1
00:00:21,623 --> 00:00:25,433
S1: In this standalone episode, I speak with Jason Miller. Jason

2
00:00:25,433 --> 00:00:29,893
S1: is the founder of collide. A company recently acquired by

3
00:00:29,893 --> 00:00:34,423
S1: One Password. And in this conversation we discuss collides acquisition

4
00:00:34,423 --> 00:00:38,713
S1: by one password. The synergy between collide and One Password.

5
00:00:39,703 --> 00:00:43,483
S1: The challenge of password management. The concept of device trust

6
00:00:43,483 --> 00:00:48,853
S1: and zero trust. The limitations of current MDM solutions. Engaging

7
00:00:48,853 --> 00:00:53,743
S1: end users and security remediation. The philosophy behind collides approach.

8
00:00:54,073 --> 00:00:58,123
S1: The importance of human friendly security solutions. Future plans for

9
00:00:58,123 --> 00:01:03,103
S1: collide and the potential for broader application of collides technology.

10
00:01:03,463 --> 00:01:11,253
S1: And with that, here's our conversation with Jason Miller. All right, Jason,

11
00:01:11,253 --> 00:01:12,903
S1: welcome to unsupervised Learning.

12
00:01:14,103 --> 00:01:15,153
S2: Thanks for having me.

13
00:01:16,473 --> 00:01:19,203
S1: Yeah. So I understand you've had some big news in

14
00:01:19,203 --> 00:01:20,253
S1: recent weeks.

15
00:01:21,903 --> 00:01:26,043
S2: Yeah. Yeah, it's been a whirlwind. Uh, as I think

16
00:01:26,193 --> 00:01:28,983
S2: some some folks have found out, we've been acquired by

17
00:01:28,983 --> 00:01:31,743
S2: one password. We announced that a few weeks ago at

18
00:01:31,743 --> 00:01:34,683
S2: the time of this recording, and, um, it was a

19
00:01:34,683 --> 00:01:36,873
S2: really big deal. Uh, it's something that we've been working

20
00:01:36,873 --> 00:01:39,453
S2: on with them for a while and discussions, and it

21
00:01:39,453 --> 00:01:42,903
S2: was awesome to finally be able to talk about it publicly.

22
00:01:42,903 --> 00:01:48,183
S2: But I've always loved the one password product. I got

23
00:01:48,183 --> 00:01:50,883
S2: to meet a lot of the folks who lead the

24
00:01:50,883 --> 00:01:56,403
S2: company there, including the original founders. And, uh, they're incredible.

25
00:01:56,403 --> 00:01:58,743
S2: They're just as good as the product that they sell.

26
00:01:59,013 --> 00:02:01,053
S2: And that was really important to me, because some of

27
00:02:01,053 --> 00:02:05,883
S2: the foundational elements of collide was around treating end users

28
00:02:05,883 --> 00:02:09,963
S2: with respect, honesty, getting in front of end users and

29
00:02:09,963 --> 00:02:14,393
S2: giving them. Under an understanding of what's wrong with their device.

30
00:02:14,393 --> 00:02:16,673
S2: Will they do the same thing? But they focused on

31
00:02:16,673 --> 00:02:20,843
S2: probably even the harder problem than we solve is what

32
00:02:20,843 --> 00:02:22,763
S2: do you do about passwords? How do you keep yourself

33
00:02:22,763 --> 00:02:26,243
S2: safe with all these different logins to all these different apps?

34
00:02:26,513 --> 00:02:29,063
S2: They've solved that so well that it's been ubiquitous like

35
00:02:29,063 --> 00:02:31,733
S2: everybody uses it. And that was always a goal for

36
00:02:31,733 --> 00:02:34,283
S2: me at Callide is to achieve the same thing. But

37
00:02:34,283 --> 00:02:36,533
S2: on the in the device trust space and for end

38
00:02:36,533 --> 00:02:40,013
S2: user driven remediation. And so for us, like culturally the

39
00:02:40,013 --> 00:02:44,513
S2: fit was perfect. And it's great for me because we

40
00:02:44,513 --> 00:02:47,873
S2: get a lot of opportunity to still grow and what

41
00:02:47,873 --> 00:02:49,523
S2: we're doing at Callide. But now we have a lot

42
00:02:49,523 --> 00:02:52,073
S2: more resources, and that would have had to have come

43
00:02:52,073 --> 00:02:54,983
S2: through the form of venture capital and a number of

44
00:02:54,983 --> 00:02:58,703
S2: other things, and the incentives can sometimes get misaligned. Really

45
00:02:58,703 --> 00:03:01,373
S2: confident that with one password, we're going to be able

46
00:03:01,373 --> 00:03:04,523
S2: to continue our mission, achieve it at a much faster

47
00:03:04,523 --> 00:03:08,603
S2: pace and keep what was core about us, our DNA,

48
00:03:08,603 --> 00:03:10,523
S2: the same because they're that way too.

