#387 - InfoSec World 2025 - Trust, Transparency, and Technology: Building Better MSP Partnerships

Welcome to the Identity of the Center podcast. I'm Jeff, and that's Jim. Hey, Jim. Hey, Jeff, how are you? I'm pretty good. How are you? Good. We're at Infosec World 2025, and as usual with most conferences, like the Hallway, conversations are worth the price of admission. Hallway con is all is all about it. So that's that's the car good.

Part So I've had a few conversations with folks about they're using managed service providers to provide identity not only here at the conference but come a couple of times. So we decided let's do a podcast about that topic. Yeah, I don't think we've actually like hit this topic before. And so it's like they're out there. I think the, you know, there's always some trepidation. OK, well, do we use a partner for this? Can we do it ourselves? The answer is probably different for everybody.

So it's not like A1 size fits all solution, but it's definitely an area where from an identity perspective we have to think about. OK, well, how do these people get access to things if they're managing my data? What about other parts, you know, other clients they might have? Right? Things like that. So I thought it'd be

interesting. And yeah, so again, I'm going to be distracted because, again, looking past you is in the episode recorded earlier, There's a pumpkin patch and people in wizard hats across from here. Well, Halloween is those weeks, so you got to cut them a little bit of slack. But they're trying to be festive, right? And we we have Halloween. Candy Yeah, yeah. I mean, look, we're at a conference, right? You need, you need to have something to hook people coming in.

Yeah. It's like a message, say, like for us, hey, we're doing a podcast in the middle of like the RSM and ID identity at the center, you know, Expo hall space. And so, yeah, like we're all trying to do our things. And we? Have Butterfingers and we have Butterfingers and other coffees. And who do we thank for the Butterfingers? It's our guest today, Mr. Mike Rearing, who joins us from Tampa, coming in here to Orlando. Thanks, guys. Thanks for bringing the candy.

Yeah, that's so Candy will get you everywhere on this podcast. I'd be careful to bring candy that I don't love, and I didn't

personally agree at all so. Yeah, that's a that's a good strategy. So I there's 100 grams and crunches in there and that has been a problem for me I'll. Just say that up front right now. So for me, the thing that's in there that I like is the Butterfinger and I managed to resist for the most. Part. OK, well, thanks for being here with us. So you're a member of the RSM team here. I'll let you kind of introduce

yourself. But we're all part of the RSM and they say, OK, we're gonna have a conversation about about, you know, managed providers and kind of things like that. So tell us who you are. So I'm a principal in our technology consulting space and I work on, on managed. So I, I both, you know, I'm a leader in the practice that delivers managed services to our clients and I serve clients. So been doing the managed services thing for a while. So before I came in, I'm a recovering nerds.

They don't let me do that anymore. I'm not allowed to actually touch the keyboards, but yeah. So how did you get into like the technology space? So like the origin story of of you? Yeah, I went to school for computer science, but I haven't ever actually been paid to write any codes. Is that a good thing? I guess. I mean, it depends what you mean by code, right? So I've scripted a bunch of stuff, right?

There's almost most IT people have done some sort of automation, but I've been an infrastructure person, man or what? So before I came to RSM, I used to implement things like Microsoft Active Directory, Exchange servers. And you know, back in the day teens used to be called a thing called what was this OCS Office communication fervor. So I used to implement that thing. So yeah.

And like, talking to you about identity is always interesting to me because like, that whole Active Directory thing is like, you know, it, it is at least in part an identity system. It's an identity provider. It's the gift that keeps on giving and will never die. Like everyone uses Active Directory. For the most part, we can call it Contra, we call it whatever we want, but it's active. Whether it's on Prem or in the cloud, there's a directory somewhere and I think, you know, just my own.

Experience. I don't know, I've never heard exactly. Yeah. So M1 of the reasons that we wanted to have you on the show is that you're heavily involved in the MSP kind of focus.

And I mean, that's just like it seems like it's a rapidly evolving area and a lot of organizations are doing it now. We're reaching the identity practitioner listener base and these are folks who are having to secure access for their MSP providers. What have you seen in terms of the evolution over the last few years and what are some of the the biggest impacts of those identity people?

Yeah, the, the standard by of what good stewardship is has certainly evolved, right, in a lot of ways in the identity space. And then what, what minimum security standards are for various industries have have evolved and people had to get a lot more mature, right. The threat landscape has definitely evolved and changed just in the last 5-6 years. You know, you look around and look at this, we're not, it's not, it's a cyber conference.

