0:53

I was going . Jerry , it's great to

0:55

finally get you on the podcast . It feels like

0:57

we've been trying to plan this thing for probably

1:00

a year at this point .

1:01

Almost . I don't think it's been that

1:03

long , but it has been a while . Yeah , it's great

1:05

to be with you here today .

1:07

Yeah , it at least feels like it . I'm

1:11

really interested in hearing your

1:13

background . You know how you got into IT

1:15

, what made you want to get

1:17

into that field , you

1:20

know , and just hearing that story , the

1:22

reason why I started everyone off there is

1:25

because you know there may be some listeners

1:27

that are trying

1:29

to do that jump themselves . They're trying to do

1:32

a career change in IT and I feel like

1:34

hearing everyone's story

1:36

, you know , lets them know

1:38

that , hey , this is possible for me . If

1:40

this person did it , maybe it's possible for

1:42

me .

1:45

Yeah , sure , I guess I have one of

1:47

those non-traditional

1:49

entries into the IT

1:51

world . I did not have a computer

1:53

science degree , this is an

1:55

economics degree back at

1:58

college , did a little bit of programming

2:00

work there . I was doing one or two

2:02

of my courses and then I bounced around

2:04

a little bit and then decided to take

2:07

a programming class at a technical

2:09

school and I think there was

2:11

like a six month program

2:14

or something like that and was

2:16

fortunate to get an

2:18

opportunity at a small

2:20

savings bank in New Jersey that

2:22

was converting from , of all things , burrows

2:25

, the gaming equipment , onto

2:27

IBM Tech . So I was

2:30

part of the new IBM based

2:32

team plan and that was

2:34

really my start into the IT world and

2:37

then later on worked at Chase

2:40

Bank in New York and

2:43

got more focused on the security aspects

2:45

of the

2:47

mainframe and middleware and literally

2:49

web-based and

2:52

you know it was before we called it identity management

2:54

, but later on was part of the identity management

2:58

emerging market , if you will

3:00

. When I joined the group as

3:02

an industry consultant and then

3:05

as an analyst and

3:07

then from that and went to the software side

3:09

, you know was that Axiomatics a

3:11

sweetening based , fine-grained

3:13

authorization vendor for several years and

3:16

then now coming up on three years

3:18

at Stratap , identity

3:20

and Head of Standards .

3:23

You know , when you , when you look back

3:25

on your start , you

3:28

know it kind of sounds like it

3:30

was a right time , right place sort

3:33

of situation . Is

3:36

that how you look at it as well ?

3:39

Absolutely . It was very fortuitous

3:41

that , you know I decided

3:43

, then you did the data of the program

3:46

in class and then , of course

3:48

, you know that there was a local opportunity

3:50

at this bank that I

3:52

was able to join and really

3:55

learned a lot under

3:57

the through-lead of , you know , some more

3:59

senior folks there . It was really

4:02

a great place for me to get started . You

4:04

know , got about it .

4:08

Yeah , I'm sure you know

4:10

, starting in that kind of environment

4:12

is it's like trial by fire

4:15

, right ? Do

4:17

you ? Do you find yourself enjoying

4:20

those larger environments , or do you like the

4:22

smaller , the smaller environments

4:24

?

4:26

Yeah , definitely in more of a small company

4:28

kind of person these days . You

4:30

know the savings bank well . We

4:33

had to think about 100 branches . At

4:35

the time . You saw a lot of the employees

4:37

were , you know grab range-based people

4:39

, but the IT department that

4:41

I worked in was was fairly small . Of

4:45

course , chase Bank was a huge company

4:47

. When I left there were almost 100,000

4:50

employees . Now it's quite

4:52

a bit larger than that even . And

4:55

when I joined Burton Group I

4:57

think we were about 50 people

4:59

and 150

5:02

earlier about when the company was

5:04

acquired by Gartner , and

5:06

then you know with Axiomatics and now

5:08

Strata , you know both less

5:10

than 100 person companies . So

5:12

yeah , I definitely like the smaller

5:15

environments . You know there's no place to hide . You

5:17

know everybody in really has to pull their weight

5:19

. You get to do a lot of

5:21

different things so you're not just

5:24

boxed into one single area

5:26

. You get to work

5:28

on different things . I

5:31

enjoy that for sure .