49
00:03:11,213 --> 00:03:13,943
S1: Yeah. That's great. So so talk about some of that synergy.

50
00:03:13,943 --> 00:03:17,513
S1: Like how did this, uh what do you think they

51
00:03:17,513 --> 00:03:20,453
S1: saw in you? Obviously we think it's a great product,

52
00:03:20,453 --> 00:03:23,183
S1: but like the different spaces, a lot of people might

53
00:03:23,183 --> 00:03:25,883
S1: be like, wait a minute, which space is one password?

54
00:03:25,883 --> 00:03:28,643
S1: Which space is Callide? How do you how do you

55
00:03:28,643 --> 00:03:31,373
S1: see that merging both when you first heard about it

56
00:03:31,373 --> 00:03:34,313
S1: and then also now like as you actually implement it?

57
00:03:35,513 --> 00:03:38,783
S2: Yeah. I think to understand why one password likes collide.

58
00:03:38,783 --> 00:03:43,703
S2: It's not about necessarily product or feature synergy. We're in

59
00:03:43,703 --> 00:03:46,973
S2: different areas. And the thing that makes sense to them

60
00:03:46,973 --> 00:03:49,343
S2: is like the way that one password sees themselves after

61
00:03:49,343 --> 00:03:53,303
S2: talking with them, they really see themselves as a company

62
00:03:53,303 --> 00:03:56,843
S2: that is distilling down a really hard topic to, you know,

63
00:03:56,843 --> 00:03:59,123
S2: a hard problem to solve. And in their case, that's

64
00:03:59,243 --> 00:04:04,853
S2: password management and making it something that is easily solved

65
00:04:04,853 --> 00:04:08,453
S2: through software and technology, and distilling it down to a

66
00:04:08,453 --> 00:04:13,823
S2: level of simplicity that even my mom could figure out, right?

67
00:04:13,853 --> 00:04:18,083
S2: I mean, before there were password managers, there really weren't.

68
00:04:18,383 --> 00:04:20,453
S2: There was a lot of recommendations on what you're supposed

69
00:04:20,453 --> 00:04:23,393
S2: to do to do a good job, to keep yourself safe.

70
00:04:23,393 --> 00:04:25,883
S2: From a password perspective, you're not supposed to reuse passwords.

71
00:04:25,883 --> 00:04:28,313
S2: You need to have a certain level of complexity. So

72
00:04:28,313 --> 00:04:30,623
S2: we're doing a lot of talking as security practitioners and

73
00:04:30,623 --> 00:04:34,643
S2: telling people what they need to be doing. But we

74
00:04:34,643 --> 00:04:37,673
S2: weren't giving them any tools to really effectively put those

75
00:04:37,673 --> 00:04:40,553
S2: things into practice. And that's what one password was able

76
00:04:40,553 --> 00:04:43,253
S2: to do. On the Callide side, we have a very

77
00:04:43,253 --> 00:04:45,383
S2: similar challenge in front of us. We have a lot

78
00:04:45,383 --> 00:04:47,993
S2: of IT and security practitioners to tell end users all

79
00:04:47,993 --> 00:04:50,783
S2: the time, hey, you got to keep your OS up

80
00:04:50,783 --> 00:04:53,843
S2: to date. You need to have disk encryption enabled. You

81
00:04:53,843 --> 00:04:57,443
S2: need to have system integrity protection on the browsers need

82
00:04:57,443 --> 00:04:58,763
S2: to be up to date. You need to do this.

83
00:04:58,763 --> 00:05:01,673
S2: You need to do that. And today the tools that

84
00:05:01,673 --> 00:05:05,693
S2: we have to help users solve those problems don't work

85
00:05:05,693 --> 00:05:10,223
S2: very well. We have MDM. Most of Clyde's customers use MDM,

86
00:05:10,553 --> 00:05:12,713
S2: but it has a flaw. And that flaw is it

87
00:05:12,713 --> 00:05:17,003
S2: only can work on the devices that it's installed on.

88
00:05:17,243 --> 00:05:21,353
S2: And there's nothing that really stops people from signing into

89
00:05:21,353 --> 00:05:27,143
S2: your most important apps with their personal devices. Right? You

90
00:05:27,143 --> 00:05:30,263
S2: need to have something in place that says, hey, these

91
00:05:30,263 --> 00:05:32,723
S2: are the rules of the road. You're going to either

92
00:05:32,723 --> 00:05:36,383
S2: have a device that's managed under MDM or in addition

93
00:05:36,383 --> 00:05:39,473
S2: to that, or alternatively, you're going to meet these basic

94
00:05:39,473 --> 00:05:43,583
S2: security requirements before you can get on AWS, before you

95
00:05:43,583 --> 00:05:46,913
S2: can get on GitHub, before you can get on Salesforce, like,

96
00:05:46,913 --> 00:05:49,373
S2: these are the core apps that we have that sensitive

97
00:05:49,373 --> 00:05:51,743
S2: data in them. You need to be on a computer

98
00:05:51,743 --> 00:05:55,103
S2: that's safe. Well, there's no real good answer to that.

