This is identity at the center. If it has anything to do with I am this is the go-to podcast. So if you're a beginner or an expert or anyone in between you've found your new home welcome to Identity at the center now your host Jim McDonald and Jeff Steadman Welcome to the identity of the sender podcast. I'm Jeff and that's Jim. Hey, Jim! Hey, Jeff! How are you? I know what it is? I'm good. Well, I'm okay, I have allergies, I'm traveling, so it's good times.
I don't know what it is, whatever. I kind of kick off the show. You look at me like with this smile and this is an audio podcast, but you give me this, you know, what eating grin and I have no idea what you're about to say next. So this is exactly the way I always, prepare something fun to talk about. And today it's I was thinking about a video call that I was on yesterday, and I mean, that's pretty much.
HR lives, right? We just sit on video calls all the time and two people had the same virtual background. They were in like the same office space. You've, I'm sure everybody who's listening to. This has seen this virtual background. Looks like the person has like a corner desk and there's glass windows all around them and it's not the biggest city in the world but they're in some kind of urban area or two people were sitting in the same chair, in the same virtual background.
And I thought to myself, Okay, for me, I've been working from home now for I think it's 11 12 years. I actually might even be longer than that. And you know, I think with the pandemic, it's kind of taken off and I kind of get the question of like one. When is software going to improve the virtual backgrounds? Give you more choices and not have that like awful blur around your hair and like cut people's ears off and stuff like that.
And then number two, To what are people going to digital virtual backgrounds and kind of just like invest in having a nicer background and then that got me thinking? Like so I'm going to put that question on, see you? But then it got me thinking about, you know, remote work. And you know, it seems like it's here to stay.
As far as I'm concerned, especially in our industry, I think the pandemic brought it to a new level, I think the great resignation got Is hiring it and infosec people especially from hey wherever you live. If you're good at what you do, you can work here. So I think it's here to say and, you know it, but it's interesting. You know, you traffic is back to. That's a very real thing. So what are your thoughts? Well, you have a few things there. Let's start with the virtual backgrounds.
I mean, I think everyone remembers a couple years ago right virtual backgrounds, like the Rays or the rage. Zoom WebEx go to like everybody was adding in features into their video conferencing software to be able to do that.
You know, there was fun ones at first and then you know people think got bored of it and then they didn't care and then they just was like a static, you know company logo or just one of the built-in ones that came with it. I think I know the one you're talking about, I don't know if that was teams or I think it's probably teams or WebEx that we were on yesterday, pretty much all day. And I know, I think another talk about sites like the white one was like the glass kind of
window. Was and yeah, you get the weird, like fuzz around people's head with the the blur. I don't. So the blur one's interesting because that is extremely software dependent, but if you have the appropriate Hardware, you can actually make it look better. And if you have the appropriate lighting, it works even better. That is what I see is like the biggest downfall most people as they're lighting is just crap. It comes to web cameras and kind of setting up positioning.
My favorite thing is People. So at home, when I'm actually in my normal setup and not traveling, I have a pretty I've invested. My background looks good, I have a nice, Sony mirrorless camera, I have lighting stuff like that, that you know, kind of comes off. Well and people always think that I'm standing in front of a virtual background and I back up into my virtual looks like you know it's like oh no this is like this is real.
Like I actually like took the time to set up I figured he was like hey you know what I'm always on camera about for something might as well invest the time and you know get it set up the way that I'd like Kind of present myself rather than having that awkward, you know, up the nose angle, double chin turtleneck with her. It might be for people looking at. So I think that's one. If you have a, I will throw a pro tip out there.
If you have a computer that has an Nvidia, a relatively recent Nvidia video card into it, and video has a software called broadcast that is free. It works off of your video card and basically does a much better job of doing like virtual camera. Depth of background, those sorts of things, but it does require pretty decent video card for it to work well. So that's my Pro tip for that.
Now you mentioned, I think the other thing was what working at home, and if that's you know, whether it's going to stay, it has to be. I mean, come on, I mean, everyone found out in the last like what? Two, three years, the jobs that their managers and directors and CEOs were saying, no, we need you in the office, we can't work
without that guess. They figured it out over the last two years, like, very few companies failed because people were working from home like that, just wasn't a thing. And now the technology is here, the bandwidth is here. We have all the tools to make it effective.
I think actually, the work-life balance has gotten worse because of it. I know that I spent a lot more time working that I do that, I would the commute is gone, which is really nice, but I think people have filled that time up to some degree with just even, you know, getting more work done or whatever. Maybe, so I think it's my opinion on it, I think. Think every job is a little bit
different. Some there is probably a better idea to be in. Maybe there's some kind of hybrid, you know, I think we missed sort of like the human interaction, some things, but I don't see hybrid work. At least going away. I think remote will have to be a component of it. Just for people stay competitive because those are really smart people all over the world.
And you're telling me you wouldn't hire like this rock star, you know, identity person just because, you know, they live in, you know, let's say North Carolina and the rest of the company is in, I don't know, San Francisco. Like that doesn't make any sense like bitches.
That's not a good reason. Well, that comment you just made their brought me to the other the the plan B topic which was the Super Bowl ad from work day which was you're going around and calling everybody rock stars and like Ozzy Osbourne's in it and it's like hi I'm Oswalt. That's good commercial. I enjoyed it. I think it's you know I don't know if it's overused term rock star.
Whatever me but I think you know one thing that I always like to say is there's probably a bunch of you know, A hero's running around within an organization actually making it work. You know, I think a lot of organization wish they were like completely automated and had all the bells whistles Technologies and, you know, it just happens. It's magic right?
Stuff like that. But the real, the real story behind it is this probably, you know, some were routine like, for and maybe, 20 people who are really done the scenes actually, making the stuff work, and they're going above and beyond on a daily basis, but we really care.
That's right. And I think that for a management perspective, if you're in management, make sure That you Pat, those people on the back and let them know that they're valued and Etc and they are valued people will, if they're not, they don't feel like they're being taken care of. They will absolutely go look for something else. So take care of the people that are strategic to your organization. So as much as I love work from home, I've always felt like it
should be done more. And now I'm glad to see it is where it is. I still like getting together with people, we've got a few conferences, lined up coming up and a Particular, I know I keep emphasizing this but the gardener I am Summit. You and I are doing a session, we're going to be facilitating. One's called was like inside the belly of the gardener Beast. We're going to have. Yeah, Henry K. And Becky to the, I am analyst over a gardener on stage with us and we're going to ask them some
tough questions. Yeah. They've been pretty graceful with us and letting us really touch on a lot of topics. We had sort of our first planning, Last week to kind of run through here is. Here's the idea. Here's the sort of questions that we're thinking about asking are these, okay. And we didn't hit anything. That was a know yet and some of them I think it will be, you know, polarizing shocking. Put them on the hot seat a little bit.
