Cloud, AI, and the Future of Identity Access Management Artwork

Security Unfiltered

Cyber Security can be a difficult field to not only understand but to also navigate. Joe South is here to help with over a decade of experience across several domains of security. With this podcast I hope to help more people get into IT and Cyber Security as well as discussing modern day Cyber Security topics you may find in the daily news. Come join us as we learn and grow together!

All Episodes

Security Unfiltered

Cloud, AI, and the Future of Identity Access Management

September 22, 2025 • Joe South • Episode 204

Send us a text

Art Poghosyan shares his journey from IT security consultant to CEO of Britive, a cloud-native identity and access management company. His experience during economic downturns shaped his understanding of how cybersecurity services remain resilient through various market cycles.

• Started in IT security right after completing a master's in technology risk management
• Worked with early IAM solutions including LDAP directories, SSO, and authentication systems
• Founded Advanced Technology Solutions focusing on IAM implementation services
• Identified growing challenges with traditional IAM solutions in cloud environments
• Created Britive to address cloud-native identity management challenges
• Witnessed explosion of machine identities in cloud environments creating security risks
• Now focused on securing new identity types including AI and agentic identities
• Cybersecurity consulting proves relatively recession-proof as security needs persist in both growth and contraction
• Capital One AWS breach highlighted risks of excessive privileges in cloud environments
• Current focus includes securing agent-to-agent interactions in AI systems

Connect with Art on LinkedIn or email him at art@britive.com to learn more about Britive's solutions for cloud and AI identity challenges.

😇 Affiliates and Paid Promotions 😇
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

➡️ OffGrid Faraday Bags: https://offgrid.co/?ref=gabzvajh
➡️ OffGrid Coupon Code: JOE

➡️ Unplugged Phone: https://unplugged.com/
Unplugged's UP Phone - The performance you expect, with the privacy you deserve. Meet the alternative. Use Code UNFILTERED at checkout

*See terms and conditions at affiliated webpages. Offers are subject to change. These are affiliated/paid promotions.

Support the show

Follow the Podcast on Social Media!

Tesla Referral Code: https://ts.la/joseph675128

YouTube: https://www.youtube.com/@securityunfilteredpodcast

Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast

Speaker 1: 0:53

How's it going? Art, it's great to get you on the podcast. You know I'm not sure when this was scheduled, to be completely honest with you. But you know I'm glad that we didn't have to go through like a process of rescheduling and everything else. But I'm sure my fall is about to go into that mode because my kids are back in daycare full time and they're just about to start getting sick, I know it.

Speaker 2: 1:18

Gosh, yeah, great to be here, joe, and I was looking forward to the conversation today. I'm glad the schedules and everything worked out.

Speaker 1: 1:26

Yeah, absolutely. It's challenging at times, for sure, you know, because like you're trying to bring your own schedule, which is already like jam-packed, you know, with someone like yours, right, where it's like okay, I think I have an hour this week. You know what I mean. It's like it can be pretty crazy. And we're just on the other end of kind of like the busy season for cybersecurity conferences, right, like it kind of kicks off end of April during, you know, middle of May with like RSA and then kind of wraps wraps up with Black Hat and DEF CON and whatnot.

Speaker 2: 1:58

True, true, but we do have a couple important ones towards the end of the year. Gartner IAM is a big one that we usually tend, and it happens to be in December, I think, right after AWS, reinvents, yeah, so I'll be on the road. I don't know about you, but I'll be on the road for a few of the conferences until end of the year.

Speaker 1: 2:16

Yeah, I haven't been to AWS reInvent or reInforce for that matter. I really want to go, though. I feel like I would really enjoy it. You know AWS is the cloud that I'm like the most I guess officially like certified in and, you know, most experienced with, so a lot of this stuff just like kind of makes sense to me, like by default, right, because you go through those such an arduous process getting those professional level certifications. It's like grilled into you, you know.

Speaker 2: 2:45

Yeah, I would recommend certainly reinvent and reinforce as well. If your focus is more on security. Both would be great events. I would certainly recommend.

Speaker 1: 2:53

Yeah yeah, maybe, maybe next year. I mean, I the problem is I get separation anxiety for my kids, right, and so I'm sure they they, you know get a little bit anxious when I'm away too. But now it's like I'm in a part where it's like, okay, I want to go to DEF CON, you know. I want to go to AWS, reinforce and reinvent. I got to like shuttle these kids around too because I want go to it, you know. So it's just, it's more difficult, it's more logistics and everything which you know is normal with kids.

