Listen to Identropy's Jim McDonald and Jeff Steadman on their podcast at "Identity at the Center".


Both Jeff and Jim have over a decade of experience in the Identity & Access Management space and guide companies on their IAM Program journey through Identropy's Advisory Services arm.

On this episode, Jim and Jeff talk about how to identify and battle against resistance to change that can happen when introducing IAM to an organization.

Top 12 Reasons Why People Resist Change:

Top 10 Common Pitfalls Of An IAM Program:

Brought to you by

Want to join the conversation? Leave us a message here: or email us at .

We hope you enjoy this episode and please subscribe to the podcast for updates on new episodes!

LISTEN HERE or read the full transcript below.

*Disclaimer from Identropy: These transcripts are produced using automated tools, so may not be an exact word-for-word transcription. (i.e. - if you read something that sounds wrong, it's the tool's fault!) As always, for a better experience, please listen to the actual podcast.

 Podcast #12 Full Transcript:

Identity At The Center #12: Battling the Resistance


Jeff: Welcome to the Identity at the Center podcast. I'm Jeff and that is Jim.

Jim: I'm Jim, sitting here in sweltering hot Georgia. Jeff, it is September 13th is ninety five degrees outside. It's not great. It's soon air conditioning all day and goes outside and fight when it's all going to be here. But you and I are going to be in Boston next week. I was informed it's going to be in the 90s at Boston in late September. I just don't get it.

Jeff: I don't like it. I find this completely unacceptable. And I'm very excited. You know me, kind of nerd guy, right. Sony has a personal air conditioner t shirt that they're coming out with, and I cannot wait for something like that to become more mainstream, it’s going to start in Japan. I think it is later this year is like a Kick starter or any go. But I'm hopeful that stuff like that. I'm all about the personal climate control.

Jim: Absolutely, you and your personal fan.

Jeff: Yeah, exactly.

Jim: I've got an observation to share with your job, which is that I believe you have a resistance to heat and humidity, your resistance.

Jeff: I am resistant to it, I do not like it. It is not my thing. I am a cold weather bird. I would much rather it is 30 degrees than 80 degrees, believe it or not.

Jim: I was kind of leading into our conversation is looking at a really good blog with the reasons people resist change. And I'm thinking one of the reasons that you're resistant to hot weather is that you are not being consulted.

You were not consulted on whether or not hot weather was any good.

Jeff: That's clear. And no one ran this by me. I would have vetoed it. I would have. I would have provided some inputs into hopefully influencing the decision to be made that temperature was unacceptable and would need to be revised down. That is right there, Jim. That is professional podcast, magic that you just did.

Jim: That's my specialty.

Jeff: Have you done this before?

Jim: Yes, I think we're one up, so twelve.

Jeff: Yes, we're going to talk about change time battling resistance against kind of change against the IAM rules I guess can come in many forms,  many reasons. Things like no funding. I don't know why I need it. what is this thing we're trying to do. Or maybe you've already got something in place that's just not getting used, things like that.

Jim: Yes, coming up in a couple of our projects recently, which is, customers or clients who have deployed IAM tools reach a certain level of success and then they're having trouble moving forward. And so, the two major examples that I'm probably going to keep referencing back to is personal privilege access management space, where organizations stand up for great privilege, access management tool. And the people who need to use it are tremendously resistant and refineries. And that is not going to work. The second area is in, if whether it's identity governance or kind of a single sign on or you know, access management, general, you've got Kind of the big gorilla applications in the organizations are big, large groups that are say, don't touch my application and I've run into both of these types of situations a few times in my career. And so I'd like to, as the podcast progresses, there's kind of talk about things I've done that I think can really help our listener’s kind of take on those types of resistance.

