Episode 329: ZTNA with Kane Narraway

Please note that this transcript was generated automatically

Speaker 2 (00:01:17):
Hello and welcome to the Mac Admins podcast. I’ll be your host today, Charles Edge, and I am joined by Marcus Ransom. Marcus, how’s life?

Speaker 3 (00:01:27):
Life’s pretty good here at the moment when this was recorded. We’re at the point where we, I’ll say we, I mean the Matildas, our phenomenal football team has won the semifinal as to what, sorry? Won the quarterfinal or into the semifinal. What happens in that semifinal? I guess our listeners will know by the time this is released, England, the semifinal is against England. The quarterfinal was against France, went to a ludicrous number of penalties, which is a dreadful way of deciding a football match. But I can say that with a smile because we won any French French listeners out there. I’m sorry, you played really well, but the coin didn’t flip in your way. So I’m at that moment where it’s a bit like not checking the lottery numbers or something like that, where if you haven’t checked the numbers, you might be a millionaire. Like I said, I may be sad and disappointed by the time this comes out.

Speaker 2 (00:02:36):
I mean, I’m really curious if the Queen of England will dissolve your government if you win.

Speaker 3 (00:02:45):
Well, I don’t think she can anymore, technically, because, whoops, if you’ve not been paying attention, Charles, this thing happened.

Speaker 2 (00:02:53):
No, I haven’t.

Speaker 3 (00:02:54):
So actually Charles is our king. So by proxy, does that mean technically your Oh,

Speaker 2 (00:03:00):
Right,

Speaker 3 (00:03:01):
Right. Yeah, I was wondering that whether given that we’ve got their flag on the corner of ours, that somehow that implies ownership and the Dutch coach, I

Speaker 2 (00:03:16):
Think the word is sovereignty.

Speaker 3 (00:03:17):
Sovereignty, no ownership. The Dutch coach wasn’t aware of the longstanding animosity and rivalry when it comes to sport and sovereignty, I guess, between Australia and England. So this will be interesting on Wednesday night to see how that goes down. But look, there are far more interesting

Speaker 2 (00:03:36):
Things, and for the listeners it’ll be the past. So there’s that. And I guess this episode isn’t exactly about football or soccer or whatever you’d like to call it. I guess today’s episode features Kane Norway to talk through his journey with Z T N A, what they are, what do selection criteria, how they integrate with other tools, and all the fun bits that go into getting a pretty interface on top of wire guard, which is what most of them are based on to work seamlessly in an environment. So we love to start episodes with a little bit of a background story. So I guess Kane, how did you get into managing Apple devices?

Speaker 4 (00:04:21):
So I guess a funny story for me is that I was a very typical security nerd growing up. And so I was like, windows is for the corporate stuff, for the work stuff for video games, and Linux is for doing cool things. And I had no idea what people used Max for back then. And this was like 10, 15 years ago. So I assumed it was for DJs and video editors and that kind of thing, and just that was it. And so I got into this in a very weird way. So one of my first security jobs was digital forensics. And so we would go and collect laptops and stuff like that from individuals, let’s say, who may or may not have committed crimes. And so as a part of that, we needed to collect data off them and stuff like that. And so a lot of what I was doing was at the enterprise level. So going in, working with IT administrators and that kind of stuff to work out who’s up top is owned by who. And essentially we kind of got into it that way. And since then I moved off into tech and started managing device security for companies like Atlassian and Shopify. And so now I’ve been managing Mac for about 10 years and pretty much are most days. So I don’t know, it’s changed a lot in the last 15 years for me, I would say

Speaker 2 (00:05:50):
Nice and Black Hat and DEFCON were this past week and at Black Hat the following talks we’re giving nothing but net leveraging macro’s, networking frameworks to heuristically detect malware by our friend and guest at times, Patrick Wardle, macking sense of the three CX supply chain attack analysis of the Mac OSS payloads also by Patrick. But then we get into some new names, perhaps Apple’s predicament, which is obviously a witty pun on lots good cards. I’m liking where this is is going.

Speaker 4 (00:06:32):
It’s always the way with the talks, right? You’ve got to fit some puns into them.

Speaker 2 (00:06:37):
A silly name otherwise had some gifts to get people excited, maybe

Speaker 4 (00:06:41):
Some content.

Speaker 2 (00:06:43):
But that one’s on NS predicate exploits on iOS and Mac OSS by Austin Emmett. There’s also Apple Pac four years later reverse engineering the customized pointer authentication hardware implementation on Apple M one from a group of Chinese security researchers. Dive into Apple user FSS or user file system from Joji FA input output plus Syslog iOS plus SS obtaining data from locked iOS devices via live monitoring from Nicholas dubois and Jessica Hyde. And that’s just the Black Hat talks. There’s also DEFCON Talks getting a Migraine Uncovering a unique SIP bypass on Mac OSS from Jonathan Barr or Michael Pierce and Rag Bora Izing, macOS Privacy, a new weapon in your red teaming armory from, and I apologize if you listen to this for butchering your name, but JE regula demystifying and bypassing Mac O S’s background task management, again from Patrick Wardle. He also did a repeat of one of his previous talks. And then Apple’s predicate again from Austin Emmett. And that’s like 10 talks which deduplicated and it makes me feel like the platform seems more popular than ever as a target for security researchers. So this episode is about Z TNAs, a modern means to combat security threats. So I guess Kane we can start with, do you mind giving your definition for what A Z T N A is?

Speaker 4 (00:08:26):
Yeah, I feel like this description has probably been given a lot, so I’ll speed through. But the Old Castle and moat approach is what’s often used to describe VPNs where you are logging into a system and once you are in, you have free reign inside the castle. You know what I mean? And so you put all of your effort into securing the entryway. Now what happened was SaaS became a thing and suddenly you’re not just securing a castle, but a lot of small villages that are dotted around the place that may have differing levels of security and that made securing these quite difficult. And so Zero Trust was born from this in a way to secure this in a more holistic way. And I think Google with their Beyond Court paper was really the first sort of good description of this. And they sort of outlined three key principles.

Speaker 4 (00:09:23):
And I think depending on who you ask, this may change and vendors will often have their own specifics and whatnot. But I think the core three is you need to validate the device. So you need a known company device. When you’re connecting to corporate applications, you need to verify the user. And usually that means through an I D P with UNFISHABLE two fa. So using something like a ubt and you do not use network access in order to determine the level of access. And that is sort of the three underlying principles of zero trust. I think if you have those three, you have something in the ballpark of what we’re talking about here.

Speaker 3 (00:10:03):
So what’s the difference between Z T N A and then sort of the other methods we saw of securing the network? So like a proxy, a filter, A V P N, conditional access, and sort of those other architectural components of computing that we’ve used in some cases for decades.

