Identity at the Center is a weekly podcast all about identity security in the context of identity and access management (IAM). With a combined 30+ years of IAM experience, hosts Jim McDonald and Jeff Steadman bring you conversations with news, topics, and guests from the identity management industry.
Do you know who has access to what?
You’re listening to the Identity at the Center podcast. This is a show that talks about identity and access management and making sure you know who has access to what. Let’s get started.
Welcome to the Identity at the Center podcast. I’m Jeff, and that’s Jim.
Jeff, I wanted to do something. I haven’t done this before, but I received a LinkedIn message from one of our listeners, Henrich, out of Copenhagen, Denmark. I’m just going to read it. It says, “Thanks for the podcast, great stuff, an inspirational style of greeting, and thank you from Denmark.” That made my day, just knowing there’re people out there listening from all over the world, and the word inspirational — that made me feel really good.
Well, there’s always something to be said about identity management and the inspiring shows that people want to listen to. I thought it would be interested for today — and really, this is your idea, Jim, and it was a great one — we’ve been planning on this for a long time, so what we do is we take our identity DeLorean and we go back in time and talk about the Identropy story, because I think it’s a fascinating one that talks about the building of an identity company, the maturation of it and then it getting acquired by a larger company, and the life cycle — how that worked out. And to help us with that conversation, we are both very excited and happy to have Victor Barris. He is a cofounder of Identropy, and now he’s a managing director with Protiviti, driving the strategic-partner ecosystem for digital identity. Welcome to the show, Victor.
Thank you, Jeff. Thank you, Jim. It’s a real pleasure to be here on episode 100. I certainly feel very privileged and honored to be here, and I just want to point out something quickly, which is, I was that little kid in the back jumping up, raising his hand for the last 99 episodes, because I’m eager to be on, but, hey, a hundred? Awesome, awesome, congratulations. Great milestone, and certainly big-time kudos. You guys have officially become celebrities, so congratulations to you both, man.
Well, thank you so much for that. I think, obviously, without your support, this probably wouldn’t have happened, or at least not to the level that it happened so far, so you have a lot of impact behind the scenes that people may not be aware of. But as a listener, I’m sure you know that the first question that we’re going to get into is talking about your identity origin story, because we get into Identropy itself, but how did you get into identity and access management? Is it something that you chose, or did it choose you?
Oh, it definitely chose me. It definitely chose me. I had, prior to transitioning into IAM, deep experience in cyber. I was fortunate to be a part of a small team when I was consulting for IBM — with just four of us, in fact. We were brought in to — I know this is where I’m dating myself — brought in to build out firewalls on AIX machines with compiling IP chains. There were a number of IBM customers that wanted to send emails between Yahoo! and AOL, and so we built these gateways and created, using IP chains, filtering. And then we ended up managing these customers, so that became, later on, part of their managed services offering, and then, obviously, the rest is history, but that was my experience, and I’ve ended up consulting quite a bit.
Fast-forward, I ended up running a security practice for a midsize consulting firm in the New York metro area, and the identity transition came from a project that I was involved in where they had a huge, massive overhead with password resets, and they were like, “How are we going to address this problem?” We, at the time, were talking to a boutique identity firm by the name of Courion, and we ended up bringing Courion in, and the rest was history. I found myself deeply involved in that project, multiple phases, and that’s where I crossed paths with some of the people that are with us today, some of the early-stage team members, and that was my entry into identity.
What’s so crazy about that is, we have CEOs, founders, CTOs on the show almost every week, and whenever we get into this IAM origin story, it’s so common that folks started out like, “Yes, my responsibility was writing scripts for the FTP server” or something like that. Everybody starts kind of at that bottom stage, and that is where you really learn the technologies, when you have to have some point at which you’re in the guts. Nobody comes out of college and moves into becoming like, “I was the senior architect at IBM” or something like that. You have to start by doing something that either throws you in the technology, or you’re starting at the bottom. I think that’s very cool, and that resonates with me, because that’s what we hear all the time. When we’re talking to folks —Jeff has this theory that it’s like 99% of the folks that we talk to are, IAM chose them. Almost everybody who’s been in this space for over 10, 15 years or greater, IAM chose them.
Vic, we’re going to talk a lot about Identropy today: 2006 was when the company was started by you and Osh. Can you talk to us a little bit about those early days? What was it like starting a company? Did you go through the normal stuff of like, “How are we going to make payroll this week?” — those kinds of challenges?
