%20-%20Thumbnail-1.jpg?width=1280&height=720&name=PMIYC%20Dmitri%20Altum%20(GitLab)%20-%20Thumbnail-1.jpg)
Show Notes
Transcript
Dmitri [0:00:00]: You kinda see this theme of the identity industry needing to be more flexible rather than these rigid guidelines that there have really always been.
Arek [0:00:15]: Today's guest is Dmitri Altum.
Arek [0:00:19]: Staff security engineer at GitLab and someone who's not afraid to challenge how we think about identity, access and the role of security, and fast moving organizations.
Arek [0:00:29]: Dmitri has experience at rapidly growing companies such as Ramp helps them bring a fresh perspective to some of IT most entrenched practices.
Arek [0:00:37]: Whether it's rethinking how identity is managed or pushing security teams to align more closely with the business.
Arek [0:00:43]: He's focused on building systems that are not only secure, but also scalable, flexible and resilient.
Arek [0:00:50]: In this episode, we dig into the future of identity, the risks of security teams turning inward and the power of rethinking access, not just as control, but a strategic leverage.
Arek [0:01:02]: Dmitri, welcome to Patch Me If You Can™.
Dmitri [0:01:05]: Well, thank you, Arek.
Dmitri [0:01:05]: I'm really excited to be here.
Dmitri [0:01:07]: I I'd take some time to to saint your accolades as well, but I I don't think we have enough time for that.
Dmitri [0:01:13]: We'd be here for quite a while.
Arek [0:01:14]: Thank you so much.
Arek [0:01:15]: Well, let's dig into this with a with the big one, identity.
Arek [0:01:19]: Before coming on the show, you mentioned to me that there's an over reliance on role based access control.
Arek [0:01:25]: I what do you think the main problem with RBAC is as it's used today?
Dmitri [0:01:30]: Yeah.
Dmitri [0:01:30]: So I I think probably we should start with a a definition of role based access control for anyone listening who may not be familiar, but it it's the concept of assigning privileges or permissions to a person based on their role, The the title they have at a job.
Dmitri [0:01:45]: And especially in modern companies what that ends up causing is a lot of inflexibility.
Dmitri [0:01:51]: You don't have the...
Dmitri [0:01:52]: The option to really be dynamic with who has permissions to do what.
Dmitri [0:01:57]: Especially in today's modern age of Ai, we're seeing role boundaries really be blurred. We're seeing things like product designers shipping code, like salespeople building apps, like marketing Guru running their own CI/CD pipelines.
Dmitri [0:02:14]: And so we really need to get away from this concept of because I have this title.
Dmitri [0:02:21]: These are the things I do at this company.
Dmitri [0:02:24]: We're causing companies to to slow down, and it's kind of feeding into the fact that IT and security have really always been seen as a cost sensor rather than an enabler.
Dmitri [0:02:36]: It's taking time away from people being productive and getting their jobs done.
Arek [0:02:41]: Can you show me about a moment where you saw RBAC fail?
Arek [0:02:43]: Or when you realized that we needed more dynamic and text contextual approach to identity?
Dmitri [0:02:49]: Yeah.
Dmitri [0:02:49]: So I I think for me, it wasn't any one specific dramatic moment.
Dmitri [0:02:53]: There wasn't a a click at a time when an event happened.
Dmitri [0:02:57]: It was really a a kind of a sum summation of of the data I've been seen.
Dmitri [0:03:01]: I I think something that's really easy to do as we grow in our careers is is kind of forget a little bit of the day today.
Dmitri [0:03:07]: We're so focused on the strategic thinking and and these larger projects that we're running that we get away from what is actually happening for people in, say, a help desk role.
Dmitri [0:03:19]: And the problems that people are facing as they're joining their companies.
Dmitri [0:03:22]: And for a little bit of context, a lot of companies like to set up their access requests process or their identity governance tools to say, okay.
Dmitri [0:03:33]: People in this department can access these things or can request these different tools and So what I saw happening as I like to kinda stay in touch with our help desk and and really read the data was that you just see request after request come in of saying, hey, I need access to this certain tool but I can't find where to request it, or it doesn't show up in our tool for me to request.
Dmitri [0:04:00]: And so the more I talked to to people and the more I communicated with our our It management and our help desk.
Dmitri [0:04:06]: I I saw that becoming a a really pervasive problem and and realize we need to shift away from just defining who can request access to what and focus more on how that access gets fulfilled instead.
Arek [0:04:20]: What kinds of...