Jeff: I think there's definitely some creative ways to solve that and some stuff that, I've done in the past as program management. Maybe we should start with why is there resistance in the way that I was thinking about it was I kind of bucket things into kind of three major categories. There's financial, there's personal and then there's strategic. So from a financial standpoint, why would someone resist doing something in the IAM space? And this probably isn't specific either to IAM, right? Probably apply to anything but where I am podcasts. We're going to focus on the IAM side first thing for a financial right. Can we afford this? Can’t afford it, we don't have the funding. Don't want to do something to solve this issue that's come up, maybe we don't need it. There's no realization of what is the benefit. Why do we need to do that? So therefore we're not going to the funding. Or maybe and this came up earlier this week with one of the clients I'm working with. What's the return on the investment? A lot of people are looking for work. How does this save us money?  Maybe it does, maybe it doesn't. So there could be a few different financial things. I think about it from a personal standpoint. There's a fear that comes along sometimes with IAM, like Job loss. This is going to automate me out of a position. Kingdoms crumble, maybe internally. You've maybe you've built a team or an organization that has a lot of headcount and maybe there's some fear around losing some of that kingdom, you can lose familiarity with existing processes on the personal side, so you know how to do it today and this is the way it works, right? I'm not going to switch to a smartphone because my flip phone is works just fine for me. Never mind all the benefits I'll get out of moving to the new technology. This is what I like. And this is and I'm not willing to make a change. It could be things around red tape, other inefficiencies that probably strikes kind of what you were talking about, the privilege access management side. It's just another step I have to go through to get what I need or there's no why am I doing this?

Because it's just inefficient, net perception of it, and then I'm from the strategic side, I'm thinking, you know, it doesn't align with business needs. Why are we doing this? It doesn't make any sense strategically as an organization. Why do we need this? Or my favorite I.T. is going to handle it. Let me toss it over the I.T. wall. I figured it out all of a sudden. I've got a whole bunch of heroes on the I.T. side. I am heroics, as I like to call it, who are making things happen despite the lack of investments, whether it's financial or even just thought leadership on the business side to help with fixing problems maybe that don't work. What do you think?

Jim: I think you raised a lot of the same points that probably are going to be what I have to say. So I try not to repeat a lot of what you're saying, because I agree with where you're coming from the angle that I choose. Look at resistance is that resistance to IAM a lot like resistance to change as a human being. So we kind of view the world. It's really human beings interacting and as human beings who are putting up the resistance. It's kind of like, how in our practice we have that slide, which is the top 10 reasons IAM projects fail. And if you trace back, they're all the same reasons. Almost all projects fail. Not that it's not a creative side or that it's not true issues. It's the same reasons things fail in other I.T. projects or other projects, H.R. projects,  finance projects are similar are the same reasons IAM Projects fail for the most part. And I think the reason people resist change in IAM ties back a lot to why they resist change everywhere. And so I found this really cool blog, which I would like to link in the show notes. So I'm going to go through a few of these and see which ones resonate.

Just kind of let me know if you hear one that you want to kind of talk about. The first is misunderstanding about the need for change when the reason for change is unclear. So I think that's kind of what you were say where they're not people are not really sure. What is the benefit here?  

Your fear of the unknown, I think this is a big one, especially for IAM and I.T. projects, which is like, OK; you're bringing up something like privileged access management. What does that even what does that even really mean? I'm scared of that. I think, in life we can be scared of the unknown. And I think certainly when it comes to IAM projects; the same kind of thing is like people need to be educated about it. And, so if you're not a trusted source of information, if you have a kind of establish that, yes, I actually know what I'm doing and that people believe that, then they may not even trust you as a source of expertise in something. So, again, this is kind of going all the way back to like the human psychology aspect, number three, lack of confidence. So this kind of goes back to I'm talking about the big gorillas where, so one of the things I've run into with some of my clients is that they'll have a major IAM system that is has achieved a certain level of success. And now they reach out to the big gorilla, like the big ERP system or a big EMR system in the organization. And they want to pull that in IAM and they say, well, we can integrate with your application for provisioning and we can, suck out all the entitlements is going to be great. We're going to take all this work off your shoulders. And there's you don't know how much work this really goes. Like you don't have the competence to take over what we do. It’s complex. You don't get the problem. And so just kind of getting into one of the ways I think to combat that is, so let's take the IGA, for example. Starting with IGA like to let's walk before we can run. So let's start at very low touch duration. Let's start collecting accounts and entitlements to showing that we can build the one place to go to has access to what let's get the countless correlate them to identities and then we have a picture of what access a person has a system from.

