You're listening to the identity of the sender podcast. This is the show that talks about identity and access management and making sure you know who has access to what let's get started. Welcome to the identity at the center podcast. I'm Jeff and that's Jim. Hey, Jim. Hey, Jeff, how are you? Oh, not so bad yourself. I'm doing good. Did you think you would come to Seattle and have great pizza? No, the Sheraton Grande, Seattle has great pizza.
They had lunch today, it was fantastic, but I'm having a bit of a carp coma at the moment so but you know nothing that caffeine can't fix so, all right, I'm sorry. I grew up in Chicago area, which is a pizza mecca for a lot of people. I am of the persuasion that most Pizza is pretty good. Like, it's pretty, even a bad. Pizza is still pretty decent with the exception of one that I had in Paris, which was completely awful. We're not going to go there right now and I feel like that
is common for the most part. I mean, you're talking do cheese sauce, some toppings, things like that. Yeah, BFFs admit to some pizza. Better than others, right? It sounds better than others for sure. Yeah. But even a bad Pizza. Still pretty good. Yeah, this was good pizza. It wasn't like good bad Pizza. There's just good. Good pizza. I didn't have any of the pizza lunch and saying, yeah, you missed out. You also eaten the The partially cooked chicken.
No, I have the partially cooked pasta was fine. It was difficult to scoop because there was so much cheese on the on, the spooned, couldn't like get it to come off the spoon. So it's like, I'm like one Piece of pasta to piece of pasta. Trying to get it but those are
all first world problems. I mean, I yeah, the first world problems but I'm thinking that conferences and this conference, the authenticate 2022 conference which were sitting in shout-out to and Russia are again for, you know, and Adrienne for settings up with a fantastic podcasting milk, which is where we're podcasting from now. But, you know, I think the food
Was so good. Here. That is like having it might give thanks giving a run for the money in terms of the amount of weight that I put on, that's a bold statement. Yeah. Well, they also had a great breakfast, buffet downstairs. So I don't know. I'm going off about the food. I've eaten a lot of food since I've been here. Yeah. Why don't we talk identity?
As you mentioned, we are at the authenticate conference here in Seattle, we've been having lots of great conversations with folks that are here, some who are giving presentations some that are not and just The dining space, Our Guest right now falls into the former category. His name is Tom Sheffield. He's a senior director cyber security at Target. Welcome to the show. Tom, thanks for having me. Yeah, thanks for so much for being here.
You're going to give a talk tomorrow as we're recording this around targets, Enterprise journey to adopt Fido, but this is the first time you've been on the show. Hopefully, not the last, but we have tradition whenever someone joins the first time, I like to find out a bit more about their identity background sort of their, their Origin story. How did you get into that dining space? Is something that you chose, or did it choose you? I think it's a combination of both.
I chose to take the role but at the moment, I didn't realize it was an identity role. I started out in General Electric at the aviation division in Cincinnati, Ohio. And it always been in a, what I would call an application infrastructure type role. So application to support product teams, engineering teams, things like that. And there's an opportunity at our corporate headquarters to launch at the time will be called the directory initiative.
And didn't know really what? It was but it ended up being the beginning of our single sign-on capability for GE and it had becoming the capability, the core capability for our centralized provisioning for GE. And then at the time, it was just one of those things that we did was a productivity play, right? We had situations, you know, prior to single sign on every user had multiple accounts, multiple logins, multiple passwords. We had different ways to get access to different systems.