Maybe make them play defense for a little bit, which I always find, you know, interesting. But we'd love to have as many, you know, questions as we can from our listening audience. So, feel free to hit us up on LinkedIn, Twitter Mastodon. All the places that were at, And those in, if you we have people who've sent them in anonymously, some people are fine with having their name attached to it, you know, I will put my journalist
hat on which doesn't exist. And say, I will protect sources and not tell you know where things came from and things like that. If it's an if it's an especially challenging question, right? I think we want challenging questions, not mean questions. Like, you know, hey Jeff, why are you so short? I do, I just am next question.
You know, there may be right but you know, those types of questions like is Gartner, Foreplay, you know, before you tell me that it's not pay for play because of course, you're going to say, it's not, why isn't it, right? Explain that sort of system. So those types of questions, I think will be interesting to kind of put them on. We have 30 minutes and we have a lot of content already. So we're looking for the best of the best.
I've seen a few themes, come through some sort of by combining similar questions and to maybe, you know, one or two is kind of go things go his lines but it's it's going to be fast. I mean, that 30 minutes is going to be over before you even know it. And I will be Surprised if we get through half of what we like, have scheduled as we go through it. Yeah. And so the other thing that I wanted to mention, not sure when this episode is going live, but
we are doing out. Idac podcast Community meet up. We're looking at it being Monday night, I'm sorry. Just a night at Gartner. So, if depending on when this episode goes out, if they're still open, Spas, while the link to the registration in the show notes, if it's not there. It's because, you know, the episode went out late and maybe it's all filled up already because we will have a limited
number of spots. So encourage you to get out there register, if you can make it and we'd love to have you. Yeah. What do you have planned? You've been working on this for a little bit with different counterparts kit. Can you share yet with that is or do you want to wait? I'm going to share it so the idea is that we're going to go to an axe throwing event. So this place that we found has ax throwing and like retro video games, like Donkey Kong and Miss Pac-Man, and stuff like that.
So everybody will get to be there. Have things to do. Socialized will be food Etc. And so I was able to line up a few organizations, including the one that you and I work for our SM, just sponsored the event. The, the other sponsor going to be OCTA and one Cosmos, but it's an event for the listeners of this podcast. So, feel like I work for a competitor of one of those three sponsors, I don't want to go there.
That's not the idea. The idea is this really about the identity at the center podcast and the people who listen to it. So you know consider yourself. Welcome. Yeah definitely and you know, come on man, throw axis, that's hot. Her done that. I'm looking forward to it. Yeah. So why don't we? Let's see what else we got. We got identifiers coming up in May I think you and I are working on getting out there for
that. We got your pain identity and Cloud conference from Cooper. Nicole is out in Europe, obviously coming as well. I don't think we'll be at that one, but that's always a great conference. I think a lot of people get, a lot of value out of that one too, right? Yeah, yeah. And I think, you know, RSA is attended by a lot of identity people as well. So, you know that one's coming
up as well. Well, and then we get into the fall where, you know, I think it's probably a little too early to start talking about those conferences, but, you know, you and I are kind of like conference junkies, like you can't really come up with the conference that we wouldn't be interested in attending. Yeah, I mean, it's a great way to network and talk with people meet folks stuff like that, continuing education, right stuff, like that.
And especially if we can get the podcast out there to do stuff, that's always interesting to be able to sit down and have conversations. Since you know, like we've done for previous conferences. I'm sure we'll do for future ones as well. Absolutely. All right. So why don't we get to our topic of the day? And I think we haven't settled on a title this but my working title is identity and access management from a cisos eyes. So why do we invite some Cecil
eyes into here? We've got Helen patent, she's a chief information security officer for the Cisco security business group. Welcome to the show Helen. Yeah, thanks. For having me here. I'm excited. Yeah pumps. So let's get into it. I think one of the things that we always like to do with first timers on our show is we kind of understand their identity journey and their background and kind of understanding. What is the origin story for
Helen patent? You know Cecil and the things that you've worked on in the past they have formed, you know where you are at today is identity something that you chose or did it Choose You? It chose me? My whole career is a series of accidents and opportunities that I wasn't planning for so I've been doing this security thing in, in various forms for longer than I care to admit. Now, certainly in the 90s. I was doing it.
I hadn't got into the security space in the 90s, but a lot of the problems of it were identity related, active directory, structures, and this and that. And the other thing when I got into security proper it was it was at JPMorgan Chase. And I was there in the like from And for through 2013, and identity for the banks was a big deal. It was heavily regulated. It was, it was, it was a focus. So there are two kinds of identities that JPMorgan Chase.
There is the employee identity store and then of course, there were customer identities my focus at the bank. There was around employee identity and there was a big focus at the time on certification. So I cut my teeth. Less on the tech of identity and more on the process of identity. And this is where I got introduced to Concepts like is identity as security function. Is it a, it function, is it a business function? Is that some combination of the three, you know, what does it
mean to have a role? Do we only have defined roles? Does everyone have their own role? If everyone has their own role? Is it a roll? You know, those kinds of existential questions, so I was at JPMorgan for a while. I I left there and I went to higher education as a vertical and I went, and I was the sea.
So for Ohio State and there I learned about the joys of munging together, your customer base, AKA your students and your employees and your alumni, and you're visiting Scholars, and every, and all your vendors, and everybody into a singular identity store, which blew my brain. So, I went from role-based access to attribute-based access to as soon as you leave, we're going. Cut all your excess off to. Hey, we're gonna keep your access for forever because you never know.
Someday, you may come back, like what? Like a complete 180 in terms of the way we do access and identity and having to deal with identity Technologies in that environment is really hard. So, questions for Gardner, do we see consumer identity, and corporate identity? Merging is is a super important question for me to know.
And then I left there and I joined Duo and Duo is part of Cisco and I am so I am now as it turns out the C. So for the security business group at Cisco for those who may not know Cisco does more than cell network gear. So we do a security thing and my job is is now to protect that. And so some of that is you know, how do we do identity management of cloud? How do we what does the role of
identity mean in? Texting data stores, that don't sit on our own infrastructure, all of that kind of stuff. So much more into the tooling and the technology of it in this role, then I was in previous roles and all of those transitions were accidental and just a product of timing but I love identity it for me. Identity is the core of security and I will I will die on that hill. So yeah, I financially the mentioned last on the tech side of more in the business side of identity.
And I think this is personally, I think this is a weakness that a lot of organizations have is not really understanding the business of identity. And I think that there's a lot of, you know, conferences and organizations that really don't spend enough time in that. I think a lot of people try to measure identity intelligence based on how much sam'l you know, do you know how much, you know, open ID code? Can you write in a great apps which is important stuff to
know? Of course, you kind of need to know at least the basics of it. But yeah, I like to focus on the business side. Which is, I think, probably my particular strength is, how do you run an eye in program? You know what are the, I am program manager, things that need to happen, you know? You're out there, you know, shaking hands, kissing babies, you know, getting by in getting budgets together, right now? Okay. That's kind of makeup is examined.
