POPULARITY
La nutrición deportiva es un pilar fundamental para optimizar el rendimiento físico y la recuperación de los atletas. Un adecuado plan de alimentación puede marcar la diferencia en la resistencia, fuerza y capacidad de recuperación de los deportistas. Sin embargo, el uso de suplementos nutricionales es un tema controvertido que requiere un análisis basado en la evidencia científica para comprender sus beneficios y riesgos. En este podcast de El Expresso de las 10 el Dr. Ernesto Julián Santiago Delgado, Licenciado en Nutrición, Maestro en Nutrición Deportiva y Doctor en Educación Deportiva y Ciencias del Deporte. Especialista en suplementación y acondicionamiento físico; nos habla de “Nutrición deportiva y suplementos: riesgos, resultados y ciencia basada en evidencia” su tema de Módulo Nutrición en CIAM 2025.
Organizado por el Hospital Civil de Guadalajara con el aval académico de la Universidad de Guadalajara, el CIAM se ha consolidado como un referente en actualización e innovación científica. Y contará con profesionales de la salud de México y otros países como España, Brasil y Estados Unidos. Escucha en este podcast al Dr. David Alejandro Martinez Ceccopieri Especialista en medicina materno fetal, Encargado del Programa de Cirugía Fetal del Nuevo Hospital Civil Dr. Juan I. Menchaca. Él nos presenta el tema “Innovación en cirugía fetal del Módulo Ginecología y obstetricia
El abuso sexual es una es una de las peores formas de violencia de género y abuso de poder, especialmente cuando se manifiesta sobre niñas, niños y adolescentes. La detección del niño que fue o está siendo víctima de abuso sexual depende de escucharlo para saber qué pasó. El trauma es una respuesta emocional o psicológica intensa ante experiencias extremadamente estresantes, como accidentes, violencia, desastres o pérdidas repentinas. Puede afectar a cualquier persona y tener consecuencias a largo plazo en su bienestar. En este podcast de El Expresso de las 10:00 hablamos del Módulo de salud mental en CIAM 2025 “Escuchando el silencio. Claves para una intervención oportuna y eficaz en casos de abuso sexual infantil” con la Psicóloga clínica y Doctora en derecho Teresa Del Carmen Jiménez Gómez, y “Del trauma a la recuperación: psiquiatría de precisión” con el Dr. Manuel Alejandro López Sandoval, Médico con especialidad en Psiquiatra.
La neuropsicología es una disciplina que estudia cómo las funciones del cerebro se relacionan con el comportamiento y los procesos cognitivos. Se centra en comprender cómo las lesiones, enfermedades o anomalías en el sistema nervioso central, afectan aspectos como la memoria, la atención, el lenguaje y las habilidades motoras. La neuropsicología desempeña un papel crucial en la evaluación y rehabilitación de individuos con daño cerebral, trastornos del desarrollo y otras afecciones neurológicas. Escucha en este podcast las voces de La Dra. Ana Ruth Díaz Victoria y la Dra. Alicia Martínez Ramos que nos hablan Neuropsicología en las Ciencias Forenses y las Adicciones, temas que se abordarán en el Congreso Internacional Avances en Medicina 2025. Hoy el Módulo de Salud mental en El Expresso de las 10. La Dra. Alicia Martínez Ramos es Licenciada en Piscología, Maestra en Neuropsicología, Doctora en Ciencias del Comportamiento. Profesora investigadora del Departamento de Neurociencias del Centro Universitario de Ciencias de la Salud-CUCS. Y participará en el Modulo de Salud mental en el Congreso Internacional Avances en Medicina 2025 con el Tema: “Evaluación e intervención neuropsicológica en el campo de las adicciones. Hacia un tratamiento individualizado”. La Dra. Ana Ruth Díaz Victoria a quien escuchamos en grabación es Jefa de la Unidad de Cognición y Conducta del Instituto Nacional de Neurología y Neurocirugía Manuel Velasco Suárez, Miembro fundador y expresidenta de la Asociación Mexicana de Neuropsicología. El Tema que abordará en el módulo de Salud Mental en CIAM 2025 es “Neuropsicología forense y diagnóstico preciso en trastornos mentales en procesos judiciales”.
Las caídas son una de las principales causas de fracturas en el mundo y pueden afectar a personas de todas las edades, desde niños pequeños hasta adultos mayores. En la infancia, es común que los niños sufran caídas mientras juegan, corren o aprenden a caminar. Un simple tropiezo en el parque o una caída desde una bicicleta puede ocasionar fracturas en brazos o piernas. En la adolescencia y adultez joven, las caídas suelen estar relacionadas con la actividad física y el deporte. En este podcast de El Expresso de las 10, hablamos de Caídas y su rehabilitación y te invitamos al Módulo de Rehabilitación en nuestra cobertura del Congreso Internacional Avances en Medicina 2025; con la Dra. Elba Janette Ledezma Miramontes y la Dra. Paulina López Buenrostro especialistas en Medicina Física y Rehabilitación; Adscritas al servicio de Medicina Física y Rehabilitación del Hospital Civil Fray Antonio Alcalde e Integrantes del Comité Organizador del Módulo de Rehabilitación del CIAM 2025
De acuerdo con la Organización Internacional del Trabajo (OIT), en México las personas laboran en promedio 44 horas semanales. En sectores como el industrial, obrero, hotelero, restaurantero, de seguridad privada o en tiendas departamentales, estas horas suelen transcurrir de pie. En este podcast de El Expresso de las 10, como parte de nuestra cobertura del Congreso Internacional Avances en Medicina, te invitamos a conocer la LEY SILLA, una medida preventiva fundamental para la protección de las personas que trabajan que pasan muchas horas de pie, asegurando que tengan acceso a los medios necesarios para cuidar su salud, prevenir enfermedades relacionadas con la postura y mejorar su rendimiento laboral. Hoy el módulo de Salud Ocupacional en CIAM 2025.
Nat na Dal Na Zatui // Health talk.Kawikawi + Gam Vangla A Om // Chin Gospel Songs.
Brought to you by the Founders Unfiltered podcast by A Junior VC - Unscripted conversations with Indian founders about their story and the process of building a company. Hosted by Aviral and Mazin.Join us as we talk to Sanjiva Weerawarana, the founder of WSO2 about their story.Sanjiva earned his bachelor's and master's in Mathematics/CS from Kent State University, Ohio, and later completed a Ph.D. in Computer Science at Purdue University.He worked as a Research Staff Member at IBM and held visiting professorships at Purdue University, the Polytechnic Institute of New York University, and the University of Moratuwa.Beyond academia, he served on various committees, including the Arthur C. Clarke Institute, the University of Colombo, the University Grants Commission, The Apache Software Foundation, and several Sri Lankan institutions in technology, finance, and science.He founded multiple organizations, including WSO2 (2005), Thinkcube Systems, Sahana Software Foundation, Lanka Software Foundation, Lanka Data Foundation, and Avinya Foundation.Interestingly, he also served as a Lieutenant Colonel in the Sri Lanka Army.
Dos megafugas de agua potable en Ecatepec John Ratcliffe nuevo director de la CIAMás información en nuestro Podcast
In this videocast, Tom Bruggeman from DPG Media shares how his team tackled the challenges of user authentication in a fast-changing media landscape. He highlights the role of open standards like OAuth and OIDC and explains how Authlete helped create a seamless and secure user experience. Tom also offers insights into future plans, including efforts to enhance user privacy and explore data wallet solutions.
In this videocast, Tom Bruggeman from DPG Media shares how his team tackled the challenges of user authentication in a fast-changing media landscape. He highlights the role of open standards like OAuth and OIDC and explains how Authlete helped create a seamless and secure user experience. Tom also offers insights into future plans, including efforts to enhance user privacy and explore data wallet solutions.
In this sponsored episode of the Identity at the Center podcast brought to you by Strivacity, Jeff and Jim welcome Stephen Cox, co-founder and CTO of Strivacity, to discuss the evolving landscape of identity management. The conversation covers Strivacity's unique approach to customer identity and access management (CIAM), the importance of isolation by design for security, and the integration of generative AI into their platform. Stephen shares insights on how Strivacity differentiates itself in the market, the recognition from Gartner, and the challenges of implementing AI in identity management systems. They discuss the evolving landscape of AI, particularly in relation to data access, security, and identity management. Also explored is the balance between leveraging AI for business insights and the potential threats it poses to data security. The discussion also touches on the future of AI technology, the challenges of governance in a rapidly changing environment, and an unexpected segue into astrophotography, highlighting the intersection of AI technology and personal interests. Chapters 00:00 Introduction to the Identity at the Center Podcast 01:37 Meet Steven Cox from Strivacity 02:34 Strivacity's Unique Approach to CIAM 09:27 Differentiating Consumer and Customer IAM 11:49 Strivacity's Recognition and Achievements 14:05 The Importance of Isolation by Design 15:38 Generative AI in IAM Products 21:45 Implementing AI in Strivacity's Platform 29:25 Addressing AI Hallucinations and Security Concerns 30:56 Cost Implications of AI Systems 31:50 Leveraging AI for Business Insights 34:03 Implementing AI with Security in Mind 38:53 Future of AI in Identity Space 44:48 Astrophotography Adventures 53:52 Conclusion and Final Thoughts Connect with Stephen: https://www.linkedin.com/in/stephencox/ Learn more about Strivacity: https://strivacity.ai Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and watch at https://www.youtube.com/@idacpodcast Keywords Identity Management, Customer IAM, Strivacity, AI Integration, Cybersecurity, Digital Identity, Gartner Recognition, Isolation by Design, Generative AI, User Experience, AI, data security, identity management, astrophotography, technology governance
“Fragen an die KI-ChatGPT”: Eine faszinierende Reise durch die Welt der Ideen und Fragen – heute mit dem Thema “Cyber-Week zur IT-SA zur Nevis”!Begleite uns seit dem 1. März 2024 auf eine spannende Entdeckungsreise, bei der ChatGPT und Boris Bärmichl, der TechnologieScout, im Studio aufeinandertreffen. Gemeinsam erkunden sie die tiefgründigsten Themen – von Künstlicher Intelligenz bis hin zu philosophischen Fragen. Hier wird nichts ausgelassen!
Cultura em Pauta #808 16/09/2024
In this episode, Matthias Reinwarth and John Tolbert discuss the consumer identity and access management (CIAM) market. They cover new entrants in the market, the impact of mergers and acquisitions, new features in CIAM products, deployment models, B2B functionality, decentralized identity, and the role of AI in CIAM.
In this episode, Matthias Reinwarth and John Tolbert discuss the consumer identity and access management (CIAM) market. They cover new entrants in the market, the impact of mergers and acquisitions, new features in CIAM products, deployment models, B2B functionality, decentralized identity, and the role of AI in CIAM.
"Frag die KI - ChatGPT: Eine faszinierende Reise durch die Welt der Ideen und Fragen – heute mit dem Thema “CIAM”!Begleite uns seit dem 1. März 2024 auf einer spannenden Entdeckungsreise. Im Studio des TechnologieScouts treffen ChatGPT und Boris Bärmichl aufeinander und tauchen tief in die Welt der Themen ein. Von Künstlicher Intelligenz bis hin zu philosophischen Fragestellungen – hier bleibt keine Frage unbeantwortet!
In this episode, hosts Jim McDonald and Jeff Steadman are live from Identiverse in Las Vegas, engaging in a lively conversation with Danny de Vreeze, VP of Identity and Access Management at Thales. They dive deep into the transformative potential of AI in identity management, discussing how conversational AI can revolutionize user interactions by enabling non-technical people to ask business questions and get comprehensible answers. Danny shares his extensive 25-year journey in the IAM field, from the early days of enterprise portals to the complexities of managing identities in today's cloud-based environments. The discussion also touches on the evolution of customer identity and access management (CIAM) and the importance of making access frictionless and secure. Danny explains how Thales integrates various IAM technologies, including biometrics and secure access, to create a comprehensive identity solution. The episode wraps up with a light-hearted debate on whether Las Vegas is overrated or underrated as a conference destination. Connect with Danny: https://www.linkedin.com/in/dannydevreeze/ Learn more about Thales OneWelcome: https://www6.thalesgroup.com/b2b-identity-management?utm_source=Podcast_center&utm_campaign=B2B_IAM Attending Identity Week in Europe, America, or Asia? Use our discount code IDAC30 for 30% off your registration fee! Learn more at: Europe: https://www.terrapinn.com/exhibition/identity-week/ America: https://www.terrapinn.com/exhibition/identity-week-america Asia: https://www.terrapinn.com/exhibition/identity-week-asia/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com and watch at https://www.youtube.com/@idacpodcast
Monitoreo continuo de glucosa. CIAM 2024A pesar de los avances en el tratamiento actual de la diabetes, la esperanza de vida de las personas con diabetes tipo 1 se reduce en más de 10 años. La regulación fisiológica de los niveles de glucosa es extremadamente compleja y el inevitable aumento de los niveles medios de glucosa en sangre en personas con diabetes aumenta también el riesgo de complicaciones a corto y largo plazo.El desarrollo de un sistema de soporte digital automatizado para la interpretación de los datos contribuirá en gran medida al manejo de la diabetes, tanto para las personas con diabetes como para el equipo clínico que les brinda apoyo profesional. Escucha en este podcast nuestra transmisión desde el Conjunto Santander de Artes Escenicas, sede de CIAM 2024 con la participación de la Médica Endocrinóloga Pediatra Dulce María Granados quien nos habla del Monitoreo continuo de glucosa con Inteligencia Artificial.
