Transcript
because I know it's been a long day, you've been having some boring conversations, but don't worry, me and Enrique are here to make sure you have a great one because this is Savvy Talk, a show that's rooted in conversation. We talk about everything from identity security to rock bands to Kendrick Lamar because that's what we do. And dad jokes. And dad jokes, right? That's true. And David, this guy, man, I had dinner with him. I think the audience is going to love it. And I think there are two types of guests in this show. Only two. Only two? Only two. Only two types. Alright, what are the two? There's people that I know and people that I don't know. And which is funny because when we have guests that I know well, I want to showcase the qualities and the things that I know. Hey, we should talk about this. And people that I don't know, we find it out together with the audience. This one you know. I know him. But I don't know. He's a cool guy. Okay. Well, let's get to it. Rock and roll. Here we go. Guys, you are in for a treat. So today with me and today with David, we have Anthony Vigiano. Anthony, man, it's a pleasure to have you here in the show. And I know a lot about your history. What you did at Cigna, Cigna, a big saving client, of course. So it's so much to unpack. But Anthony, let's start with basic stuff. So where are you from? And where do you live today? Sure, sure. I grew up in Syracuse, New York, and for Cigna, moved over to Connecticut, where our headquarters was is and live there, been living there last 17 years. Awesome. Awesome. Connecticut. So before saving, I was a gardener. So Stanford. Yep. So beautiful. It looks like like English vibes, right? So so when you moved there? 2008. 2008. Yes. So are you a Knicks fan? Nope. Okay. Red Sox. Okay. Interesting. All right. Yeah. Red Sox and Boston and. Gotcha. Yeah. So you moved from New York before they get indoctrinated. Exactly. Yeah. Yeah. So you didn't get indoctrinated. Yeah. You didn't get indoctrinated either way. Yeah. Exactly. Nice. No good. But Syracuse University. That was our big sports value. So love the college sports. Awesome. And before seeing this. So so what brought you to this crazy journey of identity? So how do you start in that? So we had a guest here in the show. Remember that guy? I said he was born into identity. Right. Second generation identity. So. So how about you? So what brought you into this and how it started for you? Yeah. So it really is chance. I happen to be working in the cybersecurity team around 2016 and I was doing public key infrastructure. So kind of identity related. And then what happened was there is a big combination to two large companies coming together and there is reorgs and people were moving around and there was a lot of a lot of things happening. And I just happened to get reorg with my manager at the time. And he became the identity and access management leader. And then he came to me and said, we need you to figure out how to do access reviews. That's a new job now. And he said, yeah, that is my job. And I'm like, OK, well, what's an access review? And that went from there. It's kind of what happened to me. So identity came to you. Yeah. Right. Yeah. I love it. Love it. And so today at Cigna or previous job was Cigna managing identity governance there. Right. So what tell me, what was that role about and what was the scope of what you did at Cigna? Yeah, sure. No. Well, first. Yeah. I just kind of left Cigna. The people are amazing. The mission to help millions of people. So you're not burning great out there. Nope. Exactly. No. Cigna is a great place. And then the leadership, you know, just my management and, you know, the higher level leadership, just leading the company in good places. And I've always enjoyed working with it. How many people were on your team? I left with about 91. Wow. 91. So to get back to your. Doing governance. Yeah, exactly. Just the governance aspect of it. So we were responsible for performing the access controls. Okay. So operating the access reviews, ensuring the join or move reliever, the termination process. Those things were operating well. Role-based access controls. And then showing our auditors what we were doing and that we were doing everything correctly. Awesome. Awesome. So doing that, I can imagine, you know, everything about SOCs and what I'd like to know. And I'll. So before we jump in, but I think this is such, man, if we have to talk about an elephant in the room is that nobody really likes compliance and it's a necessary evil. But if you have to share, perhaps to the audience and to the listeners, one thing that you learned through that journey of compliance, what was there a takeaway or something to say, oh man, if I knew about this five years ago, my life would be easier. What would that be? Partnership in foundation. So compliance kind of is the foundation of security. You have to start with the policies. You have to say, these are the things that we're going to do. And so that's the foundation. Then you do those things. And