IAM Is the New Firewall: The Cybersecurity Career Path Nobody Talks About

All right guys, we are talking one of the hottest skill sets in technology in 2026. Today I just did a deep dive on this skill set. It is AM identity access management and we brought on an industry expert. He is a director of AM currently his name is Steve London and Steve welcome to the show. Good to be here. Yeah. So IM engineers they work under you. You hire them daytoday. What do they do? Why is there more exposure to IM right now? Sure. Yeah. I mean what is identity right? Identity is really the practice of uh managing the authentication authorization of access in an environment. So when you really dig into that we have to know who people are and what they're trying to do on every system in the environment. And to do that well you really have to understand everything from risk all the way through to the defense and protections around what a person can do in an environment. So it starts to really tug on the skills outside of what core identity and access management used to be and really starts to broaden the skill sets necessary to do that effectively such that you're looking for people with some security operation skills or some you know risk management skills. In my past, I've taught my security practitioners, my identity analysts and engineers to really be that broad. And it helps market them to be more effective, not just within their job today, but across, you know, other opportunities. Yeah. And what about a typical dayto-day for your guys that work under you? What does an IM engineer do or even an analyst as well compared to the sock like you mentioned or a network security engineer? Yeah, there's some variability to that, right? So some some some engineers will be focused on development work. So building connections like APIs or doing some scripting of some sort to integrate with other systems and work on that data, turn it into something actionable. Other others are going to be working more with may maybe business or other stakeholders to understand what the ecosystem looks like. So we know how to build identity around the business's needs. It's not just an account to log in. It's an account that logs in to support that function to understand what data they're using and it starts to draw really big picture around what it is we need to do. So again a more like an architectural or engineering skill set around that component. The analysts might be focused more on some of that last mile fulfillment manually provisioning access or troubleshooting an issue. Yeah. And as far as what have you seen as far as people jumping into these careers? what has been a typical path? What skills or careers have they jumped from to get into AM? Yeah. Um, over the past several years, I've I've seen more interest in identity and access, but I still think there's still a larger gap in identity and access management. A lot of folks that I see are that are up and coming into the cyber security field are still looking for like the security operations side or maybe risk management side. The security operations is kind of the sexy stuff. Blinking lights and attack and defend. That's that's pretty good. and it's just technical work. The risk management side is the non-technical side and um there's a lot of fun in that too. But the identity stuff, most people are growing into identity. They're coming with some already established skill set somewhere else in the organization. Maybe an active directory administrator or security operations. I hired somebody who uh previously who was a a trainer supported the training environment who understood a lot about what people needed from a permission set and the training required for that but ended up translating directly into the functions that we support. So then you start finding these folks from different element different areas of the business with different elements to apply to the practice and in some cases you can grow these folks into exactly what you need. In other cases, you find people the exact skills you need because you need to move a lot faster. And so then you're looking for people with specific skill sets like I do a lot of API development or I know this platform or that platform. So it's a bit of a mix and I've not seen any purebred uh identity folks out there. They always seem to come with some other experience somewhere else and they fall into the into the role. Yeah. Well, why don't we go through a typical progression? I'd love to hear it from you. So you have you get into IM the analyst, the engineer, the architect, the director and then maybe the consultant on top. Sure. I I would say first that the progression ladder is not linear, right? I mean somebody can jump into IM at any point. It really just depends on where they're coming from and what the need is at the time. I brought people in with zero experience and and so they've grown into becoming exactly what we need. other people have peripheral experience to the job and then they bring in that specific skill set that we needed to continue moving forward. But I would say there's probably a general approach to things where you start off maybe at the analyst level some of that first line defense that operational cadence where you're starting to learn a little bit of the eb and flow of the operation working maybe towards engineering a higher grade skill set deeper technical skills required for that and presumably you grow those over time up to an architectural level where you can kind of see the forested trees and you know grow a new forest as you need to maybe becoming in the management layer director manager etc. to