Arek [0:04:21]: What kinds of process did you set up to to to do that.
Dmitri [0:04:25]: I think there's a lot to be set, especially in this modern age of Ai that there's so much data that we can ingest in process that we weren't able to on just the human level before where you may have teams and teams of analysts now you can help leverage technology to make those decisions by pulling in data, things like audit logs from these tools that you're using to understand, okay.
Dmitri [0:04:51]: Is this a normal behavior?
Dmitri [0:04:53]: It's not just...
Dmitri [0:04:54]: Oh, this person is in this role so we're good to go or no.
Dmitri [0:04:57]: They can't because they're in this role.
Dmitri [0:04:59]: It's really understanding the behaviors.
Dmitri [0:05:01]: I I think an analogy that I I like to kinda point to is you know, traditional banks and things like credit cards and debit cards where it it used to be twenty years ago, you'd go overseas and you'd go to buy something and all you'd get that dreaded.
Dmitri [0:05:16]: Your card's locked, please contact the card issuer you go, I forgot to call the bank and tell them I was going overseas.
Dmitri [0:05:23]: And nowadays, you don't see that anymore.
Dmitri [0:05:26]: The technology has evolved using things like tap to pay in chips where they have more signal to understand what's outside of a normal behavior pattern.
Dmitri [0:05:35]: And that's the way that the identity industry needs to shift as well is really focusing on behaviors and risks rather than just these very rigid guidelines.
Dmitri [0:05:45]: And so you're looking at at typical identity any governance and administration or IGA tools to to bring in Ai into help kind of view your environment as a whole and evaluate that risk not just on this one access request.
Dmitri [0:06:02]: But on what is happening at your company as a whole.
Dmitri [0:06:05]: So those are the kind of processes that that we're looking to to really start building on as an industry.
Arek [0:06:11]: I remember the first time, I made a phone call to the credit card company because I was going overseas and they're, like, yeah.
Arek [0:06:17]: You you don't need to do that anymore.
Dmitri [0:06:19]: I'd catch myself doing it all the time too.
Dmitri [0:06:21]: I'll open a chat with them and I'll say, oh, hey.
Dmitri [0:06:24]: I'm go, oh, you know what?
Dmitri [0:06:25]: Actually, sorry.
Dmitri [0:06:25]: I don't even need to do this anymore.
Dmitri [0:06:27]: You're right.
Dmitri [0:06:28]: So, yep.
Dmitri [0:06:28]: It...
Dmitri [0:06:29]: It's definitely a thankfully a thing of the past.
Arek [0:06:32]: So it's interesting.
Arek [0:06:32]: It sounds like what you're advocating is analyzing the behaviors rather than relying on the static role.
Dmitri [0:06:40]: Yeah.
Dmitri [0:06:40]: It it's very much a, a more dynamic attribute based approach.
Dmitri [0:06:45]: It's it's saying, you know?
Dmitri [0:06:46]: Is this coming from a location that we expect a device that we know.
Dmitri [0:06:51]: Do we see other people performing similar actions at similar times?
Dmitri [0:06:56]: There's always going to be outliers.
Dmitri [0:06:58]: Don't get me wrong.
Dmitri [0:06:59]: No no behavior apprehension will ever catch everything.
Dmitri [0:07:01]: But I I really think that technology is is getting good enough that we can start to lean on it.
Dmitri [0:07:07]: And and something that I I think really speaks to me is the fact that especially Ai, it's the worst it's ever gonna be right now.
Dmitri [0:07:15]: The more we're utilizing it and the more context we're giving it about what's going on in our environments, the better it's going to be.
Dmitri [0:07:22]: So I'm super bullish on leaning in and and having it help ingest that data and analyze it and make those decisions because how it's only gonna get better with time and practice.
Arek [0:07:33]: I like that.
Arek [0:07:33]: It's the worst it's ever gonna be today, and it's only gonna get better.
Dmitri [0:07:37]: How
Arek [0:07:37]: do you think we should be evolving identity management with that in mind, especially in fast moving high scale organizations like Ramp and GitLab.
Dmitri [0:07:46]: I think it's a focus on enablement.
Dmitri [0:07:47]: You know, I I've seen other episodes of your show where I guests have have kinda talked about the fact that IT and security are traditionally seen as a cost center.
Dmitri [0:07:56]: And and that's what we need to move away from. We need to stop focusing so much on here's this internal project that's just focusing on improving security and, you know, building our walls higher.
Dmitri [0:08:08]: And we really need to build smarter gates instead.
Dmitri [0:08:12]: It's not about just blocking things.
