Skip to content

Evolving excellent IAM People

Select advice for aspiring IAM People

Reference: http://www.linksbusinessgroup.com/blog/2007/10/18/breaking-in-to-iam/

* Take business courses. Do not spend all of our training time on technologies and vendor products. **IAM is first and foremost about business, people, and process**. Understand the business world, and what drives your clients.
* Keep at least one copy of everything you work with in a home or portable lab environment. This should include, at a minimum:
      o Two operating systems, one of which should contain Active Directory
      o Two RDBMS
      o Two web servers, one Apache, one Microsoft IIS (at a minimum)
      o Two Web Access Management Tools (of differing types)
      o At least one end-to-end provisioning tool
      o At least one end-to-end reporting/compliance/auditing tool
      o Full Java-based IDE that supports multiple application servers and database connections
      o At least one proxy server
      o The rest will vary, depending on need and projects worked. This list is only a starting point....
* Learn the old stuff too, trawl for books on software and operating system versions at least 1 version back from whatever the new stuff is. Enterprises, governments, and scholastic institutions have very long implementation and product support lifecycles. Remember, what you probably work on at home or for development purposes is way too new for many clients and potential clients. The business technology cycles and personal technology cycles can be as many as 4 or more years apart. Trust me on this. Many people have done very well in this industry by having a solid foundation in 'older' technologies that all the new up-and-comers have no experience with. In the end, it's all about what your clients have, not necessarily what you think they should have, or what you would rather personally work with.
* Do not spend your time with training, tutorials, and certification programs. There are other schools of thought on this, but for most people, on-the-job training and self-directed training toward a specific goal will generate far greater rewards, in a shorter time than tutorials and expensive "boot camps" and professional training classes. When working self directed, be sure to have a goal. Examples might include "I will push a sign-on token between two different systems and have the user seamlessly authenticated," or "I will provision a user to three different places, report the results to a fictitious manager in a way that he or she can understand and act upon, then de-provision the same user.
* Understand that IAM-related products are by and large complex, and not "point and click" affairs. Dig in and get your hands dirty at the command line, or with the vi text editor in UNIX. The technical work of IAM will take you there soon enough, so best to go there early and willingly to pave your way toward technical acumen.
* Get your hands on as many platforms, and as many technologies as possible. At the same time, ensure that your thirst for business knowledge is at least as great as your technical. You will need both.
* If you have any aversion at all to public speaking, get over it...now...Take a class, join your local Toastmasters, force yourself in front of clients. Whatever it takes. Successful IAM requires constant communication, presentation, re-presentation, and convincing large groups of people to accept your proposal/way of thinking/technology recommendation.
* Pick one or two industries to initially focus on. You will work with many throughout your career, but having a deep level understanding of predominant IAM-centric industries can pave your way. Three verticals you might consider starting with are Medical, Financial Services, and Government (not necessarily in that order.)
* If you are just getting started, find a project opening and go after it. Many organizations are actively pursuing some type of IAM-related project around access controls, directory services, compliance/reporting or provisioning. Take whatever role you can and learn all you can.
* Do not spend all your time on one vendor or technology. IAM is a highly dynamic field of vendors, and the players are constantly changing, along with the direction of the business. At the pure technical level, IAM is concerned with integrating many disparate technologies and processes into something cohesive. During this journey, you will work with many different vendor products. Embrace each for what it is, and pay particular focus to all the threads of commonality that exist between enterprise software packages.
* Reading materials? Read key industry blogs, product manuals, business books, and vendor case studies. Focus on how IAM technologies are used, and how their associated Programs are managed. See what others are doing with them today, and anticipate where things may go tomorrow.
* Learn a few things about web design and related technologies. Though client server continues to play a major role in most enterprise portfolios, web-based technologies are making deeper inroads. An often-overlooked area is corporate/enterprise portal design and security integration, and this provides an ongoing area of opportunity. Security is a balancing act, and people that understand that secure web applications must also be highly usable will continue to be highly coveted.