#309 - IDAC Sponsor Spotlight - Token Security

I think that the best security products. Give you a Peace of Mind. I think that when I installed I don't know like for example any Dr. in my company. I had Peace of Mind that I think that my work. Workstations are secure, so I think. That a good security product? Not necessarily. Authorizing the background, but authorizing a way that's not by the Lawson for the organization. So you do have a measure that you can look in, but I see like that we attach ourselves to your

organizational. Workflows. Whether it's a ticketing system messing also our solution, I'll just send you all notifications via select, but. First thing that we. Do is when we build an inventory, you can see in one place all of the non human identity that you have, all of their entitlements, all of the authentication methods, the owners of those identities and the usage that you do it. On top of that inventory, we provide multiple. Applications. Most popular application to start with.

Is Toledo SIS you want to identify the top ten and most critical identities. You like it to call it the most wanted like the ideally sheriff is coming to town and trying to like like to catch the the biggest seminar. So that's like the most. Wanted Bob and Dennis share. Because that domain name taken because that might be 1 you want to jump on next. We have we have something here. I'll follow up like right after. This recording and check that if

that domain is available. I think that Jim is doing it right now, but. Not the point seeing us. This is identity at the center if it has anything to do with IAM. This is the go to podcast now your hosts Jim McDonald and Jeff Stedman. Welcome to the Identity Center Podcast. I'm Jeff, and that's Jim. Hey, Jim. Hey, Jeff, how are you? Oh, not so bad yourself. Great. I'm excited for this episode. We're we've got a guest on to talk about machine identities.

I think this is one of the areas of digital identity or I'll even call it identity and access management. We've been in it long enough we can call it that. And this has been a problem since day one. So I'm glad to see the industry is taking us seriously and folks like we're going to talk to today are building solutions. Yeah, I. Feel like this is like the Zoolander meme with the will ferry character, you know, non human identity. So hot right now, you know, so

we're going to get into that. Today is a sponsored episode. So sponsor spotlights. These are things that we create with our sponsors to help understand the points of view that they bring to the identity space. So make it crystal clear. They have sponsored this episode in full. We're going to hear today from Token Security. You can visit them on the web with a very easy to remember Token dot Security website. It is a very cool website, one of the best that I've seen.

So I would definitely encourage people go check it out. We're really well done on the web design, but we're not here to talk web design. We're here to talk about non human identity, machine identity. They have a tagline to go machine first. We're going to find out what that means.

So I'd like to welcome to the show Ito Shlomo. He's the Co founder and CTO of Token Security. Welcome Ito. Thank you, Jess. Thank you Jim for hosting me. Definitely one of the. Highlights of my life. Well, you know, that's fair and flattery will actually get you everywhere on this podcast, so I appreciate that. But we like to understand a little bit more about yourself. How did you get into the space

of identity? Is it something that you chose or did it choose you? I know, like I think that I have a classical nerf story that took a very, very interesting twist. And so in Zelzer Short I am. As a teenager, I I mastered. Online gaming, that was like something that I like to. Do one of the things. That I like to do the most. Actually happened until today. I started a gaming server.

On my personal computer at home built my registration panel and hair care, which was probably one of my high school competitors. I'm headed by by passing the. Authentication. And then I was like, OK, there is something here with this authentication. I I was bursting into the army. When I was 18. And from there. I started my test, like my career test, in terms of that operations vulnerability research. Implant development and they learned exactly that that like the exact like the.

Exact other side of how? Do you exploit identity? And while a lot of my friends had amazing talent in vulnerability research, I used to like just find the kid that was the line, get out somewhere and use it. And it was something that I thought it was like a cheat code and eventually ended up serving a short. Term of 13 years in in the Israeli army inside operations and decided that the. Military life. Was most of me and when I finished, my son said.

I wanted to to do something like that would that might change the world, but also something that I'm good at. And I remember like all of those cadets that we found lying around. And like, then I thought that. A machine identity security is. A very, very important and decided to go and start. A company on around that concept. So that's how I got. Into into this. Space eventually, like lately we've seen so many breaches like the snowflake hack of

Ticketmaster and so on that. Well, machined identity LED that that. Also, Make Realities is showing that it's a very very problem right now. Yeah, it seems to be everywhere and it's just going to proliferate, right, as more things come into the into the world that are doing other things, right. Bots, AI, right, servers, IoT, right. There's a whole bunch of stuff that's supposed to be out there.

