This is identity at the center. If it has anything to do with I am this is the go-to podcast. So if you're a beginner or an expert or anyone in between you've found your new home welcome to Identity at the center now your host Jim McDonald and Jeff Steadman Welcome to the identity of the sender podcast. I'm Jeff and that's gem a gem. Hey Jeff, how are you? Oh, not so bad yourself.
I'm good. Hey, I got a an email from LinkedIn today that they are that I get one every so often with companies that are hiring people in the I am space and there happened to be a particular Airline hiring, and it happens to be the airline that we were talking about yesterday. They're looking for, like a senior, I I am manager and I've we all say the name of the airline, but I mean to find out that they're still using Seeker questions as a second factor of authentication.
I don't know. I don't know if I'd want that job. Yeah, naughty I think I don't know which one you're talking about but I'm pretty sure if it's the one I'm thinking about. It's not even good Seer questions. It's favorites and oh my gosh. I don't know how many soap boxes I've stepped on and off of around. I hate favorites.
When it comes to any sort of validation favorites change and they're very difficult for users to remember, stop using favorites Airline people who I think you're referring to Jim, whoever that new person is. Please make it a mission, Fix It. Go password list, please do something better. I don't fly them anymore just because of my regional change, but I know what you're talking about. And yeah, that is one of my one of my first world problem pet peeves that I have for
authentication. Yeah absolutely. And you know I think the reason I said that I don't think it's
the job that I would want. It's not that I don't think that would be you know low-hanging fruit or shooting fish in a barrel or whatever you want to say to describe something that's very easy to do or very easy to identify But if it's been this long and it still hasn't changed, there must be some inertia like a marketing, like a CMOS like know, our people want to have to use a second factor or people like the secret
questions. Yeah, they like it because they don't have to do anything, more secure. I don't know. I just I'm not gonna say anything more about it because I'll get in trouble. Say something I probably don't, I shouldn't say, but I don't agree with that II feel like this chain this has been around for at least seven or eight years. If I recall when does one live, because I remember when I went
live, I feel that's enough. Time to, you know, figure out what your next step is from a stronger authentication, but I understand you got lots of users, you got to be really careful about change and you know, all that stuff. But man I just I didn't agree with that eight years ago and I still don't agree with it now. Yeah. Well, you know, I know that. You know what really brought it to mind though about the airline's was I flew back last night. I got home at 1:00 a.m. and I
was very fortunate. The flight was comfortable. And, you know, it got in on time, but it's still a long day. You flew today we're in the great cold north of the United States and it was, we're working with a client who is a Regional Bank, so much going on in the regional banking space.
These days. And I kind of think one of the biggest challenges for the regional Banks, is that there are for the most part managed by the same or the Hard to become compliant with many of the same regulations as the big Banks, but they don't have the size of the I am organizations that the big banks have. And so, it's got to be a big challenge. I'm sure it is. I think you and I, you know, kind of talk through that this
week. Is we had a conversation with that, but I think the good news is sometimes that can be a blessing because there's less bureaucracy to get through things and to actually get changes done. So, I'm going to pretend So look at that as a positive glass half-full scenario, rather than the negative because Jim, I don't want you starting off with a - you were on a streak there for a few weeks. Let's not go there. It's Friday. I've been under his tail.
He have, it's not too late. It's not too late. Yeah, I got to tell you. I so I flew back from, we were in Chicago area and Wisconsin and stuff like that. And I got I had to get up at 2 a.m. to drive back to O'Hare and to catch basically the earliest flight they have out of there and I have found what I thought. I think is the best airline Club location that I've seen yet in the United States, the Delta Club at Terminal 5 at O'Hare is fantastic.
