Identity and Access Management: Career ProspectsRegulations, Threats Open New Opportunities Identity and access management (IAM) deals with how users within an organization are given an identity - and how it is protected, including saving critical applications, data and systems from unauthorized access while managing the identities and access rights of people both inside and outside the organization.
"Identity and access management involves protecting our data assets and implementing processes and procurement standards to run business more intelligently," says Mike Del Guidice, senior security officer at Crowe Horwath LLP, a security services consulting company based in Chicago. "Identity and access management is to do with the efficiency and effectiveness of controls. Are the controls doing the right thing in an intelligent way? How can we align these controls with the business processes for a mature solution?"
"Regulatory pressure and meeting effective data security standards have made identity and access management skills and role very desirable in recent times, especially within financial institutions says," Tammy Moskites, Vice President, IT Security Officer, Huntington National Bank.
Role and Prospects
The IAM roles remain primarily within the consulting and outsourcing industry, as IAM remains a highly complex arena. That said, "There are currently positions available for IAM individuals with a track record in both private and public sectors, including professional services, government, financial services and technology companies," says Victoria Lee, SVP Lenzner Group, an executive security search and consulting services firm based in New York.
User account administrators salaries can range from $45k - $80k, indicates Moskites. For skilled and experienced identity and access management engineers of Identity solutions, salaries can range from the mid-$70's, upward to $120k range for full integrators. Usually engineers at security vendor companies and in a senior consulting role reach the high end with salaries ranging from $120k-150k.
The role is usually carried out by a senior IT system administrator with hands-on regulatory compliance knowledge. The IT/ Security role involves supporting and over seeing day-to- day operations and activities including;
The role is technically-oriented and needs oversight by a project manager who typically has ownership of the IAM program within the organization. The project manager constantly interacts with management, IT/Security, governance and business community to ensure success and integration of various aspects with the IAM infrastructure currently and going forward.
Management support includes building a strategy, vision and road map for attaining effective and efficient identity and access management controls. "Organizations should assess its requirements, technical abilities and select a technology tool that aligns best with its business objectives, timeframe, budget and resources," says Hord Tipton, CEO, ISC2.
Senior security management should:
Business group should ensure that IAM program initiatives are in alignment with business objectives and processes and help:
"Identity and access management and data security should be a line of business vs. support of business; IAM should be seen as an enabler of business," says Del Guidice.
Skills required: vIAM requires professionals to have a solid IT and technical background in system architecture, application architecture, design and implementation, coupled with a strong understanding of business operations and controls. A bachelor's degree in computer engineering or IT systems is strongly recommended by experts. Additionally, experience could be achieved by taking up positions in IT and/or IT Security software development projects, security architecture, networking, application and or/database management and system integration of end to end enterprise solutions. A good exposure and hands-on experience come from joining one of the IAM vendor companies, which provide a good entry point in this field. Key skills include:
Other Certifications (Novell, Security+, MCxx)
As organizations grow and become more complex, the number of identities to be managed will follow that trend. "With the ever-changing risks and regulatory requirements that are presented to companies, more and more companies are looking for that silver bullet- to enable automated user access management. However, this effort will take many years, and in today's economy it is a very expensive initiative to take on," says Moskites
"IAM professionals will continue to be highly desired individuals given the expanding risk environment as a result of the current market and economic conditions, increased regulatory compliance, governance and transparency requirements, as well as the exponential reach of global commerce and connectedness we share today," adds Lenzner.