And you know, you walk down the halls and you'll see the names of vendors that were selling antivirus products, you know, 20 years ago, you know, like, wow, I didn't know they were still in business 'cause I think of them as like a legacy signature based antivirus provider. And then you see other people that are, you know, didn't exist back then and now they're leaders in his face for things like DDR and detection response and that those faces change. I get it, he's changed it.

So when I first started working in the managed services space, we always had, you know, the companies that I worked for at the time, we used shared account to access our clients environment. You know even the most privileged accounts, you know, you know the domain admin, enterprise admin level accounts were a shared account. You know, you know Acme MSP admin, you know past client.

They've not. Gone. Almost nobody wants to use that anymore, right? That's right. Not the, not the leading. Practice, we should just call it that, right? So it's really easy to identify in the list and of account. That's right. But that whole thing has changed, you know, and and the vendor landscape has evolved to support some of that and in other ways is way behind.

And you would you have to work around it then use, you know, third party stuff to help either federate or do just in time privileged access to the client environment, those sorts of things. So and of course our clients, you know, in our assembly serves the middle market. So that means a lot, right? That that means very, very small

immature environments. I serve a not-for-profit that has a budget of $20 million a year for the whole not-for-profit now for IT, not for identity, not for cyber. It's also for budget, right? And then I serve other clients that are, you know, in, you know, the billion dollars, you

know, billions of dollars space. So their maturity in their expectation and their ability to even participate with you in securely and responsibly accessing their environment is, you know, this massive continues, right. So it's not in the back from that perspective. Yeah. And when I mean, do you feel like the your walk around here in the in the vendor Expo hall here at the conference, do you feel like the the technology solutions are evolving to kind of solve those problems well?

Or is this still a major gap in terms of, you know, a focus on solving the problem of having multiple third parties coming in and managing the IT environment? Yeah, that I don't know, Like I'm not an identity expert, so I don't feel rude. Well, if I can answer the question, to be honest with you, I do know that most of the folks in the Expo hall are not trying to solve my problem. Isn't NSP most of them, right?

They're trying, they're building solutions for enterprise sized clients to do identity and access management for an

enterprise, right. And my business probably was a little different. As I think about serving my hundreds of clients, we've have extraordinarily disparate technology platforms that may or may not be able to consume identity from the IDP that I select, right or the for the, you know, the federation and you know, focus station for frustration platforms that I select all right. So I feel like I can get to like 80% and then that last 20%'s

just really, really long, right. So we still have shared accounts if we used to access certainly quiet systems that just can't play in the sandbox. And we just have to be really diligent about how we manage those privileged accounts. We keep them involved. You have to check them out. You know all that stuff. And you think to yourself is probably legacy applications, but I think there's also just certain industry focused applications that almost act

like legacy. They're still like the current state, you know, latest and greatest, but you know, from the standpoint of evolving with the technology, they're not doing it. There's such like like the certain industries, you're right, like the industrial space is one that I think about a lot, right. Because they're, you know, they're OT environments or the process control environments. Like they don't go update that stuff all yeah, you know what I mean?

Like some of those are, I walked into a factory a few months ago and there were like zip drives on Youtubers that were running Windows 2000. Yeah, you know, and I'm like. Those are disc tries, only five years. Ago we can't touch that because that's the thing that does the batch control for making, you know, the polymers, they the vendor isn't in business anymore and they you know, it's that kind of stuff. You know there's always going to

be something. Yeah, a lot of times there's apps you'll see, Oh yeah, we're going to have Samuel single sign on in a couple of years or something like that's not even available. So I think listeners could be coming from to this podcast from a couple of different places. One is they've already got an MSP and they're trying to manage

access. Another is, you know, the place where their organization is starting to look at using, you know, kind of outsourcing some of those managed servers work for some of the, you know, maintenance of IT and

information security and identity and kind of what are some of the traits of, you know, a good partner? What are things that stand out versus a not good partner? Yeah, I guess the first thing I think of is the word partner. It, you know, we all throw that word around, but it, it's a real word. And one of the characteristics of a good partnership in all parts of our lives, right, like is transparency and, and, and honesty about capability. What can I do well? What can I not do well?