It's like, it must be brand new but it's big. Its spacious plenty of options, plenty of variety of seating Styles. I got to tell you at 4:30 in the morning it was a very welcome sight. For me, I think Delta's up up their game across the board. There are C so is Deb wheeler and our guest today and I reported to her at one of the bank at the bank that we work together at over a decade ago. So shout out to Deb your
company's doing a fantastic job. Yeah just fix some of the Atlanta club please it was because he's like a couple updates while before we get to our guest. Let's go through. Eddie what kind of nonsense do you got? I think we're coming up on a Denver's coming up here in a month. It's only 8:30. Years. Yeah, at the Aria Aria Resort and Casino in Las Vegas.
Nevada. We have a very special identifiers discount code just for our listeners because we love you so much and because I don't know versus so very cool, they hooked us up with this. This is like our first discount code for a conference. So get those little pens out its I DV as an identity verse ID isn't dog V as in Victor icen, like identity Center twenty20. So i d v Dash. I see EE. And 20. You know, it's a little doubtful.
I'll make sure it's in our show, our show notes of people get it, but that gets you 20% off which is, which is very cool. So, very nice to the diverse folks, to kind of hook us up there and I know you spent a lot of time kind of working with them on that. So it paid off. I hope your didn't pay off in terms of cash, but it paid off for our and our listeners who hopefully can see him some cash. Yeah, I think we talked about one of our priests, like, what do you do with that? 20% savings.
Do you throw it back into the, into the pool of the corporate pool or do you go to a little bit nicer dinner? You know? Do you rent The Uber black car versus The Uber regular car? I mean, how you gonna spend that 20%? Jim. Yeah. I mean to, I, like, all those ideas, I think I would maybe go to a show or something. It is Vegas. There's Vegas as we do it. Let's see. Any other news and notes before
we get into our main topic? No, let's Jump Right In and let's do it. Let's talk about banking in the I am World, maybe banking on. I am, I don't have excited on the show name yet. Maybe that'll name itself, but we're gonna invite on to the show. First-timer, Serena casula, he's a senior, I am technology leader at Wells. Fargo, welcome to the show cerini. Thank you. Yeah, thanks so much for taking the time to join us. It sounds like you and Jim have some history.
So why don't we start there? I think, you know, one thing too. To do with our first time guest is understand sort of their identity origin story and to find out is, is I am something that you chose, or did it choose? You, we have an interesting background and my journey starter exactly. Back in 2000. When we were building an authentication internally. We've been actually said, hey, you know, why not? We look at the cards product. So we started On looking at cars product.
And then, I started my journey with site minder, which is an integrated product and then basically, you know, implemented that well for the banking client, I was working for a bank at the time as well, to be able to provide a single sign-on across multiple business lines. That's how it's hard to make, you know, security journey and I am journey. And from then onwards, I being pretty Which, you know, as that
I am, is evolving. I was in the, you know, authentication directory and then governments and improve their gags. That's how I've been actually involved in die. And you know, like, interestingly German, I actually have worked out there, you know at the bank with they've been given under the tarp, a bank holding company status. So we We had two spun up, there is a program and we actually have to bring everything related to I am from the scratch and the time.
So that's how you know, Jimmy has been my partner in crime or delivering that I am program. Jim seems to have a lot of partners in crime so you're all innocent until I meet them. Yeah definitely. That is for sure. So Shri knee. You're a senior. I am technology leader. What does that mean in the real world? What are you? What are you working on? What does that entail?
Yeah. Being a working on quite a number of Tanks. It's basically we we have you know, like not only just working for all the Terminal. I am you know like capabilities development that means that the control requirements and also like we are getting onto a new digital transformation Journey to the into the cloud. So we need to basically develop Cloud specific controls and capabilities. That is something that it's new and exciting stuff. That's what actually I've been
working out. Let's go. Cool, socially you. And I work together at the bank and, you know, you left, I guess after me at some point. And I think you got out of the banking world for a while or into Consulting, you probably saw some banking clients because probably some in other Industries as well. What I wanted to ask you is, you know, how is I am in the banking World different than other Industries.