I'd like to learn more about token security because people may not be familiar with company itself. So tell us about token security. What is the problem that you guys are looking to solve and what do you bring to the market? So I think that like building software is super hard. And then? You want to find the. Right tool for for your task and you pick a certain menu of technology that is. Super wide like you have. Fast services you have database. Technologies.

You have workloads technologies. Like containers function and server and what not. You are multi cloud, you work with Kubernetes and each one of the technologies. That I just said. Is. Implementing it's own identity mechanism. At least authorization but. Also a lot of times like also authentication and. Then what happens is that you have thousands of different identities that was caused by a huge fragmentation of that space. So like everybody creates it's own.

Identical either and then. When in human. Identity you add. One single source of. Tools. So which is your SSO provider in machine? Identity every. Every asset manages its own identity. And that's how we we. Came up with go machine sales like. We want to attach the identity problem but. Like with the machine sales approach that look at the asset. That you want to protect. And not necessarily your identity. Profile And so we got into this. Space and try to understand.

Like what's the problem here? Like why is this so? Problematic for organizations to. To solve and we saw that on top of the.

Fermentation. That created the big scale issue of identities. There were two. Main. Problems that organizations were facing. One is the ability. To find the human owner of each identity and second one. Was the quiz that owner with the alternator? That they need and identity. Both the static. Parameters, but also the dynamic.

Usage in order to solve. For example a key rotation problem, or a stain identity or an over permissive service account and so. So that's in a. Nuts and the problem that we're solving. OK, you pert my ears up here now, because when you say try to find the owner of a machine or a non human identity, I mean every every organization I've talked to struggles with that. Who owns this account? It was created 5/10/15 thirty years ago and you know who's responsible for that?

So I'm definitely interested to learn more about this. I think that kind of speaks to the importance too of this area of who owns these accounts, because if you don't know who is responsible for the account, how are you supposed to secure it? Doesn't have the right permissions. Is it doing what it was intended to do? Has it been hijacked to be used for something else? That could be benign, right? Happens a lot. Service account might get used for something else.

Or it could be, hey, maybe an attacker is, is piggybacking on a service account that they probably shouldn't be doing that, right? Is that make sense from a kind of trying to define why this is so important? Are there other things you want to add to that? Yeah, I think that it's related to two, but like, yeah, I think that identifying the. Internal order is super important for. For example, sometimes we see that the most critical accounts in.

Organization were traded by individuals that already left the company, for example, so the ownership. Data is really cushion to identify which part of the organization is responsible. How do I assign like the the handling and the life cycle management process of that identity? Second part is really the usage as you said so. When an identity is spread across thousands of containers with one. Database user and password that all of those containers are.

Using you want to expose this this level of dependencies and usage to find out what is the real use of. That service account I think that visibility in not even identity is one of the key. Key problems. So it's not only. Cause a results like. Integrating with all types of products, but also identifying the usage. Patterns of the identities themselves. So I want to make sure that we're speaking the same language when you say non human identity

or machine identity, can you define that for me? Like what is your your definition of what that means? Yeah, there's so, so many terms. Right now like machine identity machine. Account service Account API key, everybody likes to call it. A bit differently, so let's. Scope where we're at, What I'm most, what I worry for the most is the identities that could lead to your core. Technology and yeah and to affect your medical resources and. What? What's not in token? Security scope.

It's not endpoint identity. It's not your employees workstations or laptops. It's not IoT. It's not the. Voice over IP device that you have or the camera that you have installed, even those, those, even though those are machines, it's not what we're handling and also we are not handling public key infrastructure. It's not. The. Client to server encryption part. What we worry about? Is the identities that are.

Mainly you are all. Well intended for programmatic use inside your core technology, inside your core assets. And could affect that could. Be a sense force. Integration API that could be. A service. Account in your. AWS. That could be an SSHT that opens all of your EC2 instances. Or other servers. It could be a snowflake service account, but that's the area and the attic that that we are working with. So I am always interested in how

you come up with names for companies these days. How'd you come up with the name Token Security? What was the the driver? Behind that, OK, so let me tell you. A bit of a funny story. So we know how a lot of. Fathers in cyber security come from Israel. What we're known for in Israel is that we have extreme. Self-confidence. We like to really be stubborn that we lied at what we're doing. So my partner and I, we chose the name for the company. We chose a name.

