Andrew Cameron | 00:00:00:01 – 00:00:12:18
We started the identity team as an IT function. We carried the message of security benefit along that way, but we didn’t have the benefit and the cachet of a security directive behind us.
Rob Ainscough | 00:00:12:19 – 00:00:23:01
Andrew Cameron, distinguished engineer of identity and security at General Motors, spent over two decades there helping shape identity at one of the most complex enterprises in the world.
Roy Akerman | 00:00:23:02 – 00:00:27:04
And they were sitting down to chat about what’s changed in OT and manufacturing.
Andrew Cameron | 00:00:27:05 – 00:00:40:21
Identity systems played a key role as we pivoted to enabling ourselves to be a hybrid cloud enterprise. We had already established bridging between how we manage identity on premise to how we managed identity.
Roy Akerman | 00:00:40:22 – 00:00:52:08
And explore how organizations can rethink identity from a business enablement tool to a central security function, and what it takes to govern risk and scale identity effectively across complex enterprise environments.
Andrew Cameron | 00:00:52:09 – 00:01:11:04
Not only are we collapsing perimeters and really making identity that control plane, but now we also have to focus more on these core concepts of zero trust, the core concepts of reducing standing privilege, and to make sure that every access was being verified explicitly across the enterprise.
Rob Ainscough | 00:01:11:05 – 00:01:12:15
This is identity decoded.
Roy Akerman | 00:01:12:16 – 00:01:19:05
Identity isn’t just an operational problem, it’s a security one. And most teams are figuring out in real time.
Rob Ainscough | 00:01:19:05 – 00:01:29:06
This is the podcast where we reverse engineer the meaning of identity security, sharing candid conversations about the people building, fixing, and rethinking identity security from the inside.
Roy Akerman | 00:01:29:07 – 00:01:30:12
I’m Roy Ackerman.
Rob Ainscough | 00:01:30:13 – 00:01:31:18
And I’m Robin.
Roy Akerman | 00:01:31:20 – 00:01:32:22
Let’s dive in.
Rob Ainscough | 00:01:32:23 – 00:01:39:16
Let’s do it.
Roy Akerman | 00:01:39:18 – 00:01:40:19
Welcome, Andrew.
Andrew Cameron | 00:01:40:21 – 00:01:41:22
Good to be with you guys.
Rob Ainscough | 00:01:41:23 – 00:01:52:19
We’re going to kick off with a bit about your identity journey. You’ve had a fantastic journey in identity at the highest level, the biggest scale. So can you tell us a little bit about your journey through identity?
Andrew Cameron | 00:01:52:20 – 00:02:21:18
Yeah, I am cruising just over 20 ish years in identity at General Motors, so I was part of an infrastructure team that was focused on directory services. And in that role we were, you know, recently just had built what started as an enterprise Ldap directory. Right. And what ended up happening is that we had a very high profile initiative around our employee portal, right.
Andrew Cameron | 00:02:21:19 – 00:02:42:16
So we were rolling out one of our first versions of our global enterprise portal, which would it highlighted all of these cool things that the employee user base would be able to take advantage of, like accessing all of their HR applications and features that they could get through the portal and, and being able to access other content that was targeted towards the employees.
Andrew Cameron | 00:02:42:16 – 00:03:12:16
But the challenge was that all of that content behind the portal was secured through different systems on the back end. Right. And so accessing the HR system was a different set of credentials that needed from one of the corporate communication systems, for example. Right. And so that required a high amount of collaboration amongst these teams to be able to start to build this feature that became known as single sign on.
Andrew Cameron | 00:03:12:17 – 00:03:35:10
It was something that we actually ended up advertising as this cool new thing that we could bring to other siloed organizations in the enterprise, as here, adopt the employee directory, which they didn’t have to do at the time. So if they adopted the employee directory, you get these cool things. You get single sign on, you get the ability to recognize your user and across different applications.
Andrew Cameron | 00:03:35:10 – 00:04:01:21
And that really laid the foundation for myself in the creation of an identity and access management team that started to really focus on bringing those core identity features to the broader enterprise, and that laid the foundation for us getting more into more of a security based function, which we’ll get into in a discussion. But that laid the path towards becoming a security function.
Rob Ainscough | 00:04:01:21 – 00:04:29:05
Something we were really interested to dive into in today’s episode was really about the evolution that you’ve seen. You know, you started there talking about your journey with a focus on identity as, as infrastructure or operations, right? Enabling the business, making it happen, allowing people to access apps easily, simply all of that good stuff. But you’ve seen a significant transition in the last few years with identity now becoming a security function.