As far as like any kind of risk that you could be putting toward that IGA system, it's minimal because all you're doing is kind of read it. You have a kind of read only access and then you start stepping into more advanced features and you show that, look, we actually do have competence. We are able to; integrate with your system without breaking things out, taking your system down. You're not now at the mercy of our system being available in order to, or maybe you are at the mercy as you get it into provisioning and access requests and things like that. Even more like single sign on. But we've now had an opportunity to prove ourselves by stepping through this that, we actually took on more, more risk, but a more and more functionality. We've shown success. So it's kind of the way I like to approach that kind of fear factor, that level of resistance, because it's like, OK. Jeff has come along.

Now, all of a sudden, you're so smart provisioning your accounts. Well, first off, I don't know if Jeff even has the capability. Second off, I don't know if this system is even going to be reliable. And the last thing I want to do is hand over some function that is critical for me to provide a service of the business. And I don't know if Jeff can really do it. And so then Jeff comes and says, well, I've got a responsibility to your business, too, which is to show, to have one place to go know who is access to what let me at least get a file feed or let me at least have a read only accounts a database to a database. He pulled the accounts and entitlements then, this is going to keep Jeff happy. Let's give him that. But it gives you an opportunity. First off, it does provide real value because now you see what people have access to in the big gorilla applications as well as all the other applications. But that wasn't so bad. Where you help to connect, it wasn't so bad.

Jeff: You got to build that trust, I mean; it's that that that competence factor, I see it going both ways. So the competence to be able to do what you’re says you're going to do. Here are all the features. And I think that's part of a good program. Management is managing expectations, because you don't want to over promise and under deliver, if anything, under-promise and over deliver. That's kind of my motto. So you know what? Build that trust with the organization that you can do it. Yes, they do. But also from the resistance and the change standpoint, I see it on the other side, too, where the way that you've been doing your work. If you're a recipient of these kinds of new things that are coming from IAM, you've got to be able to adapt and change with the times. Maybe you've been working in a manual mode and creating SAP accounts, you know, for the last 10 years. And now there's a, you know, a better way to automate it and make it more efficient. Sometimes your skill sets are going to have to evolve with the organization. And I think sometimes people fear that on the other side of things, too, is they're not willing to make that change, which is unfortunate. And sometimes that leads to casualties and then the war on the IAM side. But if people are willing to change their skills or update their skills to keep up with times, you know, I think that that may help, Sometimes it that just it's an unfortunate as a sad thing. Sometimes people can't or won't change their own skill set to keep pace with where the organization is going. And that's just something to be aware of.

Jim: So you just nailed the skill of the ultimate podcast segway number four was connected to the old way, people who have emotional connections or are kind of hardwired to the way they've been doing things.

And now all of a sudden you're asking them to do things in a new way, I also thinking about a lot of automation over time as obsoleted manual ways of doing things right. And some people don't. People are afraid of being obsolete. Especially if they really like the job they have or are really connected to the job they have. They don't want to see that go away. They like maybe answering the phones and or getting the faxes, tickets and punching in a user account. And there are fewer or fewer places that do that. But I guess I'm getting as connected to the old way as another form of resistance. It makes a lot of sense. About the next one, this is low trust. People don't believe that they or the company can competently manage change. So there's another one where, you know, in that privilege access management competency that talked about a lot of times, you're talking about a group of folks who are tasked with running your server environment or your network environment or anything. It's kind of that core infrastructure anywhere that you'd want to roll up privilege access management. And those people are responsible for keeping systems online.

And if those systems are down there penalize for not doing their job. And here you come along and you want to take over how they signed into those applications and now their success and be able to do their job is dependent on you and this technology that you're going to roll on making it. It's sound very bad, but at some level it is like if you're privilege access management system work to go down for an hour a day and a server outage. They need to get the servers and couldn't get passwords. Essentially, you could be interfering with their ability to do their job. And so my kind of solution to this one is I really feel like those system teams can or in some cases should privilege access management. The IAM team should provide a support function or I, at least the checks and balances to what that team does with the system. So, this may not be the right solution for everybody, but if you're facing a lot of resistance where, say, the Windows Server team or the Linux server team doesn't want to get on board reducing projects as manager, and they're constantly trying to look for work around so that they're not dependent on your system and your system is not as effective.