Yeah. So the banking industry is heavily the glitter and it Lot of compliance requirements. So one of the things that I know DC is basically because of the regulation and compliance, you know, most of the time, they will be heavy focus and emphasis on how do I make sure that we just become compliance to that regulatory requirements? You know, where as in other areas where you don't have this, at least based on my Consulting experience you know where there
is Not much regulation. They actually get an opportunity to be able to try some new things. Like you know, like animal model based, you know.
Like whether you are to look at the other end clip response inside, you know, I am or, you know, trying out some new optimization techniques some of those areas, you know, you can't you know, quickly introduce whereas in the case of banking you got to make sure that everything is Actually run through the compliance and making sure that you know, does it actually, you know, introduce any risk to the controls, right?
Those are some of the things that I see significant difference and then another aspect that I also see is for the most part in the banking world, you try to make sure that you are in compliance to the controls. We don't like to actually have Have basically, at least, you know, in my experience, you don't actually try to think about and Beyond just your controls right, you know, you like that. Looking at the overall risk posture rain. What do I need to do above and
beyond? So that's something that, you know, we won't have a lot of time. I would say, in some cases that's that she's a bigger difference that I've seen between a banking and not
banking. Yeah. I can imagine a and some when I was in the banking space and I've seen this, you know, working with financial services clients, but not being in the spaces, it's kind of like not every client that I work with is in banking, but going back over a decade ago, it was there's a lot more suspicion and weariness of leveraging, cloud Based Services. Now there's Um spaces of Technology where you look and it's like it'd be hard to find a non cloud-based service to fill
your needs. You almost are forced down the road of using cloud-based services and I always remembered that the hesitancy being around putting, you know, user customer data in the cloud. But I have to imagine all of those walls are breaking down now. Yeah, you had absolutely like Jim, you know, back in the day, like, you know, there was a lot of concern to. But if you look at today, now most of the software is basically a software-as-a-service, right?
You're already using route of the software service you already have your data in some of these Cloud providers. So you know that there is a lot of chipped in Approach and there is also some confidence in the overall control structure in the cloud providers. So, you know, banking world is also exploring and looking at opportunities to Leverage The Cloud providers, you know, as an extension of existing data centers. We are so definitely.
And you know, with the amount that I T, is changed how the cloud is. Acted things. I'm wondering what are some of the cool things that you're working on now in your role as a senior, I am technology leader. Yeah so there are a couple of challenges that comes with you know Cloud right. You know one of the things is you know mom basically the whole agility right in with be able to you know quickly deliver the resources and able to quickly push the workloads and everything is done through.
Will automate Russian using, you know, like automation tools, like Tara far more cloud formation? You know, we cannot apply the traditional the old school. I am processes are controls. So one of the things that I'm actually looking at is, how do we make sure that we support the agility and then also, to make sure that we also have enough controls in place. So that we can actually support the, you know, the business application to be able to be
moved into the cloud. That's one of the cool things. And also other thing that I would also say, I mean again like that was really think that I'm going out. But another interesting thing is, you know, we have been focusing too much on all the tools on the on-prem privileged access and all What these cloud provider spring is like an interesting challenge of actually having their own privileged access tools, we need to figure out how do we bridge
the gap, right? How do we, you know, play along with a toolset? How do we make sure that we actually put the controls that we have on-prem onto this Cloud providers as well? But those are some of the two things that I want to highlight. That's cool things. Yeah. Yeah. I mean it sounds like a you get a lot of opportunity to figure out how to do things faster more resilient than maybe even like some of the cloud solutions that you're looking at it.