99
00:05:55,103 --> 00:05:59,933
S2: And Callide has found the beginnings of that solution for

100
00:05:59,933 --> 00:06:04,433
S2: folks who have Okta. And our plan is to make

101
00:06:04,433 --> 00:06:07,793
S2: that as ubiquitous as the one password password manager is

102
00:06:07,793 --> 00:06:10,793
S2: for passwords. We want to be that solution for solving

103
00:06:10,793 --> 00:06:12,563
S2: that problem for devices.

104
00:06:13,223 --> 00:06:15,413
S1: Yeah, that makes a lot of sense. I heard someone

105
00:06:15,413 --> 00:06:18,923
S1: describe business strategy in an interesting way before they said,

106
00:06:18,923 --> 00:06:22,883
S1: look for a really acute problem that's just so annoying

107
00:06:22,883 --> 00:06:26,813
S1: for people, and just solve it more elegantly and better

108
00:06:26,813 --> 00:06:30,503
S1: than anyone else. And both of the two problems that

109
00:06:30,503 --> 00:06:32,813
S1: that you described, they very much fit that.

110
00:06:33,813 --> 00:06:36,483
S2: That's exactly right. And that's why I think one pastor

111
00:06:36,483 --> 00:06:39,963
S2: has enjoyed so much success is sound like they have some.

112
00:06:40,263 --> 00:06:42,993
S2: They have a really great people there. But let's be clear,

113
00:06:42,993 --> 00:06:45,633
S2: the reason why they're so successful is they've built an

114
00:06:45,633 --> 00:06:48,933
S2: incredible product that solves a real problem that people have.

115
00:06:49,703 --> 00:06:54,083
S2: That's hard to do in the security space because first,

116
00:06:54,083 --> 00:06:56,723
S2: it's really hard to get people to even recognize there

117
00:06:56,723 --> 00:06:59,423
S2: is a problem. So like in colliders case, the thing

118
00:06:59,423 --> 00:07:01,613
S2: that we battle all the time, and one of the

119
00:07:01,613 --> 00:07:04,073
S2: reasons I even come on podcast to talk about it

120
00:07:04,583 --> 00:07:10,013
S2: is people don't necessarily recognize that it's bad that any

121
00:07:10,013 --> 00:07:14,873
S2: device can sign in to most of your apps, including

122
00:07:14,873 --> 00:07:19,583
S2: the devices that are not under management. And that's universally

123
00:07:19,583 --> 00:07:22,673
S2: true in a lot of organizations today. Device trust and

124
00:07:22,673 --> 00:07:25,913
S2: zero trust is concepts are new. Yeah, only a few

125
00:07:25,913 --> 00:07:28,583
S2: years old and the concepts are older. But the products

126
00:07:28,583 --> 00:07:31,703
S2: that actually create the outcomes people are looking for a

127
00:07:31,703 --> 00:07:34,973
S2: really new. And so most organizations are in a state

128
00:07:34,973 --> 00:07:37,763
S2: right now where yes, they have MDM, they have all

129
00:07:37,763 --> 00:07:43,353
S2: these things, but they're not actually. They haven't created a

130
00:07:43,353 --> 00:07:47,523
S2: protective layer that actually ensures that devices are in a

131
00:07:47,523 --> 00:07:52,593
S2: basic state. So a basic state of security. So fundamentally

132
00:07:52,593 --> 00:07:57,813
S2: we collide. Uh, we're solving that problem, and we're trying

133
00:07:57,813 --> 00:08:00,153
S2: to solve it in the most elegant way possible. That

134
00:08:00,153 --> 00:08:03,783
S2: still preserves the cultures of these companies, like a lot

135
00:08:03,783 --> 00:08:08,613
S2: of companies allow a pretty broad BYoD program, or they

136
00:08:08,613 --> 00:08:14,163
S2: have contractors that don't use company provision devices, and they

137
00:08:14,163 --> 00:08:17,793
S2: want to preserve that cultural element of their company, but

138
00:08:17,793 --> 00:08:21,123
S2: they want to have some semblance of security. Well, what

139
00:08:21,123 --> 00:08:23,613
S2: is the state of the what can you purchase today

140
00:08:23,613 --> 00:08:26,853
S2: to ensure that happens? There really isn't a lot out there.