And I would hope that as you're, as you're evaluating relationships with different people to to serve your organization, I'm not going to trust your gut. Like if you can tell whether somebody's, you know, if somebody says yes to everything, it's probably not true. You know, there are things that I can't do well. And I'll, you know, I my job to be courageous enough to tell you and risk using the deal. I have to say, sorry, I I can't

do this. I can't do that well or I would love to Co develop the ability to do this. I'll give you a break on this engagement so we can Co develop this this model, but you have to let me use it for other other attention clients, right? Maybe someone but you know.

The thing I thought of. When we were afraid to do that. The thing I thought of when you said partnership is also there's two sides to a partnership, right? If all you are looking at is like what you're going to get, yes, that's not a good starting point, right?

And I think, you know, I've worked in an organization where we looked at MSS PS and Ms. PS and it's like, you know, ultimately the bottom dollar is going to be one of the main drivers, but you can't kind of just go into and expect the world and the lowest price. And because what you're probably going to get is a lot of promises that will never be fulfilled. To me, it's kind of like it's a

give and take. Yeah. Well, and getting an MSP or an MSSP on boarded to deliver the service to your organization, it thankfully like it's hard. There's real work, like we have to learn each other. I have to learn all the nuances and all the littles, you know, institutional knowledge that you as the consumer of the service may have well documented, but you probably don't. But at least I haven't met you yet.

So if you're one of the, if there's a listener out here who has all the institutional knowledge really well documented, like please call me, I'd love to serve you, but I haven't met that. I haven't met that client yet, right? There's always stuff that's locked up in Putin's heads that's really, really important.

And learning those things is super, super, super important and it takes time and we have to document that stuff in our, our, our IT. So this management platform and entering the knowledge and standard operating procedures and, and all that kind of stuff. And then, you know, deploying the tooling and all that, right? So it's time consuming and it's

expensive. And so to your point, you don't want to make a transactional decision on that relationship because three years later you don't want to change. It hurts to change. It costs money and time and it's disrupted for change. You mean change? Partners change partners. Great. Yeah, Yeah. So hopefully you put you make a good choice and you have a big culture fit and it's truly a function. I kind of feel like something I've seen my clients struggle with is looking at MSP or MSSP

relationship. It'll be written for, hey, we'll run your environment as it is on such and such a date three years in the future. The contract hasn't changed, but the technology is really changing. And it's like, where does that leave you? Yeah, yeah. I mean, it kind of depends what service you're subscribed to. You know, we said we just, you know, we've been talking so far in the conversation about like

MSP as if it's one thing, right. When for a really small client, the, the, the idea of being their MSP might be that I'm the total outsource service, like I am the outsourced IT department. They don't have any money. So when you say I'm your MSP that to that client on everything. I'm the service desk. So I'm monitoring, I'm patching, I'm, you know, doing, you know, you hire onboarding, I'm deploying PCs, I'm doing endpoint life cycle, I'm doing

all that stuff. OK, But to another organization to be there, NSP might just mean that I'm the outsource. I'm the outsource services, or I'm the outsourced monitoring like network monitoring team, or I just do firewall management or

whatever, right? It's a discrete service. So it depends what the service is, right? And it's just that it's not one size fits. I'm glad you made that distinction because I think we sometimes get caught into like, OK, is it MSP? Is it MSSP? Is there a difference? I do. Think there's a clear distinction? So let's. Talk about that because people might not be familiar with.

All the actors of the IT is for some of our, you know, our less experienced fire, right or our client who you know, it's not always even an IT professional who I'm interacting with as the prime partner. She sometimes it's a operating officer or a or, or somebody like that.

And for an IT professional or a, or a cyber or security professional, we kind of intuitively understand that there's right, you, you know, the outsourced MSP is really, I think of, I use the word infrastructure and operations, like we're keeping the thing up and running and operating it for you, right? So we're making sure that all of your systems are available and ready to do their zones, right? The security provider is really like, I think of as the cyber

operations, right? They're probably delivering a set of, they're probably operating a security operation Center for you. They're probably ingesting your, your telemetry and your events into their SIM.

There might be providing you with endpoint detection response tooling and they might be doing some kind of, you know, vulnerability scans on a periodic or continuous basis to, to make sure that we're staying ahead of, you know, the vulnerabilities that are in the environment, whether they be configuration or patch or whatever The thing is, right?