We. Already registered the domain. And the name was like something that was supposed to bring light into a doubt problem in the cloud. And we chose the name Moonlight Security. And we were certain that we it was a fantastic. Name we sent. Our friend and intro request. To one of his investors. And he asked for us like send me your e-mail address. And I sent him it. It at Moonlight security and he told me, did you look that up in the dictionary before you signed the domain?

Like, what is your, why did you pick that name? And then I understand that moonlight has a very, very different meaning. That's why I and so we went back to the drawing board and we understood that everything. About machine identity and. The fact that like what happened in reality is that what people are looking in non even identity is to regain trust token is the. Symbol and basically the essence of trust. It's something. That also is the core. Of the problem that we're.

Solving token compromise, and in very, very different ways is. Probably the main attack vector that attackers are using. Today and so it it's both. It both symbolizes the space. And the problem that we're looking to solve, and so that's how we pick the name token. And the URL token dot security was available, so that's even like a bonus, right? Yeah, everybody thinks that we're in a. Crypto, cryptocurrency, but you know we're building a not even

space to take over that. So let me put my jaded CSO hat on. I see a lot of products out there. What sets you apart from others

in the space that you're operating in? Like what makes you different? Yeah. So we another vendor that exists today in. NHI and they cannot even identity. It's important to explain. What do you need? In order to solve the not even identity problem and. Eventually that leads for. Very, very different applications, so I won't talk about the applications for a. Moment I will just. Explain like how you should. Look and attend NHI. Vendor What makes token special?

So I think that we invest in in call of three main. Value proposition. 1 is that we want to be the only vendor that you need. For non human identity. I don't. I think. That too many companies are trying to. Nail down. They're offering to look at a specific technology, like only cloud providers or only SAS to SAS integration and so on. I want to be your non. Human identity providers so on Prem for self force and workloads for database that you can't access easily.

I want to. Cover your cloud native identities. I want to cover your. SAS, SAS services and also eventually or casual customer. Integration that are done problematically. Which is also a type. Of non human identity. And are we there? It might not be there yet, but we are aiming to give you as full coverage as possible Second. Part is. Basically trying to solve or or starting to solve. Your operational efficiency problems so a lot of people can handle one service account handling.

Multiple or handling the entire. Service account value that you have is very very hard. What you need to do is to harness the entire organization for that in. Order to harness the organization you need to identify internal owner or to provide ownership for service account connecting the non human identity. To a human identity, their part is to acquit those internal owners. With the data that. They need. We want to give you all of the. Data that you need. In order to remediate or in

order to improve your. Security posture in non human identity. Because the thing that most. Engineer that that like is shared between engineering, DevOps, SRE and security is that we feel to break stuff. I want you to have complete. Certainty that you can take action. And have all of the. Data that you need in order to take that action and so the dynamic usage layer that. We put on top of our inventory is. One of the most crucial parts of anonymous identity. Solution.

With that data layer you can do everything. You can reduce risk you. Can operate very very. Efficiently you can stand to. Compliance frameworks you can do. Everything that you want to, you can do life cycle management. Key to have coverage ownership. And usage. So either this is a solution focused on the enterprise, right? So it's going to be enterprise identity leaders that are going

to look at the product, right? And I, I kind of feel like as a enterprise identity practitioner, they're used to certain lanes. So you got your IGA lane, you've got your access management lane, you've got your privilege access management lane. ITDRS certainly kind of like becoming a lane and I don't know that it's established itself as a lane yet. Is token security in one of those lanes or is it different? Is it Is machine identity becoming its own lane? That's a good question.

I think that I don't. Like solving the same problem in a better way a lot of times like that's that's a part of my personality and what I believe when I started a company that we need to find a new problem. And then non of an identity problem. It had certain that make solutions that were operational on to it, for example, power solutions such as cyber alcohol or the linear beyond trust and solve them. They manage credentials right?

