Identity Management Success

Hello Everyone:

A question I’m often asked is “how does one get started on the field of Identity Access Management?”

A fair question and one not so easily answered. Over the years, I have had the pleasure of meeting many knowledgeable and talented people in this business. One thing has been consistent — people enter the field in different ways, from many different disciplines, and many walks of life. So before attempting an answer, let me just say that these lists and suggestions are based on my personal and company collective experience, from training and being trained by others, and from what has worked for my colleagues. IAM is a big field, comprised of many different disciplines and specialty areas. There is no one right answer.

Personal Profile of a Successful IAM Person

To better understand what it takes to become an IAM Person, or a more successful IAM person, it is first useful to have some background and visualize a profile. General personal traits include (but are not limited to):

• Strong, natural communication skills
• Endless patience
• Stamina and endurance
• Perseverance
• Strong understanding of business, business models, industry verticals
• Flexibility
• Reliability
• (notice how we are nowhere near talking about technical skills yet…?)
• “Can do / Will do” attitude
• Ability to collect, collate, synthesize, and disseminate client requirements
• Confidence in speaking publicly
• Great demonstration skills
• Strong ability to present highly technical concepts in real-world business terms, to real-world business users
• Consultative salesmanship skills
• Timeliness
• Ability to think in “big picture” terms, while having the ability to manage countless small details
• Highly customer focused
• Skilled in effective troubleshooting and resolution techniques
• Understanding of what makes a good report, and a good presentation

Technical Profile of a Successful IAM Person

• Full grasp of Systems Administration issues
• Full grasp of Network Administration issues
• Deep understanding (especially in regard to security components) of at least two major operating systems (hint: at least one of them should be a modern variant of UNIX)
• Complete working comfort with at least two major enterprise RDBMS platforms (hint: at least one of them should be Oracle)
• Full grasp of command-line tools for each focus platform
• Ability to script complex tasks in at least one major scripting language (hint: at least one of these languages should be UNIX shell)
• Ability to create basic software programs, or make basic modifications (hint: Java at a minimum, Java + .NET for a bonus round, and ideally a smattering of C thrown in.)
• Deep understanding of everything web/HTTP/TCP/IP oriented
• Deep understanding of data security issues, especially in the areas of application and database security
• Deep understanding of client/server applications (not just the web stuff….)
• Deep understanding of databases and data structures
• There are other areas of concentration, but people possessing a good mix of the above can go quite far in the IAM Business.

Where do IAM People often come from?

• Systems Administration/Monitoring/Management
• Software development
• Business majors and business consultants
• Project Managers
• Software/Enterprise Architects
• Data Security
• Legal/Compliance
• Technical Management/Administration
• Helpdesk/Support
• Directory Services
• System/Application Integrators

Select advice for aspiring IAM People

• Take business courses. Do not spend all of our training time on technologies and vendor products. IAM is first and foremost about business, people, and process. Understand the business world, and what drives your clients.
• Keep at least one copy of everything you work with in a home or portable lab environment. This should include, at a minimum:
  • Two operating systems, one of which should contain Active Directory
  • Two RDBMS
  • Two web servers, one Apache, one Microsoft IIS (at a minimum)
  • Two Web Access Management Tools (of differing types)
  • At least one end-to-end provisioning tool
  • At least one end-to-end reporting/compliance/auditing tool
  • Full Java-based IDE that supports multiple application servers and database connections
  • At least one proxy server
  • The rest will vary, depending on need and projects worked. This list is only a starting point….
• Learn the old stuff too, trawl for books on software and operating system versions at least 1 version back from whatever the new stuff is. Enterprises, governments, and scholastic institutions have very long implementation and product support lifecycles. Remember, what you probably work on at home or for development purposes is way too new for many clients and potential clients. The business technology cycles and personal technology cycles can be as many as 4 or more years apart. Trust me on this. Many people have done very well in this industry by having a solid foundation in ‘older’ technologies that all the new up-and-comers have no experience with. In the end, it’s all about what your clients have, not necessarily what you think they should have, or what you would rather personally work with.
• Do not spend your time with training, tutorials, and certification programs. There are other schools of thought on this, but for most people, on-the-job training and self-directed training toward a specific goal will generate far greater rewards, in a shorter time than tutorials and expensive “boot camps” and professional training classes. When working self directed, be sure to have a goal. Examples might include “I will push a sign-on token between two different systems and have the user seamlessly authenticated,” or “I will provision a user to three different places, report the results to a fictitious manager in a way that he or she can understand and act upon, then de-provision the same user.
• Understand that IAM-related products are by and large complex, and not “point and click” affairs. Dig in and get your hands dirty at the command line, or with the vi text editor in UNIX. The technical work of IAM will take you there soon enough, so best to go there early and willingly to pave your way toward technical acumen.
• Get your hands on as many platforms, and as many technologies as possible. At the same time, ensure that your thirst for business knowledge is at least as great as your technical. You will need both.
• If you have any aversion at all to public speaking, get over it…now…Take a class, join your local Toastmasters, force yourself in front of clients. Whatever it takes. Successful IAM requires constant communication, presentation, re-presentation, and convincing large groups of people to accept your proposal/way of thinking/technology recommendation.
• Pick one or two industries to initially focus on. You will work with many throughout your career, but having a deep level understanding of predominant IAM-centric industries can pave your way. Three verticals you might consider starting with are Medical, Financial Services, and Government (not necessarily in that order.)
• If you are just getting started, find a project opening and go after it. Many organizations are actively pursuing some type of IAM-related project around access controls, directory services, compliance/reporting or provisioning. Take whatever role you can and learn all you can.
• Do not spend all your time on one vendor or technology. IAM is a highly dynamic field of vendors, and the players are constantly changing, along with the direction of the business. At the pure technical level, IAM is concerned with integrating many disparate technologies and processes into something cohesive. During this journey, you will work with many different vendor products. Embrace each for what it is, and pay particular focus to all the threads of commonality that exist between enterprise software packages.
• Reading materials? Read key industry blogs, product manuals, business books, and vendor case studies. Focus on how IAM technologies are used, and how their associated Programs are managed. See what others are doing with them today, and anticipate where things may go tomorrow.
• Learn a few things about web design and related technologies. Though client server continues to play a major role in most enterprise portfolios, web-based technologies are making deeper inroads. An often-overlooked area is corporate/enterprise portal design and security integration, and this provides an ongoing area of opportunity. Security is a balancing act, and people that understand that secure web applications must also be highly usable will continue to be highly coveted.

Congratulations if you have made it this far! Do not be afraid, the above (and much more) is attainable if you are committed to getting there.

Still have questions or want additional perspective on IAM Success? Please send email, or call us at +1 877 769 8938. Thanks for reading, and until next time: All the Best, of Identity Management Success.

Corbin H. Links, President
Links Business Group LLC

©2003-2007 Links Business Group LLC. All rights reserved.