You're listening to the identity of the center podcast, this is the show that talks about identity and access management and making sure you know who has access to what let's get started. Welcome to the identity of the center podcast I'm Jeff and that's Jim. Hey Jim hey Chef, how are you not too bad yourself? Good broadcasting here from the RSM podcast. Sweet here in hot. Las Vegas is very hot. Not so hot in here though. I've kept it real cool.
Yeah, but we've been doing this series when the I am Summit here in Las Vegas and it's been fantastic. Having those podcasting sweet. Really excited about the Sun. And that we have here today, we're going to talk about, ITT are ya identity, threat, detection, response. Help us with that conversation. We've got head Cadets, he's a CEO and co-founder at Silver for welcome head. Hey, great to be here. Yeah, thanks so much for taking the time and so we have tradition here.
When we have someone on the show, we have to find out about their identity origin. Story is identity, something that you chose or did it Choose You? It's a good question. You know I kind of went into the whole cyber security space like a lot of Father you know, easily alleys in this space to the to the minute of 8,200 unit before that, I thought I'm going to be an artist. I didn't even think I'm going to go into Tech but when I was 18, you know, 8200 just bought me in and I loved it.
I stayed up for six years. It was a group leader. It's five teams though doing like cybo campaigns and then after that walked for governments on similar things. So you know, because I had this experience with, let's say the offensive side of security, it became very clear to me that at the end of the day, I mean everybody's talking about zero-day attacks and fancy things, but if you want to tackle identity is just the easiest way in and it's almost crazy. How easy it is.
Like if you really want to go like, bleach into a network of move laterally inside of it. Why would you bother do anything else? It's just so easy and exposed and that, that drove me to find you. Think about why is it like this? I mean obviously there are a lot of solutions. So that, that is what attracted me to the space is knowing that those such a clear problem.
And even though there are hundreds of Solutions in the market, the problem is not solved still the majority of data breaches involved stolen identities. So why is that? And is there any way to do it differently? That's something that I taught a lot about and, you know, really want to do something on the time, I'm very glad they did. So this space called identity
threat detection or spots. I TDR, I feel like this Maybe it was started with you be a at some point in the past and maybe it's evolved or maybe I'm not thinking it in the correct terms but that's why we got you here to help educate myself and others. What is itd are in your perspective? So for a long time, identity security was kind of mixed into just I am identity infrastructure. You know, if you have an I am platform. It has some security features,
obviously. But I think we got to a point where because there are so many attacks that are leveraging, stolen identities and credentials, people are realizing that we need to look at identity security as a standalone thing that we have to solve. And it kind of can't be a feature in that identity platform because most companies have a few different identity platforms. They have, they have active directory, on-prem, and they have a GED or OCTA in the cloud.
And they have something for the privileged access management and they have something in the perimeter and all of these all from different vendors that Are competing with each other. So there has to be a standalone category or solution that would look at identity threats across all these things and really focus on on the securing the identities, securing these this this attack surface that people I think for a long time didn't really think about it as a major attack surface.
But it is, you know, one of the biggest we see that with every rainstorm or attack. All right. We'll it just spreads in the network. So easily, no matter what kind of security tools you have simply because you can take, you know, stolen account for active directory, and use it to move to any other computer in the network. Nobody will stop you. So I TDL is really about detecting and stopping this disease, entity threats and looking at identity as an attack
surface. Yeah, to me this, the whole itg are explanation that you just gave is really what we call identity at the center. So if you think about the name of this Broadcast is the idea that you have all these tools throughout the network. Some of them are identity tools. Some of them are other tools like you gr but that identity and tying off who the person is, who has a counseling, all those environments as touching. All those environments doing?
All those things ties back to a person and if you have that intelligence and you can take action, you know, that's a big thing. It's not just throwing a bunch of alerts, right? It's being able to take action. So I want to take a step back. We could be because you have a booth here. So you're getting to interact with a lot of identity practitioners, the people who listen to this show. I'm wondering.
What are those people asking you at your booth about your products about itg are, are they at the point where they really have a firm understanding or they just kind of Dipping their toe in the water of what the space is all about? I think most of them don't understand it yet. And this is by the way, why we have time to talk about what we actually do. Instead of just putting a title, you know, itdo it's kind of similar to how a lot of vendors are using zero tasks as the title ID.