Around 2006, and crossing paths with Osh — coincidentally, Osh, when I first met him, it was at the project that I was referencing, and we needed someone with expertise around collapsing directories and establishing that central authentication store, etc., and the gentleman I was working with was supposed to be at a meeting with the CISO at the time. And, of course, he calls me up 10 minutes before the meeting, telling me he wasn’t showing up, but that he had someone waiting at the front desk by the name of Osh, that I should bring him into the meeting.
So, that’s how Osh and I met, and it was very clear, sharing side-by-side cubicles for the first couple of years at this customer, that we had some common interest. Our drive was certainly pretty clear, and the fact that we both were pretty ambitious — we still are, but there was certainly a very clear motivation from both of us that we wanted to build something. Through that experience, we transitioned into leaving the consulting firm we were with and started with five people, and that was 2006, 2007. I will say that Osh did take the first leap of faith, and he was certainly number one. I stayed along on the project to work with the transition, and then we had a couple of folks join us — Mike Trachta and Chris Hidak and Jeff Chang a little later, but that was the initial ninja team.
It’s a fascinating story to hear about someone taking the leap of faith to start something new. I think it’s something that a lot of people probably dream about at their desk job. It’s like, “Boy, if I was in charge, I’d do it a different way,” or “I’d do it this way,” or “Why isn’t it being done this way?” — those sorts of things, and my hat’s off to anybody who has that entrepreneurial spirit and is willing to take that leap of faith to move forward and try something different.
I think one of the things, at least from my perspective, that attracted me — because I was actually a customer of Identropy when I first started to meet some of the folks there, and a lot of us through Courion work that was being done and so forth, with people like Jamie and Wayne and Chad and so forth — but one of the things that I always thought was interesting was, I came from the corporate side. I didn’t really like vendors. They were generally pretty skeezy and always trying to sell me something, so I wasn’t too interested in that.
But I went to a customer dinner in Las Vegas for some Courion conference that was there, and I got to meet you, and I met Osh and I met Jeff Chang. I was like, “You guys are a lot of fun. This is kind of like a good crew, a good team,” and I just felt that the culture was totally different than what I was used to in some of the places I’d worked at. And I remember sitting at that dinner table, talking Jeff Chang’s ear off about all my technology-nerd things that I would do and things like that. When you’re starting up an organization, and as it matured and evolved over the years, the corporate culture is something that definitely attracted me to it, and I think we’ve heard that also from customers as well that really appreciated our approach to getting it done and what was built there. How did you come up with that strategy? What did the corporate culture mean to you, and things like that?
I feel that building culture, at least in my experience, it’s not necessarily following a playbook. It’s more of a moment in time. Clearly for us, there was a goal in mind, and the culture was really, for us, I would say – maybe Osh may disagree with me, but it was partly accidental. What we did foundationally was that we hired really well. And by way of us hiring really well, particularly those first couple of years, there was this powerful energy, chemistry, balance between that core team that really carried us into that place of knowing where we would look side to side, perhaps at times not knowing where the next paycheck would come from. And to believe in one another — the leap of faith, Jim, as you said earlier that we decided to take with one another, unspoken, that power, that chemistry, that energy, and that culture that we built from there — just again, it was one of those experiences where as we added more and more people, the power, the force multiplier.
One of the things that I always go back and remember, we were probably — before the word inclusive became more widely used as it is today, we were pioneers of that. We had probably the most eclectic group of people that you could – we did have the cool dude who would walk into a meeting with the mohawk, and he was the ninja, and we had the guy who would stand up and say, “I’m going to make cows moo.” So these things actually happened, but we gave people the platform. We gave them the autonomy. We gave them the confidence, and that, over time, just created that foundation, that chemistry, that balance of all of us believing as we went from six people to 12, to 20, 30-plus, and then over time, we were like, “We need to figure out a way. How do we document this? How do we formalize this? Because it is unique.”
We actually came across the company Zappos and Tony Hsieh, and we all became disciples, of course, but that was probably the closest thing that, in our experience, building what we built and the references there, the common themes between what Tony Hsieh built with Zappos and the emphasis around culture that I was able to relate to, but powerful, and I said earlier, it’s almost like a place in time.
