Killer Skills for an Identity and Access Management (IAM) Project

Killer Skills for an Identity and Access Management (IAM) Project

Red hot identity and access management skills.

While working with a variety of companies who strive to improve their identity and access management program, I find that the most successful organizations have resources involved throughout the project that possess unique skills. It takes more than just IT project management and leadership skills to be an effective identity and access management leader, so make sure your team possesses the skills identified below and build a lean, mean IAM machine.

LDAP Effectiveness

In the majority of identity and access management projects, there will typically be a decent amount of work involving LDAP-compliant directories. Whether it is Active Directory, a virtual directory of some sort or any other number of LDAP directories, accounts and groups will most likely reside in one or more LDAP repositories. Many organizations are running more than just one LDAP directory as well. Therefore, effective resources will need to possess skills to dissect and query LDAP in order to fully understand identity data.

I find that these LDAP skills are needed throughout an IAM project for a variety of tasks including: data conversions, QA testing, directory consolidation work and more. LDAP skills become even more effective when combined with database and scripting knowledge as detailed below. Being able to write scripts that push and pull data between databases and the target LDAP directory provides a great deal of power that can be leveraged to accelerate project work.

Database Knowledge/SQL

As with most technology projects, databases play an important role in identity and access management initiatives. IAM solutions themselves typically leverage databases for their configuration, audit logs and other identity-related storage needs. However, it is also very common for homegrown applications to leverage databases, so granting access to these applications requires knowledge of the database structure in order to successfully manage the identities and access.

When it comes to go-live activities of an IAM initiative, there will be a great deal of unglamorous work around data conversions, identity mappings and bulk imports of existing access into the identity and access management solution. While unglamorous, these data-related tasks are critical components of the project that often determine the perceived success or failure of the project to stakeholders. Therefore, being able to manipulate and query data quickly is a must-have skill. I have seen project teams waste a tremendous amount of time with data-related activities because the team does not possess database skills. Trying to use spreadsheets for complex data activities is a recipe for disaster, so please use the appropriate tools for the job.

Understand Authentication/Authorization Models

In complex environments, there could be tens, hundreds or even thousands of systems integrated into an identity and access management solution. Often, these systems leverage a variety of different authentication and authorization models, so it is critical that the team possesses skills to know how each system works. Simply knowing how Active Directory works will not make you effective once you start integrating UNIX, SAP, mainframe, homegrown database apps, etc. into the solution.

Take time to learn how each system authenticates users including its underlying Directory technology as well as how authorizations are assigned and executed. Going a step further, I would also argue that hands-on skills around querying each Directory type, exporting account/group/role data, creating and deleting accounts and group/role memberships are also vital for each technology type. This helps during identity and access management configuration and troubleshooting since project delays occur when specialized resources must be tracked down for simple requests.

Scripting Languages

Finally, all of the skills above can be fully utilized when basic development and scripting capabilities are leveraged. Whether you choose Perl, PHP, Powershell or any other language as your tool of choice, building scripts that interact with Directories and databases help streamline projects and improve quality. A little bit of extra effort to build scripts that perform identity-related tasks will benefit you when it comes to go-live launches and testing.

If you try to manually extract and manipulate account and group membership data across numerous platforms for the purpose of data conversions or import activities in the IAM solution, you increase the risk of missing project timelines and introducing quality issues. Leveraging scripts to perform identity-related queries and conversions ensures consistency throughout the process. It can also dramatically reduce the amount of time required to perform those tasks multiple times during critical, high-stress phases of the project.

Scripting skills can also help address product limitations if you hit roadblocks in the middle of a project. Often times, you can still deliver the required capability if you are handy with basic scripting skills. If budgets are not flexible and you promised a capability that requires a product customization, you might be able to provide the same capability via a script to buy some time. Obviously, you need to pick and choose where this makes sense.

Learn New Identity and Access Management Skills

Being well versed in all of these skills makes you an effective identity and access management project team member. If you have gaps in some of these areas, I highly recommend you take time to expand your skillset. When you combine these technical capabilities with top-tier business process design and leadership capabilities, you truly become a top-tier identity and access management asset for your team and guru for an organization.

Get the Top 10 Identity Manager Migration Best Practices Workbook

top 10 identity manager migration best practicesStart your migration from legacy software with the Top 10 Identity Manager Migration Best Practices Workbook. Use this workbook to think through your information security risk before you transition to next generation identity manager software.

Request the Workbook

Written by Ryan Ward

Ryan Ward is CISO at Avatier, responsible for security initiatives as well as strategic direction of IAM and security products. A sixteen-year veteran of the security industry, Ward comes to Avatier after five years with MillerCoors where he served as Enterprise Security Manager of the brewing company and USA Information Security Officer for the public company SABMiller. In those positions Ward was responsible for all Information Security initiatives for MillerCoors. Prior to MillerCoors, he served as Senior Information Security Leader at Perot Systems while supporting the Wolters Kluwer account. He previously held the position of Vice President of Information Systems for Allscripts.Ryan is also a Certified Information Systems Auditor (CISA) and a Certified Information Systems Security Professional (CISSP).