141
00:08:26,883 --> 00:08:29,223
S2: A lot of the zero trust device trust solutions that

142
00:08:29,223 --> 00:08:33,663
S2: exist on the market today. Implicitly assume that the way

143
00:08:33,663 --> 00:08:36,123
S2: that you're going to decide whether a device should be

144
00:08:36,123 --> 00:08:39,513
S2: signing in or not is whether it's enrolled on the MDM.

145
00:08:39,573 --> 00:08:43,023
S2: But if you have a big BYoD program, end users

146
00:08:43,023 --> 00:08:45,393
S2: aren't going to want to enroll their devices in the MDM,

147
00:08:45,393 --> 00:08:47,553
S2: or nor is it really appropriate for them to be

148
00:08:47,553 --> 00:08:51,333
S2: doing that in some cases. Or contractors, they may be

149
00:08:51,333 --> 00:08:54,453
S2: on their own MDM and they're not on yours. And

150
00:08:54,453 --> 00:08:56,403
S2: a lot of the solutions out there just don't work

151
00:08:56,403 --> 00:08:59,403
S2: in that world. We've sort of distilled it down beyond that.

152
00:08:59,403 --> 00:09:02,013
S2: The thing, the key insight that Callide has had is

153
00:09:02,493 --> 00:09:05,553
S2: you can't assume that a device is in a good

154
00:09:05,553 --> 00:09:08,793
S2: state just because it's on the MDM anyway. So let's

155
00:09:08,793 --> 00:09:11,913
S2: just start at first principles. Yeah. What is the disk

156
00:09:11,913 --> 00:09:15,633
S2: encryption story? What is the OS version? How long has

157
00:09:15,633 --> 00:09:18,753
S2: it been since the the device has been rebooted. So

158
00:09:18,753 --> 00:09:20,643
S2: on and so forth. And you can run hundreds of

159
00:09:20,643 --> 00:09:24,483
S2: different checks. Let's just look at those at a baseline level.

160
00:09:24,483 --> 00:09:27,693
S2: Not even thinking about the MDM. And and if they're

161
00:09:27,693 --> 00:09:29,973
S2: not in that state then they don't get on. But

162
00:09:29,973 --> 00:09:34,203
S2: more importantly, we can engage with the end user to

163
00:09:34,203 --> 00:09:38,163
S2: get them to fix those problems while they are being

164
00:09:38,163 --> 00:09:41,193
S2: informed that they're blocked from being signing in. And that's

165
00:09:41,193 --> 00:09:45,033
S2: the key. And that's why this type of solution is

166
00:09:45,033 --> 00:09:48,033
S2: so important, because it will work on anything. Like we

167
00:09:48,033 --> 00:09:51,483
S2: support Linux, you have mobile devices. The reason why we

168
00:09:51,483 --> 00:09:54,423
S2: can do that is we don't need a special API

169
00:09:54,423 --> 00:09:57,003
S2: to fix the problems. The interface to fix the problems

170
00:09:57,003 --> 00:09:59,583
S2: is the person sitting behind the computer. Yeah. And if

171
00:09:59,583 --> 00:10:02,523
S2: you embrace that and you make it so that they

172
00:10:02,523 --> 00:10:05,013
S2: understand and they have the motivation and the tools to

173
00:10:05,013 --> 00:10:07,893
S2: do it, they can solve any problem. Even the most

174
00:10:07,893 --> 00:10:12,543
S2: nuanced security issues your organization is trying to solve today

175
00:10:12,543 --> 00:10:15,483
S2: and users can fix for you and with perfect efficacy

176
00:10:15,483 --> 00:10:16,953
S2: if you do this the right way.

177
00:10:17,853 --> 00:10:18,573
S3: Yeah.

178
00:10:19,293 --> 00:10:22,323
S1: Yeah, that makes sense. It's actually interesting. I mean, that

179
00:10:22,323 --> 00:10:26,913
S1: zero trust story really, really does resonate because it's like

180
00:10:27,633 --> 00:10:30,513
S1: you're falling back and saying, look, this MDM thing, it

181
00:10:30,513 --> 00:10:33,303
S1: hasn't worked out that perfectly. And you're dealing with the

182
00:10:33,303 --> 00:10:37,563
S1: reality that is, which is the business hands out laptops

183
00:10:37,563 --> 00:10:41,133
S1: to people and says go to work like that just happens.

184
00:10:41,223 --> 00:10:44,193
S1: And then when security is like, well, you don't have

185
00:10:44,193 --> 00:10:47,343
S1: the MDM, we can't let you on. Like we're literally

186
00:10:47,343 --> 00:10:48,453
S1: stopping business.

187
00:10:49,483 --> 00:10:53,533
S2: Right? Yeah. And it's a concern. Well, what's interesting is that.