And there's got to be connectivity between those two parties, whether they're the same, they're the same company delivering both of those capabilities or you'd buy those things from two different companies. There has to be connectivity. It's like here at RSM the the MSSP team does vulnerability scans for our clients as part of their scope of service when you buy that service from us. But my team on the managed IT side does the vulnerability

remediation, right. So we have a certain set of stuff that art that knows how to patch. And that's not everything right there. I have not met the tour, if that knows how to patch everything, right? And so there's a handshake between that MSSP side of the house and the MSP side of the house that says, hey, you guys have been patching all the Microsoft stuff that you're patching all these third party

products. But here's this thing in your client's environment that is has a vulnerability and is behind, right? What are we going to do to mediate that? And there's varying levels of flexity to that, you know, but there's got to be a handshake. So who's who's responsible for that handshake? Is it the client? That's like, OK, we've got these two different services and you guys should be talking to each other and ultimately right, the customer is probably.

What addicted to you guys you should get it varies a little bit. If you buy both of those services from us, you should expect us to be that court, right? But if you are the kind of client that is, that doesn't have an IT leader, doesn't have an IT staff, we should be doing that coordination and reporting to you, informing you if you think in racy terms, right? I'm informing you that I did, that I did my job right and

hopefully. Through our relationship, you are learning, I have a lot of clients that had zero IP background, but over the course of the relationship they've learned enough to be able to ask intelligent and for questions of us, right? And I love that. That's the best time part, right, is, is when we're both on the same page. But then there are other clients who have some more nuances and, and you know, more experienced and maybe they want to be more involved in that process.

So we'll have the meeting between the MSSP side and the MSP side and the client will show up to that meeting and really play an active role. They, you know, this long 4 J thing is out there and like don't mind that bus, but it's, it's stitched into our line of business application and the vendor, you know, does it really have a great remediation for like the. You end up in those kind of

conversations. And hopefully the client is equipped to have to participate fully in an informed manner in

that conversation. So let me ask you for three questions that a client should ask their managed partner. Like what are the three things that is OK? I'm interested in this concept of some sort of managed service. What are three things they should be answering? This is somebody who has not done outsourcing before and they're thinking about boot. Counts. Yeah, let's take it from that angle and say, OK, good. What should you? What should they be asking?

Yeah, one of them is, is like what widgets are we counting, OK, like how do I, how do you determine what my fee is every month with that? So in the MSSP space, they are often counting the number of devices that have UDR installed on them or the number of log sources that are sending logs of telemetry into the SIM, right. In the MSP space, we're often counting sometimes for, for those like relatively simple smaller clients, we're just like first supported user per month.

That's the widget. I'm counting the number of employees that you have who could call the service desk and who carry a laptop. So what's the widget that I'm counting in order to determine like, and there are people out there like especially, and it's the large enterprise space on the health desk side, it's, you know, fee for service desktop per month and you pay every time you fall. Like I personally don't like that model because it it just doesn't doesn't inset the right behaviors.

What's the what's the service provider's incentive? So drive down the valley in the service dust falls and be prominent right in that. Maybe I don't understand it, I don't know. But what's the witches? What's another one? Who is going to after the salesperson walks away? Who? What's my What's my escalation path? Who's my account manager? I'd like to meet them. I hope you've already met them through this, the sales process. But who, who's the, who's the escalation path?

What happens if that person builds on PTO on vacation? How do I get escalation to find an impalm? And so I would want to know that and what are the metrics that we're going to use to define success? And so that could be, you know, response time and itself is so the celebrity greener around response time. If it's a service desk thing, one of the things we report to our clients in a program that I run is I report the client satisfaction for my clients. So would you subscribe to ours

for the pills desk? We offer your caller an opportunity to tell us how we did. Five stars, but 5 is good, one is bad. I report that back to all my clients. This is, you know, 75 or 100 or 1000 of your people responded to the survey last month. And this is how many people told us we did a great job. Here are the ones who told us we did a poor job. And this is what we did to revelate that. Make sure it doesn't happen. So what's the standard for success that we're going to use

them to manage them? I love Jeff's question because what we're always trying to drive towards in these

conversations is what are the actionable steps that people can come and take away from those? Yeah. And I'm sitting here processing when you have the MSP and MSSP, it feels like identity becomes the area where it's like where does that line kind of stop because you want to say, oh, MSSP you do identity. But I would think in the the world that MSP is often running like Active Directory, which ends up being one of the most important identity systems.