Speaker 4 (00:10:23):
So zero Trust isn’t really like a tool. It’s not like a single thing. And like you say, there’s a lot of different descriptions on different tools in this overall architecture that we have. And so what I would say is that in order to have a zero trust setup, you need a few core things as a part of that. You need an M D M of course, to manage all digital devices. Without knowing your devices, you’re not really going to get very far. You need an I D P or some sort of identity platform that you can use to have your applications authenticate your users, et cetera. And then you just need a set of rules. So can person X, access Y from Zed device, that kind of thing. Now there might be some additional things tacked on. So like you said at the beginning, Charles, a fancy UI for remediation. If I don’t update my Mac, maybe I need to be blocked. And so you have this sort of fancy UI element and you might help people through that. And the other thing is you may also have a proxy. So if you’re running your own application, maybe in Azure or G C P or even in one of your offices, you need something to interface that with your systems. And so this is sometimes called secure service edge these days if you sort of trust the buzzwords, but underlying it’s just a proxy really,

Speaker 2 (00:11:50):
Because you don’t want all those keys on end devices. That’s why you need the microservices out in the edge, right?

Speaker 4 (00:11:58):
Exactly. And so there are barriers to adopting zero trust. And so you will see hybrid approaches and different ways of doing this that might not be a hundred percent, but they are sort of different places along in the journey. And so I think that’s why you get this where you don’t generally have a V P N and A zero trust set up, but what if you have an office? What if you need to manage your network infrastructure? There may be a small few users in your network might still use the V P N, but that kind of thing. And that’s fine. And so I think it really depends where you are on the journey and what your company is doing basically.

Speaker 3 (00:12:36):
And also not every piece of technology that organizations use is where we want it to be as well. So that’s something I’ve come across a lot is that an organization may absolutely have an appetite to go full modern Z T N A and then everybody goes and looks at a particular piece of software or technology that they’re using that maybe hasn’t been updated in a while. And that’s where I see a lot of the hybrid approach is when there’s that thing over there that everybody desperately wants to get rid of except reasons. And so sometimes V P N into that sucker is really the only way to deal with that.

Speaker 4 (00:13:18):
And that’s a really good point. I think I saw some statistics recently of someone who went out and did a survey of where you are along the journey and it was about under 20% that felt like they had what they would call a zero trust network. And everyone else was either thinking about it halfway through or somewhere along the journey. And so don’t let perfection stop you from starting this, right? Any amount of improvement you can do is going to help you at the end of the day.

Speaker 2 (00:13:48):
And I feel like the first time I encountered this type of architecture, it was really aimed at internal intrusions, which I guess now we call moving laterally, but back then there was a buzzword going around called extrusion detection, and I think in oh five Addison Wiley published a book called Extrusion Detection that went into some of these principles long before I understood really why I was like, oh, I get it, but I don’t really get why. But a lot’s happened between now and then. It feels like covid pushed this category into more organization than most other categories of security software. And yet it seems like most of the products out there are again, pretty interfaces for wire guard with some lambdas or gcfs glued together to proxy connections between all the different SaaS apps that people are using and stuff like that. So many have similar-ish features and they kind of follow the network leader or the category leader it feels like. But do you mind taking us through what some of the important selection criteria are for organizations other than I guess price? Of course.

Speaker 4 (00:15:09):
Yeah, sure. So I would encourage anyone who’s even thinking about starting down this journey is to make sure you have the buy-in. Is this going to work in your enterprise? Do you have the cost? Like you say, and I think before you even start, this can be a real interesting sort of thing to think about because if your company is all B Y O D devices, then how do you identify corporate devices? Like you’re going to buy fresh MacBooks for every employee. Is your company going to shell out for 2000 MacBooks? And the answer is probably no in a lot of cases. And so I think that’s something you should always be factoring in. But some of the key things that I would think about would be to identify what you’re trying to achieve. So list out the components of what you’re actually trying to do, because like you say, you may be considering insider threats, you might be considering outsider threats, you may just care about stopping basic credential theft.

Speaker 4 (00:16:08):
And so maybe UB keys and an IDP is good enough for you. And so I think that’s the first step. The second step is identify what you have in your environment and what you can get for free. Like you say, a lot of vendors are coming into this space, and so you may already work with a vendor who has this as part of your plan. And so I think that’s going to help you reduce costs. And nobody likes moving MDMs. Nobody likes moving IDPs at the end of the day. And so I think you can save yourself a lot of work by using something you maybe already have,

Speaker 2 (00:16:44):
Making all your users change. A password is like a once every decade or two event, right?

Speaker 4 (00:16:52):
Exactly. Yeah, right, right. Ani, anyone who’s been through an M D M change and then maybe multiple can attest that you don’t want to be doing this every year. You know what I mean?

Speaker 2 (00:17:08):
Oh yeah.

Speaker 4 (00:17:10):
Something that might be a bit of a spicy one. And this is something to think about when I’m tying back to that first point. So thinking about if you actually have the buy-in, which is think about consolidating your platforms. If you have 10 people running Linux in your company, are you going to build out a custom M D M for them? Are you going to support everything when you might just be able to move them to a Mac or a Windows machine and then maybe have a virtual machine in place for them? Things like this aren’t always popular, but at the end of the day, if you are a small IT and security team, you can’t manage every single browser, every single operating system. You know what I mean? And so I think you really have to think about what is realistic for you. And then from this is where I would start to select key vendors.

Speaker 4 (00:18:01):
And I think when you start looking at your environment, you start looking at the platforms you have, the tools you’re using, the money you might have to spend, the number is going to drop from a hundred potential vendors to maybe five realistically. And from there you can start building out small scale testing, staging environments, and actually getting boots on the ground when it comes to this stuff because you don’t know how it’s going to handle until you actually start testing at the end of the day. So once you do that, you can start potting off, are you protecting against the threats that you want? Are you achieving what you’re going to do? And then from there you can kind of make some progress.

Speaker 2 (00:18:42):
It’s interesting because mentioning narrowing down the list of vendors makes an assumption that their tools actually integrate with one another, and that’s not always been the case in my experience. So

Speaker 4 (00:18:56):
Exactly.

Speaker 2 (00:18:56):
Preferably it is obviously

Speaker 4 (00:18:59):
I think we’ll probably get into that in a bit, but for sure doing this kind of stuff, you need to make sure they work together because you’re going to be spending more time gluing stuff together than actually using off the shelf tooling and you’re just going to end up wasting your time. So that’s something to consider strongly

Speaker 2 (00:19:19):
And potentially creating new security threats or, because a lot of us in this field aren’t exactly seasoned programmers who rate limit our A P I endpoints and do all the things that quality software would force us to do, I think.