Rob Ainscough | 00:04:29:05 – 00:04:31:14
And that’s changed for GM, right?
Andrew Cameron | 00:04:31:15 – 00:04:54:13
Yeah, I’ve been fortunate, in my experience, kind of to have seen that journey from both sides of it. Like like I was saying, we started the identity team as an IT function. So we were seen as supporting it in its ability to roll out new systems, to roll out ERP systems, to roll out external facing systems. And we were sort of an implementer.
Andrew Cameron | 00:04:54:13 – 00:05:04:00
We carried the message of security benefits along that way. But we didn’t have the benefit and the cachet of a security directive behind us.
Rob Ainscough | 00:05:04:01 – 00:05:25:12
It parallels with something that I saw in my role. So when I was doing this, you know, over the course of ten years, the first five years, I say I probably spent calling it security, but really it was about enabling the business, right? There was a big new ERP that needed every colleague to have an account to access it, and that was a big reason for them driving into automation of account creation.
Rob Ainscough | 00:05:25:12 – 00:05:42:04
Single sign on, all those good things. But then we we saw an incident and the things we focused on to secure identity post that incident for the second half of that job was totally different, right? It’s a different way of thinking. It’s a different set of investments that are effective there.
Roy Akerman | 00:05:42:05 – 00:06:04:15
I feel that many of our audience right now are trying to figure out, so what’s the transition point? It sounds so natural that identity became security or became parts of security. But we’re speaking about two different entities with two different metrics, right? Like operational efficiency, business enablement and risk management body with some emergency or like IR teams and others.
Roy Akerman | 00:06:04:15 – 00:06:25:23
And in some point there decide to become one or at least to make the teams much closer. So it’s either an emergency mode, something that is happening that made us to recalibrate. But and it sounds very natural what happened in GM. Can you take us a little bit to the details of that? It was just like one day somebody woke up and said, let’s get married.
Andrew Cameron | 00:06:26:00 – 00:06:52:08
To be permanently honest, we were blessed by some really forward thinking leadership that the executive who actually was in charge of creating the identity management team back in the early 2000, actually eventually became CIO. And along that path, he became Siso. I’m speaking of a gentleman named Fred Killeen, who he became Cisco prior to becoming CIO. And Fred, always he always got us right.
Andrew Cameron | 00:06:52:09 – 00:07:19:14
He always understood that value of identity to the broader security set of concerns. And so, as he became CSO, one of his first things that he set as a directive was to at one time, we didn’t own the Active Directory environment in GM, right? That was totally under the leadership of another executive when his first things that he did as leader of our team was that, you know, all directories need no need to come under the guidance of one team, right.
Andrew Cameron | 00:07:19:15 – 00:07:37:00
And so as he became Cisco, what did the first things he said was that, you know, the identity team needs to be part of the security organization because there are too many overlapping concerns with the beginnings. You know, zero trust concepts have been around forever. But, you know, zero trust as sort of a branding and a security strategy has started to take hold.
Andrew Cameron | 00:07:37:00 – 00:07:49:21
At the time, he was in leadership, and that really became sort of the the culture of our organization was to kind of make sure that we were driving everything that we did around these kind of core zero trust concepts.
Roy Akerman | 00:07:49:22 – 00:08:11:06
Is there anything that was changed by nature, the rhythm, your involvement in incidents, the way that the organization is building new stuff? Now that you’re part of the risk team or the team that manage SOC and other things? Right. There are more real time. Is there more sometimes reactive than the usual IAM practice? And so if I’m underplaying the IAM for a second.
Andrew Cameron | 00:08:11:10 – 00:08:50:15
No, no, you’re absolutely right in that in incident response it required more than just bringing identity into the security organization, but you had to collapse the borders that existed between the identity team and the SOC, right? And so the SOC had to be aware of all of the key identity functions that were areas of risk, right. And so whenever an incident would happen, it was always the identity team that had to be involved in first response, in terms of being able to assist in diagnosing and being able to assist in responding to anything that was related to a security incident.
Andrew Cameron | 00:08:50:15 – 00:09:13:01
Right. And so that as a practice, you know, leadership started to recognize that if we’re going to actually make strides in lowering our risk in these areas that, you know, strengthening identity for the employee user, requiring MFA and requiring strong authentication on the front end is sort of the minimum that has to be done.
