The focal point of today’s discourse centers on the crucial importance of identity security and privileged access management in contemporary organizational frameworks. I am joined by the esteemed Charles Chase, who shares his extensive experience in the realm of identity security, elucidating the pressing trends and best practices that organizations must adopt to safeguard their digital assets. Our conversation delves into the regulatory pressures that compel businesses to enhance their security measures, particularly in light of evolving threats and compliance requirements. Furthermore, we explore the significance of understanding the unknowns within identity management systems and the necessity of maintaining rigorous hygiene practices to mitigate potential vulnerabilities. Through this dialogue, we aim to illuminate the transformative impact of effective identity management strategies on organizational security and operational efficiency.
In this episode of the Security by Default podcast, host Joe Carson speaks with Charles Chase about his journey into the cybersecurity field, focusing on identity security and privilege access management. They discuss the evolving trends in identity security, the importance of maintaining identity hygiene, and the impact of regulations like NIST 2 and DORA on organizational practices. The conversation also covers the shift towards passwordless security, the role of AI in identity management, and resources for those looking to enter the field. The episode concludes with reflections on the importance of identities in business and society.
Takeaways
- Charles Chase fell into cybersecurity from a military background.
- The importance of understanding what you don’t know in identity security.
- Organizations often have dormant accounts that pose security risks.
- Regulatory bodies are pushing organizations to improve their identity security practices.
- The shift towards passwordless security is gaining momentum.
- AI is becoming a valuable tool in identity management.
- Identity hygiene is crucial for reducing risks in organizations.
- The commoditization of identity solutions allows smaller businesses to implement security measures.
- Engaging with customers is key to understanding their unique identity security needs.
- The future of identity management is focused on user experience and automation.
Keywords
cybersecurity, identity security, privilege access management, trends, best practices, passwordless security, AI in identity management, regulatory impact, identity hygiene, resources for cybersecurity
The podcast commences with an engaging introduction by host Joe Carson, who expresses his enthusiasm for sharing insights and knowledge with the audience. He introduces his guest, Charles, who possesses an extensive background in identity security and privileged access management. Charles recounts his journey into the cybersecurity industry, highlighting his initial experiences in the U.S. Air Force as a network engineer and the serendipitous nature of his entry into the realm of privileged access management. The conversation swiftly transitions to the evolving landscape of identity security, where both speakers reflect on the advancements in tools and practices that have emerged over the years. They discuss the significance of understanding the regulatory landscape and the implications it has for organizations striving to enhance their security posture. Charles emphasizes the necessity for organizations to proactively address their security vulnerabilities and to adopt best practices that mitigate risks associated with identity and access management. He shares anecdotes from his experiences working with various clients, illustrating the startling discoveries often made when analyzing their systems, including the prevalence of dormant accounts and orphaned identities that pose significant security risks. As the dialogue progresses, the speakers delve into current trends in identity security, particularly the move towards passwordless authentication methods and the integration of multifactor authentication solutions. Charles elucidates how organizations are increasingly prioritizing the security of their identity frameworks to comply with regulatory demands while ensuring the integrity of their operations. He shares insights on the importance of continuous learning and adaptation in the field of cybersecurity, noting that each organization’s journey is unique, and tailored approaches are essential to address specific challenges. The conversation culminates in a discussion on the future of identity management, where both speakers express optimism about the potential of emerging technologies and the need for organizations to remain vigilant in their security efforts. Ultimately, the episode underscores the critical role that effective identity management plays in safeguarding organizational assets and maintaining trust in today’s digital landscape.
Takeaways:
- The conversation highlighted the significant evolution in identity security practices over the years, emphasizing the necessity of adopting modern tools and strategies.
- A recurring theme was the critical importance of addressing dormant and orphaned accounts to enhance overall security posture within organizations.
- Regulatory pressures have escalated, compelling organizations to prioritize identity management and security protocols to mitigate risks effectively.
- The speakers discussed the growing trend towards passwordless authentication and the integration of biometric solutions in identity security frameworks.
- The episode underscored the necessity of maintaining a proactive identity hygiene program to prevent security vulnerabilities.
- The importance of continuous education and awareness for professionals entering the identity and access management field was a key discussion point.
Transcript
Hello, everyone.
Speaker A:Welcome back to another episode of the Security By Default podcast.
Speaker A:I’m the host of the show, Joe Carson.
Speaker A:It’s a pleasure to be here with all of you, and I’m always excited about this time of the week.
