#375 - Mailbag for September 2025

This is identity at the center. Welcome to the Identity at the Center podcast. I'm Jeff, and that's Jim. Hey, Jim. Hey, Jeff, how are you? Oh, not so bad yourself. Doing great, man. We're doing a Jim and Jeff episode today, so that makes me happy. We have to hang out in person. It's been a while. We got a couple conferences coming up, so we'll get through a lot between now and the end of the year. And one other thing I wanted to

mention. So I while I was away for a couple days this week, I kind of fell behind on LinkedIn. But I finally caught up with things on the flight home last night and got some quick responses from people. So they're a few shout outs for people who let me know they listen and they really appreciate what we do. So Adam, oh, Siobhan, I'm going to mess names of, I'm sorry, Shubham Gharia and Alejandro Lowe Fresetti, if you guys are listening. Thank you for the notes.

I mean, Jeff, I don't know about you, but when I get notes that people listen and that they thank us for what we're doing in the, you know, for the identity space or they let me know, hey, I really enjoy the content or I'm learning a lot. I mean, it means so much to me. Yeah, it's very, it's very cool. I get those messages as well. What I find interesting is we don't get the same messages. So none of those people messaged

me, but I have other ones. So I look at my list here like people have emailed or sent me LinkedIn messages recently. Jonathan, Judy, Isabella, Jesse Sadaf, Andy Kojo. So yeah, it but it is very cool. Glad that people get something out of this, whether it's, you know, they enjoy it or they hate it and they hate listen or watch it, either way is fine. I never get to hate ones. I'm I'm glad about that. I mean, you know, LinkedIn people keep things pretty cordial. For the most part, yeah.

No, we've been pretty lucky. We've got to have a great community, which you've always said, right? The I am community is, is top notch as as I'll say so yeah. And that's pretty much what this episode's all about is we get questions a lot through our LinkedIn. So we get stuff, kind of queue them up and kind of save them up for a mailbag episode. And we'll kind of get through a bunch of these that listeners have sent out over the last probably at this point a couple months.

Because I think we had a couple earlier in this year and then we had a run of conferences and episodes associated with that and then guests and things like that. So this is another way for us to catch up on, you know, those kind of questions. Yeah, and you and I have been in this identity space for 20 years each. We've been consulting for over a decade and one thing I know about myself and I think you say this for you, Jeff, is we don't know everything, right? That's.

What you're going to be. I know everything man. Yeah, OK. That's why I said that in. Google really quickly I gave you. An I gave you an opportunity to be humble. But no, obviously you know that we don't know everything while we have guests come on most episodes, but we do our best. We're like the identity practitioners out there. We're, you know, in the battle together and we're going to go through our answers today doesn't mean they're they're right answers to these mailbag questions.

If anybody disagrees or really likes to answer, that's another reason to reach out or you know, we put all these episodes on YouTube. We thought about as as audio

podcast, right. We started as an audio podcast over six years ago, and most of our listener, most of our people who consume this podcast, our listeners, but we also produce a YouTube video for each one of these episodes that gives folks an opportunity to go out and comment on an episode, a particular episode, and ask question or say they like or disagree with a point. I'd finally encourage that.

I mean, I don't have a problem with somebody disagreeing with me. That's what it's all about.

Yeah, just be respectful, that's all. Stop putting a Bitcoin seed phrases that are obviously scams. I'm constantly policing those off of our off of our YouTube comments and stuff like that. So but yeah, you know, gives us an opportunity. So, you know, while you're listening and thinking about that, hit it, you know, hit that like and subscribe button too.

That obviously helps. You know, Jim and I grow the channel and the podcast and get great guests, which, you know, we've done an amazing job over the years. And you know, Jim, that's all you getting, getting really cool people to, you know, spend some of their time and, and their thoughts with us on the air. It's been a pretty easy job actually, because most of the folks I reach out to I it's become an easier and easier job over time because the podcast

has grown. In the early days, it was people like Darren Rolls, those people like Eve Mailer who agreed to come on this podcast that nobody knew about. So but it's still a big coordination effort, obviously. So I appreciate that, but we got some conferences coming up, we got some discount codes. We should probably at least acknowledge that and then jump into things. Yes, several conferences. See by the time people listen to this on, will it be Monday, the 22nd, I believe maybe it's 21st,

22nd. I think the Philadelphia Cyber Security Summit will be on later in the week. So that's Thursday and I will be there. So I'm I think I'm moderating a panel. I'm not quite sure yet, but I believe I will be and so I hope to see some folks out there. I know a couple people who will be there, but feel free to use this discount codes free get you in. It's a pretty cool conference.

So this will be my third one third city that I've done this year did Raleigh did Chicago a couple weeks ago, Raleigh a couple weeks before that and then kind of closing out that series for me, at least in Philly, but it's a pretty well run conference. It's a few 100 people.

So it's kind of like the right size to actually meet people, have conversations and because it's local in a specific, you know, city, you meet people in your space that are in, you know, your kind of region and makes a little bit easier to form connections and things like that. So OK, forward to that and let's see after that. I'm actually going to be at sale point navigate conference, not this coming week, but I guess the following week, so you can

look for me there. I'll be there as part of the RSM contingent, which everybody, well, not everybody knows, everybody thinks we do the podcast is our full time jobs. That's absolutely not the truth. That is our night and weekend job. By day we work for RSM as I am consultants, so helping people solve their digital identity security problems. But I'll be there for the sale point conference, probably somewhere around a booth. I think I'm also running a, a newer game show that we have not

tried before. So it'll be kind of a test bed for that. So if you're a listener, you know, come stop by the RSM session at Cell Point Navigates. Let's see. Authenticate with Fido Alliance is coming up. So we're going to do Fido Feud rematch. So you're going to take on Megan again, I'm not sure if you guys have figured out teammates yet,

but I know that there was a lot of people who expressed interest when it was time to register for Authenticate. So the Fight Alliance is a time to keep track of that. And we've been working with Megan and Adrian and obviously yourself to figure out OK, of the pool of people who express interest. Who do you want to get on stage and be part of that? I'm going to be the neutral party. I am the host.

I'm the Steve Hardy without the long jacket or the mustache, but I'll be coordinating it. Adrian and I are working on the questions. So if you have not yet seen the survey that went out from the Fight Alliance, I also put it into the IT Pro conferences or maybe it was a general channel. There is either way that people can submit answers. So the questions are out there, but the only people who can see the answers are myself and Adrian for the Fight Alliance.

