You're listening to the identity of the center podcast, this is the show that talks about identity and access management and making sure you know who has access to what let's get started. Welcome to the identity of the center podcast I'm Jeff and that's Jim a gem. Hey Jeff, how are you? Oh, not so bad yourself. I'm doing good. Actually, I've been living in PowerPoint he'll like non-stop for the past week or two and
more of that this week. But so long as you know, I've realized that what I do when I build power points where I start is like paper and pencil. You know, I kind of start with i Like, during a presentation, you need to tell a story and you should be able to tell that story without slides, right? You should be able to conversationally. Tell that story. So that's why I like to start
with paper and pencil. I know you kind of probably the first time you met me. I was taking notes, in a meeting with paper and pencil, and it's just some kind of an old-school guy from that perspective, but I feel like if I sit down at a computer and I start, you know, working out that that strategy like what's the Problem today what are we recommending for the future and things like that. Then I get to bound up in formatting and how the slide is going to look versus focusing on
the message. Yeah I remember the first time I looked at your notes and it was probably a diagram that you had drawn out and so just you know draw it on a piece of paper and send it to me and I'll figure out, you know, how we want to kind of showed on the screen and we used to have scheduled time where I would have to You Jim and decipher his handwriting is what is this trying to say like, is that Sanskrit or some other language? I'm not exactly sure.
You have, you definitely have doctors handwriting. That is for sure. Yeah, I mean that's probably the only perspective I qualified to be a doctor, but I definitely have doctors handwriting. It's gotten better in that. We've gone a little more digital and using, you know, tools like Visio and lucidchart and stuff like that. But it's kind of a combination between girl. VT and just plain chicken, scratch chicken scratch with a
funky style. You know I think what we should do is digitize some of your work and create some NF tees off of it and then put it out there for people to collect us, you know, collectors items like here is, you know, a drawing that Jim made. You figure out what it says. What does it mean to you? Or we could create a fun. Yeah, Microsoft is replacing the Colibri or I'm not sure how you say it. Tell it calibri 'calibri calibri
'calibri. Yeah. So there are going to replace the default font, which is, I guess kind of a big deal. Yeah, they probably will. They probably would not replace it with my chicken scratch, I hope not. But all right, now we're getting a little bit of softer Side Track. If you have a Windows PC and you have inking capabilities, you can actually create a font based on your own handwriting.
It's built into Windows somewhere, Windows 10, and one of those settings, Is you can actually go through a process where you write out the alphabet numbers, you know, some things like that and it will basically create a true type font for you
based on your own handwriting. So you could theoretically create your own font, put that into a PowerPoint and then have like a PowerPoint that looks like you actually wrote it out by hand, which is So Meta. I don't even know where to go with it. After that, it's kind of like, like Comic Sans, but actually, I think that would be really fun to do actually. It look into that and I did not know. That's why people listen to the podcast Jeff, as for the gems or some might say the doggie
diamonds. Yeah. The you know the the solutions to problems that you don't have. I think that's part of it as well. Didn't know you had. All right. Why don't we talk about some identity and access management stuff since that's pretty much why we're here. And what we do we're going to talk today about Zero. Trust Network architecture also known as ztn a. So as you hear us may be talking through that.
I know zero trust has been top of mind for a lot of folks especially with the pandemic and people doing remote work. And you know we talk with Eric Anderson from Adobe last week about their approach to znz tiene and they're actually ahead of the curve. They've been in this ztn a model for a couple years so they were well prepared for a mass, you know, work from home. EP unless environment, right? Things like that right to make it more secure to access resources. So to help us with the
conversation today. We've invited Brian D H, who is a Solutions architect at Z scalar and an all-around good guy to the show. So, welcome to the show. Brian, what's up everyone? Thanks for having me and I would tell you that the greatest lie, the Dever that I'm told that the devil ever told was that he didn't create PowerPoint.
I feel that I feel that pain guys, I you know I I've learned so much about PowerPoint having turned And to the dark side and Consulting, you know, five, six years ago at this point, I use it for way more than just presentations. It's a simple. You know, flowchart thing. It's basic Bare Bones image editing. So you know, I have a love-hate relationship with it.
I just wish that the feature parity between Microsoft and Mac OS was a lot closer because it is clearly a first-class citizen on Windows devices, which, you know, you would I guess expect, right from our Product to Microsoft Hardware, but I am glad to see that the Mac OS versions catching up because I do use. Both OS, has quite a bit and it's always interesting going from one to another, but I digress, as I get off, my PowerPoint, soapbox there.