Speaker A:I get to talk to amazing people, fun topics, and just really sit back and enjoy and learn lots of really new things about what’s happening in the world.
Speaker A:Today.
Speaker A:I’m joined with an awesome guest whom we have known for a couple of years now, and every time I’ve seen him in person, I’m always basically excited about the amount of knowledge and experience this person has.
Speaker A:So welcome to the podcast.
Speaker A:Welcome, Charles.
Speaker A:Do you want to give the audience, it’s your first time on the podcast, your origin story?
Speaker A:What’s your background?
Speaker A:How did, how did you get into this industry?
Speaker A:And it’s sometimes, you know, some people take a natural path, some people take an unnatural path.
Speaker A:What was yours?
Speaker A:How did you find your way into this industry?
Speaker B:Thanks, Joe.
Speaker B:I’m glad to be here.
Speaker B:Actually, I fell into this industry, actually.
Speaker B:I literally dropped from the sky.
Speaker B:Somebody called me up about a PAM project and I didn’t know who PAM was at that point in time.
Speaker A:Who is this Pat?
Speaker A:Somebody on Baywatch is a Baywatch.
Speaker B:Exactly.
Speaker B:Exactly.
Speaker B:End of the day, I start.
Speaker B:I started out in the US Air Force as a network engineer, building networks, working on networks, all the fun old school stuff that we used to have, and did all sorts of things along the way.
Speaker B:So my title used to be chief cook and bottle washer because I wore many hats.
Speaker B:But no, I got a call from a financial institution up in Jersey City and we had a chat.
Speaker B:Me and the gentleman I was talking with had similar backgrounds and he said, you’ll be perfect for this.
Speaker B:So I went and ended up running the team just because I really enjoyed this, because I wish I had some of these tools when I was in the military, but it was so long ago, we didn’t have them, so.
Speaker B:And I’ve been here ever since.
Speaker B:I love this stuff, so.
Speaker A:Absolutely.
Speaker A:Oh, it’s great.
Speaker A:I mean, I remember I’ve been in this industry for such a long time and I remember the time before tools and solutions didn’t exist and you had to.
Speaker A:You had to track it manually.
Speaker A:I remember having spreadsheets to manage hundreds of credentials and, you know, then trying to track about what the passwords were and having full access.
Speaker A:I used to be a domain administrator for hundreds of thousands of servers.
Speaker A:Same credential for everything.
Speaker A:So you kind of look back and think, well, I Mean it was much simpler times then and you know, you could physically touch the hardware and this, you know.
Speaker B:Exactly.
Speaker A:But so much has evolved over the years.
Speaker B:So it was always the fun sticky note underneath the keyboard.
Speaker A:I mean sometimes, I mean it depends.
Speaker A:I mean always the context, it really sometimes depends.
Speaker A:What is that room locked?
Speaker B:Yeah, is, yeah, that.
Speaker A:Is that complex?
Speaker A:Is it the only thing protecting the account?
Speaker A:Is there additional multi factor authentication stuff?
Speaker A:So always the context is so critical.
Speaker A:So what types of trends?
Speaker A:What, what have.
Speaker A:All the years you’ve been doing this and your experience in identity security and privilege access management is one of the kind of best out there.
Speaker A:What’s some of the best practices and trends that you’re seeing?
Speaker A:What’s the trends in identity security?
Speaker A:Is it becoming important for organizations?
Speaker A:Does everyone have prioritize it?
Speaker A:How should they prioritize it?
Speaker A:How should they look at the risks?
Speaker B:I think the biggest thing trend wise that I see is the regulators kind of pushing people towards some type of solution, whether it’s for the identity side, the privilege side or both.
Speaker B:And getting to sit down with some of those, those customers and listen to them tell me what you know.
Speaker B:They think they know because they, they’re not into the systems on a constant basis looking at their identities.
Speaker B:But also when a CISO says, charles, can you tell me what I don’t know?
Speaker B:That’s the key question.
Speaker B:What do I not know?
Speaker B:And I can’t tell him what he doesn’t know until I go in and look at what they have, have an overview, talk to the people that are using these systems, how are they accessing these systems?
Speaker B:How many service accounts do they have?
Speaker B:That’s the fun one.
Speaker B:The non human accounts.
Speaker B:I love that trendy word, the non human.
Speaker B:Is it a robot?
Speaker B:Is it a dog?
Speaker B:End of the day.
Speaker A:Yeah, I love Felix’s post about that.
Speaker A:The farmyard.
