@FrankMcG@gururamp30 and candidly - this was one of the most important pieces. If you can remove privs from non-human entities until a, for example, push to prod or change window - you reduce a ton of risk and alleviate a requirement to be ultra fine grained in priv management
@FrankMcG@gururamp30 that said - AWS's capability of entities assuming roles to assume other roles and even assuming cross account roles becomes a governance nightmare...
@FrankMcG When I was working for a CIEM company - this was a gap and we had a priv elevation tool to do JIT elevation. Funny enough, that company (CloudKnox) was acquired by MSFT but I haven't heard of that feature getting ported. @gururamp30 may know...
@FrankMcG@ChatGPTapp It's way cheaper to pay someone in foreign countries to do a repeatable task than it is to spend that money on compute and engineering.
Ask Expensify's smartscan and they didn't have to even model human behavior - they just had to read a receipt
@FrankMcG Counter argument - I've seen first time managers with better leadership capabilities than career leaders.
Experience != value - we've all seen leaders that get stuck in the status quo