Brian, this is your first time being on the show and one of the things that we like to ask our guest is is to learn more about their background and how they got into the infosec or the identity space. Is that something that that you chose or did you choose it? So, Oh, it's funny conversation.
So I started my journey back in the day at US Airways, which is now American Airlines and I was a systems guy, supporting US Airways.com and I quickly wanted to make sure that I solidified my position and didn't ever be like, you know, part of a riff or anything like that and I took responsibility over an F5. Appliance at that point in time was used primarily for web
acceleration and load balancing. And it was kind of a funny thing is, he's like this mixed bag of tricks where it was, it was a layer for device was also later seven. And I want to be part of the cool group with network security guys and they didn't like me for some reason I couldn't get them to accept me and lo and behold it turned out to be a good thing. They want to nothing, they wanted nothing to do with the device that can talk over.
Therefore they are seven. That was me in that kind of opened the door to Pandora's boxes. And then from there, I moved from there to Apollo Group which is University of Phoenix. And they said, well, knowing that 5 is great, but we need you to understand, you know, the Cisco has say the checkpoint firewall snort IPS. I mean, you name it, they own that particular product and oh by the way you're going to be on call here in 30 days or less.
So you better wrap up quick. It's a little bit of a trial by fire. It sounds like yeah, absolutely Best Mistake I've ever had. What else do you work on when you're not doing stuff for Z scale? Or I know you've got a podcast called PEB kak, maybe you can talk to us about that as a fellow identity, kind of related podcaster. Yeah, right on, thanks for the, the name drop on the area. Me a couple buddies from Z scalar decided that, you know what, maybe kind of cool idea to
have her own podcast. And so pep kak actually stands for the, the problem exists between the chair in the keyboard, right? User are so many times, right? We get involved, whether it was Network or security, where we were, you know, we are the ones to be blamed and at the end of the day, it's always the user. So we go over a lot of security topics. Sometimes, we do like silly dad jokes. Reviews and whatnot. But we are going to be recording episode 7 today.
So we were quite a distance behind. You guys gotta start somewhere. So Brian one of the things that we like to do with the podcast, right? It's called identity at the center, right? A lot of the focus of our podcasts on identity and access management, but we think it's, you know, becoming the, the central tenant of information security strategies. I mean, that's what we're seeing.
Seeing I think in a zero trust World it resonates very well but we want to use this as a forum to introduce kind of the other technologies that make up a full 0, trust information security portfolio. So maybe what you could do is kind of talk to us about what your, what your company's e scalar does and where that fits into a zero, trust architecture.
Gotcha. So if you think about it, Z scalar, Sí tiene their kind of synonymous and at the end of the day what we want to do is Federated with identity, right? Let them be the gatekeeper of the users who you know who they are, what they do, what groups, they're a part of and take that and apply that principle to users going out to the Internet.
So allow the good block the bed and then for users that need to talk to internal applications where they reside at the Legacy data center or in the private Cloud. Allow them to interact with those applications based off an identity. So how does does this actually work? What's the user experience like? Is it something that kind of sits behind and the user?
If it's if it's being done? Right, never actually sees or is this something that is a little more up front and present to a normal user, who would be accessing resources? Yeah, we really want to make this as transparent to the end user as possible. So from a user experience, if they are sitting in a branch office and they close your laptop lid, and they go home, or they go to Starbucks, they open it up. It's like they're already connected to the network, they do.
Have to do anything. They're not, then roll, they don't have to re-authenticate things. Now, you could if you wanted, but the, the premise between the ztn a right, is that number one, we want to keep users off the corporate Network. So you need to treat all applications, like you would Office 365 and so you can't get into Office 365. Unless we know the identity of the user, right? You're not actually on the Office 365 Network, we have access to it.
So even your internal applications to be treated like that and then the second part, To this is we really want to reduce your tax surface, meaning you can't hack, what you can't see, you can't do DDOS, Brute Force, credential stuffing SQL injection if there's no inbound access to your applications, wherever they might reside in the last part is, if you're not on the, the network you eat, there is no lateral movement.
And so really, the idea is the internet becomes the new network being able to give the company true end-to-end privacy, right? Beauty It's tunnels right. That way. You don't have prying eyes, cannot see but at the same breath, right? You know, what is that user experience? It, they just connect to it and they are good to go. Now, the best part I think of doing this correctly would be a user going to Starbucks historically on a, maybe a legacy VPN.