Dmitri [0:08:15]: It's about enabling people to go do things faster and more easily.
Dmitri [0:08:19]: The the faster we can have a developer go ship a new feature.
Dmitri [0:08:24]: The more customers are are gonna take advantage of that customer and and sales is gonna be able to sell that feature.
Dmitri [0:08:30]: And so it's it's trying to get away from just okay.
Dmitri [0:08:33]: We're locking this down.
Dmitri [0:08:34]: We're trying to build this to be a hundred percent secure and more kind of analyzing how can we build this so that the business can achieve their goals.
Arek [0:08:43]: I know you've had to pivot pretty quick in the past when leadership put pushed back on security tooling, like the time and exec vetoed YubiKeys at the last minute how did you adjust courses without compromising your goals?
Dmitri [0:08:57]: Yeah.
Dmitri [0:08:57]: So of that, that was definitely a a pivotal moment for me, no pun intended personally.
Dmitri [0:09:01]: It was very much the the start of the shift?
Dmitri [0:09:05]: Away from this.
Dmitri [0:09:06]: We just need to build things securely mindset.
Dmitri [0:09:08]: And so essentially, what happened is we had really focused for a couple months on how we were gonna roll out uber YubiKeys in a really user friendly way.
Dmitri [0:09:18]: And we were at the point of clicking order and one of our executives came and said, hey.
Dmitri [0:09:24]: If this causes a single engineer to be able to respond to a single incident, one percent slower, it it's too much for me.
Dmitri [0:09:33]: We...
Dmitri [0:09:34]: We are a customer centric business, we need to be able to respond to incidents quickly.
Dmitri [0:09:39]: We need to be able to take care of our customers so that they know we have our backs.
Dmitri [0:09:43]: You know, customer trust is everything.
Dmitri [0:09:46]: And that was something that I really started to think about as an IT and security team too.
Dmitri [0:09:51]: If you think about it, you know, the our our our coworkers at our company are our customers.
Dmitri [0:09:58]: And so we need to think about how are we impacting their ability to respond to things like instant to do their job.
Dmitri [0:10:05]: And so it was something that I I took away and I looked at it?
Dmitri [0:10:10]: And I said, okay.
Dmitri [0:10:11]: How do we keep that in mind.
Dmitri [0:10:12]: How do we say we're not going to a hundred percent security.
Dmitri [0:10:16]: We're going to eighty percent security.
Dmitri [0:10:18]: Ninety percent security?
Dmitri [0:10:19]: Without getting that last ten percent where it's going to slow the business down.
Dmitri [0:10:24]: So at at the time, it was, passkeys were very new, but that was something that we started to to look at.
Dmitri [0:10:32]: It was right after the the summer where Apple has started to introduce them.
Dmitri [0:10:36]: And so overall, it was a super new technology, but it it really made me think, okay.
Dmitri [0:10:40]: We need to be on top of these evolving technologies.
Dmitri [0:10:42]: We need to be pushing the boundaries of how can we do things like fishing resistant the without just sticking to, oh, YubiKey is the gold standard, that's what we're gonna do.
Dmitri [0:10:53]: We needed to be more flexible.
Dmitri [0:10:55]: And so you kinda see this theme of the identity industry needing to be more flexible rather than these rigid guidelines that they're have really always been.
Arek [0:11:06]: In that pivot, can you talk about the importance of communication with your customers, your your users, and with leadership at the same time?
Dmitri [0:11:14]: Yeah.
Dmitri [0:11:14]: Absolutely.
Dmitri [0:11:15]: That's definitely a a big one and and something that I I took away as well was you know, getting communication early and often.
Dmitri [0:11:22]: You you think of things like Canary or pilot groups for people who are doing things early and this is something that we had done, we had involved some people early.
Dmitri [0:11:30]: We had selected test groups.
Dmitri [0:11:31]: But what we realized was we hadn't quite communicated all the way up with the business and aligned with their objectives.
Dmitri [0:11:39]: So kind of sticking back on that enablement theme.
Dmitri [0:11:42]: It was a focus on security.
Dmitri [0:11:44]: So we said, we took a step back and said, hey, How do we open these lines of communications so that as a security team, we're thinking about what the business is trying to achieve and how our changes may impact that.
Dmitri [0:11:58]: So it was starting up earlier, involving more senior leadership earlier to understand where the business was going, making sure that as a security team, we understood the business and the industry and not just thinking Oh, hey, You know, security is kinda the same across all the industries.
Dmitri [0:12:16]: It's...
