Andy Ellis

Ross mentioned IAM hygiene, but it goes more than just the MFA and all the controls.

We talked about cleanup.

So is it worse?

You've got potentially tens of thousands of stale accounts.

You've got service accounts you don't know what they are.

You've got overprivileged accounts that you should be running Bloodhound on.

These are all, to me, all the hygiene basics and things, especially as a CISO coming new into a company.

You need to be finding all these skeletons, all these end of life.

Where's the end of life?

And my favorite thing to do on that example, and I'm wondering if Andy has done this, find all of your end of life and your legacy and don't steal that budget.

Get the budget for IT for them to go replace those and upgrade those.

That is the best security budget you can spend is reducing risk when it's not part of your budget.

Oh, absolutely.

All right.

David, your take.

Well said, Andy.

You've got a decent amount of experience in this space.

I think what you said about everybody is now a basic developer, I absolutely love that because I've definitely seen that being the case where it increases the speed to MVP.

So it has the classic, back in the day, we wanted IT or the development or product teams to build this new thing for me, and I didn't have enough time or it wasn't prioritized.

This at least allows non-development teams to prototype and prove a concept before they then have to scale it, etc.