The Birth of Nametag: Aaron Painter on The Digital Executive

Nametag Team
Nametag console showing a successful verification result

Enable Self-Service Account Recovery

Nametag sends MFA and password resets to self-service while protecting your helpdesk against social engineering.

Nametag CEO Aaron Painter recently joined Brian Thomas on The Digital Executive Podcast by Coruzant Technologies. In his 2017 bestselling book “Loyal”, Aaron described his key to leadership: fostering a culture of listening. In discussion with Brian, Aaron explained how when employees feel heard and respected, so do the company’s customers. Then he described how listening led to the birth of Nametag.

Watch the full episode, or read our summary and watch our highlight clips below.

[This transcript has been edited for clarity]

Brian Thomas: Well, good afternoon, Aaron. Welcome to the show.

Aaron Painter: Thanks, Brian. I’m excited to be here.

Brian Thomas: Absolutely. This is so fun. Best part of my day is doing a podcast.

The Birth of Nametag

Brian Thomas: I appreciate you making the time jumping on and let’s get into a great conversation here, Aaron. I’m going to ask you a few questions, but the first one is, could you share with us your journey that led you to become the CEO of Nametag? Especially after such a diverse international career.

Aaron Painter: Yeah, thank you.

I spent almost 20 years living and working outside the U.S. I was CEO of a company based in Europe that was one of Amazon’s largest partners on cloud computing and transformation. And I moved to the U.S. just at the start of the pandemic. Very quickly at the start of the pandemic, you might remember, so many things started just moving digital only. And I had a bunch of friends and family members who had their identities stolen.

So I said, you know what? I’m going to be a good friend. I’m going to be a good son. I’m going to jump on the phone with you. We’re going to call customer support people. We’re going to straighten this out. And of course, when we called to verify that it was us, they often asked a couple standard “security questions”, an experience we’re all familiar with.

But we realized that someone else had called before us and answered those security questions using our information, and was therefore able to take over our accounts. And it struck me as crazy that in today’s day and age, particularly then as it felt like the world was falling apart, we needed our accounts, our digital accounts more protected than ever.

There was this sort of "backdoor" that existed because however many layers of security someone put on an account -- 2FA, multi-factor authentication, authenticator apps, SMS messages, whatever it might be -- it was simply far too easy to call customer support, say you were the account owner, maybe you’re locked out of whatever that login mechanism is, and then take over someone’s account.

And so it was this deep kind of personal need and pain I was feeling to say, gosh, there has to be a better way. And ultimately that’s what led to Nametag.

The Importance of Listening

Brian Thomas: Well, we all have unique stories on the podcast here, but that really touches us because we’ve all had some sort of family members that have been scammed and we need to make this a better, safer world. And with your help, we’re going to do that.

Jumping into the next question here: You’ve worked across various continents, how have your experiences in different countries influenced your leadership style? Particularly in fostering a culture of listening, as you described in your book, Loyal.

Aaron Painter: In about 2017, I had the privilege of running Microsoft’s enterprise business in Greater China for about five and a half years, most of it in Beijing. There were all these Chinese companies that were becoming big and going on the global stage.

At first I was nervous, because I don’t speak Chinese fluently. I was nervous to go talk to these people in these big, state-owned enterprises and multinationals. But I quickly realized they were excited to talk because so much of my life and career had been in other countries, and people were really eager to learn.

And I said, alright, how do I go learn when I don’t speak the language and I want to add value to these conversations? And quickly, I learned the best technique was often to try and listen. Whether that was listening through body language, a little bit of help from translators, maybe understanding some words and kind of getting by and whatever.

I was able to learn a lot of what people were thinking about and ideas they had. And by me listening, they also felt respected and like their views and opinions mattered. And so, I ended up writing this book in 2017 about listening. The title was Loyal: Listen or You Always Lose.

It's about this concept that when employees in particular feel like their voice matters or they feel heard, then they engage with customers differently because they’re getting that customer feedback, the customer knows that their opinion matters, and the employee is hunting for that feedback because they know when they go tell their management what they heard, they’ll be heard too. 

It creates a kind of fortuitous cycle, and I’ve always felt like listening was the core of that. 

How We Listen at Nametag

Now, interestingly, at Nametag, of course, there’s a lot of our internal culture that we try and subscribe to there and ways we try and innovate there, particularly with all remote teams.

"Fundamentally we have all these great new innovations in technology, and yet we’re still using things like security questions when somebody calls and says they’re locked out. And it’s become sort of the ultimate backdoor."

But for us, it was really formative because we had an early advisor who is chief security officer at one of the biggest marketing automation companies. And the advisor said, “hey, you know, you folks had built this really interesting and secure way to do identity verification, right?”