Existen varias aplicaciones móviles disponibles relacionadas a la nutrición, como aplicaciones que cuentan las calorías, que ofrecen una puntuación a los alimentos, que generan un plan dietético, y/o que generan una lista saludable de compras. Las aplicaciones móviles que cuentan las calorías permiten a los usuarios ingresar información para calcular el requerimiento calórico, como edad, género, peso y talla actual, nivel de actividad física, entre otros datos. En base al requerimiento calórico calculado, a la meta establecida, y a lo que el usuario reportó como su consumo de alimentos y bebidas durante el día, algunas aplicaciones muestran si el consumo calórico estuvo por arriba, por debajo, o cerca de la meta. En este podcast de El Expresso de las 10 continuamos con nuestra cobertura del Congreso Internacional Avances en medicina, en vivo desde el Conjunto Santander, hoy hablamos de Aplicaciones móviles en nutrición con la compañía de la Nutrióloga María Alejandra Soto Blanquel.
La fractura de cadera es una rotura en alguno de los huesos de la cadera, pero generalmente la referimos así cuando ésta se identifica con la del extremo proximal del fémur, donde se articula con la pelvis. Esta es una de las patologías graves más comunes en personas mayores y la causa más frecuente de ingreso hospitalario en los servicios de Traumatología. La artroscopia del hombro es una herramienta diagnóstica y un instrumento esencial en la evolución de la cirugía mínimamente invasiva. Es una cirugía en la cual se utiliza una pequeña cámara llamada artroscopio para examinar o reparar los tejidos dentro o alrededor de la articulación del hombro.Rehabilitación en el adulto mayor con fractura de cadera y Artroscopia de hombro, son dos de los temas que se abordarán en el Congreso Internacional Avances en medicina 2004, temas que abordamos en este podcast de El Expresso de las 10 con el Dr. Carlos Fernando Godínez González - Médico especialista en Medicina de Rehabilitación y el Dr. Fernando Hiramuro Shoji - Médico Ortopedista y traumatólogo; como parte de nuestra cobertura en CIAM 2024… Bienvenidos
La aparición de tecnologías como la robótica, inteligencia artificial, realidad virtual, y nanotecnología se verá reflejada en modelos de negocios, e inevitablemente en condiciones de trabajo y nuevos perfiles epidemiológicos de las enfermedades de trabajo. La industria 4.0 influye en los procesos de los diversos puestos de trabajo, a veces eliminando los puestos monótonos y repetitivos permitiendo que los trabajadores se enfoquen en otro tipo de tareas; nuevas tareas que conllevan nuevos riesgos en la medida que la empresa consigue adquirir conocimiento con mayor rapidez, tomar decisiones al instante y crear procesos predictivos y autoajustables. Para la edición 2024 del Congreso Internacional Avances en Medicina, algunos de los temas del Módulo de Salud Ocupacional serán: Prevención de riesgos laborales y gestión de emergencias, Bienestar en el trabajador, Clima organizacional, satisfacción, bienestar y estrés laboral, entre otros. Escucha en este podcast de El Expresso de las 10 los detalles con las voces de la Mtra. en Ciencias. Esmeralda Alcaraz Sánchez Co-Coordinadora del Módulo del Salud Ocupacional y el Dr. Manuel Pando Moreno, Presidente de PIENSO en Latinoamérica (Programa de Investigación en Salud Ocupacional) quien será el encargado de la conferencia magistral Inteligencia Artificial y su impacto en la Salud Mental en el trabajo.
Inteligencia Artificial en la salud CIAM 2024 - El Expresso de las 10 - Mar. 09 Abril 2024La inteligencia artificial en medicina es el uso de modelos de aprendizaje automático para buscar datos médicos y descubrir conocimientos que ayuden a mejorar los resultados de salud y las experiencias de los pacientes. Gracias a los avances recientes en ciencias de la computación e informática, la inteligencia artificial se ha convertido rápidamente en una parte integral de la atención médica moderna.En este podcast de El Expresso de las 10 te presentamos una panorámica general del uso de la Inteligencia Artificial en Salud, con la presencia del Dr. Raúl Durán López, Médico con especialidad en Otorrinolaringología y Cirugía de Cabeza y Cuello y Presidente del XXV CIAM 2024; el Dr. José Raúl Padilla Gutiérrez, Médico con especialidad en Medicina Interna Adscrito al Servicio de Medicina Interna del Hospital Civil Fray Antonio Alcalde y el Dr. Mauricio Alfredo Ambriz Alarcón, Médico con especialidad en Medicina Interna, Integrante del Comité Científico XXV CIAM
LACTANCIA MATERNA CIAM 2024 - El Expresso de las 10 - Ma. 12 Mar 2024 La lactancia materna es una de las formas más eficaces de garantizar la salud y la supervivencia de los niños. La leche materna es el alimento ideal para los lactantes. Es segura y limpia y contiene anticuerpos que protegen de muchas enfermedades propias de la infancia. Además, suministra toda la energía y nutrientes que un bebé necesita durante los primeros meses de vida. Continúa aportando hasta la mitad o más de las necesidades nutricionales de un niño a los 6 meses, y hasta un tercio durante el segundo año. En el marco de nuestra cobertura del Congreso Internacional Avances en medicina Hoy en El Expresso de las 10 del Módulo de pediatría hablamos de lactancia materna, con la asesoría de la Dra. Elisa García Morales y Dra. Laura López Vargas del Servicio de Neonatología del Hospital Civil de Guadalajara "Fray Antonio Alcalde". Escucha nuestro podcast. La lactancia materna es una de las formas más eficaces de garantizar la salud y la supervivencia de los niños. La leche materna es el alimento ideal para los lactantes. Es segura y limpia y contiene anticuerpos que protegen de muchas enfermedades propias de la infancia. En el… pic.twitter.com/MWO4CCT6FU— Radio Universidad de Guadalajara (@RadioUdeG) March 12, 2024
ADICCIÓN A VIDEOJUEGOS CIAM 2024 - El Expresso de las 10 - Lu. 26 Feb 2024La adicción a los videojuegos, es una forma compulsiva e intensa de jugar videojuegos que interfiere significativamente con las actividades cotidianas, las relaciones sociales y la salud mental y física de una persona. Aunque no todos los jugadores de videojuegos desarrollan una adicción, ciertos factores pueden aumentar el riesgo, como la personalidad impulsiva, baja autoestima, ansiedad o depresión, y falta de habilidades sociales.En este podcast de El Expresso de las 10 en el marco de nuestra cobertura del Congreso Internacional Avances en Medicina Escucha otro de los temas relevantes en la actualidad… Adicción a videojuegos del módulo de Salud mental con la asesoría del Paidopsiquiatra José Manuel Rosas Navarro… BienvenidosLa adicción a los videojuegos, es una forma compulsiva e intensa de jugar videojuegos que interfiere significativamente con las actividades cotidianas, las relaciones sociales y la salud mental y física de una persona. Aunque no todos los jugadores de videojuegos… pic.twitter.com/dz3Jgsvi42— Radio Universidad de Guadalajara (@RadioUdeG) February 26, 2024 googletag.cmd.push(function () { googletag.display('div-gpt-ad-1689260104737-0'); }); La adicción a los videojuegos, es una forma compulsiva e intensa de jugar videojuegos que interfiere significativamente con las actividades cotidianas, las relaciones sociales y la salud mental y física de una persona. Aunque no todos los jugadores de videojuegos… pic.twitter.com/dz3Jgsvi42— Radio Universidad de Guadalajara (@RadioUdeG) February 26, 2024
In the latest episode of the State of Identity podcast series, we delve into the ever-evolving world of customer identity and access management. Join host Cameron D'Ambrosi from Liminal as he sits down with Brian Pontarelli, the founder and CEO of FusionAuth, to explore the exciting developments and challenges in the realm of passwordless authentication, user data management, and the quest for seamless transitions in the digital landscape. Bryan shares his expertise and unique perspective, shedding light on the fascinating journey of Fusion Auth and its pivotal role in this dynamic landscape. Tune in for a thought-provoking discussion that promises to expand your understanding of CIAM and its critical role in the modern enterprise.
Citizen identity and access management solutions can enhance government's digital engagements with their residents. Discover the resources referenced in the episode:Tyler's white paper, Improving Resident Engagement With Identity and Access ManagementTyler's e-book, A Digital Government Guide to Modernizing The Resident ExperienceThe Tyler Tech Resource Center City Hall Selfie Day with ELGL In this episode, Mike Teeters, Tyler's Senior Product Manager of Corporate Development, and Nick Winston, Sr. Director of Product Strategy for Tyler's Digital Solutions Division, share their thoughts on CIAM, how residents are interacting with these systems, and how governments can deliver better services by creating a digital profile for their residents that can be shared across departments and jurisdictions.
In this episode of the Identity at the Center podcast, Jim and Jeff talk to Cassio Sampaio, who runs product for Customer Identity at Okta. They discuss CIAM, which stands for Customer Identity and Access Management, and its importance in today's digital landscape. They cover topics such as the difference between CIAM and traditional employee-focused identity and access management, self-service, common challenges businesses face when implementing a CIAM capability, the role of artificial intelligence and machine learning in CIAM, and the future of CIAM. Cassio also gives advice to businesses that are just starting to explore implementing a CIAM solution. The episode ends on a lighter note with all three recommending non-IT books for listeners to check out to help them with their IAM or professional lives. Connect with Cassio: https://www.linkedin.com/in/csampaio/ Learn more about Okta: https://www.okta.com/ Okta Secure Sign-In Trends Report: https://www.okta.com/blog/2023/06/secure-sign-in-trends-report/ Introducing Auth0 CRAPTCHAs!: https://auth0.com/blog/introducing-auth0-craptchas/ The Password Game: https://neal.fun/password-game/ Thinking Fast and Slow (book recommendation): https://www.amazon.com/Thinking-Fast-Slow-Daniel-Kahneman/dp/0374533555 Outliers: The Story of Success (book recommendation): https://www.amazon.com/Outliers-Story-Success-Malcolm-Gladwell/dp/0316017930 One Minute Manager (book recommendation): https://www.amazon.com/Minute-Manager-Kenneth-Blanchard-Ph-D/dp/074350917X Authenticate Conference: Use code IDAC15PODCAST for 15% off your registration fees. Learn more about the Authenticate conference: https://authenticatecon.com/event/authenticate-2023/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and follow @IDACPodcast on Twitter.
En la XXIV edición del Congreso Internacional de Avances en Medicina “Salud preventiva para todos, enfrentando nuevas pandemias”, se contará con la presencia expertos nacionales e internaciones, que abordarán temas de actualidad y de máximo interés para todos los profesionales de salud y población en general retomando un modelo clave: la prevención.Hoy El Expresso de las 10 traslada sus micrófonos al Conjunto Santander de Artes Escénicas donde comienza hoy el Congreso internacional Avances en medicina, nos acompaña en la primera parte del programa la Dra. María Teresa Tapia de La Paz, Presidenta Ejecutiva de CIAM 2023 y en la segunda parte la Dra. Fabiola Martín del campo para hablar de Microbiota intestinal. Estamos en CIAM 2023.
En la XXIV edición del Congreso Internacional de Avances en Medicina “Salud preventiva para todos, enfrentando nuevas pandemias”, se contará con la presencia expertos nacionales e internaciones, que abordarán temas de actualidad y de máximo interés para todos los profesionales de salud y población en general retomando un modelo clave: la prevención. Hoy El Expresso […] La entrada CIAM QUÉ ES LA MICROBIOTA INTESTINAL – El Expresso de las 10 – Ju. 23 Mar 2023 se publicó primero en UDG TV.