Rob Ainscough | 00:09:13:01 – 00:09:46:00
I think it’s a really interesting point, though, because as you move to security, you weren’t just in security in name. There’s a difference between identity sitting in security and identity being part of security. And they are two different things, right? Ones are reporting line ones about the capability and what you’re bringing. And I think it’s so important that identity not only sits under CSO insecurity as a security function, but also is part of security.
Rob Ainscough | 00:09:46:00 – 00:09:49:06
That’s really important because otherwise you don’t get the full benefit. Right.
Roy Akerman | 00:09:49:07 – 00:10:09:00
I must try to challenge this a little bit. Okay. It sounds that everything was rosy, right? But I know security people. I’m. I mean, I’m missing that point of like, where’s the cynicism? Where’s the. Oh, you’re just like an in-person go and configure some identity or something like that. Oh, let me handle it. Now that they got into the system, let’s do X, Y and Z audits.
Roy Akerman | 00:10:09:00 – 00:10:18:00
There’s a lot of drama in that room. And sometimes, you know, our security people blowing our own horn. I’m trying to figure out, although it sounds that this transition was smooth.
Rob Ainscough | 00:10:18:01 – 00:10:18:17
A happy family.
Roy Akerman | 00:10:18:18 – 00:10:20:19
I’m like, where was their punches in the room?
Andrew Cameron | 00:10:20:20 – 00:10:40:02
I’m probably not covering a lot of the long hours that were spent debating and deciding things around. One of the jokes that we had with our leadership was he would always ask, you know, when is identity over with? Right? Like, when is this identity stuff that we’re working on? When is it going to be done? And that was a question he asked in 2005.
Andrew Cameron | 00:10:40:03 – 00:11:07:00
We never we don’t have an answer to that yet. Right. So the challenge is that you are constantly evolving to support the business. And there’s always challenges in how security is applied because there’s that balance, right. We even today we’re faced with challenges around our manufacturing organization and being able to bring modern security technologies into our manufacturing facilities, which is is much harder to do than you might think, right?
Andrew Cameron | 00:11:07:00 – 00:11:32:18
As GM has transitioned to more of a digital enterprise. There’s also challenges around enabling acceleration for our information workers so they can be brought in and being made productive much faster than they ever were before. And so challenges with, you know, the identity lifecycle and making them productive while making them secure. Right. Are things that we are faced with on a daily basis.
Andrew Cameron | 00:11:32:19 – 00:11:47:04
Right. And so, you know, we can’t have developers to join our organization and take, you know, two weeks of workflows to be able to get all of the access that they need to be able to be productive in the environment. They need to be productive, like within hours, right? Instead of it being a day.
Rob Ainscough | 00:11:47:06 – 00:12:00:09
Kind of cool, constant tension, right, of enable the business, get them up and running, get them done quickly. Right. Save that business cost of someone getting up to speed versus security. And I think.
Andrew Cameron | 00:12:00:10 – 00:12:02:00
And keep a secure while you do it. Yeah.
Rob Ainscough | 00:12:02:01 – 00:12:28:12
Exactly right. And that balance is a very I mean from my experience, very difficult. I got it wrong a hundred times and got complained and my boss did as well. But I think it brings us on to interesting territory, because for a company that size 350,000 people plus externals. Right. Huge scale, lots of different types of persona if you want to use the word there.
Rob Ainscough | 00:12:28:13 – 00:12:55:01
Right. People working in factories versus people in in the office, knowledge workers, you know, lots of different types. And I think as I talk to people about identity, there’s kind of two different groups, people who see identity and identity security as a set of projects or programs that get done in isolation. Almost. Right. And people, you see, identity and identity security is more of a product, right?
Rob Ainscough | 00:12:55:02 – 00:13:07:00
And that’s the kind of camp that I sit in. I’m really curious on, on your view on that and how you can be successful in that kind of enterprise in deploying and scaling controls.
Andrew Cameron | 00:13:07:03 – 00:13:31:20
It’s a really interesting question, because we’ve come from a background of seeing identity become a product. Right. And the way we always had seen how we provide identity to the enterprise was that we provide identity as a service to the enterprise, right? It’s a security service, but it is as you build capabilities within the enterprise, you don’t have to build identity, you don’t have to build authentication.
Andrew Cameron | 00:13:31:20 – 00:13:50:03
And largely you really don’t have to build authorization. But that’s a whole different discussion that we can get into another day. But at a minimum, when you bring services to the enterprise, we are better off if identity and authentication at least is treated as a product that everyone can leverage.