Like they take service accounts and they allow you to access them securely. But they were mainly. For human beings and also they were born on plan. They were born. For a limited amount of server, they were not born for the state of the. Cloud and so when people ask me if I would ever if I. Imagine that non even identity would be in one of. Those lands I would. Say that it's like. This starting. A cloud as a very fast host, I don't think that like. I think that.

It's an entirely new area that is here to. To last as long as people are bending software as. Long as they are utilizing the Internet and AB is, I think that not even identity would be separated from human identity solutions. Yeah, I, you know, I, I kind of feel like with non juvenile identities, they require a lot of the same technology or processes as human identities, right. But they're not always, you know, one for one or they don't work the same.

So you still need to have a life cycle, you know, the creation of the account, the destruction of the account when it's no longer needed. You need to have some kind of governance. So there has to be some kind of human who is accountable for that account and needs to determine, yes, it has the right permissions, things like that. So that's kind of the identity. And then also from an excess measurement standpoint is authentication.

It probably needs some kind of rotation of the credentials and things like that. So the first part I think of is like the IGA duties. The second part I think of is privileged access management duties. But all those things breakdown like, you know, we have best practices when it comes to dealing with humans. Like the humans come from the HR system and for a user, a human perspective, you can do multi factor authentication and you can have a human being change the password ever so often.

Well, machines don't work that way, right? Non human accounts don't work that way so. I guess maybe you're rambling a little bit, but what I wanted to get to was, so how does token security work? How do you address those different areas or which of those areas do you address? That's a great question. So in order to not be. Attentive. I want to share an interesting story.

I want to share something that's like the tall. Essence of Why not when identity? Is such a hard problem and it's an. Anonymous, anonymous case study. That we did with one of our customers around. About a real nice events. That happens for them. Luckily, that event ended up in a with a good result. Because we were there. But let's try to to visualize like the problem. In a very, very real story, kind of. So you have for example. Some kind of a service that hold

very sensitive data. It could be one pass all, it could be all Google Drive what we identified. That on a certain. Day one of the. Service accounts that came from an identity provider was compromised, and that service account had a password and an MSA. It was perfectly safe. For human access, but it also had an API key. And that API key was compromised by a third party that we identified later and we started. Digging into the problem. Because like. The the people in that company

really took care. Of that service account. But API key is just like a Latex credentials that you put somewhere and use it in order to consume a service. Well, when did we hear about that problem in human identity? 15 years ago maybe. So we start. Taking it down, we observed all of the compute. Environment of that organization started to analyse the infrastructure. You see, we started. Segregating like OK, that API key usually comes on this NAV gateway, it comes on this account.

OK, so we narrow it. Down to like 2. 105 hundred machines Saturday and we start scanning the the snapshot. Of all those of the. All, all of those machines, we

identify a certain machine that we spent that, that was the machine that. Was called promised also a very very hard test that is nothing alike. In our human identity. We took the code from that.

Machine and identified the Gita report that it comes from. We scanned the Gita. Report and we signed the API key there it rotated. The event is over.

Everybody's happy. Nobody got. Fired. Great success for everyone.

But you can. See a scenario like that in human identity? It just doesn't happen because like you don't have 500 much 500 humans using the same account sound as you have but like. It's very, very. In non human identity it happens all the time and.

I can keep on and on of how the. Technology is different, but I think that this case study. Proves that like. It's a entirely bypassing attack sector that is not covered by ITDL, not covered by IGA, not covered by IDP, not covered by PUMP. Yeah, no, that, that's a really smart approach. Yeah, I'm always very much wired to think about, OK, what is it going to take to get this solution in place? So I'd like to talk about like,

you know, what does a project look like? But also if you've got, if somebody who's listening right now is interested and wants to give it a try, you know, where did they start? And then what does this look like from a full implementation project effort? Yeah. So we have an entire.

Philosophy for that which I will say is our the right listeners for my listening. Tool to me talking 3 hours about software. Development. So I'll say it very, very plainly. Building software is the best. Thing in the world. You need to do it quickly and you need to use any technology. That you want. And I even want to. Encourage everyone. To build the test there to use the most. Cutting edge technology that they that they want. What my purpose is, is.