One way that you could try to address that is put that team in charge of PAM system. It is like and guys, as a utility for you. And what we look at us as part of the team who can help make it more effective from a security standpoint. I think most managers over a server support team even service for team of hundreds of administrators is going to want to know that, when somebody leaves the organization, they're not a threat. And then we are doing some logging of what people are doing. But at the same time, even I want those things, I don't want to compromise my ability to deliver the services that I'm tasked with delivering. So you put me in charge of the system. If I can be the person who makes sure that system is working, I own it. That is a potential solution to making me feel more secure and getting over this low trust hurdle that we talked about from a resistance standpoint.

Jeff: Yes, their involvement, right. Making them part of the process; we got to be open to making changes based on feedback from that too. I think that's one thing to think about from IAM program perspective this to not be stuck on your path. Recognize when there are changes and suggestions that are good.  And we'll make things easier and will help with adoption. Don't be so regimented in your approach that this is the way we have to do it. It's okay, that's a great idea. Let's figure out how to incorporate that. So involve the people and take their feedback and incorporate it. I think that helps drive that change as well.

Jim: So, it is a temporary fad, and I wasn't sure how to associate this one.

Jeff: The internet is a fad.

Jim: You know what, Jeff? I mean, it's a good joke, right? The internet is a fad, obviously doesn't make sense. Say the iPhone is a fad. I the first iPhone came out 12 years ago. Listen to Joe Rogan's podcast. I'm not that I'm trying to advertise for another podcast. But, he has a podcast and a lot of people tend to listen to it anyway. The iPhone has been out for twelve years. Think of how much it seems to have changed over the three to any in some ways it's kind of the same thing, but in other way it's so much worse. And , I think in the IAM space there is like with open our mind to the fact that, yeah, we're here every day and it doesn't seem like it's revolutionizing overnight, but we keep seeing these things pop up where, for example, there's like the typing type of multifactor authentication.

Jeff: Typography, he was the product of that.

Jim: look, the product great to me. And the only reason I'm bringing it up is like is it a fad? Well, we don't know yet. But you're going to try to get your users to accept something out. The good thing about that product is it really does need to be accepted by user is happening in the background. But, is this something that's going to be around for a long time? I don't know. Or is it just a fad? So I was going to skip that one, because I don't think that's one of the main reasons for the resistance.

Jeff: I think there are some things that are relatively mature, but there are components of IAM that are still being worked out. You mentioned like the biometrics, right, with the keystroke one. I think there are still people searching for a reason to use blockchain, for example. Is that a fad? I don't know. It's pretty early. I think that's a conversation that we might tackle in future episodes in more detail. But I think there are components that are pretty solid fundamental Automation. But I think there are some things where we're not sure yet if it is a fad or not. Take some time to bake.

 Jim: That's true. And some things around for five years, it's not considered a fad. I think in this space. But you think about the course of human history or course of computers, even that's it's a blip.

Jeff: Bell bottoms were popular in the 70s. And then they're like, oh, who would wear those in the 80s and 90s? And then they start to come back again. So it's cyclical.

Jim: So the next one on the list and this really good blog is not being consulted.

And I think this is something we see all the time where people feel like, hey, if I wasn't brought in to help to find the problem and to find a solution, then, I’m not going to agree with it. But it's not always the case. But I do see that pop up a lot. In fact, I'd say within our advisory services area, one of the things that we do is say, get lots of people involved. If you're not sure, involve them, at least get their view of what is the problem, then they're more likely to be on board with the solution, because I think that it's easy to go out when you're doing an advisory sales pitch, for example. People want to know what is that you guys do, and we say, well, we put together a strategy that's going to achieve by it. The questions like, well, how are you going to do that? I think to get buy in to the solution; people have to feel like they were part of the definition of the problem. So you guys are the industry is another word. So if I'm in the seat of one of these people, you guys are the industry experts. Let me tell you about how things are here now, what my problem is and what I want to see improved. And then if you can come back later and say you said A, B, C, D, E, F and here's how we're going to we just solve each one of those problems. OK, if I truly believe you're the experts or and your what you're saying seems logical and you've gone well through and you give me an opportunity to ask questions, I'll buy in because I was a part of the definition of the problem,.