We marketed at the time as kind of knowing who the human is behind the screen, particularly let’s say at those high-risk moments when you’re calling customer support, or you’re locked out. But he said, “We have a bunch of users who, we’ve tried to increase the security of their accounts. We’ve put on multi factor authentication, but they get locked out. And they get locked out in actually pretty high numbers. 

So we said, hey, can we use Nametag to verify who those customers are when they call and they want to access their account and their other methods aren’t working? 

It was sort of focused on the help desk, on those customer support scenarios. And we started doing that. And, we’ve done amazing things for this company because it’s now really cool-it’s kind of in their product. It’s now fully automated. So, if you can just simply click and say “I’m locked out”, you don’t actually have to call customer support anymore. You can go through a Nametag flow and kind of reset your credentials or your access. And that took us into this really interesting space with a bunch of other really big companies that also had their customer accounts that they needed to protect.

And then another really big social media platform came along and said, hey we’re actually worried about our employees. We’re worried about our workforce, because people are calling the helpdesk, pretending to be an employee, and they’re trying to take over an employee’s account, because if they do that, they sort of get the keys to the kingdom, so to speak, and can go cause a lot of havoc- ransomware, data breaches, and other things.

And so, we helped them create this really interesting way to solve that using this Nametag solution that we had. Then late August happened. 

You might remember MGM became very well-known because some bad actor went on LinkedIn, spent a few minutes, researched an employee, called the MGM help desk and sort of social engineered their way in. And then it turns out that happened to Clorox and Caesars and now hundreds of other companies in just the last few months.

And so, we were able to use that concept of listening, where someone gave us a really good insight and said, how can we adjust our product to solve a problem that coincidentally is now a problem a lot of people and a lot of companies are facing.

Why Nametag Focuses on Protecting Helpdesks

Brian Thomas: Yeah, absolutely. And I love that you’ve got down to business to help these customers out with the problems they were having. But yeah, social engineering has gone to a whole new level. It’s just crazy what people are doing to get in and compromise an account. So, appreciate the share really, really do.

And Aaron, switching gears. Let’s talk about your identity verification here. You've chosen to focus on a pretty unique angle when it comes to identity verification, social engineering attacks, and protecting employee helpdesk. Why this focus?

Aaron Painter: It felt like the way we could have the most impact.

We have all these great new innovations in technology, and yet we’re still using things like security questions when somebody calls and says they’re locked out.

We were getting multiple calls and emails a day from companies saying, “I just got hit. I just got breached,” or, “I just squeezed by, but boy, this was a close call.” What we realized is what Okta and Gartner, and now everyone else is coming to say: that social engineering at the helpdesk has become the ultimate backdoor to get around account security.

So, if we can have this mission of protecting accounts, stopping social engineering, stopping the ransomware and data breaches that flow from it, and actually end this world of security questions, we can make a massive impact on helping people be safe online and ultimately hopefully stopping these sort of account takeovers that have just become too rampant.

Brian Thomas: Thank you. And I appreciate that. You know, sometimes we try to really address something, not the problem with maybe technology or solution, but you guys went down to the root of it. And I can tell you right now, the employee helpdesk is really a big target right now. And as a CIO, I’ve seen. This happened to our helpdesk many times where people tried to social engineer their way in. Luckily to date we’ve been lucky, but I can tell you, this is always a scary moment.

The Future of Online Identity Protection

So, thank you for that, the share. And then last question of the day, Aaron, looking ahead, what is your vision for the future of online identity protection? And how does Nametag plan to evolve in this rapidly changing digital landscape?

Aaron Painter: Our goal is to end  social engineering attacks and protect the helpdesk: "secure the helpdesk". There are many, many things you can do when you give employees or customers a form of reusable identity verification. That’s frankly not the way the industry grew up (around Know Your Customer or financial regulatory compliance), so Nametag is more focused on security. 

With Nametag, we offer a really secure way to verify who a person is, using a flow that might be similar to that Know Your Customer experience, as far as the end user is concerned, but in a much higher fidelity way. We happen to use mobile phone technology, which gives us the benefit of cryptography and AI. It's a fundamentally different way to create what’s otherwise a familiar experience for users.

Brian Thomas: Thank you. I appreciate that. And again, we have to be one step, sometimes two steps ahead of the bad guys in order to protect our safe spaces. And that’s one of the things that you’re doing is leveraging that technology. And I appreciate that. Love what you and Nametag have done thus far.

And I can’t wait to hear more. Aaron, last thing, it was just such a pleasure getting to meet you today. And I look forward to speaking with you real soon.

Aaron Painter: My favorite 10 minutes of the week. Thank you for all the great work you do in this podcast. It was an honor to be on today.

Secure your helpdesk against social engineering and impersonators.
Accept All Cookies