Speaker 2: 3:23

I guess, right, like yeah, I've got everything more complex.

Speaker 1: 3:27

I've got three, so I'm very familiar with the story yeah, yeah, well, art, you know, why don't we dive into your background? Right? How did you get into IT? What made you want to go down? Security, you know as like a specialty. And then you know, maybe for that third phase of it, why in the world do you want to, you know, lead a company or be a CEO of a company in this space? I mean, it just seems like such a competitive space. You know, like me, trying to convince myself to do it, it would be difficult for me to convince myself to do it because it's so competitive. It's like, well, you know, I don't know, I'm going to put all this time and money and effort into it and it may not work out right. Like, what was that journey like for you?

Speaker 2: 4:12

Yeah, I really appreciate the question because when you look at startups and companies and so on, what you see is from the PR lens, right, what you see from publicly available information and so on, what you don't see a lot of is the history, the genesis of the vision and all that. And I appreciate the question. And it does start with people. It does start with the person setting goals and seeing an opportunity and so on. So for me, how I started in IT, I would say it was pretty much in IT security right off the bat, because I had just graduated from the master's program with a specialization in technology risk management and started working for a big four firm right at the gate and the IT security was a very sort of a niche segment of the technology services market and you had a lot of the people who were in that space were with former military, dod, nsa background. Not so many people came directly from the graduate school or commercial sector. So it was competitive back then when these people were already fairly seasoned, you know security analysts and systems engineers and so on. But I loved it right out the door. I mean the big companies usually they don't waste time. They put you on a project even in the first week and you're off to some client and doing some work already right. So you learn, kind of learn as you go.

Speaker 2: 5:44

For me, security in the first couple of years was mostly about vulnerability management, network penetration, testing and so on. Those are early 2000s, where I'm talking about right 2002, 2003. But there was an interesting pivot moment there and I got pulled into a project that was not about breaking stuff like network controls, it was more about actually deploying it. At the time the LDAP directories were becoming popular and you know they were being used as network authentication systems and so on. I got pulled into a project to design an LDAP director and deploy it on the customer's network and when I did that I learned. It was a steep learning curve but I learned the other side of tech or security technologies, not the side and the tools that you use to break it, but the ones that you use to actually build security, and that actually excited me a lot more. I kind of really decided to just seek those opportunities, and very quickly. You probably remember some names from those days, like companies like Netegrity was the first in the single sign-on authentication space. Others at the time CA had some other interesting technologies which Netegrity actually later was acquired by CA. So I got more opportunities to kind of go deeper into what would become later identity access management. At the time it was authentication, sso, ldap directories and I continued to focus on that and as part of EY, where I was part of their cybersecurity practice, I worked on a lot of projects with major you, with major enterprise organizations, fortune 100s, to deploy the identity and access management products which were becoming a little bit broader than just authentication. Soon we started seeing the access provisioning and privileged access products starting to enter the market, and that took me to about 2009.

Speaker 2: 7:41

To enter the market, and that took me to about 2009. And that's when I really saw kind of that, had this entrepreneurial itch. I didn't even know what it was all at the time, but I felt like there was a bigger opportunity that I wanted to address and just as an entrepreneur, rather than just being a part of a big company and you know, serving clients, but being part of a bigger brand name and a team, I felt like the opportunities to really kind of address the need in the market differently, with much more focused and expert kind of approach, which would also mean alignment, very close alignment with the technology and products that are in the market, which, if you know the big four model, the big consulting model they always present an agnostic view. They want to always be a trusted advisor and not present any kind of a biased view of any product, which is great, I mean. That's very much appreciated by clients. But there's also a point from the customer standpoint where they want a partner to help them define very technical and specific requirements, find a product that will meet the requirements and help them deploy it and move to production and maybe even operate in the support mode afterwards.