So she and I are coordinating to make sure that, you know, this is a a fair game, Jim, so that there's no cheating, no allegations, nothing like that. Well, unlike, unlike last year, right, So. There wasn't cheating last year. There was interpretation of answers that were maybe suspect, but I'm. Going to give you my, my view of things, right? I didn't feel like last year was fair, but that was fun because last year really didn't count. Last year was more of like a trial run.

This year, this is the first official year. So we'll see who wins this year. I think it's going to be team IDAC because this year is going to be completely fair. It's going to be heads up Team IDAC versus team Fido. And I mean, we know it's going to happen, right? I mean, I hope I know what happened. You're representing IDSC, so definitely need a better showing than than last year. Look, in Megan's defense, she

walked away with the tiniest trophies we've ever seen. So her team has those. So we'll see. I I love the snack talk, though. So Megan, if you're watching under listening, you know, feel free to respond comments below or maybe something I'll link to him. Maybe we can, you know, draw up some healthy competition was put that way. You know, I, I think the biggest thing that I wanted to throw out, so I knew you were going to talk about one more conference coming up with Zimfosec World.

We really appreciate all of the partnership that all these groups putting on these conferences have shown us, especially, you know, the CRA with the, all the conferences

you mentioned, plus all the ones that are coming up. I mean, it's another thing that's going on with the conference or I'm sorry with the podcast that, you know, it's the listeners, it's the guests, it's the partnership with different conference organizers. Like we've pulled all this together and it's it's all four of the listeners really. That's why we do it. But it wouldn't be able to happen without this partnership. So definitely grateful for all

of that. Yeah, shout out to especially Shirley at the CRA and Adrian at Final Alliance. Those two have been really fun to work with. And you know, the other reasons why we do fun things at conferences, I'll be honest, I don't really want to give a talk an identity. I feel like there's a lot of that already. I would much rather have a good time and sort of, you know, be a little bit more on the entertainment side and, you know, try to relax and make the

conference something fun. And, you know, both Adrian and Shirley have been awesome work with, they've both been really open to new ideas, right, game shows and things like that. So plus they're just fun people and, you know, great to work with. So shout out to Shirley and shout out to Adrian. You know, we've all been all

about the edutainment. There can be plenty of education that you know, the, the folks are showing at the these conferences and giving the presentations, whether it's success stories or new ideas around architectures or trending topics, they, they know them better than we do. And so you're getting plenty of education. So our sessions are more the entertainment variety.

More of a pulse of of the people type thing, you know, what are people thinking with the different, you know, game shows that we've done and surveys and things like that. So they're fun. I like to do them. We'll do them when we until we get told we can't do them anymore and then we'll figure something else out from there.

But you know, next thing you know, we'll have a Netflix special, you know, IDAC, you know, after dark and it'll be kind of like that midnight game show where it's just, you know, people pontificating and making jokes. But yes, Speaking of CRA, Infosec World 2025, that's coming up at the I believe it's the end of October that is in Orlando. So we'll be there and recording some episodes very similar to like Ideniverse. I have not been to that conference.

I'm looking forward to it. I think it's more broader, obviously information security, but guess what I am as part of that world. So we're going to be there. So I hope people come and check it out. We got identifiers after that in DC, so be there for that as well. That is in November. And then I think closing off our conference Circuit of the year with Gartner and the IM Summit in Grapevine, TX.

So we met with our friend Rebecca a little earlier today to kind of game plan through, you know, the game that we're going to run there and that's going to be a fun one. So lots of conferences, lots of different things are going on. I didn't mention discount codes because they're hard to remember what spot. But if you just remember one thing I DAC podcast.com, just Scroll down. Everything that I have that's available is going to be down there at the Gartner 1 is not up yet.

I think that one becomes available in October. So once October rolls around, there'll be a Gartner one edit as well. But check it out. Great way to show support the show and show that we can, you know, have a good time and bring people to conferences and and meet all the friendly faces that we, you know, see us still images on LinkedIn and teams and other different things that

happen. Yeah, I was at a meeting this week and kind of saw saw some people that I've been meeting with in Teams. And then there's one person I met who, you know, I've been on punny teams calls with and he was like 6-7. And I was like, whoa, I didn't realize you were that tall. You're talking about our friend Dan. Yes. Everybody has the same height on on a team's window. And then you get into real life, like, OK, wow, I didn't realize Jeff was that short or, you know, Jim was that tall.

I'm not. I'm not really that tall. Yeah, you're what, 6/2? Yeah, yeah, look, everyone is tall when you're 5-6 like me so well, Dan. Dan's like 6-7. Yeah, no, Dan was great.

Very tall guy. Yeah, he's an awesome guy too. Yeah, so we did an episode with him not too long ago, Dan Lauritsen, part of our series with RSM and so go back and check that out. But that's very cool to see people like that in in, in real life and and get their autographs for being on the podcast, which is fun. All right, let's get into a mailbag. We got a bunch of questions from people literally around the

world. So again, if people have questions or they just want our thoughts on something, send them to us on LinkedIn, drop us an e-mail, drop us a contact form thing on our website. We try to queue these up from time to time. The more we get and as we get gaps in our schedule where we can address them, you know, that's kind of where this is at. So now with no more further ado, let's get Jim's $0.02 on a couple of these questions.

I'll read off the questions, Jim, and then you give me your thoughts on it and then if I have anything to add, I will and we'll just kind of go through it that way. Is that cool sounds? Good. Yeah, I'll do it. OK. So first up, this is Matt in Maine. He knows who he is. I know who. He is right. How does a successful IM program engage the broader IT department regarding key concepts?

So, additional context here. I recently volunteered to do a short presentation in an architect forum on what SSO is and how it works. This is the result of having a conversation with a software architect who recommended to a software owner that she worked with me to set up SSO on work day. We've had SSO set up on work day since we acquired it seven years ago, and this architect logs into it weekly like everyone else. Wow, a lot of context right there.

That is a lot of context. Matt and I went back and forth and noticed. I'm not going to cut a keynote, get into all the nitty gritty details.

But I guess before I even answer my first question is I'm not sure if the person is an architect if they're not clear on what SSO is. And the fact that they were logging into it already and had been for seven years apparently leads me to kind of wonder if there is some more education that needs to be done around identity and access management and maybe just general IT architecture networking.

I'm not sure what it is, but what are your thoughts on how does the successful IM program engage the broader IT department regarding key concepts when it comes to identity? So hey, Matt, glad to get your question. And I think the first thing it kind of goes to the point you were making, Jeff, which is that, you know, Matt said I'm doing a presentation through the IT department.

