 why don't you go? You even went in, you even went 976 00:55:08,720 --> 00:55:13,480 into the office to record this. So you know above and beyond, 977 00:55:13,960 --> 00:55:17,280 but I have something very important to ask you as a Marvel 978 00:55:17,280 --> 00:55:21,920 fan or as a Co Marvel fan, what are your thoughts on Robert 979 00:55:21,920 --> 00:55:25,640 Downey Junior being announced as Doctor Doom coming back to the 980 00:55:25,640 --> 00:55:30,880 Marvel Universe? So I'm really curious on whether 981 00:55:30,880 --> 00:55:33,520 or not the mask will actually come off. 982 00:55:34,240 --> 00:55:37,440 You know that when reading the articles and reading the things 983 00:55:37,440 --> 00:55:40,280 that they talk about, you know, about Robert Downey Junior doing 984 00:55:40,280 --> 00:55:44,680 that, you know, being Doctor Doom, I think the actor has the, 985 00:55:44,720 --> 00:55:48,000 you know, has a great ability to play, you know, to be able to 986 00:55:48,000 --> 00:55:50,400 play the part. Can he play that villain? 987 00:55:50,400 --> 00:55:55,080 Can he play that, you know, that kind of empowered just like, you 988 00:55:55,080 --> 00:55:57,800 know, master of all kind of, you know, kind of character. 989 00:55:57,960 --> 00:56:00,520 Absolutely. Robert Downey Junior's can knock 990 00:56:00,520 --> 00:56:02,160 that will knock that out of the park. 991 00:56:03,920 --> 00:56:06,520 Will they, though, take the mask off? 992 00:56:07,240 --> 00:56:10,240 Will, you know, will there be scenes in any way, form or 993 00:56:10,240 --> 00:56:14,400 fashion where we really know it's him underneath it in any 994 00:56:14,400 --> 00:56:18,080 way, form or fashion? I don't know how they do that. 995 00:56:18,080 --> 00:56:20,200 I don't know if they had I, you know, I would like to think 996 00:56:20,200 --> 00:56:22,800 Doctor Doom can't take it off. And therefore it's not a, it's 997 00:56:22,800 --> 00:56:27,800 not a question. But if there is, you know, are 998 00:56:27,800 --> 00:56:29,440 we doing a multiverse thing here? 999 00:56:29,680 --> 00:56:32,680 You know what's the, you know what's the, you know what's the 1000 00:56:32,680 --> 00:56:35,200 play. Well, yeah, I mean, he is Iron 1001 00:56:35,200 --> 00:56:36,680 Man. He told you this, you know, 1002 00:56:36,760 --> 00:56:39,240 point blank to the camera, right? 1003 00:56:39,240 --> 00:56:44,120 And then he snapped his fingers. You know, that's that mean, 1004 00:56:44,120 --> 00:56:46,200 that's a benefit, right? He's used to playing a character 1005 00:56:46,200 --> 00:56:49,720 with a mask, being an Iron Man. Now, obviously, Tony Stark, you 1006 00:56:49,720 --> 00:56:52,640 know, pulls the mask off much more frequently than Doctor 1007 00:56:52,640 --> 00:56:53,760 Doom. And I'm sure they'll take 1008 00:56:53,760 --> 00:56:57,440 liberties because, you know, they have to make a movie kind 1009 00:56:57,440 --> 00:56:58,720 of out of it. But it'll be interesting to see 1010 00:56:58,720 --> 00:57:01,680 how it goes, I think. I think it's interesting to have 1011 00:57:01,680 --> 00:57:06,240 the same actor playing two different roles within the same 1012 00:57:06,320 --> 00:57:09,640 universe. And how do they explain that? 1013 00:57:09,640 --> 00:57:14,080 Is it a multiverse angle? Well, you didn't, you know. 1014 00:57:14,440 --> 00:57:16,240 If you didn't, you know. I don't