And so at the time, we really focus on productivity and the sarbanes-oxley hit a couple years later and You started to see some of the compliance opportunities that identity could play Within. And so we started focusing more on compliance in addition at. So as you're doing centralized provisioning, you get centralized access. Your views are the capabilities for centralized access reviews. So we started driving a lot of, a lot of our focus on to
ensuring GE remain compliant. So beings actually being the initial one and then after, you know, a few years cybersecurity became more like what it is today where you actually had a security Focus simultaneously and I've been doing it, you know, I guess now for most last Two years and it's so amazing how far it's come. So it sounds to me like it chose you to some degree, which has been sort of my working Theory over us. Say this is I think episode 178
and we think maybe two people. During that time have said that they actually chose identity. Well, I think if you're an I am live for today. You've been doing, I am for 20 years, there's no way that you chose it because most people didn't even know what it was back. Then this is absolutely true. I would agree. Yeah. If you're coming into To the
industry. Now you're likely choosing it and you're probably choosing it from a cyber security angle not as much maybe as an identity angle and what we found is that identity its core identity is core to a good cyber security posture. Yeah, I would say it's at the center. Let's talk a little bit about the talk that you're going to give tomorrow and it's titled insights from targets Enterprise journey to adopt Fido. So that sounds very cool and impressive.
What is the, you know, the the subtext there that we should be thinking about as we go into it for For your talk tomorrow. Yeah, we. So we've been on our final Journey for multiple years. Now most recently about a year and a half ago, we'd made the transition to support Fido as what I call a primary authenticator. So replacing the use of the password and using Biometrics. So we chose to use platform authenticators on our devices. So laptops and mobile devices, very natively.
And so we've been talking about our journey now to get to that point. We had deployed phyto previously as a second Factor authentication are for step above Indication risk-based authentication, but we quickly saw the opportunity to leverage Fido as a possible alternative and so we haven't eliminated password yet but we have absolutely tried to reduce our dependency on passwords across our Enterprise. So you mentioned that this has been a multi-year journey to get this done that.
I think, I think a lot of people who say go fight, oh we're done, right? And I think Fido has been around for a while. So most 10 years. Yeah exactly. We're coming up on the anniversary of, you know the passwords going to die soon. Right. So we saw her do not want to get into and I think about From your perspective, sort of leading this group and sort of this charge through it.
What are some of the challenges are wrinkles that, you know, the people who are listening us are probably out in the real world doing real identity, things. And their thing about some say that Fido sounds cool like what are the things that I could be looking out for maybe gotchas or things like that? Yeah, I think there's obviously going to be a well I said there's likely going to be a cost component, right?
So getting buy-in for your organization on why you need to do it and for us it actually starts to hackathon event. We Actually chose to write our own Fido server initially. And as far as a hackathon, we were trying something. We are helping helping to give our team members opportunities to learn new technologies or new skills and it just grew from
there. So it's something that we've really been able to tackle organically, we haven't required significant investment in our world and so it's fun that we can just continue to try and push out, sort of organically and keep pushing. I will admit, we're probably very unique there. We have a very mature Enterprise
authentication pattern. So as we integrated fight, We integrated fight with hundreds of applications initially because we had that tight pattern again, that's probably a little bit unique to Target. So depending on where you're coming from your story, your starting story might be completely different. I would say at the at the most
basic stop. Once you understand what Fido is and what it can do, it's about creating the business case and your business case, maybe a financially driven one. Right. Maybe your helpdesk costs are expensive around passwords maybe use your frustrations run. Passwords are very very challenging. It may also be a security one. Maybe you're in the middle of something where you identified that that Fido is a, is a strong authentication capability and that's the angle.
You want to go, but you need to get that buy-in first as the first step. And then, from there, it's about making you making small iterations trying things out, testing things and and then moving forward and trying it. Again, you mentioned this multi your journey as well. Like what was the what was the aha moment? Where as I go? Yeah we should probably be looking at this vital thing and doing something about it.
Was it that hackathon? Or, you know, what was the sort of like the The Genesis of like, oh, this is Wilbur. This is the future for authentication at Target. Yeah, I think the Genesis was the belief that Fido had legs, right? Was still very early, right? We didn't have broad industry support yet. At the time, you know, Apple wasn't yet a member of the Fido Alliance. So we knew that we were up against some challenges in terms of Enterprise adoption, right?
We needed to make sure that we had a an environment that all of our users would be able to use, right? It wouldn't make sense to roll out the solution and then I have half your users who were on maybe that platform not be able to use it. So once we saw Apple get involved, that's really where we said this is real. Now, this is something that we can actually do. The hackathon was our sort of internal impetus to get started and that was just a trial like, let's try it.