Speaker 4 (00:19:40):
Yeah,

Speaker 2 (00:19:41):
Agreed.

Speaker 1 (00:19:45):
This week’s episode of the Mac Admins podcast is brought to you by simple M D M A powerful and intuitive apple device management solution designed to make the lives of Mac admins easier. The process of setting up your own monkey instance can be time consuming and complicated. With simple MDMs hosted monkey integration, they’ve taken all the hassle out of the equation. So you can enjoy a best in class software management solution for Mac OS without the headache of hosting and configuring it yourself. Gain access to their shared apps directory, a curated collection of popular Macs software that is regularly updated so you don’t have to worry about maintaining your own repository or offer a self-service experience to your Macs users For the managed software center. Save valuable time as a Mac admin by simplifying software distribution, automating updates, and empowering your end users with a free 30 day trial of simple M D M. Thanks to simple M D M

Speaker 4 (00:20:46):
For this episode of the Mac Monds podcast.

Speaker 2 (00:20:51):
So do most implementations that you’ve seen run with an agent or do they run agentless or do they use agents with extensions?

Speaker 4 (00:21:02):
So I think all are valid options here and you will find them, and I think this is a really good call out that not a lot of people talk about, but like you say, there are three ways of doing it. If you are taking the pure play beyond corp style approach, you are using agentless, you are using certificates, right? You are putting a certificate on your device, and then when you’re accessing a service, it’s the certificate that is generally being authenticated. And certificates are a tried and trusted technology. We’ve been using them for many, many years. We use them in the days of VPNs and we know they work well. And so as maybe a purist, that is my preferred approach. But as you mentioned, there are agent-based approaches. I think Okta with their FastPass approach and CloudFlare Warp are two great examples of ones that instead of maybe using a certificate on every device, use something you install.

Speaker 4 (00:21:59):
And this is great when you have things like B Y O D fleets and like I said, B Y O D in zero trust, is it really zero trust? And I think the answer is maybe you’re halfway there. I think at the end of the day you’ve got to think about getting the best bang for your buck in terms of security and doing it in a way that the business wants. And I think using things like this can help you improve a lot. I think the last thing you mentioned also was extensions too, which browsers is a big part of zero trust. And so I think Google with their corp approach is maybe the obvious because they own Chrome browser and you can install a device verification extension. Yeah, it’s pretty much the same as an agent really, it’s no different. It’s just an agent that sits in your browser at the end of the day, and this is great if you are a Chrome browser user, you have cloud enterprise and all that stuff may be more difficult if you’re starting to think about Brave and Firefox and all this stuff. So I do think as we were discussing earlier, not just the operating systems that are in use and the MDMs that are in use, but also the browsers that you’re using in your company is a really important thing to consider.

Speaker 3 (00:23:21):
The other thing that I’ve seen, especially in line with B Y I D that gives organizations the opportunities to not just see Z T N A as effectively a V VP N and just sort of creating a different wall and a different moat, but then being able to actually set different compliance and access levels. So you can say, look, if it’s B Y O D, then you can access this subset of applications and tools. But if we’re starting to get to the more critical tools, then that’s when you need to be on our device where we’ve got complete visibility over what’s going on complete control. Because with B Y D, you can get attest stations and understand what OSS version, what patch level a device is on so you can find things about what the device is, but you don’t get a lot of visibility into what other things may be on the device that may be the compromise or allow what’s going on. Whereas with that managed supervised device, you can get a lot more granular. So that sort of approach is something I’ve been really successful in seeing the new a W S implementation where you can just set different levels of access that you can grant people to on an application or service level.

Speaker 4 (00:24:41):
And that’s great about the tools these days is if you were doing this years ago, you’d have to build all these complicated rule sets yourself, but now you can have these granular permission sets and you can have it on a per group or you can have it on a per tier basis. And that was something we did in Atlassian a few years ago. We built this three-tiered system that we called high tier, which was a corporate device could only access our cloud infrastructure, resources, a w s and all the sensitive stuff. And then if you wanted to access Slack, maybe your email, that was fine to access from your personal mobile. And so I do think you’re going to have to do some sort of level of I think what’s commonly called crown jewel assessment, what is the real sensitive stuff, but it’s also a dangerous sort of thing to do because data just transfers so much in organizations today. How much sensitive data is in the average company Slack and it’s probably a lot, and you’re going to have to make some trade-offs going to have to say, look, people want to access Slack from their phone and we’re going to have to find a way to do that in the most secure way, like you say.

Speaker 3 (00:25:52):
But also then setting up those internal practices where you actually explain to people why certain things shouldn’t be existing in Slack and that instead you put a link into that system so that the people have to go in there to do it. And I think the trade-off of, okay, well if you want to be able to access Slack from your personal phone on the couch, then our way of doing that is to be good citizens in Slack and not be posting keys to the kingdom in dms and those sorts of things.

Speaker 4 (00:26:30):
And there have been breaches like this in the past where I saw recently someone’s home plex server got breached and then they pivoted from the plex server to their home machine and their home machine could then connect into corporate network. And so I think when we’re all working from home, these kinds of attacks are rare but really scary when they do happen. And so you have to consider how you can lock down these devices because it’s quite difficult to block out these B Y O D devices in a lot of cases because how do you know what someone owns and stuff like this? And so I think this is where you see a lot of MAM enrollment or B Y O M D M enrollments in a lot of organizations because they want to at least lock it down to specific few devices rather than having it on some old dodgy Windows XP server in someone’s garage or something.

Speaker 2 (00:27:26):
And I’ve seen three or four heavily targeted attacks recently that made me pause and kind of think what do I have access to and how can I not have access to that anymore because I just can’t guarantee that I’m always perfect in my actions. I mean, might’ve spoken to Black hat 15 years ago, but I’m dumb now. So I constantly am looking through. I wrote a tool called Extensions Manager just to keep on top of all the extensions, whether it’s application extensions on the Mac or all the browser extensions. And you mentioned Chrome Enterprise. I think that browser extensions are perhaps one of the most dangerous things that we can have on machines because a simple coupon app could be also a password manager or a passkey manager or whatever, and deciding to deal with that information in whatever way it wants to because you can install a browser extension that then says, Hey, I’d like full disc access and access to every single webpage you visit. And you’re like, I really want that 90% off coupon. So yeah, sure,

Speaker 4 (00:28:58):
It’s really difficult, right? Application allow listing is becoming a very big thing because once you’ve implemented a zero trust solution, the device the most at risk thing. So malware is on the rise because of this. I think because that old school credential phishing stuff doesn’t work in these environments for the most part. But you’re right, like Chrome extensions apps and then even things like home brew stuff I’ve seen there’s managed home brew things coming out soon. And so I think these are a lot of things that people are going to be thinking about in the next two, three years as zero trusts are moving on a little bit more.