So we shouldn't start off with the assumption that because you're in the IT department, you know how everything works. Like you could be a software person, you could be a network person, you could be a mainframe person, you could be, make this a mainframe architect and he could run us in circles when it comes to mainframe architecture. And he really doesn't care who about he or she doesn't care who about, you know, single sign on.

Having said that, you know, I, I think you need to start with some of the basics, you know, kind of like educating people on what is the business value of single sign on. I remember we used to run into questions early on in the single sign on days like, OK, isn't it worse to give people one username password to 100 systems than 100 username and passwords? Because if they lose 1, the blaster is is limited to that one system. I think the it's kind of like a

psychology thing. If you have to manage 100 usernames and passwords, you're probably using, you know, the same username password across multiple systems and your ability to kind of provide all of the features that you need in a holistic IM program like monitoring, like use your life cycle management, like having the right authentication policies and the ability to enforce them. Those things probably go out the window for most of those 100

users and passwords. So it's kind of like here's why single sign on is good. Let me think, there are multiple forms of single sign on. There's Samuel single sign on and there is Oauth 2 or open ID single sign on. So there's a browser based set of redirections. So if you're starting to get into like application architecture and kind of how these things manifest, whether it's like browser based or there's some back end token sharing happening, I think that's a a big part of that

explanation. I just, you know, it depends on who you're speaking to and as you start to whittle down that field to a smaller group, that's where you start getting into the specific details. If you're talking to a big large audience, you have to kind of keep it. I think even like a big large audience who is quote UN quote IT, you need to keep it at A at a business level to start your thoughts. I think this is an excellent

example of sometimes we take people in knowledge for granted in the IM space, especially when you get surrounded into IT at large. Look, not everybody knows identity and that's fine, right? I think that's something that we all need to think about is how do we educate and inform other people in the organization as to what they're working on, stuff

like that. So for sure, you know, I maybe I was a little bit rough, like how does this person become anarchy step without knowing SSO is I guess there's a possibility there, but it's also a good reminder to say, OK, what has the IAM program done to inform IT, whatever that looks like as to what the IAM program has been doing, what its capabilities are, what it's, you know, different features and functionalities that have been rolled out so that they can, you

know, be part of that messaging as well. I think we focus a lot on end user training and making sure the end user understands it. There's probably a really significant Gray area when it comes to IT training for identity and access management concepts, features and functionalities and things like that. So I think it's a good opportunity to say, OK, we noticed the gap here. How do we address it?

Is it, you know, something where we need to have more conversations with, you know, I'll call it IT in parentheses or quotation Marks and making sure they understand what are the different capabilities that the OEM program has and, and things like that. So I try to look at from the aspect of, yeah, OK, what, what did we miss here and how do we make sure that we account for that next time? Yeah. I mean, there's all kinds of goals that could come out of why you're doing that presentation

in the 1st place. One of the goals might be you need to stop doing this shadow IT thing. Setting up applications that are completely outside of the the realm of our single sign on are completely outside the realm of how we do identity access management, logging in, monitoring. You know, people understand like why we use centralized single sign on multi factor

authentication. It may start to add up that hey, if I go out and set up a sales force account with my credit card, that is not a good thing for the following reasons. I mean, that's just smacking with policy. Don't, don't go sign up for stuff that you're not prepared to support, because we all know that they're going to continue to do that. They're they're never going to sign up for a service and then you ask for IT to help them out down the road. That would never happen in the

real world, would it? Yeah, right. All right, So hopefully, I know that was actually several months back that Matt had sent that. So he and I conversed and hopefully that helps Matt, you know, going forward. Let's get to the next one here. Amara in India asks what are the key factors that influence an individual's trust in a new digital identity system? And what can governments or organizations do to encourage wider adoption without being

overly intrusive? You. Know you could go. First, good luck SO. No, I, I know Amara too. And so I don't really know her personally, but I know her from LinkedIn. I think a big part of building trust, it's just like any other part of human interaction. It's, you know, trust is earned. So it does build over time. But I think they're kind of like some fundamental concepts within identity or within technology in general that help you earn trust.

And one of the first things is privacy, like knowing where your personal data is going to end up. Does the organization have a privacy statement? Is it clear? Or is it one of those 20 page documents like we can sell your information to third parties And so it's the privacy, but it's also how you communicate it.

And then I think one thing that maybe takes that to the next level because that's like a big area in the, a big topic in the area of customer identity and access management is privacy and consent. So it's also the consent of saying, here's the data that I'm OK that you share, but I also have the ability to say forget me. So a lot of the things that we saw driven in GDPR are still very important and very relevant.

Whether you need to be in compliance with GDPR or not, you'll be thinking about what were the drivers that that influence the design of GDPR. And it's like what people expect and why do people expect those things and how do those influence whether or not you're going to have trust for the organization? Now I also think, now let me bolt on something to that, which is if you do suffer A breach and many organizations do suffer a breach, how do those things get

handled afterwards? Do you try to cover it up or do you, are you very transparent with your users and with the public in terms of what happened and what you're doing to rectify the situation? And for me, when I see that there's a cover up or it's a couple days, so there's any kind of communication, if people are left in the dark, I think that I start losing trust for that organization.

Well, you have to be careful about the word cover up because that implies that there is some sort of, you know, conspiracy that might be taking place. I think this is an area that a lot of organizations struggle with is how do you report on a breach? Frankly, most suck at it. They're just not good. They either wait too long or they share incomplete information or they share information so quickly that the information is made incorrect.

When they shared it, they might have thought it was correct at the time, but things change. And so I think breach response and breach communications are one part of it. But it comes down to the trust. I don't know if we'll ever fully solve it. Just to be honest with you. Like, I don't think we will ever fully solve it because they're the concept of privacy does not exist in every society, in every

country around the world. I don't know what it's like in India, if that's specifically, you know, what she's asking for. I don't know, you know specifically what they're working on. But at any I can point to the US as a reference at any given .50% of the population is for the government and 50% is against it. So and it doesn't matter who's in charge. So that idea of trusts becomes OK, well, who do you trust and

why? And I just don't know if we will ever get to the point where, you know, maybe trust is too loaded of a word. You know, maybe it's more like tolerate because I need it for, you know, a passport or a driver's license or some other piece of information. But I don't know if I don't know if there is really a spot where we get to the point where like all of our identity data is in

the hands of 1 area. I think we're more headed to more of a Federated model where some bits of information are spread out a bunch of different, you know, networks, whether they're decentralized or not, that's a whole other bottle wax. But I, I, I don't know other than, you know, if you're, if you're talking about internally an organization, how do you build trust? If you make promises or make commitments, do them, right? If you're going to miss dates or

whatever, communicate it, right? Don't, don't say I'm going to go build something and then forget about it. Or don't ask for feedback. Or if you get feedback, you don't consider it after you ask for it, right? I think this is just being what I would call just a decent human being and say if you're going to do something, do they do I trust that Jim is going to go off and do the thing that he's in charge of? I mean, yes, I hope so, right?