yes, they help your security posture. They reduce risk to a certain level. And in order to achieve those things, you need to partner with the entire enterprise. You need to partner with the application owners who own that, you know, controlling the access to their systems. You've got to partner with the managers that are actually to be performing the access reviews or submitting the access requests. So you really need full engagement from the end to end enterprise to be successful. That's amazing. So I think, and man, my apologies, because English is not even my first language, but you're speaking perfect English. Oh, thank you. I've been practicing. He does too. Yeah, he's a big talker. But the question is, for me, what I could get from that advice, which I think it's a golden nugget, is, well, it's inevitable. You have to do compliance no matter what. Organizations need to be compliant. But while you're going through that journey of compliance, take the opportunity to be safer or review your things with risk mitigation in mind. Is that what you mean? Yeah, exactly. And that's kind of the next level. And that's where I want to kind of go in the next step of my career, is how do you improve security? And that's kind of what we're talking about at the conference. And now you're talking about technologies like ISPM, the security posture. So that tool is going to help you reduce the footprint, reduce the attack footprint. So now there's fewer access, there's fewer people with the domain access. And then ITDR, now you're going to go out and threat hunt. Now you're going to look for where are the areas that we need to, that are issues that we need to solve for. So those are the things that I'm really looking forward to achieving someday. So I want to ask you a question, Rick, because we talked about this a couple of episodes ago. It's like me, bird, laser, right? In your words, what does identity security mean to you? It means reducing actual risk. And it doesn't mean security theater. I really want to kind of differentiate those two things, because sometimes it feels like our jobs is theater. It's putting on a show for the auditors. And are we really reducing risk? And we can kind of talk about what all that means. And then the security aspect is, well, how do I identify the risk? And how do I actually go after that? How do I reduce the footprint? That's what I think is... Can we get away from theater? I think it's like... No, no, you have to. You have to do it. And that's the foundation. You can't start elsewhere. You got to start there, for sure. And so that's why I don't want to say it's not important. And access reviews do add value to certain degrees. And all these things are important, but it's that next level that I think is really attacking the risk. Right. You mentioned IBM and ITDR, right? And I think I went through that journey when I was a gardener. And being an identity guy forever, that's the only thing I ever worked with. I had to learn a lot about threat hunting, as I say, red teaming, blue teaming, and things that were not natural to the identity team. So did you have these type of conversations with your team at Cigna? How was that journey into infusing, if you will, cybersecurity concepts into the identity professional? Right. Or even to you, as a practitioner in identity, did you have any background in threat management and all kinds of stuff? Nope. No. And I think in a lot of companies, those two things may be kind of separate. Yes. And I think that is an area where a lot of companies are probably going to have to grow. And maybe this identity team is in cyber. And so you've got the relationships that are closer. Maybe it's an infrastructure. Yes. So if it's an infrastructure, how do you, let's say you build the ITDR tool, well, now you've got to get those alerts to the SOC. But you're the infrastructure team. So how do you build those relationships? And I think that's a big opportunity that you're right, is a lot of companies are going to have to figure that out. And that's where I want to build those relationships. I want to have that all set up. And Anthony, I have a vested interest in ITDR. I was perhaps one of the people to blame for that acronym, right? Thank you for that. Not everybody says that, right? But what do you think is the purpose of ITDR? And I love asking people that, because many people see that in different lenses. So what do you see this as? What's the value of ITDR? What is it helping identity with? Right. So let's put the foundation away. So we've got the compliance. We've got the governance. We're looking pretty good there. And we're meeting our requirements. So now ITDR, so now you want to find the threat. So for example, let's say you've got a million authentications hitting your authentication tools. Yeah. Well, you've probably got plenty of capacity there. So maybe you don't even see that. It's not a compliance issue. It's not causing a performance issue. But perhaps that could be an indicator of a problem. Maybe there's just somebody coded something poorly. Or