kind of oversee operations and and you know tactical and strategic opportunities there. Getting into the consulting route really building building up that discipline a a core discipline for yourself that you become the expert in the area to then become an adviser or an implement you know on the implementation side to help drive you know programs in other organizations. But again I would say it's not a linear thing. It really just depends on your background and and what you're looking to do. And do you kind of agree with that assessment that IM careers these these jobs were overlooked or maybe maybe undersold before and now they're kind of in this era are becoming more crucial. I don't know that they were undersold before. I think it's really just a natural um it follows a natural curve of growth based on technology. more and more as as if you look back technology over time had been been this traditional landscape of you have a computer you just use it right way back in in the day you didn't really always have this concept of a username and password identity and then somebody found well we need to know because I don't know if you know Chris did it or Steve did it whatever the act activity was and then we learned from there that the simple implementation of user password didn't cut the mustard and it eventually evolved further and further to something maybe a little more recently we hear the phrase is identity is the new perimeter, the new firewall. And that really takes it to a very abstract concept that your four walls, your traditional four walls in an organization, whether they're physical, the four brick and mortar walls, or your virtual four walls, meaning a a firewall out on the internet somewhere, really starts to draw a picture that identity and access is everywhere because your your mobility is now everywhere. So, you could take your business with you on your mobile phone or even your watch on an airplane and where are you, right? But what becomes now that that principal line of defense, that control plane and it becomes your identity. Is that person who they claim to be? Are they authorized to do what they need to do? Do they have the access at that moment to do that thing with that data? So it starts to really evolve a very different picture from a traditional sense and therefore has really promoted identity and access to becoming one of the key disciplines to to focus on in the cyber security organization. Yeah. And and just out of curiosity, as far as breaches that have happened and things that have gotten you out of bed at 3:00 a.m. because all hell was breaking loose, how did that go down? Was it someone at a Starbucks that their password got hacked or something? I like how does that act? How do these big companies get breached typically? Yeah. Well, it it's hard to say what is typical because like any crime, there's an under reporting or a misreporting element to it. But from what reporting exists, whether you're looking at Verizon data breach investigation reports or maybe FBI or something else, the data seems to suggest that there is a primary attack vector which is a credential compromise through fishing. So somebody gets that email, looks tanalyzing, maybe suspicious, whatever, the person accidentally clicks on it or deliberately clicks on it and that's pretty much all that's needed. That's enough to drop a virus on a computer, compromise those credentials, and it's a foot in the door. And attackers will use that as a pivot point to establish a foothold in the environment, learn the environment. And like a lot of crime, it's a sit and wait game. They or they raid the closet, whatever is their objective. And usually before it's too late, they're gone. The bank vault's empty and the criminals got away. And so a lot of organizations end up finding that out. And it's it's getting harder now with AI really accelerating and simplifying those efforts from an attack standpoint, but from a defense standpoint, AI is being used more to really detect that and try to combat that even just as fast. Yeah. So, so moving to a more technical uh discussion, uh I've probably done more videos and discussion on saleoint than anyone on the internet. Sailpoint is always difficult to fill from a recruitment standpoint because there are a lot of fake candidates. Recently I have seen the rise in octa, cyber arc and savant. Which one would you say is is something to focus on in the future? So so these these vendors in the space savant cyber arc they're they're evolving their platforms to becoming the best the the most broadest coverage. So there's a bit of a leap frog leap frog game going on in as it's been for many years. So to say which one do you focus on is is probably more of a personal choice. If you really like what you're doing with a particular platform, if it's doing well in the market, it's going to stick around a little longer. That might drive your decision to choose one platform over another. On the other side, a business will evaluate these solutions to choose what's best for them. So does it fit my needs? Does it meet my requirements? Did the sales team do a good job helping me make a decision? And even then, 3 years, 5 years, whatever your cycle is, you may change again. From from the standpoint of supporting these systems as an engineer, analyst, etc., you wouldn't want to choose a path that or an opportunity that provides you with the means to learn these platforms, especially if you're looking to specialize in the craft. I want to be an identity and access management engineer. then I should know a little bit about these platforms to any degree especially the core practice