Jim and Jeff talk with Mickey Boodaei, CEO and co-founder of Transmit Security, about reducing risk and fraud with modern authentication in Customer/Consumer Identity & Access Management (CIAM) platforms. Connect with Mickey: https://www.linkedin.com/in/mickeyboodaei/ Learn more about Transmit Security: https://www.transmitsecurity.com/ Events: Gartner IAM Summit: https://www.gartner.com/en/conferences/na/identity-access-management-us European Identity and Cloud Conference: https://www.kuppingercole.com/events/eic2023 Identiverse: https://identiverse.com/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and follow @IDACPodcast on Twitter.
About JackJack is Uptycs' outspoken technology evangelist. Jack is a lifelong information security executive with over 25 years of professional experience. He started his career managing security and operations at the world's first Internet data privacy company. He has since led unified Security and DevOps organizations as Global CSO for large conglomerates. This role involved individually servicing dozens of industry-diverse, mid-market portfolio companies.Jack's breadth of experience has given him a unique insight into leadership and mentorship. Most importantly, it fostered professional creativity, which he believes is direly needed in the security industry. Jack focuses his extra time mentoring, advising, and investing. He is an active leader in the ISLF, a partner in the SVCI, and an outspoken privacy activist. Links Referenced: UptycsSecretMenu.com: https://www.uptycssecretmenu.com Jack's email: jroehrig@uptycs.com TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: If you asked me to rank which cloud provider has the best developer experience, I'd be hard-pressed to choose a platform that isn't Google Cloud. Their developer experience is unparalleled and, in the early stages of building something great, that translates directly into velocity. Try it yourself with the Google for Startups Cloud Program over at cloud.google.com/startup. It'll give you up to $100k a year for each of the first two years in Google Cloud credits for companies that range from bootstrapped all the way on up to Series A. Go build something, and then tell me about it. My thanks to Google Cloud for sponsoring this ridiculous podcast.Corey: This episode is brought to us by our friends at Pinecone. They believe that all anyone really wants is to be understood, and that includes your users. AI models combined with the Pinecone vector database let your applications understand and act on what your users want… without making them spell it out. Make your search application find results by meaning instead of just keywords, your personalization system make picks based on relevance instead of just tags, and your security applications match threats by resemblance instead of just regular expressions. Pinecone provides the cloud infrastructure that makes this easy, fast, and scalable. Thanks to my friends at Pinecone for sponsoring this episode. Visit Pinecone.io to understand more.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. This promoted guest episode is brought to us by our friends at Uptycs. And they have sent me their Technology Evangelist, Jack Charles Roehrig. Jack, thanks for joining me.Jack: Absolutely. Happy to spread the good news.Corey: So, I have to start. When you call yourself a technology evangelist, I feel—just based upon my own position in this ecosystem—the need to ask, I guess, the obvious question of, do you actually work there, or have you done what I do with AWS and basically inflicted yourself upon a company. Like, well, “I speak for you now.” The running gag that becomes more true every year is that I'm AWS's chief marketing officer.Jack: So, that is a great question. I take it seriously. When I say technology evangelist, you're speaking to Jack Roehrig. I'm a weird guy. So, I quit my job as CISO. I left a CISO career. For, like, ten years, I was a CISO. Before that, 17 years doing stuff. Started my own thing, secondaries, investments, whatever.Elias Terman, he hits me up and he says, “Hey, do you want this job?” It was an executive job, and I said, “I'm not working for anybody.” And he says, “What about a technology evangelist?” And I was like, “That's weird.” “Check out the software.”So, I'm going to check out the software. I went online, I looked at it. I had been very passionate about the space, and I was like, “How does this company exist in doing this?” So, I called him right back up, and I said, “I think I am.” He said, “You think you are?” I said, “Yeah, I think I'm your evangelist. Like, I think I have to do this.” I mean, it really was like that.Corey: Yeah. It's like, “Well, we have an interview process and the rest.” You're like, “Yeah, I have a goldfish. Now that we're done talking about stuff that doesn't matter, I'll start Monday.” Yeah, I like the approach.Jack: Yeah. It was more like I had found my calling. It was bizarre. I negotiated a contract with him that said, “Look, I can't just work for Uptycs and be your evangelist. That doesn't make any sense.” So, I advise companies, I'm part of the SVCI, I do secondaries, investment, I mentor, I'm a steering committee member of the ISLF. We mentor security leaders.And I said, “I'm going to continue doing all of these things because you don't want an evangelist who's just an Uptycs evangelist.” I have to know the space. I have to have my ear to the ground. And I said, “And here's the other thing, Elias. I will only be your evangelist while I'm your evangelist. I can't be your evangelist when I lose passion. I don't think I'm going to.”Corey: The way I see it, authenticity matters in this space. You can sell out exactly once, so make it count because you're never going to be trusted again to do it a second time. It keeps people honest, at least the ones you actually want to be doing work with. So, you've been in the space a long time, 20 years give or take, and you've seen an awful lot. So, I'm curious, given that I tend to see about, you know, six or seven different companies in the RSA Sponsor Hall every year selling things because you know, sure hundreds of booths, bunch of different marketing logos and products, but it all distills down to the same five or six things.What did you see about Uptycs that made you say, “This is different?” Because to be very direct, looking at the website, it's, “Oh, what do you sell?” “Acronyms. A whole bunch of acronyms that, because I don't eat, sleep, and breathe security for a living, I don't know what most of them mean, but I'm sure they're very impressive and important.” What does it actually do, for those of us who are practitioners, but not swimming in the security vendor stream?Jack: So, I've been obsessed with this space and I've seen the acronyms change over and over and over again. I'm always the first one to say, “What does that mean?” As the senior guy in the room a lot of time. So, acronyms. What does Uptycs do? What drew me into them? They did HIDS, Host Intrusion Detection System. I don't know if you remember that. Turned into—Corey: Oh, yeah. OSSEC was the one I always wound up using, the open-source version. OSSEC [kids 00:04:10]. It's like, oh, instead of paying a vendor, you can contribute it yourself because your time is free, right? Free as in puppy, or these days free as in tier when it comes to cloud.Jack: Oh, I like that. So, yeah, I became obsessed with this HIDS stuff. I think it was evident I was doing it, that it was threat [unintelligible 00:04:27]. And these companies, great companies. I started this new job in an education technology company and I needed a lot of work, so I started to play around with more sophisticated HIDS systems, and I fell in love with it. I absolutely fell in love with it.But there are all these limitations. I couldn't find this company that would build it right. And Uptycs has this reputation as being not very sexy, you know? People telling me, “Uptycs? You're going to Uptycs?” Yeah—I'm like, “Yeah. They're doing really cool stuff.”So, Uptycs has, like, this brand name and I had referred Uptycs before without even knowing what it was. So, here I am, like, one of the biggest XDR, I hope to say, activists in the industry, and I didn't know about Uptycs. I felt humiliated. When I heard about what they were doing, I felt like I wasted my career.Corey: Well, that's a strong statement. Let's begin with XDR. To my understanding, that some form of audio cable standard that I use to plug into my microphone. Some would say it, “X-L-R.” I would say sounds like the same thing. What is XDR?Jack: What is it, right? So, [audio break 00:05:27] implement it, but you install an agent, typically on a system, and that agent collects data on the system: what processes are running, right? Well, maybe it's system calls, maybe it's [unintelligible 00:05:37] as regular system calls. Some of them use the extended Berkeley Packet Filter daemon to get stuff, but one of the problems is that we are obtaining low-level data on an operating system, it's got to be highly specific. So, you collect all this data, who's logging in, which passwords are changing, all the stuff that a hacker would do as you're typing on the computer. You're maybe monitoring vulnerabilities, it's a ton of data that you're monitoring.Well, one of the problems that these companies face is they try to monitor too much. Then some came around and they tried to monitor too little, so they weren't as real-time.Corey: Sounds like a little pig story here.Jack: Yeah [laugh], exactly. Another company came along with a fantastic team, but you know, I think they came in a little late in the game, and it looks like they're folding now. They were wonderful company, but the one of the biggest problems I saw was the agent, the compatibility. You know, it was difficult to deploy. I ran DevOps and security and my DevOps team uninstalled the agent because they thought there was a problem with it, we proved there wasn't and four months later, they hadn't completely reinstall it.So, a CISO who manages the DevOps org couldn't get his own DevOps guy to install this agent. For good reason, right? So, this is kind of where I'm going with all of this XDR stuff. What is XDR? It's an agent on a machine that produces a ton of data.I—it's like omniscience. Yes, I started to turn it in, I would ping developers, I was like, “Why did you just run sudo on that machine?” Right. I mean, I knew everything was going on in the space, I had a good intro to all the assets, they technically run on the on-premise data center and the quote-unquote, “Cloud.” I like to just say the production estate. But it's omniscience. It's insights, you can create rules, it's one of the most powerful security tools that exists.Corey: I think there's a definite gap as far as—let's narrow this down to cloud for just a second before we expand this into the joy that has data centers—where you can instrument a whole bunch of different security services in any cloud provider—I'm going to pick on AWS because they're the 800-pound gorilla in the room, and frankly, they could use taking down a peg or two by and large—and you wind up configuring all the different security services that in some cases seem totally unaware of each other, but that's the AWS product portfolio for you. And you do the math out and realize that it theoretically would cost you—to enable all these things—about three times as much as the actual data breach you're ideally trying to prevent against. So, on some level, it feels like, “Heads, I win; tails, you lose,” style scenario.And the answer that people have started reaching out to third-party vendors to wind up tying all of this together into some form of cohesive narrative that a human being has a hope in hell of understanding. But everything I've tried to this point still feels like it is relatively siloed, focused on the whole fear, uncertainty, and doubt that is so inherent to so much of the security world's marketing. And it's almost like cost control where you can spend almost limitless amount of time, energy, money, et cetera, trying to fix these things, but it doesn't advance your company to the next milestone. It's like buying fire insurance on your building. You can spend all the money on fire insurance. Great, it doesn't get you to the next milestone that propels your company forward. It's all reactive instead of proactive. So, it feels like it is never the exciting, number-one priority for companies until right after it should have been higher in the list than it was.Jack: So, when I worked at Turnitin, we had saturated the market. And we worked in education, technology space globally. Compliance everywhere. So, I just worked on the Australian Data Infrastructure Act of 2020. I'm very familiar with the 27 data privacy regulations that are [laugh] in scope for schools. I'm a FERPA expert, right? I know that there's only one P in HIPAA [laugh].So, all of these compliance regulations drove schools and universities, consortiums, government agencies to say, “You need to be secure.” So, security at Turnitin was the number one—number one—key performance indicator of the company for one-and-a-half years. And these cloud security initiatives didn't just make things more secure. They also allowed me to implement a reasonable control framework to get various compliance certifications. So, I'm directly driving sales by deploying these security tools.And the reason why that worked out so great is, by getting the certifications and by building a sensible control framework layer, I was taking these compliance requirements and translating them into real mitigations of business risk. So, the customers are driving security as they should. I'm implementing sane security controls by acting as the chief security officer, company becomes more secure, I save money by using the correct toolset, and we increased our business by, like, 40% in a year. This is a multibillion-dollar company.Corey: That is definitely a story that resonates, especially with organizations that are—or they should be—compliance-forward and having to care about the nature of what it is that they're doing. But I have a somewhat storied history in working in FinTech and large-scale financial services. One of the nice things about that job, which is sort of a weird thing to say there if you don't want to get ejected from the room, has been, “Yeah well, it's only money,” in the final analysis. Because yeah, no one dies if you wind up screwing that up. People's kids don't get exposed.It's just okay, people have to fill out a bunch of forms and you get sued into oblivion and you're not there anymore because the first role of a CISO is to be ablative and get burned away whenever there's a problem. But it still doesn't feel like it does more for a number of clients than, on some level, checking a box that they feel needs to be checked. Not that it shouldn't be, necessarily, but I have a hard time finding people that get passionately excited about security capabilities. Where are they hiding?Jack: So, one of the biggest problems that you're going to face is there are a lot of security people that have moved up in the ranks through technology and not through compliance and technology. These people will implement control frameworks based on audit requirements that are not bespoke to their company. They're doing it wrong. So, we're not ticking boxes; I'm creating boxes that need to be ticked to secure the infrastructure. And at Turnitin, Turnitin was a company that people were forced to use to submit their works in the school.So, imagine that you have to submit a sensitive essay, right? And that sensitive essay goes to this large database. We have the Taiwanese government submitting confidential data there. I had the chief scientist at NASA submitting in pre-publication data there. We've got corporate trade secrets that are popped in there. We have all kinds of FDA pre-approval stuff. This is a plagiarism detection software being used by large companies, governments, and 12-year-old girls, right, who don't want their data leaked.So, if you look at it, like, this is an ethical thing that is required for us to do, our customers drive that, but truly, I think it's ethics that drive it. So, when we implemented a control framework, I didn't do the minimum, I didn't run an [unintelligible 00:12:15] scan that nobody ran. I looked for tools that satisfied many boxes. And