And then I turn it over to the smart people, to like, you know, Deuce do the actual stuff, but I think we have a blind spot in the industry about the non-technical side of identity which does us at the service. Because I think there's a lot of really Only smart people that would be really great for identity but there's this maybe there's a maybe just me. Maybe there's a perception that it's all you have to be technical for the identity. I don't think that that's true.
Do you agree with that or you know you have different thoughts on it? Yeah, I think I'm probably somewhere in the middle and every time I get asked this question and I get this question asked a lot. I change my answer by the way so if you've heard me on another podcast and you're like this is a different answer is why I think there's need for for both when I At Ohio State.
I had the pleasure of working with people who had had developed some of the identity solutions that we use in higher ed and they continue to support those things. And higher ed has a really complicated identity management structure and business process. It has to be dealt with. And there were technical people that were right in the center of getting identity to work, not only with all these different
kinds of people. But also, So all these different kinds of applications and networking structures like as a c. So I would have networking vendors show up and go. What what networks do you use? And I go yes. Because we literally had some every piece of every vendors, networking equipment ever. And they all had different ways of managing identity and so you say single sign-on and well, what a single sign-on mean.
So, you know, being able to work with developers who were dealing with shibboleth and other things. I learned so much and these people They've forgotten more technical identity information than I've gotten my you're like, I can't, I'm in awe, right? And where we messed up with identity was never on the technical side. It was always on the business process side and I'll give you a story around this security story. We decided I would never do this again.
By the way, we decided we would fish our own people and so we went to our identity teams and we said give us everyone. And so being the literal All developers, they are, they gave us. Everybody turns out, we'd included people who had died in our fishing pool and some of them responded, huh? And the reason, some of them responded was that the employee had died but their spouse wanted to use their OSU identity to get football tickets.
So, the spouse kept the account active and because the employee was an, was a Ray, who was alumni, who was a professor emeritus, I who would come back and guest lecturer every now. And again, the HR department was not managing those identities because they weren't active employees, but neither was anybody else. So we had all these sort of emeriti Faculty, who ultimately would die, but their accounts
never would. And their accounts were being actively used for things that weren't caught at the central organization, right? So all of which is to say because I did this, Security effort of trying to fish people. We found out that we had this business process problem where when people retired HR stop thinking them as current employees and I had to go and fix the HR lifecycle problem in order to fix my identity problem, in order to fix my
security problem. So it's not about the tooling, it's about the people in the process and then and then it's about the tooling. So we need people who can do all three. Actually, I would imagine that's a He interesting bar chart or like pie pie chart to look at was like here's the age of our respondents, you know, 02:21. And then there's like, dead and dead, a slice of the pie, right? Yeah, yeah, yeah. It's like mmm. Interesting. How that works.
I guess OSU to, you know, the Ohio State University, right? Football tickets are probably pretty value. I'd imagine since this one of the Premier programs at least in the u.s. right, the show. Yeah, yeah, it's great. So Helen you're one of the Stroke your ego here a little bit. You're one of the big brains I think in the identity space but I think there's a lot of big brains in the I do space. But you put your thoughts out there. You've got a Blog.
I've been looking at it and it seems to me, one of the main topics that you blog on is the intersection of identity and ethics. Can you explain to us at a high level? What that is, what? That means. Yes. Oh, I geek out. Out on technology ethics and so things like artificial intelligence are right now, completely ringing my Bell because there is like land mines all over the place to mix my analogies.
I started blogging because I was wrestling with topics that I just couldn't go and find a LinkedIn learning school on and in our industry and identity and insecurity in general, there's so much sort of community knowledge out there and I was trying to Tap into it. So two things happened when this was still. When I was back at Ohio State won, I was asked to take on management of the digital
accessibility team. So this is about making our Technologies accessible to people primarily through the Disabilities Act legislation. So people with visually impaired, functionally impaired, you know, whatever but it also coincided with a lot of stuff. Around. How do we do? Diversity, and equity, and inclusion, in organizations, within a company.
But also for our customers and I was managing this identity team and all of those topics of equity and inclusion and accessibility and security all seem to fall into my lap all at once. And so, a lot of the blogging that I do tries to pull those things apart and then the second thing that happened was, when denied Either who became my boss when I joined Duo and Cisco came to be a keynote speaker at Ohio, State, for one of our cybersecurity days.
And she talked about being the daughter of Aging, parents, and trying to manage help them manage their affairs, from a distance, when she wasn't them, and the banks had no way of provisioning her access to act on their behalf. Without having her having to have her, go to a lawyer and get power of attorney like the path. To her being a legitimate executive for her parents. Technically was really
difficult. And at the same time, she was also the mother of a Teenage child and she was managing the Affairs of the teenage child. And the same thing was applying. And so what if you combine all that Equity access inclusion question with the, how are we living our lives today? Question it really sent me down there This this path of are we designing our systems and identities, right in the middle of it? Are we designing our systems in such a way that people can live the lives?
They want to lead using the systems that we have and I haven't I'm not hugely optimistic that we are actually doing that at the moment. And so I want to continue to have that conversation globally. To see how we can collectively deal with this because they don't think we're going to solve this as individual companies. Technologist. I think it's going to have to be a collective effort, so I know there are places doing it, but, but that's why I blog about it.
Just to get people thinking about it and raising the questions. Probably keep going back to your experience at OSU, but I've worked with a lot of large research institutions and the identity management challenge is probably more difficult than any other industry. Now, Financial Services, you've got the regulatory, The environment and that is like insane price. So you went from the higher ed or there's basically no regulatory except maybe FERPA Oh you mean by that?
So let me run this down. I'll student data. Al financial aid is regulated like a bank where subject to glba our hospitals. HIPAA, we got that our retail and we got millions of A retail PC, I know, except for all of our nuclear reactors and other things that we've got going on, all the FAA stuff. Because guess what, we had an airport of our own leak. If there is a regulation, cmmc fedramp blah blah blah. It's happening on Research universities but what we do is segment our environment.
So all the PCI stuffs over here. All the hippest stuff is over there and what's really Ali confusing. Now, is that all these? It used to be that the individual colleges were segmented. So you could go. Okay. Helen works for College of Medicine. She's going to be subject to HIPAA. We're going to manage her identity that way.
Well, the problem is now that the College of Medicine is doing shared research with the College of Engineering and the School of Dance, go figure and all of them have different regulatory profiles, and now we've got to manage to multiple regulatory profiles its when I left JP, I thought I was going to higher ed which would be easier. Oh God, I was so so wrong. Like Financial Services is high pressure. I get it. But from a security and identity perspective, it is easy peasy. You want hard?