of identity access management the knowledge will translate it's learning a different UI or an upgrade version on the same platform it could almost be that difference I'm learning a new platform now and uh that I haven't used previously but the concepts are still there so learning what these platforms do learning how they differentiate from one another the skills required at a at a base level for each of these platforms would be the place to start and then network with the people that are in those circles that know Savian versus Salepoint versus whatever the other platforms are and see what your knowledge is compared to theirs and compare notes. You know, look online. There's so much content out there now that you can probably learn a platform less the experience of actually running one to get to get an opportunity at actually doing it. Yeah. Now I I filled sale point roles for the enterprise retail space but those four are they kind of siloed to different industries or maybe size of companies is it all spread out I mean how does that work? Not necessarily. Though you might see some alignment maybe sell point historically has been a leader in the market for a long time and depending upon which measure you look at like Gartner's MQ or anything else. Other companies have tried salepoint and just won't go back and mileage will vary for that. But I would say point and savian are probably a neck andneck game right now. They're they're duking it out and organizations are having great success with both of them. by the same token they all also have their challenges with them and there's a sense of ownership all the way around fills a slightly different purpose not as there is overlap with something like a sale point but it does have a more specific play and they can also integrate with one another and depending upon the specific use cases in an organization you may see a myriad of these tools could happen through mergers and acquisitions somebody had A and the other one had B and now it's a marriage so you have both and they now have to work together because it's too much work to switch an entire platform over. So there's there's a it depends answer there to to summarize. So so pretty much keep your eye on all four. Yeah. Keep your eye on the market. Sure. Know who the competitors are for the one that you might be most familiar with. Let's say it's a fairly household name. Know your competitors. And Savant over the recent couple years has really given sale point a run for their money to the point it's it's almost the household name now. And so what what is there to know about these two companies being the more prominent ones? Are they the only ones? And so as you as you look to explore the the realm of identity and access, understanding the tools that are out there, they'll come up in an interview question, you'll be at a at a at an interview and they'll say, "Hey, what do you know about X? Well, I've never heard of that before." Well, that that might put you at a disadvantage, but if you know something about it, then you can actually speak to some of the fundamentals that the program offers. Yeah. So when that comes up in interviews, you let's just say you have an analyst. Do you just kind of throw that hey like you do you know anything about cyber arc? I know it's not on your resume but are you looking for them to I mean what has been a good answer and what has been kind of a disappointing answer for you personally? So if you're asking me my the way I do interviews and what I look for in candidates that that might be different than the way other leaders assess a good fit with a candidate. For me I look for two things initially attitude and aptitude. The attitude is, are you going to are you going to show up every day? It might not be your best day. Something else may be going on, but you're not bringing the baggage to work. You're not taking it home either. And are you going to are you going to meet the day's challenges with, you know, a best effort, a smile? Folks want to get through their part of the day. They have enough going on. It's a third of their life in the the eight hours a day. So, we want to bring a good attitude, and it reflects well from a customer service standpoint, and and you'll be able to accomplish more. So, I look for attitude. I also look for the aptitude. If they're coming into a role that they've never done before and I'm willing to take a chance on them, are they going to try? Hey, give me the manual. Hey, I'll I'll research it. Will they take that initiative? Of course, I'm willing to help them, but I I can only help them so much. They got to take that on and and and really do that learning. And if they're willing to do those two things, you have a really strong candidate immediately because some people just won't do those things. And so from there though exploring the resume to see what they do know or what they could infer from certain information and have you used cyber rock before never heard of that what is that it's traditionally a pam solution but they have more in their portfolio nowadays I know something about pam let's have a conversation because if they know if they have a good core competency and privilege access management they just never use cyber arc that's not much of a jump so it's usually I think Simon Synynic had used the phrase hire the talent and train the skills much easier to get those soft skills to me are the hard skills. A good attitude, service with a smile, those kinds of things that you normally have to learn over your lifetime as opposed to just read read through this manual and you'll probably have a pretty good idea. So that that's