Rob Ainscough | 00:13:50:07 – 00:14:14:03
Something I think about a lot is. Those basics getting them in place, getting the coverage in place for the basics of whether it’s hygiene or, you know, single sign on with strong authentication behind it, like all of those good things is so important because I think and Roy, I’m keen to bring you in here. Like from an attacker perspective, what happens if you’re not able to do that?
Rob Ainscough | 00:14:14:04 – 00:14:16:12
What happens if you’re not able to put those controls down?
Roy Akerman | 00:14:16:14 – 00:14:42:16
You read my mind. I’m trying to even figuring out when the mission of IAM kind of like stops. If you get the right person to the right digital entity, let’s call it identity, okay? And you made sure that there’s like 100% like validate person that you’re allowed to do x, y, z. That’s it. You’re you’re connecting them with identity and that’s it.
Roy Akerman | 00:14:42:16 – 00:15:11:01
Or that in every given moment you need to give the assurance that an activity is being made by an actor that you can recognize, like the reverse. And I think that this is kind of like dealing with the things that you asked for from a different perspective. What it’s not because yes, if it will not be Hyginus, I’ll find all those opportunities as an attacker to get into the places that I am afraid to touch and or the broke, and we’ll get into probably OT systems.
Roy Akerman | 00:15:11:01 – 00:15:23:15
I mean, it’s big GM factories all over the world, robots that are doing stuff and have identities. But I mean, I’m wondering, did you have a beginning or stop? Are there conversations in the security room that you’re not allowed to get into?
Andrew Cameron | 00:15:23:16 – 00:15:52:09
Not anymore. Security. Fortunately, we’ve been able to make security part of the discussion because it has to be in most everything that we do. I think to the point you made Roy around where identity for a while. I think we’ve moved away from that conceptually, that it was seen as a a point in time validation that was supposed to provide you the same level of security as a user proceeded into interacting with different services around the enterprise.
Andrew Cameron | 00:15:52:10 – 00:16:23:03
And I think we’ve evolved to more of a real time, event based architecture around security and identity, where every access, every event that can be monitored from a user perspective needs to be given the right amount of validation, right? And so that’s why because of how prominent and how the volume of security breaches where identities get compromised. And you can’t trust that an authenticated user is who they are, right?
Andrew Cameron | 00:16:23:04 – 00:16:48:02
You can’t trust that the user that is coming to access your ERP system to request for some payment to get sent to a vendor, you can’t trust that that same person who authenticated eight hours ago is who is who they are at this moment. And so that’s where, you know, being more event based, being more real time in how you apply identity security controls is where we have to go.
Andrew Cameron | 00:16:48:03 – 00:17:10:21
You even start to kind of blur the line between what authentication and authorization, because you’re much less concerned about what should they actually have access to as much as you should be, I need to know who they are right now to be able to determine the level of risk that this user who is requesting this access is trying to bring.
Roy Akerman | 00:17:10:22 – 00:17:36:16
There’s like the administrative or like admin time, right? When you’re building the right setup, that will allow you to have the first maybe verification point. But the I think that most of the or the sole purpose of this is to make sure that in runtime you will be able to tweak, to verify, to change, or to intervene in the session and make sure that it will remain healthy.
Roy Akerman | 00:17:36:16 – 00:17:45:03
So like you spoke about the basics over there, there’s like the admin basic things. And then there’s the real time is basic things. Both are important.
Rob Ainscough | 00:17:45:06 – 00:18:10:00
Yeah I agree. I mean, the key thing I always say about admin time is you can be really, really, really good at things like IGA, right? High coverage, high fidelity. You can you can do all that you can in IGA. It will only make it a little bit less bad than it otherwise would have been. If you’re not also doing the run time thing.
Rob Ainscough | 00:18:10:00 – 00:18:11:14
I want to get worse.
Roy Akerman | 00:18:11:14 – 00:18:17:01
No? Like, do you know what attackers loves most? And like a very organized directory, right?
Andrew Cameron | 00:18:17:02 – 00:18:45:03
You really want to shrink the amount of investment in admin time, right? So identity historically has been this this bridge of admin time features versus runtime features. Right. And you really want to shrink the amount of investment that you need from, especially from a human interaction to whatever is required for admin time. And you want, you know, more validation, more capability on the runtime side of it.
Rob Ainscough | 00:18:45:03 – 00:19:07:12
I’m really interested in hearing your story about, you know, ot about factories, about robots and factories, about, you know, all of those things, that diversity of things you’ve had to worry about over this number of years that you’ve been thinking about identity at GM, like, how have you dealt with with those challenges or those new identity types of OT, of all those interesting corners of identity?