Like, you know, in terms of what service level agreements, they can provide, you can you, can you actually beat those? Can you, you know, survive a disaster? I would imagine just something that You know, you look at Italy, can I survive a disaster recovery from a disaster quicker than being offered in terms of an SLA? And then I've got, I've got to mention also. When you look at soas and kind of historic data, usually like in terms of like up time, if they question like okay, can you
actually do that? You know, you might be putting it on as your guarantee if they fail to meet the also a like What are you going to do not pay them for the service for a month? You've got to look at it, probably like okay, well if I can't get my authentication system back up and running it could bring the bank to his
knees. Yep. Yeah, that's that's an interesting challenge to write, you know, like although they have all this High availability BCPS, you know, like you have witness different data centers on You know, like between East Coast West Coast and Global, but still, you know, when it comes to authentication, you know, you still need to make sure that, you know, we actually have an ability to be able to quickly, you know, failover to the backup
or failover to a global region that is available to be able to still serve to the out customers. So that that's so far has been pretty. Testing Challenge. And, you know, one other Cloud providers that we work with, you know, they do actually have some of this, you know, like able to kind of cash the credentials, like, not the kind of credential caching, the tokens and to be able to still operate and provide. So they do actually have thought through this.
They are providing that ability. Even in the case of, you know, I do not interfere lower. Originally I think of your area of its kind of like focus on the workforce. I am yet the big three areas access management identity governance and privileged access management access management. Pretty much has to be available. That's like you know that goes down for 5-10 minutes. People notice IGA you can usually last a little bit longer, right?
If your provision get slowed down so it's not like you know it's got Be 24 by 7 uptime 8, obviously, you don't want it to go down, but you can deal with a little downtime. I think privileged access management is in a, you know, ballpark by itself because you have the authentication, but it's also like effect course systems of like, people not only like, would it be people be inconvenienced by not being able
to authenticate? They might not be able to restore from a disaster if you have your Ajax s management system down and in my experience, that's a lot of the time where you faced resistance or harder time getting a Pam truly rolled out. Is that folks who manage systems? Like servers? Say, okay well, how am I how am I going to survive if you're privileged access management system goes down.
Yeah, that's that's that's well that's pretty accurate description of what are the challenges with each area, right? So It's probably just touch on the privilege. I think that's a valid concern, right? You know, you need to be able to give them access to be able to retrieve.
So, you know, we do actually have a couple of different strategies, you know, you know, one of the strategies to make sure that you always have a break glass through biggest break glass that way that, you know, they can actually get into it and able to quickly retrieve the access that they need so that they can support the business operations on needs, right? So we're able to Payable to get into the axis and they're able to quickly restore.
So so that, that interesting as you rightly said, you know, by being in the Consulting that is one of the concerns. Why in my Consulting area, they in my Consulting experience, they have not widely adopted, the privileged access to all the platforms. There are a lot of concerns. So, yeah, I'm one. I mean, I'm sure you guys do kind of the tabletop exercises and, and But, you know, I know that back in the day, people are always say, oh yeah, you have a
disaster recovery plan. But the question is, do you test it or like, how often do you test it? Because that's really the the the True Grit of whether or not your plans any good because you don't want to be there having different store in your plans, not good. I did want to shift the conversation so you manage the team I want to talk about like the pain. Pemmican, how you know, we just came out of this long pandemic, but it came on so quick. It hit a lot of organizations,
by surprise. They kind of shifted to a remote work posture and having to support remote workers that at the scale that they've never had to in the past, I'm wondering, how did that affect you and is it starting to ease up, where I'm in? I would imagine if, of course, seizing up, but Are people starting to go back into the office? Yeah. So it's a pine amick actually, talked all of us. A lot of new things, right? One is, how can we get the work
done remotely? And also it in interesting area for I am. Especially we need to actually be able to quickly scale up to able to support lot of this Workforce who can work remotely and securely, right?
That that's a Canadian and as we are getting back, you know, like a also, see some of the positive stop right in and you know like other people are actually somewhat like a kind of bored being That whole part so long once you know the officers have opened up, you know like they like that social interaction, they like to be able to get into a room and then whiteboard, you know, especially on the alien at work in. You know, we we like to actually whiteboard lot of stuff like in
how the integration works. You know, how do we actually build this controls in place? So that is a gradual Transition that we are going to right now. Yeah, did you guys ever get to a point where you could, you know, virtually whiteboard? I mean, did you try to take that and come up with some kind of
app that everybody could? You know, I think Microsoft has, I actually never got to the point where we actually like worded virtually, very often except you know, trying to use like losing your power when it comes. Yeah. When it comes to technology, I like to. I like to use paper and pencil. I'm excited for you. Get your new laptop. By the way, Jim because as a pain you're going to love it.