But the same time now, Jim, it's on you as the person that's being trusted to do that. You've got to deliver if it's something you can handle by yourself, awesome, great. You have less dependencies the vast majority of the time. Now you're going to depend on other people. So now you've got other people that you're trusting to get their part done so you can get your part done to make part of a bigger thing, right? That's going to go out.

So, you know, I think there's, it's a little bit bloated question, but that's kind of what I was thinking about when we said the word trust was like, oh, that's, that's a tough one. It's a. Tough one. I think, you know, your mind went directly to the government situation. I think primarily the federal government. It's just there's a history of like, you know, distrust of the federal government that goes

back long before our time. But I think when you think about, and I'm not saying, I'm not saying that in any way to damn people who work for the federal government. So let me make that clear. It's just, I think it's a fact of life in the USI think when you think about that same mindset to your local governments or your healthcare provider or big tech or other companies that you trust with your information, the context changes. And I think transparency is a big thing.

I think what's happening with your private data is a big thing. And I think how you handle an incident, if one does occur, it'd be a very big thing as well. Oh, for sure. I think it's a hard question to answer, yeah. It's hard question the. Idealist in me is, yes, at some point we'll figure out and get past all this because the benefits will be there that outweigh all the negatives. And I think that's also part of the wider adoption. Part of the question is why should I use this thing,

whatever this thing is, right? Whether it's a product, whether it's something an identity rolling out, whether it's an identity program is standing up. Why? Why do I need this? Because that's the first question anyone's going to have is OK, cool. Like what does this do for me? And so I think you need to have your messaging and understand, are you delivering something that the organization both needs and wants?

Because if they don't want it, they're going to find ways around whatever policies, whatever capabilities should put in place. So I think you really need to think about, you know, the, what is your target market look like? And are you delivering a product, in this case most likely an IM product that people actually want to consume and

use? Yeah. You know, I'm also wondering, you know, if part of what Amara was getting at was decentralized identity, because I think in a lot of people's mind, that's the solution of owning your own identity and just allowing the attributes that you want to share with any given organization to be shared. My worry is that it starts getting to the point where it's like, just like it is today with all these cookie policies.

Like you go to pay your electric bill and it's like you accept the cookies or you don't and eat it all. Day long. So that's the option that's. Your cookie policy, right, Right. Yeah. Yes, you're right. I, and some of this too, again, goes back to trusts. I picked on the government because I think that's the the easiest target, at least for me to think about. But the same applies to any social network. It applies to education, applies to healthcare, applies to

finance. That's why I don't think it's going to end up being like 1. And I hate to use the word, the B word, but one blockchain, 1 decentralized identity, one decentralized Ledger, let's call it, right, that stores with us. I think we're going to end up with several and you're going to trust certain ledgers with certain pieces of data, but I find it highly unlikely that there will be 1 Ledger to sort of rule them all if you want to take a, a token reference to

that one. And so no, go ahead. I was. Going to say, I think you used a great example there with social media slash big tech and I think that certain companies have over time damaged their reputation in terms of your privacy so much that rebuilding trust they happen to rebuilt trust it's and there's others that I think have

done a better job over time. And I'm not going to name names, but because I suppose the one with the e-mail that's going to come from it. But I think that look, once you damage trust, it takes a long time to rebuild it.

And if you really damage it, the words like you're selling people's private information out the back door, that's really hard to make up from it. So I think being very clear about what you're doing with people's data and giving them the ability to opt out of that, it is just fundamentally key. Yeah. And then? Do you trust that when you click that box that says don't sell my data, they're actually honoring it? Well then. Yeah, yeah.

But if there's. One way to be overly intrusive, it's to do things with people's data that they that they didn't sign up for that they're not aware of. So good luck tomorrow. I, I don't know if that helped or not. I feel like we both got a little bit of soapbox there. But, you know, the, the idea of trust and getting things rolled out is, is challenging.

And I'm going to focus my answer back more on like, if you're in an enterprise Oregon organization, you're trying to roll something out, then, you know, deliver on your commitments. Yeah. OK, so let's get to the next question. This one is from Sophie in France. For a country or a large organization looking to launch a new digital identity program, what are the most common practical challenges they will face in the first year?

How can they plan for and address issues like technical integration with legacy systems, managing data migration, and ensuring the system can scale to millions of users? OK, so millions of users. That's a very large organization. Or maybe this is a customer solution, but where do you want to start with that one?

You know, again, I'm not sure if this is going to be the specific answer that Sophie's looking for, but when I think about launching a new IM program or initiative, I think of a couple things. One is being the picture of where you're wanting to go, like what is the vision? What is it that you're trying to accomplish? So kind of making sure all that is architected out at whatever level you can and making sure that you're communicating that

effectively to your stakeholders. They test number one, I think #2 is kind of what goes along with that, which is getting stakeholder alignment because you're going to have to, you know, rank an IM program. This isn't 4050 years ago where things slowed from the top down. Organizations are much more organized and kind of a matrix type organization. So you really can't get anything done of significance on your own. You need to have buy in, you need to work with others.

So getting that buy in kind of building that, in other words, the politics of it all. And then the the last thing is like when you start to shift into execution, I don't think having like a Big Bang phase one approach is the right approach anymore. I think it's kind of like you have to design around getting into production with something.

I think it's that you have to get these, what do you call it, like small wins or low hanging fruit people like to call it, it's not always the easiest thing and you just go after the easiest low hanging fruit thing. You know, that sometimes is the right move because you have to start earning some St. tread.

So kind of what I did was when I was, you know, prior to my consulting days, my first IM program, I had to, I had some very skeptical application owners that said, all right, well, you know, we might turn over authentication to you, but we're not willing to turn over authorization. We still consider that to be part of the application.