Speaker B:Yeah, yeah.
Speaker B:But at the end of the day it is comes down to what they don’t know.
Speaker B:So when you start doing some analysis and running some reports on what they might have in their active directory?
Speaker B:Is their active directory clean?
Speaker B:How many orphaned accounts?
Speaker B:It kind of shocks them.
Speaker B:It’s like, wow, I didn’t know we had all of this sitting there.
Speaker B:Those applications have been, have been decommissioned for years.
Speaker B:Those people have been gone for years.
Speaker B:They don’t know these things until somebody actually comes in and tells us.
Speaker B:The regulators, they’re being helpful because they’re kind of pointing out things, the auditors are pointing out things that people may not know that they have going on in their Systems and how people are accessing things.
Speaker B:We were just talking about when you said you had access to hundreds of domains and hundreds of servers, full administrative access with the same credentials.
Speaker B:How many people have those things?
Speaker B:It’s all the unknown.
Speaker B:And that’s the fun part of going into a customer initially and walking them through those things and kind of showing them what they don’t know and then going through where’s the priorities, where do we start on these things and how do we start fixing this for you so you’re a bit more safe and then we can mature that going down the road.
Speaker B:And I think those are the key things.
Speaker B:And a key part is not just listening to your customer and what they have to say, but hearing what they have to say is probably the biggest key thing.
Speaker B:A lot of people listen and they still have all of this stuff in their head.
Speaker B:Well, I’ve done this before and I’ve done that before.
Speaker B:But every customer is different.
Speaker B:They have similar issues, but every customer is different.
Speaker A:Absolutely.
Speaker A:How they measure success and what their business kind of services are and how they’re structured from organization, what type of technology they’re using, is there innovation happening?
Speaker A:Is there partnerships and supply chains that interact through all of those can get quite complex.
Speaker A:And I think you’re sort of straight on.
Speaker A:This is the reality check.
Speaker A:You, I always call it the reality check.
Speaker A:What, what you think you have and what you think you, you know, what you wish you knew you had as.
Speaker B:Opposed to what you actually do have.
Speaker A:I remember years ago when I first started doing the research and this, it was maybe about 11 years ago and I started doing the.
Speaker A:Going through discovery about credentials and identities and where they were being discovered.
Speaker A:And 10 years ago it was probably a little bit simpler because you typically either had one cloud and one on premise environment.
Speaker A:So it was, it was a lot simpler to discover.
Speaker A:But typically it was on a scale of.
Speaker A:For every single identity that they had inventoried, there was probably four to five other identities that they didn’t know still existed.
Speaker A:And it was applications to your point.
Speaker A:It was software was installed.
Speaker A:It was a pilot that had happened.
Speaker A:It was a team that came in to do an audit and the auditors had accounts and credentials that were just left behind that were never cleaned up.
Speaker A:And you end up with this massive, dormant, you know, accumulation of sprawled accounts that have scary levels of privileges that is just not in that spreadsheet or not in that dashboard that, you know, the CISO or the executive team are really kind of focusing on.
Speaker A:They were typically focusing more on the Active services that are.
Speaker A:They’re delivering rather than the ones that were, you know, deep should have been deprovisioned over the time.
Speaker A:I think sometimes you’re.
Speaker A:One of the first actions I typically find is, is that out of all of those dormant accounts is how many can we remove immediately?
Speaker B:Yeah, yeah.
Speaker B:So one.
Speaker B:One customer I was working with and the fun part was looking at all of their orphaned accounts, dormant accounts we removed in nine months over 2 million accounts.
Speaker B:They were a global financial institution.
Speaker B:2 Million accounts, service accounts, leaver accounts, just accounts that didn’t exist or didn’t need to exist.
Speaker B:So that’s a lot.
Speaker B:That is a lot of accounts.
Speaker B:At the end of the day, you have database guys working with.
Speaker B:You have databases.
Speaker B:And orphaned accounts were the big thing here.
Speaker B:And if you have orphaned accounts on databases, who has access to that?
Speaker B:Do those people or those services still.
Speaker B:Can they still access those things?
Speaker B:And the fun thing about service accounts is people having access to those service accounts.
Speaker B:Service accounts are non interactive accounts.
Speaker B:It takes.
Speaker B:It’s taken a long time to get people to grasp that concept that a service account is run by a service, not a person.
Speaker B:So.
Speaker B:But 2 million accounts, that was a lot.
Speaker B:And I haven’t seen that since.
Speaker B:But I.
