Listen to Identropy's Jim McDonald and Jeff Steadman on their podcast at "Identity at the Center".

Both Jeff and Jim have over a decade of experience in the Identity & Access Management space and guide companies on their IAM Program journey through Identropy's Advisory Services arm.

In this episode, Jeff and Jim talk about the current global health situation and things to consider from an IAM perspective. Jeff also finds a way to talk baseball with Jim as it relates to the Houston Astros and their brute force hacking of pitchers and catchers for the last few seasons (allegedly).

Brought to you by

Want to join the conversation? Leave us a message here: or email us at .

We hope you enjoy this episode and please subscribe to our podcast for updates on new episodes!

LISTEN HERE or read the full transcript below.

 *Disclaimer from Identropy: These transcripts are produced using automated tools, so may not be an exact word-for-word transcription. (i.e. - if you read something that sounds wrong, it's the tool's fault!) As always, for a better experience, please listen to the actual podcast.

 Podcast #35 Full Transcript:

Identity At The Center #35 - Managing IAM Through A Pandemic

Jeff: Welcome to another episode of the Identity at the Center podcast. I'm Jeff. And that's Jim. Hey, Jim.

Jim: Hey, Jeff.

Jeff: How you doing?

Jim: I'm doing pretty good. I am so healthy. You never know, though. I think with all that's going on, there is this major Corona virus out there that since you get it and you don't know where you got it for a little bit.

Maybe it manifests in the beginning like it's a regular cold and all that.

So I guess I'm during the paranoid millions.

Jeff: Well, you and I are traveling this week.

So we're in Washington, D.C. And I think, when I left the Chicago area Monday, O'Hare Airport, which is one of the busiest in the world, was very opposite of that. I mean, just empty gates, lots of room to spread out. So it's definitely taken a hit. I think the corona virus on travel. But even since Monday, the temperature of the situation has changed drastically with the announcements that have been made and at least in the US throughout the course of the week. So most of the sporting weeks have decided to suspend play. And there's talk now that March Madness might be canceled. So. Lots of stuff going on.

Jim: Yeah, it's unfortunate, but I think that it's the right time to take drastic measures.

I mean, it was kind of you have to kind of look at what other countries have done and what has been successful. Looks like they've got things more or less under control in China and which, it's the population of that country. You wouldn't think it would be something that would be easy to do. Yeah, it seems like they've kind of slowed the spread, which I think It's important. So, you know, obviously, I'm not an expert in spewing information about corona virus Crowley doesn't really add to the global wealth of information. But if you think about it like this is that there's a certain number of people who are going to become infected with corona virus. But if it all happens in one weekend or in one short period of time versus spreading it out, it really changes the impact on the medical system because, one hundred people show up to the hospital in one hour or one day or one week. There's totally different scenarios. So, yeah, I think it's important that we take the right precautions. And we as individuals, I think. So this should be my PSA, is that we as individuals, if, people keep telling me, well, you know, you're young and you're healthy, you'll be fine.

And we can't just take the view of how does this affect me. We have to be thinking about others.

And, we may come into contact with people who do have compromised immune systems or an advanced age, or we could wind up, in fact, infecting somebody who does contact those populations a lot. And that would be a really sad situation. So they would have to confront our souls to make sure that we're not becoming part of the problem, even if it doesn't directly make us sick or directly kills.

Jeff: Yeah, exactly. Yeah, this is definitely, not a medical podcast, but I think my PSA would be it. If you're sick or you think you might be sick, just stay home. I mean, I know it's easier said than done for a lot of folks, but you're not helping the situation if you spread it around.

I kind of felt bad this week because it's also allergy season. And, yesterday we're in a client office and all of a sudden, that morning I just started to have, probably allergies. I'm sitting there, sniffing and sneezing. And I told  our customers, hey, if you're not comfortable leaving here, these are allergies. And I feel fine. But if you want me to go back to the hotel and work, I'm happy to do that. want to make sure that, you know, people are okay with it.

Jim: I was in the room when you said that. And she's like, no, no, you're fine.

I'm thinking, no send him home.

Jeff: But the good news is I woke up this morning and I was like, oh, that's fine. Like, nothing going on. So, yeah. So far, I think, you know, we've dodged things.