There’re so many people that I want to talk about from Identropy. I’m going to pick a few out, because you mentioned Jeff Chang. I started in 2012, and he’d been with the company already like four, five years, but he was such a younger guy at the time. Obviously, we were all much younger back then, but I think he started with Identropy very early in his career, and he was doing consulting. Now, for the last few years, you watch the guy and his ability to understand this space and lead a sales team — it’s just unbelievable watching that guy mature.
Another person I wanted to talk about – well, you brought up Mike Woodburn, one of the funnest people that I’ve ever worked with, and we did a lot of advisories together — and I don’t know if he still has the mohawk now, but he had a crazy mohawk and a huge beard, and when we would go places together, he was the party guy and I was the straight-edge guy. Now, when Jeff and I go places together, Jeff is the straight-edge guy and I’m the party guy — and actually, one of our clients called us the IAM mullet.
Shout-out to Jody.
Yes, shout-out to Jody. Business in the front, party in the back. Jeff was business in the front, Jim was party in the back, and the thing is, I just miss so many great people. The third one that I wanted to bring up was Frank Villavicencio. We’ve had him on the show before. His mind operates in a different way. Even when we had him on the show last time, I think he called passwords “the herpes of IAM.”
That’s classic. There you go — that’s the guy that “Make cows moo.” So very appropriate, yes, and I would say just two points of references: When I was at the customer I was referencing earlier, Jeff was actually interning there. He was going to Rutgers, interning there, and I remember Jeff working with me in racking IDS devices and working on Cisco PIX firewalls, and I’m shoulder-to-shoulder.
Who would’ve thought — fast-forward 14, 15 years later, but when you talk about the development, personal and professional maturity, seeing him have a family, grow his family and so on and so forth, that is part of our journey. We’ve seen many folks, but that particular experience with Jeff is one of the more gratifying ones, because as you point out, seeing where he’s at now, and the maturity and the professional development, it’s second to none, quite impressive. Frank V. — I think Frank certainly had a heavy hand, bringing the culture that we had built and the foundation of that culture to the next level, and he was our chief people officer at one point.
If you think about culture from a bean counter perspective, it just looks like overhead, but to me, so many people say, “Well, it’s more expensive to go out and hire people than it is to retain them.” I think having that strong culture and putting the importance on culture makes sense even financially, but I think it really made people want to stay with the company. Where I was going with this is, in this COVID-19 era, everybody’s working from home now. Identropy’s always been a work-remote — we had a couple of small offices, but not a lot of people. I’d say at least half of the company worked from their home office, so you’d work with people in Identropy and never go out to lunch with them.
But once a year, we had this annual meeting, and it was the one opportunity. We’d go somewhere like Las Vegas, and we’d all spend a day doing business meetings, but we get to interact with each other and get to match faces with names and things like that, because I would say, even though the technology was there, it wasn’t great as far as Zoom meetings and things like that, so a lot of times, you wouldn’t see people’s faces. Then we would do this FedEx Day the second half of those meetings. To me, that was so important. I wonder, what was your perspective on that? Obviously, that cost you a lot of money. Those were dollars that instead of putting them in your own pocket, you were spending to have people stay in hotel rooms and eat lunch, etc.
Jim, you bring up such good points. We see what’s happening today in the marketplace, how everyone is trying to manage through the intense human capital constraints in our space, our space being as niche as it is, people being poached at the time, and there was the guy — of course, you all remember Luis Almeida, who said to me, “Victor, people come to work here because they want to come work here.” Those are the people we want. The people we want are people that want to come work for Identropy, and I think most of the hires that we made were people that really wanted to come work here.
To that point about the investments, to the point about measuring the cultural aspect of it and what that means, it’s sometimes difficult to put a price on it, but the benefits are tremendously important because ultimately, the folks that were committed to the cause, committed to the workforce, to the company, were here because they wanted to be here.
Of course, we ended up establishing a long list of other things that certainly empowered people further and made them feel like they had a true work-life balance in spite of how many people were burning the candle at both ends. But it netted all out for you that we created that environment here, and the investments we made on the culture, the investments we made specifically to your point as well around the all-hands meetings, and yes, of course, Osh and I would be sort of agonizing about the investment and what that meant to the profitability of a relatively small company, but powerful, and that served truly as that — we pulled over to the gas station, refueled our tanks, if you may, and then off for the next 12 months. Again, there was just no substitution whatsoever.