Speaker B:Because I think people are starting to do that housekeeping that they really need to do, which is good.
Speaker A:The hygiene.
Speaker A:They’re really starting to look at one of the footprint is because, you know, if you’re not cleaning and you’re not having a good identity hygiene, let’s say program or strategy, the risks just grow.
Speaker A:You’re not having a proper risk assessment and risk appetite to really getting things under control and visibility.
Speaker A:And those dormant accounts can’t can.
Speaker A:You know, to your point, as well as I used to see lots of organizations creating service accounts with interactive logon so they can test that they actually work and then never actually turning off interactive logon so the attackers can now disguise themselves as a service.
Speaker A:And that mistake and misconfiguration sometimes it’s, you know, it is a practice that many people do in order to just check the things function and work, but not having a procedure to go and turn it off or to harden the configuration when it moves into production.
Speaker A:I’ve seen power stations with service accounts that had been basically using the training manual and the training module had the default credentials in the manual and then they would actually follow those instructions to the T. So the actually real live credentials were the same as what was documented in the training manual with default weak credentials.
Speaker A:And it was always kind of Scary that.
Speaker A:And then of course now it’s functioning, they would move it in from testing environment into production and never go back and check and clean that up.
Speaker A:And it’s just, you know, it’s a, it’s an open door just waiting to happen that can have devastating impacts, especially for utility and power power companies.
Speaker B:So what’s, well now, now they fall under their own regulations, their regulators, because now they’re, they’re falling under critical infrastructure.
Speaker B:So it’s a bit more stringent on them.
Speaker B:I just got finished working with a large mobile phone company here in the UK and it’s, it’s a different world and you have to about it differently because that critical part of their, their environment has to stay 100% secure.
Speaker B:You have to keep an eye on it, you have to keep it cleaned up.
Speaker B:So yeah, it’s, you know, new trends are happening.
Speaker A:Absolutely.
Speaker A:NIST 2 Nistu and Dora did have a massive impact in this.
Speaker A:It did, it did force many organizations who have been pushing this priority, you know, down the road for many years.
Speaker A:And Nistu and Dora did bring it to the forefront and meant that there was no longer the ability to kind of keep pushing it down and they had to take action.
Speaker A:So absolutely, it’s, it’s great to see Reagan regulation making organizations rethink and become more secure as a result.
Speaker A:But it’s a shame that it has to be, it has to be pushed.
Speaker A:But some companies need to push.
Speaker B:Yeah, that’s true.
Speaker B:Well, and that, and the regulators still leave it open to the, to the business to interpret a bit of this, which is, it’s kind of good.
Speaker B:So you can decide am I going to use a secure cloud environment or am I going to keep everything in my own on premise cloud environments, things like that.
Speaker B:So the interpretation, allowing the business to interpret the regulation parts of those regulations is a good thing end of the day because companies have budgets and they can’t keep buying duplicates of products for those types of environments and things like that.
Speaker A:Especially today, unified platforms that can provide, you know, that can cover multiple areas of risk.
Speaker A:So question, you know, there has been this big shift, you know, of adding additional security controls in place.
Speaker A:We’ve seen forcing multifactor authentication with, you know, critical accounts and privileges credentials.
Speaker A:We’ve seen session recording and session controls.
Speaker A:But what other types of, you know, have you seen?
Speaker A:How much have you seen the shift to more of a passwordless function?
Speaker A:I see it more of course in the human types of credentials, not so much on the non human or non interactive accounts.
Speaker A:So what types, what types of additional controls are organization putting in place in order to make sure in addition to discovering what they have in the first place.
Speaker B:Yeah.
Speaker A:What are they doing to protect them?
Speaker B:It’s a lot of.
Speaker B:It’s still the multi factor authentication granted they’re not going via SMS anymore.
Speaker B:So a lot of places aren’t.
Speaker B:A lot of places are going to the Windows, hello.
Speaker B:The face recognition, the fingerprint, the biometrics, which is good.
Speaker B:People don’t have to have multiple tools to log into things.
Speaker B:And I still carry an RSA token for one of my customers.
Speaker B:I haven’t had one for years, but now I’ve got one again.
Speaker B:But it’s, it’s all sorts of ways to do this.
Speaker B:Service accounts run things with APIs, use token, token based.
Speaker B:You don’t have to go in and do passwords, use an API and things like that.
Speaker B:So everybody’s still kind of on the multi factor piece.
Speaker B:A lot of people are moving to the biometrics, which is good.