want to, you know, a 1015 00:57:16,240 --> 00:57:18,960 little bit of a spoiler if you haven't seen the Deadpool 1016 00:57:18,960 --> 00:57:20,240 Wolverine movie yet. I have. 1017 00:57:20,240 --> 00:57:24,040 Not, don't spoil it. All I'll say is is Captain 1018 00:57:24,040 --> 00:57:26,040 America makes a, you know, makes an, you know, makes an 1019 00:57:26,040 --> 00:57:28,800 appearance. And then you'll see something 1020 00:57:28,800 --> 00:57:31,160 else happen there too. That'll be you know that you'll 1021 00:57:31,160 --> 00:57:32,680 that'll come to that same question. 1022 00:57:33,600 --> 00:57:36,960 OK, well, I'm a fan of Deadpool, so I'm looking forward to seeing 1023 00:57:36,960 --> 00:57:39,480 that what I can. Jim, do you have any idea what 1024 00:57:39,480 --> 00:57:41,000 we're talking about? None. 1025 00:57:41,440 --> 00:57:44,000 None whatsoever. Actually, I did know that there 1026 00:57:44,000 --> 00:57:47,960 was a Deadpool movie. And Wolverine. 1027 00:57:48,720 --> 00:57:51,240 Jesse for Ryan Reynolds. Yeah, you're right. 1028 00:57:51,440 --> 00:57:55,240 I know that Ryan Reynolds is the Deadpool, but that's all I know. 1029 00:57:55,480 --> 00:57:57,880 OK, now I'm kind of like anything else they say is 1030 00:57:58,080 --> 00:58:01,160 totally uninformed. So when you hear the the 1031 00:58:01,160 --> 00:58:04,000 character Doctor Doom, what comes to mind just. 1032 00:58:04,120 --> 00:58:08,120 As amazing. So those comic books were around 1033 00:58:08,120 --> 00:58:11,480 when I was a kid. So I'm familiar with Marvel 1034 00:58:11,960 --> 00:58:14,400 comic books. And what I've found is like when 1035 00:58:14,400 --> 00:58:17,600 these movies come out and they had the the surprising things 1036 00:58:18,040 --> 00:58:23,160 nobody was expecting, it was in one of those comic books like 1037 00:58:23,440 --> 00:58:27,960 #138 that I mean, who the heck is going to remember every 1038 00:58:27,960 --> 00:58:31,640 section of a comic book? So I think the creators go back 1039 00:58:31,640 --> 00:58:34,720 into the comic books and one of the things that I, I'm always 1040 00:58:34,720 --> 00:58:38,920 shocked by is like how dark some of those comic books really got 1041 00:58:38,920 --> 00:58:40,760 because I didn't realize it when I was a kid. 1042 00:58:41,080 --> 00:58:44,880 I was collecting them and looking at them, but I wasn't 1043 00:58:44,880 --> 00:58:48,560 looking at them in the way an adult would look at them, right? 1044 00:58:48,560 --> 00:58:52,200 To really understand like the subplots, it's just like you're 1045 00:58:52,200 --> 00:58:54,600 looking at him like kid, like, oh, that guy's cool. 1046 00:58:54,880 --> 00:58:57,520 That guy's a bad guy. I don't like him or whatever. 1047 00:58:57,520 --> 00:59:02,320 So, but I always think it's neat how they tie it back to a real 1048 00:59:02,320 --> 00:59:05,240 comic book. And there was like, Oh yeah, we 1049 00:59:05,240 --> 00:59:06,520 should have known that was coming. 1050 00:59:06,760 --> 00:59:12,720 It's kind of like how Game of Thrones tied back to those books 1051 00:59:13,120 --> 00:59:16,120 and like people who are like, really geeked out on the books. 