usually what I'm looking for. Anything unique that you ask to maybe throw them off a little bit or something you actually want to see that they know about? I almost always do because you you also need to need need to test the resolve of that candidate. What what would make them break in a sense? Is it is it going to be pressure? Hey, me as your manager, I assign you two number one priorities or I assign you number one priority and then my my VP or my CISO assigns you a number one priority. How do you handle two number one priorities? You don't want to be insubordinate to either. But it's a sort of a trick question. I see how they manage prioritizations, competing prioritizations, and under the duress of, you know, leadership pressing that down. Other things like, hey, here's system X. You've never seen it before, but I need you to master it ASAP. How do you how would you approach that? Do they cave in or do they say, well, I'll start googling. Right? And so so really trying to test and see I is there a a point where the candidate really starts to to withdraw from from that interview to the point that they're that uncomfortable and that might be something to explore further. It could be the stress of the interview. I recognize that. But it also could be something that was is within their personality that we might need to be aware of to work on but not necessarily dismiss a candidate just because of that. We're trying to really understand this. This is an interview. I'm both in both directions. My assessment of the candidate as well as the candidates's assessment of the culture of the organization through me as a representative. So, it's important to understand that there's an exchange going on here and everybody's trying to feel each other out within a 30 minute to an hour. Not a lot. Yeah. Why don't you give us what is what have been some quality answers to both of those questions? The prioritization and then the skill set that they didn't know about. I've had the answer I I look for from a prioritization standpoint is is for for that person to raise the the issue at that time. If if I if I just gave the person that number one priority and then somebody else came in, hey, this is you know how you know number one priority everything's burned down. Does that person raise the issue in the moment? Hey, oh by the way, I already have this other number one priority. Now, if it's my leader coming over, just want to make you aware before we walk away with an understanding that I'm going to just immediately take care of it. Cuz in theory, we're all single-hreaded people, right? We can't multitask like machines do. Or maybe you come back to me to help kind of sort that out. So, I'm looking for that escalation of of the fact that there's two competing priorities because we want to do our job really well. We want to make sure we do a complete task and not kind of do a half and half just because I have to divide my time. You know, for for other issues where it's like, hey, you never seen this before. What would you do? I'm looking for an honest answer, honestly. What would you do if given a situation you've never been through before, you have no experience to it? Are you going to meet that challenge head on? Are you going to try? At least love to see you try. We can figure it out together because chances are I don't know. That's why I'm asking you as the the expert that I hired or will hire, right? Yeah. Well, you've looked at thousands of résumés at this point in your career. Maybe tens of thousands. Uh who knows? I'd like to think so. Where does your eye go to first? You looking right at their college, their last job. I Some people just say, some managers say like I look to see if they've stacked every AM tool and then I know that, you know, they're just listing nonsense that that you can't possibly know every one of these. So, what do you look for first? I usually look for I'm looking for the personality in the written form in a resume. I'm looking to see that this resume isn't purely AI generated or boilerplate from somebody else's template that really isn't representative of this person. I want to make sure that I'm seeing the individual and and not someone else kind of like, hey, can I give you 100 bucks to do my homework? That wasn't you that did that work. So, right away that that [clears throat] can be a tell of of what what I might be looking at. Of course, use these resources to help you, but you still got to do it yourself. So, I usually look for that. Not an easy thing, but AI has a tell to it, right? There's a certain writing style and things like that. But I'm looking for something that looks like it was an individual who wrote that. It expresses a personality to an extent. Like, do they seem like they're more technical or more analytical or something in that in that written communication? It's really hard to read. Obviously, you're looking at words on paper and and often times that does not do sufficient justice to folks. Some people have horrible resumes, but they're fantastic candidates. And then vice versa, you have really good-looking professional resumes that the person just isn't the right fit. And so it's it's difficult. And I usually work with the recruiter to let them know this is what I'm looking for. This is these are some of the questions I' I'd, you know, have them use initially to screen cuz they they're going to have that first conversation with them. Hi, what's going on? Do they sound like do they sound pleasant? Do they sound eager to for the opportunity? Is there even a a you know a fit here? Like get some of that business out of the way, too. are are we in range