Speaker B:The smart cards, if their company laptops have those, you stick the smart card in.
Speaker B:One customer used Yubikeys moving the passkeys as well.
Speaker A:So having created on the device itself.
Speaker B:Yeah, yeah.
Speaker B:So people are trying, which is good and to be more secure.
Speaker B:And the nice thing is the change isn’t massive to the end user, the business users and things like that.
Speaker B:So some people are tough on change, we all know and they like to push back end of the day.
Speaker B:It keeps what they’re doing safe.
Speaker A:Absolutely.
Speaker A:I will say one of my mottos is always that, you know, when you’re putting security in place, it should always be better.
Speaker A:The existing experience that they have today and that accelerates, you know, one is the want to change and the adoption.
Speaker A:So I do see, you know, some of the technology out there like passkeys and the provisioning and deployment can be a little bit more complicated depending on the devices that they have and locations and proximity.
Speaker A:Legacy devices sometimes creates a bit of a headache as well.
Speaker A:But once they’re deployed, the experience is definitely much, much better and much more seamless.
Speaker A:They, they, it’s one of those areas that once you’ve got it rolled out, the user experience is a positive one.
Speaker A:And I always thought, you know, the days of, you know, the AVs and the firewalls stopping you from doing things and slowing things down, this is definitely one of the areas that with identity security and privilege access, if you do it right, you can make people’s actually experience much better, more positive, much easier.
Speaker B:Yeah.
Speaker A:Yeah, you take away the pain of passwords, what they’ve done over the years, the passwords are a pain, but they were cheap and simple to use from a cost perspective.
Speaker A:But the risks accelerated way too much.
Speaker B:The really nice thing is a lot of these tools we have today, these solutions that are out there, they all do the same thing, just differently and they look and feel different, but at the end of the day they do the same thing.
Speaker B:They do some really good things and now they’re getting some of that AI technology into it and it’s actually useful because it’s helping people that may not have the certifications in those solutions to administer it.
Speaker B:It actually helps them learn how to use the system so they can go get those certifications to be a better administrator of the system.
Speaker B:It’s more user friendly from the, some of these identity solutions, the IAM solutions, self service.
Speaker B:And that’s what you want.
Speaker B:You want the end user to be able to use that solution as well and make it simple for them to use it at the same time.
Speaker B:So you’re not having to do a lot of things manually.
Speaker B:Somebody puts in a request, all those flows in the background, do what it needs to do and it’s automated.
Speaker B:So you’re not getting that human interaction anymore, which really isn’t necessary.
Speaker A:Absolutely.
Speaker A:I do see this.
Speaker A:I mean, the great thing to your point is that it’s really commoditized the industry, that it’s not just for those few really large organizations that had the resources and budgets to be able to get them.
Speaker A:That’s what it was maybe five, 10 years ago that only you could afford to do this, but now it’s, it’s commoditized and there’s so many choices and options out there that everyone has the ability, no matter what size of organization, to go and be able to put these solutions in place to really automate a lot of these areas.
Speaker A:That’s a great thing.
Speaker A:I think it’s only, you know, the commoditization does make the world a safer place because it does allow everyone to have the, the choice and option.
Speaker B:Yeah, agreed.
Speaker B:And even, even the mom and pop shops as I refer to them, that are companies small but starting to grow.
Speaker B:So those startups, there’s tools out there that aren’t extortionately costed for them that they can start with to progress and then mature as they grow their businesses.
Speaker B:And that’s the nice thing is it never was really anything for the mom and pop shops, the startups, there was.
Speaker A:The massive gap they would have either had to choose.
Speaker A:They couldn’t do an IM or pam, but they may have been starting with maybe a password manager or password vault.
Speaker A:And it still meant that they were having to make security decisions themselves and learn those tools about how to use them.
Speaker A:But there was a massive gap in between.
Speaker B:Yeah, I watched.
Speaker A:And that gap is converging and becoming less.
Speaker A:You mentioned about AI.
Speaker A:What are you seeing, you know, how are you seeing AI being, You know, it’s a double edged sword.
Speaker A:We all know that it’s both has good defense capabilities and also yeah, the.
Speaker B:Really nice thing and I still kind of like to do things on my own but the really nice thing is some of these solutions now you can tell it what you want and it’ll go in the background and create it for you.
Speaker B:So if I want a new workflow to, to do a joint change my joiner process or add a, add a user and make sure my, my data is up to date, I can actually type in some of these things and almost like talking to Claude chat GPT and it’ll go and do it for me.