To allow them a framework to do it safely and safely doesn't mean slowly. We aim for. Speed. We aim for a quick deployment. To see the value as quick as as you can, but also to present ourselves for. As being in the middle, we're an

integration based folder, so that means there are no clients, no agent, no central dashboard that you need to document any identity that you created. We operate. From the side and just allow your Peace of Mind that you could go. Sleep well, wake up tomorrow. And be in the best of store that you can. And so if you have, if you can use multiple clouds, use Kubernetes. They certainly use the vault. Because let's face it, it's. Like we're not going to.

Have a machine identity provider anytime soon, so use the. Vault to vault your credentials and use database and Google Cloud query and. Everything that you can. In order to make your. Software as best as it can, and I'll take care of their security, at least from the identity path. That's really makes a lot of sense. Go. I'm sorry, Jeff. Well, I was just going to ask, so you've got this set up, like what's the information that

comes out of this? Like how do I use this to do all those things with the speed that I need to? So first of all, I think. That the best security products give you Peace of Mind. I think that when I installed I don't know like for example any Dr. in my company I. Had Peace of Mind that I think that my work. Workstations are secure, so I think that. A good security product? Not necessarily. Authorizing the background, but authorizing in a way that's not

by Lawson for the organization. So you do have a natural that you can look in, but I see like that we attach ourselves to your organizational. Workflows. Whether it's a ticketing system messing also our solution, I'll just send you all notifications via.

Select but first thing that. We do is when we build an inventory, you can see in one place all of the non human identity that you have, all of their entitlements, all of the authentication methods, the owners of those identities and the usage that. You do it on top of that inventory we provide. Multiple applications. Most popular application to start. With is to widow 6, you want to identify the top ten and most

critical identities. We like it to call it the most wanted like the ideally sheriff is coming to town and trying to like like to catch the the biggest seminar. So that's like the most. Wanted Bob and Dennis. Share 'cause that domain name taken 'cause that might be 1 you want to jump on next. We have we have something here. I'll follow up like right after. This recording and check that if that domain is available, I think that Jim is doing.

It right now, but. You know, not the point seeing us. So first of all, you want to reduce. Risk You want to identify the top 10 identities. That you have and delegate the the management. Of those problems to the teams that are responsible for them. Second part. Is to start going into a life cycle. Process. You want to be sustainable. It's impossible to or only like us, do fireside. You want to have a place. That you can track the recently created identities. They use that I that.

Machines and people. Do with not even identities? To track misuse. To identify compromise and the. Point that you need to rotate a credential or reduce. The. Permissions and eventually every software project become. Deprecated. You have tons of story state identities. And you could remove them just like by. Filtering out on our inventory. And start to deactivate those that are no longer in use, which is a big. Part. Of the non identify like in

organizations. So I'm curious, I just want to

ask a little more detail around the attribution part. How do you, how do you determine that responsibility or that ownership over an account? Are you, I guess how do you infer that? Is that secret sauce or is there something that that you can maybe explain how that works? Jeff, when you go to a. Magic show as the magician. How we got. The I do, but I should not be at a magic show for that very reason, yeah. So security should be we like like a lot of the the the.

Companies, people and the people that I work with are people are coming from backgrounds such as myself but are other times more talented and what we. Did is that we gathered a lot. Of know how from both detection response phase from people that are well in cybersecurity start-ups in Israel and try to create a team like the Power Rangers of not even identity security. And then use that method in order. To collect data from different sources, it could be infrastructures.

Called repositories it could. Be MDM and SSO activity. Logs. It could be the audit trail of the the services that you use. And network data and what not. Compile all of that. Data and use it into one model. That is the use the usage that is on top of the. Of the inventories and then use that that like identity timeline in order to. Identify. Both changes in the identity. And who was the originator of them? Like so who did that commit that eventually provisioned the telephone?

Or example or who? Click the button of getting an access key and then second part is the day-to-day use of accessing resources and identifying like the data attribution piece of what do you access, Why did you access that? From which workload or device did you do that?

So how do I, so I'm interested, right? I want to learn more about this. Is this something that are there videos or labs or something like that? Is it best kind of described in person? Like, what's the best way for people to actually see this in action? Yeah, I I think that most of that identity like the non human identity start today in organization. It's even from a lot of people.