Roy Akerman | 00:19:07:13 – 00:19:11:18
Or the three letter thing was happening? Right. It was different in the beginning. That’s the.
Andrew Cameron | 00:19:11:18 – 00:19:42:07
Business we’ll get there, I’m sure. But yeah, I mean, in our manufacturing facilities, you know, being able to so resilience and in uptime were like of the of the highest importance when it comes to identity as a feature. Right. And so robots being able to have them establish identity for themselves and to, you know, be able to monitor their activity was relatively straightforward in that you could lock down robots to a particular network segment.
Andrew Cameron | 00:19:42:07 – 00:20:11:12
You can make sure that in monitoring the telemetry of of what they do, that they don’t step outside of the paved path that a robot is supposed to do. They typically, you know, you can keep them in a very controlled existence in the factory, right? But they need to be up, they need to be available, and they need to be able to integrate with security features that are not always as available or as accessible to the information worker outside of the plant.
Andrew Cameron | 00:20:11:13 – 00:20:38:05
Right? I mean, things like facial recognition, you know, if someone in the plan is wearing protective eye gear or industrial gear in the plant, facial recognition is not available to you. Biometrics largely with a fingerprint not available to you. You know, things like, you know, you’re depending more on bad swipes. You’re depending more on integrating with badging systems to be able to bring those advanced security features onto the plant floor, right.
Andrew Cameron | 00:20:38:06 – 00:21:00:20
And so those, you know, on top of resilience and top of making sure that identity is always available, you know, you’re dealing with largely systems that don’t speak a lot of the more modern identity protocols. You’re you’re fortunate if you can get systems in and run on the plant floor that speak, OpenID connect and OAuth. Right. Those are still challenges even today that we still are the only one.
Rob Ainscough | 00:21:00:21 – 00:21:22:04
I was talking to a manufacturer and he was saying, you know, you have to realize some of the kit in our factories was built in the 1960s. Right. And that’s not getting replaced anytime soon. Right. And even if we did want to replace it for security, you’re talking $2 million a unit to change that. Are we going to do that as a business?
Rob Ainscough | 00:21:22:05 – 00:21:43:09
It’s worked since the 60s. Why change it now? And that’s comes down to one of the fundamentals of particularly in OT and manufacturing of this huge I don’t call it a legacy problem. I hate the word legacy because it’s not legacy. It works for the business, right? But it doesn’t necessarily work for security. And securing that stuff is really, really difficult.
Roy Akerman | 00:21:43:10 – 00:21:55:18
It’s like modernize identity to an old and legacy systems, because nobody will let us displace those systems soon or upgrade them because of the costs, but they all push us to connect them together.
Rob Ainscough | 00:21:55:18 – 00:22:17:17
But when we bring it back to things like Active Directory, right, everyone uses it. So the amount of companies I talked to who say it’s fine in five years, I’ll be off it. In five years I’ll be off here like, yeah, but what about the. Yeah. About today, what we like to do in this show for our viewers is, you know, give them something practical to take away.
Rob Ainscough | 00:22:17:18 – 00:22:43:23
Right. We’ve had a fantastic conversation. We touched on so many different things. It’s hard to sum it up. We talked about admin time versus runtime. We talked about policy based controls. We talked about robots in factories through to AI. So we’ve covered some distance in the last half an hour or so. If there was one key kind of practical thing that our viewers can think differently, do differently when they go into work on Monday morning, what would you say that is.
Andrew Cameron | 00:22:44:00 – 00:22:51:21
To do this? It’s a little harder than than just uttering the words, but I would love to blow away all standing privilege.
Rob Ainscough | 00:22:51:23 – 00:22:55:12
Cheesy. So true. We’ll do that on Monday. No problem.
Andrew Cameron | 00:22:55:14 – 00:22:57:00
Yeah, I would like to walk in on one.
Roy Akerman | 00:22:57:02 – 00:23:00:03
One, start with one.
Andrew Cameron | 00:23:00:05 – 00:23:28:18
Because that I think even to this day, we are dealing with years of practices that didn’t recognize how important it is to, you know, to apply least privilege principles. Right. And so if I was able to start from a no one has any privilege, and then it could be more dynamic in how they request access, then I think we’re at a risk posture that is much more beneficial than kind of what a lot of large enterprises are faced with today, right?
Andrew Cameron | 00:23:28:19 – 00:23:37:18
And so I would if I could do one thing, I’d start with that. And the second thing I would start with is to blow away all passwords, would be the would be the next thing I would want.