Speaker 2: 8:54

That was the opportunity I saw in the market afterwards. That was the opportunity I saw in the market and at the time it was also the if you remember the mortgage, you know the mortgage meltdown and recession that followed that. The mortgage industry meltdown, a lot of companies, the budget shrunk, almost disappeared, but the compliance needs did it and that helped me get started with my first business. I started a company called Advanced Technology Solutions focusing on, specifically, identity and access management solutions, design and implementation services, and some of the great names you see in the market today were still early stage startups, the likes of Ping, identity and Avexa, which RSA acquired SailPoint big player in the space, even like PAM vendors that you know today are the top, the big three, as they call them CyberArk, delenia, fiat Trust. We're new in the market and their market traction was just starting to accelerate Worked with those companies and became a trusted partner to help implement these products for their customers. We had a great run for about six years, I would say. And Optif Security, a big services player in the cybersecurity space, noticed us and felt that the identity-related services are a big and growing business and they came and offered to acquire the business. The timing of that exit was very interesting because at Vance and my company before Brighton, timing that exit was very interesting because at Vance my company before Brighton, we already had built some products of our own which we weren't really selling as products but we're selling as more integration solutions between various vendor solutions, vendor products, and we were already starting to see a bigger opportunity to move into a product business. Moving to a product business, optive Acquisition kind of gave us a sort of a great sort of exit ramp into the next objective, which became Brightiff.

Speaker 2: 10:44

Brightiff is all about cloud native identity and access management. Privileged access is kind of our primary lens on access, but it's also about a broader identity landscape. Back then, when we were implementing SailPoint, ping Identity and so on, these products were primarily designed and deployed for human identities. We saw that change very quickly and today, as you I'm sure know, there's a lot more of other type of identities, like machine workload NHI generally is how the industry is referred to them and there's yet a special new type of identities agentic identities and AI identities, right. So for us it's all about the world that we were moving into and kind of leaving the data center behind, and there are products that have been there for years and they do the job for the data center. But our main focus was the future technologies and the new needs and new identity kind of problems that we we could solve, that we wanted to solve. So that got us really kind of excited and you know there's not been a dull day since we started Brightim. I'm sure you're well aware of that in this space.

Speaker 1: 11:57

Yeah, no, it's definitely a fascinating journey. You know, I've done over and I think it's over 250 episodes at this point, right, and I haven't heard the same background twice, you know, but every time that I've talked to people that went to consulting, they all say the exact same thing that, like, you're basically drinking from the fire hose, you know, like they immediately throw you into the fire and you either sink or swim. Basically, you know, I think back, like right now, I wouldn't want to like go to the, the consulting, like the big, the big four route, necessarily, because it's just so much travel, right, you're traveling constantly. That's not very conducive for, you know, someone that wants to be like a like you know not, someone that wants to be you know something, right, but for someone with a young family, that's not very conducive, right? So I couldn't imagine doing it right now and earlier on in my career I feel like I wouldn't be good at it because I wouldn't.

Speaker 1: 12:59

I don't know if I'd be able to like swim, you know, so to speak, but it's. It's interesting. Everyone that I've talked to and I've talked to people that actually got out of it, you know, within like six months of starting at one of the big four. This is like yeah, you know I'm on the road four out of five days a week, every single week. Yeah, I have a whole lot of points and miles and everything else, but like I'm paying for an apartment that I'm not even at, you know, it's an interesting world.

Speaker 2: 13:26

Expensive storage, as we used to call it Expensive storage.

Speaker 1: 13:30

Yeah, and you get exposure, though, like, the benefit is that you get exposure to so many different things. I mean, you get exposure to an infinite amount of environments and configurations and reasons and purposes behind why it was built that way, which is really as a consultant. You have to understand that. You have to understand, hey well, why did you make this decision right from the very beginning? Because to me this looks like a wrong decision, but obviously to you it wasn't a wrong decision. It's working to some degree right, like you know, you can absolutely argue that there was a valid point there. But understanding that why is critical.

Speaker 2: 14:11

You know, when you're a consultant, when you're making those kinds of decisions and recommendations, Yep, yep, if I may just comment on that thought and that's a brilliant way to put it right it's not for everyone for sure. There's always like anything in life, there's always trade-offs and you have to as an individual, you have to decide what it does for you, what it doesn't do, and is that what you want to do In consulting? I think you're absolutely right. That is broader exposure to a lot of different companies, a lot of different companies' problems and how each requires a little bit of a unique approach to solving it, understanding their culture, understanding their technology preferences and so on and process design and so on. It gives you a broad but very rich kind of experience. The downside is a lot of times the customer will say, well, you have helped us, you know. Let's say, you know, select a solution and implement that, but you don't have the experience of operating it. You don't, you don't, you're even stuck around to see how it actually works for years after that's implemented. That's true A lot of times. That's what is needed from any particular organization standpoint the operational experience.