Jim, you make the point that there were months on out where you wouldn’t see your coworker, your colleague, the guy you were working shoulder-to-shoulder with, because we were pretty virtual to begin with, and we managed through that quite well. But when we got together that one time of the year, it was special, absolutely, positively, from the trips to Vegas — which there’s a whole long list of stories which may require a whole different podcast — to Clearwater, which was awesome. Even the event we had in Austin, Texas, at the Hilton, at the airport, and we also had one here in New Jersey, which was not very memorable because it was probably the smallest conference room of all.
But yes, every one of them was quite special, and to your point around FedEx Day, I was somewhat conflicted with the idea, because it was Osh’s baby, frankly, and I know it was “socialize between the leadership team.” I just looked at FedEx as a way to get people together, decompress: “Let’s not worry about working sessions and this, that and so forth. It's three days — we fly people in, we let them let loose, get together, socialize.”
Then this FedEx thing came up, and I was like, “Oh, my goodness, 24 hours grinding,” and I’m like, “Everyone’s got to do presentations.” It was crazy, because so many fantastic ideas came out of it. A little later on, we got away from it because I think people were frankly fatigued over time, but the ideas that came out of it, the plugins — Time Machine, Jim, which I don’t want to go too deep into because of the amount of money we spent on Time Machine.
That was my baby.
That was your baby, absolutely, but a phenomenal idea. But the whole point here with the culture and nurturing that culture and bringing people together. And the fact that we were virtual through and through, I think that was also one of those, frankly, valuable criteria — people working for us at the time — and you start to see the trend, and more and more midsize companies were doing more of the same, but it never impacted us, and as you guys know, you all were also recipients of us. Chad Wolcott, which is also another key asset that we brought in, proposed the idea of doing a four-day work week, and of course, once again, Osh and I looked at each other like, “Huh?” It was amazing, because that summer, we see the improvement in productivity, and it was so good where we decided to keep it in place through the fall and permanently.
The same thing with unlimited PTO: another one of those things you have a kneejerk reaction — or, rather, an allergic reaction to — and my goodness, we looked at the numbers a year or two later, and we realized that people were taking less time off in spite of the fact that we gave them unlimited PTO. But the message there, Jim and Jeff, is really more about the trust you put in people, the autonomy and the belief everyone had in what we were doing. No one was looking to take advantage of these policies, and we saw it. We saw it firsthand.
The FedEx day, for anyone listening was like, you had one day to deliver something — kind of like FedEx overnights your packages, one day to deliver. I don’t think it was a main corporate culture value, but the willingness to try something, the willingness to potentially fail at something, is the core of innovation. You can’t say, “Oh, we’re into innovation, but we expect everything to be a rousing success.” That’s not what innovation is. Innovation has a chance that it could fail and oftentimes does fail.
You learn a lot from those failures, but that was something like that Time Machine. Like you said, it was a great idea — it failed from a commercial perspective. We learned a lot from it. We learned what not to do next time, things like that. And for those who might be interested, Time Machine was — basically, we built a B2B user management portal on the open IDM software, and the idea was, we didn’t want to turn it into a software package that we sold, because we didn’t want to be a software company because of things that happened privately.
So you mentioned not wanting to become a software company, but I think there was some software that came out of Identropy at one point called Squid, and maybe it was even a FedEx project — I’m not exactly sure. This would’ve been before my time, but was it Squid or Squid Life Cycle? For folks who are trying to connect the dots, when did it come along, and when did it leave?
When I think of Squid, I immediately think of a highly complex business model — running two different companies under the same roof. Every time I share that story with an entrepreneur, it’s like, “Uh, that’s a big no-no.” But I’ll tell you, Squid came from this vision of developing a lightweight cloud-delivered IAM product, contained in its box, with limited use cases, etc., and what we saw with IdentityNow when they were launched, and of course, it’s evolved quite a bit. We believed in the vision, certainly influenced heavily, and rightfully so, by Osh because of his product background and his very strong analytical skills, and we decided, “Hey, let’s give this a go,” and I was all about it. We went out in 2010, started 2011, we closed the Series A, and of course, we did our rounds. We did our rounds from Menlo Park to Boston, Philadelphia, New York, and then we ended up syndicating with two funds, out of Philadelphia, one out of New York, and that was in 2011.