They might have to turn that off to interact with like a captive portal been, but in a true, ztn a world, right? I just want to allow them to transparently access. That click the button that says Going to be a good little internet Citizen and then boom. They are connected back to their applications without having to attend a Kate, you know, kind of in my mind to the place that ztn a fills as kind of a replacement for the traditional VPN, maybe you could validate or re-educate
me on that. But is that the case? And maybe you talk a little bit about the architecture because I guess my understanding is that, you know, ztn a at least. Our is provided as a cloud-based service, but ultimately you're providing access back into the network so people can reach applications, file shares on the network.
So maybe you could talk a little bit about the architecture because I'm assuming, like I said in the first part of the question that, you know, we should look at this as kind of a replacement for VPN absolutely. So definitely, I wouldn't say that, you know, true. Ztn a is If a user is just a VPN because we don't really want to dumb it down to that and there's kind of like three moving parts to this entire puzzle.
So one on the end point the end-user right, they're going to have a client that is used to steer traffic either towards the cloud, broker the zero trust exchange and then you can also which is the the policy enforcement everything that goes on happens in the cloud. It says, who are you? What groups are you apart of? Can you do this now? Earlier I mentioned that I don't all out any inbound. Access. So you're like where's the Kool-Aid here? Brian.
How are you allowing this user that's working from anywhere to interact with this application back of the data center or the private cloud? And that's where you need to be able to deploy a lightweight VM. Sometimes you refer to it as like an application connector. But this guy will be reaching
out bound to the cloud. It should do this in a fashion that doesn't require user name and password, probably certificate based authentication as well as a connection that can't be man in the middle or Object to replay attacks. So doing TLS plus perfect forward secrecy to it. Basically allow them to meet in the middle.
The end user hits the cloud. The cloud says, yes, you can do you or you can go to this and that that outbound connection now becomes a reversed tunnel back in to the network to allow the end user to interact with the application in the key. Here really is to be able to support all ports and protocols, right? You have active directory, which can be kind of noisy. You got file shares, like sifts, You have almost all applications. Now they're running on 84 for three, but we still have a
handful of applications. It could be sequel. Could be SSH RDP. Those are more of the corner use cases, right? We don't want to open up like, SSH and RDP to all the users because now they're back on the network right now, they become that wild child in the environment, they can do lateral movements with that's that's the anti zero trust. We want to basically keep them off, allow them to access the applications that they have. Have access to based off of that business logic.
And then all of a sudden, your Cloud becomes a strategic point of not only control, but visibility what users are connecting to what applications at any given point in time. Yeah, and I know from past experience with a VPN, you, you know, with let's just make a generalization here, with mostly p.m. products you can limit access to certain IP, ranges, or addresses and ports, but you know, that very few organizations that I talked with actually do that, right?
It's more like, you're on the network and you have pretty much full access, but I think with ztn Technology. That's not really how it works. But it was interesting is you're talking about 80 and 443, I'm wondering also about like Legacy Technologies like, hey, we've run into a lot of organization, still that have mainframes and those would operate over like a telnet port or something like that. Is that all? I'm assuming, that's possible as
well. Yeah. So not only is it possible as well. The ability to support all ports and protocols from like a client to server initiate, a conversation is key. But the cool part about this is if you think about telnet or even poor 80 these are protocols that they're like this, it's clear text in transit. So if you have Jim hanging out at Starbucks, right and he's making a Mainframe connection or telnet or Port 80, What would a threat actor? See right. And that's really the part need
to kind of hone in on so true. Ztn a is going to say. Basically that threat actor. That's hanging out at Starbucks is going to see an IP address inside Starbucks. Is reaching out to the Z to the ztn a cloud and everything that's going on in between there is completely encapsulated in a TLS tunnel. That is not subject for prying eyes to see that. Make sense. Yes, you're encrypting all the way from the end device. This case, probably a laptop all the way to that.
I'll call an appliance that you put on the clients Network, right? So if somebody was to tap, The wire and kind of see the traffic. It would just all be encrypted data. Yeah. At the very best, right? They can't man the middle it because the connection won't even set up, right? So the very best they could try to do a replay attack. But even then, it's completely encrypted. We're enforcing perfect forward secrecy. Which means the ephemeral keys
are not in transit, right? So to do a replay attack through, they're not going to get anything else, you know, get anything from that. I'm also wondering what's that
implyin. So the thinking of large, you know, multinational organizations where they have, you know, data centers on multiple continents, is the typical approach to put the appliances where the end systems are or do most clients you see, put those appliances just in one location like say North America and then once they're kind of behind that through that firewall then spanned the traffic globally. So yeah we don't want to try to hear pin them to you singular areas, right?