Speaker 3 (00:29:41):
An application allow listing is something lots of people have been trying to find solutions for. And there are various implementations out there handling in very different ways. And I think much like Z T N A, not using the fact that there isn’t a solution that can deliver every single thing you’d like it to have to do nothing and not allow devices and try and shut devices off the network, having mitigations in place to say, well, this is where we want to get with our application, allow listing, this is what we’re able to get in good solutions now let’s implement a good solution for this while we look towards something that’s actually able to offer a phenomenal solution. I know we’ve seen some great things with Google Santa for example, and I know there’s some commercial solutions out there, but I’ve also heard lots of organizations have challenges, for example, with the open source nature and the overhead of administering that. Yet at the same time, it does a really good job of trying to deliver that in an authentic macros way.

Speaker 4 (00:30:56):
It’s the classic thing where the most secure system is one that’s totally unusable. And I think that’s sort of like the crux of application allow listing, right, is it’s incredibly powerful if you can do it, but like you say, the overhead is pretty insane in some cases. And I think that for non-development shops, it’s often a lot easier to do. And so I would recommend application allow listing in those cases because how many new WSS binaries that people download every week, the answer is probably not many. But when you’re talking about developers, it gets crazy. You can install hundreds of packages just for one app, and so it’s very difficult.

Speaker 3 (00:31:39):
And then defining what an application is is a real challenge there as well, where we see organizations allow listing what they thought is the binary in that package and then discovering that there may be some rarely used binaries buried within there that are just used for troubleshooting or building or all sorts of things, and then all of a sudden finding they’re not on the good list and things don’t work. And when things don’t work for developers, they let you know.

Speaker 4 (00:32:12):
Don’t worry. I’ve been on the other end of that a lot, and I always think you’ve got to come at it from a place of empathy. I’ve been a developer in the past as well, and that was when I was working for the government. And so you would have to get every little port approved for your application and stuff. And I certainly don’t want to go back to that. And so I think people who have come in from my background are like, no, we’ve got to do this better than we did it 10 years ago. You know what I mean? And so it’s one of those things that I’m hopeful for the future for, but also wouldn’t want to wish upon any developer that wants to get a lot of work done.

Speaker 2 (00:32:52):
And I feel like, just to touch a bit on the overhead piece, I was hired back in my consulting days to do a list of applications that were in use at a pretty large company, a couple hundred thousand employees. And they thought that maybe their Apple fleet, which at the time was a few thousand, not a couple hundred thousand, had about three 400 apps, and it turned out that they had over 3000. Oh, wow. And trying to whitelist just the ones or allow list, just the ones that you want to give access to, and that’s a pretty hefty amount of change that’s occurring constantly because of those apps. Maybe five, 10% would change a month or quarterly. And so then you’re constantly chasing the new cash.

Speaker 4 (00:33:57):
Yeah, I think this is why a lot of people go for E D R tools today and they go for detection rules and that kind of thing because prevention is great in a lot of cases, but if you can’t prevent, you detect. And so this is an approach used by a lot of companies in this realm, and I think you’ll find more and more going over to allow listing over time. But I think the number is very small today, even in big technology companies, I’ve spoken to a lot of folks who are trying, some who have tried and then backed out. And so it’s a very wide margin of different approaches. I’m hopeful. I’m hopeful for the future in this area.

Speaker 3 (00:34:39):
So you mentioned identity providers, I D P. So how does a federated identity fit into the picture? Are we talking open directory on a Mac mini sitting in a cupboard somewhere, or are there better ways of doing this? Did I trigger you, Charles? Well, you wrote the book, it’s all your fault.

Speaker 2 (00:35:03):
I said, don’t do it in the book.

Speaker 3 (00:35:07):
Oh, I mustn’t have got to that bit.

Speaker 4 (00:35:10):
So yeah, IDPs are, so when I think about enterprise security, I think about four core pillars. I think about endpoints, network applications and identity and applications and identity are just inherently linked, right? IDPs are one of the core pieces of your puzzle. And if you are using tools like Okta Device Trust or Microsoft, oh god, it’s Entra ad now, isn’t it? It’s not Azure ad. But if you’re using their sort of contextual access thing, then the I D P is where the rules are being gated, that’s where they’re being applied. And so I don’t think you can have a zero trust set up without an I D P or at least some sort of central place where things are going through.

Speaker 4 (00:36:04):
And I do think that just having the I D P is maybe half of the puzzle you need to make sure that you applications are actually getting added to it. So this is one of the boring parts about security, but it’s making sure you have procurement processes in place and making sure that you’re actually adding the apps because you don’t want to do an audit of your applications after a breach and find out 50% of them aren’t even in your I D P, right? And people are just using username and password to log in. And so I think maybe where we get into the tough decisions here is do you mandate that SAML is required for all applications coming into your business? And a lot of people do, right? And one thing I love about cloud providers today is they’ve made it so easy to add SAML into your applications when you’re hosting, but you’ll always get one or two. You’ll get some weird finance app for a country that you’ve only dealt business with once and you’ll need to do it and they won’t support saml. And so I find it really interesting to think about what you do in these cases.

Speaker 1 (00:37:12):
This week’s episode of the Mac Admins podcast is also brought to you by Collide. Our sponsor, collide has some big news. If you are an Okta user, they can get your entire fleet to a hundred percent compliance. How if a device isn’t compliant, the user can’t log into your cloud apps until they’ve fixed the problem. It’s that simple. Collide patches one of the major holes in zero trust architecture device compliance without collide. It struggles to solve basic problems like keeping everyone’s OSS and browser up to date. Unsecured devices are logging into your company’s apps because there’s nothing to stop them. Collide is the only device trust solution that enforces compliance as part of authentication, and it’s built to work seamlessly with Okta. The moment collides agent detects a problem, it alerts the user and gives them instructions to fix it. If they don’t fix the problem within a set time, they’re blocked. Collides method means fewer support tickets, less frustration, and most importantly, a hundred percent fleet compliance. Visit collide.com/mac admins podcast to learn more or book a demo. That’s K O L I D e.com/mac admins podcast thanks to collide for sponsoring

Speaker 4 (00:38:34):
This of the Mac Admins podcast.

Speaker 3 (00:38:38):
So you mentioned detection before, and I think that’s a really important approach is understanding what problems you need to address and what is actually going on in your environment so you’re not chasing security challenges that maybe actually don’t exist. So can you give us some examples of the level of telemetry you get into what people are doing online or where they prevent data exfiltration?