maybe there's a real-time attack. How are we going to detect that? And how are we going to solve for that? So that's one example of where ITDR could be detecting those types of risks. I agree. I agree. When I was thinking of that concept, and we came up with that at Gartner, it's building this necessary bridge between SecOps, the security operations teams, and the identity teams. Because they were thinking so differently. And they had so many different goals as well. So identity was about all the prevention things, all the compliance things. And SecOps, man, we're fighting fires. So I also see ITDR as that bridge. Do you agree? Yeah. I do agree. So one thing that I also want to ask you, man, is more about Anthony Vigiano as a person, right? An individual. And I remember when I was looking at your LinkedIn profile. And have you ever seen his picture? It's a very sporty picture. You can see he's outdoors. He's wearing this hiking gear or whatever. So tell us about that. So what's about life that excites you? Yeah. So that picture in particular was Mount Washington, the tallest mountain in the Northeast, which isn't very tall if you look at other parts of the country and the world. And all the cars in our area have the bumper sticker, this car climbed Mount Washington. Well, my wife and I climbed Mount Washington without the car. So that was a lot of fun. But yeah, my wife Whitney, we love doing outdoor activities. I'm Matt Whitney. Yeah. No, thank you. She's a kindergarten teacher. And she's just really the sweetest person. So we love outdoor activities. We're trying to do hiking. We're going to try to do a backpacking adventure that later this summer. With kids? Not with the kids. So yeah, the kids, they don't have the endurance for the hike. So let's just say that's not their favorite thing to do, but they love mountain biking. How old are they? They're 15 and 11. And just this past Sunday, we had a race in Massachusetts. And my daughter Lily, she's the 11 year old. She podium for the first time. I mean, she got fifth place, won a medal. And this is not a participation trophy. This is you worked your butt out. It's a real deal race. In the mountains, by yourself, you versus all the mud that was out there and some of the other kids. That's your 15 year old? This is my 11 year old. Oh man. Yeah. And my favorite part about the mountain biking, you're like, yes, it's one of my favorite activities. And the fact that I get to do that with my family is an incredible blessing. But she's learning grit. She's learning hard work. She's learning how to persevere to say, I don't want to climb this giant hill in front of me, but I'm going to, I'm going to lower the gears and I'm going to, I'm going to go do it. I'm going to work hard. I'm going to sweat. And then I'm going to finish. And then I'm going to prove to myself that I can do something that's hard that maybe I didn't want to do. And I accomplished it. And that great feeling that comes with that sense of achievement. I can guarantee there's an identity analogy in there somewhere. We'll find out by the end of this episode. But as far as my son, he is 15 and he just surpassed me in his skill and ability to mountain bike. And that's a little hard for me to take, but also a proud moment. We spoke about this, right? Because my, I have an 11 year old and a seven year old son, daughter. And I remember when I remember exactly the day when my son surpassed me in skiing and said, man, I'm chasing this guy now. And he's super fast. He races too. And so how was that feeling? So do you remember? Number one, do you remember the day there's a man? Yeah. He surpassed me. And how you, how did you feel? Yeah. So he, he races. We, I coach their, it's their youth sports team, the mountain bike team. So we're always out, out racing together, but it was last year in the spring time. And we did a race together like before his season started. And we went out together and we were going to be, it was going to be, you know, both of us at the same time for the first time. And we're okay, this is it. Let's see who's fastest. And of course, so you're actually racing him where, yeah. So wherever he started a little bit behind me, but it's all time-based. So I came in first, I'm like, yes, I did it. And then he comes in after me and his time is just a couple of minutes faster. Right. All right. How did that make you feel? I was frustrated at first. It was like my initial reaction, like I want to be better than him, but then it was like the proudest moment. Yeah. You're right. My son is better than me at this. And now he's better than me at everything. Ping pong. We play that a lot. Golf. Not even a shot. He was better. At identity? No. And interesting that? He, I've taken him to work a few times. He is interested. He's like, you just sit on meetings all day and just talk. It's cooler than it looks, dude. I love what I do. And so I think, I think he'll come around. For me, it's the opposite. My kid thinks my job is cooler than it really is. Yeah. But, but I remember vividly the sentiment