Let's, let's let's have our team's learn something new in a safe environment and so we just iterate it on that, sort of behind the scenes, until we have the opportunity to actually take it forward as a, as a platform for authentication. So Tom, is this something that you decided from a Grassroots perspective? Of that like, hey, we really need to do this. And then use salt it up to your management leadership team. Okay?
So that is a really big Point. What was that, like, what top walk us through, you know, how you made that case, how you put it in the business terms that, you know, executive leadership got behind it and was willing to make the, I'm sure sizable investment to make this happen. Yeah, for us, it was really, our goal was to try and demonstrate that it Could be as easy as a
consumer experience. So so everybody at that point had mobile devices right with either a touch ID or face ID like experience and what platform you're on. So something that we basically tried to demonstrate, we can do the same thing for the enterprise. We can do it at scale again because we had a very robust Enterprise authentication pattern.
We could demonstrate that we could get all of our applications integrated with it. It was also something that we could use from a security perspective to highlight the security benefits of logging in with a biometric, right? The other final protocol. Under the covers as opposed to password. And so we all know the inherent weaknesses of passwords as an industry.
The news is full of stories around them and we are continuing to look at ways to try and strengthen that authentication experience and make it easy for our users. We talk a lot about our users in the moment. They're logging into an application, not that they don't care about security but it's not top of Mind in that moment. It's about friction. It's about how easy was it, how fast can I do it? And we've been able to demonstrate through Biometrics that it is actually Easier to do
that than to enter a password. Yeah, absolutely. So Tom not sure if you made it to the session yesterday, where is the one of the it leaders from City talked about, you know, they rolled out to like 200 million consumer users. Roll-off find out. Roll out roll. Yeah, and question came, why did you choose to do consumers before Enterprise and Khalid to summarizes answer.
I think he said that, we thought it would be easier to do consumer than Enterprise, which is like a head-scratcher, right? Because on the scale of things, even though they have a lot of employees, if you have 200 million consumers, you started with the Enterprise. And what I think about the diversity of types of users, got your corporate users. You got your Warehouse users, you've got retail users.
I'm sure some in between. And then on top of that, You've Got A diversity of application which I think was essentially City's point, right? It's like the internal users have 20 100 applications. Whereas consumers have one, two, maybe three so talk us through maybe some of that challenge, right. The diversity of user types and you know just how hard it must have been to roll out Fido to your Enterprise. Yeah.
So for us I touch on an initially a little bit so from from a I'll use the application side first, right? For us, we have that that robust Enterprise authentication model. So we already had, even though we have hundreds of applications, there are already leveraging, our single sign-on solution. They're already integrated into
our login patterns. So as we enabled Fido for our users, it was immediately available for all those applications as soon as we launched and every no application that launches in Target now, going forward that launches onto our platform automatically gets benefits as well. So we actually had situations where our users users were going back to the application. Occasionally and saying, why can't I log in with fingerprint ID? Why can't I log in like that?
So that's actually been a partial driver for us to get more applications on-boarded into our pattern. If you think about our user population, we initially targeted, specifically, targeted through our campaigns rh-q population because we had control, the desktop, I knew they had a capable device, I had ways to reach them through email, through internal portals, things like that.
So our Target population initially was our HQ users But we quickly realized as we've rolled out and as we've continued to roll out, now, almost a year and over a year and a half later, is that a significant number of our non HQ users have registered as well? And we attribute that to our communication strategy. We put together a very robust communication plan again, Direct Communications, targeted Communications campaigns in the like, but we also leverage and
indirect methods. So, we put some of our messages across internal portal Pages. We partner with some of our larger application teams to help up them deliver our message on our behalf. So if your login to our HR application, we had an FAQ within our, a chap like within it which, in our within our HR applications, FAQ Pages, the suggest that those users register for our solution.