188
00:10:54,503 --> 00:10:56,873
S2: The companies don't really have good tools today to measure

189
00:10:56,873 --> 00:11:02,113
S2: how effective. Their device program. So let's say you don't

190
00:11:02,113 --> 00:11:06,223
S2: have a zero trust or device trust solution today. And

191
00:11:06,223 --> 00:11:09,193
S2: you're trying to understand is that even important? Well, the

192
00:11:09,193 --> 00:11:11,203
S2: first thing that you need to do is you need

193
00:11:11,203 --> 00:11:13,603
S2: to at least cast a net and understand who, what

194
00:11:13,603 --> 00:11:17,983
S2: devices are even signing into apps. Yeah. And that is

195
00:11:17,983 --> 00:11:20,113
S2: that there really isn't an answer to how to solve

196
00:11:20,113 --> 00:11:21,913
S2: that today. You know, that's one of the things I'm

197
00:11:21,913 --> 00:11:24,493
S2: working with on the one password side is can we

198
00:11:24,493 --> 00:11:28,873
S2: actually help capture that? But let's say that report did exist.

199
00:11:28,873 --> 00:11:31,153
S2: Let's say I could give you a report today for

200
00:11:31,153 --> 00:11:34,723
S2: your business. That said, here's all the devices that we saw.

201
00:11:34,723 --> 00:11:38,293
S2: Log in to this app and here's their state. Without

202
00:11:38,293 --> 00:11:40,183
S2: deploying an agent or anything like that, let's just say

203
00:11:40,183 --> 00:11:43,813
S2: that report exists. I think the challenge is that you're

204
00:11:43,813 --> 00:11:45,763
S2: going to see a lot of things. You're going to see, hey,

205
00:11:45,763 --> 00:11:47,593
S2: a lot of these some of these devices aren't on

206
00:11:47,593 --> 00:11:51,673
S2: any MDM. Some of these devices don't have any disk encryption.

207
00:11:51,673 --> 00:11:54,223
S2: Like they just file Vault is off if it's Mac

208
00:11:54,223 --> 00:11:58,543
S2: or BitLocker is off if it's windows. Here's a bunch

209
00:11:58,543 --> 00:12:03,463
S2: that have like an OS version that's three years old.

210
00:12:03,463 --> 00:12:07,663
S2: Four years old. Yeah. Probably exploitable remotely easily by any

211
00:12:07,663 --> 00:12:10,303
S2: drive by malware that could go to the wrong website

212
00:12:10,303 --> 00:12:13,573
S2: and you're popped. You would see a report that says that.

213
00:12:13,573 --> 00:12:18,013
S2: And then the key insight is, after seeing this report,

214
00:12:18,013 --> 00:12:20,863
S2: what do you want to reach for to solve that problem?

215
00:12:20,863 --> 00:12:23,803
S2: And I think what a lot of folks naturally reach

216
00:12:23,803 --> 00:12:27,523
S2: for is, oh, we need more MDM. Well, no, not

217
00:12:27,523 --> 00:12:31,633
S2: really either. You already have MDM and that's not clearly

218
00:12:31,633 --> 00:12:35,113
S2: not working. We've captured a bunch of devices here that

219
00:12:35,113 --> 00:12:36,943
S2: are being used to do real work that aren't on

220
00:12:36,943 --> 00:12:41,803
S2: the MDM. So now that's not working that program. And

221
00:12:41,803 --> 00:12:45,763
S2: the other thing is. You don't have any way of

222
00:12:45,763 --> 00:12:50,653
S2: even effectively measuring the security of these devices outside of

223
00:12:50,653 --> 00:12:53,143
S2: the MDM. So the right thing to reach for isn't

224
00:12:53,143 --> 00:12:57,523
S2: an MDM. In that case, it's to reach for device trust.

225
00:12:57,523 --> 00:13:01,273
S2: It's to say, hey, let's say I have Okta. Let's

226
00:13:01,273 --> 00:13:05,743
S2: figure out a way during the Okta authentication flow to

227
00:13:05,743 --> 00:13:08,293
S2: vet a device. Let's figure out what's going on with

228
00:13:08,293 --> 00:13:12,403
S2: it and then let's. Not let it in if it's

229
00:13:12,403 --> 00:13:15,613
S2: not in the right state, but not block work. As

230
00:13:15,613 --> 00:13:18,433
S2: you said, let's actually give that person who is being

231
00:13:18,433 --> 00:13:21,943
S2: blocked a path to redemption. How do they get their

232
00:13:21,943 --> 00:13:24,793
S2: device in the right state? And they'll be highly motivated

233
00:13:24,793 --> 00:13:26,533
S2: to do that because they want to go and get

234
00:13:26,533 --> 00:13:29,383
S2: to work. And then how do you get the nuances

235
00:13:29,383 --> 00:13:32,203
S2: of that interaction? Right? Like maybe it doesn't start off

236
00:13:32,203 --> 00:13:34,213
S2: with a block. It starts off with a warning and

237
00:13:34,213 --> 00:13:37,333
S2: you have 14 days. Or maybe it's not even a

238
00:13:37,333 --> 00:13:40,663
S2: warning with a consequences. It's just an FYI like, hey,

239
00:13:40,663 --> 00:13:43,483
S2: we're gonna, in the future, be rolling out this program.