But, you know, corona virus definitely has had an impact on the business world and then kind of got at least me thinking and probably us thinking from an identity and access management perspective. What are some of the things that,  this type of situation brings to light? And the first thing I thought of was,  VPN and I go back to way, way, way, way back in my history. Well, the companies I just worked for didn't have a lot of remote workers. So when there was a reason to work from home for a mass amount of people, the VPN would always crash because it couldn't handle the number of people connecting. So it got me kind of thinking about that. And it makes me wonder how many companies that have recently announced, they want their workers to stay home. How many of those people or those companies had the appropriate VPN support to be able to support that.

Jim: Right, I mean, it may be a situation where a few haven't moved to a third party VPN point, for some kind of hardware device on your network that kind of constricts how many connections you can out, if you're in the situation where you do have. That hardware dependency, you may be maybe too late to do much that you might want to look at something like.

Well, first off, you want to. You want to test it and really know how much and how much traffic you can support him to use your concurrent users you can support. Then you may want to look at scheduling certain folks to have their amount of time to be on the VPN.

Some people may need to only get an hour a day or something to synchronize emails or something like that.

Or maybe it sounds silly, but at this point you're probably having to prioritize that kind of connection.

But it's really going to be a black eye. I would think if, appropriate planning wasn't done in this scenario was kind of planned for not specifically corona virus, the same kind of scenario where they all of a sudden everybody has to work from home and can we remain productive as a company?

If not, it was also something I've been encouraging clients.

When I do see a hardware dependency on VPN or a dependency on their own VPN configuration, really I look at outsourcing that to a third party like an AT&T or something like that where, you can pretty much, I think, call and increasing number of views you see there.

So probably some partner dependency. But I think if it's you're leveraging a third party data center and people are connecting and through that, everything was kind of virtualized and you're more depending on their hardware.

Jeff: Yes. Something like split tunneling only sending traffic back to your network that needs to be there and taking the edge of the cloud services and connecting to them directly to the Internet. I was at the appropriate security measures. Don't place like two factor multi-factor, that sort of thing. That can also alleviate some of the burden, especially since, a lot of companies now are using things like office 356 and, Google stuff like that.

Jim: Yeah. A lot of my recommendation to our clients are out there moving to a third party VPN had more to do with security because one of the things we find, especially with smaller companies in a smaller workforce that they maintain their own VPN during VPN hardware is that they should are to keep it updated with the latest security and things, And yes, they might have the cheapest solution, but if you weren't getting hacked into, one of having security issues, the cheapest isn't always cheapest.

Jeff: Right. I imagine that if remote connectivity was not part of a business continuity or disaster recovery plan, that I would expect it's probably going to become part of the plan. Pretty much right away. Folks have that in place right now. Some other things I kind of thought about here, you know, having been in this position from identity admen perspective and operations, was people not having the right permissions and place to be able to work remotely.

Sometimes there is a dependency on being on the network and being able to get the resources, plowshares sorts of things and people start to extend outside of that, you start to receive an influx of access requests. And of course, everything's urgent because everyone's working from home in an emergency situation.

And that can sometimes wreak havoc on an IBM operations team as well.

Jim: Yeah, and hopefully the investments they made in the past to automate a lot of the access request processes and automate provisioning, certain decisions are somewhere in between state where they've got some automation and  other areas not as much.

Yeah, I can definitely lead to that overworked kind of situation.

I think one thing that should be planned for is where I think really we have to watch for that potential spike and be able to ask people who've maybe work shifts or shift work can sometimes be more feasible when people are working from home, they might be more willing to do something like that since they have to be in the office and be away from their families. But those are those are some potential options, shift work it's really going to be hard to maybe add people and adding people, I guess what I'm hoping is that this whole thing where people are having to work remotely and business is shut down and the country really shuts down.

There's a we're looking at like a four to eight week kind of situation.

And, it's probably someone rolling and honestly, everybody's going to shut down overnight. But you're pretty exciting to see it in very public institutions like the sports leagues where there really shouldn't things down.

A lot of conferences are getting canceled and things like that.

I think a lot of office workers are going to start working remotely in the next week or two. And I think that hopefully this whole thing only lasts, you know, a month or two months. And that really goes to the spread of the virus under control in that time.