Jeff: That involvement helps. So if they're part of that discussion, I think sometimes, you just want people's voices to be heard. And maybe that's what they're looking for, too. Did you take it? Did you take us into account? Or did you forget about us? And I think if you can demonstrate that. Yeah, you know what? You were part of the process. we heard you. And here's how we're going to solve your specific problems. I think that's a powerful message that comes out of the program itself. Making sure that, from a program management standpoint, you are listening to your constituents, you’re out there shaking hands, kissing babies, all the stuff that you need to do. On the politics side of IAM program management, making sure that people's voices are heard and that you're recognizing that.

Jim: Absolutely, So the next one is poor communication. It probably is. It is self-evident, isn't it? When it comes to change management, there's no such thing as too much communication. I mean, what are some of your experiences with those?

Jeff: It's a lot of it. I'll go back to Help Desk days. Where? What do you mean? There's this new process. People aren't aware of it or. Oh, this is how we're doing this now. I wasn't aware that this is the way that we reset our new passwords or things like that. How do I request access? A lot of stuff, it's the communication used to be pretty open and clear. But you have to make sure that your communications are tailored for your audience.

You're going to talk a different way to your C-suite, your executives on how things are supposed to work versus somebody who may be working on a line. So if you're bottling, Windex and you need access to a terminal machine that's on that line, there's going to a different communication style on approach because people have different levels of understanding between what the services you're providing, how do they take advantage of those services, etc.., so I think you need to make sure that when you're communicating, you're thinking about all of these different things. And it stretches across organization. I always used to hate it when people would throw things in a production and it was OK. Did you guys figure out how you're going to support it. Well, how come you didn't include us as part of that process so we could help make sure that the processes you're thinking about actually do make sense in the real world. So you want to make sure you that you've got your ops team, part of that communication path as well. But make sure your end users know about the services.

I mean, that's going to help the adoption as well. Just make sure people know about it. I don't think anyone would ever complain about too much communication, especially an organization where sometimes that there is not enough communication, Historically, maybe not for your own project, but maybe for other things. I think people just want to be informed.

Jim: Right. And this I think poor communication is really highlighted when you're talking about change resistance that's happening in the end user population. So you're rolling out some kind of change in a single sign on system that's going to affect hundreds or thousands of people or, I guess our case could be affecting millions of people and all of a sudden they end up on the screen. They don't know what to do and they don't feel like they knew this was coming. That's a bad experience. One of the things that this whole discussion reminded me of, though, is that, from a project management standpoint, you're managing IAM project one; you should have an organizational change management plan. In other words, how are the changes that you're implementing going to affect your end user, not just your end users, but every party that gets affected? I'm really trying to think of that from a 360 degree perspective. The second thing is usually in a in a more advanced SDLC, the communication plan is going to be separate from that word change plan. So have a separate communication plan. It just shows you how important communication is and that, the idea that you can over communicate. There's no such thing.

 Jeff: And this isn't something that's easy. Sometimes you may not even know who you need to communicate you. And you're gonna have to talk with different folks and make sure that you try and get as much feedback as possible. But it's not an easy thing, but it's a necessary thing to have a successful program.

Jim: I think there are a couple other good points to go through, Because we're getting a little longer Changes to routine. So that impact of people getting used to doing things a certain way and then all of a sudden you're changing the way they have to do it, that they don't see that change is beneficial to them or, saving them time or they like it better for whatever reason that can be, you can face resistance, exhaustion, saturation. So this is something big that we've run into, I think with a lot of our clients is that there's so much change going on in the I.T. environment and information workers are getting deluged with new systems, upgrades and things. And, they wind up spending a big part of their day just dealing with, I.T. change. And then you come along with one more thing, and they're going to be resistant to that because it's surplus so slow down. I've got a job to do. So I think that's where that part of change management can. Or resistance to change can come up with IAM change in the status-quo. So resistance can also stem from perceptions of the change that people hold. For example, people who feel that they'll be worse off at the end of the change are unlikely to give their full support. I was going back to that PAM example. Like, if you don't see a problem with the way things are working today, if you're assistant administrator and you log in to a thousand servers using the same username password, if we're not a problem for you. How am I going to benefit from you locking my account in a vault? And I don't know the password for it. How does that help me? It helps you because it makes your organization more secure and we're less likely to get hacked, and, for to be your fall. But, we're less blunt.