Go to universities is crazy. Okay, sorry, I retract that comment but we hey we're doing this conversation real-time, right? So, but really where I was going with the conversation was around to decentralized. Nature of, you know, universities, you typically find that there is a kind of like a corporate it where you have like a net ID or maybe it's your buck. I hid for Ohio State. I'm not sure. I made that up actually, the Buckeye date.
Well guest. All right, and then you have all of your colleges and Departments of rub. Basically run their own, it Department, right? And so, Where are you going with this decentralized? Decentralization is tying it to the idea of decentralized identity verifiable credentials and kind of the future of that. So I'm not sure if there is a tie in but I wanted to just explore that with you. Do you see where I'm going with this? I do.
And I will say that in the eight years that I was in higher ed. I did start to see a move at least from a technology architecture perspective to more of a Realized function. So there's a lot of downward pressure on universities to be more efficient in their dollars, so that we're not charging our students so much tuition. And so there was this recognition that having multiple it departments in multiple places, didn't really make sense.
So, one of the things we did at Ohio State, for example, every college and Ohio State has lots of colleges had their own active directories. Probably more than one, right? We had a big program where if We couldn't get rid of those active directories, we at least linked them so that identity management cascaded through the active directories. And it wasn't just an independent identity for every college and that kind of thing. So, we centralized and rationalized to the degree we could.
But there's a lot that goes on in universities that you just doesn't make sense to do that for sure. The other thing that's happening sort of is this concept of bring your own identity? Is that a Is that a way of dealing with it? So in universities, more than any other verticals, we're seeing this trend of people that want to have a separate identity at work, and digital identity at work, and a separate one at home. They just want the same that they want it to be all the same.
So is there an opportunity to do distributed identities and be able to use that both in a consumer sense, and in a corporate sense, I think you'll see that to be played with at
universities. There's certainly also a sort of a secondary thing that says, can we put transcripts on the blockchain and so rather, if you have to go to a new school because maybe your undergrad was at one school and you want to do your Masters and you doctor at another school started having to go back to your old school and say, please can you forward the transcript from from here to there?
Can you just bring your own use it where you need to use it and be able to just you know, shop yourself around a little bit. We're seeing that on that transcript side. I think the concept is the same on the digital side of identities. The infrastructure behind. It's pretty massive though. So, and again it goes back to people process and tools. It's not just the technology, the process. And the people have to be able
to handle that too. So, I think we're a long way from it, but I would say look to universities as a, as a testing ground for a lot of that stuff. For sure thing. Testing grounds are great idea. You know, it's kind of like, I favor the term self Sovereign, identity over. Bring your own identity. Yeah, that's great. Been around long enough. To remember, bring your own identity used to mean log in with your Book ID. And I don't even as a student, I don't want my Facebook.
Which I would think most gen Z's and more recent don't even use Facebook anymore, but they used social media and you want some separation between your professional life and your personal life. But what got me thinking about this topic? A lot was, I heard that there's some Legislation potential that would be going through or up for a vote anyway that you know basically they say okay you have to be a certain age to sign up for social media.
Now conceptually we can say whether or not that's a good idea. But ultimately if regardless of what the age is, what are the penalties? If the company drops the ball, unless the person who created an account and how is that going to? To work behind the scenes. So I'm wondering like, okay. Well, you know, if the penalty is like, hey, for everybody who you let take an account whose under this age, if it's a ten
thousand dollar fine. I mean, this could really rack up if you don't have good processes to stop it. So I'm thinking maybe that's an area where these self Sovereign IDs, really can can take effect decentralized identity verifiable credentials. You know, can we get to a point where It's like your government issued ID or some reputable organization can vouch for the fact that you are of a certain age. For example, it's an it's a super complicated topic and I'm watching it with interest.
So in the u.s. we already have the copper regulation which is about protecting minors online, right? Which already says things. Like if you're under I'm going to get my age is wrong. I'm not a lawyer don't quote me on this, but if you're under the age of, I think it's 16 your parents. Have to consent to you being on an online platform and how well is that working out for us?
There's that sort of question, but there is also the question of if we're going to do Sovereign identities, does that presume that the person who owns that identity is legally able to own that identity? Like, what what makes someone eligible to be the owner of a sovereign ID? And if it's legal, well then they can't have a sovereign ID until they're 18 depending on the state or 21 rate. There's no Federal Regulation that says, legal age of owning
digital assets. Maybe they're going to need to create one. So there's sort of a question of, are you legally able able to enter into a sort of a contractual agreement? That says, my sovereign identity is going to be used to access this corporate thing whether it's tic toc or Of our there's that.
And then there's also a question of usability is the technology to a point where a minor a ten-year-old or an eleven-year-old can actually use this thing and let's not get into the conversation of digital accessibility of sovereign identities which is a whole different ball of wax. But let's just say for the typical ten-year-old, how easy is it going to have to be to be usable and Have we got those structures in place and right now the answer is no, we don't.
And we're going to have to think of all of those things before we're going to be able to bring Sovereign identities to the table. Yeah, I think you're referring to the Copa regulations which I believe is 13, but I'm not sure what the penalties are. If you let somebody in who's under 13, it's interesting. I went to a Jack Daniels website if you know me that you're not surprised but It's you know
first screen was splash page. Are you at least 21 years old, or put your birthday and something like that, right? What's the summary from lying? Nothing? No. Come on. Everyone tells the truth on the internet. Yeah. Well and quite frankly every security person ever never puts their real birthday, right? We all lie like everyone's birthday is like, 1st of January 1985 or something, right? So old enough to be dangerous,
but not my real birthday. Like there is no way to validate that the information being put into any of these fields is accurate. It's all self-reported. So why should kids be any different? I want to ask you a question going back to you know University is a breeding ground or testing ground or for the decentralized identity. It got me thinking about and going back to my original opening dialogue, with Jeff
about work from home. You know I started in the workplace in the 90s couldn't have liked working from home was like it was just not done, you know if it snowed You can still take a snow day and not a right now days. Like this knows it's like, you're expected to be online like any other day. So there's the technology aspect part of it was, you know, working back then. If you had a laptop you could bring home, you were in the
minority, right? And you were connecting with a modem, so the technology has gotten a lot better but also, you know, entering the workforce at that time as a young person. And it's kind of like there were people who worked in that company for 30, 40 years and people just didn't do that sort
of thing. Now you've got folks who are coming up who, you know, there were, you know, a little kids in the backseat on iPad and they had technology as part of the life from the, from the very beginning of their life. And I'm wondering, you know, this push for. I-i'm me, I want to use my Generally how much of that is the technology versus? How much of that is being driven by, you know, the fact that they are, you know, digital first their whole life. It's a super good question.