Jeff: Yeah, and I think that brings up another issue where you have people who maybe don't work from home a lot or ever. And now they're trying to log on with maybe an account they'd haven't used in a while and they need a password reset. And I know a lot of companies struggle, for instance with like active directory accounts and having to be on the domain to get their passive reset. But they can't get on the domain because they're remote.

I know we started I started with this in the past with, other kinds of death. Okay. Well, is there an office you can go to so that, we can sink down the password change essentially to your device? I haven't really seen a great solution for that yet. And I think that's one of the benefits I think of moving to the cloud. Things like, office 365 and G suite and stuff like that.

Jim: The biggest thing that I've seen that has impressed me is there are some like full time VPN solutions. So once you launch your device, that can actually VPN without even having to log into the site to get software. So the full time can they can VPN. One thought I had is you were kind of describing this scenario, whenever I would my password locked out, it usually wasn't because they just forgot my password. I'm sure that does happen. But the biggest reason I would give my password logged out is that it would say depression is going to expire in five days.

I get on four days, three days and then Friday and would expire over the weekend come in on Monday and launch my computer on Monday and I was locked out and I think that what might help is maybe a communication of people that, hey, when you start getting prompted for password resets, you're really helpful if you've gone ahead and things and change your password. And now wait to the last minute.

Jeff: Right. Or maybe even do that as part of your exit plan from the office or how feasible it is. But for folks that are going to be going out, work remotely for a time, reset it while you're still in the office so that you don't have to worry about password expiration. Liar, liar. Remote.

Jim: Right. That's right. I think you'll see this is a time where probably people are coming up with these plans. But you can see where if you had kind of sat through these kind of plans well in advance or say you're thinking about these things a year or two ago and you should run into. Okay, we'll help you. We're going to contact the help desk. OK.

Well, we need to get cell phones on the ready so that if we need people to work from home and they can use cell phones and transferring their phone to that, maybe you don't want to pay for full, full time cellphone licenses, but maybe that's something that you could you would be willing to pay for in this scenario all of a sudden, or at least for people who, you know, maybe working with services where they answer a central phone number. Well, now, all of a sudden you can you can do something like cellphone, the VPN question and maybe talk about a little bit ago.

This why you have to constantly, if you're in I.T. or you're an information security, be thinking about disaster planning? This is kind of cool, guys. Is something like that or business continuity pandemic at least?

Jeff: Yeah. And part of that planning take into effect or take into account how it affects operations. I was the on call person during a snowstorm in Chicago land area many years ago. And I got absolutely crushed. And I'm dealing with, six feet of snow. It was a blizzard in my front yard. And,  basically my pager at the time, just going crazy every minute because people had so many issues. And we at that time, we really hadn't prepared or thought about how you would support IAM operations and that sort of situation, you're used to getting maybe one or two calls a night at most. And then all of a sudden it's all day for two or three straight days and trying to, filter those requests to the rest of the team to keep up with it became a real challenge for us.

Jim: But it really depends on the nature of your business. I know probably where you were at that time, retail operation, where these calls are like we can sell things, we can't conduct business because we left out.

Now what?

That working environments where you could take hours or days to fix problems, but not in certain environs or certain issues.

Jeff: Right. And then you're part of a security team. So how do you validate these people who are calling when they don't remember their own pin numbers or secret questions and they haven't registered any of that stuff ahead of time? So it becomes a real, real pain in the butt from an operation standpoint. So I was happy to start work through a self-service options on that. But it's not a Carol.

Jim: I am also wondering, as you and I have worked from home for a long time, I've personally been working from home full-time for over a decade, and so many offices were say, well, we got some of our culture. I'm wondering if after all is said and done with this, if it becomes a culture more place where they say, you know what? So there's a couple of months we had everybody working from home and worked pretty well. Maybe we'll get by with less office space or maybe we can give people a better work-life balance by letting me work from home. It might work out.

Jeff: Yeah, I mean, the technology is there for sure. I think it's a trust issue. I think for whatever reason, some companies trust their employees, some don't, from that perspective and I get it, but I'm a big fan of working from home. I think you can be more productive sometimes at home than you can be in the office. But I don't know if this is the right time to measure it, because I feel like there would be maybe a little bit of a false measurement because everyone else is doing the same thing. And there is already a built in downward movements on whatever industry it is because of all the issues going on.