Speaker 4 (00:39:05):
Yeah, sure. So this is one that just depends really heavily on your company culture, right? And security engineers have been having an age old debate on should you decrypt network traffic? Should you intercept it at the V vpn? And that’s a conversation that’s been going on years. And anyone you ask will give you a wildly different answer. And I think it’s the same in a zero trust environment, but the way you do logging is very different because in that old world, you would have firewalls in your network and you would make sure that you were intercepting all the traffic going between point A and point B, and that’s what you would build your detections on. But in a zero trust world, the network doesn’t matter so much or at least not the way it used to. There isn’t really a central sort of access point.

Speaker 4 (00:39:54):
And so endpoint logging is obviously really important. Like your M D M logs are going to be important. Your E D R logs are going to be important, they’re going to give you some stuff by default, but you’re also going to probably have to build out some stuff yourself. So you’re going to have to pump your logs off to some sort of seam tool in order to be able to do that. But if I had one piece of advice, it would be think holistically about logging when you start this process because do you need E D R logs and M D M logs in your seam? There’s probably going to be a huge overlap of what these things are looking at. And so you might want to think about how much are we storing of both of these? Maybe we only need M D M logs for a week and we need E D R logs for three years or something like that.

Speaker 4 (00:40:40):
But kind of tying back to the original question you asked, what can you find of what can you get? And honestly, you can get a lot these days. You can get browser logs if you’re using enterprise browsers, you can force everyone through a central endpoint proxy and get all the logs that way. There are a lot of different ways of potentially tackling this solution, and there’s not really one answer to it, but I guess I’m preferential to getting endpoint logs regardless of what you’re doing, but that’s only going to get you half of the picture because it’s not going to get you that full d n s query type information. So if a workstation does get breached, how do you know what it was going out and contacting? And that’s where you start getting into some of the privacy issues, especially today. And like I said, that’s where you start getting into, are you going to get that with browser logs? Are you going to use some sort of agent on the machine to get that? But it’s a difficult one. And like I said, privacy is changing every day and some counties and countries and states are mandating that you can’t collect this information. And so it’s making it quite hard for security engineers in this case. But I can absolutely see the reason why.

Speaker 3 (00:42:06):
I remember one of the most useful bits of information a scene provider pointed out to me was if you’re just relying on one source of data, you’re really missing out. Where when you start getting, as you’re saying, the endpoint logs, the E D R logs, the access logs for your federation for your identity is really powerful. We can go, all right, well this device is in Australia yet it’s trying to access this particular system from Australia, yet all of these others, it’s accessing from a totally different place. You wouldn’t have known that if you were just using one source of data and overlaying and comparing what all of your single sources of truth are saying gives you real insight into where there may be a problem that you weren’t able to detect otherwise.

Speaker 4 (00:43:00):
Maybe for people listening, one piece of advice I would give them and one very easy detection you can sort of implement in your environments today is pointing your E D R tool to look at people potentially blowing away your M D M profiles and then using your M D M to look at your E D R tool because if someone blows away one, that’s it, you’ve got no logs and it could still be, it is not checking in anymore, so you don’t really have anything. And so pointing these two at each other kind of gives you a very good basis where you can find out, oh, has this machine been breached or is there an insider threat trying to maybe do something dodgy that they don’t want you seeing

Speaker 3 (00:43:42):
Using the multiple tools, you’ve got to snitch on each other to work out what the users are doing. So most orgs do use a bunch of different tools. So have you got any examples of how deep the integrations can go for things and feel free to talk about some best or even some worst cases you might’ve seen?

Speaker 4 (00:44:03):
Yeah, so I can actually take a very relevant example maybe to the audience. So I think you’ve probably got a lot of jam users listening and probably a lot of Okta users as well. And I think these are two companies that are really great to kind of describe how these relationships have worked because Jamf is an M D M provider, Okta is an I D P provider, but they also both have some overlapping tools. In some cases they both provide some zero trust solutions. And so I think the audience might be thinking, oh, how do I pick between them if I’m a customer of both? And I don’t think there is a right answer. I think it’s going to depend on a lot of factors that we’ve kind of talked about earlier, but JAM for Okta, both have very deep integrations with each other. I dunno if you’ve seen the platform SSO stuff recently, but you can do it with Jamf, you can do it with Okta. There are a lot of different ways you can set this up and there are different tools like Jamf Connect that you can also kind of tie in to do some similar stuff as well. And so some of these tools are sort of competing with each other but also working with each other. And so I think that’s sort of a really interesting scenario. One thing that I like but also I think you have to be wary of is sort of the mono stack. You know what I mean? So I don’t want to, single

Speaker 3 (00:45:30):
Glass of pained

Speaker 4 (00:45:32):
Yes becomes a single pane of glass the other. So essentially it’s very easy to set everything up. And so Microsoft’s context aware access, very good, very easy to set up, very smooth, just one big tool. It doesn’t need to connect into other stuff. But I also think you get a lot of vendor lock-in with things like that. And so I think that’s something that you need to strongly consider and it means that you’re going to have to be using Azure for cloud, you’re going to have to be using Intune for your device management. You’re going to have to be using entra ID for all of your applications. And so some tools will have more connections with others, and that’s just how it’s going to go. So I do think that when you are thinking about zero trust and thinking about building this out, you should look at what you have in your environment today and what they connect in with. And if you can get that information from tool A to tool B natively rather than building your own solutions to glue this stuff together.

Speaker 3 (00:46:42):
And it’s really important that this is why sort of an easily accessible feature matrix isn’t always going to give you the answer to what you’re going to use because so many of those things are very broad and the tick box is a tick box when it’s used in a certain way or in a certain scenario. And I think really understanding what all of those things mean in the context of your own organization and your own users and your own practices, where you are on that journey is a really important way to evaluate these things. And this is something where the MAC admins, the listeners that we have working on a technical level can really partner with the architects making these decisions to help them understand what those buzzwords and what those checkbox and what those features actually mean in the context of how your organization is using those tools at the moment.

Speaker 4 (00:47:41):
Exactly right. And so I think that you are probably say you find two tools that do not work well together at all. There’s no connection. You can’t get the information that you need to do this. You’re going to have to decide, am I going to build something myself using the APIs to build a middleware solution or am I going to move vendors for something that I’m using? And that could be a really hard decision. You may have built a lot of things onto your platforms that you have today. And so I don’t think there’s an easy solution here, but I think that if you have two vendors that are obviously never going to work with each other, they are just strong competitors, no integrations between each other, nothing on the roadmap, that’s the cases where you may be stuck. And I know there are people who are in this situation who maybe don’t have the resources to do these migrations, but in some cases it’s the only way.