So if you're kind of architecting the solution like roles and responsibilities, but also realizing that the tech landscape changes every couple of years, what is the approach? And I always feel like a well informed client is the best client because they understand the challenges right? Well, you don't have misunderstandings and surprises, right? Right. What a welcome client for sure. You know where identity lives is

kind of up to the client, right. You guys probably work with clients and yours and probably there are people on this fall and some of the people for on this podcast that are pursuing the podcast. Some of you work for the the security team at your employer and some of you might work for

the IT team at your employer. I don't think there's, I don't think there's consensus in the world about where identity lives in, in our our universe of IT departments and cyber departments in the world, right, right. It's a question. That comes up every time. Like, you know, we sit with clients who should it report to? Yeah, there isn't a right answer and I'm not a. Security professor so I hope I don't know the right answer. If I I'm responsive to the client in that.

It should belong somewhere though, like somebody should be doing it. What it does is as long as they know about it and they're. Responsible. It's an afterthought though. Like I've we onboard clients all the time to our managed service and getting to one of the first things we start to look at is when a hiring manager clicks on the configuration item in the in the in the portal that says I need a new hire. Like what is the authorization process for that? What job roles exist?

What authorizations, what identities do they need? Yeah, right. Because a ton of my clients don't have a central identity provider so. You trace those whole workflows and kind of figure out what are the sticking points. And then you know, who gets to

authorize which job roles, what kind of laptop do they get, what systems do I provision identity into and so on. And then because some of our pricing models have this price per supplies user per month, find a concept like what's the, what's the system of like of record for figuring out like what's a user and what's an active user? And then you start digging into their system.

And I'm like, you told me that you have, you know, 1500 employees that work here, but they're like 3800 active Active Directory or Ultra accounts that like aren't logged in over. So that doesn't feel right. Like you told me 1500 people work here. Why do you have an extra X number of thousand against? And they and they're like, yeah. But that drives that, that incense behavior on your part to say, wait a second, is the license incorrect?

Because I know that that is a challenge for a lot of organizations. Like we don't, we don't actually know how many people here it. Becomes a licensing thing because they're probably paying for AE3 or E5 or right, whatever license to Microsoft or whoever, right, whatever your system is for a person who hasn't been here for whoever and and they could still log in like the identity's active right? That they I would be worried about that, right. But we run across people like that.

These kind of like workflowing processes sound to me like the perfect topic for workshops. One to two day workshops. I'm just wondering. Have you ever got that done in two days? Since this is at some point you have. Like occasions, right, right.

At some point you got to say, OK, we're going to go with vendor A or vendor B. Do you get that opportunity in a lot of, because I've seen our fees be the way to kind of like get folks to come in, But it seems like it's such a important process to figure out like are we working with somebody who gets it and cares about our needs? Or does it come down to all right, put together a bunch of documentation and give us a. Price, the RP thing's so tough,

like, you know? I'm on record as not liking them. Well, no one, no vendor likes them, right? I don't. Like doing them even on the customer side because they don't really. It seems like it's a paperwork. Exercise what they use them at least in principle.

They exist to like keep the the process of captain right? So it's not who took you to dinner or it's not who gave you tickets to the hockey game. It's it's ideal you would like to see that RFP processes are a way to keep things objective. But you're right, it ends up putting up this wall between your organization and potential service providers that's hard to

penetrate. You know, it's hard to get to what the real consumer of the service really cares about and wants and being exposed to that while still respecting the spirit of the RFP processing function, right. You know, I struggle with it a lot. You know, I also don't like them, but I understand why do

they right? They you end up with like a procurement person who sometimes if you know larger organizations might have a procurement person who's assigned to I team dealer superior cyber, the office from the system and over their career, they, they actually understand the things they're

trying to help high right. But then sometimes come across procurement people who are really just box checkers have no clue what the service is that they're trying to facilitate and they're just running through a process and that. That's time, yeah. I just feel like it's it's the RFP process. The spirit and the intent is good, but the execution in the real world is very lacking. Say that about so many takes time on it. All right, let's talk a little bit about.

So you. You. You talked before about, you know, how do you measure some of the things that, you know, the client might want to see as a consumer of that service? But let's talk about risk and maybe if that perspective, are there other ways that we could say, OK, we've reduced the risk. You identified one, right? Hey, we found this account and guess what?