Speaker 2: 15:22

For me, it's always been the thrill of being able to go and help the customer to go from like zero to 60 miles to 90 miles an hour and really help them be structured and focused in this effort, because a lot of times also organizations are stuck in this analysis paralysis process. There's a lot of misalignment of interests and objectives and, you know, that's where I think consultants do bring value to organizations to help them align on objectives and get more organized and move forward faster and deliver results. Where you know, if you just let it be the way it is, it would have taken years. So I think that's also from both my consulting experience and now to being a founder of a product company. I enjoy that a lot. I think we as a company enjoy that a lot and now that we also have a product, it's not just about like the services and the solution, design and so on. It's also about delivering a product that plugs a hole or meets a certain you know product requirement.

Speaker 1: 16:22

Yeah, that is that's critical, you know, and I feel like when I was starting out in security, right, I would get on the call with these vendors and they would just like kind of throw like the whole you know kitchen sink at you and hopefully something would stick Right. And I took that away, you know, kind of like as a as a lessons learned, where now, when I'm in the role that I'm in which I don't know if it's fortunate or unfortunate that you know now I'm allowed to like put my company on LinkedIn so people can actually look it up. But now, in the role that I'm in, I mean, the very first thing that I ask people right after the introduction is what's your biggest problem? You know what's your problems. And the last thing that I recommend typically is a product right, because I want to understand their environment before I go and say, hey, go buy this thing and it'll solve everything. Right, because, yeah, maybe it will. But if I'm not making that educated decision and giving them the proof and the reasons and proving it all out to them, you know it's kind of just, you're just another vendor, you know, you're just another reseller or whatever it might be. And so being able to kind of take my own experiences and then modify that for what I always wanted when I was on the other side of security, right, it's an interesting situation, for sure.

Speaker 1: 17:40

Now I wanted to ask you so you mentioned that you were on the consulting side during the recession and right now the economy seems, you know, a little uncertain, right, like we'll put it as that as being pretty generous right From your perspective. Back then, did you see or maybe identify consulting as maybe a field that's a little bit more resilient to economic uncertainties? And the reason why I question it is because it actually makes a lot of sense for that to actually potentially be true, because, as as a, as a firm, you have more than one customer. You know, like, you're working with a whole lot of different companies throughout a whole lot of different industries. That company will still need your skill set, you know, potentially, yeah, there may be a little bit of a contraction, but in essence, if they still want those business functions running, you know, and still offering them up to customers, they still need you to some degree, right?

Speaker 1: 18:40

So, which I feel like is a little bit different, because internally, on the internal side at companies, you know, you always just, I always just felt like I was a number, right, like I'm just a number. They can get rid of me at any point in time for no reason whatsoever, and that's just how it is right. Not every company operates that way, but at the end of the day, if the company has to choose between, you know, meeting their shareholders demands and eliminating you like, you're going to be the first one gone. You know what was your experience with that?

Speaker 2: 19:11

Yeah, I think there's a couple interesting questions here you're bringing up right. So I think one that earlier you're alluding to the economic cycles and how consulting businesses adapt and survive these cycles. I think that I experienced. I actually experienced even the one in the early 2000s, the post dot-com cycle, but I started in an industry and I think that's also a good example to highlight here. Yes, a lot of the consulting industry was shrinking at the time, but what was emerging is for today, it's become cybersecurity consulting and again the story repeated in around the 2008, 2009 recession, I think also because cybersecurity consulting and cybersecurity services in general have proven to be somewhat recession resilient, and I'll explain why. And true also for this most recent, you know recessionary cycle.

Speaker 2: 20:07

I think you know cybersecurity has got this interesting aspect that's different from other IT consulting or, you know, application, you know development services or those types of services. Here's the big difference Security is needed whether the businesses are growing fast or shrinking fast. Both present a very difficult change for the organization to manage and be able to manage the risk of that change. So in a fast growth economy, the businesses are growing fast, they're acquiring, they're expanding, they're investing in new tools and new technologies and people, of course, right, and that needs to be done securely because otherwise there's very, very painful price to pay. Now the reverse scenario is when they're shrinking fast. Maybe they're shrinking the headcount or divesting business units and whatnot.