Because that creates a back. All scenario which diminishes user experience. So the idea would be deployed connectors as close to Applications as possible. And so if you had, you know, a couple data centers in North America a couple and a Mia, right? And you had to users that are hanging out in London, you don't want them connecting all the way back.
Like let's say I'm taking it back, let's say application one is been distributed both in a Mia and an in the Americas you don't want to use her to have to train, you know? No Traverse the entire Atlantic Ocean to get the application one. If application, one exists in Amia somewhere as well. Right? Right. And so the idea would be as traffic is coming in and it hits that ztn a cloud. It can it can do the measurements right? The the for a lack of better words, free GSL be.
Where's the user? Where's the application is available in two places, let me stitch together that connection to the quickest and user experience for them. Without changing applications at all. So I'm going to put my project manager had on for a minute and I'm kind of wondering what do these ztm a deployment.
Usually look like as a kind of a big bang replacement of VPN or do companies typically go after smaller use cases and kind of build out either by including more users or you know what is the approach to kind of get started and then to kind of reach your end goal. Is the end goal usually replacement of all VPN it is 100% replacement of all VPN so pre covid it was little bit more of a corner use case, right?
Like it was a new idea adopting for a lot of customers, didn't really have a need to have or to replace their vpns, right? Users were on Prem, they didn't really need it. Then all of a sudden covid hit and it was like a dis, a ticking Time Bomb, right? You have all these users that are now off the network and you have two options. She won by more Legacy Hardware, deploy that and there was crazy like whole times for that kind of stuff or adopt a cloud service friendly architecture, right?
Which is ETA. Now by doing that, I would say that in large with covid, we saw a lot of big bang actually happen. I had talked to one customer in particular, like, on a Thursday, 60 thousand users, right? And then on a Tuesday, they cut a p.o. They were ready to move. Like, it was that big of an issue for them. I think the, the most compelling thing here, that the story was the ability to on board all 60,000 people. By the end of the month.
So I think the the total time from P0 to the time that they had rolled this out was like less than three weeks. Like, they had to move very, very quickly. That is something you just can't do on Legacy platforms. Absolutely. That's that's, that's pretty impressive numbers there. So I want to back you up a little bit. I think you kind of covered what the authentication scenario looks like.
But I'm kind of During okay, so walk me through a scenario, where got a new person, joined the organization, they're getting a new laptop. How do I get their laptop to be? You know, do I push the push the client onto their laptop, Etc? And then how is it authenticating? Is it leveraging? The authentication into the laptop and other words like my active directory sign in or and then you know, the other thing I want to layer in there. Right, I do this. Sometimes I asked multi-part
questions layer in there. You know, could be a Windows laptop. It could be a Mac OS, I don't know. Maybe you could be a Chromebook. Walk me through that scenario of like, how do I get the client? And then, what is it doing from an authentication standpoint? What is it leveraging or am I pushing like some kind of certificate? Things like that. So there are a handful of customers that have gone down the route of Bring your own Best Buy device.
And when they do that, there's a manual enrollment, right? They'll have the user go to company named OCTA.com, for example, they'll set their credentials and then from there, they'll start downloading software to do whatever you want. There's also the notion of like, Hey, we're going to, if you are a net new employee, right? Or I should say, not new to ztn a, you won't be able to push that out silently to the end point. You want to be able to pick up whatever the user uses to
authenticate, right? So if it's active directory, Boom. One of the prove record, prerequisites for that will be iwa integrated Windows authentication because I don't want to make it hard to secure, my users. I want to make it more or less transparent. And so the, when you talk about the client, that's being pushed out, the secret sauce behind there, is that the authentication is going on the
background. You can, you can push it out like, with SCCM or your MDM of choice, but it can be told. Hey, go ahead and try to connect by the way, this is the Vacation to main pick up the local credentials. If they've already signed in once and take that and transparently, put him through. Now on the back end that's that's basically sam'l right ID. The in this particular use case, your IDP would be peeing, OCTA Azure active directory. Some of the big ones that are out there.
So the ztn a cloud is going to be the service provider, all we really want, is a valid sam'l assertion. But the, the next bigger part is that with the identity comes to Things one you have users going out to us as based applications but they also have access to internal applications. So, when I fed her eight, I also want to support skim. I want to make sure that I have the latest and greatest group
attributes for that user. So let's say that Jeff is working diligently and then one day he has been promoted to customer or he decides to lead the organization if you burn him Bert you know completely any anything he has in his device Now, he could upload it to his own personal OneDrive Dropbox
and things like that. The appropriate way to do this is from a, ztn, a perspective is no matter what happens if he's going out to the internet, whether it's SAS or naked, always protect that always keep that in line and always protecting it. But if he has access to mission-critical, internal applications, go ahead and immediately revoke that once you have burned that user in identity, whether that's you know, your ping OCTA, you name
it and you're my Will vary based off of the IDP that you're using some of them like an OCTA, right? The Integrations are so tight that the moment that you revoke access for Jim, Jim or Jeff, going into an application, it's immediately picked up versus like in Azure active directory.
