The field of identity and access management is opening a diverse range of career opportunities for ambitious workers. IAM practitioners are responsible for planning, designing, implementing, and maintaining data access systems that are used by modern businesses. The goal of IAM is to minimize the risk of data loss and data breaches as a result of unauthorized access. IAM practitioners have a high level of responsibility, and they are compensated well for their expertise.
Common IAM Job Titles
Employers use various terms for IAM practitioner roles within their organizations. In some cases, employers will use job titles interchangeably.
Smaller companies will often have broad job descriptions because they may have their IAM practitioners wear many hats to help out with code development, data management, or IT infrastructure. Larger companies will often have very specific job descriptions for people involved in IAM. Large corporations are the main employers of IAM practitioners, so it is important to understand how these companies usually define various job titles within an IAM organization.
Companies hire IAM architects to plan how their access systems will function. Implementing secure access solutions often requires extensive research and a long-term process of continuous improvement. IAM architects develop theoretical plans for how access systems can function.
In practice, IAM architects will usually work directly with developers to provide and receive feedback. By assigning one or more employees to an architect role within an IAM organization, companies aim to improve their efficiency and to guarantee that resources will be dedicated to research-based continuous improvement.
IAM engineers work with IAM architects to develop and implement access systems that have been planned. Engineers usually work as part of an engineering team to speed up progress. Most importantly, working as a team allows multiple specialists to discover potential flaws in an application’s design.
Although IAM engineers are trained to develop their own applications, almost all of their time in the real world is spent implementing existing IAM software packages. Many software packages are designed to be used by general IT specialists, but companies want IAM engineers to manage installations to verify that configurations are done properly. After all, the cost of a data breach can literally put established companies into bankruptcy. However, there are also cases when IAM engineers are expected to modify an existing program or develop their own code.
IAM specialists have more general roles within an IAM organization. Specialists are more common in smaller businesses that do not have enough staff to divide up IAM functions. However, larger businesses also use specialists to assist their team with the full range of IAM-related responsibilities.
In some organizations, IAM specialists help to assist highly skilled engineers and architects. These organizations will have specialists help out with help desk tickets and simple implementations while more senior staff will work on more complex projects. Additionally, some companies label all IAM professionals as specialists. The role of IAM specialist can, therefore, be a wildcard, so you have to look carefully at an employer’s job description to understand what will be expected of you when you apply for a specialist position.
Getting the Right Education
To become an IAM practitioner, you will need to have the specialized skills necessary to develop and maintain world-class access systems. Unless you have a strong technical background, you will need to start by obtaining an education in IAM related domains. The skills you learn in your education program will be used to enable you to complete a wide range of tasks while on the job. Below is a list of IAM critical risk domains from the Certified Identity Management Professional (CIMP) certification program.
IAM professionals are tasked with keeping data and network infrastructures secure. As an IAM practitioner, you will be responsible for implementing systems that are designed to keep out hackers and malware. You may also have to take active measures to protect data systems.
Large projects require the coordination of substantial resources from a wide range of stakeholders. Therefore, project management is an important element in many IAM jobs because you will need to coordinate with many different specialists to keep everyone on the same page.
Projects also often have tight deadlines that can be challenging for practitioners. You will, therefore, need to learn effective project management skills so that you can plan and implement major changes within a short period of time.
Product Selection and Implementation
When companies buy new systems, they will almost always get input from their IAM department. In many cases, you will need the ability to test a new product to verify that it is secure and that it meets your company’s objectives. Many of these software packages are completely customized for your organization, so you often will not be able to get answers from online sources. Therefore, you will need to learn the technical skills necessary to assess the quality of software packages that your employer will use.
Your employer may also give you the authority to purchase software on your own. Consequently, you will need to understand how to report and justify your purchases to managers who are often restricted by tight budgets. In the process of purchasing software, you will also often need to negotiate with providers directly to ensure that certain features are included with your purchase and to reduce prices.
Employers will expect you to have a strong understanding of the latest software-based security measures. To obtain this knowledge, you will need a combination of a modern education in cybersecurity and practical experience with world-class employers.
Corporate systems are increasingly moving to the cloud, so you will need to understand how to work in this environment securely. You should gain experience using major cloud computing services, such as AWS, Azure, and Google Cloud. Many university programs give graduates exposure to cloud computing services, but you will usually need to take supplementary platform specific courses on your own. In an effort to increase adoption, all reputable cloud computing services offer free courses on their websites.
IAM Architecture, Protocols and Standards
Modern platforms have significantly reduced the amount of customization work that IAM practitioners have to do, but you will still need to customize software on a regular basis. Therefore, you will need to understand the latest security protocols and standards. You will also need to understand how to implement complex IAM architectures in a large corporate environment.
IoT and API Security
In future years, the internet of things is expected to grow significantly in importance. Therefore, you will need to keep up with the latest advancements in the IoT field. You will also need to understand how to use and secure APIs since these functions are widely used in access management.
Artificial Intelligence and Machine Learning
AI and ML have had a relatively limited impact on the field of IAM, but practitioners can expect that these technologies will begin to disrupt how access systems are managed. You should keep up with new AI and ML advancements that are relevant to IAM.
Most employers will expect you to work with their compliance team to minimize risks and comply with legislation. You should possess at least a basic understanding of the major laws and requirements that are relevant to IAM, such as:
- Know Your Customer,
- Sarbanes-Oxley Act,
- Gramm-Leach-Bliley Act, and
- Family Educational Rights and Privacy Act.
The field of IAM changes very rapidly. You should regularly update your knowledge by taking online courses and by diving deep to understand new systems that are used in your workplace. For example, blockchain, DeFi, and decentralized applications may impact how data is accessed, stored and shared in the future.