240
00:13:43,483 --> 00:13:47,863
S2: If it were to have been implemented today, you probably

241
00:13:47,863 --> 00:13:50,503
S2: wouldn't have met the bar. You may want to start

242
00:13:50,503 --> 00:13:53,353
S2: thinking about that and then graduate to an explicit warning

243
00:13:53,353 --> 00:13:56,863
S2: with a time deadline to then eventually to a block.

244
00:13:56,863 --> 00:13:59,743
S2: And maybe even when they're blocked, you don't. You give

245
00:13:59,743 --> 00:14:03,403
S2: them one more snooze, right? And then they can still

246
00:14:03,403 --> 00:14:05,143
S2: get it if it's an emergency. So those are like

247
00:14:05,143 --> 00:14:08,053
S2: the types of human elements that we've built into the

248
00:14:08,053 --> 00:14:11,233
S2: collide platform, because now we've been running this app, we've

249
00:14:11,233 --> 00:14:12,883
S2: been selling this product for about a year. We're going

250
00:14:12,883 --> 00:14:15,493
S2: to continue to sell it at one password. And we've

251
00:14:15,493 --> 00:14:17,923
S2: learned a lot about how end users react to these

252
00:14:17,923 --> 00:14:21,463
S2: types of screens. And it's been incredibly effective, like all

253
00:14:21,463 --> 00:14:25,753
S2: of our customers today have essentially been able to achieve

254
00:14:25,753 --> 00:14:29,953
S2: perfect compliance and anything that they want by utilizing this mechanism,

255
00:14:29,953 --> 00:14:32,293
S2: which has been fantastic to see.

256
00:14:32,773 --> 00:14:36,343
S1: Yeah, I love the fact that it's enabling business to happen.

257
00:14:36,463 --> 00:14:39,763
S1: I also love the fact that you're using the best

258
00:14:39,763 --> 00:14:44,083
S1: possible resource for remediation, which everyone has been hesitant to do,

259
00:14:44,083 --> 00:14:46,963
S1: which is the person actually using the computer, and you're

260
00:14:46,963 --> 00:14:50,443
S1: sort of guiding them. And it's like, you know what

261
00:14:50,443 --> 00:14:53,323
S1: this reminds me of? And hopefully this isn't offensive in

262
00:14:53,323 --> 00:14:57,823
S1: any way. But, um, I've been like kind of marveling

263
00:14:57,823 --> 00:15:02,833
S1: at calendly. Yes. So it's like, okay, wait a minute.

264
00:15:02,833 --> 00:15:06,343
S1: What are you doing exactly? Like, how bad was this

265
00:15:06,343 --> 00:15:12,253
S1: problem before? Billions of people probably suffering from a problem that,

266
00:15:12,253 --> 00:15:16,123
S1: like the big tech scene has not solved, and someone

267
00:15:16,123 --> 00:15:22,153
S1: comes in and cleanly and, like, elegantly solves this one thing.

268
00:15:22,393 --> 00:15:25,543
S1: It's like what? In their case, it's like, how do

269
00:15:25,543 --> 00:15:28,423
S1: you share calendars? Okay, they make this one thing. It

270
00:15:28,423 --> 00:15:32,143
S1: doesn't do that much and it's amazing. And now everyone

271
00:15:32,143 --> 00:15:35,143
S1: uses it. And guess what? When the bigger people try

272
00:15:35,143 --> 00:15:39,313
S1: to compete, they cram all this extra stuff. They actually

273
00:15:39,313 --> 00:15:42,433
S1: miss the point of the app and end up making

274
00:15:42,433 --> 00:15:45,283
S1: something inferior. Even though they have a much larger team,

275
00:15:45,733 --> 00:15:48,613
S1: it's because they miss the philosophy of it, and I

276
00:15:48,613 --> 00:15:52,723
S1: feel like the collide product basically really understood the problem

277
00:15:52,723 --> 00:15:56,533
S1: and really understood not to over engineer the solution and

278
00:15:56,533 --> 00:15:59,983
S1: to kind of just make it as as clean as

279
00:15:59,983 --> 00:16:01,003
S1: it needed to be.