It should be a it should have been, you know, removed a while back, right, licensing. Are there other risk reduction sort of metrics that come out of this kind of conversation or this type of service? I should say I. Mean they're all open race and and they vary from client to client and it's it around identity. It's like how am I provisioning identity that finding the fashion? How am I deep provisional of

identity? How am I ensuring that as a person for their life cycle in your publicization doesn't just accumulate permission then then access, you know, as they get transferred from department of the department. Have they just accumulated access to everything they've ever had? You know, and it has no no relationship to their third world. You know, we end up talking about stuff like that.

We end up on my side of things. We spend a ton of time talking about vulnerability and and patching and you know, what's the right mix of being hyper responsive to security related patches and from your updates and fix the like that. Wow, doing some kind of change management and testing around

that stuff. Some of our clients just want us to deploy it, right, you know, and you know, like, hey, can we just maybe let's deploy it to this test group first, then the next week we'll deploy it to everybody. So you know what I mean? So we need to talk about that

kind of stuff. A lot of our middle market clients don't really have the concept of vendor management as relates to ITI spoke to someone just recently and they're like, yeah, I went to this, you know, this meeting, you know, four different departments are evaluating AI solutions for their department and I'm like, hold on guys, why aren't you talking to IT? Then I called this person, I said you don't have shadow IT because you don't have a policy.

Like you don't have any kind of vendor in fate that evaluates the risk of new solutions and opinion in the environment. You have it when they win the business what the what the rules are. And so they can't be breaking the rules if there aren't any rules for anything. You're like, you know what I mean? So and this person was like. Yeah, Yeah, right. Right. Yeah, exactly. Yeah. So Mike, you've been super generous with your time. We're at AIT conference.

Guess what they're talking about AI cruising system.

So AI is changing everything in technology, right? It's going to change MSSPI think as well. Yeah, kind of put your your future facing hat on if you would and just talk about where you see those changes coming. How do you see this space evolving in the next couple of years? Because of AI, Yeah. So the, the, the two things that I think are important on the MSP side of things that are interesting that are, that are

happening in AI, at least we're actually spending time and money and, and putting real focus on this. One of them is we spend at, we use, we use AI to do some problem management. So problem management historically has been a somewhat labor intensive thing and you can use tools to help you with it, but so. When you say problem management, can you describe what that is for people who aren't familiar? Yeah, yeah, yeah.

So problem management is a ITIL process and problem management is looking for trends across multiple incidents or service, but so you know, it's work Spark not hard is the short is the TLDR of problem management. It's I get a ton of calls about this one issue and I could just solve the issue every time the call comes in. Or I could try, try to find the root cause. And the root cause might be a

technology root cause. It might be a training issue that might be organizational change management thing. But if I get, you know, 45 calls a day about the same problem from the same client and I'm not doing any kind of I might never identify the that I might just my service desk operation like the Super inefficient and my clients. So I always tell my clients, if your people are talking with my people, they're not doing their job.

So I want to make it so that your people never have to pull my OK, if your personal on the service desk, they're not doing their thing. So if I could reduce that 25 calls a day on this one topic to a handful or zero. That's the guilt. That's the bullet prompt. It makes everybody happy. But there's some AI stuff that we can do to look at the natural language text in the body of our, our case or ticket history, if you will, and find out like what are the things that are happening.

I, I use AI to look at, I told you, I run that play experience program for, for our, our major service business. And we use AI to look for themes that clients complain about, like what are the things that that multiple people at the same client might be playing bound or what are the things that multiple people across our falls right of clients like waiting back about in their case view. And then we go actually take action. So that's it for who for sure.

Problem management implies that. And then the other thing is, you know, we've all gone to a service desk portal and filled

out our ticket, right? And some of the more advanced systems today are as you fill out the Tibet and they're starting to suggest solutions to you for self-service, I think you'll see that accelerate in just the the maturity of their solutions and their ability to let you solve your whole problem without this the the service desk, whether it's an insourced or outsourced service desk, having to have person do

something. And you can see that stuff go like I hate, I used to hate this things like try and just talk to a person who consult. I'm an old guy, right? I want to talk to a person who consult me problem. I'm starting to pivot on the end then now I'm getting to a place where the solutions that are being offered to me as I fill out the digital form are actually better than. They're getting so much better. I mean, you see it all over the place. I still find myself sometimes

where you could tell they're the dated all the way. You're just like, I want to speak to human. I want to speak to human. Before they ask you the same question, five months. Yeah, right. You call your bank or your credit card company and you answer the questions to file and then Sally asked you the exact same questions. Annoying. Why, right. Maybe some of those questions you guys are identity to, maybe some of those questions are authentication, but that's not anything.