So we've actually seen about 60% of our of our stores users, for example, register for our solution, the registering on personal devices, mobile devices, and personal laptops workstations, are otherwise, and they're primarily using it at using those devices access. Their HR information, They're paying benefits information. So we provided value for them.
That we were able to that they were able to see and we like to say we Inspire them to go from a log and experience of your passwords to log experience via Biometrics. Yeah, I think that one of the things you're bringing up there is the importance of communication and then the other thing that I took away is that you've been investing in?
I am over time, right? So you have some platforms that you're able to leverage I think You know, you can't just decide to jump right to Fido and expect that. It's going to be a snap of the fingers. If you don't have kind of those building blocks that you're able to plug into, or at least you could turn on Fido. But to get like hundreds of apps to all be on Fido overnight, right? You're leveraging that investment in that IDP that you already stood up.
Correct. We had laid out our identity Vision about I joined Target about six and a half years ago and shortly after I joined we laid out our identity vision and we We built it on Three core, tenants. First, we want to simplify technology. We recognize that the the the Computing environment was moving to the cloud, devops things like that.
So we want to be there. We wanted to enable our engineering and product teams to go deliver solutions for their customers for their users, without becoming a barrier or bottleneck. And so, that's the foundation cyber security, and identity can become those two things. If you're not careful. We also recognized early on that. We want to take advantage of Open Standards, right? I didn't want vendor.
Lock in. And I want to make sure that had interoperability both within my ecosystem as the tools that I use, but also again, with the developers ecosystem. So, I want to make sure that we could, again, support them and help them do the things they need to do. The second tenet of our vision was focused around enhancing security, we all recognize the inherent path weaknesses of passwords and so we knew we want to get rid of them. We knew we needed a lever, strong authentication and fight.
It was a perfect story to tell about how we could do that. And then finally, we wanted hands. Your experience, just the average user that consumer. And I made the comment before about, you know, easiest and fastest in the moment. That's what the team members want, when they're log. In order to do their jobs, they want to get it done as quickly and seamlessly as possible. So our goal was to enable productivity for them.
But in a compliant secure way, I didn't want them to have to make the traditional trade off that people often make its those trade-offs that cause problems, right? From security perspective, from a compliance perspective and we want to make sure that they were leveraging, our solution right away. But to do, so in a compliant and secure way. What about feedback from users themselves? Have you gathered any sort of, you know, I always cringe right feedback from users might be -
some might be positive. But what has been the response to sort of the rollout as it's gone so far? It's been it's been really really positive two responses. A lot of a lot of positive feedback we haven't yet hit full adoption and I don't know what full adoption looks like. I love to think that I'm gonna get the 100 adoption at some point. We realized during the pilots for example, we Number of Pilots over our journey, we realize during the pilots this was during the during the pandemic
time. So all we had all shifted to a remote working environment and what we quickly realize, for example, is that a lot of our Engineers, for example, they were able to set up their multiple monitors dual monitors at home, external keyboards, external mics things like that. And what we learned is that their, their laptop is often off to the side of their desk often times with a lid, actually closed so that fingerprint sensor isn't even available to them. So you think about platform
authenticators, right? They're not even able to authenticate the way we'd like them to. Now, there's no way that I can tell them change your desktop setup. I need you to do this for me. That's just not going to fly. I'm not very good. Even I'm going to entertain that type of a conversation. So we've been working with looking for ways to help them authenticate via biometric, enable security keys.
For example, there's still some reaching challenges, perhaps depending on which side of the desk, the keyboard, the the laptops on, or where the keys actually plugged in. But we continue to look for ways to help enable them to be able to try and leverage the solution to Down the same productivity and Security benefits that everybody else is receiving since interesting pivoting. During this test right to say, okay I'm one of those people right.
I generally have my laptop off to the side and it's closed and yeah I'm not getting Touch ID that but I do have things like Windows hello. If I have you know an IR camera that can kind of look at me from a distance, things like that. So there's certainly options around that. I guess what are some of the other patterns from a MFA perspective that you're You're deploying. You mentioned the security Keys, obviously, the hardware itself.