It's a concept, it's a framework is a very important. One eye to the other as well, but we should talk to customers about what is it that we actually do? What is the solution? How does it work? So that's what we try to do at the person. People really get it feel like people respond to it very well. We had hundreds of good conversations here.
I did a session that, you know, a lot of People came to talk to me after we also had, you know, I was very glad to find out that some point that Andrew cannon from General Motors did a session about their whole strategy for identity security and 0 tasks. Any yet a whole slide with our we are like the missing piece because they're one of our customers. That obviously got a lot of people to come to our boussinesq. You know, how can we do the same?
That's a good. Get, you just expand it in a way by the way. I think expanding way that this is better than how I do it in certain ways, just so simple. By the way, I think in general, that's what the industry needs. Much much simpler explanations that are much more straightforward without a lot of marketing fluff.
Like this is what we do, this is how it plugs into your existing Solutions and this is what you get and that's what I'm trying to do. I feel like every year it's a fort or story became become simpler instead of adding more and more complexity. It's actually a simple story every year and it just works. Well, that's been a theme.
I think, for this conference, we've seen some of the Keynotes were around storytelling and sort of human element and Distilling things down into simpler easier to understand Concepts. Because if you can't articulate what it is that you're doing. If a very difficult time, getting any traction, especially, because there's so many vendors and I do think we're doing something very differently. So if we just use the same terms like everybody, it's all designed to really explain what
is it that we do? And by the way Jim I think that you hit on exactly these two things. It's before the that I TDL needs to evolving because I mean, you guys are right in many ways, this is just, this could be just trim blending of some existing things like Huey, be a, but I think it will not think it will be much more than that, and it's especially because of two changes that I think. And I hope I did. I will blink versus the old. You know, Huey be a about one is the response.
Which I think a lot of people are still trying to figure out what is that response, but it cannot be about detecting anomalies in sending alerts to the same. The last thing people need is a more alerts. Nobody, I mean, they said, there's a shortage in talent in the market. Nobody has enough people to handle all these alerts. It has to come with some kind of real-time automated response that will stop the attack. Especially when were talking identity attacks, they are so
fast. When you got an attacker in your network with a domain admin account, they will take over your network, you know, within an hour they will not wait until you get a bunch of a little to your serum and you go investigate them and it will it's way too late. So I think the response part is what a lot of the solutions. Started as mobile fed detection, tools will now need to evolve in. And that's I think one of the managers will be where we innovated.
And the second is has to be course platform. It cannot be something that works only for the cloud or only for the on-prem. Only for one type of users. It has to be across the board, by the way, that is in my opinion, the biggest failure in identity security. Until now, if you think about it identity is one of the only Categories. Well, security is just a feature inside the infrastructure platform, right?
So, if you got a jewel and you're using the security features for the identities of using achter de of Dell security features in other categories Securities, it's not like that. Think about endpoint security you by your endpoints themselves from one vendor or fulfill, you know, Lenovo HP Dell, you don't buy endpoint protection from each of them, that only works
for their own endpoints. You go to Vendors that specialize in endpoint security and you buy a solution that works, on top of all the platforms, all the laptops, same with network, you can buy network security solution, regardless of what kind of switches and routers, you have. It's a security solution that works everywhere, but identity
is not in identity. If you have five different platforms for identity because your hybrid multi-cloud, whatever, Each of them has its own security features within the infrastructure. Those actually not I mean I think I think we are but I think those not a good solution all
the hasn't been for a long time. That is really a security layer, the track on top of all of them because they are competing with each other Michael's of dr. Ping Starbuck they will not allow the other one to apply policy on their platform. Right. Each of them is only doing its own thing, looking at their own piece of the puzzle. And we'll trying to be the new ciao. Security layer on top. And this is why I think I did.
L is such an important thing because identity security has to stop being just a feature in the infrastructure. It has to evolve into something separate from I am gets on capability, essentially? Yeah. Because it has to be Standalone. It has to be something that works on top of old identity platforms. So I'm kind of wondering like, who from an organization then identifies that there's a problem that needs to be solved.