I have I challenge the whole, they're digital Natives and and they just know what to do know. They don't like, we're old Duo out at Ohio State and we rolled it out to everybody. Pretty much all at once. We rolled it to all our faculty and staff. Staff. And by the way, a third of our student body are also staff because we pay them to work on campus, right? The biggest issue we had in rolling out Duo was not using
Duo the biggest issue. We had was helping people find the app store on their phone find the app store. These are our digital natives finding the App Store really rate. So the two year old who's in the back of the car seat with an iPad, I guarantee you is not going to be using a nice An iPad when they turn 18 and they show up in the work force because iPads won't exist in. So, the, the technology they're learning May probably will not be the technology they have to work with.
And this is true for our teenagers and our college students today. So, You know, hopefully by the time they become 18 year olds and going into the workforce or 21, year olds or whatever that we do have Sovereign identities, but they won't have grown up with it. It'll arrive when they're like 14 or 15. So they're in there is much in the dark as this 50 year old woman is sitting here, right? Because the technology is changing too fast. What the technology is doing?
It's making it easier to use because I remember, What tech was like in the in the 90s I had to build my own PC and I mean the whole box not like I just went to Micro Center and got a box and plugged it in and work like this whole Self Service
thing that we do for people. Now, it's sort of like cars, you know, in the old days you had to build your own car and be your own mechanic and now, like you don't, you should probably, but you don't and, and we're doing the same thing with text, so we're calling all these kids did. Will - no no we've just made the tech easier to use and by the way, a particularly in the identity space, the people that really know identity. They're about to retire.
So we've got a knowledge retirement Cliff that is about to happen in Security in identity in some of the technology fields that I'm not sure we're quite ready to deal with and that's a whole different topic by the way. But but yeah, it's it's it's going to be a thing. NG and I don't think our schools. I don't think our K through 12 or our colleges are preparing our students properly for what they're going to be facing digitally and from an identity perspective.
They're just not Yeah, I couldn't agree more but hopefully the answers are my next question is not so dark and dystopian because I want to know what is the future look like. I mean it seems like the Technology's there that you know, it could recognize you tie you to a record or identity. I mean this could get to the point where it's very automatic that you know, maybe goes even Beyond.
I would assume some point it goes Beyond the point of self Sovereign identity that, you know, it just could recognize you and tie you back to your hell and patent your Jim McDonald. Etc. But I think there's the counterbalance, which is that at least today we expect some level of privacy, right? That's why we don't, you know, agree with the idea of like, you're walking in the mall and there's cameras watching you and just identifying you and knowing everywhere.
You go because we expect some level of privacy. What do you see in the future? I mean, do you see the this privacy wall breaking down and Technology over? Is it a good future or a dystopian future? So you wanted something that was positive and uplifting GM. And I'm about to go deep back down into this dope, Ian angst, and despair with this question. I have to tell you, I know it's okay. You're okay, Helen, this is par for the course for Jim. He loves to bring this down
here. There is a lot of work being done around how to manage this balance between privacy and access and privacy and convenience which sort of parts of this conversation, but they're the people who are thinking about it. I'm going to generalize really badly here and I'm sure there's people out here who don't fit this mold. But in general, the people thinking about these questions are sitting in think tanks and
universe. These are not practitioners and the people who are Building Technology and other practitioners of the day-to-day, don't have time to think about these things. Deeply and strategically, and we've got no regulation right now that deals with it, like the Privacy regulation. He's I can sum up every privacy reg ever and it is don't lose any pii. Like, we can get into definitions of what pi is.
And you know what the definition of lost is, but as far as regulations, he's concerned, it's about confidentiality, not the right of privacy. It's not, there's no regulation that says as a company. You can't hold someone's privacy, Hostage to convenience, like someone should have as much convenience as anybody else and be able to have control over what they want to share and how they want to. Share, share it, right. But we're not doing that yet.
And so right now Technologies plowing ahead at a million miles an hour and the people who are thinking about, what would it take from a regulatory operational framework, kind of way to make this work. They are not. They are not in sync and they're not talking to the degree they should. And so, I think we're going to continue to see privacy thrown up as a barrier to Ecology progress. But I think the bigger issue isn't with the consumer interface, which is where we're
seeing this. The bigger issue is with the data analytics and the data control that goes on behind the scenes. So a lot of the Privacy stuff is like when it when a consumer goes to your website, they should be able to choose which cookies that are activate. That's not their biggest. Privacy risk, their biggest privacy risk, is the fact that you can go and buy Healthcare information online. Line that is meant to be
anonymized. But actually, if you look at the data, you can find out who it is. Who the Australian woman sees who's sitting in Columbus Ohio, who just went to the doctors and found something that she would like to keep be kept private. Thank you very much. It's all out there. So we need, we need again, people process and tools, the whole back end process of, who knows what. And what they do with that information is the bigger risk. That I don't think we've Not
solved yet. Jeff, do you have any thoughts on that topic? I mean how and I think a tire think are thinking the same lines, here is I guess the other thing I'll add is a lot of these controls that I see, I feel like our first show. They don't really do anything and they're not, they don't they don't make an impact. Okay? Now every website I go to has this stupid cookie thing that either I can click OK.
Or I can X out of it or I can hit the The really small button that says, let me go manage my cookies and then do a bunch of things before I get to. The thing that I want to get to. It's a usability problem. It just I'm glad you hit that one Helen because I find those so irritating and so useless that they just it doesn't make any sense, right? So technology can can help and Technology can also enable Bad things and people have to make decisions around that.
And again, I've always been a, my sandbox moment is, we need practitioners to have a voice in to some of the think tanks and some of the policy engines that are going on, in identity, and in all kinds of security areas and the practitioners are oft practicing and they don't have time to do this other stuff.
And we got to find a way to bring them together because the you know, those really smart People working on shibboleth at Ohio State, for example, have all kinds of input into what we need to be doing to be managing identities, in a secure and private way, but they haven't got time to go up to Capitol Hill and talk to a senator about it. We you know, we've got to find those bridges. Yeah good luck trying to talk to anybody.
There's actually going to make it happen in your role as a c. So I guess what are some of the threats that keep you up at night, you know, from a security perspective or I Identity perspective. I'm just curious. You know, what is it that concerns you that we should be watching out for if you'd have asked me this 10 years ago, I would have rattled off all the threats of the day. I've got to a point where a threat is just a threat.
It's another threats, different kind of threats going to be a threats. Got, there's always going to be a threat. It's it's a thing for me though. I'm going to say people, but that sounds trite. I'm going to say people. And I don't mean because I think people are the weakest link. I think that's an easy out to say our processes suck, but we're going to blame the person cuz we can like when you need a throat to choke. It's got to be a people throat. It can't be a process throat or
governance throat. So what do I, what am I concerned about? I am concerned that organization and Society leaders. Do not understand the systemic risk that we are all facing and I think that they can manage their risk as an independent Silo and they can't. And I think as a society, we're going to something something society-wide will happen. And we will realize that we just didn't get it right. And and super people will run around and fix it and everyone will go.