I think that we as a company should provide more resources for people to see like even open source and stuff like that to start to see they're not in my identity. Fabric, but eventually it's best. To like to book a demo and to say it with on data that you that you want to check out and like. Pick a sandbox environment and now we would show you that there's. 50 times the amount, it's not an identity that you thought by just like scanning and integrating into iPad.

So I think that like, that's the best way to go. That sounds like a challenge, so I would encourage people go and go and take, take it up on that challenge. We'll put a link in our show notes so people can get to it again, easy website token dot security. Last question for you around this topic is, is the, is the idea of ROI right? People are investing money into security tools and they want to be able to show the ROI in it. How do your customers measure success with your product?

Yeah, that's a great question. I see that we found 3 metrics that empirically proved that the customer has succeeded. And that we agreed upon, but it's still. Like an area that we learn. So what are the those 3 metrics first of all? You want to be. Smart. Being smart is not putting yourself in trouble that you don't need to and just cutting all of the low hanging fruits and bringing them back home. So for example when we see a customer.

Deactivate all of its identities after 90 days of being stained. That's a very, very good. Sign of succeeding, of identifying like what's the biggest portion that I can take with the least? Amount of effort. So that's. One thought, second part. Our second metric is modernization. We like. To help our customers upgrade their non even identity stack we identify unser rated local identities. That said that like an anti pattern that has been. Around 4 years local.

Database. Users API kids that are. Maintained like only locally and so on. And we like to help our customers move from. An unser rated identity. To a Federated identity. Because I do think socialization is is key. It's not. Possible for? All the of the technologies because a lot of vendors didn't build the ability to. Use Federated. Access, but when we see the amount of fun Federated identities. Decline and the the identity. Start getting. More and more modern.

That's a very, very good sign for success. Last part. Is to take in a problem that everybody bashes the head in the wall. In order to to succeed in rotating a key, I think that the rotation period for keys in organization is much too long. I think that sense for example, public infrastructure, so between expiry dates. So we created a lot of efficient processes to make that work. And in non numenate entity you.

Don't have that because you don't want to crush production because you didn't change a certificate also. And So what I measure success with is whether I help my customers improve between 60 to 80 to 90%. Of the the median time. To otate a key. Did you like? Did you? Identify the owner that created that. Key, did that owner get all of? The data that they needed. About who is using that key and was the. Process operationally efficient. That's like evolved key metric

that we measure I think. That's gonna be very helpful for a lot of people trying to trying to figure things out for them. This has been very helpful, at least at least for me. I hope others got, you know, entertainment as well as education about this. Definitely visit the website token dot security. It's I mean, it looks and sounds like such a cool product. I'm I'm interested to learn more

as we go along with conversations, but we want to pivot the conversation here a little bit to something that's near and dear to my heart. And you mentioned it earlier in the show about online video games. So I'm a big online gamer. World of Warcraft is my current poison, if you want to call it that. I understand you also play online. What's what are you up to these days when it comes to online gaming? So I think that I moved in so

many. Different games because I think. That every game is good in its own way, but I think that I discovered. That my persona in online gaming. Has changed very, very dramatically. So I'll give an example. When I was much younger, I used to be very cautious. I also as a kid. And so I used to. Build this character of like. Majors. That are extremely powerful majors, but I took a lot. Of time to train that. Character and to build and so. Eventually. I used to spend a lot of time

building and then like. Going to to fight then. I reached the point in my life that I had so much. Like. So much things to do, but I just became the ultimate speedrunner. I'm just starting the game and like heading on all the way like to the. Harvest LA to the artist parties. And just trying to like die at the least that I can, but like do it as quickly as I can and just became a just a plain. Barbarian just running into. Into the battlefield, and today I'm in the perfect. Zen condition.

I became a bald, so bald is something that's like it's just like a comical relief of the RPG role that like is there doing baths and healing and what not, Because I just want to see people playing to be part of the the experience, but also like to know that there are people that would take in the monster and I would be there cheering them. So you're playing? This. That's how my yeah. Exactly that's how my online. Gaming persona change over

there. So it's interesting you mentioned the the Bard character. Not many games have a Bard character.