280
00:16:02,193 --> 00:16:04,983
S2: Yeah. And I think ultimately the reason why we were

281
00:16:04,983 --> 00:16:08,793
S2: able to see that problem isn't because, like, we're clairvoyant

282
00:16:08,793 --> 00:16:12,243
S2: or we understand it. I think we started off looking

283
00:16:12,243 --> 00:16:17,103
S2: to solve like fundamentally, I don't think that the existing

284
00:16:17,103 --> 00:16:21,483
S2: security solutions on the market are very human being friendly. Yeah.

285
00:16:21,483 --> 00:16:24,933
S2: And I wanted to build a security company that had

286
00:16:24,933 --> 00:16:27,243
S2: that as a core principle. So we were sort of

287
00:16:27,243 --> 00:16:29,493
S2: we knew that was an immutable part of collide. How

288
00:16:29,493 --> 00:16:32,193
S2: do we build something on top of that? The second

289
00:16:32,193 --> 00:16:34,803
S2: thing that is part of my DNA that sort of

290
00:16:34,803 --> 00:16:39,213
S2: informed this was I worked in manufacturing as a couple

291
00:16:39,213 --> 00:16:41,943
S2: of first jobs that I had and like, you know,

292
00:16:41,943 --> 00:16:44,523
S2: actually on the machine shop floor. And a big part

293
00:16:44,523 --> 00:16:48,873
S2: of that experience was safety training. And I remember, like

294
00:16:48,873 --> 00:16:53,013
S2: sitting down, you're getting the orientation. It's like making sure

295
00:16:53,013 --> 00:16:56,043
S2: that you're being aware of your surroundings and like, but

296
00:16:56,043 --> 00:16:58,053
S2: you learn about some of these systems that were put

297
00:16:58,053 --> 00:17:02,253
S2: in place and every single. Safety law and process is

298
00:17:02,253 --> 00:17:05,673
S2: written in blood, right? Like people died. And then they

299
00:17:05,673 --> 00:17:07,713
S2: figured out a way to stop that from happening. And

300
00:17:07,713 --> 00:17:09,693
S2: the one that really stuck out to me was this

301
00:17:09,693 --> 00:17:13,983
S2: concept of lock out tag out. So for the folks

302
00:17:13,983 --> 00:17:16,413
S2: who are not familiar with this, let's say you have

303
00:17:16,413 --> 00:17:20,043
S2: a really dangerous piece of equipment on the shop floor.

304
00:17:20,683 --> 00:17:24,793
S2: And someone needs to repair it. Well, previously before lock

305
00:17:24,793 --> 00:17:27,313
S2: out tag out, what would happen is that person would

306
00:17:27,313 --> 00:17:29,203
S2: climb and they would turn off the machine. They would

307
00:17:29,203 --> 00:17:32,023
S2: climb into it, and they'd probably tell everybody, hey, don't

308
00:17:32,023 --> 00:17:34,213
S2: use this machine because I'm going to be fixing it.

309
00:17:34,303 --> 00:17:36,673
S2: And then they'd repair it. And then what would happen

310
00:17:36,673 --> 00:17:39,403
S2: every once in a while is someone wouldn't realize someone

311
00:17:39,403 --> 00:17:42,193
S2: was in the machine. They would turn it on, and

312
00:17:42,193 --> 00:17:45,613
S2: then that person inside the machine would die. So that

313
00:17:45,613 --> 00:17:49,543
S2: was really bad outcome, obviously. And the problem was, is like,

314
00:17:49,543 --> 00:17:53,023
S2: no matter how much training you gave to be like,

315
00:17:53,023 --> 00:17:55,153
S2: always check inside the machine.

316
00:17:55,153 --> 00:17:55,603
S3: Yeah.

317
00:17:55,783 --> 00:18:00,313
S2: People were still dying. So the right solution wasn't more training.

318
00:18:00,313 --> 00:18:03,523
S2: And to give them more PowerPoints or more manuals or

319
00:18:03,523 --> 00:18:08,713
S2: scary videos, it was to actually engineer a system that

320
00:18:08,713 --> 00:18:12,313
S2: would hack around the fallibility of human beings and actually

321
00:18:12,313 --> 00:18:14,833
S2: solve it for good. Yeah. So the way lockout tag

322
00:18:14,953 --> 00:18:17,113
S2: works is when that same person is going to decide

323
00:18:17,113 --> 00:18:20,983
S2: to repair the machine, they actually go up to the

324
00:18:20,983 --> 00:18:23,893
S2: control panel and they lock out the controls, and they

325
00:18:23,893 --> 00:18:26,593
S2: take the key that is used to lock out the

326
00:18:26,593 --> 00:18:29,743
S2: controls with them, so that if anyone even tries to

327
00:18:29,743 --> 00:18:32,623
S2: turn on the machine, they can't do it because they