It's synchronized like every I think 15 minutes maybe 45 minutes or on demand but spelling that out for customers like, Hey, listen, this is what you're going to do, let's operationalize this and then that way if Jeff decides that he wants to put his two weeks in and you want to burn his Has
access to internal applications. Now, you don't have to worry about him, grabbing this stuff and then uploading it to his own personal Dropbox. You can be able to block that and secure the company of minimize the risk. And I think that's an important part here is is, you know, we've been talking about network access and, you know, getting
access to data. But, what happens, once the data is on the device is typically challenge, we see things, you know, like sandboxing and DMS and, you know, all kinds of exotic ways right to protect the data, that's no longer And it's at rest on a device. I think that's part of the challenge. You mentioned, a couple things are as you were talking around the transparency to the end user
is obviously a big deal, right? For a security perspective because if it just works, you're going to gain alignment. And you know that people are using the, the secure Pathways. I've been defined when it comes to the price of ztn, a versus a traditional kind of VPN only. Network access. How do you see the comparison between the two is cost a factor? That is something that, you know, might be prohibitive for some companies?
Or is it pretty equivalent? I guess, help me understand if I may say so. And, you know, I'm thinking about making the spend to address this ZT. N a, you know, where do I make the spend and how does it compare to what I already have in place through something like a VPN? We can anyconnect. Yeah, exactly. So the first thing you have to really identify Is that you really are subscribing to a premium cloud, service for ztn a write-in that you were doing so
based off of identity. So, to figure out exactly what your cost is. When adopting cloud is very easy, if you have 5,000 users, where I need 5,000 licenses, and I don't need to buy an appliance that can go from 5,000 to 10,000, right? Because now you have this thing that you've you're hedging about that. If I buy this one particular, Appliance it's going to be good for the next seven years. Maybe not. What happens if we We acquire a lot of companies, I'm going to
have to rip and replace that. And so that's one of the, the definitely, the nice things about ztn a, from a cloud perspective, and I can't speak on behalf of all the vendors that are out there, but I know for my organization right at user 5001, we are not going to start blocking them randomly, right. In fact, we're just not allow them to keep can keep connecting.
But at some point, I'm going to have a true up, whether it's at a quarterly Business review or the annual renewal and say, hey you know what you buy. Thousand you had 5500 From This Moment forward. We're going to start charging, you 5,500 will forget the past, right? This is an adult relationship. We're going to, you know, it behooves us both the, you know, be having a good time here and not be tripping over, you know, silly things in life.
Yeah, I think we see a lot of things like, you know, monthly active users and kind of an average over a year, period, time frame. I think that's pretty common. I've seen that with a lot of different vendors that have play in the sophistication space and you certainly hope that it is a A mutually adult conversation and approach to services at least until, you know, our procurement and maybe legal friends, get involved and start cranking over some things.
I've certainly seen things get rude, dear Elder on that. One of the things that I'm alternate is also interested in is around the privileged access management component, 40 trust. When you have resources that are maybe on the network, Windows servers like a domain controller. Unix boxes or even just you know any server that's been identified as kind of sensitive and under-privileged kind of management in addition to the cloud is that something also
that zero trust can help? Or is it more focused on stuff outside the firewall? I would say that we complement that scenario right there in the be transparent, what I want to do is bring to the front door of that server and however, you do privileged access management today, that's fine, right? That's that's between the server and however your chicken In your
credentials and what not. But one of the things that I would like to say is that, you know, I see a lot of customers that are doing multi-factor authentication. Like, you can't even talk to the front door that server unless you've done MFA MFA, like, if you're bored, go out and watch a video, zon something called evil Jinx and how incredibly it easy, it is to fish a user, get them to sign in take their session keys and have access to everything OneDrive in all the
chaos that I can do from there. So MFA can be We defeated, so from my perspective, I love like. If I'm going to pick on conditional access I would love to see like hey, you know what, if you want to come in and talk to this the segment of the network where it's a Windows server is a database server has all of our PCI information, then
how about our posture it right? Make sure you coming from a domain join door, Jim domain, join PC as opposed to Grandma's PC where there might not be any point security that's running on there. I can posture for certificate, right? I can do it. Two different things that to do the Integrity of the user coming in. But probably the coolest thing that I have seen recently is around an integration that my
company has with crowdstrike. And basically the agent that's running on Jeff's Windows PC can talk to crowdstrike and it can actually posture for what he's called a zero trust access score. So zero meaning you are like, it's bad news. There's something terribly wrong with your PC. 100 being benign, like you're a good dude. We allow this stuff and then I can marry that's core to policy like, hey, you can get in and talk to anything with a score of a risk score of 70 or higher, right?