one of the things about the telemetry at scale, [unintelligible 00:12:22], XDR, whatever want to call it, right? But the agent-based systems that monitor for all of us this run-state data, is they can take a lot of your technical SOC controls.Furthermore, you can use these tools to improve your processes like incident response, right? You can use them to log things. You can eliminate your SIEM by using this for your DLP. The problem of companies in the past is they wouldn't deploy on the entire infrastructure. So, you'd get one company, it would just be on-prem, or one company that would just run on CentOS.One of the reasons why I really liked this Uptycs company is because they built it on an osquery. Now, if you mention osquery, a lot of people glaze over, myself included before I worked at Uptycs. But apparently what it is, is it's this platform to collect a ton of data on the run state of a machine in real-time, pop it into a normalized SQL database, and it runs on a ton of stuff: Mac OS, Windows, like, tons of version of Linux because it's open-source, so people are porting it to their infrastructure. And that was one of these unique differentiators is, what is the cloud? I mean, AWS is a place where you can rapidly prototype, there's tons of automation, you can go in and you build something quickly and then it scales.But I view the cloud as just a simple abstraction to refer to all of my assets, be them POPS, on-premise data machines, you know, the corporate environment, laptops, desktops, the stuff that we buy in the public clouds, right? These things are all part of the greater cloud. So, when I think cloud security, I want something that does it all. That's very difficult because if you had one tool run on your cloud, one tool to run on your corporate environment, and one tool to run for your production environment, those tools are difficult to manage. And the data needs to be ETL, you know? It needs to be normalized. And that's very difficult to do.Our company is doing [unintelligible 00:14:07] security right now as a company that's taking all these data signals, and they're normalizing them, right, so that you can have one dashboard. That's a big trend in security right now. Because we're buying too many tools. So, I guess the answer that really is, I don't see the cloud is just AWS. I think AWS is not just data—they shouldn't call themselves the cloud. They call themselves the cloud with everything. You can come in, you can rapidly prototype your software, and you know what? You want to run to the largest scale possible? You can do that too. It's just the governance problem that we run into.Corey: Oh, yes. The AWS product strategy is pretty clearly, in a word, “Yes,” written on a Post-it note somewhere. That's the easiest job in the world is running their strategy. The challenge, too, is that we don't live in a world where monocultures are a thing anymore because regardless—if you use AWS for the underlying infrastructure, great, that makes a lot of sense. Use it for a lot of the higher-up the stack, SaaS-y type things that you don't want to have to build yourself from—by going to Home Depot and picking up components, you're doing something relatively foolish in most cases.They're a plumbing company not a porcelain company, in many respects. And regardless of what your intention is around multiple clouds, people wind up using different things. In most cases, you're going to be storing your source code in GitHub, not in AWS CodeCommit because CodeCommit doesn't really have any customers, for reasons that become blindingly apparent the first time you try to use it for something. So, you always wind up with these cross-cloud, cross-infrastructure stories. For any company that had the temerity to be founded before 2010, they probably have an on-premises data center as well—or six or more—and you're starting to try to wind up having a whole bunch of different abstractions viewed through the same lenses in terms of either observability or control plane or governance, or—dare I say it—security. And it feels like there are multiple approaches, all of which have their drawbacks, which of course means, it's complicated. What's your take on it?Jack: So, I think it was two years ago we started to see tools to do signal consumption. They would aggregate those signals and they would try and produce meaningful results that were actionable rather than you having to go and look at all this granular data. And I think that's phenomenal. I think a lot of companies are going to start to do that more and more. One of the other trends people do is they eliminated data and they went machine-learning and anomaly detection. And that didn't work.It missed a lot of things, right, or generated a lot of false positive. I think that one of the next big technologies—and I know it's been done for two years—but I think we're the next things we're going to see is the axonius of the consumption of events, the categorization into alerts-based synthetic data classification policies, and we're going to look at the severity classifications of those, they're going to be actionable in a priority queue, and we're going to eliminate the need for people that don't like their jobs and sit at a SOC all day and analyze a SIEM. I don't ever run a SIEM, but I think that this diversity can be a good thing. So, sometimes it's turned out to be a bad thing, right? We wanted to diversity, we don't want all the data to be homogenous. We don't need data standards because that limits things. But we do want competition. But I would ask you this, Corey, why do you think AWS? We remember 2007, right?Corey: I do. Oh, I've been around at least that long.Jack: Yeah, you remember when S3 came up. Was that 2007?Corey: I want to say 2004, 2005 in beta, and then relaunched as the first general available service. The first beta service was SQS, so there's always some question about which one was first. I don't get in the middle of those fights because all I'm going to do is upset people.Jack: But S3 was awesome. It still is awesome, right?Corey: Oh yes.Jack: And you know what I saw? I worked for a very older company with very strict governance. You know with SOX compliance, which is a joke, but we also had SOC compliance. I did HIPAA compliance for them. Tons of compliance to this.I'm not a compliance off, too, by trade. So, I started seeing [x cards 00:17:54], you know, these company personal cards, and people would go out and [unintelligible 00:17:57] platform because if they worked with my teams internally, if they wanted to get a small app deployed, it was like a two, three-month process. That process was long because of CFO overhead, approvals, vendor data security vetting, racking machines. It wasn't a problem that was inherent to the technology. I actually built a self-service cloud in that company. The problem was governance. It was financial approvals, it was product justification.So, I think AWS is really what made the internet inflect and scale and innovate amazingly. But I think that one of the things that it sacrificed was governance. So, if you tie a lot of what we're saying back together, by using some sort of tool that you can pop into a cloud environment and they can access a hundred percent of the infrastructure and look for risks, what you're doing is you're kind of X-Ray visioning into all these nodes that were deployed rapidly and kept around because they were crown jewels, and you're determining the risks that lie on them. So, let's say that 10 or 15% of your estate is prototype things that grew at a scale and we can't pull back into our governance infrastructure. A lot of times people think that those types of team machines are probably pretty locked down and they're probably low risk.If you throw a company on the side scanner or something like that, you'll see they have 90% of the risk, 80% of the risk. They're unpatched and they're old. So, I remember at one point in my career, right, I'm thinking Amazon's great. I'm—[unintelligible 00:19:20] on Amazon because they've made the internet go, they influxed. I mean, they've scaled us up like crazy.Corey: Oh, the capability store is phenomenal. No argument there.Jack: Yeah. The governance problem, though, you know, the government, there's a lot of hacks because of people using AWS poorly.Corey: And to be clear, that's everyone. We all are. I take a look at some of the horrible technical decisions I made even a couple of years ago, based upon what I know now, it's difficult to back out and wind up doing things the proper way. I wrote an article a while back, “17 Ways to Run Containers on AWS,” and listed all the services. And I think it was a little on the nose, but then I wrote 17, “More Ways to Run Containers on AWS,” but different services. And I'm about three-quarters of the way through the third in the sequel. I just need a couple more releases and we're good to go.Jack: The more and more complexity you add, the more security risk exists. And I've heard horror stories. Dictionary.com lost a lot of business once because a couple of former contractors deleted some instances in AWS. Before that, they had a secret machine they turned into a pixel [unintelligible 00:20:18] and had take down their iPhone app.I've seen some stuff. But one of the interesting things about deploying one of these tools in AWS, they can just, you know, look X-Ray vision on into all your compute, all your storage and say, “You have PIIs stored here, you have personal data stored here, you have this vulnerability, that vulnerability, this machine has already been compromised,” is you can take that to your CEO as a CISO and say, “Look, we were wrong, there's a lot of risk here.” And then what I've done in the past is I've used that to deploy HIDS—XDR, telemetry at scale, whatever you want to call it—these agent-based solutions, I've used that to justification for them. Now, the problem with this solutions that use agentless is almost all of them are just in the cloud. So, just a portion of your infrastructure.So, if your hybrid environment, you have data centers, you're ignoring the data centers. So, it's interesting because I've seen these companies position themselves as competitors when really, they're in complementary spaces, but one of them justified the other for me. So, I mean, what do you think about that awkward competition? Why was this competition exists between these people if they do completely different things?Corey: I'll take it a step further. I'm a big believer that security for the cloud providers should not be a revenue generator in any meaningful sense because at that point, they wind up with an inherent conflict of interest, where when they start charging, especially trying to do value-based pricing as they move up the stack, what they're inherently saying is, great, you can get our version of our services that is less secure, so that they're what they're doing is they're making security on their platform an inherent investment decision. And I've never been a big believer in that approach.Jack: The SSO tax.Corey: Oh, yes. And many others.Jack: Yeah. So, I was one of the first SSO tax contributors. That started it.Corey: You want data plane audit logging? Great, that'll cost you. But they finally gave in a couple of years back and made the first management trail for CloudTrail audit logging free for everyone. And people still advertently built second ones and then wonder why they're paying through the nose. Like, “Oh, that's 40 grand a month. That should be zero.” Great. Send that to your SIEM and then have that pass it out to where it needs to go. But so much of it is just these weird configuration taxes that people aren't fully aware exist.Jack: It's the market, right? The market is—so look at Amazon's IAM. It is amazing, right? It's totally robust, who is using it correctly? I know a lot of people are. I've been the CISO for over 100 companies and IAM is was one of those things that people don't know how to use, and I think the reason is because people aren't paying for it, so AWS can continue to innovate on it.So, we find ourselves with this huge influx of IAM tools in the startup scene. We all know Uptycs does some CIAM and some identity management stuff. But that's a great example of what you're talking about, right? These cloud companies are not making the things inherently secure, but they are giving some optionality. The products don't grow because they're not being consumed.And AWS doesn't tend to advertise them as much as the folks in the security industry. It's been one complaint of mine, right? And I absolutely agree with you. Most of the breaches are coming out of AWS. That's not AWS's fault. AWS's infrastructure isn't getting breached.It's the way that the customers are configuring the infrastructure. That's going to change a lot soon. We're starting to see a lot of change. But the fundamental issue here is that security needs to be invested in for short-term initiatives, not just for long-term initiatives. Customers need to care about security, not compliance. Customers need to see proof of security. A customer should be demanding that they're using a secure company. If you've ever been on the vendor approval side, you'll see it's very hard to push back on an insecure company going through the vendor process.Corey: This episode is sponsored in part by our friends at Uptycs, because they believe that many of you are looking to bolster your security posture with CNAPP and XDR solutions. They offer both cloud and endpoint security in a single UI and data model. Listeners can get Uptycs for up to 1,000 assets through the end of 2023 (that is next year) for $1. But this offer is only available for a limited time on UptycsSecretMenu.com. That's U-P-T-Y-C-S Secret Menu dot com.Corey: Oh, yes. I wound up giving probably about 100 companies now S3 Bucket Negligence Awards for being public about failing to secure their data and put that out into the world. I had one physical bucket made, the S3 Bucket Responsibility Award and presented it to their then director of security over at the Pokémon Company because there was a Wall Street Journal article talking about how their security review—given the fact that they are a gaming company that has children as their primary customer—they take it very seriously. And they cited the reason they're not to do business with one unnamed vendor was in part due to the lackadaisical approach around S3 bucket control. So, that was the one time I've seen in public a reference where, “Yeah, we were going to use a vendor and their security story was terrible, and we decided not to.”It's, why is that news? That should be a much more common story, but these days, it feels like procurement is rubber-stamping it and, like, “Okay, great. Fill out the form.” And, “Okay, you gave some wrong answers on the form. Try it again and tell the story differently until it gets shoved through.” It feels like it's a rubber stamp rather than a meaningful control.Jack: It's not a rubber stamp for me when I worked in it. And I'm a big guy, so they come to me, you know, like—that's how being, like, career law, it's just being big and intimidating. Because that's—I mean security kind of is that way. But, you know, I've got a story for you. This one's a little more bleak.I don't know if there's a company called Ask.fm—and I'll mention them by name—right, because, well, I worked for a company that did, like, a hostile takeover this company. And that's when I started working with [unintelligible 00:25:23]. [unintelligible 00:25:24]. I speak Russian and I learned it for work. I'm not Russian, but I learned the language so that I could do my job.And I was working for a company with a similar name. And we were in board meetings and we were crying, literally shedding tears in the boardroom because this other company was being mistaken for us. And the reason why we were shedding tears is because young women—you know, 11 to 13—were committing suicide because of online bullying. They had no health and safety department, no security department. We were furious.So, the company was hosted in Latvia, and we went over there and we installed one I lived in Latvia for quite a bit, working as the CISO to install a security program along with the health and safety person to install the moderation team. This is what we need to do in the industry, especially when it comes to children, right? Well, regulation