Dmitri [0:12:16]: What is our company trying to do today tomorrow six months in the future and how are the changes we are making going to impact that?
Dmitri [0:12:24]: So it it really made a a much stronger cross functional partnership to understand the direction that a business is going and making sure that we are aligning ourselves with that rather than just aligning with security.
Arek [0:12:38]: Yeah.
Arek [0:12:38]: In a in a fast moving business and fast moving organization, it's hard to keep up with the context of where the business is going sometimes and just underscores the importance of that communication.
Dmitri [0:12:50]: Yeah.
Dmitri [0:12:50]: Absolutely.
Arek [0:12:51]: And by having those canary groups, and and gathering data, I imagine that that information helped that exec, put the brakes and say, hey, You know, this isn't actually doing what...
Arek [0:13:05]: Were...
Arek [0:13:07]: You know, this is in case one percent slower, that one percent faster.
Dmitri [0:13:10]: Yeah.
Dmitri [0:13:10]: Absolutely.
Dmitri [0:13:11]: We we were able to kind of ingest that data and and really take a DPS or data positioning system approach.
Dmitri [0:13:18]: We were able to to monitor things like log time and see how fast people were able to get through a login flow and understand.
Dmitri [0:13:25]: Okay, hey.
Dmitri [0:13:26]: You know what?
Dmitri [0:13:27]: We saw an incident to rise.
Dmitri [0:13:29]: We didn't see a response till ten minutes later.
Dmitri [0:13:32]: Why was that?
Dmitri [0:13:33]: Talk to the user and they say, oh, you know what?
Dmitri [0:13:35]: I couldn't find my YubiKey.
Dmitri [0:13:36]: Oh, I had left my YubiKey at home and I was fifty minutes away from home and so I wasn't able to respond right away.
Dmitri [0:13:44]: And and so it was those types of considerations that that really sparked a a key for me to say, okay.
Dmitri [0:13:49]: Hey.
Dmitri [0:13:50]: We we need to rethink this entire approach.
Arek [0:13:53]: Speaking of rethinking, once you started moving away from static access models and thinking more strategically about identity, what kind of work did that unlock for you and your team?
Dmitri [0:14:04]: Yeah.
Dmitri [0:14:04]: So this is where you get to of the really cool stuff as a security engineer.
Dmitri [0:14:09]: You get to start thinking about how do I find ways to enable devs to torque faster while increasing security.
Dmitri [0:14:17]: So something that I I kinda like to to call back on is a project for removing standing access to production data at a company.
Dmitri [0:14:26]: And you think, okay, hey.
Dmitri [0:14:28]: Great.
Dmitri [0:14:28]: Super easy.
Dmitri [0:14:29]: Let's just remove their access when they need it.
Dmitri [0:14:31]: They request it.
Dmitri [0:14:32]: But again, that then slows people down.
Dmitri [0:14:35]: It starts making features take longer.
Dmitri [0:14:37]: And so you get to start really looking at the workflow as a whole.
Dmitri [0:14:42]: You get to start talking to your developers and understand what is the flow for how you design things, how you're shipping code.
Dmitri [0:14:49]: And you find ways that you can build into that without slowing them down.
Dmitri [0:14:54]: And so if there are specific things they do, for example, what what we ended up doing was essentially saying as you're making these push requests, we're going to automatically open an access request ingest behavior data and approve or escalate as needed. And what we found was that over about five thousand requests over the course of multiple months, ninety three percent of the requests were able to be automatically approved with a three second change time.
Dmitri [0:15:28]: And so...
Dmitri [0:15:28]: Between the time and developer wanted to access production data and when they could access production data only took three seconds.
Dmitri [0:15:35]: And so that wasn't that wasn't noticeably slowing them down, but we had drastically improved our security posture by not having that standing access.
Dmitri [0:15:46]: And so we were able to do a lot of really cool things with speeding them up while improving our security posture and just coming together as a team to make that work.
Arek [0:15:55]: Now that three second delay.
Arek [0:15:57]: How does that compare to a...
Arek [0:16:00]: Like, was there a different, like, thirty second delay?
Arek [0:16:02]: Or I...
Arek [0:16:03]: How does that how's does that stack up?
Dmitri [0:16:06]: They're...
Dmitri [0:16:06]: If you think about it standing access, there probably wasn't a delay.
Dmitri [0:16:09]: So over the course of a year, two years, three years, Maybe that three seconds adds up.
Dmitri [0:16:14]: But realistically, for the benefit we were getting, it it was an acceptable change.