Rob Ainscough | 00:23:37:19 – 00:23:56:04
To easy first steps for people to take in identity security. So fantastic. So the last thing that we like to do with all our guests is are some some quick fire questions, some rapid fire thoughts. The first question we’ve got for you, what’s one identity myth?
Andrew Cameron | 00:23:56:06 – 00:24:20:15
I think one myth is that identity stops at all. I think that that has never been an effective way to look at identity, and it is a continuum of of what a user does during a session. And I think that has been something I think, again, we’re on a path to being able to dispel that. But identity has never stopped at authentication.
Andrew Cameron | 00:24:20:15 – 00:24:23:12
It’s something that is very persistent and ongoing.
Roy Akerman | 00:24:23:13 – 00:24:26:03
So what’s one thing that leaders gets wrong?
Andrew Cameron | 00:24:26:05 – 00:24:52:12
I think there is a in most things in the business security, there’s been a expectation of being able to tie security expense to business value. And I don’t think there’s a direct correlation there. I don’t think that there’s a direct correlation to business value of not using passwords at the enterprise. Right. That’s just something that has to be done.
Andrew Cameron | 00:24:52:12 – 00:25:16:12
And I wouldn’t go in and say that you could spend any cost to get there. But I don’t think that there’s a direct correlation between like a business value of doing that versus what the value overall value is to the enterprise to, to stop using passwords. Right. And so I think there’s a largely been a responsibility of challenging people to provide business justification around security expense when you’re just doing security.
Andrew Cameron | 00:25:16:12 – 00:25:18:02
And that’s just a cost of doing business.
Rob Ainscough | 00:25:18:04 – 00:25:21:02
Ways and non-recurring cost, always.
Roy Akerman | 00:25:21:04 – 00:25:27:05
Having you to like suffering, trying to explain like dollar value of not doing a thing or doing a thing.
Rob Ainscough | 00:25:27:07 – 00:25:39:04
I tried to put it in a business case once, and there was quite a lot of laughter at the numbers I came out with. Let’s leave it at that. So next one we’ve got for you. What’s one hard truth?
Andrew Cameron | 00:25:39:05 – 00:26:09:15
It’s been very difficult to move away from. I think IGA has painted bias against identity from certain practices that have been there, from the socks days, like, you know, doing access reviews and doing those sort of labor intensive, people intensive processes that that is really what’s required for identity to be successful. And I think that we are getting into an area where that’s changing, right.
Andrew Cameron | 00:26:09:16 – 00:26:31:10
There is an evolution of privilege management and access reviews. That identity can bring more agility to verifying who should have access to what, as opposed to making it this twice a year or once a year. Rubber stamping process where people are just looking at a list of thousands of users saying, yeah, I guess they should have access to this, right?
Andrew Cameron | 00:26:31:11 – 00:26:37:17
We did it to to meet audit requirements, but it’s not security. It’s just kind of security theater.
Rob Ainscough | 00:26:37:18 – 00:26:56:02
There’s quite a few companies I’ve spoken to where they’re kind of dealing with multiple identity type challenges and talk to them about kind of privileged access, privileged access risks. They go, we’re going to start with IGA. And once we’re done with IGA, then we’re going to do privileged access. And I’m like, dude, you are never going to finish that.
Rob Ainscough | 00:26:56:03 – 00:26:57:16
You are never going to finish.
Andrew Cameron | 00:26:57:16 – 00:26:58:17
That are the same.
Rob Ainscough | 00:26:58:18 – 00:26:59:18
Yeah, exactly.
Roy Akerman | 00:26:59:19 – 00:27:05:01
That employee number 300,001. Right.
Rob Ainscough | 00:27:05:03 – 00:27:14:21
That’s the end of our quickfire questions. So thank you for that. And thank you for joining us. It’s been an awesome conversation. So gloomy so interesting for our viewers. So really appreciate you joining us.
Andrew Cameron | 00:27:14:22 – 00:27:17:10
Andrew I really enjoyed it guys. Thanks for having me.
Rob Ainscough | 00:27:17:11 – 00:27:20:01
That’s it for this episode of Identity Decoded.
Roy Akerman | 00:27:20:02 – 00:27:26:10
In this conversation, change anything that you thought about it than it is security. Share it with someone who’s working through the same challenges.
Rob Ainscough | 00:27:26:11 – 00:27:30:08
And don’t forget to follow the show so you don’t miss what’s next.