Speaker 2 (00:48:42):
Well, luckily if you’re using Okta and chf, they have that unified identity that you mentioned and that’s very intriguing when you add the platform s ss o piece on top of Jamf Connect with FastPass. So that is a case where two different tools works better than perhaps one vendor with multiple tools or two different tools from two different vendors. But you had touched on something earlier, like fewer vendors, but is it better, I mean I know we’ve all gotten overloaded at times with too many security agents running on our machines, slowing it down or what have you, and pipelining all that data off to a sim, it can be a fire hose with the endpoint extension. So is it better to use fewer tools? Is consolidation a good thing? I guess where do you see the point where you just need multiple things, I guess? And I’m sure it starts with, it depends. So feel free to start there.

Speaker 4 (00:50:01):
So this is one where I think security in general, we come up with lots of startups, we build out all these things and then you have so many security agents and tools like you say, and then we start unifying on a platform and we kind of naturally go to a few individual vendors. And I think this has happened a lot in security. When you look at it, you look at seams, it’s happened, you look at browser, that’s happened. I think today the new explosion is AI security companies. And I think that again, we will see a lot of companies be acquired by places like Google, like Amazon, Okta, things like that, where they’ll start building this stuff into their own tools. And so I do think consolidation could help. I think what you should probably focus on more than anything is I was touching on earlier, you should try and consolidate down your browsers, your platforms and that more so than your vendors. But like I said, it is going to be problematic for you if you are working with two tools that don’t work with each other. And so I do think you should consolidate down, but also relying on a single vendor for everything is a dangerous world to be in, even if they can sort of tempt you in with the fact that everything works nicely from day one.

Speaker 2 (00:51:26):
I love that point. And to build on something you said, I feel like in the security space, almost more than any other, I’ve seen one vendor come in and prove a new market or a new paradigm or a new category within security. Like Zscaler felt like the first real Z T N A tool. They had massive success early on and then all the other companies who are in security said, Hey, that’s a great adjacency, we can move into that as well. It’s just a pretty interface on wire guards. So they started building their own tools as well. And we’ve seen that to some degree with M D M, we’ve seen that with, I mean I guess antivirus would be the original one. But yeah, it does feel like you mentioned Sims, I do feel like that’s kind of what we see. It’s like the year or two before every vendor tries to do it because that’s the new big thing at Black Hat in the vendor hall. Everybody wants the Zscaler socks and everybody wants to talk to Zscaler. So a year or two later, 15 other vendors have already entered that market to go get some of that market share. And part of that is just defending what they have. So it’s completely understandable. But I guess the stock market needs them to continue growing, so they have to add to the portfolio.

Speaker 4 (00:53:01):
I think that’s one piece of it is that and being people don’t want to pay for security, it’s not something that is driving business value to a lot of companies in a lot of cases. And security can help you get more enterprise customers and that kind of thing, but it’s not seen as a feature ad building your own new feature on your tool would be. And so I think that’s one part of it, right, where you don’t want to have hundreds and hundreds of security vendors in your organization. They are perceived to slow things down and make things more bureaucratic and that kind of thing. And I think this is why the platform wins out in a lot of cases because security is great when you can build it in by default. And I think that’s what Zero Trust aims to do, right? It’s like zero trust solutions even two, three years ago were very basic.

Speaker 4 (00:54:00):
They didn’t support Chromebooks in a lot of cases. They only supported maybe Chrome and there was a lot of issues with them and you needed to be using a certain M D M and now they’re getting a lot better. And I think that’s the case with everything. You see this explosion of vendors and then a few trickle out of the market, a few merged together, a few consolidate or get acquired with bigger companies and you’ll end up with five or six who are doing reasonably well, maybe a few more who are doing all right. And I think companies who are in an adjacent space like MDMs, IDPs, that kind of thing, they’re in a good place because they already have the customers, they have people who want to do this and they can make it easy at the end of the day.

Speaker 3 (00:54:46):
So what you’re saying is, yeah, an application allow listing policy, but for security agents on your machines to try and slow things down. So it’s interesting you mentioned embracing things and you mentioned Platform S S O before and seeing Apple especially start to embrace this technology, whereas in the days when we all ran really quickly away from binding to ad and then there was this noticeable gap to platform SSS o and Apple really embracing the concept of cloud identity on the device. And then at WW DC this year they announced network relay. So what’s your feelings of having that technology actually baked into the operating system? It’s still going to need identity providers, network security, those sorts of things to be implemented by somebody who isn’t Apple. So what’s your feelings on seeing that sort of direction Apple’s moving in?

Speaker 4 (00:55:48):
It’s amazing. I’ve been loving the work that Apple has been doing over the last few years and I think Network relays sort of tangentially related. I think it’s a good thing for a few people and I think all new features, there’s some kinks to work out and people will need to work it out and that kind of thing. But there’s been a lot of things that Apple have done in this realm in the last few years just to make this really good. A really great one I would recommend as well for Mac admins is managed a device attestation, like the idea that you have a valid coming straight from Apple into your organization and you can sort of solidify that whole process is really amazing. And to some degree, apple are the only people who can build this, right? Sort of tangentially related to Zero Trust. The whole sort of pass keys and web orth end movement has required vendors to build this, right? We can’t do it unless Microsoft and Google and Apple build this because they own the mobiles, they own the hardware, and so they sort of have gatekeeper on the market here and when they build this stuff, it just makes it easier for us. And so I think anything that can help us do this is a plus in my book.

Speaker 3 (00:57:09):
Yeah, I really love where managed device attestation is coming from and going. So this idea, you mentioned certificates before, us being the tried and trusted way of ensuring the device is who it says it is. But then the challenge with that is, yeah, there’s lots of things we can do to stop that certificate being taken off that device and put on something else. But what if it wasn’t actually a device to begin with when it got enrolled and got handed out that certificate? And that’s the key that I really love about managed device at Station that we can get until we get a deaf con or a black hat presentation from Patrick Waddle talking about how he’s managed to bypass it or get around it, but it’s that additional layer of security and confidence that this isn’t just some random thing with a Plex server on it that managed to get enrolled into your organization.

Speaker 4 (00:58:07):
Exactly. And my advice for Mac admins listening is, if you are doing zero trust today or you are on your journey, this is the number one thing to think about. Because out of all the Zero Trust setups that I see, and I talk to people about this is the number one mistake they make. They allow any device to enroll into their M D M, they don’t have a gate on that. And so you may be able to get a certificate onto an attacker’s device through this method. And so I really think you need to think about an end-to-end process. You need to think even before it’s in your M D M, not just after. And so that’s absolutely one key I would think about.