5:35

Yeah , I feel the same

5:37

. You know , like after

5:40

being in the field for about

5:42

10 years now , you

5:45

know I've worked at really large

5:47

companies and very

5:50

small companies . You know 30 person

5:52

startup like companies , and

5:55

I really appreciate the

5:57

experience that I've gotten at the really

5:59

small companies . You know , because you

6:02

have to wear so

6:04

many hats , you know you're wearing customer service

6:06

, you're wearing engineer , even

6:08

some developer or whatever

6:10

might be right , and

6:14

the experience that you get is like

6:16

invaluable . You know , I

6:18

feel like I feel

6:20

like people you know always think

6:23

that like the only place that you could

6:25

get real valuable experiences from

6:27

, like you know , the big name tech

6:29

companies like video or Facebook

6:32

or whatever might be , but

6:34

I feel like there's a lot of other

6:36

companies that are doing really cool things . Especially

6:39

now , with how you know the space

6:41

is where everyone can really

6:43

dive into

6:45

whatever they want to write

6:48

with AI , you know you

6:50

can easily very cost affordably

6:52

, you know get into AI

6:54

and integrate it with your product and things like that

6:57

, right . So there's a

6:59

lot of room now

7:01

that exists with these smaller companies

7:03

that are able to do a lot

7:05

more with it for you to get that experience .

7:09

Yeah , I think that's right and you know , the barriers

7:11

to hatred into different fields

7:13

are definitely lower with a

7:16

lot of the automation and AI capabilities

7:18

that are out there . You know that can help bootstrap

7:20

you in different ways . I definitely agree with

7:22

that . I didn't , you know

7:24

, get going back to the smaller work environments . You

7:29

can get exposed to different areas , like you're saying

7:31

, and maybe ultimately you specialize

7:34

in one area or another . But

7:36

I think having that exposure is also valuable

7:38

because it gives you a sense of a bigger

7:40

picture . You know what does

7:42

it take for a company to operate

7:45

, and that's going to be

7:47

super valuable , even if you go

7:49

to a large company with 10,000 or

7:51

50,000 employees . And having that

7:53

awareness of how the

7:55

company operates and functions from a

7:58

business perspective is super important

8:00

, especially to us , I think , people you know just sometimes

8:02

we're disconnected from that but

8:05

also learning how different departments

8:07

have to work together and

8:09

but it is a matter of scale , you know , can that scale

8:12

up to a

8:14

large organization ? And

8:16

maybe , if you're more comfortable in that environment or

8:18

maybe not , you will

8:20

realize that . You know , I prefer

8:22

to know that 100 to 500 employee

8:25

size company . So it

8:27

gives you that level of exposure

8:29

experience , I think is super important .

8:33

Yeah , the larger companies . They have very

8:35

unique problems

8:37

. You know , like how

8:40

do you build an internal application to scale

8:43

, you know , across the globe

8:45

for half a million people , right

8:48

, like it's internal and

8:50

you have to make sure that it's completely protected with

8:53

everything . You know it has people's , you know , private

8:55

information in it . That's

8:58

a problem that you're not going to get at

9:00

a really small company , right . And

9:02

it's interesting to go back and forth between

9:05

you know , kind of the two sizes

9:07

I haven't really seen too much in the

9:09

middle , but

9:12

you know it's interesting to

9:14

go back and forth between them because you see these

9:16

really large problems . And

9:19

then you know you go to the smaller

9:21

environments like , oh , we need to . You know

9:24

kind of plan for this and this

9:26

and this . You know we need to be thinking

9:28

ahead for this Because

9:32

that's where those bigger

9:35

problems down the road are really

9:38

mitigated . You know up

9:41

front . You know , when

9:44

you look back on your career and the different

9:47

skills that you've

9:49

obtained , is there

9:51

one place that

9:53

you've been that you have felt

9:55

has given you the most I guess ROI

9:58

, right the most skills , the

10:00

most valuable

10:02

skills , whatever it might be .

10:05

I think I would have to point back

10:08

to my time as an analyst because

10:11

it really helped to sharpen

10:13

my writing skills , because

10:16

you know , we're doing research reports every

10:19

quarter and you

10:22

have to review that with your peers and

10:25

then it goes through a copy edit process

10:27

and let me just say that

10:29

it was like getting the English comp lesson

10:31

every quarter when those

10:34

redlined reports did that

10:36

. So I think that was being

10:38

valuable in helping you

10:40

to be a better , brighter and had a great

10:42

writer , and I think that's a universally

10:45

valuable skill to have

10:47

, I would say . Second to

10:49

that is being able to

10:51

become a decent presenter

10:53

at a conference or

10:56

on a webinar or what have you . But

10:59

overall it was teaching

11:01

me to be more specific and

11:03

precise with the language that

11:06

I used , because that's

11:08

what you know that environment was all about was being

11:11

able to put forth an analysis

11:14

of a market segment or a vendor or what

11:16

have you , and kind of top it and

11:18

then be able to defend that position when

11:21

you're being questioned by your customers or

11:23

by the audience . So

11:25

that's a skill set that I

11:27

really am grateful to

11:29

have , you know , being able to go on

11:31

during that time

11:33

.