Other other things that might be out there because I would imagine you probably are like the terrible analogy, like, Hawkeye from from The Avengers. He's got this, you know, Arrow quiver, full of a whole bunch of different arrows. They do different things and I think the modern I am program, probably has a whole bunch of different arrows to solve specific use cases or you know, things like that. I'm wondering as you were looking through.
This process of deployment. You know what were the arrows that you were looking to kind of put in that quiver? Yeah so we've been on the multi-factor journey for years now as most companies have so so you know otps right we support we support what I'll call generically Legacy tokens, right? You all if you've been in the industry for any period of time, you likely had one on your keychain. If not have one right now, we continue to support those in environment.
We also support OTP push as well. Not a Has it each of those are fishing, right subject to fishing susceptible to fishing so Fido gives us that fishing resistant capability but your comment we feel that they have different clickable use cases. And so what we try and do is we provide our support as many as we can and then we tailor their adoption or tailor their their consumption based on the data,
the application being accessed. So we may not off, we may not allow you to authenticate with one of them into a certain application depending where you are in the network but that's Choice. You're making consciously as part of our data classification and application risk considerations but I was reading the synopsis of your talk. One of the things it said was that you had a goal of not having people call the help desk to get through this process, right? So I want to ask you kind of a
further question on that. So most of expected that some people are going to call the help desk. What is it 2% 5% 10%. I want to know Like what was your estimate and then how close were you to actual? So we didn't have a specific numerical estimate when we started, we were concerned. We're absolutely concerned I didn't want to overrun the help desk and I didn't want to overrun my engineering team from a level 2 or level 3 escalation
perspective. The more time that they would have to spend supporting our users is less time, they're working on the solution less than they were going to capability. So we were very interested early on about what it might look like. What else? Say, is that we've had my numbers? Well, less than 1% of support engagements coming from our user base. So very, very happy with what we've seen so far.
It's been relatively easy to roll out relatively easy to adopt relatively easy to use when measured from a support perspective. It's been very very low support engagements overall, which is which is surprising, but also very, very happy to see it sounds like we're done here. Tom has solved. Roll out of Fido for every organization out there. Just talk to him.
She needed help. I know, I mean, it sounds like it's going well, I wonder if the pessimist of me is thinking like, okay, when does the other shoe drop right? Do you have any sense of impending dread or Doom or do you feel pretty confident like? Yeah we're on the right track and it's just a matter of time and execution and sort of the rollout like are there are things on your radar that you think could be an issue if you don't get in front of it? Yeah. I think we're absolutely on the
right track. We're happy with where we are. We continue to tweak our experience. We continue to tweak our messaging on our flows to try and encourage more. Adoption that desktop setup will be a struggle to get past, right? I still have users, some users. A small pocket of users. This will have privacy concerns. They're concerned that quote, unquote Target as access their Biometrics.
And we trying to articulate that the same biometric that you, you likely use today, to unlock your phone, right? We're just using that same biometric in a different way. Yeah, but again, those are battles of their discussions.
That I may not ever convince those users to move past, I would say the biggest thing that we're tracking right now is passkeys as we think about the people that do engage our support channels today, one of the top top engagement requests that we get are people that get a newer replacement device. So they don't realize immediately that they need to re-register their credential, you need to re-register for our program. And so that is something that
we've got messing around. Now we try and I've fa Q's to try and eliminate the help desk all but it's definitely something that we see. I think pass keys are the answer there and I'm excited about the future of passkeys but as an Enterprise I think there's some considerations that we're all going to have to convey think about before you can actually take advantage of passkeys. One of them that I like the Highlight is what I call a philosophical one.