So it's difficult to say, oh yeah, we were just as effective if you're have any type of business right now, you're probably feeling some level of impact with the corona virus, if it's not now, probably at some point cause it's starting to trickle down to more and more things with the sports leagues being camp, you know, being suspended or cancelled. You know, I'm sure travel has taken a huge hit right at you. And I were laughing earlier. I think we're probably the only people staying in this hotel right now. Plenty see elbow on my flight from D.C. to Chicago tomorrow.

Jim: So I should say, yeah, I haven't gotten upgraded to first class very much since Northwest, but by Delta, like, eight years ago or whatever it was.

I had upgrade to first class in the way home doing both legs and leg out. Right.

I in one sense, there's no split solutions. You don't get upgraded from Atlanta, from DC to Atlanta out of the blue.

Jeff: Always looking at the bright side of things.

There was I think, too, that you brought up earlier. And I'll let you have it at once. Did your thunder. But it was around some things that might be taking place with more frequency when there's this type of situation.

Jim: Yeah. I mean, sometimes these situations bring out the best in people as they bring out the worst in people.

And, I think the number of scams go up when you have these situations sometimes and we all know that phishing, a time saving everybody who's listening probably gets attempted to be fish like five times a day. In my mind, it feels like half the emails I delete or give are trying to get me to log in to handle an issue for something I didn't buy or whatever. But I also could see the same scammers trying to play off of this corona virus situation. And, I think the biggest defense against phishing, again, is education. It's don't know what you want. Nobody wants to get fish, but people get tricked and they think about getting tricked is, usually if you're getting an email about something clicking, the link puts you in to the scam website. So the best thing is if you're getting asked to late for something, don't click the link, go and type the URL in your browser or something. But even if you do click the link, there's ways to look at the URL to make sure that you're going to something legitimate. So now we're talking about things generally. Hopefully organizations put together some educational materials already with regards to avoiding being fish. I know of some organizations that on a routine basis go out and, ethically hack or ethically fish their employees or fine or the people who are susceptible to this. So, this might be a time where you wanted to do that again. Because I think that the fear is driving people toward being more susceptible to fall for this stuff. But it's just, I guess the reason you bring it up is just, sometimes these kind of events just provide an opportunity for people, people to act properly.

Jeff: Right. And, the phishing campaign is definitely something that. As part of that whole security awareness and all the research that I've read and seen indicates that dollar for dollar security awareness training provides the most value. But it's something that has to be continued because threats are always evolving and it's something that you need to continually remind your workforce of what to be on the lookout for or what to expect. If you're getting an MFA notification out of blue and you're not expecting it, don't click on it. Right. So that's common sense. But, the awareness is I think is a big part of that. And that has a big, big impact on the success of phishing e-mails. It's not going to solve it completely. But,  being vigilant and then and knowing what to look for, I think is a big, big help. So, based on corona virus, there's been a lot of different things happening with different conferences. I was at RSA a few weeks and, it was a bit of a down year for attendance already. And I don't think it was quite at the current panic level that we're seeing, but was definitely accounted for. And turns out I got an e-mail last night informing me that there were people at the conference that have been infected. So that's something nice to get octane, which is something I think you're going to attend in a couple of weeks, has been cancelled and converted into a virtual conference. So disappointing. You're not gonna put a San Francisco, but probably not as this planning won't be in improving the odds that you might get some sort of issue. Right.

Jim: Yeah. I would say I'm really going to travel right now. I hate the fact that the traveling should take you on the chin again.

Oh, I heard about the conference in the south by Southwest, they canceled that conference then the next day had to let go like 60 people. And it's horrible news, really. I hate hearing about that same time, it's to slow the spread.

They're really calling it slow, slow the curve or some the plan the curve.

So in other words, we know this is going to spread. We want to slow down the pace at which it spread so that everyone is actually on the hunt for work. And that we have research that we can spread out and help people at the same time. So it is disappointing that they're having to not just so Oktane the Okta conference . I was going to attend. I heared in Google and Facebook also canceled their conference.