Speaker 2: 20:58

Again it presents a big sort of security risk, especially nowadays, right, that's why security services are somewhat recession-proof. I think one common problem that these businesses create for themselves they grow too fast, they become sort of bloated and when they can't support enough business because of the economic cycles, they have to shrink the headcount as well. So that's when you know some people won't be there. But the cycles also change quickly and you know a lot of these companies actually do have this sort of boomerang culture. I've come across that at companies where they will rehire people who were there before. It's just you know, it's the timing. Unfortunately, the timing forced them to make those decisions. But I do think the cybersecurity consulting is somewhat recession-proof.

Speaker 1: 21:51

Yeah, it seems like it, right, because it's different. You know, for, like, internal companies, because, yes, you're paying for a service and they're not doing you know absolutely everything, right, like on an internal security team, you can absolutely be asked to do something that is completely outside of what you were hired for or skilled in or anything, right. But for consulting, you're hiring someone for a very specific task and if that changes, like, there's a lot of different things that have to go with it, you know, and you're not paying for the medical, you're not paying for the retirement, it's just an upfront flat fee. You know, typically, right, and so it's different, it's viewed differently than an actual headcount at a company, right. So I think that both sides have their benefits.

Speaker 1: 22:40

You know their pros and their cons, but it's just, it's a fascinating world, right, because we're in a transition period right now and I know people that have been unemployed for almost two years, right and it's. They're in a situation where it's like, well, I don't even know what I'm doing wrong. You know, like, at this point I don't know, I'm the type of person that tries to push forward and prepare for the unknown and that sort of thing. So it's just, you know it's valuable to get that perspective. I guess Agreed, agreed.

Speaker 2: 23:10

Yes, yes, it's painful when you happen to be one of the people who the company says you know, look, we don't have enough opportunity for you, right? But I don't think it's always true that there is no opportunity in the market for you, for your talent, for your experience. I think it's. Yes, I know some people also been in the past few months, have been unemployed and are looking, but really the only thing they can do is continue looking for the right opportunities for themselves. And also there's a great opportunity right now to revisit your skills and kind of do almost like an honest self-assessment of where you think you can improve your skills, whether it's the technical or soft skills or whatnot and invest in that. You have the time right now. Invest in those gaps that you think are going to help you, you know, with it. Yeah.

Speaker 1: 23:57

No, it's a really great point, you know, and it kind of takes me back to like when COVID kicked off, right, Like when COVID kicked off and we're locked inside, you know, with our significant other or with ourselves, right, I admittedly, yeah, I took a week, you know, caught up on some shows and whatnot, but then after that, and literally every day after that, I was revamping my skills, right Like, I got into content creation, I started creating courses, educational courses, I started to teach on the side, right, I started to do this podcast. I created that and all of those things built me in different ways to where, you know, I already someone and explain the problem and, you know, discuss why there's a solution and this is the right solution for you and whatnot. To even just hold a conversation with anyone, you know, of a diverse background, like I do on this podcast, that's a skill in and of itself and that actually makes it, you know, kind of a rare commodity within the IT slash security world for employers because they're like, oh well, this guy, you know, this guy can talk, he's he's good on the phone, he's good on the webcam, right, he does this podcast, he has the brand and he has the technical skills. I mean, that's something you don't see you know very often at all, right, so it was an interesting opportunity that I definitely took advantage of. But, you know, in an effort right to kind of maybe circle back around to Bridev, why don't we talk about the problem that Bridev, you know, was created to solve? Right? And I always want to start there and I'll tell you why.

Speaker 1: 25:52

This is my own personal experience with IAM in the cloud is we had these cloud providers that kind of took almost their legacy approach to IAM and put it into the cloud and then they made it readily accessible, available, ready to scale for developers, to just blow up your environment with a million accounts, a million service accounts, you know, user accounts, all that sort of stuff.

Speaker 1: 26:22

And it's like they created, you know a great solution and with it came an insurmountable problem. And that is something that I've experienced firsthand where, you know, I go into an environment and you know they have like a thousand person, company, and there's a hundred thousand IDs, right, there's a hundred thousand user accounts, and I'm sitting here and it's like, well, what are you doing? Like, what's the purpose of having a hundred thousand? What are you getting the value out of it. You know what. Do you even know what these are for? Like I bet I could eliminate 50 000 right now and you won't know what even broke, if anything broke, you know yeah, yeah, yeah, no, happy to share a little bit of that.