But if you want to talk to the PCI DMZ, before we even give you that front door, you need to have a risk score of the 90 or higher and it gives the, you know, the end users or the people that the stakeholders in this, the Peace of Mind knowing that it's going to have some random person coming in, its true zero trust, they're going to get him past the cloud. The It stops there. So Brian you're our expert on
the ztn a industry. We don't know the industry and what we would like to ask would be your you to be a Visionary, put on your Visionary cap for a second and tell us what's coming down the road. In terms of what is the future for the industry terms of, you know, big changes and features. You see ztn a becoming like a platform where a third party Developers. Go to or do you see ztj being folded into other platforms likes? A single sign of platforms, OCTA, or Microsoft.
Do you see a consolidation in the industry? What's your perspective on where the industry is? Heading? All bets are off with Microsoft, right? They used to have like that that VPN platform. I forget what it was called, it's soon to be retired, right? But if they see a need right, they tend to bake that into their X, I would say that when you look at zero, trust one of the biggest Achilles heel,
right? Especially if you move very, very fast because I always tell customers, users 1 to 100, are going to be far more difficult on board than users 100 to 60,000. Right, once you work out the Kinks there, it's pretty much streamlined, but you need to have at some point in time, you go back and take the information
that's coming through, right? You might have a wild-card policy that either ends in allow or deny But as that you traffic is flowing through, like you might know about 70, internal applications, but you'll be, you'll be shocked to find out that your end users actually access like 700, right? How do you actually get the true zero trust on that per application Level? Now I know on our platform we're going to basically show it as a bubble like this.
These are the bit the top talkers that have been learned more or less, but I wanted to see an evolution a little bit more granular. I not only don't want to see it to be like these are the top That are being accessed to have not been defined yet, but I also want a recommendation of what active directory groups or group membership in general, should be assigned to those. I love to see some machine learning on that to be transparent.
You got me thinking there that there's could be some machine learning, another cool feature might even be some self service for the users where they kind of are able to go in. And, and make the system, make ztn a We're of applications that they need access to that kind of happens today, right? If you have a user that is requesting access to something whether they have it or not, it would populate the dashboard is a defined or recently discovered application.
The self-service part would be nice because then the, you can say one part of HR and I need this to do my job, right? That helps narrowing the focus a little bit there, so you've been really generous with your time. And I want to make sure that we kind of stay on on with that one. Things that we have started to do more recently is to get into a little bit of non. I am trivia or questions.
And you know I think one of the questions that we were talking about earlier might come up with this is kind of like our prep session Jim. You want to ask the the question that we came up with. Yeah, sure. Because we're all either fathers of human or fur, baby children and I probably most of our listeners have one or the other as well. The question for this week is, if you were able to go back and give yourself, Some fatherly advice. What would it be?
We'll start with you Bryan. Yeah, so this one is near and dear to my heart, my oldest is leaving for college, she's 18. She's graduating this year, she's done a phenomenal job and has full ride offers in state and it definitely brings me to tears. Sometimes it's to think about her not waking up in my house, right? Is this weird end? I've gone back and I thought what are some of my biggest regrets? My biggest regret So they're kind of threefold in, hopefully
they're easier. But number one, when they were younger, my recommendation to any new father is to just hold them as much as you can because before, you know, it they're just they're too big and that's just not, that's not going to happen. I miss that so much and then the second one would be to really get into their world. I was always a basketball guy, track guy, and my daughter, she
loves soccer. I didn't know anything about it and I did my best to kind of Ruin from the stands, but I regret not taking the time to really learn the sport becoming great at being a forward myself, right? That way, I can help teach her coach. I think I missed the ball on that in the last one is, you know, celebrating the smaller Victory. So in the DH household. Like if you want to cell phone, then you need to have straight A's.