328
00:18:32,623 --> 00:18:34,903
S2: don't have the key to unlock the controls. It's with

329
00:18:34,903 --> 00:18:38,743
S2: the person. Yeah, who's physically repairing the machine. And that

330
00:18:38,743 --> 00:18:44,783
S2: one simple trick. Effectively eliminated that whole class of deaths

331
00:18:44,783 --> 00:18:48,653
S2: in on a machine shop floor. Well, I feel that

332
00:18:48,653 --> 00:18:51,653
S2: the problems that we face in the security space about

333
00:18:51,653 --> 00:18:53,813
S2: getting human beings to do things we're still stuck in,

334
00:18:53,813 --> 00:18:58,433
S2: like the old. 1920s and 1930s Industrial Revolution phase of

335
00:18:58,433 --> 00:19:00,503
S2: it where we're trying to we know that we need

336
00:19:00,503 --> 00:19:02,873
S2: to get end users to know how to do things.

337
00:19:02,873 --> 00:19:06,023
S2: But the the instruments that we're wielding today are all

338
00:19:06,023 --> 00:19:10,193
S2: training videos, you know, yelling at people when they're not

339
00:19:10,193 --> 00:19:14,753
S2: doing things right, adding MDM. But we really need human

340
00:19:14,753 --> 00:19:18,653
S2: based systems that understand human psychology. They understand how people operate.

341
00:19:18,653 --> 00:19:23,743
S2: They understand that. People need systems that will prevent the

342
00:19:23,743 --> 00:19:26,293
S2: thing from happening entirely. And that's what Callide is. I

343
00:19:26,293 --> 00:19:29,143
S2: think it's the first product on the market that takes

344
00:19:29,143 --> 00:19:33,253
S2: lessons learned from those safety industries, and then brings them

345
00:19:33,253 --> 00:19:36,973
S2: in to the world of cyber security and gets end

346
00:19:36,973 --> 00:19:41,953
S2: users at scale with almost perfect efficacy to solve problems.

347
00:19:41,953 --> 00:19:44,743
S2: And that's what we've built. And that's why one password

348
00:19:44,743 --> 00:19:47,773
S2: was really excited about what we're doing, because they see

349
00:19:47,773 --> 00:19:51,463
S2: their systems. And the way that they arrived with their

350
00:19:51,463 --> 00:19:54,013
S2: answers is very similar methodology.

351
00:19:55,003 --> 00:19:59,593
S1: Yeah, absolutely. That's, uh, that's really interesting. And I like

352
00:19:59,593 --> 00:20:01,513
S1: that story a lot. I've done a bunch of work

353
00:20:01,513 --> 00:20:03,823
S1: in the safety space as well, and they take it

354
00:20:03,823 --> 00:20:06,403
S1: very seriously. And like you said, when you care, you

355
00:20:06,403 --> 00:20:10,453
S1: engineer a solution that solves that problem. And, uh, yeah,

356
00:20:10,453 --> 00:20:14,593
S1: I really like that analogy. Well, where can everyone, uh,

357
00:20:15,103 --> 00:20:17,233
S1: find find out about the product.

358
00:20:18,353 --> 00:20:20,993
S2: Yeah. So you could still find us at Callide. Com.

359
00:20:20,993 --> 00:20:23,993
S2: And today we still sell to folks who have Okta

360
00:20:23,993 --> 00:20:26,513
S2: so that none of that's changing. We're still open for business,

361
00:20:26,513 --> 00:20:30,203
S2: we're still selling our product. And in fact, we're starting

362
00:20:30,233 --> 00:20:32,873
S2: to reach out now to folks who don't have Okta.

363
00:20:32,873 --> 00:20:36,803
S2: So if you have Google Workspace or use Microsoft Entra,

364
00:20:36,803 --> 00:20:38,933
S2: we have something in the works that we're going to

365
00:20:38,933 --> 00:20:40,913
S2: be launching later this year. And we want to start

366
00:20:40,913 --> 00:20:43,583
S2: talking to folks to get their insights on what we're

367
00:20:43,583 --> 00:20:46,433
S2: building and to get them in a place where they

368
00:20:46,433 --> 00:20:50,063
S2: get even beta test it. So if you have Okta

369
00:20:50,063 --> 00:20:52,943
S2: today and you want to use something like collide, go

370
00:20:52,943 --> 00:20:58,043
S2: to collide comm, collide comm. And if you have something

371
00:20:58,043 --> 00:21:00,953
S2: different that you use for single sign on, hit us

372
00:21:00,953 --> 00:21:02,753
S2: up as well and we'll have a chat.

373
00:21:03,663 --> 00:21:05,403
S1: Awesome. Great talking to you.

374
00:21:06,483 --> 00:21:07,893
S2: Thank you so much for having me.