Speaker 2: 27:09

You know how, how the whole idea kind of crystallized for us to start another company and build a product. It was very much along the lines of what you described. I think, having been in the identity space, kind of in the front row seat with a lot of the enterprise IAM projects and products that we're deploying, we've seen where the companies were somewhat blindsided to new environments and new problems that were sort of already brewing but hadn't yet manifested themselves to the scale and size that would be considered a big enough problem to solve. What I'm referring to is in the 2014, 2015,. You had adoption of public cloud technologies, aws, kind of leading that movement. You had teams that were already changing the application development and adopting new approach like DevOps in automation and tooling. All that was happening sort of almost like outside of the main, the control frameworks and constructs that existed in the same company that have been built and matured for years. That includes identity and access, management, tooling and process and so on and policies. It almost felt like this new world was sort of evolving and emerging on its own and for a while it was kind of not being seen and noticed from security and IEM side. But it was also soon when we saw the problems specifically in the identity-related breaches in this environment.

Speaker 2: 28:47

You I'm sure will recall, one that made big sort of headlines was the Capital One breach in AWS, and that was already the time when we Brighter was the product sort of the product design was already in flight and we had already talked to several people in our circle, including CISOs and technology leaders, who told us that, well, they couldn't use the existing products in their cloud environments because the teams didn't like them. They were flat out sort of rejecting these existing products because they were seen as very sort of high friction and more like a barrier to the velocity, the agility of their cloud environments and the processes. So that was an interesting way to sort of understand the problem and then kind of really start digging into why. Why that is the case. And it came down to things like well, one, the identity products that we knew that were built for data center were really not built to be the first line of defense. They weren't built to be the first security product. It was normally the firewalls and other layers of security. Before you get to even the identity management system, cloud had completely turned it upside down. It was the first line of defense.

Speaker 2: 30:00

The other thing was also with that, security of access was essentially assumed to be good enough with the existing access model Like, for example, you're a developer, you need access to compute in AWS, you need storage, whatever here's your admin access to be able to stand up EC2 instances or whatever, and that's fine because that's how things have been done before Turns out very bad idea Because as soon as that access gets in the hands of a malicious user, something bad will happen. That's what the Capital One breach really kind of surfaced and a lot of times in the cloud, access was given very broadly because the cloud technologies being new technologies and the infrastructure teams not being IAM experts didn't really need to go and understand every fine grain detail of access you know and decide what would be the least privileged access to give to the user. They just gave them full admin and that admin access existed 24 by 7, whether that user needed it or not. And what also complicates and the other part of the problem you were alluding to is not only these users needed that access to be able to go in and log in themselves, they also need that to automate things like Terraform. You know they wanted access for the Terraform job to be able to go and execute tasks automatically. There's your API tokens, keys, credentials, logins in some cases, and, to your point, yeah, those things sort of quietly exploded in the environment and nobody even noticed how it happened.

Speaker 2: 31:40

For us, that was the tip of the iceberg. That was what was actually to come at a much bigger scale, a few years down the road, when these organizations went to, for example, using cloud, you know, just to try and deploy a few applications to okay, now we're going to shift everything to cloud, and we were predicting that to happen. Give it five years or so. Cloud is going to become the center of gravity, not like some kind of a project sandbox that they're going to do right. Here we are. That they're going to do right. Here we are.

Speaker 2: 32:16

And soon after, we also were seeing the evolution of new technologies and AI very quickly came to prove that. So when we were thinking about a solution, we were thinking about that. We were thinking about how this problem can go from you know yeah, maybe it's a problem that's not big enough today to it is so big that, unless you solve it now and you solve it for your future five to 10 years, your business will most likely suffer major losses and consequences, and we saw some businesses actually shut down from some sort of a catastrophic breach right. And I think that's also very much true now with the AI and agentic AI initiatives that organizations are looking at and saying if we don't really put some security guardrails around these new technologies, agentic AI and AI technologies that we're adopting, they could become catastrophic, you know, if compromised, if breached right. So yeah, that's a little bit of the origin story and where we are today with the new technologies.

Speaker 1: 33:19

Yeah, I feel like there's a lot of companies that are still, or even people that are still kind of not understanding the real security risk with agentic AI. You know, allowing an AI agent to have access to you know your, your calendar, your email, your text messages right, your account on, let's say, expedia or whatever. You know when you're, when you're texting your friends saying hey, let's go do a trip to to vegas, and that ai immediately starts populating. You know prices for different things based on what you guys are talking about, and and you're just you know, clicking a button saying, yeah, book it, it goes and does that. Well, it has your credit card information. It has access to all these other accounts right, like it has the ability.