Speaker A:That’s like.
Speaker B:Yeah, so, so like I said, end of the day it’s, it’s not only a tool to manage and maintain your identities and the governance around those, but also for new people, younger folks, new people coming into the industry to learn as they do these things.
Speaker B:So it’s a learning tool.
Speaker B:I mean that’s, that’s what I like because the more and more I see college graduates and people right out of high school here in the UK that want to get a job, want to go through an apprenticeship, wanting to learn this identity stuff that I enjoy doing.
Speaker B:Besides me mentoring them, some of these solutions can actually mentor as, as they use them.
Speaker B:So it’s, yeah, it’s great tools nowadays.
Speaker A:I always call it, I call it, it’s the modern day Tamagotchi, which is your modern day digital companion.
Speaker B:I remember that matter, matter of fact my 16 year old has one so she asked for one a few years ago.
Speaker B:It’s great.
Speaker B:But yeah, it’s, it’s not just one of those things that people like Joe Carson and Charles Chase and other people that we know understand.
Speaker B:It’s something that somebody can come in, learn and enjoy it as much as you and I do.
Speaker A:Absolutely.
Speaker A:I mean a lot of the AI tools is really your palm virtual assistant, you know, your identity virtual assistant companion that can really, if you’ve got questions, you know, it does mean you have to have a basic understanding in order to how what I mean by that is that you have to know what questions to ask and what.
Speaker A:How to do the prompts properly to get the answers that really make a difference.
Speaker A:So there has to be some basic understanding to really get you started with that.
Speaker A:But once you have that, these tools really become very knowledgeable assistants to really help you understand how to achieve something that you need to do.
Speaker B:I recently interviewed a couple of college graduates for, for a couple positions, for college grad positions.
Speaker B:And the really nice thing, these kids are smart nowadays, I don’t like to use the word kids, but they are, they’re extremely smart.
Speaker B:And these guys, you know, had coding backgrounds and this.
Speaker B:So they’re actually coming into an industry of identity with knowledge of development and, and databases and things like that.
Speaker B:And it’s like, wow, great, come on.
Speaker B:And I want to show you how much fun I have doing this, because you haven’t really worked.
Speaker B:You might have heard about identity in university, but it’s big out here in this world.
Speaker B:I mean, you think about identities.
Speaker B:It is the focal point of everything that we do.
Speaker A:It’s the foundation, I will say, because I’m based in Estonia and the whole society here literally is built on digital identity.
Speaker A:Everything that we do from a day, whether you’re parking your car, getting something from a vending machine, getting a prescription for the pharmacy, getting on public transportation, to doing your taxes, to doing financial transactions, to starting a business, the foundation, one of the core pillars is a digital identity.
Speaker A:That’s what makes the, and the calculation, a lot of times sometimes we try to find out, okay, it’s a productivity enabler.
Speaker A:It really allows people to be very productive more efficiently and more effectively and reduce wasted time.
Speaker A:And that’s actually one of the measurements here, is that how much a good identity access management program and strategy, how much time does it save and how much reduced wasted time is eliminated.
Speaker A:And therefore there’s a true ROI there.
Speaker A:There’s a really great way of calculating how much more efficient an organization can become.
Speaker A:And we do that from a country perspective.
Speaker A:This was like how many days GDP or saved per year In Estonia, it’s in six, six plus days across on average, which calculates into billions of saved costs that can be put back into the society in order to continually improve and look for new services that can enhance that much more.
Speaker B:Right?
Speaker B:Yeah, well, it’s.
Speaker B:It’s kind of like my morning coffee that I put up.
Speaker B:Yes, shortly, shortly.
Speaker A:But I do, I do your morning coffee coming out today?
Speaker B:No, I was doing them constantly.
Speaker B:Then I was like, you know, let’s put a little bit farther, you know, further between.
Speaker A:Can you explain to the audience what your morning coffee is?
Speaker B:Yeah, so my morning coffee is just something I throw up on LinkedIn thoughts about security that I might have for that day.
Speaker B:Something that, you know, hit me the night before and it adds a little bit of me to it, which is having fun, a little bit of humor.
Speaker B:But key points that people should think about, are they doing this or are they not doing this?
Speaker B:And some of the, some of the.
Speaker B:Are they not doing this?
Speaker B:You know, I put little emojis with rolling eyes if you’re not doing it.
Speaker B:But, you know, gee whiz, type information.
Speaker B:And a lot of it is simple.