The really good thing about the way they handled the Oktane one. I think this is a blessing. I think it's just a really good in how they canceled their conference. They can't see it. World events over four weeks in advance. They refunded everybody all their money. We get to go and apply for a refund or anything like that. There's plenty of time to cancel your hotel. Now, I do have a flight scheduled. I'm going to give you the memory for flight. I do feel like I was taken advantage of or anything like that. Like there is a absolute best thing is to cancel or they just cancel it because other people were canceled and they got out ahead of it and they took care of it. I just say that Major League Baseball suspended the racial spring training. And maybe it's just because unlike, say, locked into TV now, but it feels like they were doing was very good during the last major seriously to try and do something about it. And it still felt to me like the only reason they canceled is because everybody else canceling the day when they looked like they didn't care something. But to me, that's exactly how long it will take if they were to less than to deal with it.

Jeff: Yeah, you've got the waiters and the flowers. And, I don't know if you've seen this. This is something just popped up. Like we we're talking here is that they've actually pushed the baseball start date back two weeks for the regular season now. So things are literally changing by the minute as these organizations try to figure out how to handle this type of situation. And like I said, I think Okta did a really good job of keeping people informed and inside RSA, RSA sent multiple e-mails at a time. And, I still went in. There are still plenty of attendees there, over 30000, but there was plenty of hand sanitizer. And I think, people were a little more cautious around it. But, Okta did great job. They got ahead of it. And what I like and as part of a silver lining is they have now turned it into a virtual conference, which is going to be free. So if you weren't able to attend anyway, now there is, you know, some free sessions that you'll be able to get to. That's what the details are on that yet.

And I think we're looking at having Andy from Okta, one of our friends come on the show in a couple of weeks and maybe we'll have some more information on that time.

Jim: Yeah, absolutely. And so Jeff. Speaking of hand sanitizer. Going to release just OpenSocial formula for the hand sanitizer that you can take over the world.

Jeff: Right. So the standard and the standard recipe is two parts, alcohol isopropyl and one part of Elvira. Right. Or Gelson's like that. I think that you probably want to add maybe some bacon grease to that because everyone likes bacon. Right. What he will try about using like herbal essences and things like that. make it smell good, but I'm a bacon fan, so I think that would be great. I think my dogs would love that, too.

Jim:  Yeah. And I think you'd also give you a nice coating over your hand so viruses wouldn't be able to penetrate that greasy film that you have on your hands. Jeff, I think you're on to something here.

Jeff: Yeah, this is kind of like. What's that like? I don't I don't.

There are some company that makes, and quotes that you can't see, man candles or something like that. This could be like a man's hand sanitizers, like bacon, pizza, cheeseburgers, you know, things like that.

Jim: Yeah, I know. There's all kinds of men. Now there's one there so called dude wipes.

Jeff: Someone's million dollar idea. That was probably on Shark Tank or something.

It's like that stupid. Nobody'll buy that. And that person's on an island somewhere on a boat relaxing.

Yeah. Yeah. All right. I know you're talking for a while. We want to talk baseball or do you want to save that for later? No.

Jim: Look at it, man. I think this is probably working out well for the Astros and the red sox here.

You know, the Ashes were found guilty of stealing signs electronically in the 2017 and 2018 season.

It's supposed to be a report coming out that the Red Sox and similarly use technology to cheat in 2018 Nazeer that they pretty much run the table and then won one hundred and eight games. They're in the pole position all season long and then just danced their way through the playoffs. And so the debate that you and I got into was. Is it really cheating? I come from the same point of absolutely it's cheating. I'm also a New York Yankees fan and the Yankees got back to the playoffs, but they see cheating teams in the last few years in twenty, seventeen they got to the final game of the ALCS against the Astros who are showing signs and they lost the game in Houston.

And so what they were doing was they were using the  center field camera, which is I think pretty much a public camera is what feeds the feature. Network TV with the view from center field. And they were able to then zoom in on it. And they had a TV. They had a room set up by the dugout and the Astros Stadium M.A.D. Park, where they'd have a guy watching the signs that the capture would be putting down. And it was going to be a fastball. He would do nothing. It was going to be a breaking ball, which could be a curve ball. Change up things or debris usually break and does move. He would bang on trashcans.

This guy is not on the team. He was an employee of the Astros. And you could actually watch some of the games or you'd hear the trash saying supposedly, like they said one time where it was happening and the catcher got off is like, OK, I put down the signs. There is that damn trash again.

And, I think the argument you're making was, well, first off, first argument I make is that they explicitly banned using technology in game to steal signs.

So they're very clear about your not to do this.