We took that ride, which is what it was. I was involved but also focusing still on the consulting side. Osh was driving the product side, and that’s when we, through that raise — of course, we did some of the common mistakes people do when they raise money. We got the big office in New York with more footprint than we ever needed, influenced by investors, but nonetheless, valuable lesson learned, and we really opened things up and brought in some really strong talent. Of course, from the product side, we needed people with experience, understanding the customer development process. On the marketing side, needless to say, we had to drive the positioning and messaging of the product, which we did, and we brought in some tremendous talent. I think that was around the time Frank was already onboard, but he played an important part.
Then we expanded our Austin office, and that journey went hard. Goodness gracious, fast-forward to 2011, 2014, we were fortunate enough to go into transaction with CA. The validation, again, of the vision was certainly realized by seeing something like that acquired, so it was a nice notch in our belt. It wasn’t quite the outcome we were looking for, but it was good in respect to finding a really good home for a tremendously talented group of people who transitioned over to CA, and we were able to shore some money, and then, at that point was when we really started to pivot and put the emphasis and focus in consulting. That was early 2015.
It makes me think of the importance of being nimble, being ready to take on an opportunity and taking a risk. That’s the whole idea that we were talking about there with the FedEx Day — being willing to take a chance of failing, and I wouldn’t say that Squid Life Cycle failed. I think it was probably an idea that was ahead of its time. I think that most of the IAM products that were in the cloud at the time were focused on single sign-on. Nowadays, people generally don’t even want on-premise IAM systems. It’s just all cloud, and some of the approaches, if it’s not always SaaS —Squid Life Cycle was SaaS — but having that early-mover advantage can be a huge benefit sometimes, but if you’re too early, it can be a hindrance.
Totally. Yes, another $5 million would’ve certainly helped, but heavily dilution of what we had, but absolutely ahead of its time, as we see now some of the products of the marketplace. But tremendous team, tremendous experience. Again, you see the market, how it shifts, and I think we were, to your point, Jim, just a little early.
Another opportunity that came along shortly after that sale to CA was to probably double the size of the company by bringing in a lot of the team, some folks that you referenced earlier. What they always say in baseball: It’s better to be lucky than good. You can hit that nubber ground ball into a hole and win the game. You could rock a line drive, but if you hit it right at somebody, it doesn’t do you any good. So, talk us through that whole experience and then how it led to how things are today, where we are in 2020 — or 2021 now, but 2020 as of where that went.
Yes, Jim, I was hoping really hard that you wouldn’t bring up any baseball metaphors because that’s what I’m going to talk about in baseball metaphors from this point moving forward. So, thank you for rewiring my brain. Yes, that was a crucial turning point. As I said before, after the Squid transaction in late 2014, it was time to pivot and refocus our energy on the consulting side — a difficult stretch too because consulting was also funding part of the product efforts, naturally, when you have these two businesses under the same roof. That pivot into the focus and concentration around consulting services challenged us in many ways, and opened up many doors. I was fortunate enough, as I said earlier — our earlier partnership with Courion, I met some great people. One of those folks I met — I’m still good friends with — is Kurt Johnson.
Kurt came to me and asked me for my thoughts about the possibility of transitioning in a group of folks that I’ve worked with very closely, and I’m like, “This doesn’t happen — bringing in this kind of talent, first and foremost, and bringing in talent like this that has worked together.”
The timing of it was phenomenal. Courion was going through some transitions themselves and it was a very natural — well, the opportunity was tremendous, but also a very natural transition. Now, to your point, it was like an acquisition, because in total, it was about 12 people. initially, it was around eight, and then we brought on a few others, but the talent pool was tremendous. Again, we were relatively small, probably in the mid-30s, high 30s, or bringing on that number — initially eight, then 10, 12. You’re adding a fair amount of people, so it felt like you were bringing two companies together, so there was a lot of friction, and it was a lot of smoothing out the edges and a lot of long hours trying to get people with strong opinions to coexist, but the outcome was extremely powerful.
I apologize in advance if I’m forgetting some names, but people like Wayne Siso, who came in and was the operational ninja — and Wayne, please, I’m not pigeonholing you as an operations guy, but tremendous talent there in finance. And we Salesforced everything and optimized it, and now the visibility, forward-looking reporting, projections, forecasting, that really helped elevate what we were doing as a company — bringing, of course, Chad Wolcott, who had a tremendous experience running services for Courion globally. Bringing that asset over was a huge shot in the arm for us. That level of maturity, experience really helped.