Whoo, boy, we dodged that bullet, aren't we good? That's great. But one of the reasons I see so many people in security burning out, is because Cuz we've been working this for a really long time and really even though the threats have changed the attitude towards it hasn't really significantly changed yet. So the things that worry me are one that we're going to have something really big and we're not ready for it. That's sort of the community concern level.
But at a tactical level, I'm actually concerned about the mental health of our technologists and our, and our practitioners. I think that is a bigger problem that we need. To be thinking about. Now, it's kind of refreshing. I don't normally hear that. Answer from folks is taking care of people.
Basically, we're talking about, this is an identity podcast, for the most part, when we're not talking AI or other things, but I'm curious, you know, from a sea so perspective again, and kind of, we putting that hat on. We are always looking for funding to get things done and as I see, so I'm sure you're juggling multiple funding priorities and say, okay, well, You know, I have this part of the budget and I'm sure your budget is constantly, you know, being added to shrunk, you know,
changed up throughout the year. What is some tips that you can give to Identity people out there who know they need to get stuff done? And they need to go to a seesaw or somebody to get funding, like, what is a tip that we can say, okay? Here's don't, come to me with a problem. Country is a solution, right? Those types of things. But, you know what? How can we get more funding, allocated, take care of some of these. Done with your identity issues that might be out there. Yeah.
Assuming right. That the other things are covered the people, the process, you know, things like that. Right? Yeah. Every organization is going to have a different cultural way of allocating resources. So it's going to be really company dependent, but organizationally dependent. If one of the things that I have seen to be successful, is to look at whatever the organization is doing, that is their big priority item. Now to the degree.
And I Identity team can get involved in these conversations. Early enough is going to be a bit of a challenge, but every organization has got some big effort that is there sort of Flagship effort that's going on. It could be some kind of digital transformation thing. It could be, they're moving in, they're doing mergers and Acquisitions. It could be they're going into a new country.
It could be any of those things. Those big projects are opportunities to do something, interesting and identity management, you're not doing it necessarily for the Company. But you're doing it for that thing and when you do that, you get the money because that if you make the case that identity is important to that thing and I can't think of any place in an organization where identity isn't an important contributing factor. But to the degree you can say hey this big thing you want to do.
You need to make sure your identity processes tools, whatever are ready for this tie. The funding of what you need to get that thing to that big project. And then when it's successful, I'm trusting, here's my optimistic side of medium. When that successful then you can go and say, look what we did over here, we should be doing it elsewhere and you can grow it. So that's how that's a bit of a big company answer but that's sort of how I see it on a
smaller side. I think there's opportunity to work perhaps with a customer. If you're in the if you've got that consumer, sort of identity side of things, go find a customer with the unique use case that Think identity can support and then go partner with their customer to get the funding for that kind of effort. Again, prove that it works and then grow it across. The team is a great way to go. So I've seen those kinds of strategies work, but good luck.
It's always it's always hard. I love that answer Helen. I really don't have anything to add. Except yeah, that's what that's what I've seen is. Well, if you could tie, I am to a bigger and Issue of like digital transformation like an MMA. I mean that's that's what there's budget carved out for that big initiative and if you can make your case, you can get
a chunk of that funding. So you've been super generous with your time today but I want to try to get as much content for our listeners out there as possible. And so I'm going to bring you out on to the lightning round or I'm going to throw a few topics out there and ask you, where are we at in the hype cycle? All for that technology and why so, you know, one to two minutes. So the first one is AI in the context of I am.
I'm going to get my hype cycle terminology wrong, but I'm, I'm, I think it's in the trough of Despair. Yeah. Yeah. We don't have to use the, the Tactical hype cycle terminology. Yeah. To let you off the hook for that, you know, we're at a point every vendor is going. Out there and saying, we've got AI for this and AI for that. So, first of all, I want to call BS. I think we've got really fast machine learning.
I don't think we've got AI in the way most people understand AI to be, but I also think if you go and buy that tool with the AI, there is sort of also an assumption that that tool integrates with your rest of your Tech stack and often it doesn't. So I think the promise of AI is there and I think there are some folks who are starting to leverage it. But it is fine. It is proving to be more difficult than people thought. And so I think people are sort of it's like, touching a hot
stove. It's like, you know, you get this momentary flash of and then your back away from it. I think people have touch the hot stove of AI and now they're
backing away from it going. Okay, we got to wait and see when this is got to get a little more usable before we can really get value out of it. Yeah, I think it's I'm going to pull it back to a Thing you brought up earlier where you would build your own car you know how to work on it and it seems like nowadays, you just have a computer chip in your car and you don't know how it works. It just works and to me that's the part of AI in your I am context is like it's going to
start doing things. And if you don't know, if you can't predict how, you know, it always seems like business process. When you automate business process, you had to. How it would work if it was manually, step-by-step happening. You couldn't just say, well, the computer shifts going to take care of that and we trust the computer chip, but I think that's where AI is taking us so good.
Good answer on that one. The next one, I'm not sure if you've heard of this before, but it's zero, trust zero trust. I I'm actually really bullish on zero trust, although you get 100 people in the room. You get three definitions of what zero trust is. So on the hype cycle, I would
still say it's emerging. I think if you talk to most people, they would tell you, they're beginning, their zero, trust Journey. They're not fully into it yet even the Google as might think that they're not quite fully into it yet. So emerging, but I think the potential of getting zero trust if you get it right, particularly in the ident. So let me put a death Around it. I know this is lightning round and I'm not helping here through
the lens of identity. I think zero trust becomes more Dynamic, authentication, and authorization and continuous authentication and authorization. It's not zero. Trust it's like contextual trust and I think identity has a huge role to play in that. I think the challenge has been that the companies have tried to use tools to do zero trust and not made it an identity first. Activity. And I think if they make it an identity first activity, they're going to get further and faster
further along faster. You know, I've been to our say the last couple years and last year, I came away with the message that art zero trust has been solved because literally every single product there was some sort of zero trust I in and I feel like this isn't a New Concept been around for at least a few years. If not more, it's this is the marketing term that's being used. Now for this, you know, continuous it's an occasion really which is what you just Hit on.
And I'm curious though that the u.s. government has put out now, you know, memorandums and other things to say, hey zero trust is where you should be going. How does that affect cisos? Do they look at that and say, yeah, well, you know, no crap. We already that's, we already knew that. Or does it spur a call to action to say, hey, if it's good enough for nest, and federal government and CSUN stuff like that? Yeah, we should be looking at it if I haven't already been
thinking about that. Like I guess the question there is Is how much does guidance from government help? Inform a cisos strategy when it comes to that sort of thing? Honestly, I don't think it does a lot. I will I'm actually I've read all of the federal government's documents about it. And there is a whole sort of cascade of documents from a strategy document, to an architectural, diagram to a standards like the, you know, Nest, I. So I'm going to get it wrong.