And if you don't have straight A's, then you don't have a cell phone, right? I'm not going to work harder if you're not going to work hard now. She did great in high school, obviously, she's getting full ride scholarships right to be able to do stuff. And what I didn't know about that statement was that I was slowly crushing her self-esteem every single time she brought home anything lower than a, right?
So, when it came time for college, she was like, I don't know if I want to do this, I don't really want to apply. And then it took this this, this leap of my wife saying, we're going to apply today and we see what happens and she gets accepted and since the full ride She's blown away and then it went from, I don't really want to do this too. I can't get her to stop applying to colleges like it's insane. So those are my big three hold him.
As much as you can get. In the world, celebrate the small victories and I'll leave it at that. That's that's well, thought out Jeff, how about you? Yeah, it's another good question. So I have dogs, those are my children. My two dogs Layla and Duncan and you know the first thing obviously is stay active and take those pups her away.
Walk every day, it's like the greatest thing in the world for them, but from the human perspective, you know, I think about it. If I'm looking back when I was, you know, younger, you know, really think about what you want to be when you grow up, if you don't know, take the Time,
explore figure it out, right? I think sometimes there's a lot of pressure, especially, maybe in, you know, the high school or early kind of college, folks that they're being pressured into careers that they don't really want to be in, and they may be doing it for any number of reasons, they don't know.
They're just kind of going through the motion or whatever, I think they should take the time and, you know, this is what I would have done is, you know, take the time to figure out what way what I want to do when I grow up, I spent 10 years in the food service industry, before I even got into it. So, you know, I've taken a certainly, a different approach than that. Maybe some others.
I think, you know, Brian, you brought up initial part about, you know, we're learning the fundamentals, right? Basketball learning how to box out, right, simple. Things like that. And I think that applies really to anything is, you know, learn the fundamentals of things that interest you don't try to skip ahead and read the last chapter before you get to it. You know and and that'll help
you truly understand things. And I think my last one is to travel learn from other cultures, their cultures other people don't stay in your bubble and get that, you know, recchia reinforcement of all the things that you think are true that may or may not apply to other people out there in the world. So I think everyone should, you know, take the opportunity to get out into the world. Do some international travel.
See how other countries are approaching, you know, their lives and their issues and take that as a data point to inform your world view rather than you know maybe being focused on just your little corner of it. Good question Jim. What about you? So I also have three the first to the reason I have three is kind of went through the first two. I'm like, yeah I kind of got that advice and I did that but I think there were keys, right?
The first One was save your money so you can't just like spend all your money and especially live in debt, right? I think that's probably one of the most important things you can do in your life is live below. Your means and save some money for the future. The second thing was try to find balance between kind of the things you enjoy doing and working. And I was that way where, you know, I I went out.
I enjoyed my life, but at the same time, I carved out the time to make sure that I was, you know, getting educated learning new things. And I'm working the third thing, which, you know, I never really got this advice, but I realized it today I was having a call with Asha motto.
Allah, who is the co-founder of ident rupee like company that Jeff and I were with prior to now being over approachability and You know, we got into the conversation about accounting and I really I said, you know, both of my grandfather's were accountants and what I realized is that they are very
risk-averse, right? And I'm I learned a lot from them was very close to my grandfather's and I am a very risk-averse person but I look at Oshkosh and there and the reason is Click was Josh went out and you know, start got became like a business entrepreneur and took risks and there were times She told me stories, where, you know, you don't know if you're going to get that next contract and make that next paycheck in order to be able to pay your employees, but taking those
risks, obviously, it kind of goes back to bounce. You have to balance taking risks with, not taking risks, but I
was always very risk-averse. So, I think especially while you're young while you have kind of less to lose than where you can take some more risks, don't live in fear of risk you have to be willing to take some some risks and I think you're starting a business while you're young yet, so it's a great way to do it. Dude, we are like, 100% on the same page about being risk-adverse in in pushing the
kids that to do that, right? And I didn't know the expectations of like, hey, Azor Azor, expected, bees are. Okay, if you ask for help and Seed like don't come home right? Like that was like the Mantra that I had and what the way that that kind of bit me in the butt was my son's sophomore year in high school. He's a junior. Now where I openly saw, like him becoming risk-averse, like I can either go out with my friends for an hour or I can study,
right. And he just kept doing the whole like I'm going to study all the time. So there's definitely a lot of fruit in, you know, doing well, but also taking some risk and having it. And once he found that out, like, hey, there are things that I can do and I can still achieve good grades right now. I don't have to study 12 hours a night to be able to get it done. And then Jeff to your point on travel, we took the all the kids, my wife included, we went to Belize and on, you know, the
first like 100 yards, right? It's a resort in his beautiful beyond that, right? This the extreme poverty. And what's interesting about that is the perspective is like you, see those kids, you know, seeing, you know, in a full dress, the girls and boys that in long, you know, long sleeve T-shirts Longstreet paint and long long pants, sitting in the sun, in 98% humidity, they paid The school right? Like that was that was kind of shocking to see that in the
kids. Looked at that and said, all right this is you know never would have believed it until you saw it. Yeah. I'm a big fan of the phrase, first world problems and really kind of understanding is this really a big deal or not? You know, and maybe this little bit goes back to my restaurant business, where, you know, maybe maybe he was just say, you're working at Chili's and it's a 5 table section on a Friday night. And someone's ranch dressing is not the most important thing in
the world at that moment. I'm just saying, right? That could be something that's out there so yeah, I think yeah, travel is a good one. So, all right. Well, I think you know, we covered a lot of ground today. I think, you know what I like to do is just pass it around the horn real quick to see if there's any kind of final
thoughts. That the group here has Brian wants to go to why don't you go first any final words of wisdom that you want to drop on us and our listeners man you know there's this whole idea in zero trust of the the concept of browser. Solution as well. That's something we can talk about today. That's something I definitely see coming full line in line, especially since so many applications are web-based. So look that up. And, you know, I am very grateful to be on this podcast today.