But I think the thing that you're raising was, encryption not good enough, in other words, or weren't there signaling of the signs not good enough. One thing is that when the catcher to the pitcher signals are kind of brought back to what was encryption in nineteen twenty five.

And you're comparing it where I can watch you from center field using a high tech camera.

And it's a combination of these. If they put down one side it's obvious that they put down multiple signs, a lot of times people are good at figuring out indicators and things like that. So an indicator would be something like when I put down a to the next sign is going to be the pitcher wanted to throw. So I might put down a three, which would be a slider or have it done the two. I put on the one if we threw a fastball.

And so basically those any kind of form of encryption or human being is like, we agree, before the pitches draw, before we should be on like what the hand using my hands to show signals or my fingers.

And you're comparing that? We're using high tech equipment. That's why they banned it.

If we're saying that, hey, the catcher is going to hang a little microphone, he can tell the pitch to the pitcher or I don't know somebody who can push it.

He had like a little phone. Regan sent a text message to the pitcher and say..

Jeff: I'd love to see a catcher try to send a text message with that glove on his hands.

Jim: I guess I really haven't figured out what the exactly embarrassing would be. But ultimately, what it boils down to is that, you've got this encryption methodology that was based on not non-technology and you're using technology breaking and the game one team with distinct advantage over the other. To me, that's cheating. But more than that, it was explicitly banned. They said, don't you wish they could do one?

Jeff: So I'm definitely not a baseball fan and I don't know all the ins and outs and the rules. What was banned or whatever. But for my completely layman's view of what happened, the way I see it is that, the Astros were able to basically hack the teams they were playing against by figuring out what their password was. And those teams didn't do anything to guard against that. It didn't change signs in the middle of the game. Or maybe they did. They just got re hacked again. So it's almost like, the Astros were brute force hacking the signals from the catcher to the pitcher. And obviously, that gives them the benefit of knowing whether a breaking ball is coming or not. So you can lay off or swing away on a fastball. But I put it also on the security of that conversation between the catcher and the pitcher. No different than me standing at second base watching as well and figuring it out. Or, sometimes the bullpen is all the way out and, in the outfield around on the baselines, things like that. So I think the catch here and I wasn't aware of this was the electronic use. But if I was sitting in the stands and just watching with a pair of binoculars, I could figure out the same way. It wasn't like there was,  this super advanced hacking machine that was doing it. It was someone literally watching and saying, OK, I figured it out. Now let me go tell my guys why it is.

Jim: So one thing from a kind of baseball tradition standpoint is that usually when teams throw down multiple signs or in other words, in a very simple scenario and then one, that means you're a fastball, but then two minutes or a curve ball.

However, when you have somebody on base, typically what they do is put down multiple signs and maybe some third sign or maybe some last sign that I put down. But that's the pitch to throw.

By the time it somehow makes something, you only do that typically when there's a guy on second because you're going first or third.

They can't see between your legs. And so, baseball tradition.

I think this is also this is a sport. So there is a gamey aspect to it.

But there's also a certain level of ethics expecting out of the sport. It's kind of like I'll say you're in a fantasy football league.

And I somehow, broken your account and change your lineup right before the games. well, you didn't say your pulse or thrown off, dude, you cheated. Let's be real. You cheated. Just because I did. And my security, surely, you know, you don't break into some of these accounts and do that so, I think that there's a certain level of ethics involved.

Jeff: I think there is definitely the ethics part of.

Jim: if the catcher knew that you were using the center field camera, that was even a possibility. Then they would cheat. They would have to do the multiple signs, every pitch. And I think then if it's like there was a level playing field, then that would be one thing. But it was kind of like, well, you're doing something that we all know you're not allowed to do. Nobody else is doing it because baseball sent a memo saying, don't do it. So it didn't take them to change the science and nobody was on second base. But apparently you didn't get the memo. Did you get the memo?

Jeff: Well, I think there was also it was kind of, if hearsay or rumor going around of it, so I don't think it was something that just came out of the blue. I think people suspected something was going on. And I still think that,  Probably could have done more to secure or that communication, knowing that this has been heard of, talked about. And, there was a suspicion that something was taking place. And yet it seems like at least, teams didn't really take it seriously or even do anything or at least enough to prevent the interception of those calls and then being able to relay it back to the player.