So it's to look for those reasons , why change the status-quo actually provides you better than the last one is benefits or rewards, which is that when people don't understand what is the benefit, whether it's kind of an intrinsic benefit or not, how are they benefiting or how is your organization benefiting when you're you know this.

As far as I see, the process is not better for me. So what is the better?

Jeff: Why do I need this? What is why this is good for me? I think that's really what it comes down to. You're changing. So why do I need to do this?

Jim: I think as IT leaders, we have to be open to the idea that we're going to market our changes; we're going to push change on the organization. We have to be open to the idea that we're going to market and convince people that it's actually a good idea.

I don't think we should be resistant to that thought. I think we should be willing to take the time to really make sure that we understand the benefits.

And now we are bouncing up against a wall with people who can question them. And then we go out to the broader audience and market it, is going to provide a benefit to you or to the organization or to our customers. And therefore, it's worth you putting up what you see as the downside of the change.

Jeff: If you've got data around that, I think that helps too. Sometimes that you may not have something like, this is gonna save this much time or this much costs,  on the way we do business, sometimes you can't calculate the benefits and things like, we just know it's a better, easier, more secure process. Sometimes that's hard to calculate and sometimes that goes back to the rate of the return on the investment side of it. But understanding that and selling it. I'm a big fan of treating IAM like a product, even if it's a product that is internal. Your customers are going to be your co-workers, contractors, vendors, whoever is sitting inside the firewall, so to speak, not traditionally true customers who might be over B-to-C use case, right,  where you're dealing with folks that are not working for your company. But if you can take the mindset of this is this is my IAM product. I think that goes a long way to helping with a lot of these different areas, communicating it, Understanding the benefits for it before it and being able to market it and sell it to people. And, sometimes you need to take up a grassroots approach to sometimes taking a top down executive approach may not be as effective. Maybe you want to get some Admins involved as they say, I know you're typically putting in a bunch of forms for, ads and remove every week. What if I had a better way for you to do that?  And you start working with folks on the ground level and help them understand the value and you kind of tackle it from both sides. I think sometimes that helps get that benefit statement out there so people understand why this is helpful for them. I also like bribery. Bribery is a good one.

Jim: You can well, you did it jokingly, but you've had some thoughts, thought killer ideas, your killer experiences in terms of running contests and giving away, air pods or whatever,  having contests.

Jeff: I think the one that probably stands out the most for me would be, we launched a self-service password reset capability and the enrollment in the system was not where we wanted it to be. It was pretty low, was only like 30 or 40 percent, I think. So we did was OK, well, how do we that. And I thought was OK. Well, i-Pad was new at the time, new technology. It cost a few hundred bucks was like four or five hundred bucks at the time. What if we gave when I pads and to be eligible for that giveaway as part of a raffle. All you had to do was have your voiceprint or your secret questions and answers. This is a long time ago enrolled in the system, and if you were enrolled by you in the summer we'd have a raffle and give away I-pad or two or three, whatever. We saw a huge take time. It was it was something that was of value enough that people were interested in. It wasn't like, you get a free T-shirt. OK. Some people that might be motivated, but most people weren't. So, for that four or five hundred dollar investment on an I-Pad, we went from like 40 percent enrollment in this summer to like over 80 or close to 90 percent.

Forget the exact number by the end of that summer, and it was in conjunction with other things, too. Working with folks who are taking the calls say, hey, did you know that you could have done this? You know your password. Reset your own this time. Can I help you walk through? You know how to set that up. So if your first line, support is aware of your processes and capabilities. They can also help market those ideas as well. But I think briberies a great one. I was a fan of it. And sometimes it's super cost effective, if it's something that's tolerated within your organization doing giveaways like that, you can do lunch and learns and brown bags and drives, got to treat if you treat like a product. Make it interesting for people and help them understand how easy it is to use your services because hopefully you're developing services that are easy to use and obstructive as much as possible. But I'll help with the adoption of it.