Dmitri [0:16:20]: It wasn't noticeable to a developer because be...
Dmitri [0:16:23]: By the time they had switched tabs or gone to do something it had already happened.
Dmitri [0:16:27]: And so realistically, at at the end of the day, it it wasn't an increase in time because of just everything that they go through during the day.
Dmitri [0:16:36]: And so it was, a, healthy balance of improving our our posture, our security posture while.
Dmitri [0:16:42]: Not drastically increasing any sort of response time.
Arek [0:16:46]: So they didn't have to...
Arek [0:16:47]: They didn't have to actively wait those three seconds.
Arek [0:16:50]: They could hit hit submit and then go do something else.
Dmitri [0:16:54]: Exactly.
Dmitri [0:16:54]: They...
Dmitri [0:16:55]: It was all running in the background they want work.
Dmitri [0:16:57]: Required to go log in to a tool and submit a request or ping someone in Slack and say, hey, I need access to this.
Dmitri [0:17:03]: It was a great combo of both.
Arek [0:17:06]: You've said that IT and security teams need to stop looking inward and focus more on business value.
Arek [0:17:12]: Do you wanna expand on what your philosophy around that is?
Dmitri [0:17:15]: Yeah.
Dmitri [0:17:15]: So I think traditional IT and security teams really fall into the trap of optimizing for technical perfection rather than business outcomes, kinda like I talked about earlier.
Dmitri [0:17:25]: So we're focusing on reducing vulnerabilities to zero or implementing the most robust controls possible and making sure that at the time of entry, everyone is good to go and it's super secure or even, you know, perfect compliance scores.
Dmitri [0:17:39]: But in reality, businesses don't succeed because of those things.
Dmitri [0:17:44]: They don't succeed because you have zero vulnerabilities.
Dmitri [0:17:46]: They don't succeed because your authentication policy is absolutely perfect and accounts for every etch case.
Dmitri [0:17:53]: They succeed because of the other things that are happening.
Dmitri [0:17:57]: And so the way we need to look at it is enabling that growth is saying, hey, how do we go from...
Dmitri [0:18:05]: Making this as secure as possible to making this secure enough to enable the business to achieve their outcomes.
Dmitri [0:18:13]: It's all a risk based approach.
Dmitri [0:18:15]: There there's kind of a a classic term in the compliance world of risk accepted.
Dmitri [0:18:19]: And and that's something that security needs to to lean on a little bit more and understand kind of the the industry the business is is in and understand the attack vectors that a bullish malicious actor may take and say, Okay.
Dmitri [0:18:32]: How do we optimize for a healthy balance rather than that technical perfection of the zero?
Arek [0:18:39]: What does that mind shift look like in practice?
Arek [0:18:40]: Like, how how do teams embed this mind shift into their everyday work?
Dmitri [0:18:45]: So I I think a a really key one is is how what metrics you're measuring.
Dmitri [0:18:50]: And especially at mature companies it's may be really easy and this may be something that everyone does and they have great porting on it, but especially in startups and and quickly moving companies.
Dmitri [0:19:02]: We don't always have in great date, great robust data.
Dmitri [0:19:07]: We have, hey, there's a slack channel with a bunch of requests porting And so you start to look at measuring those things to say, how quickly are new hires becoming productive or how seamlessly can they access what they need for critical business processes.
Dmitri [0:19:22]: So things like measuring that three second change from when a developer tries to get access to when they actually have access is is focusing on kind of those inner details that are fall between the cracks of processes sometimes.
Dmitri [0:19:36]: A real world example maybe, rather than saying I'm going to have the most restrictive multi factor authentication across all our policies is, hey, eighty percent of my day to day work occurs in these tools.
Dmitri [0:19:51]: We're gonna make that a really seamless experience.
Dmitri [0:19:54]: And when you go to perform a sensitive action or an an administrative action, we're going to step up that MFA request and say, okay.
Dmitri [0:20:02]: We need...
Dmitri [0:20:03]: We actually need a little bit more data.
Dmitri [0:20:04]: Now that you're getting into the sensitivity, we're going to...
Dmitri [0:20:07]: Ensure that you are who you say you are, we're going to do a little more check on that validity.
Dmitri [0:20:13]: And so finding ways to make it seamless for most of the time while still protecting that sensitivity is really crucial.
Arek [0:20:23]: Thanks for the practical, like, real actions, I think it's gonna be really helpful for for people going moving forward.
Arek [0:20:31]: How do you personally make sure your security initiatives stay aligned with the business, Especially when security and speed, are pulling in different directions.