We formalized the structure of our teams, and then shortly thereafter, given that we finally transitioned from the product side, I had a very significant moment in time as well where I met with Kevin Cunningham, co-CEO of SailPoint back then, at RSA that year, 2015, and basically, the bottom line was like, I was finally waiting for this moment. We have no more conflict, because we had product, right? We want you guys onboarded as a partner.
Luis Imeld, who I referenced earlier, was mission-critical in that partnership, and that was the big turning point for us. And as you know, we grew the SailPoint practice exponentially. We developed a tremendous team, tremendous practice. We were awarded Rookie of the Year, which was no small feat, and Admiral Delivery Partner consecutively for five years in a row. So yes, good work there, and that was certainly a key moment in time for the company and its maturity.
Last but not least, it was another person that we brought in around that time, which was I think a year later, that really helped manage the workforce not just from an operations but also from a strategic point of view, and Kristen Beenders, she was tremendous. It added another layer of maturity. You guys didn’t have to come to Osh and me anymore — you had a professional that you can trust and you can speak to and would listen to you guys. Kristen was tremendous in really helping us through managing the workforce and adding that other layer of professionalism that we certainly sorely needed.
That was very interesting, because that’s around the time when I came onboard Identropy. It would’ve been toward the end of 2015, and I was able to enjoy the ride of five years at Identropy, and I’ll tell you flat out right now — best company I ever worked for. It wasn’t any one thing, but it was the variety of people and the high quality of people. And you go to a job, and you always find a few knuckleheads that you just don’t get along with, for whatever reason — I never had that issue at all. I think everyone was just a ton of fun to work with. We GSDed, or what’s commonly referred to as “Get stuff done,” and people were happy to be autonomous and work through things and collaborate when needed.
I think that stretched all the way through the end of 2020, and I think most people remember 2020 as the year of the pandemic —I think of it as the final ride for Identropy. I know we don’t do commercials, so that’s why we’re really talking about Identropy a lot, because the company doesn’t exist anymore. As of the end of 2020, it got acquired by Protiviti, which is where we’re all at now. Let’s talk about that final year, because I’m always curious from a life cycle perspective of an organization: When did the discussions start? When did you think about maybe selling, and things like that? I’m curious to see how this all played out from your perspective.
The ride. I’ll tell you – and I’ve referenced a number of times here a place and time, things falling together, taking a natural path, and for us, if you would’ve told me in early 2020 that even though we were doing great work and foundationally, things were really starting to come together, then we get hit with the pandemic. But if you would’ve told me in March that we were going to grow 35%-plus and have a transaction in terms of selling the company, I would’ve asked you outright, “What exactly is it that you’re smoking out in Chicago, Jeff?” I’ll say that it did happen a very natural way. We crossed paths with someone. Of course, you guys know Terry Jost. Osh and I both have a history with Terry, and I happened to go out to Dallas to meet with Terry and Osh, who lives in Dallas, and this was literally three days right before the lockdown.
The meeting was just a casual meeting to hear more about the Protiviti story and how we can partner and do some things together, etc., and then of course, everything just went quiet from that point forward. Then, in roughly late summer — August, September — we reconnected, and there was certainly interest on the Protiviti side. Osh and I met with Terri — of course, not in person, but virtually again. We met head of corp dev, and it just felt like a very natural fit. I’ll tell you why I say “natural”: I think because Terry’s understanding of identity — Terry ran an identity company and sold it. I think it takes a unique set of circumstances of someone really appreciating the space, understanding the space, and we looked at Protiviti as an organization – Protiviti as the breadth of coverage and size — and we were like, “Hey, this could be something that can really serve us well, the opportunity to scale something that we built foundationally.”
Osh and I both knew that there wasn’t much more upward mobility and career development for a lot of the folks that have been with us for quite some time, and this is also an opportunity to potentially realize that, create that path for upward mobility and an opportunity to try their hand at different things. The number of business lines here and capabilities at Protiviti is infinite, and for us, that opportunity to take what we built, the brand, the recognition in the industry, and now transitioning it here with the team already in place, which is great, we’ve had really good collaborative experience so far, and I think to turn the dial, and elevating that to be recognized globally, it’s a very compelling journey.
So, we saw that. We kind of pieced it together, and in October, we received an LOI, and it was a very, very aggressive and certainly tiring process for those three months. As you guys are well aware, we closed it late December, and six months later, I would have never imagined, but it’s been a great experience, frankly, and a positive one.