But they're they're continuous identity. Continuous identity verification. Trust, right? I mean I I understand. Memory from. 0 memory. Well, part of it might be that somebody got injected into the call process, right? If I have a Direct Line or something like that, how do you know it's that person on the line? It's it's a slippery slope. My background is help desk.

So when you start talking about, you know, problem management, we had an entire team, this would have been early 2000s that was responsible for writing right all the procedure documentation and say, OK, if a caller calls with this problem, here are the steps to fix it. AII think changes that quite a bit, because now that information theoretically can be generated by AI. Well.

What happens, you still need people to review it because what you don't want to do is have it hallucinates, which is that nice way of saying lie, you know, to give you incorrect, you know, directions on how to solve something. So it's a very fascinating world we're in right now where AI is literally touching like every single part of the journey of a customer through any support mechanism, whether it's they hit

the help desk, right? And if the help desk has a problem, they're referring to documentation. All that's being, you know, set up through potentially AI identity problems are part of that. Again, you run help desk, you're probably getting phone calls for my password doesn't work or I can't get my mobile device connected to the MDM, right. This is a you know we're we're inside baseball. We had some problems with this with you, right? Yeah, exactly right.

So things like that is these are all identity problems that are coming in through the 1st port of contact is either a web form right, my ticketing system, itsm or I'm picking up the phone and calling somebody. A lot of this stuff is is just changing the way it's working. I kind of feel like that companies are sometimes afraid to unleash the full power of AI. So for example, I called in for a pharmacy prescription renewal and it was like, I can help you with that.

Give me the prescription number. It's like, I don't know the prescription number. Can you tell me all of the prescriptions I have with you? And I'll tell you the one that I want. Well, I think their AI was definitely smart enough to pull that back. But at some point someone put guardrails on the AI and said we're not going to do that, right? That's too, too much of an opportunity for fraud or

whatever. They're concerned like concerns, but like, man, that would have been like super useful, they said. I was like, talk to human, talk to human. Yeah, yeah. I, I went to a client experience conference recently, well less than a year ago. And in the client experience, well, one of the things that happens is the concept that

closed the loop, right? So if somebody gives you negative feedback, like somebody should reach back out to them, then at least send them an e-mail and acknowledge their pain, right? Or maybe call them whatever, right? And one of the vendors in that space was touting their ability to do close the loop without even intervention, right? So the agent can reach back out to the person who gave you negative feedback and make them

heard. And I just know that ironic that like you want, you're using a system to make your customer feel heard by an empathetic human, but they never get to talk to him, right? And at what point do our agents just talk to each? That's why. I mean, that's that's a lot of transactions taking taking

place. They're going to be ancient to ancient and then, you know, you guys figure it out. Let me know what your agent. Yeah, exactly. It makes us all sound very important, right, Agents? You've been very generous with your time bands. It's getting loud here in the conference kind of Expo area. Like, I feel like I'm just being served right, Yeah.

You should be fine. You do photography on the side and we were kind of talking a little bit about like deeking out maybe some of the tools and stuff that we're kind of. Using here, you guys have a, the audience probably can't see it because you've always had like a really cool portable video and audio rig. Here, thank you. It's it works for what we do. I want to know, you know, from your photography expertise and your history, like what is your is definitely too. Strong about OK.

OK, your your interests. Yeah. Like what is your favorite thing to photograph? And like, what is it about photography that like, you just enjoy it so much? I like travel photography, so I'm the person who probably doesn't pick up the camera often. So I definitely take it on certain kinds of trip and they I think it makes you, it makes you, it gives you an opportunity to look at the world with intentions. So anybody can, anybody can pick up a camera or your phone and just snap it, right?