What is your company's position on allowing corporate credentials, which is the pass key to be synced to a personal cloud or keychain account a second one that we talk about internally is what is your company's position on allowing access to corporate resources, corporate applications via non-corporate devices. So personal laptop, personal mobile devices, Etc. We have some of those at Target and so it's something that we're now considering as you think
about. Passkeys, how do we want enable that? Well, I think the way people
have work has changed, right? I think the blending of what is a personal device versus a work device has probably changed quite a bit over the last couple years, especially where, you know, of course, Always use their work computer to do things, sort of ancillary, but a lot of people now that they just there on a computer, it's just what, the, what's in front of them, they're using it. And I think that question of, you know, do you allow X on Y, is really so fundamental to the
strategy because if the answer is yes or no, that opens up a branching decision, kind of beneath it, right? I think having the, you know, the the foresight to look at it and say, OK, these are the things that we need to answer before we even get get to like that's that's not a pass key question, right? That's do. We even a lot want this thing to be in our merits, why we call it a philosophical conversation, right?
It goes back to what is your company's position around security or your network, or things like that. And then how do passkey support or not, as the case may be that position, then what do you need to do to change your position or not as the case may be and then what does that do? Then? Do your decision around. What passkeys will work for you. So it's a domino effect if you will but you have to have the conversations first and Stay in your positions. Now is one of the themes I heard
about yesterday. Which was that the hackers the adversaries? Don't go after the happy path. They go after the unhappy path. It's the scenario. You brought up got a new device need to re-register and okay. Now that they put a weakness in that workflow that I can exploit. So, yeah, I think you're on the right track. I'm wondering what else coming from this conference kind of Resonated with you you talk about passkeys big thing, use usability and user experience.
Ubiquity was something that's talked a lot about that piece. I just talked about with the adversaries going after the unhappy path. Were there any other key themes that resonate with you or maybe spark some new ideas outside of the final room? Specifically, I think cape has a lot of has a lot of opportunity. I know it's very early, but it's something that we're beginning to take a look at in terms. Of those signals. And then the Eventing off of
those signals. We had any significant work or specific work yet. But as we think about 20-23, I hope to do a little bit of Investigation there. That may become a hackathon topic for next year. If you will, for us, as we just want to get our arms around and understand what it might do for us, how we might be able to leverage it. And then from there, we can determine if it's a priority and then if we have to sell it, you know, what's the business case, we want to wrap around it, to be
able to make it a priority? So for people who aren't familiar with cape, can you kind of explain it to folks who are not neck-deep in this? Yeah. Way, I describe Cape at the highest level Cape begins to allow for a continuous authentication experience. So today if I log in and I'll use a SAS application. As my simple example, when I log into that application, I'm given
a token, right? And there's nothing that the vendor knows, or the SAS provider knows about me at after that, receiving or issuing that sorry, issuing, that token to me. That says that token, maybe isn't as valid, or isn't as strong as it was before I should do something about it and say, okay provides the ability for an eye P like us to be able to send an event saying. Hey, something's changed about Tom's experiences, authentication experience, maybe, change networks.
So maybe something else happened. You should consider doing something, so it's an event based system from the IDP and then the the RP would be able to do a response to that and a simple response maybe to revoke the token or to prompt for a secondary authentication at which point we come back to me the IDP and I would either allow or disallow that secondary authentication.
For example, I think it's in testing trying to determine what's normal in those sort of scenario, especially as we're just talking about multiple devices, right? You might be flipping from your iPhone to a laptop to a tablet to a workstation, right? Whatever may be and trying to to take all those signals and not like drive yourself crazy with hey is this legitimate log on there or not right and and at the same time trying to balance that against the usability, right? On the user side?
It's like okay you know if I'm constantly getting prompted for am, if a right weeds there's this thing called MFA Teague that's out there. You know, you get the Spam on your phone and says, yes. Yeah, you know, approve this and, you know, it's not you and people know it's not then and they will still click approve and that they just have to get it from, you know, wrong once and then and then it's game over. So, I think it's an interesting
approach. I do want to say something about the MFA fatigue, so, I remember where I would get prompts from Microsoft authenticator saying, you're trying to login. And what happened was? My laptop session had timed out and it tried to re-authenticate me and it's going to push authentication on my phone. And I was in sitting at the laptop, it was in my office and you know, ultimately I would not approve it. But after that, it happens to
many times. I kind of like thought, okay, that's what's happening but because I'm an information security. I'm going to be the wise person and not approve it, but yeah. I think the average person once they realize that that's Probably what happened. They're going to go ahead and approve it. They know anything about Exchange ActiveSync and such as like that. These are driving crazy.