And as you know, like authentication, authorization, IM tools are designed to handle that as kind of core sweet spot and kind of delegating that out to every application to be a snowflake is not really the best approach. But if you say, all right, well, I'm going to accept this skepticism and I'm going to be really successful at launching authentication, you start to build, you know, the word from the last question, trust with those stakeholders.

And now you can kind of leverage that trust to say, all right, let's keep going. Let's kind of go for that big vision that we've been talking about and kind of targeting from the very beginning. So those are my initial thoughts. Yeah, I think there's a lot that can go wrong and it will go wrong.

And so be ready for that, especially in your first years, you're getting something rolled out is be flexible and build in time or capabilities or ideally both to address all the things that you didn't think of when I say you, meaning the organization, the program, whatever that looks like. When it comes to rolling this out, there will be things that will come up, they will come up early, they will come up in the middle and they will come up right before you launch.

So be ready for it. And then I think, you know, the politics of getting things rolled out is also challenge. You need to get buying and support from a lot of different people in the organization to get things done, whether it's scope, whether it's getting applications integrated into your into your platform, you know, whether it is, you know, different data pieces that you want to pull in, right? All that stuff requires partnership with other parts of

the organization to get that. And so, yeah, you've got to build trust. It can't just be, you show up and say here, I need this data and they're going to give it to you. They wouldn't be doing their jobs if they didn't question, well, what do you need this for? Why are you using it? What are you doing with it? And how are you going to protect my user experience and my users to make sure that my system doesn't break all valid questions, right? So you've got to be able to

address, you know, all of that. Yeah. And if your response is those aren't your users, those are the organization users, you're missing the point. The point is like you don't want to be fighting with everybody. You need to kind of as much as possible build alliances with the folks that, hey, maybe they're giving you a hard time. This is really, I think we say, you know, anybody, you can come from any background, then be an IM program manager.

But I think the people who make good IAM program managers realize that, you know, just because they don't get along with somebody doesn't mean I've got to fight them to, you know, get them to do what they should be doing or do what's right. Put the organization goals in mind and what you have to accomplish. And if sometimes you have to bite your tongue, then that's just the way it is.

Yeah, I mean, you can go and fight everybody if you want, but real hard time, first of all, making any friends and getting anything done. So find, you know, areas that you can align on and honestly address the questions that come up. I think it's the other thing too, before you're not going to have all the answers. That'll be part of the things that you miss as you go through this. It happens to everybody. It's a lesson learned for next time.

And you add that to your checklist for the next time. And then they'll be new things. You add those to the checklist, Jim and I have like a 15 step checklist just for recording this podcast because each thing on that on that checklist, something has happened to cause it to be on there. I joke with our guests. It's like the the the warning on the shampoo bottle that says don't drink shampoo, right? Jim's holding up his Airpods case are very early episodes.

He was constantly flicking his, his Airpods, you know, the case and it was driving me crazy. And so there was a line at him. Jim, throw your iPods case across the room so it doesn't tempt you, right Though it's OK to get smarter. It's OK to get better. And I think recognize that you don't have all the answers. There will be things that are not able to be answered and that's OK.

Just make sure that you understand that and you can you have viable alternatives or plans you can work around with it. OK, next question. We got two more here, Jonas. In Germany, in many parts of the world, a significant portion of the population doesn't have a smartphone or reliable Internet access. How can digital identity systems be designed to serve these offline populations, ensuring that digital inclusion doesn't become a barrier to accessing essential services like

healthcare or banking? Another good one. Thanks, Jonas. Jim, where do you want to start with that one? People don't have access. By the way, these questions have been fantastic. I think it's a very real issue, and I think it's even a more real issue for governments. You know, Jeff, I think a lot of

times when we're working with science, like, oh, there's some small percentage of the population that doesn't have smartphones and we usually come up with like a small workaround. I read an article recently about I think it was, well I'm not sure what nation it was in, but it was somewhere in Africa and it was actually mentioned that a lot of the citizenry.

Chooses to have flip phones rather than smartphones because of the power consumption and they can keep a, a flip phone active for like a week on one charge. So it's a, it's a big thing. There's also scenarios I think that we've learned about where they're like clean rooms or things like prisons where folks can't bring in soft tokens. So I think one thing is that, so it's like sizing up what is your

issue? Is it that one 2% of your user population is a much larger, you know, I'm not, I'm not going to sit here and make a case for multi factor authentication using SMS. But I do think multi factor authentication using SMS for say medium risk type access, medium assurance use cases is something that could be considered. So for example, if the data that you are securing is only your data, right? So in other words, there's no privilege access going on. I think an SMS might in some

cases. It obviously depends on what that data is, but the overall risk of that access, the overall requirement for assurance of who's logging in. You could go for a lower assurance use case and a lower assurance form of authentication. If you have a very small user population with higher risk access, consider using heart tokens, UV keys, or some other form of heart token like an RSA token, something like that. But I, you know, I think those are probably some of the, the

key scenarios. Like are you looking at a large user population that doesn't have smartphones where you can do soft tokens and authenticator apps? Or are you looking at a very large, a very large group or a very small group? And what is the requirement for the level of assurance? Are these privileged administrators? Are these people who have access to a lot of data, such as data, or are they just accessing their own data? Maybe it's a rewards program,

something like that. Hey, SMS is probably going to work. And by the way, SMS works on flip phones as well. So those are some of the thoughts that come to my mind. I don't have a good answer for this because the last I checked and I did some research on this actually from a stats perspective to see about let's see, 1/3 of the world's population does not have Internet access. So roughly 2.6 to 2.7 billion.

And these are stats from bank myself and Statista or Statista, I'm not sure how you pronounce the website. So I kind of looked at this, but basically a third of people do not have Internet access. So if I don't have Internet access, how do I do anything in today's world and not get left behind? That is the billion dollar question because I think this is something we also discussed in Germany when we're at EIC earlier this year.

One of our podcast, and I don't remember exactly where it came up in those conversations, but was how do you connect the unconnected and cell phone? Sure. I think the stat I saw was like 88% of the people have a cell phone doesn't really differentiate between a smartphone and a dumb phone as we'll call it. So there is a lot of work to go there.