My first EverQuest character was a Bard and it was fantastic. It was the whole idea of like the support character and it kind of, you know, moved along over time. And it was very different from me in real life because I was not very outgoing and I was very kind of an introvert. But here I am playing this barge on, you know, EverQuest. I'm in raids. And if you're an old Everquester, you know, plane of fear and stuff like that, corpse runs that lasted like 48 hours. So I, it's similar.

It's I, I've kind of gone backwards from there. And now I am, you know, more of a Jack of all trades. So I'm basically mainly play a druid in World of Warcraft. I can kind of do everything. I'm into the paladin right now. So I'm getting into that, but I, I mix and I mix and match a little bit. I'm sure that we have lost Jim completely here 'cause Jim is not a gamer whatsoever.

I'm curious, Jim, when you hear when you hear me say, oh, Jeff was a barge or Edo was a Bard in this game, what do you think of what comes to your head? Leroy Jenkins. Yes. That's Will. Roll that for you, yeah. And I always say the easier than charge it into that Whelper room. I I know exactly where that took place and it it is absolutely what it was. Yep. Leon. Jenkins was. That's funny. Yeah, what was that? Leon Jenkins was Persona 2 for me.

Like the like the middle online used to speed on things all the time, Yeah. So Jeff, you're right, not a gamer, but I do appreciate the fact that, you know, you need to have some kind of escape. You know, you just can't like just work all the time or deal with like the stresses of life. You have to have something that takes you out of that for a little bit of time and provides some relaxation, show some entertainment. So hopefully the Identity Center podcast can be that for some people.

But if not then gaming I think is a pretty cool thing. So Jim, what kind of character would you want to play in a sort of an online role-playing game? Like what let's you know, let's help him out. Let's try to figure out what kind of class he might be like. What would you want to do? Look at him like this man is pure strength and power, like he's a classic. Billion all the way, right? Yeah. And they might have a soft sword inside, I don't know. Jim, what do you want to do you

want a tank? Do you want to be like the guy in front with the shield and the sword and sort of taking the brother damage? Do you want to be damaged? I'm I'm so I'm going to get the Holy Trinity here of of character glasses. But you've got the tank, the healer, the DPS, and you might say crowd control is a force out there, but we'll just call it that. What's your What do you have an affinity towards to? So I, I did play Dungeons and Dragons when I was a kid, right?

And that has you have your character with all the different strengths, like you could be charisma level 2 or strength level 5 or speed. And I always like to be like a good, yeah, right. But I always like to be like a, well, charisma, it's like a 2 out of 10, believe me. But as far as like, I wanted to have a character that was well balanced. And then the other one that was kind of like as far as I would go from a fantasy perspective

was sorcerer. So you could like throw spells on people that seemed like totally unrealistic. So. You mean that's not real magic? Throwing fireballs and frost bolts and all that. And stuff. I'm sure some people believe it's real. Ito, I'm thinking. He sounds to me an awful lot like a ranged caster type of sort of role. A magician, a mage, a sorcerer, a warlock, maybe something like that.

Look, as as long as everybody's playing and like getting their energy and they're into the right place, like do whatever you want. That's it, I'm down with that.

All right, why don't we go ahead and wrap it up there. We've solved so many problems today. We got into the machine identity and then we also figured out Jim's class when it comes to playing a a role-playing game. So mission accomplished as far as I'm concerned. Definitely want to encourage people go visit token dot security. It's first of all hats off Congrats. It's such a good website, so definitely encourage people to go check it out.

Loving the animations and stuff that you got on there. So good stuff. We'll have a link in our show notes to make it easy for people to find Ito. We'll also put a link to your LinkedIn profile. People have questions they want to reach out, you know, definitely take advantage of that. And then as far as Jim and I concerned, yeah. Visit us on the web, idacpodcast.com. We're on YouTube, idacpodcast.tv. And thanks, Token, for sponsoring this episode.

Thanks, Ito, for joining us. And we'll talk with everyone else and the next time. Thank you for hosting me, I had the best time. You've been listening to Identity at the Center. We hope you've enjoyed the show. Make sure to like, rate and review, and we'll be back soon. But in the meantime, hit the website at identity@thecenter.com. See you next time on Identity at the Center.