Even Jim knows, I am constantly trying out new devices so I would constantly be in the throes of re-registering devices to get you know work emails and calendars and things like that. But that is certainly a first world problem. What other conference thoughts that you have? You know it you're a presenter but you're also hearing it as an attending. I think this is the first one you've been here in person. For thoughts, comments
recommendations. Like what should people who haven't been able to make it here in person? Like there are viewing it for your eyes. What would you put out there? I would say it's a great opportunity to learn what other people are doing, right? So again, we're here to share our story. There have been a number of companies like us that are telling their roll out, roll out stories and so it's a chance for you to learn. I talk about in my presentation
about just inspiring, right? If you haven't yet started, maybe it's an inspiration to get started or if your Our early in your journey maybe it's an inspiration to go faster, everybody's got to make that decision for themselves but
sharing our information. This is this is why we like to say that cybersecurity is a team sport and conferences like this are opportunities for all of us to go out and share with the community what we've done, some of our lessons learned, maybe to inspire, at least, to help somebody else to be able to go through their Journey. May be a little bit better and if we can get that moving and sort of like a domino effect, right? There's the people come on later
in the journey. Hopefully, it's going to go much, much smoother for them. Because they'll learn from everybody else that went first. So let's end on a lighter note because I want you be able to get out and listen to whatever the next keynote is because the fact that the content has been Stellar here before we go, I like to get stupid and ask dumb questions and kind of bring things up a level and I've got something really stupid here for us to end the day on if animal,
okay? If animals could talk, which would be the rudest animal. The rudest animal. I would say something like an ant and and I you're constantly at risk of getting stuff done. Your casa looking up around you at the feet coming down on you, right? If you imagine bumping into somebody on the on the road today, right? You give dirty looks right there may be words exchanged and has to do that all the time. And with with no almost no chance, right?
Because of the side, the relative size of them versus the foot, coming at them. So I have to believe that an ant would be pretty snarky if they're constantly dodging. Eat all day. I guess I would be snarky to if I was dodging feet. Jill dry yourself. What is the rudest animal? So as Tom was devious explanation I thought well first we need a definition of rude because there's like rude like you know I will talk to you kind of rude and then there's just doing rude things.
So not talk to you I was thinking okay? Maybe it would be an animal like a deer or something like that. That's afraid to be around people and but then I thought I'm going to go with my original answer which was Was the camel is new for like spitting like nasty stuff on on people and stuff. That's downright rude. So camel. All right, I'm going to go with the honey badger just because the honey badger doesn't care. It will go after anything for sure.
So, you know, that's a shout-out to the famous internet video. Yes, that is. Video is not that the honey badger doesn't care if it gets a little more rude than that. Yeah, exactly. That's going to go with Tommy been a great sport. Join us here. Hopefully your you'll continue to conference and we'll see you out there as well. Any takeaways you want to leave his people before we wrap things up? No, no takeaways go out and try get started, do something.
I think, I think the first step is taking taking the first step, right? So build your business case, do your valuations, build your understanding of what phyto is and whether or not it's going to work for you and then build your case from there. And hopefully, we'll see you on the on this talking circuit in a year or two and you can bring your story forward as well, right on will be chairing in. The understands for you stop talking and start doing is one
of my favorite things. So all right with that, we're going to go ahead and leave it for this one. You can find us on the web at identity of the center.com. We're on Twitter. At idac podcast will have a link to Tom and his LinkedIn profile if you want to Ping him for
ideas on how he was. So successful in solving all of targets of medication problems, not that I didn't just totally blow things up for you, Tom but sorry and with that we'll go ahead and leave it. So thanks everyone for listening and we'll Talk with everyone in the next one. Thanks for listening to the identity at the center podcast. If you like what you heard, don't forget to subscribe and visit us on the web and identity at the center.com.