of, of your offspring surpassing me was, okay. It's a mix of anger, but also pride. Yeah. You feel good, but man, I'm getting old at the same time. Right. And, and to that too. So I took my son to an identity conference for the first time in Toronto. We have the IAM community conference there. And I brought him in, man, I, and I, and I spoke about ITDR and there was a bunch of other speakers and, and, and, and I asked him, say, Lucas, do you remember anything about what was it now? But ITDR, he didn't remember, but, but he said, I remember one thing about a pixel tracking. So okay. So I think the seed is there. Okay. Yeah. And, and we're talking about this community and, and how it is important, Anthony, right? So I want to ask you about this, how we, how our community is different. And I'm, I'm, I'm talking about compared to other perhaps cybersecurity communities. I've never been part of other communities, but I think it's, it's such a welcoming, but also a diverse, and, and that's my style too. I like to bring in people saying, Hey, join us. It's going to be fun. That's more of my, the way I, I, I run my professional life. But what do you think about that diversity? I know you're a big advocate for that too. So tell us about a little bit, how can we make our community better? So if people listening or people watching us, so what, what, what do you think we could do better? Yeah. What could we improve? I look at potential when I'm hiring for leaders or for, for anything else. Okay. And I just kind of think about myself first is when I'm going after that next role, I probably don't have the credentials for it. So I say, you know, to that hiring manager, Hey, just give me a shot and then pour into me and help me get better. Tell me where I can improve. And then when I get that shot and they do invest in me, I'll do anything. I will. I, and you know, we'll work so hard and, and, you know, be successful, but I can't be successful on my own. It's, it's thanks to that manager. That's making the investment and all the peers that are around me and the, and the people that I work with, I'm, I'm never successful on my own. I don't know if any of us are. Yes. So I try to take a similar approach when I'm interviewing and when I'm hiring. So, you know, I'll look at the resume and yeah, maybe they haven't had 10 years of identity and access management experience, but maybe they've got the potential to be that person that can be the identity and access management leader, to lead the access review team or to lead the audit and compliance team or lead the engineering team. And it really helps. You know, I know that's harder to do when you're hiring from outside the company, but when you have a diverse talent pipeline in the company already, and now you can go hand pick who who's the top performer on your team, it doesn't even have to be an identity or even cybersecurity. It's who's your top performer, who has an interest in getting into this space and who's going to really work hard and try to learn, pick that person and then invest in them. And, and the outcomes are clear. Man, that, that, that hits home so many ways. I'm an immigrant and I, I, I got to thank everybody that, that took a shot on me. Right. So, Hey, let's give this guy a shot. Yep. He doesn't even speak proper English. Right. And, and, and you can imagine how, man, I'm not very confident as much as me, but yeah. And having that type of approach of diversity and say, okay, this guy's talent is, is, it could be hidden in so many ways. Right. So what exactly would you look for? Because I know technology, we can all learn that. Right. So technical skills can be taught, can be learned, but what are the things that you look for when you are interviewing as a leader that's, okay, I'll rather prioritize this because this can't change. Right. What is the track record in their prior role is, are, are they one of the top performers in their existing role? What is their manager's opinion of them? And so that for me is like one of the first things to look for. If they're already exceeding and excelling in their current role, then that means they're, they have that, that passion and that desire to, to, you know, for more. And then I'm looking for kind of the, the leadership experience and leadership capacity, not that they've been an experienced leader, but have you led projects? Are you the kind of that go-to person in the team where you're always taking your time to help other people, which may impact your own metrics? You know, let's say if you're on the help desk, for example, but you're helping other people. And so you're helping the, the team's metrics overall. So those are the kinds of things that I'm looking for. And, you know, then basic stuff like problem solving, you know, relationship building and, and those kinds of things. So part of, and I had a conversation about this last night, but like when you, when you look at that, right. And you talk about leadership in, in, in your position, you were saying that like, Hey, take a shot on me, like invest