Sorry I didn't tell me. Yeah, so I mean we have not used a lot of that but, you know, I think as you know, with all the bandwidth sometimes like you draw here it doesn't show up on this Creek for quite some time. Like, you know, and then he's
doing video calls. But what we have used is like, you know, Lucy chart or Vizio. You know, you basically draw on the Vizio and then you know, that way that you can shade and you know, basically are you, you know, he's do the Vizio upfront and then about Vizio on the corn. So, that's how I've seen at least in my experience during that time. Yay, I think lucidchart for me, it's like, I can use lucidchart to drop a diagram so much faster than we do. Susie.
I think I don't like the zo. You remember those white boards that a lot of places to have where you could draw on them and then you push a button and do a print it out? Yeah. I've seen that but I don't see that no, but I do remember a decade backed up what their Clint, right? You write it on a whiteboard that you draw a picture, it'll automatically scan and intended as a PDF to Peter that you can use either printed or share that. So I don't think that quite
often. Now it is, it's like a nerdy corporate Polaroid yet because really bad. Yeah. So what was the one that Arturo had Jeff? Yeah. They had Microsoft Surface hubs, which are these, you know, basically big screen TVs with touch screen with touch touchscreen. Capability could draw and I'm very cool, very expensive. I don't know if they were ever actually took often and all but maybe the biggest Enterprises or maybe the best Microsoft customers but it's a very cool
idea. But you have like this basically 50 inch TV that you can write on and it's connected to your team's room and everyone can see it. It was neat when we were there, that's for sure. Yeah. So she need a topic that we've been thinking a lot about lately, is you know, training, you know, training of your team. What format do you think is the
best investment? Is it sending people to Sirs is it semi-people to conferences is as something else is getting the Melinda membership or just saying go hit YouTube and watch videos. Then, you know, do you prefer vendor specific trainings and conferences or something. That's more, you know, industry General, I would say basically bought a combination right, you know any English teacher.
General, basically is something that I would say at least, they need to have an exposure because I am has been changing and evolving, you know, in the last couple of years, right? I mean, it has been changing for the decade, but what I wanted to basically say is I want to be able to have my team to have exposure to, with I am. Heading and how the industry is is changing and where they are heading towards.
And also gives you a bigger picture of how I am fits into the overall, you know, cybersecurity ecosystem. Right, that's where I see a lot of value or products industry conferences but when it comes to basically and expertise into a specific capability, You know, that's when I see a vendor specific. In a classroom.
Right? You know you go there is not only learn about the product is it will also give you an opportunity to connect with other people how they are implementing, what are the challenges that they are facing how they all come. So that is also, I feel like it is very equally important to make sure that you know like you become an expert in that area. Right. That's that's that's how I say yeah. And now I think that's a good point. So it's kind of Like both vendor and Industry.
General is important for both fronts. I will say this about conferences. I love going to conferences and networking with people and hearing about how they're solving problems. And then you can follow you up and, you know, extending that, that meeting to, you know, reconnect later.
One question I had for you is as e in the banking industry, when you're a conferences or wherever and you're meeting your peers from other banks, are they pretty much willing to share information or you willing to share information in terms of here's what we're doing? Here's the kind of threats that we're facing and how we're taking them on.
Because I always felt like within the within the industry information, security is one area where you're not, really competitors, you're not competing, Against it. You're competing against the adversary, right? Not against other Banks. Yeah you're exactly right. Basically we are not competing, we are not fighting with each
other competitor, right? And so you know, I mean I have seen at least there are various different forums where they all come together and then talk about you know what they see what are the best practices. And I also have noticed basically all these big vendors Right? They also have a vested interest to bring it all these folks together and say, okay, you know, like the to improve their
product. They want to actually have all this potential companies to provide date, you know, like product feedback and then they also wanted to hear from all these Financial organizations. What are the the features that you would like to see, which is common across all these companies write all these Financial organization.