Dmitri [0:20:40]: Yeah.
Dmitri [0:20:40]: So I I think something you said there really really speaks to me is the fact that security and speed pulling in different directions.
Dmitri [0:20:47]: I I think that isn't always necessarily true. So, a great example of this is say, you're installing a new front door in your house.
Dmitri [0:20:57]: And you said to yourself cool.
Dmitri [0:20:58]: I'm gonna get a door with this beautiful glass window.
Dmitri [0:21:01]: I can see who's coming in.
Dmitri [0:21:03]: It's...
Dmitri [0:21:03]: It looks great.
Dmitri [0:21:04]: But if you stop to think about it, say, actually, you know what?
Dmitri [0:21:08]: Someone could break that glass window and flip that lever on the inside, and all of a sudden, I have access to their house.
Dmitri [0:21:13]: And so you step back, you you take ten seconds and you think, I'm gonna install a door that only has a window at the top.
Dmitri [0:21:20]: Or I'm gonna install a lock that has a key set on both sides instead of a lever lock.
Dmitri [0:21:25]: Now does installing the door take the same amount of time no matter which lock type you have on there?
Dmitri [0:21:30]: Absolutely.
Dmitri [0:21:31]: And so you you find ways to balance that speed and security.
Dmitri [0:21:35]: You make some trade offs and you say, I can still move quickly.
Dmitri [0:21:39]: I can still do the things I want to do while increasing security.
Dmitri [0:21:43]: No.
Dmitri [0:21:44]: Granted.
Dmitri [0:21:44]: Does that analogy always hold true?
Dmitri [0:21:46]: No.
Dmitri [0:21:47]: Certainly, some doors may be more complex.
Dmitri [0:21:50]: They're...
Dmitri [0:21:50]: You're going to run into projects that require more complexity that require better testing.
Dmitri [0:21:55]: And that's where you run into the the problem of how do we align those when they are pulling in in separate directions.
Dmitri [0:22:03]: And and I lean back on that risk accepted.
Dmitri [0:22:05]: You you need to understand your industry and understand what your company is is trying to do.
Dmitri [0:22:11]: So it's it's talking to the leadership.
Dmitri [0:22:14]: It's talking to your leaders and your teammates and figuring out how what does our road map look like?
Dmitri [0:22:20]: What are the objectives that we want to achieve and making sure we're balancing against those and not just securing everything a hundred percent all the time and locking people out?
Arek [0:22:31]: I like the door analogy a lot.
Arek [0:22:32]: If you could instantly patch something in your world.
Arek [0:22:36]: What would that be?
Dmitri [0:22:38]: So I I think the cliche answer that I really like it is a signal framework.
Dmitri [0:22:43]: You know, something I I talked about earlier is ingesting a lot of data to understand behavior.
Dmitri [0:22:48]: And there are a lot of applications that don't necessarily have that out there right now.
Dmitri [0:22:53]: And so being able to to fully ingest data from every tool out there to build a full view of our environment would make it so much easier to build out these behavior and risk engines to understand identity, being able to say what people are taking admin actions at what time from what device is from what locations really just helps paint a picture.
Dmitri [0:23:18]: Without painting the picture, we're just staring at a blank canvas and trying to make a decision.
Dmitri [0:23:24]: And that's just never gonna go well for anyone if we're just from throwing darts in the dark.
Arek [0:23:31]: So a shared...
Arek [0:23:32]: The signals signals framework.
Dmitri [0:23:34]: Yeah.
Dmitri [0:23:34]: Absolutely.
Dmitri [0:23:34]: Which when you see more of. You see identity providers starting to contribute to what's called the shared signals framework where things are being shared between the applications, but it's pretty small right now.
Dmitri [0:23:47]: There there aren't a ton of applications or companies that are contributing to it.
Dmitri [0:23:51]: And so I'd love to see just more buy-in from those companies from other companies.
Dmitri [0:23:55]: And being able to to submit things to that framework to be shared amongst all applications.
Arek [0:24:02]: That's a great patch.
Arek [0:24:02]: Well, Dmitri, thank you for joining us on this episode of Patch Me If You Can™.
Arek [0:24:07]: If you like this episode, hit follow and share with someone who's ready to lead IT and security from the front.
Arek [0:24:14]: We'll see you next time.
%20-%20Thumbnail.jpg?width=560&height=315&name=PMIYC-%20Collin%20Elliott%20(CapitalOne)%20-%20Thumbnail.jpg)