Is it the folks that run? On the EDR and realize that, wow, we're not getting all the data that we need. This is the folks from the, I Am side that realize that we're managing identities and all these different places. And we just have to be able to kind of make what's happening over here. And we need to be able to flow our actions positive or negative two, other places where that identity has access. It's a great question.
And I think it illustrates exactly the problem I just mentioned, because Think about it right now in companies you got I am teams. What is that exactly? Is that infrastructure? Is that security for end point it's clear right? You got one team managing the end points themselves from an IT perspective and you got another team doing endpoint security. Why is the identity one team
sometimes? Reporting to the Seesaw, sometimes reporting to the CIO to the city, oh, but it's one team that has to take care of the infrastructure and the security. These are two separate things. Right now we are seeing companies from, you know, some companies have it on the right tea and then these people usually kill more about, you know, the the infrastructure side, some companies have it on do security. But I think that, I hope that as this Market evolves.
And as identity security, right EDR. Become a separate thing from I am infrastructure. Companies were also evolved and have separate teams that are doing, identity infrastructure, and identity security.
But right now, it is confusing. And yes, sometimes it's coming from people who like, the endpoint team or the stock team, or but it shouldn't, you know, identity is important enough to have a team dedicated to identity security specifically, some companies have them, but usually, very large ones. So, so, as I TDR, A product class, like IGA or is a framework like zero trust. It's a good question.
I think that in many ways, it's a flame Oak, I think a lot of different solutions will now say that they'll doing it DL. Because in many ways they are all of these. Like, if you're doing, you know, MFA or Pam or many of these other things in many ways, you o, part of idea. But I do think that idea is more about the brain that controls all of these different things, right?
So yes, you got em f. You got Pam, you got, you know monitoring you got all these different things, but there has to be something in the middle, which this is what how I think about idea like the brain that the Plies, all of these controls in the right time. So if we detect something that looks like lateral movement or like an anomaly, okay, maybe we then call the MFA, by the way. The MFA doesn't even do need to
be part of our platform. We, for example, walk with all the MFA vandals, if we detect a threat in the network, we will they go do. I will take out the Azure MFA? Will to go OCTA. It doesn't do to be a part of it. What we are is really the policy engine, the ones that detect the traps and decides what is the right response to it? Is it to trigger MFA? Is it to block the user? Is it sending an alert?
You know, there are many things you can do and they they don't necessarily have to be part of the itd. How policy engine, they can be things that companies already have. We're saying to customers a, you already have MFA. Just like now you're using it as
a pretty simple control. That sits on your perimeter and maybe your Cloud applications how'd you like to take this existing MFA solution that you already have an extended into the place as well attacks actually happen within the you know the identity infrastructure, all these things that the MFA Solutions don't cover you know, command line, tools and Industrial Systems. And you know all these foul shells and on-prem particles that end.
Just doesn't walk Focus right now, it's all in the VPN in the cloud applications web apps. But you don't need to replace it. We're just extended to these places. We're bring the modern security into the places where he doesn't walk the Legacy systems. The service accounts, the infrastructure So in a way I did, the other is just, it's the policy engine of the brain. That enforces, the security control that you might already
have. When it's the right time in the right place, I think you have the policy won't. One thing I was thinking about there is that, you know what? I think about IGA system implementation, especially like 10 years ago. We're automating a lot of things that were happening manually, right? So, the business result was we were reducing the The organization by doing things in an automated way.
We didn't have to have people running around and provisioning access or you know, exporting Excel files and somebody else turning them into an access for you. But I think what you're talking about with ITT, are these are things that don't happen today. So this the business result is reduction in Risk. You actually now have visibility into security data that today, you do not have these things are happening, but you can't do anything about it.
It is why do we? I think the most exciting thing about itdo even as you know as opposed to other types of detection response tools that are not on the identity is that if you're talking about detection response outside of identity, the response is actually pretty limited. What you can do is usually Send an alert, you know, and do something retroactive, which is not great because nobody can
handle these alerts. And you're missing the actual attack or you can block, you can block the endpoint, you can block the, the network access, you know, something that is very aggressive, you don't want to do that. Because most of the detection today is not necessarily accurate, right? You get a lot of false positives, so, you know, nobody wants to do that. So this choice between sending an alert or doing something very aggressive, is all you got when you're talking detection
response, outside of identity. But in identity, you got a third option, you can step up the authentication. That's a great option because everybody's used to it. I'd getting an MFA Pompton saying. Yes, this is me almost two years, 22 years to it. By the way, they're going to do it less with idea because without i.d., all they need to do it. Every time they log in, we fight it out, they only need to do When we think the count is may be compromised.