120 nist 127, something like that. Anyway, I read all of them. Give Lee. It's actually really great reference document so if you don't even know where to start zero trust, that's a that's a really good place to go. Look. But you've got to remember, they wrote it for the federal government. They didn't write it for the Silicon Valley startup. They didn't write it for the hospital in the midwest. They wrote it for federal agencies and so you can you take what is you take what resonates
and you leave the rest. So I don't know, a see. So who doesn't create a strategy by going out and looking at sort of The landscape of things, what's happening? Where are they compared to? Where they're seeing the industry, go, all of those things, this is just another data element for them to consider, but unless they're to see so of an agency, it's not going to be a driver. Do you guys remember the most likely and group? It was a Saturday Night Live skit.
Actually, as a PBS show, as they would do, like our lightning round, then John McLaughlin would go wrong. Compensating controls will continue to make zero trust and unimportant. Factor. Yeah, possibly. So alright. That was just eating away at my brain so I had to throw it out there. All right, the third lightning round item is blockchain again. Within the context of I am nice
n't on the hyped Dyson time. Again, I think identity is one of these places where you, it's hard to solve purely with technology and so the I think that, you know, the idea of using the blockchain is intriguing. Where we can take it, I think is being explored.
But again you've got to have if you're going to consume it as either an individual person or as a company in your, in part of an identity management team, it's got to be able to play with all of your other pieces and all the other pieces aren't ready for it yet. So I would give it a 5 to 10 year Horizon to be able to be really ubiquitous you think it's a still a solution in search of a problem or do you think the
Albums have been identified. It's just taking longer to really figure out and apply the solution correctly. Neither actually I think the way we do technology is someone comes up with the idea for Tech and they come up with a use case and they go out and they realized that the use case they thought they were solving for wasn't really the use case that it was a best fit for and we iterate on that, right? So I think blockchains going through the same thing.
People are going to iterate on it for a while before we We find the mesh of this is a technology that solves this kind of problem. Right now we're going, we think this technology can solve this kind of problem. Let's test it out. That's where we are. I think at the moment I I think someone will find a really valid use for it. I don't think they've done it yet. I don't think they've done it
yet. The valid use for, it usually comes about because of either advances in other kinds of technology which is certainly on on the cards and I think blockchain and Artificial intelligence are really closely
linked. Actually, so where as, as each side of those things improve that that will accelerate the movement for both of them, but the other piece to it is the regulatory, you know, what's the community willing to do and to tolerate, and I don't think the community writ large understands, how to use this stuff. Well, enough to have an opinion yet on on the blockchain side. All right, I know what I'm going for. An hour and but I have to follow up here in something.
You just said the the linking of AI and blockchain. I think is really interesting because I think if they were working together, it might solve some of the issues. The early issues that we're seeing now with things, like chat GPT and Lambda, and barred, and all that stuff out there with sources of information being used for treating data. If that training data was part of a blockchain, theoretically, you could opt in or Opt out and track where that data was coming
from. And it's just when you when you talked about it being linked together, I wonder if that is something that is in the cards for, you know, the this this future of where data may be shared, sort of the self Sovereign identity and the associated data that might come along with that identity and where it may or may not be used to be able to track it, and I don't know if there's an answer for it now, it was just an interesting.
You know, thing picking wait my brain here as we were talking but yeah. Any reaction to that. This is where I'm hoping that people are actually paying attention. I trust that there is some researchers somewhere doing this work and I'm looking forward to seeing that published or someone listening to this podcast telling me it's already been done and finding me on LinkedIn and telling me that. But yeah I think that the what the blockchain brings is some Assurance of Integrity of data.
And some Assurance of immutability we can get into arguments about how immutable a blockchain item is and all that kind of stuff. But I think that brings that I think that what the AI promises to bring is the ability to understand context really really quickly and to be able to gather disparate data sources and make connections that we wouldn't otherwise be able to see for ourselves but what it lacks is any level of confidence in Integrity or immutability.
And so I think they're I think they can prop one another up that way. So I'm looking forward to seeing that happen. I think it's happening but I haven't seen it in any sort of commercial sense yet. Yeah, I think it's just interesting and I'm bullish on the i stuff I think like you kind of still figure out where the leverage, you know, when is Chatty Patty. Gonna take my job. I think, things like that,
right? But until it's until it's in a spot where I think, You know, people can trust the data and Trust the response that that trust in the identity is going to have to be a key part of it. And just Jim's gonna smile because that's upcoming episode that we're going to talk about his trust and identity with Eve mailer at some point. You're in. Excellent. Yeah. That's a good teaser. So you're welcome for that. Jim.
Alright, so we've been going out for about an hour, but I do like to end on a lighter note around here. We've got really deep into the identity things and I think it's safe to say that we're all a little A bit nerdy. Just haven't gotten to know each other over the last, you know, couple hours or so. We've been kind of been meeting and prepping and stuff like that and recording this. And I'm curious. What is everyone's nerdiest
hobby? That you might have I'm looking at Helen and I'm looking at her visual background. I see some really interesting things and maybe that's it. Maybe there's other things that are that she considers nerdy and I know that and I mean this as a term of endearment, right? I think having interesting hobbies and cool. The people do an aside is fascinating can understands the human side of things. But what is the nerdiest, what you think is the nerdiest hobby? You have Helen want you go
first? Yeah, so my background right now. Includes some Lego Star Wars, but that is actually not the nerdiest thing that I do. So for the longest time, I can't, I don't, I don't know when this started but I geek out completely geek out on business management books. And when I was at Ohio State, I had the opportunity to do, My masters in public policy. So that, that pivoted slightly I went from just sort of, generic
management books. Like How to be a good leader, and how did, how to make change in an organization. Now, I've pivoted to policy, technology policy books. So as we think about things like the adoption of sovereign and identities. What is the policy implication of that? Who in the federal government at the u.s. level or the Australian level, or the British Whatever who gets to decide what that policy is, how would they decide whether the policies, giving them the outcomes, they want
that kind of stuff. So, on a weekend you will find me with, you know, cup of hot chocolate or glass of wine, or whatever, and a policy book, and my husband thinks I'm a complete idiot. But that's, that's my nerdy Hobby and I must admit, I'm starting to Pivot a little bit more now into ethics. May, I Identity, ethics, accessibility ethics. That kind of stuff. So it's all munging together in my head and you've written a
book and I'm there. So I want to give it a chance to talk about that book, that you've written. But what's a other than your own, which, of course is require reading. What's a recommendation for a book perspective? That you think people should be checking out? So there's a book called artificial intelligence, by Russell and norvig, and it is, it's a textbook. So again, nerdy Hobbies, I read.