I don't think it's viable to say, well, I'm just going to ship on Ubikey like that doesn't make sense to do what they don't have a computer going to deal with that Ubikey right. So I think I think it's a real problem The the answer I I don't know what it is. I, I don't know if I have a good answer for Jonas here because it's, it's a question that I see answered and I'd love to hear from anybody who has ideas on

this. I think there was a project called Worldcoin or something like that where Sam Altman had some sort of like retinal eye scanner thing that he was sending to all different cities around the world to do some sort of like in person identity verification. I don't know enough about it, but it seemed to me like that

wasn't a good solution. So I don't know what the answer is If you, if I don't have Internet and I and I don't have a phone, you know, you know, I'm going to get, they're going to get. I just jumped to scenarios. Here, which is that you do have Internet, but I mean it's a good question like where, what is your Internet access? Is it your flip phone? Is it like kind of a browser? And do you remember going into the browser on your flip phone

when flip phones were evolving? It was pretty rough. You had to hit the five key like 3 times to get to the third letter on that button. Yeah, A. Little T9 predictive text. I mean, you're talking to wrong person with that because, you know, I rocked Windows Mobile way, way back in the day. So, you know, before that we had Palm and stuff like that. But you're totally right. And I would argue probably the vast majority of people don't have computers. They probably only access the

Internet on their phone and. And if. They don't have a a relatively modern smartphone and I'd I'd say you know something that's running either iOS or most likely Android because iOS is mostly AUS thing. Most people are running an Android phone of some sort. They may be several years out of date then they may not have all

the security patches. They may be prone to all sorts of backdoors and things that get left behind even from the OS makers where they just say, yeah, it's been 7 years of updates, It's been five years of updates. We just, we're not going to patch those anymore. And so that leaves not only a, a, a large percentage of the population with extremely limited functionality from an access standpoint, they don't have the latest security

patches. And so they are ripe for, you know, a lot of problems and, and people take advantage of them. Yeah, One thing that came to mind is we're talking about people don't have the Internet access was maybe kiosk is part of the answer, but it's it's all part of the answer, right. It's the identity practitioners on the ground of, or technology practitioners really even more broadly, solving these problems.

Shout out to them because you have to take all these parts and pieces and wire together what your solution is going to be. And it may not be perfect. I will say that, you know, when you're a government trying to address the population, you, you're always striving for as perfect as it can be, as inclusive as it can be, leaving out large segments of your population is not, not fair, right? And so, and I don't say that to not the people who are coming up

with these solutions. Obviously they're doing their best, but that is the challenge. Yeah, I think it's, you know, this is the word inclusion comes in. It's like how do you design systems that are inclusive of as many people as possible for the people who can't be included? What are the organization's governments, whatever that looks like, doing to bring those people with them? Because I'm sure it doesn't make sense.

Like if I was building on a system and say, OK, well, we're always going to have 1/3 of our population never able to use this product like that is that sounds stupid to me. Like from a from like even just on making money, capitalistic kind of approach. But even from a coverage of the government, supposed to be government of all the people. What are you doing to bring that third up to at least some level of parity to be able to access a service?

Because if I don't do that, the other 2/3 of my audience are never going to reap the full benefit of a 100% solution or a solution as more people take advantage of it. You know, we look at mobile driver's license, for example, here in the US we're what a decade it feels like into this.

And I, I think it's only what 1415 states that have it only 35 or whatever more to go. So it means we're still decades away from that because not everybody has gotten on board of supporting that, you know, that concept. So I think it's AI think it's multi pronged approach. I think we need a ton of solutions, but I also need to think we look at the problems say, OK, why don't these populations have Internet access?

What are we doing to give them some level of access so they can access resources for people who don't have cell phones or have older cell phones? What are we doing to either replace or update those phones, whatever. And hey, this all comes down to money and taxes and that makes everyone really happy all the time. So I'll just leave it at that point. But there are so many factors here that it's it's it's almost impossible for me to even have a coherent thought about it.

Do you have a digital driver's license right now? Nope. Not available in North Carolina. When I was at the airport yesterday, I saw a lot of people using them and I had technology envy big time. Yeah, I mean, and look, I'm a nerd. I want as much things, you know, as I can digitize as much as possible. I don't write anything down. Everything is notes that I type. I can type that so that I can write. So I'm with that.

You know, we, we had the REAL ID here in the US you know, that theoretically was supposed to launch in May when we were at EIC. And, you know, that's been postponed several times because we've only had 20 years to get that right. And we still haven't figured out how to do that. And at least here in North Carolina, you know, trying to get an appointment with the DMV

takes literally months. And of course, if you're the kind of person to waste the last second to get anything done, yeah, Now you can't board a plane because you have a reality. So they've actually like relaxed restrictions because we don't have our, you know what together to support that. OK, I'm going to get off my soapbox in that one because I'm starting to get angry. Rachel, in Canada, this is the last one. Oh, this won't be controversial at all.

Biometric data like fingerprints or facial scans is often used in digital identity systems because it's so unique. What are the fundamental pros and cons of using biometrics for identity verification? And what are the main security considerations organizations must address when storing this kind of sensitive data? OK, biometrics, not controversial at all. How do you want to respond to Rachel? Well, if she asks about the pros and cons, I think the pros are increased security, increased

convenience. I love using fingerprint on, you know, rather than having to type in the password. And I think it's more more secure than relying just on passwords. I think the risks are, you know, if that data were to fall into the wrong hands risk that, you know, you're being surveilled. I think those are some of the key risks. You know, I think that the best practices for managing it well, one thing is it could keep the the biometrics on the device rather than uploading it to use

some kind of central server. So you see a lot of solutions keeping the biometric on the device and then communicating to the back end with some secure channel. I think that if you do have to put it on the security channel now you're very dependent on that organization doing a good job of securing your biometric data. So you're hoping that they're doing something like tokenizing it and things like that. So high level response to that

question is a good question. I mean, it's, you know, you see it propping up more and more every day. And I think that it's got, it's getting to the point it's like, well, you know, it's definitely a train that is too far out of the gate to stop. I think that's a good thing. But I think these questions on, you know, how secure is my data, They're just completely legitimate questions. Yeah. It seems kind of like a running theme here with some of these questions is trust.

Do you trust wherever the state is being stored? Look, I like biometrics. I think it's a great technology, a great solution. It's easy. It's, you know, you, you can't forget your face as much as maybe I might want to. Your face is with you all the time. Or your fingerprint, right? Or your voice or whatever that may be. Is it perfect? No, of course not. Nothing is. But is it better than, you know, a password? Heck yeah.

I mean, how many people want to keep remembering passwords or have to change them or have to use upper or lower and then you, you know, have all the different problems with that. So there is an obvious Bennett to biometrics with the assumption that the biometric data is being processed and stored securely and that there is some transparency how it's being used. Again, it's your data. So what happens if your face gets stolen?