Jim: Those are great ideas and great experiences, Jeff, that we keep doing this podcast on vision. I need to ask because it is to give away all of our good ideas.

Jeff: That's fine, we're all in it together, I think, one of the common things that I've heard and read about in some of the feedback e-mails that we've gotten is that, hey, I'm not alone.  It's everyone struggles with this. If IAM was easy, everyone would be doing it. I think the stronger that we all collectively get on the IAM side. There's enough change. I'm willing to adapt my skills and understand new technologies. That's part of our job, understands what's next. But, I think it just drives security. And, it's something that I certainly enjoy having these conversations around because I'm always curious what is next? I've probably asked that before. What's the next interface look like? Is it voice? Is it some sort of machine learning that knows what I want before I want it? Is it some, tied to some sort of biometric? I don't know. There's probably options are on all those. Is the technology there yet to support it? Probably not, at least not on a scale, in a cost level, that makes sense. But, you know, there's always something to be changed in that feedback. You're not alone. It's certainly one that resonates to of there.

Jim: I love the fan mail that we've been getting. Every time I call it fan mail. Jeff

Jeff: it sounds so weird to say, don't say that, Fan mail.

Jim: I know you having fans, but the mail bag idea and getting feedback certainly appreciated. So if you're out there, drop us a line even just. So you're listening. But also anything you'd like us to discuss in future episodes or any observations you've made? Anything we've talked about that you'd like us to share? We’d love to hear from you, and it really helps keep us going to know that people actually value what we're doing.

Jeff: Such as the two of us sitting and talking each other in our in our dark basements at rooms where we're going today, exactly.

Jim: Exactly. So, Jeff, you and I are going to be on the road for the next few weeks. However, we're planning on recording anyway.

Jeff: Yes, we are. We're going we're doing it for the people. It's for the love of the game. It'll be interesting to see how do it. But our next couple we have we're on the road, I think, for three weeks. So that'll be interesting. But at least we'll be in the same room and, we'll have to see how it goes. the plan is to definitely put content out there every week. Still like we've been doing for 12 weeks in a row, which is, I think, a milestone for us.

Jim: It is a milestone those 13 weeks as a quarter. So I think our next one is going to be really, truly, which is this episode 12 we release episode 12 today.

Episode Eleven went live today and we're typically a week ahead. So now we're pulling back the curtain a little bit, breaking down that fourth wall. We're typically recording a week in advance, which is, smart as if I do say so because, we are on the road. Sometimes it's difficult to get time to be able to put out a decent recording and something that we think might be interesting, but that's a big challenge for us, a couple weeks, right?

Jim: So putting that out there, I'd like to hear feedback from our listeners, especially those of us who are IAM practitioners just say, OK, what is the type of bit of content you think you'd get the most value out of is a conversation like we had today where we pick on something like resistance to change and kind of give it the IAM slant. Is it hearing product, talking to folks who are kind of in the field with product companies or, doing implementations, you can talk about their specific spot in the world and maybe their company. Is it a combination of those two things? You just click here and Jim and Jeff ramble whatever kind of feedback you could provide like that? I think we'd love to hear.

Jeff: Definitely, and you can send it to definitely we read all the e-mails that come through and look forward to hearing that feedback. So I think that's a pretty good spot to leave it for this week. I will put a link to the blog that Jim referred to in the show notes. And before I forget, you're talking about the 10 pitfalls thing earlier and one of our slides we actually of an e-book around that that we that we did last year. So I'll put a link to that as well in the show notes. And I think that's pretty good. We'll call it for this week. Thanks, Jim. And thank you all for listening. Take care.



Jim McDonald & Jeff Steadman

Jim McDonald & Jeff Steadman

Jim McDonald is a professional with over 15 years leading teams through business-critical technology initiatives. Technical Strategist, Leader and Champion of Change with history of crossing organizational boundaries, cultivating strategic alliances and building consensus and alignment among diverse constituents to leverage IT as strategic asset and deliver solutions that rejuvenate and advance global business’ financial performance. Also as part of our advisory practice and with over fifteen years in the identity and access management space behind him, Jeff Steadman helps develop realistic IAM strategies and provide vendor agnostic recommendations to move the needle on IAM maturity for organizations large and small.