11:36

Yeah , that's really

11:38

fascinating , right

11:41

. I've been talking to a lot of people

11:43

lately and

11:45

the idea of writing

11:47

as a skill in IT

11:49

keeps coming up , and it

11:51

keeps on coming up as being a very valuable

11:54

skill , which

11:56

is it's interesting to me because

11:59

, like me personally , you

12:01

know , I am not interested at all

12:04

when I'm told I have to write some document

12:06

on something . You know I try to avoid it

12:08

. But I've been on teams

12:11

where we have had , you

12:14

know , a technical writer right

12:16

there on the team and they're writing

12:18

down everything you know

12:20

that we're doing for different processes

12:22

and whatnot , and they're , you know

12:24

, adding context and everything and they create

12:27

, you know , fantastic documents . Right

12:29

, they're doing the

12:31

stuff that none of the engineers want

12:33

to do , that's

12:35

for sure . But it's coming

12:38

up , as you know , a really valuable skill

12:41

which I find interesting mostly

12:44

because it's not like a traditional

12:46

skill of IT and

12:49

yet people are finding that it's

12:51

in higher demand or in growing

12:53

demand for

12:56

them to have that on their IT team

12:58

.

12:58

Absolutely . I mean for

13:00

me personally . It's a bit ironic because you're

13:03

in college . What did I hate the most

13:05

of in the final exams ? Doing

13:08

research reports . Yeah

13:10

, here , I ended up doing it for more

13:13

than nine years as a profession , so

13:15

definitely some of my professors were

13:18

enjoying that moment , I'm sure in the graves

13:21

. But

13:23

it is super important to be able to write because

13:25

if you need to justify a project

13:29

you know you want to start , you can say , from a

13:31

customer's perspective , I'm going to deploy

13:34

some new identity or security system . Well

13:36

, you need to be able to convince the

13:39

stakeholders who are going to approve

13:41

that budget that this

13:43

is a worthy cause . And

13:45

if you can't adequately

13:47

write that in a document or

13:50

do you present that in a

13:52

presentation format

13:54

, then your chances of getting

13:56

that project approved go down

13:58

precipitously . So , yeah

14:01

, it's super , super important for

14:03

those reasons and many others , yeah

14:05

.