solve it? I don't know.But what you're talking about the Pokémon video game, I remember that right? We can't have that kind of data being leaked. These are children. We need to protect them with information security. And in education technology, I'll tell you, it's just not a budget priority.So, the parents need to demand the security, we need to demand these audit certifications, and we need to demand that our audit firms are audited better. Our audit firms need to be explaining to security leaders that the control frameworks are something that they're responsible for creating bespoke. I did a presentation with Al Kingsley recently about security compliance, comparing FERPA and COPPA to the GDPR. And it was very interesting because FERPA has very little teeth, it's very long code and GDPR is relatively brilliant. GDPR made some changes. FERPA was so ambiguous and vague, it made a lot of changes, but they were kind of like, in any direction ever because nobody knows FERPA is. So, I don't know, what's the answer to that? What do we do?Corey: Yeah. The challenge is, you can see a lot of companies in specific areas doing the right thing, when they're intentionally going out on day one to, for example, service kids as a primary user base demographic. The challenge that you see with this is that, that's great, but then you have things that are not starting off with that point of view. And they started running into population limits and realize, okay, we've got to start expanding our user base somewhere, and then they went a bolting on those things is almost as an afterthought, where, “Oh, well, we've been basically misusing people's data for our entire existence, but now—now—we're suddenly magically going to do the right thing where kids are concerned.” I wish, but unfortunate that philosophy assumes a better take of humanity than is readily apparent.Jack: I wonder why they do that though, right? Something's got to, you know, news happened or something and that's why they're doing it. And that's not okay. But I have seen companies, one of the founders of Scantron—do you know what a Scantron is?Corey: Oh, yes. I'm much older than I look.Jack: Yeah, I'm much older than I look, too. I like to think that. But for those that don't know, a scantron, use a number two pencil and you filled in these little dots. And it was for taking tests. So, the guy who started Scantron, created a small two-person company.And AWS did something magnificent. They recognized that it was an education technology company, and they gave them, for free, security consultation services, security implementation services. And when we bought this company—I'm heavily involved in M&A, right—I'm sitting down with the two founders of the company, and my jaw is on the desk. They were more secure than a lot of the companies that I've worked with that had robust security departments. And I said, “How did you do this?”They said, “AWS provided us with this free service because we're education technology.” I teared up. My heart was—you know, that's amazing. So, there are companies that are doing this right, but then again, look at Grammarly. I hate to pick on Grammarly. LanguageTool is an open-source I believe, privacy-centric Grammarly competitor, but Grammarly, invest in your security a little more, man. Y'all were breached. They store a lot of data, they [unintelligible 00:29:10] lot of the data.Corey: Oh, and it scared the living hell out of companies realizing that they had business users using Grammarly as an extension to work on internal documents and just sending proprietary data to some third-party service that they clicked through the terms on and I don't know that it was ever shown the Grammarly was misusing any of that, but the potential for that is massive.Jack: Do you know what they were doing with it?Corey: Well, using AI to learn these things. Yeah, but it's the supervision story always involves humans reading it.Jack: They were building a—and I think—nobody knows the rumor, but I've worked in the industry, right, pretty heavily. They're doing something great for the world. I believe they're building a database of works submitted to do various things with them. One of those things is plagiarism detection. So, in order to do that they got to store, like, all of the data that they're processing.Well, if you have all the data that you've done for your company that's sitting in this Grammarly database and they get hacked—luckily, that's a lot of data. Maybe you'll be overlooked. But I've data breach database sitting here on my desk. Do you know how many rows it's got? [pause]. Yes, breach database.Corey: Oh, I wouldn't even begin to guess. I know the data volumes that Troy Hunt's Have I Been Pwned? Site winds up dealing with and it is… significant.Jack: How many billions of rows do you think it is?Corey: Ah, I'd say 20 as an argument?Jack: 34.Corey: Okay. Yeah, directionally right. Fermi estimation saves us yet again.Jack: [laugh]. The reason I build this breach database is because I thought Covid would slow down and I wanted it to do executive protection. Companies in the education space also suffer from [active 00:30:42] shooters and that sort of thing. So, that's another thing about security, too, is it transcends all these interesting areas, right? Like here, I'm doing executive risk protection by looking at open-source data.Protect the executives, show the executives that security is a concern, these executives that'll realize security's real. Then these past that security down in the list of priorities, and next thing you know, the 50 million active students that are using Turnitin are getting better security. Because an executive realized, “Hey, wait a minute, this is a real thing.” So, there's a lot of ways around this, but I don't know, it's a big space, there's a lot of competition. There's a lot of companies that are coming in and flashing out of the pan.A lot of companies are coming in and building snake oil. How do people know how to determine the right things to use? How do people don't want to implement? How do people understand that when they deploy a program that only applies to their cloud environment it doesn't touch there on-prem where a lot of data might be a risk? And how do we work together? How do we get teams like DevOps, IT, SecOps, to not fight each other for installing an agent for doing this?Now, when I looked at Uptycs, I said, “Well, it does the EDR for corp stuff, it does the host intrusion detection, you know, the agent-based stuff, I think, for the well because it uses a buzzword I don't like to use, osquery. It's got a bunch of cloud security configuration on it, which is pretty commoditized. It does agentless cloud scanning.” And it—really, I spent a lot of my career just struggling to find these tools. I've written some myself.And when I saw Uptycs, I was—I felt stupid. I couldn't believe that I hadn't used this tool, I think maybe they've increased substantially their capabilities, but it was kind of amazing to me that I had spent so much of my time and energy and hadn't found them. Luckily, I decided to joi—actually I didn't decide to join; they kind of decided for me—and they started giving it away for free. But I found that Uptycs needs a, you know, they need a brand refresh. People need to come and take a look and say, “Hey, this isn't the old Uptycs. Take a look.”And maybe I'm wrong, but I'm here as a technology evangelist, and I'll tell you right now, the minute I no longer am evangelists for this technology, the minute I'm no longer passionate about it, I can't do my job. I'm going to go do something else. So, I'm the one guy who will put it to your brass tacks. I want this thing to be the thing I've been passionate about for a long time. I want people to use it.Contact me directly. Tell me what's wrong with it. Tell me I'm wrong. Tell me I'm right. I really just want to wrap my head around this from the industry perspective, and say, “Hey, I think that these guys are willing to make the best thing ever.” And I'm the craziest person in security. Now, Corey, who's the craziest person security?Corey: That is a difficult question with many wrong answers.Jack: No, I'm not talking about McAfee, all right. I'm not that level of crazy. But I'm talking about, I was obsessed with this XDR, CDR, all the acronyms. You know, we call it HIDS, I was obsessed with it for years. I worked for all these companies.I quit doing, you know, a lot of very good entrepreneurial work to come work at this company. So, I really do think that they can fix a lot of this stuff. I've got my fingers crossed, but I'm still staying involved in other things to make these technologies better. And the software's security space is going all over the place. Sometimes it's going bad direction, sometimes it's going to good directions. But I agree with you about Amazon producing tools. I think it's just all market-based. People aren't going to use the complex tools of Amazon when there's all this other flashy stuff being advertised.Corey: It all comes down to marketing budget, and AWS has always struggled with telling a story. I really want to thank you for being so generous with your time. If people want to learn more, where should they go?Jack: Oh, gosh, everywhere. But if you want to learn more about Uptycs, why don't you just email me?Corey: We will, of course, put your email address into the show notes.Jack: Yeah, we'll do it.Corey: Don't offer if you're not serious. There's also uptycssecretmenu.com, which is apparently not much of a secret, given the large banner all over Uptycs' website.Jack: Have you seen this? Let me just tell you about this. This is not a catch. I was blown away by this; it's one of the reasons I joined. For a buck, if you have between 100 and 1000 nodes, right, you get our agentless system and our agent-based system, right?I think it's only on AWS. But that's, like, what, $150, $180,000 value? You get it for a full year. You don't have to sign a contract to renew or anything. Like, you just get it for a buck. If anybody who doesn't go on to the secret menu website and pay $1 and check out this agentless solution that deploys in two minutes, come on, man.I challenge everybody, go on there, do that, and tell me what's wrong with it. Go on there, do that, and give me the feedback. And I promise you I'll do everything in my best efforts to make it the best. I saw the engineering team in this company, they care. Ganesh, the CEO, he is not your average CEO.This guy is in tinkerers. He's on there, hands on keyboard. He responds to me in the middle of night. He's a geek just like me. But we need users to give us feedback. So, you got this dollar menu, you sign up before the 31st, right? You get the product for buck. Deploy the thing in two minutes.Then if you want to do the XDR, this agent-based system, you can deploy that at your leisure across whichever areas you want. Maybe you want a corporate network on laptops and desktops, your production infrastructure, your compute in the cloud, deploy it, take a look at it, tell me what's wrong with it, tell me what's right with it. Let's go in there and look at it together. This is my job. I want this company to work, not because they're Uptycs but because I think that they can do it.And this is my personal passion. So, if people hit me up directly, let's chat. We can build a Slack, Uptycs skunkworks. Let's get this stuff perfect. And we're also going to try and get some advisory boards together, like, maybe a CISO advisory board, and just to get more feedback from folks because I think the Uptycs brand has made a huge shift in a really positive direction.And if you look at the great thing here, they're unifying this whole agentless and agent-based stuff. And a lot of companies are saying that they're competing with that, those two things need to be run together, right? They need to be run together. So, I think the next steps here, check out that dollar menu. It's unbelievable. I can't believe that they're doing it.I think people think it's too good to be true. Y'all got nothing to lose. It's a buck. But if you sign up for it right now, before the December 31st, you can just wait and act on it any month later. So, just if you sign up for it, you're just locked into the pricing. And then you want to hit me up and talk about it. Is it three in the morning? You got me. It's it eight in the morning? You got me.Corey: You're more generous than I am. It's why I work on AWS bills. It's strictly a business-hours problem.Jack: This is not something that they pay me for. This is just part of my personal passion. I have struggled to get this thing built correctly because I truly believe not only is it really cool—and I'm not talking about Uptycs, I mean all the companies that are out there—but I think that this could be the most powerful tool in security that makes the world more secure. Like, in a way that keeps up with the security risks increasing.We just need to get customers, we need to get critics, and if you're somebody who wants to come in and prove me wrong, I need help. I need people to take a look at it for me. So, it's free. And if you're in the San Francisco Bay Area and you give me some good feedback and all that, I'll take you out to dinner, I'll introduce you to startup companies that I think, you know, you might want to advise. I'll help out your career.Corey: So, it truly is dollar menu then.Jack: Well, I'm paying for the dinner out my personal thing.Corey: Exactly. Well, again, you're also paying for the infrastructure required to provide the service, so, you know, one way or another, it's all the best—it's just like Cloud, there is no cloud. It's just someone else's cost center. I like that.Jack: Well, yeah, we're paying for a ton of data hosting. This is a huge loss leader. Uptycs has a lot of money in the bank, I think, so they're able to do this. Uptycs just needs to get a little more bold in their marketing because I think they've spent so much time building an awesome product, it's time that we get people to see it. That's why I did this.My career was going phenomenally. I was traveling the world, traveling the country promoting things, just getting deals left and right and then Elias—my buddy over at Orca; Elias, one of the best marketing guys I've ever met—I've never done marketing before. I love this. It's not just marketing. It's like I get to take feedback from people and make the product better and this is what I've been trying to do.So, you're talking to a crazy person in security. I will go well above and beyond. Sign up for that dollar menu. I'm telling you, it is no commitment, maybe you'll get some spam email or something like that. Email me directly, I'll kill the spam email.You can do it anytime before the end of 2023. But it's only for 2023. So, you got a full year of the services for free. For free, right? And one of them takes two minutes to deploy, so start with that one. Let me know what you think. These guys ideate and they pivot very quickly. I would love to work on this. This is why I came here.So, I haven't had a lot of opportunity to work with the practitioners. I'm there for you. I'll create a Slack, we can all work together. I'll invite you to my Slack if you want to get involved in secondaries investing and startup advisory. I'm a mentor and a leader in this space, so for me to be able to stay active, this is like a quid pro quo with me working for this company.Uptycs is the company that I've chosen now because I think that they're the ones that are doing this. But I'm doing this because I think I found the opportunity to get it done right, and I think it's going to be the one thing in security that when it is perfected, has the biggest impact.Corey: We'll see how it goes out over the coming year, I'm sure. Thank you so much for being so generous with your time. I appreciate it.Jack: I like you. I like you, Corey.Corey: I like me too.Jack: Yeah? All right. Okay. I'm telling [unintelligible 00:39:51] something. You and I are very weird.Corey: It works out.Jack: Yeah.Corey: Jack Charles Roehrig, Technology Evangelist at Uptycs. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with an insulting comment that we're going to be able to pull the exact details of where you left it from because your podcast platform of choice clearly just treated security as a box check.Jack: [laugh].Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.