in me, allow me to give you that opportunity. A lot of that requires a couple of things. One, you've got to be going into an organization that understands like leadership and understands that leading is not just because I have the title and I get to give you orders. Leading is creating an environment where my job now is to make sure that you become the best Anthony that you could possibly be, right. And that's, that's an investment on both sides. It's not just you working your butt off. It's that leader going, okay, this is Anthony, I'm going to put him in this position. And now I got to do everything I can do. Like I always tell people, it's like a toddler, right? You go let them play. Their job is like, move this, here's a sharp object. Let me put these things on the door. Like I've got to create this path where you can go and grow, right? So when you look at that, how do you go about making sure that you're setting up your team? So when you want to bring somebody in, it's like, listen, I think this person is going to be a go-getter. They checked all your boxes, but also got to make sure like the, the playground I'm bringing them into is safe for them to grow. Right. So how do you approach that? Yeah. Well, I like your analogy. It is a lot like kids and not kids. It's a lot like raising children, sorry. They're not children. But as a parent, I want to take care of my kids. I want to give them those opportunities. You want to see them succeed. They want to see. Yeah. And to fail. Yeah, exactly. Right. And so, you know, it's kind of like you're saying, creating that environment. So it's one, coming in and making that investment and saying, I'm going to help you grow. And part of that is helping them do the job at the same time. It's like doing it with them. So it's not a quick fix. It's not like I can hire somebody and they're going to hit the ground running and I don't have to worry about it anymore. Right. I mean, that's great. And you know, a lot of us, sometimes we have to hire for those things. We've got to solve an urgent problem. But that's the first step is I'm going to do this job with you for six months. And then as you do that over and over again, now you have the culture where people are going to be like, OK, you're my new manager. You've never done this before. I'm probably better at this than you are. But I had the opportunity that you've just been given. I'm going to support you and I'm going to help you grow. So now you've got the people that report to this new leader that are also supportive and trying to help them grow and want to take the time to teach them. Using the access review example we talked about before, I just got dropped in it. There were so many people that taught me what access reviews were, what compliance was, what SOX was. They took hours out of their day to teach me. And so we want to build teams like that. And that's one of the great things about Cigna as an organization is that's the culture is we want to sit down. We want to teach each other how things work so that you can now support me in my growth. That's very rare. Right. So especially if you think on the other side of the fence, on the vendor side, how much of internal competition exists versus collaborations, hey, I want to honestly see you succeed. That's not something we can take for granted. It's very rare. But I think the more we see of that, the more likelihood of success. How much of that do you think has impacted the success of Cigna as an organization, for example? Oh, for sure. I think it's a major impact for any organization that can invest in their people because then the organization grows at a faster rate. The individuals may not grow quite as fast individually, but the organization is going to grow faster. Did you have a specific impact? You mentioned culture, right? So as your team grew to 90 people, right? So how did you make culture stick, right? So as it grows, did you have like one-on-ones with every one of your reports? How did that go? Yes. Weekly one-on-ones with every one of my direct reports before four leaders. So 90 meetings a week? Well, they're not all reporting directly to me. My direct reports. So then they're split up. And they kind of follow the same approach. And we try to talk about, put the relationship first. Like, yes, sometimes you just got to get into it. It's a little trust. Yeah. Exactly. And the trust is so important because I know you're going to solve the problems. My job as your manager is simply to remove the barriers. Like, where can I help? And sometimes they'll come with me. I'm like, well, no, you can solve this problem. And then they do. And they're like, oh. And now their confidence grows. And then they don't come to me for the next time they have a similar problem. So yeah, it's really kind of spending the time, sitting down with them. And then they do that with their team. And so now their team is growing. But you're right. Sometimes it is really hard. We got an urgent audit request that are coming through. We got to get those. So there are plenty of