A lot of people will say the best camera is the one you have with. You the 1 you carry. Right. And for a lot of. People that is their phone, right? But I'm, I'm a nerd, so I like the, you know, I like to have a real camera with me, but I do travel photography and I like to take pictures of wildlife and birds, birds of fuel, because they're a technical challenge. They're this thing that's moving quickly, often really far away. And I still haven't taken a good

bird pic. So I've taken soft bird pics that I was like, OK, that's cool. But there are certain things in life that I think some of the best things in life, but with things that they've never done getting good in, like literally even play golf, like they probably chase that thing where they're not done getting Glen out of it. I play tennis. I'm never going getting good at tennis. I'm a sailor. You never get done getting good at sailing. Photography is another thing to

think it's you've never done. There's always more to and truly even try to. What is your What is your white whale of photography like? If you could take a photograph of anything I don't what would it be? Like that? Nothing. No, I don't. Particular bird, particular scene. Nothing. Just. That's not the way. OK, so I use it's about capturing a moment. You mean like capturing it in an intentional way, right?

Like I, I, there's a, there's a YouTube channel the, the guy runs that my daughter expressed recently in interest of photography. So I introduced to this guy's YouTube channel and we were watching one of his Intro to you photography episodes and he was like, there's a improperly exposed shot, there's a properly exposed shot, and there's a creatively correct shot. So correct shot make creative the correct shot of two different things.

And the creative Nick Barrett shot Heart is where you bring your art to the science. And maybe it's you chose to get down on a knee and take it from a different angle, or you chose to, you know, expose the shot in a way that emphasized, you know, something in the foreground and word background in a creative way or whatever that thing is. Get that bouquet effect right? Yeah, but I. Think it's yeah. I don't remember Wade Whale. If not like that's that's a good

question. If I don't have an answer to that, me and I, there's no bowl. I don't have a bowl. Me even though, yeah. Yeah, I've, I've, as I've, as we've grown this podcast, right, we've introduced video with like in the last year and a half or so, I've gotten into things that I hadn't thought about before, right before we were audio. Now we're video. And so it's like OK camera angles and lighting and exposure and framing of shots. And I'm not an expert on it at all.

I try to find something that works with the gear that we have for the environment that we're in. And now I'm getting into color correction. And now it's like, OK, what does pleasing look like to me might be very different for someone else, right? And so you get over saturated color sometimes or maybe that is pleasing. The tool like that you and I were talking about. The different. Resolve Right started as a color graded product and became a video video. So yeah.

And do my eyes perceive colors the same way as someone else? Do you want it to be hyper realistic, right, or are you trying for an effect? Yeah, yeah. There's just so much to it and I find it. Fasting, going to start wearing makeup on the on the I'll. Wear like, you know, like like stage makeup for like, you know, a heavy metal band. I'll do that. That would probably help this at anything. All right, let's go ahead and leave it there for for this episode. Mike, thank you so much for

taking time out. Thanks for being here. You know, I think this is such an interesting area that we haven't really touched on is like that whole managed provider

kind of community. So hopefully people got, you know, a sense out of that. I think people are going to love this episode. Yeah, I think especially we got into the conversation about help desk and like the real world stuff and that's what the identity practice is doing. And shout out to all my help desk people. And that's where I started at. Least you could like keep going down the Rataville, you could grab like the HR and paywall team into this. Like you guys are identity

professionals, right? Like it's not just IT or even cyber rates, you have to have that business connection. A lot of IM is just business process. You know, the technology is sort of like the third leg over here, but so much of people in process. Yeah. All right, we've been here for this week. Shout out to Shirley again and RSM for bringing us out here. Let's see what else idacpodcast.com like and subscribe dot TZ. IDAC. Dot TV. You know idac podcast dot. Podcast, I should just go to

idacpodcast.com. It's there. The YouTube channel linked everything else. I know I've got too many domain names for the podcast now I'm starting to lose track of it. I need like a. Is this defensive domain name registration? A little bit, but also, you know, Zeke, alright, how do we make sure that we got things covered? I need like a like a Pam system for all my like domain names or something. I don't know.

That's a whole. Different we manage for the MP so we you could become a fuss of. All right, well then, you know, maybe we should have a, if only I had like a an episode that I could lean into and say what should I be asking my provider? OK Mike, thank you so much for taking the time with us. And yeah, we've been there for this week. Thanks Amber one for watching and or listening and we'll talk with y'all in the next one. You've been listening to Identity at the Center.

We hope you've enjoyed the show. Make sure to like, rate and review, and we'll be back soon. But in the meantime, hit the website at identity@thecenter.com.