14:08

Yeah , absolutely , it's

14:10

becoming invaluable , honestly

14:13

, especially if you're a technical

14:15

person that has those skills and they're

14:18

able to do it . Being

14:24

able to defend your

14:26

work in a written email

14:29

to an angry customer is

14:31

a

14:34

skill that you're only going to use a couple of times

14:36

. Hopefully , I mean hopefully you're not making a lot of customers

14:38

angry , right ? But

14:42

it's a skill that if you

14:44

have it , you're really going to shine . And

14:46

I remember earlier on

14:48

in my career I

14:51

was always taught like

14:53

when you're building these

14:56

cases against customers

14:58

necessarily not

15:00

a case , but the situation

15:02

was where when we're

15:04

setting up the system , if a customer

15:07

misconfigures it

15:09

, they can incur a $100

15:11

charge for doing the

15:13

wrong thing , for making the wrong phone call

15:15

, and that's not a $100 charge from

15:18

us , it's a $100 charge from this national

15:20

agency . So

15:22

it's the same thing for everyone in the country

15:25

, irrespective . You know we're just passing

15:27

on the feet and

15:30

when that's going on , you know

15:32

when you're getting them set up , it's

15:35

your job as the technical SME

15:37

to identify that immediately and

15:39

reach out to them and say , hey , let's avoid , let's

15:42

avoid these . Right , because we'll cover , you

15:44

know , the first couple and whatnot . Right , because

15:48

we're getting you set up and whatnot . Well

15:50

, this customer , you know I

15:53

don't know where , where it came

15:55

from for them . They just decided we're

15:57

going to test . You know 20

15:59

, 30 , 40 of these things

16:01

you know in one sitting

16:03

, within 30 minutes , and

16:06

you know let's see what happens , right

16:09

, and they didn't want to pay . They didn't

16:11

want to pay when it , when it came due

16:13

, and I wrote this . You know

16:15

really well described

16:17

email of all the phone calls I made , the

16:19

timestamps , the emails I sent

16:21

, the screenshots . You

16:23

know every single thing . And

16:26

the guy at my company that's

16:28

actually tasked with , you know , getting

16:30

the customers to pay this fee

16:33

. He came over

16:35

and he said , if they send anything other than a

16:37

check , I would be shocked . It's

16:39

like , how can you defend any of that ? Right

16:41

? Well

16:44

yeah , I mean , that's , that's

16:46

a skill you know that I've had

16:49

to use a couple times , right , not

16:51

a lot , but it does absolutely

16:54

separate you apart because after that

16:56

, after that one experience

16:58

, you know , I had other people coming

17:00

to me for input with a difficult

17:02

customer email and things like that . You

17:04

know , and you know I'm

17:07

just a young , you know tech guy

17:09

, young app specialist . You know I

17:11

don't know anything , right , I

17:13

could probably write better than I could any technical

17:16

you know task or whatnot . Right

17:18

, it's , it's interesting

17:20

how that played out . So , you

17:23

know , I wanted to , wanted

17:26

to ask you where do you think the

17:29

future of IEM is going ? And

17:33

the reason why I ask is because we're

17:35

kind of in , we're

17:37

kind of in a limbo

17:39

phase right now within IEM . I would

17:41

say right , because we're on

17:43

the cusp of IEM

17:45

really changing , really

17:48

changing significantly , I feel . But

17:51

we're still trying to use

17:53

older solutions for new problems

17:55

. You know where a

17:57

PAM solution used

18:00

to be the end , all be all . You

18:02

get a PAM solution , you get

18:04

something that you know can

18:06

, can kind of have a self-service functionality

18:09

with roles and and

18:11

permissions , and you're pretty

18:13

set . You know , you're pretty locked in , you're

18:15

good to go . And

18:17

now we're finding that

18:19

that doesn't really scale well with the

18:21

cloud , and the cloud

18:24

has so many different facets to it . Iem

18:26

is so different in , you

18:29

know , each cloud that

18:31

that that teams

18:33

are having issues keeping up and

18:35

their , their solutions , that they've already invested

18:38

millions of dollars into , are

18:41

not keeping up and they're not going

18:43

to keep up . So you know

18:45

, where do you , where do you see this going ? Where

18:47

do you think the future is with this ?

18:51

Well . Well , there's I mean , lots of different things

18:53

happening within the identity management

18:55

market . You know a lot of advancements

18:58

have occurred recently in authentication

19:01

. I think over the last several years we've

19:03

had more and more emphasis on using

19:05

stronger methods of all the dedicated

19:08

rather than just relying on passwords

19:10

. You know we keep hearing that year

19:13

X is the year

19:15

that passwords go away . We've

19:17

made some progress toward that . I think the

19:19

latest iteration of that technology

19:23

trend is now in password list systems

19:25

. We're using other technologies

19:28

rather than the different line on the

19:30

other number of passwords , the longings

19:32

, so that that's going

19:35

in its own trajectory

19:37

. But there , as you said

19:39

, there are so many different components to

19:41

identity management infrastructure

19:43

and

19:46

so many of them , as you said , that we

19:48

used in the data center are not very

19:50

applicable to cloud native environments

19:52

. And of course , every

19:55

cloud has its own method

19:57

of doing it and the or doing

19:59

access , and within the

20:01

cloud it's up and down the stack to write

20:03

, you know , the application layer

20:06

, the infrastructure , the network

20:08

for data , all of these different techniques

20:10

and technologies . So

20:13

I guess one of the one of the things we see being

20:16

valuable in this area that

20:18

has been applied elsewhere is

20:20

abstraction and orchestration . You

20:22

know , if you think about

20:24

where Kubernetes is today

20:27

, you know what happens . Before . Then you

20:29

had the end where making

20:31

virtualization a

20:33

commodity , right , or you get to the mass market

20:36

, and that was the prevalence

20:38

for a period of time . And then

20:40

we switched to containers . You're running our

20:42

apps and workloads and APIs within

20:45

containers , but then how do

20:47

you manage a containerized environment

20:49

, due to all the complexities

20:51

that you point out ? You know , if I want to run

20:53

workloads across clouds , you

20:56

know how do I do that . Or even across different

20:59

regions within a

21:01

single cloud platform . So

21:03

that's where Kubernetes evolve , right . Kubernetes

21:06

abstracts away the complexities

21:08

of each cloud platform and

21:11

allows you to do that . Orchestration , right to manage

21:13

workloads for

21:15

availability , for , you know

21:17

, automatic or elastic assay

21:19

, and so on . So I think these

21:22

principles more

21:24

and more . He applies you to

21:26

identity and that's a time

21:28

that will continue .