Yes, I know. I always hoped Identropy would never sell, but I always knew it was possible. I feel fortunate to have been able to be on that ride for my nine years, and now continuing on with Protiviti, but while we have you, Vic, I’d like to get your perspective: You’ve been in this industry for so long now. You’re heading up the strategic partner ecosystem for digital identity. What do you see for the future of this industry? What’s next in your mind?
You’re asking the wrong person, but I’ll take a stab at it. One of the things I see coming from that world of the perimeter and security — I see more and more identity moving to the edge, the consumption of all these platforms. there will be a time — soon enough, not too far in the distant future — where there will be no on-prem and cloud. It will be only the cloud, but I think that at the edge, as we know it today, layer three, there’ll be a lot more layer seven. More applications. There will be the level of verification there, and identity is going to continue to be at the core of things from an enablement point of view, from an entitlement point of view, but entry into these points — AWS, Google Cloud, Azure — I think it’s going to play a huge role as the gatekeeper.
What is going to continue to happen is, bad actors are going to continue to use cyberattacks against companies — who steal, whether they steal data or try to ransom companies. There’s going to be a major migration to nonphishable, strong authentication everywhere. It’s just going to be the standard. Now, the industry has to move that way that that level of security gets built in, but if we’re not already at the apex, we’re going to get to the apex where it’s just, you have to do something about it, because the cost of not addressing the issue, the potential risk of being in that situation of having your company’s operations shut down because of a cybersecurity event, is just going to be unacceptable, and companies will be willing to take the dip — spend the money.
The big concern I have is that everybody’s starting to now take this seriously. You mentioned the lack of, or the gap in the need for, talent versus the pool of talent. The pool of talent is going to have to grow. This industry is going to grow in terms of people getting into it, and that first question we asked you is going to be answered in a different way by the next generation. It’s, “How did you get into IAM? Did you choose it, or did it choose you?” More and more people are going to say, “I chose it,” because it’s a great, growing field, and there’s a lot of money in it, and that’s where I wanted to be.
Wait. Did you say money? We’re not doing this for the money, Jim. Come on.
Yes. Of course not.
The podcast, maybe.
The podcast, maybe. Jim, once again, apologies for cutting you off, but the point that I was highlighting about the edge — just filtering access at the edge is absolutely, as we continue to move forward, critical today, but you’re going to have to now introduce some form of verification, some form of management of those identities at the edge level. So, it’ll be a mandatory requirement and utility, and how that will evolve, it will be interesting to see how that happens.
Like where MFA is today. It should be mandatory. Everyone should be using it. Is it out there yet? No, but that’s where it’s going. It’s some combination of passwordless and things like that as well.
All right. So, we’ve been rambling on here for a long time, and I certainly appreciate your time, Victor. Before we wrap up for this week, what I’d like to get is some final thoughts from you, Victor, of anything that’s out there that you want to throw out for the listening audience to take away from this conversation — words of wisdom, words of advice, for people who are in a similar situation where they are thinking about, how they should run their own identity org or company, because a lot of organizations really do have an identity company within their organization. How should they think about approaching those sorts of things? Any final thoughts for us, Victor?
The first thing that comes to mind is, I’ve always felt that at that moment in time, we had the core. Back to the autonomy, back to the trust — and frankly, I said it earlier, and I’ll say it again: I don’t think there’s a particular playbook. I think this is where Osh and I complemented each other quite well. We’re labeled as the yin and yang, and I’m not saying you need two CEOs to make this happen, but when you build a services organization, the most valuable assets are your people, and I think you need to give that the right level of attention and the right level of nurturing. That’s my advice.
Well, Victor, thank you so much for joining us. I really appreciate it. Thank you so much for listening. The best thing that you can do to help us is to share it with a friend. Hit the Subscribe button — whatever you need to do to help us get the word out is always appreciated. So, with that, thank you so much for listening, and we’ll go ahead and wrap it up here. You can connect with Victor on LinkedIn. I’ll have his link in the show notes, and obviously, you can connect with Jim and me as well. We’re always looking for feedback on the show. So, thanks again for listening, and we’ll leave it there. We’ll talk with everyone in the next one.
Thanks for listening to the Identity at the Center podcast. If you liked what you heard, don’t forget to subscribe, and visit us on the web at Identityatthecenter.com.