I definitely appreciate you guys time, you know letting me bark at you for about 30 minutes. So thank you guys so much and as always if there's anything that I can do for you, you know, feel free and that goes for the listeners. Well, call text email, find me on LinkedIn. I'll be happy to Assist you guys to the best to my ability. Yeah, it's very much appreciated and I'll have links to Brian on LinkedIn as well as his podcast and Z scalar there.
He, you know, Brian you did a really great video on LinkedIn explaining what Z scalar does and it really kind of applies to that ztn a model. You know. I definitely recommend people check that out and you know those links will be in the show notes so people can check it out. Jim. What about yourself? Any final words of wisdom? I mean you know meeting with Brian to hearing you know let's see. TNA is all about, it's been tremendously educational to me. I hope it was to our listeners
as well. And I really encourage people that if this is the kind of content, you want to keep hearing more about, or you have some other ideas for things, you'd like us to talk about on the show, let us know. And I think LinkedIn is probably the best way to do that. Yeah, it's very, very great way to get a hold of us.
You know, real quick thing. I just, I just remembered there was an Vigil who reached out to me on LinkedIn and I'm going to look up his name real quick cuz I'm going to probably butcher it but he tapped a article that I had written for ident Rafi way, way way back in the day around Star Wars and identity and access management. His name is ekrem. I hope it pronounced correctly algrim Alcock and he did a spin on that that was for voice Biometrics.
So he tagged me on LinkedIn. I was very nice as I go. Okay, cool. Alright, this is something I wrote like five years ago or something like that, you know, just kind of getting into the space and he has a pretty interesting take on voice Biometrics. And maybe that's something that we could maybe bring to the show. At some point around Androids and computers talk to each other and you know what does voice
Biometrics mean? If it's too if it's C-3PO and R2-D2 talking to each other, how do they Afeni Kate through voice Biometrics? How does that even work? Right so I thought was a very interesting spin so that you know, that's a, that's a great example of kind of the LinkedIn Community. I think that, you know, they've been reaching out To folks like us but I think you know this is a good spot that will go ahead and leave it.
I think my last words of wisdom is it's okay to get smarter you know mistakes made or in hindsight's 20/20 and it's okay to move on from those and figure out what worked and what didn't they move forward from there. So with that, we'll go ahead and close it out for this week. I would highly suggest checking out Brian and his podcast. It's the pep kak PEB KAC podcast, you can find out an apple podcast. They're actually, did I get that right brain? Or is it the other way around? It's yeah.
Unfortunately, that one was already taken. So the pbca Casey AKA PEB cak my bad and want to make sure we get the right plug on there as a fellow, you know, identity information security podcaster. So it's very much conversational, just like ours. So definitely recommend checking it out and showing some support over there. And like I said, I'll have a link to their apple podcast page, so you can check it out in the show notes.
So with that, you can also check our Site at identity of the center.com and we're on Twitter at idea. See podcast and I think that's a pretty good spot to leave it. Thanks everybody for listening. Thanks Brian. Thanks Jim for being part of the conversation today and we'll talk with everyone in the next one. Thanks. Thanks for listening to the identity at the center podcast. If you like what you heard, don't forget to subscribe and visit us on the web and identity at the center.com.