21:33

Yeah , you talk about the different trends

21:36

overall of technology

21:39

and now we have this serverless

21:42

thing right . It's

21:47

funny because you know we call it . Serverless

21:50

functions right , but they're running on servers

21:52

, yeah ultimately , they

21:54

are yes . Yeah , and

21:57

they're significantly

21:59

more complex

22:01

to track and monitor within the

22:03

environment . You

22:06

know , because I feel like the overarching

22:09

technology evolution is

22:12

growing much faster than what

22:14

security solutions are

22:16

keeping up with . You know , that's why

22:18

we kind of see so many new

22:20

security companies , I feel , come out of the market

22:23

so often is

22:25

because there will be a fringe . You

22:27

know technology evolution in

22:30

one area like serverless

22:32

, and now we have a security company

22:34

that's built around how to protect

22:36

it , how to monitor it , things

22:38

like that , something that we didn't need before

22:40

, but now you know there's a growing

22:43

need for . And

22:45

you know , same thing with IAM

22:48

. Right , like , these IAM solutions

22:50

, they have to grow , they

22:54

have to have more visibility into the cloud

22:56

, they have to be able to tie things together

22:58

and monitor who's accessing

23:01

, what roles are accessed and

23:03

used . And

23:05

you have to do this , you know , across all

23:07

of the clouds right , all at the same time

23:09

and be able to tie it together in

23:12

a way that is simple

23:14

for that analyst to look at

23:16

and understand what's going on . Right , like

23:19

there's a very short window that these analysts

23:21

actually have to

23:23

look at these things right to

23:25

determine if they need to pay attention to it or

23:27

not , and

23:29

I always appreciate a good product

23:32

that takes that into account

23:34

right and kind of thinks

23:36

that through , and you can always tell when

23:38

a product thinks that through . Is that something

23:40

that you also look at because of your prior

23:43

experience as an analyst ?

23:45

Yeah , and also comes through

23:47

. With my experience at an end

23:50

user company , you know , being on

23:52

that side of the table where we're

23:55

concerned about uptime and availability

23:57

and resiliency , for example , and

24:00

wanting to make

24:02

sure that a product , while

24:04

it has , you know , a purpose

24:08

of securing a certain aspect of the

24:10

operation , will that work in

24:12

my operation ? You know it is applicable

24:15

to me in my environments and

24:18

so , yeah , that really comes through and

24:21

we do . We have to think about that right

24:23

now as we're looking at

24:25

new features or functionality or capabilities

24:28

to move a strata product

24:30

set and trying

24:32

to address certain scenarios

24:35

. You are we approaching

24:37

this from the end user's perspective

24:39

? You know that that sock analyst

24:41

or , you know

24:44

, the CISO office or the auditor or

24:46

whomever , is the person that

24:49

would be operating that functionality from

24:51

the other side . You know , are we hitting all

24:53

the notes that they are interested in ? You know

24:55

? So that's absolutely part of that

24:57

. You know that product planning

24:59

perspective .