I can't really go change my face as much as I want to, you know, this is this is it. So if that biometric data becomes compromised somehow and someone's able to duplicate it, whether it's, you know, figure out how to unencrypt the information or whatever it may be, that's a real problem. And we need to have some ideas around how do we make sure that, you know, there's some, some indicator somewhere that says, you know, Jeff's face is compromised in more ways than

one, right? So how do we, you know, how do you address those sorts of things? Same thing with fingerprints. You know, voices can be altered, right? All that stuff. So it's a very sticky situation. I think in the end, benefits are good and it gun comes down to trust. Yeah, If you put everything to a centralized database and then that centralized database gets breached, what are you going to do? Add?

To it, this whole new concern, which is that of deep fakes, I can, you know, create an AI avatar of your face, of your voice, maybe not your thumbprint, but you can see this is a big time concern. Then quantum computing. How's that going to affect it? One thing I would say is like, you know, you and I are very good about talking about these topics and more or less the abstract.

We have the sponsors spotlight episodes where our partners, our, you know, technology vendors come in to talk about their specific solution, how they solve these problems. And we try to keep those episodes educational on, Hey, here's the the topic in the industry, as well as giving the opportunity for our sponsors to talk about how they solve that specific problem with their technology. We also try to keep some entertaining as well.

So I'd say if you've kind of heard any of the topics today, if you're coming from a technology vendor and you're like, guys, you need to talk about you fill in the blank, reach out to us. You know, we we should talk about the sponsor spotlight episodes, but none of what we talked about so far has been sponsored. Yeah, I almost sound like a like that was a shameless plug there

for more sponsors. But there are a lot of options in this space and you just, there's no silver bullet, you know, as of at least September and recording September 19th of 2025, there's a lot of really good options. And I think layering those options is the approach here to make sure that you try to get as many people involved as possible served in one way or another with whatever capability makes

the most sense. And just understand and know that you're not going to be able to get everybody. And then, you know, some of it is going to be under control. Like, I can't solve every single problem in the world as much as I want to. There are other things that need to happen to make that, you know, to make that problem become something that is solvable. And it may take days, months, years, decades, lifetimes, you know, but we see that. But progress marches on.

Sometimes it doesn't move as quickly as we want it to, but it does move on. And you know, hopefully people can can take some sort of solace in that. I feel like it's a little of a downer these last couple questions, but hopefully that helps. Yeah, One thing I just, you just reminded me I'll I'll be quick is and maybe I won't be so quick, but is that a lot of times talking about the happy path. So whether it's like the biometric authentication, things like that, it's the unhappy path.

It's how do I call the help desk and say I need my password to reset things like that. That's how the breaches are primarily taking place today. It's social engineering. If you can take out the social, if you can take out like the fishing, then all they have left is the social engineering. If you're, if your main process is too hard to hack, make sure that your help desk isn't getting hacked.

Make sure that you've got enough controls at the place where you can get socially engineered to let somebody in your organization is basically open the front door. Do what you can to solve that problem. And a lot of times that's process and there's a lot of technology out there that can support that as well. Yeah, you've seen a number of those things come through.

And chances are the way you're going to get breached is through a human social engineering gives up a password, uses a bad password, you know, clicks the MFA prompt that we said we'll solve all of our problems. And yet somebody goes and says, yeah, sure, go ahead, right. There's just you can't, you can't ignore the human factor. And so people will unfortunately always be the weak link, at least until the all the AIS take over and then we don't have to worry about it.

They'll just tell us what we can and can't do. So I'm surprised we didn't have an AI question really in this bunch, but that might be refreshing for people. Yeah, right. For sure. All right. Let's wrap things up ending on a lighter note. We were kind of pontificating before we hit record here what we want to go with, and I think we started down the air travel route of problems that you and I

have experienced. And maybe some of these are recent, maybe not, but let's start there and let's maybe treat this a little bit like we're ahead of time. But Festivus, you know, we've got the airing of the grievances. Let's just start with generally speaking, what are some air travel etiquette things that people should be aware of when they're on a plane or maybe in an airport or something on those lines? Let's get some education out there.

OK, I think First off, you learn etiquette probably over time or but some of it's just the basic human decency. You know, don't take off your shoes and stink up the plane. Don't eat sauerkraut on the plane. Don't do things that are going to gross other people out or are inconsiderate of the people around you. And now I want to talk about one specific thing that I've seen happen more and more recently, and it really irks me, which is here's how planes unload people by row.

People in the front of a plane, usually if the X is on the front of the plane, get off first, right? And then it's row by row. And if somebody like said, go ahead, go get off in front of me, fine. However, if you think that you're going to just push your way to the front of the line or but that is tremendously rude and we can't be friends, well. Hard stance. There can't be friends. I agree. I think it's just a thing. I I don't see that very often.

I think what I typically see more and I, and I will defend this practice is if you've got a tight connection, usually the airline is aware of that and they ask people to stay seated to say, hey, let the people with the tight connections deplane first so they can get out there. And I've been part of that group

before. And I can tell you as someone who was on a tight connection, as in me literally running through the Atlanta airport to make my flight to Amsterdam, I greatly appreciate it. You know, being able to skip even the four or five rows that I had to get to the front because I was already kind of, you know, near the front anyway. The problem I have with it is all of a sudden everybody's got

a tight connection. And so people who are obviously not, you know, underneath, under that sort of duress tend to take advantage of the situation. So have a heart, you know, think of it as if you were in that position. If you've got plenty of time, you know, let those people pass. If you're one of those people, make sure they understand like, hey, I've got to take connection. Do you mind if I, you know, get in front of you? You can do that all as you're taxing to the gate right?

Doesn't have to be like right that second. Say hey, talk to the people around and say hey. Just FYI got a tight connection is OK. If I get in front of you, 99% of the time people are cool. Yeah. And so that should be a relatively straightforward thing I. Totally agree with you. I've been on both sides of it as well and I've stayed put in my seat. If I didn't have a tight connection, I've gotten up and taken advantage of it wherever you need to.

Yeah, but I think it's the me first mentality that bothers me. And you see it on the roads a lot of times where it's like, are you got a queue of cars and someone's like, oh, well this lane is free. I'm going to go all the way up until they go down those two lanes. Me first. Or someone sees that you're backing out of your spot and they're just like, no, I'm going. Or you turn on your turn signal and the person speeds up so you can't switch lanes. Me first. I don't like that.