With all the economic headwinds, CPGs are facing a double crisis – costs are up, demand is down in many markets, and consumers are hunkering down for a recession. Meanwhile, the supply chain is still in disarray after COVID, and geopolitical trends are volatile. It's tough out there for marketers – it looks a lot like hurricane season in these kind of conditions.That means marketers face more scrutiny, and need to demonstrate the value they will get for every penny they spend. CPGs are notoriously data poor – they have much less data than their key collaborating sectors, the media ecosystem, and retail. Yet, conversely, Nielsen found that 69% of marketers agreed first-party data was essential to their strategies. Epsilon research found that: 86% of digital relies on third party cookies 83% anticipate moderate to significant impact on their digital advertising efforts when cookies deprecate 53% are not fully prepared 70% are not confident their partners will provide a comparable solutionCustomer identity and access management software creates a single cloud platform that enables brands to do three things:Capture and manage customer identities to remove friction at registration and log-inBuild robust customer profiles based on first-party, permission-based dataOrchestrate and govern customer profiles in near real-time to other customer engagement solutions to deliver personalized experiencesTracking has allowed marketers to cost-effectively zero in on specific consumers on Facebook and customize ads for the most success. Without access to IDFA, marketers will have a limited view of the consumer, restricting their ability to personalize ads, making customer opt-in and consent critical. Relevant Content: CIAM: What is customer identity and access management?Benefits of CIAM: Better security, slick CX, and more revenueSAP Customer Identity and Access Management for B2CZero-party data: Definition, examples, and marketing benefits
Mi hehpih theih na cih tawh kisai cidam na lam // Health talk.Kawikawi + Tu ciang ciang // Chin Gospel Songs.
Ih pumpi ong lah dam loh na te tawh kisai theih huai te // Health talk.Kawikawi + Mi khial mang thang // Chin Gospel Songs.
El Centro de Información y Asistencia a Mexicanos, el CIAM, es un servicio del estado mexicano, con el objetivo brindar las 24 horas del día una respuesta humana, profesional y oportuna a las necesidades de nuestros connacionales a través de la Red Consular de México en los Estados Unidos. Rafael Barceló, Cónsul de México en Tucson, nos explica a detalle las funciones y los alcances del CIAM.
CIAM solutions are designed to address specific technical requirements that consumer-facing organizations have that differ from traditional “workforce” or Business-to-Employee (B2E) use cases. John Tolbert has revisited this market segments for the updated Leadership Compass CIAM and provides an update to the analyst chat episode 58 from December 2020. Cybersecurity Leadership Summit takes place on November 8 – 10 in Berlin and online. Join us there.
Pumpi a ding in an hoih mahmah a hi haai nek huai // Health talk.Kawikawi + Lungdam sing Topa // Chin Gospel Songs.
Kal ki sia te theih huai thu cidam na ding te // Health talk.Kawikawi + Zeisu khut len in // Chin Gospel Songs.
About DanDan Moore is head of developer relations for FusionAuth, where he helps share information about authentication, authorization and security with developers building all kinds of applications.A former CTO, AWS certification instructor, engineering manager and a longtime developer, he's been writing software for (checks watch) over 20 years.Links Referenced: FusionAuth: https://fusionauth.io Twitter: https://twitter.com/mooreds TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by our friends at AWS AppConfig. Engineers love to solve, and occasionally create, problems. But not when it's an on-call fire-drill at 4 in the morning. Software problems should drive innovation and collaboration, NOT stress, and sleeplessness, and threats of violence. That's why so many developers are realizing the value of AWS AppConfig Feature Flags. Feature Flags let developers push code to production, but hide that that feature from customers so that the developers can release their feature when it's ready. This practice allows for safe, fast, and convenient software development. You can seamlessly incorporate AppConfig Feature Flags into your AWS or cloud environment and ship your Features with excitement, not trepidation and fear. To get started, go to snark.cloud/appconfig. That's snark.cloud/appconfig.Corey: This episode is sponsored in part by our friends at Sysdig. Sysdig secures your cloud from source to run. They believe, as do I, that DevOps and security are inextricably linked. If you wanna learn more about how they view this, check out their blog, it's definitely worth the read. To learn more about how they are absolutely getting it right from where I sit, visit Sysdig.com and tell them that I sent you. That's S Y S D I G.com. And my thanks to them for their continued support of this ridiculous nonsense.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. I am joined today on this promoted episode, which is brought to us by our friends at FusionAuth by Dan Moore, who is their head of DevRel at same. Dan, thank you for joining me.Dan: Corey, thank you so much for having me.Corey: So, you and I have been talking for a while. I believe it predates not just you working over at FusionAuth but me even writing the newsletter and the rest. We met on a leadership Slack many years ago. We've kept in touch ever since, and I think, I haven't run the actual numbers on this, but I believe that you are at the top of the leaderboard right now for the number of responses I have gotten to various newsletter issues that I've sent out over the years.And it's always something great. It's “Here's a link I found that I thought that you might appreciate.” And we finally sat down and met each other in person, had a cup of coffee somewhat recently, and the first thing you asked was, “Is it okay that I keep doing this?” And at the bottom of the newsletter is “Hey, if you've seen something interesting, hit reply and let me know.” And you'd be surprised how few people actually take me up on it. So, let me start by thanking you for being as enthusiastic a contributor of the content as you have been.Dan: Well, I appreciate that. And I remember the first time I ran across your newsletter and was super impressed by kind of the breadth of it. And I guess my way of thanking you is to just send you interesting tidbits that I run across. And it's always fun when I see one of the links that I sent go into the newsletter because what you provide is just such a service to the community. So, thank you.Corey: The fun part, too, is that about half the time that you send a link in, I already have it in my queue, or I've seen it before, but not always. I talked to Jeff Barr about this a while back, and apparently, a big Amazonian theme that he lives by is two is better than zero. He'd rather two people tell him about a thing than no one tells him about the thing. And I've tried to embody that. It's the right answer, but it's also super tricky to figure out what people have heard or haven't heard. It leads to interesting places. But enough about my nonsense. Let's talk about your nonsense instead. So, FusionAuth; what do you folks do over there?Dan: So, FusionAuth is an auth provider, and we offer a Community Edition, which is downloadable for free; we also offer premium editions, but the space we play in is really CIAM, which is Customer Identity Access Management. Very similar to Auth0 or Cognito that some of your listeners might have heard of.Corey: If people have heard about Cognito, it's usually bracketed by profanity, in one direction or another, but I'm sure we'll get there in a minute. I will say that I never considered authentication to be a differentiator between services that I use. And then one day I was looking for a tool—I'm not going to name what it was just because I don't really want to deal with the angry letters and whatnot—but I signed up for this thing to test it out, and “Oh, great. So, what's my password?” “Oh, we don't use passwords. We just every time you want to log in, we're going to email you a link and then you go ahead and click the link.”And I hadn't seen something like that before. And my immediate response to that was, “Okay, this feels like an area they've decided to innovate in.” Their core business is basically information retention and returning it to you—basically any CRUD app. Yay. I don't think this is where I want them to be innovating.I want them to use the tried and true solutions, not build their own or be creative on this stuff, so it was a contributor to me wanting to go in a different direction. When you start doing things like that, there's no multi-factor authentication available and you start to wonder, how have they implemented this? What corners have they cut? Who's reviewed this? It just gave me a weird feeling.And that was sort of the day I realized that authentication for me is kind of like crypto, by which I mean cryptography, not cryptocurrency, I want to be very clear on, here. You should not roll your own cryptography, you should not roll your own encryption, you should buy off-the-shelf unless you're one of maybe five companies on the planet. Spoiler, if you're listening to this, you are almost certainly not one of them.Dan: [laugh]. Yeah. So, first of all, I've been at FusionAuth for a couple of years. Before I came to FusionAuth, I had rolled my own authentication a couple of times. And what I've realized working there is that it really is—there a couple of things worth unpacking here.One is you can now buy or leverage open-source libraries or other providers a lot more than you could 15 or 20 years ago. So, it's become this thing that can be snapped into your architecture. The second is, auth is the front door to application. And while it isn't really that differentiated—I don't think most applications, as you kind of alluded to, should innovate there—it is kind of critical that it runs all the time that it's safe and secure, that it's accessible, that it looks like your application.So, at the same time, it's undifferentiated, right? Like, at the end of the day, people just want to get through authentication and authorization schemes into your application. That is really the critical thing. So, it's undifferentiated, it's critical, it needs to be highly available. Those are all things that make it a good candidate for outsourcing.Corey: There are a few things to unpack there. First is that everything becomes commoditized in the fullness of time. And this is a good thing. Back in the original dotcom bubble, there were entire teams of engineers at all kinds of different e-commerce companies that were basically destroying themselves trying to build an online shopping cart. And today you wind up implementing Shopify or something like it—which is usually Shopify—and that solves the problem for you. This is no longer a point of differentiation.If I want to start selling physical goods on the internet, it feels like it'll take me half an hour or so to wind up with a bare-bones shopping cart thing ready to go, and then I just have to add inventory. Authentication feels like it was kind of the same thing. I mean, back in that song from early on in internet history “Code Monkey” talks about building a login page as part of it, and yeah, that was a colossal pain. These days, there are a bunch of different ways to do that with folks who spend their entire careers working on this exact problem so you can go and work on something that is a lot more core and central to the value that your business ostensibly provides. And that seems like the right path to go down.But this does lead to the obvious counter-question of how is it that you differentiate other than, you know, via marketing, which again, not the worst answer in the world, but it also turns into skeezy marketing. “Yes, you should use this other company's option, or you could use ours and we don't have any intentional backdoors in our version.” “Hmm. That sounds more suspicious and more than a little bit frightening. Tell me more.” “No, legal won't let me.” And it's “Okay.” Aside from the terrible things, how do you differentiate?Dan: I liked that. That was an oddly specific disclaimer, right? Like, whenever a company says, “Oh, yeah, no.” [laugh].Corey: “My breakfast cereal has less arsenic than leading brands.”Dan: Perfect. So yeah, so FusionAuth realizes that, kind of, there are a lot of options out there, and so we've chosen to niche down. And one of the things that we really focus on is the CIAM market. And that stands for Customer Identity Access Management. And we can dive into that a little bit later if you want to know more about that.We have a variety of deployment options, which I think differentiates us from a lot of the SaaS providers out there. You can run us as a self-hosted option with, by the way, professional-grade support, you can use us as a SaaS provider if you don't want to run it yourself. We are experts in operating this piece of software. And then thirdly, you can move between them, right? It's your data, so if you start out and you're bare bones and you want to save money, you can start with self-hosted, when you grow, move to the SaaS version.Or we actually have some bigger companies that kickstart on the SaaS version because they want to get going with this integration problem and then later, as they build out their capabilities, they want the option to move it in-house. So, that is a really key differentiator for us. The last one I'd say is we're really dev-focused. Who isn't, right? Everyone says they're dev-focused, but we live that in terms of our APIs, in terms of our documentation, in terms of our open development process. Like, there's actually a GitHub issues list you can go look on the FusionAuth GitHub profile and it shows exactly what we have planned for the next couple of releases.Corey: If you go to one of my test reference applications, lasttweetinaws.com, as of the time of this recording at least, it asks you to authenticate with your Twitter account. And you can do that, and it's free; I don't charge for any of these things. And once you're authenticated, you can use it to author Twitter threads because I needed it to exist, first off, and secondly, it makes a super handy test app to try out a whole bunch of different things.And one of the reasons you can just go and use it without registering an account for this thing or anything else was because I tried to set that up in an early version with Cognito and immediately gave the hell up and figured, all right, if you can find the URL, you can use this thing because the experience was that terrible. If instead, I had gone down the path of using FusionAuth, what would have made that experience different, other than the fact that Cognito was pretty clearly a tech demo at best rather than something that had any care, finish, spit and polish went into it.Dan: So, I've used Cognito. I'm not going to bag on Cognito, I'm going to leave that to—[laugh].Corey: Oh, I will, don't worry. I'll do all the bagging on Cognito you'd like because the problem is, and I want to be clear on this point, is that I didn't understand what it was doing because the interface was arcane, and the failure mode of everything in this entire sector, when the interface is bad, the immediate takeaway is not “This thing's a piece of crap.” It's, “Oh, I'm bad at this. I'm just not smart enough.” And it's insulting, and it sets me off every time I see it. So, if I feel like I'm coming across as relatively annoyed by the product, it's because it made me feel dumb. That is one of those cardinal sins, from my perspective. So, if you work on that team, please reach out. I would love to give you a laundry list of feedback. I'm not here to make you feel bad about your product; I'm here to make you feel bad about making your customers feel bad. Now please, Dan, continue.Dan: Sure. So, I would just say that one of the things that we've strived to do for years and years is translate some of the arcane IAM Identity Access Management jargon into what normal developers expect. And so, we don't have clients in our OAuth implementation—although they really are clients if you're an RFC junkie—we have