25:00

Yeah , it's , um , I

25:05

find it , you know , kind of UI

25:07

design . I find it to be fascinating

25:10

, right , because when

25:12

I , when I was an analyst

25:14

, and I was going through the different venues

25:16

in our solution , you

25:18

know , there would be times where I could I would say

25:21

, hey , these two things , they can be combined

25:23

. Right , like , why do I have to go

25:25

to these several different places

25:28

to configure this one thing ? You know

25:30

, like , this is a common use

25:32

case , right , why don't we

25:35

just put this all in one place ? And

25:37

so I'm not going around ? Right , and

25:40

looking at it from a process

25:42

perspective , I feel like it

25:44

forces you to be more customer

25:47

centric , you know , especially

25:49

when you deal with bad products and

25:51

products that you know don't make

25:53

any sense and you have to configure

25:55

the same thing and three or four more

25:58

different places just

26:00

to , you know , make sure that it's configured

26:03

and acting right and all

26:05

that sort of stuff . Like

26:07

that sort of you

26:09

know , product I

26:13

typically hate and I try to steer

26:15

away from , because

26:17

I've had poor experiences with it . Right

26:20

, I've had , I've had products

26:23

do things that were

26:25

unintended and I thought

26:27

that I had configured it

26:29

. You know , one way and it

26:31

did another thing , and I reach out to

26:33

support and they're like oh , you know

26:35

, you forgot this other . You know

26:37

, tucked away sub menu

26:40

, you know that has this

26:42

configuration as well , that

26:44

that's what it really keys off of

26:46

. You know it's like guys

26:49

, what If it says it ? If it

26:51

says it in one place , it should just be

26:53

it . You know , like that should

26:55

be the solution .

26:57

Yeah , a couple , yeah , a couple of thoughts there . I mean

26:59

, even when you're using a website

27:01

, you know , for personal use and things

27:04

are disorganized , or

27:06

you know I'm mentoring data over here

27:09

, but that it could . The button

27:11

for accept or next is , you know , all

27:13

the way in the far corner . It's just even

27:15

simple usability . Things like that stand

27:17

out to us . I guess you know , based on our

27:20

past experiences , but

27:23

also we , when we're thinking about , you

27:25

know , product design , you know we have folks that have really

27:27

specialized in that area and they're super good

27:29

at it and we don't want to just

27:31

focus on what we call the happy path

27:33

. You know , when everything works well , great

27:36

. But , like you were just describing , you know where

27:38

, if I get myself into a corner and

27:41

something doesn't work , you know we want to which

27:43

part of steer people back or

27:45

give them . You know that's a

27:48

place to have a help you know logo or

27:50

something to

27:52

help them get out of that corner

27:54

. So you want to think of okay , where

27:57

, where can the user go wrong

27:59

because I haven't maybe designed things

28:01

perfect and help them

28:03

out of that so they don't have to get on the

28:05

you know the phone to your support folks

28:07

.

28:09

Right , yeah , always

28:11

limiting how often

28:13

you know a customer has to call support

28:15

is it's a great

28:17

thing , that's for sure , and

28:20

he's . Any support person would say that you

28:22

know . To kind

28:24

of circle back to IAM

28:27

, what are some emerging

28:29

areas for emerging

28:32

problems that you see

28:34

IAM , you know , kind

28:36

of transforming or evolving into

28:38

to solve ?

28:41

Yeah , maybe I can talk about a

28:43

couple of initiatives that I'm involved

28:46

with . You know one we started

28:48

here at Strata to deal with

28:50

access policy differences across

28:53

that multi-cloud scenario

28:55

that we talked about earlier . You know

28:57

, with each of those platforms

28:59

having different ways of defining an

29:01

access rule or policy , and

29:03

you know how do you manage that because , you

29:06

know , without some kind of policy orchestration

29:08

model , you've got to have some

29:10

subject matter expertise , you

29:13

know , to cover all of those areas

29:15

. So we've come up with a , you

29:17

know , a standard way to define an access

29:20

policy . You call it identity query language

29:22

and we built an

29:24

open source system called HEXA

29:26

that can translate to

29:28

and from the . You know that identity will standard

29:31

format into , you know

29:33

, the slope format of a cloud

29:35

system and that's a CNCS

29:37

project , probably made

29:40

it from CUNY Foundation , and

29:42

you know we continue to build out

29:44

that accessibility and , you know

29:46

, show how that kind of model can work . So

29:48

that's , you know , one way we're trying to

29:50

help address the complexity

29:53

of the cloud access

29:55

systems , you know , through , again , abstraction

29:58

and orchestration . So

30:00

that's one area . A second

30:02

area that is involved in

30:04

is now a working group at

30:07

the OpenID Foundation . So

30:09

those are the folks that pre-use . You know share

30:11

signals framework and continue

30:13

to do this access evaluation profile

30:16

and open ID connect and such . So

30:19

there's a new working group that's

30:21

working on standardizing some

30:24

of the interactions of fine-grained

30:26

authorization systems . So

30:28

there's many of them out on the marketplace

30:30

. You know most of them are proprietary

30:33

models . You know some of them are based on Open

30:36

Policy Agent or the exactable

30:38

standard or other formats

30:40

, but there's not a lot

30:42

of interoperability . So

30:45

the authorization exchange , or a lot

30:47

of Zen working group for short , is

30:50

working to standardize some

30:52

of those interactions between authorization

30:55

systems and we're aiming to do

30:57

an interop demonstration at

30:59

the Identiverse Conference late May

31:01

with the

31:03

first basic profile

31:06

. So those are a couple of things

31:08

that you know we're involved

31:10

in here at Strata . You have to try

31:12

to help the industry move forward in

31:15

a more standardized way .