months and weeks where we just sit down, OK, here's the agenda. Solve the problems and kind of get through it. So on the seasonality of identity governance, so did you see that flow? Oh, big time. Yeah, you got bigger chunks, periods of crunch time, guys, versus, OK, now it's cruising time. So how was that through all year, for example? Was it around audits? Yeah, it was around the audit period. So with the companies that issue the SOCs and SOC reports at a very specific time, they cannot be late. And so when that due date's coming, we're all 100% audit compliance focused on responding to the evidence. How long at a time? Was it like a month? Those are a couple of months. It's probably three, four month periods. And then it gets done. It's issued. And now we have time to breathe and all that. And be ready for the next one. Yeah, ready for the next one. Or sometimes it feels like it never stops. That's the cycle. I want to shift real quickly back to identity security because I want to ask you, so given your definition, if you could wave a magic wand and say, OK, now I'm going to create this identity security team, what does it look like? Yeah, so I'd say figuring out how we incorporate with the SOC. So how do you get important alerts and important information to the operations, the cyber operations team, so that they can take the appropriate action? The question is, do you build that in the identity team or the SOC team? And I think there's going to be a partnership there, because you need the team that's going to build the tools and engineer those things, and then the team that's going to respond to the day-to-day issues. Do you see the personnel reporting into the identity security team, do you see them taking on some of the SOC responsibilities of that? A little bit, yeah. I think because you've got to do triage. What are the more urgent ones? That's kind of where maybe the thin line between ISPM and ITDR kind of blurs. What's the urgent, wow, this is an issue we've got to solve right now, versus, OK, there's a couple of people that have this access that shouldn't. Let's work on how do we remediate that, but it doesn't need to be done this very minute. So yeah, that's a lot of blur there. Within the identity governance program that you ran, if you had to remember perhaps the biggest learning through that journey, right? So what was the biggest advice, the biggest thing that other leaders could benefit from? But also, I wouldn't say the biggest mistake, but something that in hindsight, maybe I would have avoided that. Yeah. I would have made integrating with legacy systems, legacy application teams, much easier in the beginning. We waited a couple of years before we really simplified it, because the approach early on was, we have this new tool, saving ARS, and everybody's going to integrate into the tool however they need to, and we'll get all the data, and that'll be great. Teams were slow to adopt that approach, and it makes sense. They've got business value that they need to deliver, and trying to spend months to integrate into this new tool probably isn't going to be a top priority, and it took us a little while to figure that out. So what we ended up doing instead was creating a template that they could send a report in, and then we would consume that automatically. So we created the template, they would automatically generate it, we would automatically consume it, and so now that's way, way easier. We're talking things like who's the user, what do they have access to, what are the entitlements that grant access to your system, and then consuming that automatically. We would have done that a little bit sooner. And then the other thing is with, for example, I'll use RBAC, is trying to follow the industry standards a little bit closer. We all customize everything, every company. It's just a normal thing. I need it to do this, I need it to do that. So using RBAC as an example, if I look at the 1,000-page CISSP book that I'm reading right now, it's great, it's a good read. The intent of RBAC is least privilege, which means you've got, let's say, three teams. This team does development, this team does engineering, this team does something else, so you build them a role, and they all get that role, and they all do exactly what that role gives them. But what happens when you've got one person on that team that maybe needs a little bit additional access that everybody else doesn't? Do you grant that outside of the role? Do you create a brand new role? And then now multiply that by tens of thousands of teams, or people, and thousands of teams, now you have sprawl. Now you either have way too many roles that you can manage, or you have people that are in roles and have access outside of roles that's too hard to manage. So you can't, it's really hard to apply the standards and the framework at scale. So trying to figure that out ahead of time, I think, would have been something I would like to do. I think it's because, so it's interesting that you bring up RBAC, right? And I love the fact that you brought