So it's actually less annoying and maybe they will be less automatically you know, right? Clicking on it. By the way, the other solutions for that, we have a whole whole block about that too. But the thing is step-up authentication as a response tool in many ways, is the most effective one, because you're basically, letting the usual tell you, is it you or not, why have the stock team investigates? Thousands of alerts.
If we can simply ask the user is it, you can you prove it and within one click they will tell us. Yes, it is me and you're just annoying me for no reason. And please don't don't do it again and we can actually learn, we can train the algorithm. You know what, maybe for you. It is normal to login in the middle of the night from, you know, from another country. Maybe for you, it is normal to connect, 25 databases in all the weekend, if you can prove it
that it's you. We can train our algorithms to understand what is normal. That's something you don't get with regular you. A ba doo ba, you know, theoretically, we can train it, but nobody does here. It's almost like you are crowdsourcing your alerts to the users, right? Let them tell us. What are the two positives? If I can tell the stock Team? All of these thousands of anomalies that I taught, or maybe another security product taught that are risky.
You know what? We actually ask the users and these are the five were the user. Couldn't prove his identity. These are your real incidents, and by the way, we block them, we didn't let them too, but you can now focus on these five all the rest of them. You know what we target? Step-up authentication, the user told us that same. It's much, much less risky. Let's focus on the ones. We couldn't, this is unique to Identity. You don't get that with any kind
of other detection response. At the end point that the network are sorry, as I think I did the others, even a bigger potential, the detection response to other platforms and forces the You give another words, we found a potential bad actor shut that bad actor off. Whereas what you're talking about is now we can do Step Up. We've confirmed a positive. Now, we can actually, you know, reduce that risk to our so that the user has a has less friction throughout their journey.
I wanted to shift off exclusive is really generously trying, but there was one more thing I wanted to hit, which, is this itd, our space, it's just becoming He is entering my Consciousness, right? So it's kind of like new for me, anyway, and I'm kind of tracing it back to the Gartner hype
cycle, right? Because I think if you look at product like single sign-on, IGA privileged access management, it's gone all the way through the hype cycle is probably at the what they called the plateau of productivity. You look at zero trust it's kind of like gone through it. And now it might be, you know, might start at some point is going to get into Us. Trough of disillusionment. And the reason I say that is not because to put down zero trust,
I think 0 trusses fantastic. But if there's the mentality that hey I'm just going to be able to Cobble together some products or maybe by one Suite of products in b0, trust. That's the joke. That's not what it is. So, what I wanted to ask you is, where is ited? Are in this in this hype cycle? And would you say that like a year? For now, how does it look
different? Our people is it more and more people's Consciousness. Are people saying this is just something you have to do. It's a great question and I think that we all that it time well, a lot of angels will say we do idea and a lot of customers were wrongfully. Think that idea is just one product you buy and you'll good. And it's not just like zero tossed.
It's an approach. You need to get all your solutions to walk together around it so I think The will be for the next year or two, a lot of confusion. A lot of people will look at things that are actually mostly detection tools as I TDR. And, you know, a lot of products that will you be a or doing different things to detect threats will now say I was doing idea and our response is that we send an alert to the sock and then they do something about it.
And what I hope will happen is you know slowly people will realize that the detection part has been though for But will it really? You know what I did? That was really an opportunity is to really connect the detection to the real-time active response to the enforcement. If we can do that, if we can take the detection that has been though.
I mean, it is improving now but it's has been done for years and we finally connected to the enforcement to the MFA to the conditional access policies to the things that actually stop attacks. If we finally make that connection that is the opportunity of idea. Ha, and I think for the next year or two people are going to be confused or going to look at detection tool that has repackaged as ideal as if this is. You know, this is what they need.