31:19

How do you think AI is going to be impacting

31:21

IAM ? What impacts

31:24

IAM ? How

31:29

do you see that going ?

31:32

Well , there's a lot of people interested

31:34

in both of those projects and

31:37

a lot of focused energy

31:39

on it right now and I think , with

31:42

the intention in the industry around

31:45

security and all

31:48

of the breaches that we

31:54

continue to hear about , some of those kind of issues

31:57

can be dealt with with these two projects

31:59

, but it's just a

32:01

way to try to improve security

32:03

overall and

32:06

there's a lot of interest out there and a lot of grounds

32:08

will be mentioned behind them , he

32:10

says .

32:13

Yeah , it's interesting to see where

32:16

the space goes in the

32:18

next five years . Right

32:20

, it's

32:23

just a fascinating time because I feel like

32:25

there's a lot that we

32:28

don't know of what's to

32:30

come just yet , especially with that

32:32

huge X factor of AI

32:34

.

32:36

Well , it took us before we mentioned AI , and it's

32:38

pretty good actually .

32:40

Yeah , I mean , I've had

32:42

a whole podcast about AI

32:45

and quantum

32:47

cryptography and all that sort of stuff

32:49

. It's

32:52

a fascinating area , that's for sure

32:54

. But

32:56

I wonder . I

32:59

just try to look at everything from the perspective

33:01

of if I was starting over today

33:03

, right , what's

33:05

the thing that I'm trying to future proof my

33:08

career against ? What's the thing I'm

33:10

trying to learn now that in five

33:12

or 10 years is going to be very

33:14

valuable , right ? And obviously

33:17

one of those things is AI . But

33:19

AI is so broad you

33:22

really have to dial it in and figure

33:24

out what niche of

33:26

AI you should be taking

33:29

part in . So

33:31

that's how I approach it . Is

33:34

that how you look at it as well , or

33:37

how do you view the industry like that ?

33:40

I think with any new

33:42

technology that comes onto the scene , especially

33:44

one that is so impactful as

33:46

artificial intelligence , you really need

33:48

to examine how that number

33:51

one ethics your own career

33:54

path . Which is going to do

33:56

for me or against me and

34:00

I would say most people

34:02

should look at learning

34:05

more about AI . How

34:08

could it be used to help me

34:10

in whatever job I have

34:12

, whether I'm a developer . Look

34:15

at these code generators and co-pilots

34:17

Is that something that's going to help me become

34:19

a better developer or not ? Another

34:24

way to look at this is well , if I am

34:26

a developer and there's all these

34:28

co-pilot code

34:30

generators out there , find

34:32

out what the limitations are , because

34:35

if you can fill in the gaps of where

34:38

they have a limitation , then that's

34:40

a valuable asset to

34:42

be able to bring forward . If

34:46

you're just a me too I'm just a basic

34:49

, I can run of a little developer

34:51

then your value

34:54

is , I think , a little bit decreased . But if

34:56

you know how best to

34:58

use AI in your role

35:00

, then that's a value add Because

35:03

, as we can see , we're still in the very

35:05

, very early days of it . I

35:07

mean , look at the stumbles of even

35:09

the giant like

35:11

Google in their launch of Gemini

35:14

recently , which

35:16

that just is further evidence that we're

35:19

in early days , so getting it

35:21

now learn

35:23

where the limitations are and how that evolves

35:25

over time , and that's , I think

35:27

, the best position you to take

35:30

advantage of that where

35:32

appropriate or where necessary .

35:36

Yeah , we haven't dove

35:39

into it very much yet

35:41

, but could

35:43

you tell us what

35:46

the problem is that Strata is

35:48

solving and how you're going about

35:50

solving it ?