Speaker B:End of the day, it’s simple practices that people should be doing.
Speaker B:So the one I put up right before you messaged me was my trip to Texas.
Speaker B:Where did my identity travel while I was, while I was flying around.
Speaker B:And the funny thing is you don’t think about that, but I was thinking about it on the plane because I was coming back and going to go to work and I was like, I went to a hotel, I rented a car, I went to restaurants.
Speaker B:Everywhere I went I tapped a credit card or I handed them my passport or another id.
Speaker B:So how far did my.
Speaker B:I’d love to follow where my ID went on holiday while I was on holiday because it was probably all over place.
Speaker B:But it’s so simple things.
Speaker B:And then I kind of through the corporate view on that is where are your identities going and where are they being used?
Speaker B:Are people traveling abroad while they’re working for your company?
Speaker B:What are they accessing?
Speaker B:How are they accessing it?
Speaker B:Things like that.
Speaker B:So it’s lots of fun.
Speaker A:Fantastic.
Speaker A:I’ll actually just wrote my.
Speaker A:Because literally, as you said, I’ve just finished one of my latest identity books last week.
Speaker A:Exactly on that topic.
Speaker A:It’s all about identity metrics.
Speaker A:Um, it’s.
Speaker A:And it’s, it’s, it’s.
Speaker A:That point is about what’s all the, you know, intersections that your identity has and the different ways to measure, measure that you know from your point is, is where does it travel to?
Speaker A:Who does it interact with, what security controls are applied.
Speaker A:So many different areas from things from discovery to attributes and associations, interoperability to operationalizing of identity.
Speaker A:You know, how do you, how do you make it work for you to the security, how do you protect it so literally, I mean, I’m so excited.
Speaker A:It’s something that’s been in my mind for, for quite a number and I finally got the opportunity to take, take it from my head and put it into a well, digital format.
Speaker B:Nice.
Speaker A:And hopefully you know, for the audience and everyone in the identity space, hopefully this, this book will, will come out pretty soon.
Speaker A:It’s pretty much a, it’s an identity security handbook, let’s say that primarily focuses on how to measure your identity as it, as it evolves and changes and that’s, it’s exciting.
Speaker A:So question for you.
Speaker B:That’ll be helpful, that’ll be helpful to a lot of it’s people and company at the end of the day.
Speaker A:Absolutely.
Speaker A:Because we’ve done it in silos.
Speaker A:We’ve done it, you know, looking at it from what’s the security controls in place or you know, how do we do the joiner leave remover, you know, entitlement side, what’s the governance side of things?
Speaker A:So we’ve done it in silos but I don’t think anyone’s ever taken this step to bring it all together.
Speaker A:You know, we see from the IM side which is more about the enablement of identities and we see it from a PAM side which is more about the security of identities.
Speaker A:But that convergence, you know, bringing it into how do we just measure identity and, and look at what’s the things we can influence success and reducing risk and you know, looking at that, let’s say the matrix of how identity is evolving through all of those intersections.
Speaker B:Oh, that’s a good point.
Speaker A:So the question question for you is that for any of the audience, let’s say, you know, that they’re looking to get into this industry, what types of resources, what’s, you know, what’s some of the mandatory reading, who’s the people they should be following, including yourself, what’s, what’s best, you know, is there events that help, you know, educate on a entity that you know that they can attend?
Speaker A:What do you recommend for anyone who’s looking to get into this space?
Speaker A:What’s a good place to get started?
Speaker A:What’s some of the resources?
Speaker A:How do you, how do you stay up to date?
Speaker B:So books.
Speaker B:I haven’t read a good book in a while but a lot of blogs I can provide lists but following people on LinkedIn just go to my page.
Speaker B:Everybody I follow has something to do with identity besides a few others.
Speaker B:Yeah, staying up to date is just constantly reading what’s going on out there in the world.
Speaker B:Looking at my Google News, I actually have some things that pull up identity white papers and it’s hard to stay up because it’s ever changing and it just keeps Growing and growing, but we all do it.
Speaker B:If you love it, you’re going to end up doing it in the long run.
Speaker B:Yeah.
Speaker B:Follow me if you’d like.
Speaker A:Well, make sure that I’ll add your links and notes into the show notes so it makes it much easier for people to follow you.
Speaker B:Yeah, it is my morning coffee.
Speaker B:If you like to have a laugh first thing in the morning about identity, every once in a while it’ll pop up.