1052 00:59:16,120 --> 00:59:19,200 What was it like fire and ice or something like that? 1053 00:59:19,600 --> 00:59:22,440 They'd be like, Oh yeah, they kind of knew what was coming, 1054 00:59:22,440 --> 00:59:25,720 etcetera. So it it's similar to that, 1055 00:59:26,600 --> 00:59:28,400 yeah. Well, it'll be interesting to 1056 00:59:28,400 --> 00:59:31,000 see that Doctor Doom. So he's the the main villain 1057 00:59:31,440 --> 00:59:33,640 that's opposite of the Fantastic Four. 1058 00:59:34,200 --> 00:59:37,080 So I know that there's been a Fantastic Four in the past. 1059 00:59:37,080 --> 00:59:41,160 I don't think it was fantastic, but it was it was fine. 1060 00:59:41,200 --> 00:59:43,120 So I know they're kind of rebooting that, but it'll be 1061 00:59:43,120 --> 00:59:44,440 interesting to see how it goes. I just thought it was 1062 00:59:44,440 --> 00:59:46,480 interesting. And you know, if you've seen the 1063 00:59:46,480 --> 00:59:49,120 clips at this point, right, Robert Downey Junior comes on 1064 00:59:49,120 --> 00:59:51,800 the stage, there's a bunch of different Doctor Dooms and he 1065 00:59:51,800 --> 00:59:54,720 pulls off the mask and then you see him. 1066 00:59:54,720 --> 00:59:57,160 And this is how they announced it like Comic Con or something 1067 00:59:57,160 --> 01:00:00,360 like that. So it got it was it was it was 1068 01:00:00,360 --> 01:00:02,800 kind of a cool reveal to be I guess maybe if you were in the 1069 01:00:02,800 --> 01:00:05,960 room, you're like, you know, holy, you know, whatever. 1070 01:00:06,680 --> 01:00:10,560 That's Robert Downey Junior And you know, after him having had 1071 01:00:10,560 --> 01:00:14,440 such a successful, you know, journey to the whole Iron Man 1072 01:00:14,600 --> 01:00:18,040 kind of process and then to the The Avengers, it's kind of 1073 01:00:18,040 --> 01:00:21,120 interesting to see how they. How they tackle that or if they 1074 01:00:21,120 --> 01:00:23,000 just ignore it, they got. It's just it's a different. 1075 01:00:23,000 --> 01:00:26,320 Role so aren't there like 2 lines of comic books There's 1076 01:00:26,320 --> 01:00:30,800 like that and then there's the one where they had like the 1077 01:00:31,600 --> 01:00:35,400 what's the the the League of Nations or something and I 1078 01:00:35,680 --> 01:00:40,000 remember seeing a commercial now where Aquaman is fighting that 1079 01:00:40,000 --> 01:00:44,800 one guy who's got like the the. What are you mixing DC and 1080 01:00:44,800 --> 01:00:46,760 Marvel? DC and Marvel, that's what I'm 1081 01:00:46,760 --> 01:00:48,200 saying. That's yeah. 1082 01:00:48,200 --> 01:00:49,960 I can't keep up with that soft man. 1083 01:00:49,960 --> 01:00:54,800 I don't know how you guys do. DC has not had a successful film 1084 01:00:55,520 --> 01:00:57,440 background. I would say with the exception 1085 01:00:57,440 --> 01:01:00,520 of Batman's movies, they've probably done the best, but they 1086 01:01:00,520 --> 01:01:04,400 haven't really been tied to like ADC universe of like Superman, 1087 01:01:04,400 --> 01:01:08,400 Wonder Woman, Batman, The Flash, etcetera, those sorts of things. 