35:52

As far as with AI or just in

35:54

general ? No , just in general . Okay

35:57

, sure . Well , Strata is an

35:59

identity orchestration company

36:01

. So when we think

36:03

again back to the multi-cloud environment

36:05

, if your

36:08

company is adopting more

36:10

than one cloud platform , then by

36:12

definition your multi-cloud

36:14

will use your multi-indentity

36:16

. What

36:19

Strata enables you to do with identity orchestration

36:21

is manage these different

36:23

identity components , whether they're

36:26

legacy and on-premises or

36:28

in the cloud , so

36:30

that in the user journey of

36:32

when a user logs on to an application

36:35

environment , we

36:37

can direct that user

36:39

to authenticate to the right identity

36:41

provider . If they

36:43

need to also add a multi-factor

36:46

authentication , like an ass-wiz or

36:48

two-FA authentication , we can direct

36:50

them to that source . If

36:52

we need to gather up additional data

36:55

points to start the session

36:57

, you know that the application needs we can go over

36:59

and retrieve those . So we're in

37:01

the middle of that session , orchestrating

37:03

what happens in order to get

37:06

the right information to

37:08

that application so that it can

37:10

operate for our crookier . So

37:13

that's the abstraction that we talked about

37:15

earlier . So

37:24

we extract away the

37:26

hard-thoded implementation

37:28

of your apps to your application so

37:32

that you can choose out these identity components

37:34

as the technology does advance

37:36

. You know a few implemented

37:39

and ordered multi-factor authentication

37:41

technologies , say , five years ago . Now

37:44

you want to move to pasties or

37:46

some other ass-wiz-less model

37:48

. Well then we

37:50

can just pull out one component

37:53

and plug in the other and make

37:55

that migration much easier

37:57

and faster than if you

37:59

get everything was hard wired to

38:01

each application .

38:06

Yeah , it's really interesting . It's

38:11

really fascinating that you

38:14

know you're approaching the problem

38:17

from that angle , because

38:19

I feel like that is that's

38:23

something that you typically

38:25

don't want to change very often

38:28

, because it is so

38:30

difficult for your developers to set

38:33

up the new identity authentication

38:36

process or method or whatever

38:38

it might be , and you need something very lightweight

38:42

to sit in there that can manage it right

38:44

. That's really the only solution . But

38:47

from what you're describing , it's kind

38:49

of like almost plug and play .

38:52

Well , it becomes that right . Because if you

38:54

want to change the technology

38:56

without that abstraction in the middle , then

38:59

you have to refactor those existing

39:01

applications to change out

39:04

their own indication modules and

39:06

that's costly from

39:09

a resource and time perspective . You

39:11

know , that's what our research has

39:13

showed us and shown our customers

39:15

. So introducing that

39:17

abstraction gives you that flexibility

39:19

to adapt to technology

39:22

just much faster . Because

39:24

you know there's I

39:26

think historically there

39:28

would be a resistance to change . Well , I

39:30

just installed that system five years ago

39:32

. I'm expecting a seven

39:34

to ten year lifespan out of that investment

39:37

. But if technology is

39:39

faster than that and

39:41

the security threats accelerate

39:43

faster than that time frame , what do you

39:45

do ? You're forced now

39:48

to make an investment earlier

39:50

than you wanted to and that

39:52

could be costly . But with abstraction

39:55

in the middle it's much

39:57

, much easier to get those changes

40:00

when we need to , other than you

40:02

know , forcing a specific timeline

40:04

on that .

40:07

Yeah , that makes a lot of sense . Well

40:10

, you know , unfortunately we're

40:13

at the top of our time here . You

40:16

know I try to be very cognizant of everyone's

40:18

time before I let you go

40:20

. How about you tell my audience , you know

40:22

, where they can find you if they wanted to reach out , where

40:24

they can find Strata If

40:26

they want to learn more great information

40:28

about your company .

40:30

Sure appreciate that , joe . Yes , you can find

40:32

me via email at Gerry

40:34

, at strataio , gerry with G

40:36

, and the Strata's

40:39

website is also strataio

40:41

. So we've got lots of great information out

40:43

there and

40:45

we're typically at some of the major industry

40:48

conferences around the world

40:50

. You know European identity conference in Berlin

40:52

come up in June and

40:55

I get a verse in May out in Vegas

40:57

, probably at the Carter identity

41:00

event later in year as well . So

41:03

we're usually at those major events . Stop

41:05

by and say you are see some of my colleagues

41:08

and appreciate being

41:10

on the show , joe , and it's

41:12

been great talking with you .

41:14

Yeah , absolutely Likewise . Thanks

41:18

everyone for listening . I hope you enjoyed

41:20

this episode .