And I think slowly they will realize okay that's just sending us another alert. It will not actually stop the attacks force and they will understand it. Ideas about the connection between detection and response active response, it actually stops attacks and that is where it will get to a certain maturity. Well, I do think that the it Back to once it matures one, people do Ido this way. I think that the impact of this
will be huge. I think that, in terms of actually stopping attacks, this will be one of the most effective Concepts or tools ever simply because so many attacks involving identities without the identity element to probably much, much less risky they will probably stay on one two devices. The not be able to take over the entire network without the identity element.
It is used to propagate and second because I think the response at the identity level step-up authentication is such a great option for response because it's the perfect combination between security and productivity. You take action real action to prevent the attack without blocking your real legitimate users that are simply trying to walk. You use Step Up aggregation almost as a filter. To stop only the real threats without bothering the legitimate users.
I think this is where idea is going to be a game-changer, but yes, it will take time for everybody to understand what is really active and what is maybe just a piece of it like detection. Yeah, thank you. It's very, very educational, very eye-opening.
And it's going to be very interesting to watch this unfold, you know, over the next year to see, you know, I think Kind of I hear one of your predictions is that they're going to be vendors trying to repackaged Old products as like hey this is now I TD R zero trust and ideas are so you just like take care of all your problems with with our product.
That's what I'm afraid of is the dilution of the terms but was happens but I think customers will realize eventually to take time but it's okay you know if every category but people will realize what is actually bringing them. The value. And also, I think that the detection tools still have a place. I think that, you know, I don't believe that any Vendo has the solution for everything, we obviously don't, you know, we really try to connect with all of the other security products
in order to work together. By the way, that's another concept Governor is talking about the mesh, right? Everything's to work together. So yes, the detection tools. Also have a place they can detect certain things. Maybe there's another product that can enforce, you know, and it all To all these different identities. Silos, that will be connected. Everybody needs to work together. No, no. Single. Vendor can say, I have the solution for everything and I think customers are starting to
get that. And I think, well, it will become very clear as once these Solutions. And we always think it with our product will actually stop a lot of attacks that our daughters. Don't we stop an attack. Almost every week. Now, real data breach on one of our customers and I think people are telling each other that those saying. Hey you know what?
I Other than some of attacking my network and you know, some of what actually saw it stepped up the authentication to my user, the user didn't respond and it stopped it stayed on the One initial endpoint on patient zero and let move anywhere else and they'll telling each other about it. You know what, it actually stopped the attack. Another thing that is driving awareness and influencing the
industry is cyber insurance. A few years ago, I think people didn't really know what it will become, I think, just like in other Industries, eventually, it's not there yet, but eventually cyber insurance will signal to the customers. What they need to do because they have a lot of data and they have a strong incentive to actually get you to buy the product that stop attacks because otherwise they would pay
a lot of money. So if they recognize and I think they are starting to that this is going to actually stop attacks and stop ransomware attacks. Especially do going to force everybody to buy this and I think it's a good thing because any single customer can beg get confused with all these different vendors and messages. It's actually a good thing that, you know, insurance will tell you. You know what we have data from
tens of thousands of customers. And we can tell you if you get this product or this type of product, your risk actually goes down. So we'll only give you insurance if you buy it. I think that's a good thing. It's not there yet but it's it will get them carry saying a lot of maturity. D and cyber Insurance questionnaires that are going out and my faith a couple years ago. What do you mean? You're not doing MFA? Okay. Now you need to because you got to follow the money.
I think it's maybe the least is still not the for list of what people should do, but it's good because it kind of puts a mirror in front of people. Like these are the things you need to do. Because we believe that they reduce the risk. The most And it's good because it doesn't, it means that not every small company will need to do their own research and come to these conferences. You know, they will actually get a list of, you know, this is what you need to do to have a lower risk.
And I think I did, I was going to be a big part of it. I mean now it's MFA and privileged access but eventually all these things tie together into idea. It's protecting the identities that's key to stopping a tax. Even very eloquent and helping us understand itd are so I want to put that eloquence on display. What's the 30 second? Elevator pitch that you give to somebody when you're like okay what do you do?
Like I'm sober for okay so me so So what we do is we extend identity security controls such as multi-factor, authentication conditional access everywhere, even in two places where they don't work. Today, the Legacy protocols, the service accounts, you know, command line, tools, all these things that people actually targeting in a way that doesn't require you to change any of these systems because we sit behind your existing identity infrastructure.