up, you were reading the CISSP book with Sean Harris, because when you, you touched on the fact that I think a lot of people miss when they go into RBAC, is that the purpose of RBAC was to do least privilege. And what we, as an industry, tied to was, what's the construct we're using to go implement that purpose? And we said, well, this is the way we're going to do it. It's like, no, no, no, go back. And it's like, the purpose is least privilege. So in areas like that, when you go, hey, I'm going to segment out, and here are the roles, right? And I think it's going to be a lot easier now, because we can process data, we can do more things with analytics, right? We can actually take advantage of ML, you don't have to be a math scientist to be able to do ML now. But like, you can take those interesting things and go, okay, listen, for 76% of the time, this is what this role looks like, right? And the other part, you can easily provision dynamically, or on the fly as they need it, but you still keep the role intact, because the whole point is, the role is there to enforce the policy of least privilege. It's not there to be a construct that lives forever, that you have to go and change, and then we created this whole life cycle around it. That's really the biggest thing that we messed up with roles, is that we just, we read it and was like, okay, great, now we're going to go do this, and it's like, that wasn't the point. But it's hard to roll back from that. It's almost like skipping that step, right, a super important step, which is the purpose. And Anthony, man, so much fun to catch up with you and share some of that amazing experience that you had in the industry with our audience here. On that note to what David just said, right, so in an ML, ML and all AI stuff, I have a couple of final questions here. Sure. So realistically, we're in 2025. In your organization, or perhaps the way you see the future of identity, right, so what's realistic today in terms of AI and identity? And second question is, what your thoughts are on e-bikes, electric bikes? Okay, that's very controversial. The electric bikes. Now question, which question is more controversial? Yeah, so AI, so yeah, I mean, we're kind of seeing it in the chatbots and different things like that. But it was just at a keynote where they were talking about a video game analogy, like Ready Player One. A lot of analogies. Right. You've got the people, and then you've got the artificial intelligence. And he used the ISPM, the ITDR, who are you going to be your players? And how are you going to partner with AI? Is that Player One, Player Two? Yeah. Yeah. Interesting. And then, yeah, who's the person? Who's Mario? Who's Luigi? Right. Yeah. So I think it's trying to partner to solve those problems and maybe the tedious tasks. And that's really what I'd like to solve is the data quality. So for example, you've got entitlements, because at the end of the day, you want to figure out where's the risk? So who has the risky access? Well, how do you know what is risky access? Like sure, there's the obvious domain admins, but what about to an application that has this entitlement that maybe doesn't really mean anything to you? So it's can AI figure that out? Can it tell you these are the entitlements and this is what they do? They have read-write privileges, and this is what's the risk? Figure that out. And then now we can make better decisions on who really needs to have that access. That makes the access reviews more accessible and more effective. That makes provisioning more effective, because now managers can make those right decisions and say, I have the information I need to decide if this person needs this information or not. And on the e-bikes question, I think e-bikes are awesome. When I'm a little older and can't cycle the way I want to, I'm absolutely going to get an e-bike and I'm going to continue to crush it until I just can't pedal anymore. I think I need them now. Yeah, you think so? Okay. That's okay. Anthony, I had lots of fun. Right? Great having you, bro. This is great. Thanks for coming. Thank you. I appreciate your time. Thanks so much. Anthony Pigiano, man. Yeah, dude, that dude's amazing, man. It is fun that we talk about things. He's doing things. Yeah. No, I just, I love everything about his outlook, how he was able to come in and learn and grow. And now his, I think here was the most impressive thing. His confidence in what he wants to do. And actually you can tell he's been- The clarity of the vision. Yes. That's even better. It's not even confidence. It's clarity of vision. I love that. Right? He's very clear on what he wants to build, how he wants to go. That dude's going to be an amazing leader, man. Or he already is an amazing leader, but I'm just very impressed. Love to see somebody like that in the identity field. He's such a nice guy. Awesome. Right? And when I think about building teams and running complex things like governance, I mean, you want good people around you. Yeah, absolutely. Sounds tough. Thanks, guys. Thank you.