Be considerate of your of your fellow humans, that's all. OK, I'm, I'm OK with that. That's, that's a stance I can get behind. Where do you feel about people standing up when the when they get to the gate, immediately get to the gate and people stand up automatically even there's really nowhere to go? That drives.

People crazy for some reason I don't quite get it, but it seems to be a common thing that people complain about is why is everybody saying even if they're like row 30 all the way in the back, you know back of the bus people stand up immediately when they land I. Don't know everybody's reason for doing what they do. That doesn't seem to bother me. I had a flight yesterday from Orlando to Denver. Is 4 hours as in the middle seat? My legs were cramped up by the end.

I couldn't wait to stand up, but I had a middle seat wasn't able to stand up until like I literally walked off. But yeah, that doesn't that one doesn't bother me too much. I don't see how that really infringes on other people. Unless your your goal is to get your bag and to move up two rows. Then I think it's me first mentality and I don't like that. Yeah, I think it's I, I get, you know, the older I get, it's like, I've been sitting for X

number of hours. I need to, like, stand up and stretch my leg, especially when you're crammed into these tiny little airplane seats that nobody fits into. So I get it. I don't have a position on it, but I thought I'd throw it out there because I see it commonly on, you know, like the Delta subreddit, which I see from time to time is like, why are these people staying home? And like, cares, you know, they're not going anywhere faster typically than anyone else.

Usually they're stuck behind everyone else. You have to see those videos. Sometimes people post and it's like someone takes off their shoe and puts it on the arm like. Gross. I haven't run into anybody that's that inconcerate yet, but that is nasty. Yeah, it's. Pretty gross I had. One issue where somebody behind me had their barefoot on my like armrest on the window. And so the person's gross big toe and it was not a, it was not a a nice big toe. It was a pretty gnarly looking

one. And you know, I put my elbow there and then, you know, I'm end up moving and it kept showing up there. And so, you know, I just started like, you know, elbowing it and you know, stuff like that. And I eventually I eventually got the hip, but just gross. Keep your shoes on, people. You got your little space and just think about like the people around you is that. I think that is the two things that I've learned in my decades

of travelling. 1 is be considerable of other people and then the other is like manage and maintain your temper because things happen during travel. You're sitting on the the runway for two hours and it's the plane track that's being filled with exhaust fumes and you're just like angry. I mean I would be. Pretty angry about that too. Like like let's come on, let's let's figure this out. But. Yes, it happens all the time

though a slow burn. Is. Is preferable and you just have to somehow find a way to keep your cool and realized that this is going to happen sometimes. How about the times where you're like, you're sitting in the airport, they delay. This happened to you and I. We were both in the Atlanta airport. They delayed, delayed, delay. It's 11:45. They finally cancel. You're rebooked to the 6:00 AM flight and we can't pay for your hotel tonight because weather.

And you know, it wasn't weather. It wasn't weather where you're going. It wasn't weather where you are. You could fly off the handle and be angry. It's really not going to get you anywhere. Yeah, these things are going to happen in your career of travel. Yeah, I think people who travel a lot probably understand it about the people who don't. It's just these are things that happen. You know, it's an odds game.

You might go 100 trips that are totally fine and another person might go 100 trips and every single one was a disaster. So you just never know. I have the Flighty app on my phone, which is a great iOS app for anybody who is interested in like their air travel and kind of keep things track. And so I have all my flights in there that goes back back to

2010 and all time. I have lost 125 hours from delays since this has been tracking 11 this year 2024, I lost 33 hours of time because of delays with flights. Now some of that was hurricane related where I was like gone for three, you know, essentially 3 days, which didn't really count on that part of it. But yeah, it, it's, it's going to happen and it's just, you know, Goose Frappa deal with it. Go into a moment of Zen or whatever it might be. You have to. You have to or it's going to

ruin your life. So quick story, I was flying back from Orlando yesterday. We were both in Orlando for company conference and I, I boarded the flight and I'm good and I'm on a window seat on my flight from Atlanta to Asheville and plane is boarded. You know, everybody's on essentially at this point. And I get the, the flight attendant comes back and says, hey, you've been upgraded. Like, OK, I'm like, I'm already in the window seat.

There's two people sitting next to me like the point is literally ready to go and they couldn't have figured that out like before. So shockingly I declined the upgrade because I was like, I'm not going to make these people stand up to move up like 5 rows into 2D or whatever it was in. So I was like just next time tell me sooner. Don't wait till like the boarding door is closed to. Somebody else and they took 10 minutes to move up there.

No, the, the, the seat was empty, but I just, I felt bad because it was like these two people sitting next to me. I'd already gotten comfortable and got my stuff kind of set up and was like I. Don't want to if it was a. Longer flight, Absolutely, but for a 38 minutes or a 45 minute flight? You didn't do that. Yeah, I don't. Know oh I'm not. I'd be ashamed. Of the old, yeah, if it was, if it was a flight more than an hour, I would have done it.

But at Atlanta, Nashville is, you know, 45 minutes, maybe 50 if everything you know, goes wrong. But, and I was like, just. And at that point it was also like, I don't know, 9:00 at night. I just want to get home. Yeah. All right, let's wrap it. I'll be. Interested to see what YouTube shorts you make out of if anything from the leg node comes up. I don't know. I typically don't. I try to keep it on point. So I'll probably try to focus on

that. But I know you'll be getting into the YouTube Shorts thing, so you might carve something out of this. Yeah, I. Love it. Some sort of public messaging and then that's when I really get to hate because people would be like, I'm going to stand up and get past you anytime, you know, screw you, Jim. I'd like sour drought.

Right. That's the one that that definitely bugs me. And as much as I like McDonald's, I do not want to smell it on a plane as it goes past me because now I'm thinking about French fries. Well, especially if you're. Starving and you don't have anything? Yeah, yeah. All right, let's call it for this week. Visit our website, idacpodcast.com. It has all of our episodes. It has all of our discount codes, all that good stuff like subscribe, share with friends.

You know, we're doing crazy amounts of downloads every month now. So it's pretty, pretty ridiculous, but definitely want to keep that up. And yeah, thanks to everyone who always reaches out and sends this message on length ends, people who see at conferences, etcetera. Also forward to meeting us folks. So we'll go ahead and leave it there for this week. Thanks everyone for watching and or listening and we'll talk with you all in the next one.

You've been listening to Identity at the Center. We hope you've enjoyed the show. Make sure to like, rate and review, and we'll be back soon. But in the meantime, hit the website at identity@thecenter.com. See you next time on Identity at the Center.