applications, right? We have users, we have groups, we have all these things that are what users would expect, even though underlying them they're based on the same standards that, frankly, Cognito and Auth0 and a lot of other people use as well.But to get back to your question, I would say that, if you had chosen to use FusionAuth, you would have had a couple of advantages. The first is, as I mentioned, kind of the developer friendliness and the extensive documentation, example applications. The second would be a themeability. And this is something that we hear from our clients over and over again, is Cognito is okay if you stay within the lines in terms of your user interface, right? If you just want to login form, if you want to stay between lines and you don't want to customize your application's login page at all.We actually provide you with HTML templates. It's actually using a language called FreeMarker, but they let you do whatever the heck you want. Now, of course, with great power comes great responsibility. Now, you own that piece, right, and we do have some more simple customization you can do if all you want to do is change the color. But most of our clients are the kind of folks who really want their application login screen to look exactly like their application, and so they're willing to take on that slightly heavier burden. Unfortunately, Cognito doesn't give you that option at all, as far as I can tell when I've kicked the tires on it. The theming is—how I put this politely—some of our clients have found the theming to be lacking.Corey: That's part of the issue where when I was looking at all the reference implementations, I could find for Cognito, it went from “Oh, you have your own app, and its branding, and the rest,” and bam, suddenly, you're looking right, like, you're logging into an AWS console sub-console property because of course they have those. And it felt like “Oh, great. If I'm going to rip off some company's design aesthetic wholesale, I'm sorry, Amazon is nowhere near anywhere except the bottom 10% of that list, I've got to say. I'm sorry, but it is not an aesthetically pleasing site, full stop. So, why impose that on customers?”It feels like it's one of those things where—like, so many Amazon service teams say, “We're going to start by building a minimum lovable product.” And it's yeah, it's a product that only a parent could love. And the problem is, so many of them don't seem to iterate beyond that do a full-featured story. And this is again, this is not every AWS service. A lot of them are phenomenal and grow into themselves over time.One of the best rags-to-riches stories that I can recall is EFS, their Elastic File System, for an example. But others, like Cognito just sort of seem to sit and languish for so long that I've basically given up hope. Even if they wind up eventually fixing all of these problems, the reputation has been cemented at this point. They've got to give it a different terrible name.Dan: I mean, here's the thing. Like, EFS, if it looks horrible, right, or if it has, like, a toughest user experience, guess what? Your users are devs. And if they're forced to use it, they will. They can sometimes see the glimmers of the beauty that is kind of embedded, right, the diamond in the rough. If your users come to a login page and see something ugly, you immediately have this really negative association. And so again, the login and authentication process is really the front door of your application, and you just need to make sure that it shines.Corey: For me at least, so much of what's what a user experience or user takeaway is going to be about a company's product starts with their process of logging into it, which is one of the reasons that I have challenges with the way that multi-factor auth can be presented, like, “Step one, login to the thing.” Oh, great. Now, you have to fish out your YubiKey, or you have to go check your email for a link or find a code somewhere and punch it in. It adds friction to a process. So, when you have these services or tools that oh, your session will expire every 15 minutes and you have to do that whole thing again to log back in, it's ugh, I'm already annoyed by the time I even look at anything beyond just the login stuff.And heaven forbid, like, there are worse things, let's be very clear here. For example, if I log in to a site, and I'm suddenly looking at someone else's account, yeah, that's known as a disaster and I don't care how beautiful the design aesthetic is or how easy to use it is, we're done here. But that is job zero: the security aspect of these things. Then there's all the polish that makes it go from something that people tolerate because they have to into something that, in the context of a login page I guess, just sort of fades into the background.Dan: That's exactly what you want, right? It's just like the old story about the sysadmin. People only notice when things are going wrong. People only care about authentication when it stops them from getting into what they actually want to do, right? No one ever says, “Oh, my gosh, that login experience was so amazing for that application. I'm going to come back to that application,” right? They notice when it's friction, they noticed when it's sand in the gears.And our goal at FusionAuth, obviously, security is job zero because as you said, last thing you want is for a user to have access to some other user's data or to be able to escalate their privileges, but after that, you want to fade in the background, right? No one comes to FusionAuth and builds a whole application on top of it, right? We are one component that plugs into your application and lets you get on to the fundamentals of building the features that your users really care about, and then wraps your whole application in a blanket of security, essentially.Corey: I'll take even one more example before we just drive this point home in a way that I hope resonates with folks. Everyone has an opinion on logging into AWS properties because “Oh, what about your Amazon account?” At which point it's “Oh, sit down. We're going for a ride here. Are you talking about amazon.com account? Are you talking about the root account for my AWS account? Are you talking about an IAM user? Are you talking about the service formerly known as AWS SSO that's now IAM Identity Center users? Are you talking about their Chime user account? Are you talking about your repost forum account?” And so, on and so on and so on. I'm sure I'm missing half a dozen right now off the top of my head.Yeah, that's awful. I've been also developing lately on top of Google Cloud, and it is so far to the opposite end of that spectrum that it's suspicious and more than a little bit frightening. When I go to console.cloud.google.com, I am boom, there. There is no login approach, which on the one hand, I definitely appreciate, just from a pure perspective of you're Google, you track everything I do on the internet. Thank you for not insulting my intelligence by pretending you don't know who I am when I log into your Cloud Console.Counterpoint, when I log into the admin portal for my Google Workspaces account, admin.google.com, it always re-prompts for a password, which is reasonable. You'd think that stuff running production might want to do something like that, in some cases. I would not be annoyed if it asked me to just type in a password again when I get to the expensive things that have lasting repercussions.Although, given my personality, logging into Gmail can have massive career repercussions as soon as I hit send on anything. I digress. It is such a difference from user experience and ease-of-use that it's one of those areas where I feel like you're fighting something of a losing battle, just because when it works well, it's glorious to the point where you don't notice it. When authentication doesn't work well, it's annoying. And there's really no in between.Dan: I don't have anything to say to that. I mean, I a hundred percent agree that it's something that you could have to get right and no one cares, except for when you get it wrong. And if your listeners can take one thing away from this call, right, I know it's we're sponsored by FusionAuth, I want to rep Fusion, I want people to be aware of FusionAuth, but don't roll your own, right? There are a lot of solutions out there. I hope you evaluate FusionAuth, I hope you evaluate some other solutions, but this is such a critical thing and Corey has laid out [laugh] in multiple different ways, the ways it can ruin your user experience and your reputation. So, look at something that you can build or a library that you can build on top of. Don't roll your own. Please, please don't.Corey: This episode is sponsored in part by Honeycomb. When production is running slow, it's hard to know where problems originate. Is it your application code, users, or the underlying systems? I've got five bucks on DNS, personally. Why scroll through endless dashboards while dealing with alert floods, going from tool to tool to tool that you employ, guessing at which puzzle pieces matter? Context switching and tool sprawl are slowly killing both your team and your business. You should care more about one of those than the other; which one is up to you. Drop the separate pillars and enter a world of getting one unified understanding of the one thing driving your business: production. With Honeycomb, you guess less and know more. Try it for free at honeycomb.io/screaminginthecloud. Observability: it's more than just hipster monitoring.Corey: So, tell me a little bit more about how it is that you folks think about yourselves in just in terms of the market space, for example. The idea of CIAM, customer IAM, it does feel viscerally different than traditional IAM in the context of, you know, AWS, which I use all the time, but I don't think I have the vocabulary to describe it without sounding like a buffoon. What is the definition between the two, please? Or the divergence, at least?Dan: Yeah, so I mean, not to go back to AWS services, but I'm sure a lot of your listeners are familiar with them. AWS SSO or the artist formerly known as AWS SSO is IAM, right? So, it's Workforce, right, and Workforce—Corey: And it was glorious, to the point where I felt like it was basically NDA'ed from other service teams because they couldn't talk about it. But this was so much nicer than having to juggle IAM keys and sessions that timeout after an hour in the console. “What do you doing in the console?” “I'm doing ClickOps, Jeremy. Leave me alone.”It's just I want to make sure that I'm talking about this the right way. It feels like AWS SSO—creature formerly known as—and traditional IAM feels like they're directionally the same thing as far as what they target, as far as customer bases, and what they empower you to do.Dan: Absolutely, absolutely. There are other players in that same market, right? And that's the market that grew up originally: it's for employees. So, employees have this very fixed lifecycle. They have complicated relationships with other employees and departments in organizations, you can tell them what to do, right, you can say you have to enroll your MFA key or you are no longer employed with us.Customers have a different set of requirements, and yet they're crucial to businesses because customers are, [laugh] who pay you money, right? And so, things that customers do that employees don't: they choose to register; they pick you, you don't pick them; they have a wide variety of devices and expectations; they also have a higher expectation of UX polish. Again, with an IAM solution, you can kind of dictate to your employees because you're paying them money. With a customer identity access management solution, it is part of your product, in the same way, you can't really dictate features unless you have something that the customer absolutely has to have and there are no substitutes for it, you have to adjust to the customer demands. CIAM is more responsive to those demands and is a smoother experience.The other thing I would say is CIAM, also, frankly, has a simpler model. Most customers have access to applications, maybe they have a couple of roles that you know, an admin role, an editor role, a viewer role if you're kind of a media conglomerate, for an example, but they don't have necessarily the thicket of complexity that you might have to have an eye on, so it's just simpler to model.Corey: Here's an area that feels like it's on the boundary between them. I distinctly remember being actively annoyed a while back that I had to roll my marketing person her own entire AWS IAM account solely so that she could upload assets into an S3 bucket that was driving some other stuff. It feels very much like that is a better use case for something that is a customer IAM solution. Because if I screw up those permissions even slightly, well, congratulations, now I've inadvertently given someone access to wind up, you know, taking production down. It feels like it is way too close to things that are going to leave a mark, whereas the idea of a customer authentication story for something like that is awesome.And no please if you're listening to this, don't email me with this thing you built and put on the Marketplace that “Oh, it uses signed URLs and whatnot to wind up automatically federating an identity just for this one per—” Yes. I don't want to build something ridiculous and overwrought so a single person can update assets within S3. I promise I don't want to do that. It just ends badly.Dan: Well, that was the promise of Cognito, right? And that is actually one of the reasons you should stick with Cognito if you have super-detailed requirements that are all about AWS and permissions to things inside AWS. Cognito has that tight integration. And I assume—I haven't looked at some of the other big cloud providers, but I assume that some of the other ones have that similar level of integration. So yeah, so that my answer there would be Cognito is the CIAM solution that AWS has, so that is what I would expect it to be able to handle, relatively smoothly.Corey: A question I have for you about the product itself is based on a frustration I originally had with Cognito, which is that once you're in there and you are using that for authentication and you have users, there's no way for me to get access to the credentials of my users. I can't really do an export in any traditional sense. Is that possible with FusionAuth?Dan: Absolutely. So, your data is your data. And because we're a self-hosted or SaaS solution, if you're running it self-hosted, obviously you have access to the password hashes in your database. If you are—Corey: The hashes, not the plaintext passwords to be explicitly clear on this. [laugh].Dan: Absolutely the hashes. And we have a number of guides that help you get hashes from other providers into ours. We have a written export guide ourselves, but it's in the database and the schema is public. You can go download our schema right now. And if—Corey: And I assume you've used an industry standard hashing algorithm for this?Dan: Yeah, we have a number of different options. You can bring your own actually, if you want, and we've had people bring their own options because they have either special needs or they have an older thing that's not as secure. And so, they still want their users to be able to log in, so they write a plugin and then they import the users' hashes, and then we transparently re-encrypt with a more modern one. The default for us is PDK.Corey: I assume you do the re-encryption at login time because there's no other way for you to get that.Dan: Exactly. Yeah yeah yeah—Corey: Yeah.Dan: —because that's the only time we see the password, right? Like we don't see it any other time. But we support Bcrypt and other modern algorithms. And it's entirely configurable; if you want to set a factor, which basically is how—Corey: I want to use MD5 because I'm still living in 2003.Dan: [laugh]. Please don't use MD5. Second takeaway: don't roll your own and don't use MD5. Yeah, so it's very tweakable, but we shipped with a secured default, basically.Corey: I just want to clarify as well why this is actively important. I don't think people quite understand that in many cases, picking an authentication provider is one of those lasting decisions where migrations take an awful lot of work. And they probably should. There should be