Books for fun. But it is a textbook about artificial intelligence in the use of artificial intelligence in in society. And this question that Jim raised around, you know, how much are we willing to trade privacy for usability and accessibility and those kinds of things and it really opened my eyes to some thinking, so worth a read, all right? And then we're reading actually the Phoenix project internally as part of our identity team and
security able team here at RSM. So we have at the book club for this quarter. So yeah, I blasted through In the first month or so of the year. So I'm kind of ahead of the game where everyone we try to do like a couple chapters like five chapters, every couple weeks or
something like that. And we come together as part of a group to kind of discuss, you know, thoughts and feelings around it. So definitely recommendation for people who are looking who are looking for more of like a fiction based approach to learning ITI. Think it's really fascinating, it's not it's probably the opposite of a textbook. I would type isn't I am part of a committee of folks we that runs the cyber security Canon.
Which is a list of books that have, we've all read that we've done a reviews on that's in cyber security. So if you go to cyber security Canon.com, you will find that link and all everything in it. Phoenix project was one of our Hall of Fame award winners at, but I will tell you is the sea. So the character of the sea. So in that book is a complete bumbling idiot and I resent the implication, but it's an excellent book, loved it, loved it.
The Seesaw transformation that book was very interesting. But I think it's a good lesson for folks to keep, you know, to take back to their because I think the the personalities are probably the more along the lines that aside the name like us, Jim. What's your nerdiest hobby? Well, I think all of my hobbies are very cool. Otherwise I wouldn't do them. But I just a cool guy, man. But my my hobby that most people probably think is extremely
nerdy. As I love watching documentaries and My favorite documentary is the Civil War by Ken Burns. I watched it the first time in the late 80s, with my father, watched all like Eight Episodes and I don't know if you ever seen it but no no don't say that. I want to know what happens if you want to know what happened. So 90% of the documentary is black and white photos and storytelling and there's a lot of you know, different voices.
Like Morgan Freeman is in it. It and Sam Waterson is in it and I don't know, I just love it. So I'll be watching it on TV and my son will sit down and watch it for about 15-20 minutes. He's like, Dad, can we watch something else? What do you mean? This is great. Why would I'm watching this for the 30th time? And I love it. So, that's my insolent. I've seen it too. He also the National Park series that he did was also just like that.
Excellent. So and there's one called the West which is also really well done. I mean all of his I'm Ken Burns is a genius, right? Yeah. Vishal so here's a nerdy fact for you. Ken Burns is an actual effect in Apple's motion and Final Cut software. And basically what it does is you can choose the photo effects as you're putting together a video on timeline. So here I am explaining my nerdiness is and it's actually called Ken Burns in the actual software.
And it's you set a point in time for one focus on the picture. And then another another spot on the picture and it will slowly pan between the two to give you that effective what you've seen in his cylinders. Yeah. So they redid that documentary and basically did that effect to a lot of the pictures so that they it's more visually interesting but I guess I prefer the old one. Yeah I guess myself it's not going to come as a surprise. Probably anybody? Who knows?
Me I'm just a general. Tech geek. So I'm constantly playing with stuff software Hardware, just trying to find the next cool thing that I think is interesting, and I don't know if it's necessarily nerdy but I collect bags, backpacks, much to my wife's Chagrin because I have at least three dozen different styles of backpacks, and travel bags, and things like that. My search for the Holy Grail of the perfect bag is still eluding me. I've got a bag for every Occasion Dua, one bag.
Travel to bag travel as this. You know, how many days, you know, I've gotten it down to a science where I can, I can pretty much travel for. I would say, you know, a week on one bag something that splits under under the under the front seat of an airplane, just to make sure that things go
through. So I think that's probably like the nerdiest thing I do. I know if it's dirtiness so much as kind of a weirdo thing, but there's a subculture out there for like bad collection, things like that. So that's my nerd. This one, I don't know, maybe it's just me. I know. My husband is also a bad collector. I yeah, I get it and I, I feel for your wife, she's always like, well, can you get rid of that one?
I'm like, no, I might be, I might use that one someday and that's how bad it is. Like some of these, I have not taken out of the house yet, but there is this. It's almost like sneakers, you know, there's people who like click whilst speakers and things like that. And my idea is at some point, you know, maybe it'll appear in
my video background. Some point will be like If this imagining like this pegboard wall, with all the bags, I've collected, and I'm not talking like, you know, cheap bags packed, these are like handcrafted unique. You do not like I run the mill so that, you know, the more the unique, the better. But I'm always looking for like the perfect bag to take with me ends. I had, you know, my wife gets a kick out of me whenever we're
going on a trip. I will unpack repack several different styles of bags which is the one I want to take this time. And she just Yeah, Happy Valentine's Day holiday way to my wife but yes I you know I'm a bad collector. So all right. Well let's go ahead and leave it there for this week. I'm going to go ahead and put a couple show notes. Helen you mentioned there was one about the the book club or the Bic the site was it? Cyber security Canon or something. Yeah cyber security Canon like
cannon, not tenancy. Inon like the camera, not like the artillery. Although, I guess if you could throw them at someone's face if you wanted to, but yes, we try to be nice. So I'll put a link to that in the show notes. I'll put a link to your, your website. See. So Helen.com which also has other links to things you done. Maybe we'll make the wall of fame with the different podcasts and things that you've been on make that on there.
And then, of course your LinkedIn, I'm sure people will be happy to reach out. We always like to throw people into the fire and say, hey, Helen will be glad to connect with you, and you can tell her how But you agree or disagree with her and very polite, and diplomatic ways, right? And the same thing for Gemini, right? You can always reach out to us on LinkedIn again.
We're going to be a gardener in March, we're looking to crowdsource very difficult challenging questions for the Gartner identity and access management analysts Henry came Becky. So if they're listening be prepared and hopefully we'll be able to you know, really put them on the hot seat so to speak and you can connect with us. We're on the web. Idac podcast.com we're on. Twitter at idac podcast. We're also on Mastodon idac, podcast at infosec dot exchange. Mastodon, get your stuff
together. It's very difficult to, you know, get that out and make sure people on the right servers and all that good stuff. So, alright, and then don't forget to subscribe and, you know, like the podcast and leave us a review. Some of that, we got some really great reviews or last couple months. I've been trying to put those on Twitter as I get time to kind of highlight that. So it's always good stuff.
That's a free way that you can help us continue to And great guests like Helen to the show, makes us be more makes us appear more important than we really are. So that's always helpful Helen, thank you so much for being with us and Jim, as well as thanks for your time. And with that, we'll go ahead and wrap it up for this week and talk with everyone. And you've been listening to
Identity at the center. We hope you've enjoyed the show, make sure to like rate and review and we'll be back soon, but in the meantime, hit the website at Tea at the center.com and find us on Twitter at, idac podcast. See you next time on identity at the center Tea at the center.com and find us on Twitter at, idac podcast. See you next time on identity at the center