So, I'm saying more collaboration, more knowledge sharing now than before great, I'm going to keep going, Jeff you don't mind because I've got a few questions without answering and actually, what I want to do now is kind of like, do like a lightning round. So I'm going to throw some ideas out there, some things that I've been thinking about, and I'd like to get your perspective on them.
So the first one is devops, you know, doing the automation automated deployment like infrastructure as code. Code deploying applications. Devops. What are your thoughts there, when, and how it relates to what you're working on? Devops is basically The Veil The Future, right? I mean, you know, develops is the way to deploy the code. Obviously the way of actually building the infrastructure, you know, I think I am actually also be part of that pipeline right now.
You know, if we don't actually Be part of the pipeline then we will become a blogger. So I think that there is a lot that I am need to actually to the catch up with the developed Pipeline and then be able to deliver all the required controls as part of a pipeline. I think there is a lot more work at least from my point of view in that area.
I think it's a big deal to. You have to think about like, Robots, and their need to have identities and how can you, you know, as I am professional, make sure that that's being used and done according to policy, and within control, without slowing down the process, right? That's the, that's the challenge. Yeah, so that's the challenge
again. So, what we need to make sure that is this We should support the agility, but at the same time, we also need to make sure that we have enough controls in place so that we are managing the risk. Yeah, and maybe ask these are for because I think this is the easier one or the thing that people point to that, it's like, oh this is how you're going to secure Cloud. So this new space called Keem or cie. M stands for cloud infrastructure.
Entitlement management. What are your thoughts there? So that's an interesting area. So that is basically is going to be key if you want her to have a visibility into the cloud. So, Rod up these Cloud providers, basically give you some visibility but not the extent that you want to know
about it, right? So these like a see, I am vendors who has become like a Our Diagnostic and they are able to provide visibility across multi-cloud which is actually going to be very key because you want to know, what are the the entitlements, what are the account and who has access to what? And then what type of access they provide? The CIA actually is solving that problem, right? So that is We're going to be key if you are into the cloud. So that is what is is the
evolving, right? That's evolving. So and if you look at the trend, you know, right now there are some point solutions that are actually coming out but I do see in the future that should become part of the IG a solution because how IGA actually has a visibility into the on-premise systems, you know, like I can see I mean, Providing the similar visibility but we need to.
I hope I see I would see in the near future is having this idea products bringing their GM capability into the IGA and not only just bring the visibility you know we probably need to look at in the future. How do we actually also leverage that data to even you know think about how to be provision or how to behave. Mediate the over-provision axis. That's how I see in the future. The industry is going to head to us. I hope it is.
I think that's really insightful that you can see moving toward IGA because they're both kind of a detective control who has access to what there's periodic reviews of that. But I think you know at least operationally speaking, the idea with Chi minh's that you're looking at it on a more frequent
basis. So so you know, maybe maybe that's not true, but that you're looking at the, you know, over-provisioning as I think the word that comes to mind for me is hey, this role is given to to too many people. These people have too many roles that are they don't use these roles and then you can go and right size access. But it's after the fact it's they've been sitting with that role for so long. They haven't used it in 90 days.
You should take it away from that person, but the reality is that they never needed in the first place kind of. Yeah, that's you know, see Amy's is giving out of their perspective which we never had with all. This idea Parks is. It also looks like that usage is never actually have visibility into the target system. Whether this entire argument has been used or not. See, I am actually Lee looks at not only, you know, the audit
data report, okay? When was the last time this role has been used, who has used it, and it also looks at the analysis of the, the road and the corresponding permissions who have access to it. And then, you know, when was Malik is this over provision taxes for what they are trying to do. So it is bringing a different dimension, which, you know, we never had even. On-prem. Yeah, you're right.