Jim: Here's another thing that's an interesting angle. So and maybe as a side, you talk about say, we're banning the use of technology for showing signs. That's questionable. Why? I mean, you're using more technology throughout the game. I mean, you can't watch a baseball game today without getting the Amazon Web Services stack cast to information. Every player is slow motion reviewed, if necessary, they're talking about having an electronic strike zone at some point. I think they're experimenting with it in some leagues.

So the bottom line is, is that technology is becoming more and more of a game.

Why not? Rather than saying you can't steal signs using electronics that you just get rid of this this archaic way of giving sanction, the catcher to the pitcher have some kind of device. Obviously it's a clear text message, but have something for him to send information back to the pitcher so that, he can begin getting the message and not have to worry about the signs. Nothing I can say is this has always been my feeling about baseball. There's more technology use.

The more you separate the pro game in the sandlot game and the less alike they are, the less interesting it is to me to play sandlot as a little kid. When I grew up, playing sandlot was pretty much the same technology that they used in the big leagues. Pretty much men. And now we have. Electronic.

Potentially upcoming electronic strikes, and that's not in play today.

But instant replay and all these other things. So. It's a balance.

I think it's a balance. One thing about baseball as compared to all the other sports as a tradition is considered sacred, so when people get really mad what Barry Bonds breaking the homerun record is because it's like the members of your tree effort, just absolutely ludicrous in a guy like Henry Aaron took 20 years singing all those homeruns. And then Barry Bonds comes along and you take steroids and you said Naveh home runs a year and they never been done before. So that's why people should baseball give Marib said about that stuff.

I think there are other sports.

Jeff: I still have my premise that essentially the Astros hat, all the teams they are playing has figured out their balls and, their pitch selection passwords and exploited it should they have done it? They use technology that wasn't known as well, but that's how I'm looking at it.

Jim: I know we're about up on time, but let's go back to three years ago when the St. Louis Cardinals hired away somebody from the Astros. That guy came over to the Cardinals. They never locked down his account. There is a real IAM issue. Yeah, they're locked out his account. He went back over and was somehow able to log into their scouting system with his old credentials and download a bunch of data. He got caught as the cardinals and really bought the penalty will produce severe. I think a few people got fired over it. But, it’s not all gamesmanship. We'll see you.

Jeff: I say no. I think that's clearly not on the field. And I think that was purely a reason to make sure you have good off boarding procedure. That's how I am ruling that as a poor off boarding performance by I guess it was Houston.

Jim: Yes, I think that's corporate espionage, and I think they did the right thing throwing the book at them, but I also think for the side, stealing is cheating as well.

Jeff: I think it's cheating as well. But I think the team should have done better at trying to guard against it. It's like saying, you shouldn't hack my password. People are going to do it right. So expect to try and put some defenses up against it.

Jim: Yeah. The only difference there, again, the only difference is that this is a sport where a certain level of ethics are required and it was teams within the same week. This whole thing like the Cold War or like Russia versus the United States or something like that, this is a truly friendly league of colleagues.

Jeff: It's just a game.

Jim: Yeah, but that's where we get all excited about.

Jeff: All right. I think we're in pretty good shot. We can shape we can probably wrap it up there and you're gonna catch a flight here in a little bit.

Kind of a weird show I think for us today, because you're kind of a little bit all over the place talking about world events and a little bit of baseball.

And by the time folks hear this, it'll be Monday the 16th probably. So we'll see how the situation change next couple days. But hopefully we give you guys some food for thought and some ideas on how to maybe approach some of the issues that might be coming up here with the virus impact or other things to think about.

If you've got questions or comments or you think, I'm crazy about the Astros hacking every team they faced with a pitch selection, you can feel free to email us at And on behalf of Jim, we'll talk to you guys in the next one.




Jim McDonald & Jeff Steadman

Jim McDonald & Jeff Steadman

Jim McDonald is a professional with over 15 years leading teams through business-critical technology initiatives. Technical Strategist, Leader and Champion of Change with history of crossing organizational boundaries, cultivating strategic alliances and building consensus and alignment among diverse constituents to leverage IT as strategic asset and deliver solutions that rejuvenate and advance global business’ financial performance. Also as part of our advisory practice and with over fifteen years in the identity and access management space behind him, Jeff Steadman helps develop realistic IAM strategies and provide vendor agnostic recommendations to move the needle on IAM maturity for organizations large and small.