1088 01:01:08,960 --> 01:01:11,360 I think Marvel has definitely done a much better job of 1089 01:01:11,360 --> 01:01:15,200 getting their characters out there and, you know, producing 1090 01:01:15,360 --> 01:01:18,560 good fun films to see. Wasn't there like a Superman 1091 01:01:18,560 --> 01:01:21,360 versus Batman where they were fighting with each other and it 1092 01:01:21,360 --> 01:01:23,720 was like, that was pretty dark, wasn't it? 1093 01:01:24,160 --> 01:01:25,600 Most of the DC films have been dark. 1094 01:01:25,600 --> 01:01:28,280 I don't know Chris about you, but I feel like DC tends to be a 1095 01:01:28,280 --> 01:01:32,200 little of a darker approach to their characters compared to 1096 01:01:32,720 --> 01:01:36,120 Marvel. Yeah, DC's always been darker 1097 01:01:36,160 --> 01:01:39,880 that, you know, Marvel's always been, you know, Marvel's always 1098 01:01:39,880 --> 01:01:42,120 been a little bit more upbeat and a little more like there's 1099 01:01:42,120 --> 01:01:44,520 a, there's a happy ending to the story kind of thing. 1100 01:01:44,520 --> 01:01:47,880 Where in ADC movie, there's no guarantee that the movie doesn't 1101 01:01:47,880 --> 01:01:49,520 end with people, with everybody dead. 1102 01:01:49,520 --> 01:01:52,760 And, you know, and like you and, you know, and the storm clouds 1103 01:01:52,760 --> 01:01:55,040 basically, you know, dissipating around the, you know, around 1104 01:01:55,040 --> 01:01:57,000 the, you know, around the world. That's a normal. 1105 01:01:57,000 --> 01:01:59,080 That's a normal look. All right, Well we got into it. 1106 01:01:59,160 --> 01:02:02,320 I was curious, Chris's to see what you would thought about our 1107 01:02:02,320 --> 01:02:04,840 opportunity to coming back, but let's go ahead and leave it 1108 01:02:04,840 --> 01:02:07,640 there for this week. Chris, thank you so much for 1109 01:02:07,640 --> 01:02:08,880 your time. I'm going to have a link in our 1110 01:02:08,880 --> 01:02:11,040 show notes to your LinkedIn article. 1111 01:02:11,600 --> 01:02:14,600 Connect with Chris on LinkedIn and you know, maybe provide some 1112 01:02:14,960 --> 01:02:17,520 some fodder for articles coming up or opinions and things like 1113 01:02:17,520 --> 01:02:19,760 that. Jimmy and I are on LinkedIn, so 1114 01:02:19,760 --> 01:02:22,320 definitely connect with us and you know, send us comments, 1115 01:02:22,320 --> 01:02:24,200 feedback, etcetera. We're on the web, 1116 01:02:24,200 --> 01:02:28,200 idscpodcast.com, Twitter X, whatever it's called at IDSC 1117 01:02:28,200 --> 01:02:30,200 podcast. If you're watching this on 1118 01:02:30,200 --> 01:02:32,600 YouTube, thank you so much. Hit that like and subscribe 1119 01:02:32,600 --> 01:02:33,920 button. That's the best way you can help 1120 01:02:33,920 --> 01:02:35,520 us out. If you're not watching us on 1121 01:02:35,520 --> 01:02:38,360 YouTube, do us a favor and jump over to YouTube real quick and 1122 01:02:38,360 --> 01:02:41,080 and give us a subscription. That would be fantastic to make 1123 01:02:41,080 --> 01:02:43,840 it easy. You can hit idacpodcast.tv. 1124 01:02:43,880 --> 01:02:45,040 That'll take your right to our channel. 1125 01:02:45,680 --> 01:02:47,560 And yeah, we'll go ahead and leave it there. 1126 01:02:47,800 --> 01:02:51,360 Thanks everyone for watching and or listening and we'll talk with 1127 01:02:51,360 --> 01:02:56,000 you all on the next one. You've been listening to 1128 01:02:56,080 --> 01:02:59,960 Identity at the Center. We hope you've enjoyed the show. 1129 01:03:00,160 --> 01:03:04,240 Make sure to like, rate and review, and we'll be back soon. 1130 01:03:04,560 --> 01:03:06,800 But in the meantime, hit the website at 1131 01:03:06,800 --> 01:03:13,160 identity@thecenter.com. See you next time on Identity at 1132 01:03:13,160 --> 01:03:14,080 the Center.