to have these discussions? Looking at some of that to just get a quick read to know if that's really worth my time. I'm busy like everybody else, so I I I really would love to interview everybody and make sure I got the perfect one, but I do have to make some, you know, shorter decisions on this to say this looks good, that doesn't look good. And what doesn't look good from your perspective? I think if it was all all the key words but none of the none of the logic that goes with it like worked all this technology like saving sale point as we used before I know all of these things or deep experience with that but I don't see anything in the work history that really shows that they did something with that what was what was the highlights of that that last role that you had ran scripts in active directory partial scripts but then I'm I'm touting like some deep selloint experience I'm going to test that one well what deepel selloint experience do you uh APIs or what have you, right? HQL or something like that. And so just digging into these things to to confirm the information matches all the way through. And so writing these resumes, you really have to make sure you're telling a complete and accurate story. Be honest about it. You might not have the experience. That's okay. Better to tell the truth than to lie because if you're caught, you just get yourself dismissed almost immediately. Yeah. And what skill or kind of certification do you see on resumes that maybe people think are going to be really great, you're going to be really impressed by that you doesn't really move the needle for you. So again, I think this is another one of those more personal preferences for me as a leader versus others. Some live and die by the the measures on a resume. Do you have a master's in a science degree or do you have certain certifications like a CISSP or something like that? But I also know by from my experience anyway that that isn't always an accurate measure. I know some folks that have gone through all of the schooling and all of the searchs, but they've just not a right good not a good culture fit or maybe just haven't mastered the skills. They can test really well. And so some of that really has to be looked at carefully by the hiring leader to make sure that they're assessing properly. It's a good bar to set if that's really what's required in the job. job requirements will say you need a minimum of this, but a maximum isn't always a benefit. An example of that is somebody I I was mentoring had a PhD in his field and was really just looking to take sort of like an easier path in what they were doing. Had all of the all of the degrees and and certifications for the role, knows perfectly what to do, just wanted that type of a role. Kind of just take a step back, not too much pressure and all that. That's fine. People need a break, too. But his resume reflected that he had a PhD and he just never got the first call. And I suggested to him, remove your PhD. Might be a little might give a presence of dishonesty, but it's there for a reason because you have to understand how the recruiting process works. They're looking for qualifications. They're also looking for things to disqualify you. And if you have a PhD, you might be required to earn a certain pay grade higher than they're willing to pay. Again, depending upon company practices, that might eliminate you. You might be too much for them. So, I was like, look, work that backwards, disclose it in the interview and say, look, I I also have a PhD, but I didn't didn't feel it was appropriate to put on the resume because it just wasn't relevant to the role. You're supposed to apply to the job that you're applying to. So, if I want to be a carpenter, I should talk about hammers and nails, not sell, you know, any other cyber security tools. But if I'm going for cyber security for identity and access management, I really need to tailor that story, including some of your credentials. Again, might be a differing opinion with some leaders, but that would be something to consider. There there's some there's some flow to that. Yeah. Yeah. And and so you spent a long time in healthcare and then transitioning to kind of financial services, right? So what was kind of the difference in the identity space from healthcare to financial services? Some people will I've had this conversation with a few folks um like how did you make that jump? It's still cyber security at the end of the day. I I considered myself much broader than just identity access management because well in my my my history I've done a lot of that and when I look at it I look at it more objectively it's still an organization that still needs to protect themselves from you know cyber threats as well as protect the data right and so when you when you think about that some of that never really changes regardless of the organization culture will change business processes will change people and certain dynamics will change applications but that stuff changes is organically through just growth of within a business that you're currently at. So to look at in a different sector, you're probably changing some things that carry some weight like regulations and different control frameworks. But you're as a security practitioner, you would be trained to understand that, you know, at the outset and then adapt as it's needed. Just in the same way being in healthcare a long time, there was some fluctuation. The regulations changed for HIPPA. Well, you have to adapt to that, too. So, I look at it more objectively, more practically. To me, it's not a big jump. It's just a change. And I think that's that's something