And you know Jeff that I've had this discussion or only call it a debate but it's more like I am we talk about I am it's who has access to what and then there was the UVA or ueb a user Behavior analytics which was and what are they doing with that access? Or they is the access being used appropriately? And I think there's an element of that to Keem where? You know, it's just to your point like okay, we're seeing things. We were not able or not able to see with IGA.
Are they actually using the access? So the last one in the lightning round was, you know, password lessons. A lot of pastoralist Solutions
have identity proofing. In terms of part of your onboarding process into your organization using a government-issued ID and, you know, maybe doing like Video selfie to make sure that actually match up moving that into maybe that pre-populate some of your tax forms, but it certainly gives you a higher proof that the person is who they say they are maybe later on. You can use that that data for pastoralist so you can do pastoralists with a biometric things like that.
So I wanted to get your idea of like how important to you is that or does that just seemed like science fiction. So You touch that, two different topics. What is the identity proofing? So in addition the Enterprise World basically the proofing actually happens before Enterprise user comes into the corporate right now.
You need to basically go through all the background, check all of that and then we use a hedgehog system and then typically We Trust once you are in the HR System when it comes to the path for Less you talk about you know that that's it's a different way. How I see it. The password is basically again we all need to move towards password is because we all know that passwords are not secured way authenticating for the password list, you know?
I mean will you talk not like it's it is not only just for the human user site, you know. As you see a lot of means, you know, like when they're like, you know, providers like a Google or Microsoft, they are moving towards a concept called manage Identity or manage account.
So they want to be able to basically have these, you know, identities become password as because they don't want to be in a business of maintaining the credential and then putting a burden on the app teams to actually live for Dating the credentials. They want to actually provide required resource axis at the same time. Also bind it to a resource so that you are focusing on just
getting the access you need. And getting the access that you know, you need to the right resources at the right time and you know, moving the burden of like taking out the burden of liquor as if you look at traditionally like Help the
on-prem. You know, you have a separate account, you need to Walt it. Inactive, make sure that you are rotating it. And all of that is lot of overhead and, you know, for the Humanities as possible is definitely the way to go. I would see that as more and more applications and more and more Systems Support it. I think the password is is the code. It's, it's the most secure way off. Authenticated, that's how I see. So I'm going to ask you to put
on your prediction hat here. I'm not going to hold you to it, but when do you think at least for, for for your organization? When do you think you'll be ready to introduce password lists for your customers or for your internal Workforce? Like what is your timing feel like, right now we already use possible lists for into the Enterprise users. So we are trying to expand that school, right?
You know, because if you look at it like, you know, Password is it is something that I have solved, so should be in a position to accept that, right? Not all the applications are ready to accept the password. As we already have certain applications password as we already have roll this out to show real users internally and you know, I see in the next couple of years, it's going to be widely adopted for witness different up. Vacations.
I think this is more on the vendors to become a password is complying, but we all know that a lot of banks love their main frames. So I'm sure IBM and rack F, and top secret. And all those words are are hot on the trail getting password list, enables part of their authentication stack, I will put you on the fire, you know, to answer that. But that's just my into sense. What are some tips that people can take away if I'm in financial services and I'm listening to this?
And maybe they thought about it, maybe they haven't. But from your perspective, what are some tips when it comes to Identity and access management that you think people in your industry should be thinking about? Yeah, my tip is going to be, you know, Tink beyond the compliance
requirements, right? You know, we need to be more cognizant of the threat landscape and make sure that, you know, we are aware of the risks out there, think about and Beyond the bid minimum article compliance requirements, but I would say, you know, is going to be the number one people that I can recommend. And it's not only for myself or other folks as well. Better security improve helps everybody. I would imagine a business. So you know, the rising tide lifts all boats.
Let's go ahead and start to wrap up the conversation. There could have been super generous with your time. It is a Friday after actually almost evening. It's five o'clock on a I so want you to get on with your with your weekend, but before we go. Wow. Let's end on a lighter note. And here's what I got for us this week, would you rather go into the past and meet your ancestors or go into the future and meet your great-great-grandchildren trainee?