Speaker B:Let me know what you think, if you have any topics you’d like to hear about.
Speaker B:But yeah, this is a fun industry.
Speaker B:End of the day, Joe, I’m still here.
Speaker B:I haven’t left.
Speaker B:I always told my son when he was younger, if you enjoy doing what you’re doing, great, because you’re in the right place.
Speaker B:If it starts to feel like work, change roles, do something else.
Speaker B:If you’ve stepped up to the plate and swung the bat, hit a home run, then end of the day, you’re just going to be happy doing what you’re doing.
Speaker A:I can’t, I can’t emphasize more, but, you know, it’s exactly what you said is, you know, if what you’re doing is your passion, you’ll enjoy it so much more, you’ll be more engaged, you’ll be happier and you can take the time to, to, to have fun.
Speaker A:So, I mean, there’s, there’s a few people out there whose posts just, you know, bring smile to my face every day and, and joy to the world and definitely your morning coffees is.
Speaker A:It does that for me.
Speaker A:So I’ll definitely make sure that it’s.
Speaker B:Just getting those points across and trying to put a smile on people’s face but make them think at the same time.
Speaker B:Is my company doing this, Is my customer doing this?
Speaker B:And customers are key in this industry and if you walk them through the processes, holding their hand or not, and help them get to where they need to be in an effective and efficient manner, one, you’ll be happy because you see the end result, but at the end of the day, they’ll be happy because they’ll know they, you know, had have some security around their identities.
Speaker B:And like I said, and you said, identities are the foundation of most businesses.
Speaker B:You have to have them and they all come together, you know, identities, privileged identities on human identities, they all come together.
Speaker B:It’s not separate pieces.
Speaker A:There’s a convergence around it.
Speaker A:It is, it is the foundation of not just companies, but society.
Speaker B:Yeah, yeah, exactly.
Speaker A:We have to use them.
Speaker A:Let’s do it wisely and smartly.
Speaker B:Okay.
Speaker A:It’s fantastic having.
Speaker A:I always enjoy chatting with you.
Speaker A:It’s been, it’s been a way.
Speaker A:It’s been too long, my friend.
Speaker B:It’s been too long.
Speaker B:Yeah, I think, I think it was one of the last events so.
Speaker B:Oh, I forgot about events.
Speaker B:I go to Solution Solution vendor events.
Speaker B:I go to cyber cyber events mostly here in the UK Infosec.
Speaker B:It’s changed over the years but it’s still fun.
Speaker B:And then any small event that I can get to around Identity, there’s been some good ones.
Speaker B:Hopefully there’ll be some new good ones next year as well.
Speaker B:So if you ever see me there, just look for the ball headed Texas guy and, and I’ll be there.
Speaker B:Just come up and say hello.
Speaker A:Fantastic.
Speaker A:What’s, I mean if the audience does have follow up questions or want to contact you, what’s the best way for the, for them to reach you?
Speaker A:What’s the kind of Charles Chase on.
Speaker B:LinkedIn that’s probably the best.
Speaker B:If they want my email address, just ping me on LinkedIn or happy to have a phone call.
Speaker B:LinkedIn’s probably the best.
Speaker B:I keep it up all day.
Speaker B:I see all my notifications come in.
Speaker B:So yeah, more than happy to chat with anyone.
Speaker A:Fantastic.
Speaker A:Excellent.
Speaker A:Many thanks for, for joining me and sharing with, with the audience.
Speaker A:It’s really, it’s an honor and it’s a pleasure and we should definitely.
Speaker B:Thanks for having me, Joe.
Speaker A:No, it’s, it’s, you’re, you’re, you’re a superstar and honestly a great person in this industry that, that really makes a difference.
Speaker A:And going back to my, my kind of, my goal is to really make the world a safer place and make something that, you know, place that we all enjoy and be happy no matter what we’re doing, but just to do it in a way that you can surf the Internet, you can do transactions, you can game, you can interact with people.
Speaker A:But let’s make sure we’re all safe while we’re doing that.
Speaker A:So for everyone in the audience, stay tuned.
Speaker A:Every two weeks, new episodes, great guests coming on, awesome thought leaderships and really bringing new information in order to really help navigate your future career, wherever it might take you or you might be transitioning into new roles and you want to learn something new or have some new goals and ideas in order to really make your career successful and a great one.
Speaker A:So hopefully this is bringing that information to you.
Speaker A:Stay safe, take care and see you in the next episode.
Speaker A:Thank you.
Speaker B:Thanks everyone.