Speaker 2 (00:58:53):
And we’re talking about a lot of software that just automatically works together, but sometimes as we’ve discussed, we have to build our own integrations. Can you think of any examples of areas where someone might need to glue their own workflows together? Any tips or tricks or any thoughts there if people are going to go that route?

Speaker 4 (00:59:17):
Yeah, there’s really three that I see quite commonly. And I think if you were building Zero Trust back in, I don’t know, 2016, 2017, you probably had to do it yourself. And the first setup we built in Atlassian was entirely custom, and that was just what we had to do because there wasn’t any tools to build this stuff. But if you are using a vendor today, they are going to assume that you are a company who is doing SaaS stuff in the cloud and you might be hybrid or you might be fully remote. And that is sort of their expectation of what you are doing, and that is what they build for because that is what their customers primarily are. But let’s say that you are a warehouse or an industrial control facility or something like that, something with actual hardware stuff, you are going to find it really hard to do zero trust.

Speaker 4 (01:00:12):
And so you may need to build on some sort of connector for your on-premise gear. Another thing I see that maybe I feel like the vendors haven’t quite got down yet is the UI element. Like Netflix released stethoscope years ago, which was a UI to help you remediate your Mac or I think any of your devices. And that was a really awesome thing. The ui o is very smooth, really nice, really easy to roll yourself. I just haven’t seen anything that’s quite at that standard yet that you can buy off the shelf. And so that’s something that I see a lot of people do because the APIs are available so they can build their own ui. I think finally the third thing is like you say, I just see a lot of middleware, like someone who is using an M D M that doesn’t connect to their I D P. So they’ve built a tool that sits in the middle and contacts the APIs, sends details from A to B, and that’s it. And that’s fine, but thankfully I’m seeing a lot less of that now that the tools are starting to work nicely together.

Speaker 2 (01:01:20):
And since you mentioned Atlassian, I have to say the last one of these crappy glue things I built was a node jss app to be able to restrict access to Jira or surface certain metadata into Jira. And I seem to remember that Atlassian at the time had two or three different ways that you could build apps. And it was different for whether you were cloud hosted or on-prem or what have you. And it’s like, oh, now that I’m done building this, now we’re told we’re going to switch and now I have to build it again in a whole language using a whole other paradigm.

Speaker 4 (01:01:59):
Is it What are the downsides of moving from on-prem to cloud? Right? There’s very different ways, and I’m sorry I was part of that project, but we wanted to improve security for our cloud apps. And so we didn’t want people just running arbitrary code in your Jira instance, and that’s why I think we built that tool in order to run your code on our infrastructure, right?

Speaker 2 (01:02:23):
Well, at least it was more secure, so don’t be sorry

Speaker 4 (01:02:27):
Again, security people ruining everything, right?

Speaker 2 (01:02:31):
But I think it is worth mentioning anytime we build these glue things, a month or two later, we get an email from GitHub that one of the frameworks that we used is vulnerable and we need to update it to a new version or a new version of Python comes out or node js or whatever we use to build it. And so just the initial build is one piece, but then owning it, and by the way, both vendors have APIs that may or may not be properly versioned and or documented. So in three to six months, they may have an A P I update and break stuff, or they may rotate eight our tokens or JWTs or what have you. When you choose to go that route of building your own integrations, which we often have to do, we’re also with every single one biting off this long-term technical debt.

Speaker 4 (01:03:34):
Maintaining this stuff is hard, and I always try not to build things as much of an engineer as I am. I’m also very lazy in terms of maintaining things over time. I want to work on interesting stuff, not updating security packages and stuff like that. Building

Speaker 2 (01:03:52):
Things as fun, maintaining them was never part of the bargain, was it? Right? So we see with most IT buzzwords though, there can be some scenarios where something that is described as Z T N A is not really Z T N A, have you come across any situations where people can get it completely wrong and end up with the opposite outcome of what Z T N A was supposed to offer?

Speaker 4 (01:04:21):
So many times what’s funny is I think a lot of people get confused about the whole agent thing. So the description I gave at the beginning was talking mostly about client and server VPNs. So your Ciscos, your Z scalers, your Palo Altos connecting into an office or some sort of V P N concentrator. I’ve seen a lot of people move to an agent, but one that just is like a client-based V P N, like Nord, V P N or CloudFlare Warp, but then not do the rest of the Zero Trust stuff. So they just go, okay, I’m connecting through this and we all have the same IP address, and that’s it. That’s all you need to do for zero trust, right? You just install an agent and off you go. And it’s kind of funny because you just think you just did a lot of work, but you didn’t actually improve security at all. You basically just moved from one type of V P N to another. And yeah, it’s scary how much I see that

Speaker 3 (01:05:22):
Having the agent installed on a Mac that’s set to auto log in with a user with admin rights or something like that because you’re not doing any device management or control at all. So the person that finds that MacBook Pro in the back of a cab, all your base belong to them.

Speaker 4 (01:05:44):
Exactly. I said at the beginning, don’t let perfection be the enemy of good, but also there is a certain threshold you need to cross in the first place. And if you can’t sort of do that run on the jump to get that far, maybe you’re just better off staying on A V P N. And I know that might be a spicy take for someone coming here and talking to you about the benefits of Zero Trust, but VPNs are a tried and trusted technology for a long time. And so at the end of the day, just because you’re not using the shiny new thing, you’re still using something that is probably or maybe good enough for what you’re doing

Speaker 3 (01:06:20):
Or is going to actually work. And when we say work mean, allow the users to actually do their job rather than having a three week outage because new shiny thing didn’t

Speaker 2 (01:06:34):
Truly,

Speaker 5 (01:06:37):
Here at the Mac Admins podcast, we want to say a special thank you to all of our Patreon backers. The following people are to be recognized for their incredible generosity. S Stu Bacca. Thank you, Adam Selby. Thank you. Nate Walk. Thank you Michael Sy. Thank you Rick Goody. Thank you Mike Boylan. You know it. Thank you. Melvin Vive. Thank you. Bill Stites. Thank you. Anus Ville. Thank you. Jeffrey Compton, m Marsh, St. Stu McDonald, Hamlin Cruzin, Adam Berg. Thank you. AJ Reka. Thank you James St. Traci, Tim Perfi of two Canoes. Thank you, Nate Sinal, will O’Neill, Seb Nash, the folks at Command Control Power, Steven Weinstein, Chet Swarthout, Daniel McLaughlin, Justin Holt, bill Smith, and Weldon. Do thank you all so much and remember that you can back us if you just head out out to patreon.com/mac ADM podcast. Thanks everybody.