Speaker 1: 34:05

If it has that ability, it'll change it. Right, like it could change it if it wanted to All these different things, and so that's just that's exploding environments, right, we're just at the very beginning of it. I mean, this is literally something that is six, eight months old for agentic AI. I mean, I don't even think that that was a term last year, was it? Or was I just out of the game?

Speaker 2: 34:29

No. No, you're right. No, it was about LLMs and Right, yeah, but agentic AI is probably a year old. That became sort of popular.

Speaker 1: 34:40

Yeah, yeah, that's when it really started to kind of increase in its popularity of uses, and I just feel like we just spent the last year and people are just now kind of waking up to what it actually is and people are just now kind of waking up to what it actually is.

Speaker 2: 34:54

Yeah, and I think the example you were describing earlier kind of that human to AI assistant interaction and AI assistant performing tasks on behalf of a human that's very, very popular and very much already in production use, right, both from business context and consumer context standpoint. But what we're also seeing now, as I'm sure you know, is the agent-to-agent and agentic system deployments, and this is where it's like the next evolution of the agentic technologies is when not only a human will direct an agent to do things, but also in an agentic system, you have agents directing other agents, creating maybe even agents kind of for a specific task and potentially even eliminating that agent when the task is done. Much more complex, much more advanced kind of AI use case, much more difficult to secure as well, and especially from identity standpoint, yeah, you know.

Speaker 1: 35:55

Art, just from talking with you, right, like you've obviously done the technical side, like you said in the very beginning of our session here, right, but now, with you being the CEO of a company, even though it's still a technical company, right, like I mean you're very much in the weeds of people's environments and whatnot, how do you stay up to date with all the different evolutions of cybersecurity, of technology overall that's going on. I mean we're seeing, like back to back, monumental shifts in not just security but in technology just overall, and so, like I'm really curious to hear your answer to it Because I mean you're you're kind of in both worlds. I mean that's very difficult, that's really difficult to achieve. I haven't talked to that many CEOs that have achieved that, in my opinion at least. You know like they kind of were technical at one point and then they go into the leadership role and it kind of drops off. You know, like that's very common with a lot of leaders and really any industry probably, right, so how do you stay up to date on everything?

Speaker 2: 37:00

Wow, that's a great question and I don't know if anybody's asked that question in similar discussions, at least in the recent memory. I appreciate that question because to me, that question, because to me that's very much how I have evolved as a professional, as a leader, as an entrepreneur and so on. I think learning is constant and especially in this space, especially in the cybersecurity space, today, you miss a beat, you're behind by years and it's very hard to catch up. My approach has always been to really kind of put myself a little bit in an uncomfortable situation, so it forces me to constantly stay on top of it, and some examples of this would be let's take a Gen, take AI, for example, and I was a few months ago I think it was at a Google conference and it was the theme of the conference. And before I showed up there and I had set up some meetings with some analysts, some prospects and customers, and before I showed up there, I blocked off time and said I need to get up to speed with what's going on. What's Google talking about here? You know what is the A2A, you know standard they just published and things like that. Because when I show up and I talk to people there. I want to sound like I know at least the ABCs of that, right? So I kind of really force myself to be ready for these conversations and it's become sort of natural, Doesn't make me almost like, doesn't make me uncomfortable anymore.

Speaker 2: 38:40

But the initial learning curve always is a bit uncomfortable, right, you're trying to wrap your head around some terminology, some concepts that you've not heard before. Or you know, sometimes you've heard the terminology but like, let's take that anthropics, mcp, like model context, protocol, and like wow, I understand the words but I don't know what the hell this means together, right, things like that really kind of pushes you to try to really understand what is going on. How are the people who are introducing these technologies and these concepts? How do they think? Who are they, what roles they have in these companies? So that's how I kind of really try to keep myself in the loop and up to speed on the different technologies. The conversations are so important. Also, when you have a good conversation with someone who also understands the space and they're much deeper than you are in the space, very quick learning there as well. Hopefully that answers the question.