You're the guest of honor will start with you first. I would like to keep the past in the past. I don't want to look back. I wanted to ride it actually look into the future and And I want to meet Mike then grandkids. Jim are you? Yeah I mean you know me like the first thing that came to mind was like the past because it's just like I'm I'm into history, I'd like to see how people lived but Man just thinking about like the future and seeing what the world was like in the future and
seeing you know how? Well, first off, I guess if you have grandkids or great grandkids then you know, hey you did all right, you guys, you know, the world didn't implode and I'm going to let you go into the future. It's like some kind of like Terminator scenario where it's like him, we're trying to stay positive, man. Come on. Killing me here. Hey, the episode Almost ended and it was all positive.
So I had to bring it back down to reality, you know, if there was an apocalypse scenario, I really wouldn't want to be there for that. Yeah, I know we have our issues. That's our next podcast is apocalypse, talk with Jim McDonald. So yeah, it's Jim McDonald. Yeah. So I better get out there and live while the world still going. So, I'm going to just say future and move on. Okay, so I wonder if this is Is if when you answer this question, if it relates if you have children or not, I don't
have children. But I still would go into the future, not because I want to meet my great grandchildren because like you Jim and I think maybe she is like I want to see
what the world is like, right? Do we get to the Star Trek you know, phase yet and you know in the next let's say 100 years 200 years worth of that looks like you know, with life expectancies going longer, maybe that extends, what a great, great grandchild, you know, might look like from an age or distance perspective, from where Right now, I'm a future. I'm with this rainy. I'm not going to the past past has passed. Jim, I'm a little surprised. I thought for sure you would want it.
You you would, you would, you would go between the two, but you would end up on the past because of your love for documentaries. So you. Yeah. So I surprise you but, you know, here's the thing about the past I always think about is that probably I'd be dead in the past because I'm almost 50 and like, people did you know, the further back in the past are a lot fewer 50 year olds. You know, people who are 60 or over consider very wise because, like, they basically live well
beyond their life expectancy. So I'd be like the really old dude in the past. Jim you just did. You did it again. You took it to the morbid tip. Thanks for thanks for that. We're going to go ahead and show everyone. I gotta leave it there for this week. SRI, thank you so much for being part of this. We like to put our guests, a LinkedIn into our show notes so hopefully that's okay, people have questions. Maybe your things that they
might have reached out to you. Hopefully you're open to that. Is that all right? Yep, of course I have in front of, you know, thousands of people who are listening so they know they know let's see as far as we go, you can visit us on the web where idac podcast.com. We're on Twitter at.
See podcast we're also on Macedon and idea see podcast at infosec that exchange Jim and I always love to engage with listeners got a lot of actually great messages this week including a book that one of our listeners wrote so I have just started it I got through the first chapter on my flight today so I'm intrigued and I will maybe be giving a book review here in a couple episodes so that was kind of cool but given all is a gym and I was like to connect on LinkedIn with folks.
So feel free. A show on your show ideas, you know, whatever you've got for us. We're happy to bring it to the show and don't forget about our identifiers discount code. It's idv. Icen, 20! I'll have it in our show notes as well. Get you 20% off your registration and you can use that to do an Uber black or however you think you can. You know, finagle that 20% back
into your own pocket. I'm not saying you should just saying, you know, there's an option there and then don't forget to subscribe and, you know, rate the show that always helps us. That's the number one. We can help us. You know, grow and continue to share with other folks. So with that we will go ahead and leave it for this week. Thanks for any thanks Jim. Let's start the weekend and we'll talk with everyone in the next one. You've been listening to
Identity at the center. We hope you've enjoyed the show, make sure to like rate and review and we'll be back soon, but in the meantime, hit the website at identity at the center.com and find us on Twitter at idac. See podcast, see you next time on identity at the center