no mechanism by which I can export the clear text passwords. If any authentication provider advertises or offers such a thing, don't use that one. I'm going to be very direct on that point.The downside to this is that if you are going to migrate from any other provider to any other provider, it has to happen either slowly as in, every time people log in, it'll check with the old system and then migrate that user to the new one, or you have to force password resets for your entire customer base. And the problem with that is I don't care what story you tell me. If I get an email from one of my vendors saying “You now have to reset your password because we're migrating to their auth thing,” or whatnot, there's no way around it, there's no messaging that solves this, people will think that you suffered a data breach that you are not disclosing. And that is a heavy, heavy lift. Another pattern I've seen is it for a period of three months or whatnot, depending on user base, you will wind up having the plug in there, and anyone who logs in after that point will, “Ohh you need to reset your password. And your password is expired. Click here to reset.” That tends to be a little bit better when it's not the proactive outreach announcement, but it's still a difficult lift and it adds—again—friction to the customer experience.Dan: Yep. And the third one—which you imply it—is you have access to your password hashes. They're hashed in a secure manner. And trust me, even though they're hashed securely, like, if you contact FusionAuth and say, “Hey, I want to move off FusionAuth,” we will arrange a way to get you your database in a secure manner, right? It's going to be encrypted, we're going to have a separate password that we communicate with you out-of-band because this is—even if it is hashed and salted and handled correctly, it's still very, very sensitive data because credentials are the keys to the kingdom.So, but those are the three options, right? The slow migration, which is operationally expensive, the requiring the user to reset their password, which is horribly expensive from a user interface perspective, right, and the customer service perspective, or export your password hashes. And we think that the third option is the least of the evils because guess what? It's your data, right? It's your user data. We will help you be careful with it, but you own it.Corey: I think that there's a lot of seriously important nuance to the whole world of authentication. And the fact that this is such a difficult area to even talk about with folks who are not deeply steeped in that ecosystem should be an indication alone that this is the sort of thing that you definitely want to outsource to a company that knows what the hell they're doing. And it's not like other areas of tech where you can basically stumble your way through something. It's like “Well, I'm going to write a Lambda to go ahead and post some nonsense on Twitter.” “Okay, are you good at programming?” “Not even slightly, but I am persistent and brute force is a viable strategy, so we're going to go with that one.” “Great. Okay, that's awesome.”But authentication is one of those areas where mistakes will show. The reputational impact of losing data goes from merely embarrassing to potentially life-ruining for folks. The most stressful job I've ever had from a data security position wasn't when I was dealing with money—because that's only money, which sounds like a weird thing to say—it was when I did a brief stint at Grindr where people weren't out. In some countries, users could have wound up in jail or have been killed if their sexuality became known. And that was the stuff that kept me up at night.Compared to that, “Okay, you got some credit card numbers with that. What the hell do I care about that, relatively speaking?” It's like, “Yeah, it's well, my credit card number was stolen.” “Yeah, but did you die, though?” “Oh, you had to make a phone call and reset some stuff.” And I'm not trivializing the importance of data security. Especially, like, if you're a bank, and you're listening to this, and you're terrified, yeah, that's not what I'm saying at all. I'm just saying there are worse things.Dan: Sure. Yeah. I mean, I think that, unfortunately, the pandemic showed us that we're living more and more of our lives online. And the identity online and making sure that safe and secure is just critical. And again, not just for your employees, although that's really important, too, but more of your customer interactions are going to be taking place online because it's scalable, because it makes people money, because it allows for capabilities that weren't previously there, and you have to take that seriously. So, take care of your users' data. Please, please do that.Corey: And one of the best ways you can do that is by not touching the things that are commoditized in your effort to apply differentiation. That's why I will never again write my own auth system, with a couple of asterisks next to it because some of what I do is objectively horrifying, intentionally so. But if I care about the authentication piece, I have the good sense to pay someone else to do it for me.Dan: From personal experience, you mentioned at the beginning that we go back aways. I remember when I first discovered RDS, and I thought, “Oh, my God. I can outsource all this scut work, all of the database backups, all of the upgrades, all of the availability checking, right? Like, I can outsource this to somebody else who will take this off my plate.” And I was so thankful.And I don't—outside of, again, with some asterisks, right, there are places where I could consider running a database, but they're very few and far between—I feel like auth has entered that category. There are great providers like FusionAuth out there that are happy to take this off your plate and let you move forward. And in some ways, I'm not really sure which is more dangerous; like, not running a database properly or not running an auth system properly. They both give me shivers and I would hate to [laugh] hate to be forced to choose. But they're comparable levels of risk, so I a hundred percent agree, Corey.Corey: Dan, I really want to thank you for taking so much time to talk to me about your view of the world. If people want to learn more because you're not in their inboxes responding to newsletters every week, where's the best place to find you?Dan: Sure, you can find more about me at Twitter. I'm @mooreds, M-O-O-R-E-D-S. And you can learn more about FusionAuth and download it for free at fusionauth.io.Corey: And we will put links to all of that in the show notes. I really want to thank you again for just being so generous with your time. It's deeply appreciated.Dan: Corey, thank you so much for having me.Corey: Dan Moore, Head of DevRel at FusionAuth. I'm Cloud Economist Corey Quinn. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry, insulting comment that will be attributed to someone else because they screwed up by rolling their own authentication.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.
Identity management has become a central pillar of many organizations' security policies and architecture. In this executive interview, Ping Identity Senior Product Marketing Manager Zain Malik analyzes two heavily trending corners of the identity market: passwordless technology and customer identity and access management (or CIAM). This one-on-one session will address topics such as biometrics and QR code-based authentication, and how to determine which customer identity solution is right for each particular consumer touchpoint. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw285
Identity management has become a central pillar of many organizations' security policies and architecture. In this executive interview, Ping Identity Senior Product Marketing Manager Zain Malik analyzes two heavily trending corners of the identity market: passwordless technology and customer identity and access management (or CIAM). This one-on-one session will address topics such as biometrics and QR code-based authentication, and how to determine which customer identity solution is right for each particular consumer touchpoint. In March 2022, the SEC proposed new rules governing the reporting of cybersecurity incidents. This session will explore how businesses will be affected by this and similar legislation and provide tips to compliance and technical teams alike. S ecurity Weekly listeners save 20% on this year's InfoSec World Conference by visiting https://securityweekly.com/isw and using the discount code ISW22-SECWEEK20 In 2023, at least five new “rights-based” data privacy laws will become enforceable in the United States at the state level, including the California Privacy Rights Act (CPRA). Common to all of these laws are information security requirements, including the need for risk assessments and the need for authenticating data access requests. In this podcast we'll speak with an information security legal veteran on what these new laws mean for cybersecurity professionals and their data protection programs. Security Weekly listeners save 20% on this year's InfoSec World Conference by visiting https://securityweekly.com/isw and using the discount code ISW22-SECWEEK20 Segment Resources: https://securityweekly.com/wp-content/uploads/2022/08/spirion-data-sheet-enforcable-laws-2023_PRINT.pdf Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw285
Identity management has become a central pillar of many organizations' security policies and architecture. In this executive interview, Ping Identity Senior Product Marketing Manager Zain Malik analyzes two heavily trending corners of the identity market: passwordless technology and customer identity and access management (or CIAM). This one-on-one session will address topics such as biometrics and QR code-based authentication, and how to determine which customer identity solution is right for each particular consumer touchpoint. In March 2022, the SEC proposed new rules governing the reporting of cybersecurity incidents. This session will explore how businesses will be affected by this and similar legislation and provide tips to compliance and technical teams alike. S ecurity Weekly listeners save 20% on this year's InfoSec World Conference by visiting https://securityweekly.com/isw and using the discount code ISW22-SECWEEK20 In 2023, at least five new “rights-based” data privacy laws will become enforceable in the United States at the state level, including the California Privacy Rights Act (CPRA). Common to all of these laws are information security requirements, including the need for risk assessments and the need for authenticating data access requests. In this podcast we'll speak with an information security legal veteran on what these new laws mean for cybersecurity professionals and their data protection programs. Security Weekly listeners save 20% on this year's InfoSec World Conference by visiting https://securityweekly.com/isw and using the discount code ISW22-SECWEEK20 Segment Resources: https://securityweekly.com/wp-content/uploads/2022/08/spirion-data-sheet-enforcable-laws-2023_PRINT.pdf Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw285
Identity management has become a central pillar of many organizations' security policies and architecture. In this executive interview, Ping Identity Senior Product Marketing Manager Zain Malik analyzes two heavily trending corners of the identity market: passwordless technology and customer identity and access management (or CIAM). This one-on-one session will address topics such as biometrics and QR code-based authentication, and how to determine which customer identity solution is right for each particular consumer touchpoint. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw285
Ih kum tam khit ciang ih cidam na thu pi sem // Health talk.Kawikawi + Ma ciang suan ni // Chin Gospel Songs.
The founder's journey can directly impact what a company focuses on and why. In this Asgardeo by WSO2 story, you'll get to hear how their work is making the world a better place through software.Starting a business built on the premise of offering open-source software wasn't something IBM wanted to do a couple of decades ago. That didn't stop WSO2's founder and CEO, Sanjiva Weerawarana, from taking his mission in life and turning it into an operational reality for his company, creating and helping foundations and non-profits in Sri Lanka and around the world along the way.It was this initial desire to do good that continues to thrive in everything that WSO2 does - including the launch of their app authentication as a service division, Asgardeo, a customer identity, and access management (CIAM) offering which helps developers implement secure authentication flows to apps or websites in a few simple steps.Developers don't have to be identity experts. They don't even have to write identity-specific code. They modify the code already in the web page or mobile app by cutting and pasting the bits of code, templates, and workflows that Asgardeo provides.The use cases are many - both directly a part of a single application and as part of other services where identity is built in.Please tune in to hear WSO2's origin story, the creation of Asgardeo and the value it brings to the developer community, and the multiple case studies that our guest from Asgardeo, Michael Bunyard, brings to life during this conversation.Note: This story contains promotional content. Learn more.GuestMichael BunyardVice President and Head of Marketing, IAM at WSO2 [@wso2] Asgardeo [@asgardeo]On Linkedin | https://www.linkedin.com/in/michaelbunyard/On Twitter | https://twitter.com/mickeydbResourcesLearn more about WSO2 Asgardeo and their offering: https://itspm.ag/asgardeo-by-wso2-u8vcCreate seamless login experiences for your application in minutes: https://itspm.ag/asgardmn1xAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Businesses are finding it harder to protect themselves from attackers that result in monetary and reputational losses. The Deduce Collective Intelligence Platform uses a combination of aggregate historical user data, identity risk intelligence, and proactive alerting to deliver a robust identity and authentication solution to protect businesses at scale. The Deduce team wants businesses to have the insights they need to protect themselves and their users from identity fraud and reduce online friction. Deduce makes it easy for our customers to access this wealth of shared identity intelligence via no-code integration with leading CIAM and IDV platforms. Andy Sheldon, VP Marketing joins #millenniumlive to discuss the powerful tools and business impacts of integrating Deduce. Andy is an experienced brand builder, pipeline generator, and proven leader whose career has included marketing leadership roles with Agari, Conga, Unifi Software, Visibleworld, Microsoft, Sun Microsystems and more.
Es difícil detectar a una víctima de violencia de género o generar la confianza necesaria para que cuente su infierno. El miedo les paraliza. Por eso campañas como los puntos violeta o los centros integrales de atención a la mujer (CIAM) pueden ser una ventana para ver la luz. Estamos en un centro y hablamos con el psicólogo, la jurista, la administrativa y la vigilante que no deja entrar a ningún hombre para garantizar la seguridad de cualquier mujer que esté siendo atendida. Es importante encontrar una cara amable, cómplice que dé seguridad y apoyo. Escuchamos también el testimonio de una superviviente como ella se define de la violencia de género. Reconoce que fue precisamente gracias a esa primera cara amiga que le atendió en su día en un CIAM que decidió salir del infierno porque "ella me salvó la vida". Escuchar audio
Gary Phillips, Vice President of Customer Identity Access Management (CIAM) with E-trade, now part of Morgan Stanley, shares his expertise in the IAM and CIAM space, how it has evolved, and why it matters, in the latest Reimagining Cyber Episode, “IAM, CIAM, and ZTA: The trifecta of access management.”
GuestsRatul Shah - Head of Product Marketing, Customer Data Solutions, SAP CXGuy Kronenthal - SVP, GM for Customer Data Cloud, SAP CXSergey Krayniy - Head of Product, SAP CXLinks to Learn MoreWebcast - What's the Ideal Customer Data Strategy for your Brand?Explore SAP Customer Data CloudArticle of the Week - Is it Easy For Your Customers to Buy From You?