Speaker 1: 39:28

Yeah, no, that makes a lot of sense. I really relate to you when you said, you know, going into an uncomfortable situation, right, because that forces you to either sink or swim, and I think everyone would rather swim rather than sink, right, that would not be fun and I relate to it myself. You know, I'm sure my audience is so tired of me, you know, talking about my PhD, right, but part of the reason why I went down the journey of, you know, doing my PhD was because I was I realized that I was getting too comfortable, even with the difficult stuff that I was doing, and I needed to push myself right. And I couldn't have done it, maybe at a worse time in my life. I'm still going through it right now. But I mean having two kids during your phd, you know, I got a two-year-old and a four-month-old and it's like, it's insane, what, like? What if I could go back and just smack the younger joe, you know, in the face and be like what are you thinking about? Like, no, you're an idiot. Stop, stop doing it. Like I would, you know, because that, because that is so stupid.

Speaker 1: 40:35

But you know, again, there's some value when something is so difficult and there's so much pressure, right that you, you just you have to come out on top, and I find myself, you know, doing what you mentioned as well, right, when there's a meeting coming up that you know, I know I need to know these three things, and I know one of them, or I know two of them, right, well, the other one is okay. Well, what did this person in this call write about it recently, you know? Did they write anything about it? Is there any papers out on it from their company or anything like that? Like I should be prepared, which is funny, because I'll do that for my day job, but then I won't do it for the podcast and all of these questions have been unscripted. So it's like it makes for an interesting conversation, that's for sure.

Speaker 2: 41:22

Yeah, and kudos to you that doing a PhD with two kids and a full-time job, that is, I mean you really set the bar so high for yourself that you know it really. I think it's about, like, how you manage your priorities and how you keep yourself disciplined about your life, your educational pursuits, your profession and everything right yeah it's like it couldn't be any more difficult.

Speaker 1: 41:47

It's probably 10 times more difficult than what I expected going into it, and it's also because I'm I am studying an area that I have no experience with. Right About two thirds of it. I've never touched satellites before. I've never touched quantum encryption before.

Speaker 1: 42:04

You know, I know like the base foundation of the research, but it's like to put it on top of, you know, the already extenuating circumstances is just insane. But it also makes me learn quicker too, right, because I can't reread these papers 10 times like I used to be able to in my bachelor's or my master's. I don't have the time. I have a little kid that you know I call a terrorist jokingly, but she is a little terrorist and if I let her run around the house, you know unimpeded like I'm going to come back and like the couch is going to be on fire or something you know, like that's how, that's just how she is, so like I have to use my time very efficiently, you know, and very effectively.

Speaker 1: 42:44

So I'm not revisiting these things. I get it, I consume it, I understand it and I'm moving forward with the next, the next topic. But you know it, and I'm moving forward with the next topic, but I didn't mean to drone out there a little bit too long at the podcast. Unfortunately, we're at the top of our time here. I mean the conversation has just flown by. I feel like I need another hour with you.

Speaker 2: 43:05

Same here. Yeah, it's been a great, great conversation, great to hear a little bit about you and your life, your professional and personal life. I think, yeah, this is rare, this format is rare, and I appreciate it.

Speaker 1: 43:19

Yeah, yeah, absolutely Well, Art. I really appreciate you coming on. And before I let you go, how about you tell my audience where they could find you if they wanted to connect with you and where they could find Bridev if they wanted to learn more? And, you know, maybe get together to learn more about the solution.

Speaker 2: 43:35

Yeah, certainly. So I am very active on LinkedIn. It's really kind of my only social network that I try to keep up with and stay active on, so they can always find me on LinkedIn. My email Bridev email is art at Bridevcom, brightofcom.

Speaker 2: 43:55

And just a couple words about bright of, and our mission today is really to make sure we help the, the companies and the leaders at these companies manage their, their move move to an adoption of modern technologies, and ai is one of the big ones. It's very challenging. They're not not all answers are already known yet, but bright of is a, is a company. As a company and a team, we are always there to be a partner. Our technology was built in. We have dozens of enterprise, very large organizations that we've already partnered over the past few years and helped them accomplish these goals, whether it was a cloud adoption, public cloud, private cloud and today AI, and that's what we bring to our relationships. Happy to hear from anyone who is currently trying to address problems, whether it's the cloud, public cloud, multi-cloud AI, energetic AI and identities on everybody's mind at the moment. Feel free to reach out. We'd love to have a chat. We'd love to even just brainstorm if that helps. We enjoyed the time today and, joe, great to be on the show and be talking to you today.

Speaker 1: 45:02

Yeah, yeah, absolutely, it was a fantastic conversation. Well, you know everyone. If you're looking to learn more about Bride Develop, put the links down in the description of this episode. And yeah, thanks for listening everyone.

People on this episode

Joe South

Host