We detect threats Enforce the security controls so that we can protect your identities everywhere even in the places. Well, security for identity is not available today. And by the way, as you can understand from this, you know, short explanation. I'm not focusing on. I TDR, I think that in many ways, this is idea, but I think that people will slowly understand what I did there is and we can, you know, we can do, we can help them.
And the fact that you guys are doing this, obviously helps people understand. But for now, we need to talk about the things that people really need to do and it's about securing identities. Will I think one of the biggest gaps? You know, putting itd have a site for second is the fact that modern identity security is only available for modern applications. It's available in the cloud in octane as already.
But for the, for the Legacy infrastructure for the on-prem does nothing, people have to listen passwords and Legacy protocols in a tackles know. That's what the focus the command line tools, the file shows the service accounts in our machine to machine access the Legacy infrastructure. That's where they go. So this is the main thing we actually talking about today. I believe itthere is the future.
I believe, this is what we're going to focus on this, what we're going to do, but right now to simplify this for the customers and help them solve a much more clear than immediate pain. My focus is actually on this. I'm telling them you already have. Eight Solutions, you know, I show it is a great solution, it has MFA in conditional access and everything, but it only works for your web applications, it doesn't work for all these
things. I just mentioned, we can extend that because we work, with all these vendors, we can extend your Azure ad and agile MFA to these places. I didn't even mention, I TDR, or zero task to any of these Concepts. Thank you. It will actually help you achieve those things, all right? Because once you extend more than identity security, The everywhere, you will actually achieve zero Tarzan idea, but I'm trying to focus on. What are you actually getting
what? What is not protected today that we will protect for you and I leave? I TDR and zero tolerance to these kind of conversations. Well, you know, I do hope that people will adopt these Concepts but I think people are tired of just seeing vandals, only talk about the buzz words, we need to talk about what the solution is actually does and how it does it. And that's really resonates with people. I feel like in this week was very, very clear.
We just talked to people about, you know, what do you use today for MFA for identity security? And they will say, whatever. Vendor they have great probably works perfectly for your web applications, your modern applications. But how about all these other things, the Legacy stuff, the command line tools, the service accounts that's what attackers actually go because they know it's not protected.
We can extend that solution that you already have or The and that's such a clear story that is letting them extend an existing solution that they already invested in. That gives them great results in one environment extend it to the out of. So if you ask me, what is the the easy way? What is the way I am? Expanding our product today. That's how I do. I think that We should really, I think every window should really try to focus on one of the clear issues that they solve and how
they solve them. And yeah, we can talk about the concepts in order to educate the market, but otherwise it becomes too confusing for people to just heal these buzzwords.
So that Simplicity in the language exo-k, explanation is something that is I'm finding to be more and more important because we get lost sometimes in Flowery language and it was you know, spend a focus here at the Gartner conference as well around storytelling and You know, really being articulate around the message, you've been really great through time and I just wanted to know if we have just a couple more minutes, I want to ask you more questions from like a CEO perspective.
We were talking before we hit the record button and you mentioned something about retention and with where we are right now with great resignation and now quiet quitting, which is apparently, a new thing that's out there. What are some of the things that our secrets to success? And I'm sure you're going to show statistics, I hope you will around Round finding and retaining talent.
Because I think there's a lot of people who are trying to build teams trying to find identity, people is really hard right now because you're taking care of hopefully the ones that are happy and if you're trying to build a team, the pool of talent is not as is not where it needs to be and I'm curious from your perspective, as you know, the CEO of a corporation, you know company. How are you doing that?
It's very important topic. I think, I think everybody has this problem of talent in cyber security and identity. Its Oh, by the way, is something that is very important to me, specifically, like one of the reasons I actually started the company, you know, besides wanting to invent, you know, Heidi are in all these great thing is actually that they wanted to build a company that I would have liked to walk for like a place that is actually good for the people.
A person who will people like working with each other and believe in what they do because I want to wake up in the morning. And go to a place where I enjoy what I do. All right? And it was very important for me all along to build this kind of culture where people really work together as one team without politics without ego. You know, just working as one team to the same goal and I think we were able to achieve that it becomes difficult when you go fast.