Speaker 2 (01:07:33):
Speaking of Spicy Takes, which I think that’s my favorite term from the episode thus far, it’s time for the bonus questions. So if you had a full-time security research gig, what might you try your hand at trying to exploit?

Speaker 4 (01:07:51):
So I did do security research many years ago, and much of what I was looking at at the time was Cloud MDMs, which I was terrified of at the time. Oh boy. Which is funny, right? But over time, even I N L today, I am a cloud M D M user, so things have improved greatly. I think for me, if I was to look at something today, it would be robotic process automation tools. So if you know what these things are, they are, if you know Python Selenium, it’s the same thing. They mimic users and they do stuff on the screen, but instead of doing it through an A P I, they’re literally going through and clicking buttons in a ui. And the commonplace they used is in financial apps that don’t have APIs and stuff like that, but they terrify me because they use user accounts, which can’t have two FA enabled because they’re bots. So you can’t do any damage control on this. You can’t reduce their access down because they’re accessing your financial apps. So yeah, you can only give them access to your Bank of America account, but at that point, the account is already way too sensitive for anything else anyway. And yeah, I think a lot of cases you have to run them on your on-prem infrastructure, and so there’s a lot of cases where that could also be vulnerable. And so that’s one area I would love to look into in a little bit more

Speaker 2 (01:09:21):
Interesting. Love it. How about you Marcus?

Speaker 3 (01:09:23):
A D F ss? Just purely because I want it to die and go away. I want, I’m not a security researcher, I’d never be able to do it, so maybe I can just make coffee for the people who are finding vulnerabilities in A D F S and publishing them repeatedly so that people will move to more elegant ways of doing things so that when we’re talking about the roadblocks to people being able to use really good identity provider integration, A D F SS was great when it came out because it allowed things to join together these days. It just adds another layer of clunkiness in there, and most organizations that are using it know that they need to find better ways of doing things, and I would just love to find more compelling reasons for their business cases to do that.

Speaker 4 (01:10:19):
I’m so thankful that we don’t have to do that on Max anymore with Enterprise Connect into AD and stuff, like, oh, times are so much better these days.

Speaker 3 (01:10:30):
They are. It seemed fantastic when we could do that. And now you’ve seen there’s a better way, and it’s like, really? Really? It can be nicer. So what about you, Charles? Yeah.

Speaker 2 (01:10:46):
Oh, what about me pet cameras? How about that? That way I can steal and watch all the cute videos or horrible videos because both are fun.

Speaker 3 (01:11:00):
I wouldn’t want to see footage of what Alfie gets up to when he’s marauding at nighttime. Yeah, I think you’d need a special

Speaker 2 (01:11:10):
Therapy group. I, that’s why.

Speaker 3 (01:11:11):
Yeah,

Speaker 2 (01:11:15):
But I mean, you mentioned the robotics stuff. At first I thought it was because you wanted to blow up Iranian centrifuges or something, but then you went a whole different direction with you what you were talking about. So it’s

Speaker 4 (01:11:32):
Funny. R P A has a very, it’s a very weird name, I feel, for something that is basically pressing buttons in a ui.

Speaker 2 (01:11:44):
Yeah. I mean, unless there’s synthetically blocked, in which case you now actual robot bop, bop pressing on the screen. I’ve just come up with a

Speaker 3 (01:11:55):
Great product now for doing all of that testing and getting past T C C prompts where you could actually have, I’m thinking of one of the old new e o monitors that would have the calibration tool. It would come down from the modern calibrate the tool, actually having something like that on a touchscreen on a phone that would come down and actually click the prompt for the user when the user doesn’t. And what could possibly go wrong with that,

Speaker 2 (01:12:24):
Right? Because being present is a core tenant of pass keys or Fido, right? So, hey, I’m present.

Speaker 2 (01:12:36):
Well, on that note, since it’s such a wonderful world, we will include links to the Black Hat Sessions, the DEFCON sessions. I don’t know if they’ll be posted, but when they are, normally they update the session schedule to include the link to the video once they go up on YouTube or whatever. And Kane, thank you so much. This was a fun walkthrough. What Z T N A is some of the good, the bad, the ugly, and you’ve clearly been there and know far more than us. So thank you for joining us to tell us all about it.

Speaker 4 (01:13:15):
No, thank you. And like I say, if anyone has any questions, feel free to reach out. I’m always happy to answer any questions or debug any problems people are having. So yeah, let me know.

Speaker 3 (01:13:26):
Yeah, so folks want to find you on the internet, where can they go?

Speaker 4 (01:13:30):
I am one of those people who deleted their Twitter not too long ago, and so I still don’t feel like I found a place. I think honestly, LinkedIn is the best place right now, but I dunno, still feels a bit too corporate compared to security Twitter. We’ll see how things go.

Speaker 2 (01:13:45):
By the way, I just really look forward to a day when Elon Musk starts complaining that people are Deadnaming X. Just throwing that out. I went

Speaker 4 (01:13:54):
To see, of course,

Speaker 2 (01:13:56):
Even I still

Speaker 4 (01:13:56):
Call it Twitter. Wow.

Speaker 2 (01:13:58):
Yeah. But I

Speaker 3 (01:14:01):
Don’t think he gets irony, Charles. I really don’t think he gets,

Speaker 2 (01:14:04):
That’s too bad. Well, our listeners do, which is why they come back week after week. So thank you listeners for tuning in to this episode of the Mac Admins podcast, and thanks to our Patreon backers and definitely thanks to our sponsors, which will now be read in the dulcet tones of James,

Speaker 1 (01:14:27):
Thanks to our sponsors this week. That’s Kaji Sipple, M D M, and Collide, and we’ll see you all next time. Cheers.

Speaker 2 (01:14:35):
Thank you again, Cain, and thanks Marcus for not hanging up and screaming at me. As happens every now and then, and sorry Tom couldn’t be here. He is again on the Yak farm. He will be returning hopefully next weekend, and we’ll see you next time. Yeah.

Speaker 1 (01:14:52):
Thanks guys. Have a great day. Yeah.

Speaker 5 (01:14:55):
The M’S Podcast is a production of M’S. Podcast, L L C. Our producer is Tom Bridge. Our sound editor and mixing engineer is James Smith. Our theme music was produced by Adam Koga the first time he opened. GarageBand sponsorship for the Mac Admins podcast is provided by the mac admins.org Slack, where you can join thousands of Mac admins in a free Slack instance. Visit mac admins.org and also by techno missionary L L C. Technically we can help. For more information about this podcast and other broadcasts like it, please visit podcast dot mac admins.org. Since we’ve converted this podcast to A P F S, the funny metadata joke is at the end.