that people have to have that uh practicality about it because things can drastically change within a level of comfort that you're already in. You just didn't realize it was coming. Yeah. And what about the jump that you made from security manager to director? So, I mean, what was what does Steve the director, what skills or uh, you know, soft skills or technical skills does he have now versus Steve the manager? Yeah. I think for anybody going through their their career path, they should always be looking for a coach or mentor that's grooming them for that next step. By the same token, you should also be as a as a leader, you should always be grooming as successor. And so, I practiced that through through my career path to always look for the next person to bring up. I'm also looking for the person above me to guide me on my path to my next rung in the ladder, so to speak. Not always up. It could be adjacent, right? Keep that in mind. And so, more specific to the director role, a lot of my my past role was preparing me exactly for that. It's not doing it. And really, at that point, it's it's a title. Uh, which comes with some specificity, right? A director, you're a little bit more strategically focused. You're you're still overseeing operations. Uh, you're owning a service line. But if I already maintained that as my responsibilities as a manager or senior manager below that director level, then I was preparing myself already for that and the jump really wasn't that that much of a a move. Conversely, if you're not preparing for your next step, whatever that might be, you might have a harder time acclimating regardless of what movement it is. Yeah. And what's one mistake you think people make that you've seen trying to make that jump from manager to director or Yeah. I I see usually the the mistake happening is putting technologists into management because management is just a different way of thinking. Technology is very easy to a technologist and engineer cuz it's nuts and bolts. But you're changing your conversation entirely, your language that you speak once you get into leadership because that's not the language of the business. The language of the business is, you know, bottom line or customer service, uptime, things like that. And not not to say that it's not a part of the technical conversation, but the nature in which it's spoken is different. So sometimes that jump is usually the hardest. I personally went through that. Okay, now I have to learn yet another language other than like SQL or, you know, C++ or something. Between manager and director, I think it's it's probably getting the hands off the keyboard in in a similar way that engineers would have to take their hands off the keyboard a little bit more to get into leadership, a management role. managers are typically a more operationally day-to-day operations focused where they have to now withdraw a little bit allow their teams to run the the production basically to get to a different level where you're really overseeing that with subordinate leadership underneath you perhaps some organizations don't have that that deep of a structure and so learning how to then do the next role the next one after that let's just say is your CISO role you should be hands off on the op side that doesn't mean you're unplugged You're very attuned to what's going on, but you're not you're not typing on that keyboard and you're not in the day-to-day throws of things as much because well, your focus is really outward towards the business. Yeah. Was there anything on the director interview like a question that kind of just was kind of threw you back as far as being a manager? Not in not in this pass, but I was prepared for some doozy questions. I'm like, I don't know what they'll ask, right? I don't get a a preparation sheet or anything. So, I was prepared for a lot. I I felt that I was assessed well, but um I didn't really get anything that that felt like it toppled me any to any degree, but that's my assessment of it. I didn't I didn't really follow up for any specific feedback. I was happy I got the the opportunity, but there's always the next one. There there's an idea out there that you should always apply uh to keep yourself relevant. Keep interviewing even if you're satisfied with your current role because you never know when that next one might come around, the next next opportunity. And if you're out of practice on the interview side, you may be offbalance just having to do it in the first place. So doing a mock interview with your current leader or peer is is is good to stay in practice. Yeah, I think that's great advice. So So moving on, I know you mentioned AI being an issue in the AM and and cyber cy cyber security space right now. Where do you see AI changing the identity kind of access space and like where companies kind of exposed right now? AI is the disruptor today, right? It's in pretty much every conversation at least from a technology and cyber security standpoint. I think specific to identity um there's a lot of challenges emerging where that's that's becoming really difficult. It's making it really difficult to do the practice of data and access management. Some specific examples are like deep fakes and people with like AI generated changing your face and things like that. People are being uh people are successfully working like three full-time jobs being some of the most productive folks on the teams and you know running that as an operation for a period of time until they're found out. I remember seeing a few articles of three in fact I I could recall where people have been running that for a year 18 months working