So, you know, we've been going very fast instantly, you know, some of our teams like cells marketing tripled since the beginning of the It's hard to keep the culture. I still meet everyone who joins the company, by the way, before just do or even to interview them professionally. But just to understand that I'm not going to lose that special
thing that we have. But I think the most important partner is just caring about the employees whether it's about the work-life balance or about the fact that they will be challenged with with interesting things to do, and just knowing that the company cares about them and then they care about the company, I don't believe in forcing people to Still the number of hours a day. And as people can, especially in the post covid World, it doesn't really matter.
People can not do anything and you will never know. It's very hard to know. So the only thing you can do is try to make them kill about it and that's never about the product or the even the money. It's usually about the people if you work with people that you like and you feel like they care about you and you feel like management is Is in the same boat with you people, actually liked it and stay.
We had last year, little more than one percent of people leaving the company, we have 150 employees and I think it's because of that. So half a person left. How did that work? No, it was, it was too. But I think that another part of that is just how we react to the changes in the mouth. It, you know last year was crazy. So many startups did crazy funding rounds with valuations that have nothing to do with the actual performance side and they burned the money with, you know,
fancy parties and whatever. And it's, you know, great for them. But now when the market is down at all of these companies are letting go a lot of employers and I think employees understand that you know, it's important to be in the company that kills about. It doesn't go crazy when the market is too optimistic and doesn't need to overcorrect at your Expense, right? Because the CEO is probably still, you know, tell.
But at the expense of some of these employees when things are bad, that's a great Point. Yeah, I mean, the other thing, I just wanted to point out is, as a smaller company. I think if you make it bad hire bringing the toxic personality, just the the is has a magnifying effect of how how much damage that can do. I mean that can that can hurt
even a big Buddy right. But with a small companies just magnified so you interviewing everybody as they come in just to make sure that you're not going to upset that corporate culture. I think is just so important. I just want to hire people that want to walk in this mentality. When we all work together, we help each other. Even if it's not exactly. You know someone's responsibility is not exactly getting paranoid. People were help each other because we all want to achieve
the same goal. Urgh. And I want to find people like that. It's not easy by the way, but there are a lot of people like that. I feel like we have a great team and I will not continue to probably interview everybody, right? But I can't ask my my managers and executive to do that. I think they get it completely.
And I think it's it's something that the whole company believes in, I think but also part of it is this, you know, knowing how I make decisions that I'm being responsible with the company's goals and money, I think. Care about that. Think they want to know that. And we are very transparent and basically showing to the team, every quarter, the same size I'm showing to the bolt. No, just this is where we are. This is all the data. This is the bad things to good
things. I think people appreciate that because they want to know that we're doing the right things and they can continue to believe in where the company is going. And I think the company is going in, amazing direction will be having great traction. Now the potential of this space in general, but also just just, this solution is so big.
Big. But, you know, it's it's not enough a lot of the other part of it is the people like, people people, leave great companies all the time because because of people because of the pressure energy or that colleague at the the saying, the strata-ray Europe people. Don't quit bad jobs, they quit bad managers for sure.
I think this is really good advice for your we're talking about building company but a lot of times you're building teams within a company and this is great advice, you know, build a team that you want to be a part of, you know, could have said Myself and you've been very generous with your time. So I want to let you get back to the show but really appreciate
you being here. I think you know for folks who are listening out there, want to learn more about solar Fort silver fork.com, I'll include a link in our show notes. Hopefully you're okay with you know connecting with people on LinkedIn because like those send out those LinkedIn connections directly happy to talk more about any of these topics. Thank you so much for inviting me and also for doing this. I mean, I think it really helps people in the industry to learn
more about these things. So thank you for having me here and for doing this. Really appreciate that. Yeah, well, hopefully people are listening out there and if they're not, we'd still be doing it anyway. All right, we're going to go ahead and wrap things up a little bit here. Thanks again, to the RSM team for. Hooking us up with this nice, sweet guy, Z and Daniel are over in the other side of the room,
being quiet as mice. Watching the magic happen for identity at the center, you can find us on the web identity at the center.com. We're on Twitter at IDC podcast and we'll have to leave it there. Thanks everyone for listening and we'll talk with you. On the next one. Thanks for listening to the podcast. If you like what you heard, don't forget to subscribe and visit us on the web.com.