three full-time job. I mean it's it's presenting some challenges. The other the other aspect of it is that you know AI is also creating unprecedented speed inside of an organization to to do work. So it's it's really requiring us to keep pace with the machines. AI is threatening our security from the standpoint of, you know, typically these agents are given access to something to do a thing, right? Oh, I got a I got a agent doing this for me. Do we understand what we gave that thing access to do? How much access? Does it have access to more than it needs? And not being a cyber, excuse me, not being an identity practitioner, you don't understand the right questions to ask or the impact that it has until it's presented to you. And then you have that oh no moment. you're like, "Oh, I didn't think about that." So, organizations that are looking to adopt AI quickly, totally get it. You want to stay cutting edge. You want to stay competitive. Great. But do so responsibly. Um, to do that without AI governance, AI controls, readiness for any of that, especially in identity space. Well, you're running the race and you don't even know if your wheels are bolted on yet. Yeah. And in that vein, I mean, won't roles be kind of very difficult to outsource to AI? You can't have AI giving AI access to different parts of the organization. Correct. Right. Well, and that that that has been a thing, right? It's like how does the machine patrol itself, right? Can we trust AI to properly govern itself? And um there's all these experiments you'll see somewhere. Hey, I did this test and here it is. It's bogus. Well, sometimes the science of that test is relevant, right? How did you test it? Was it controlled? Is it verifiable? I mean, if we think about scientific method, it works for a reason. But scientific method is slow. So how do we move faster to assess the assess these things? And and we know that there's technology now through AI like claude mythos the big buzz in the in the business now it can pretty much find anything that's you know got a hole in it and and develop the the exploits for it which is scary but it also makes you wonder should the machine do it? If it could do it that that well could we let it? So there there's a concept of human in the loop right? So any AI workload or function, you always need to have somebody that's knowledgeable about the functions within to just verify. Yeah. And you mentioned deep fakes. Have you ever encountered one on an interview? I mean, I did a video on I had a fake saleoint guy within within a week they had to fire him because he was lo an overseas login was hot. It was a mess. Uh you ever have that? I've not personally. That doesn't mean I won't encounter it in the very next interview. It's tough with with being able to do remote work. The it definitely increases the risk. There is technology to help kind of abate that issue valid validating their identities trying to proof them where they are. They say they are who they are they say they are. A lot of companies are switching to more in office to have that opportunity to say yeah you're real. I touched you. But it doesn't fit every business business model especially in in a more global economy this way in today's day where everybody is everywhere and that's helping me move my business faster. I kind of have to accept that risk in some some cases because I either don't have the infrastructure or the talent to to assess that. Yeah. Yeah. Well, why don't you take it home? I mean, who should consider IM careers? I mean, who has what type what personality type or technical skill set has thrived under you? Is it just been a mixed bag? Mixed. I would say anybody that's interested would be would be great for it. There's there's no there's no shortage of openings for identity access. You know, I think there's two ways to go about it. If you find a leader that's willing to uh coach and mentor you, either directly or indirectly, right? I mean, I'm offering that out to to folks that I meet along the way to help them get in the space so that they can find an opportunity elsewhere, happy to help because just paying it forward. But if if you can get if you can build that desire to get into the field, then follow through and pursue that. If you want to specialize, definitely do that and and then go for that go to that go for that mile deep instead of the mile wide. Um in in from a skill set standpoint, but I think it's open to anybody. Anybody that wants to do something certainly can you could change your major in college. You can change your career later in life. There's no rules. It's really up to the individual. So I would I would say anyone who wants to do something. But if you're if you're really looking to zero in on something, then you know look for that specialty that really blows your hair back perhaps. and and focus in on that. Yeah. So, yeah. Yeah. Yeah. Well, there you go. I mean, I think these careers are I I kind of want to say they're just overlooked in the when they're talking about these cool cyber careers. You don't hear IM that much, but these are great jobs. They're interesting jobs and they pay well these days. So, much more than they used to. I can tell you that much from a recruitment standpoint. So, they certainly do. They've come a long way. Yeah. Yeah. So, there you go, guys. We'll have all of Steve's links to his LinkedIn. and you can reach out to him if you're interested in the space or just want to uh give him say hi or say you like the interview. Um we'll have those links in the show notes below. And Steve, thanks again, man. All right. Thanks very much. Thanks. We'll catch you guys next time.