The role of an IAM manager

- [Narrator] Imagine you're sleeping and it's 2:00 AM in the morning. You are awakened by a frantic network operations center analyst telling you the company has been breached. What do you do next? This situation happens and unfortunately, quite often today according to statistica.com, a leader in market and consumer data breaches went from 157 a year in 2005 to an estimated 1,862 in 2021. As an identity access management, also known as an IAM manager, one key role is to provide a process to safeguard your user's data by enforcing guidelines such as a company-wide password policy. I bet you're asking what does IAM manager do? IAM managers are responsible for creating policies and procedures related to the user. This should include how access is granted users, what should be the ideal period to remove user accounts who have left the company and meeting with senior management to ensure our company complies with existing laws. Sounds fun, right? This is one of a few key responsibilities you have as an IAM manager. Some other responsibilities are modernizing your IAM policies to keep up with the emerging technologies, ensuring new application aligns with current policies and potentially handling how to incorporate a new merger or acquisition to your organization. The last and most important responsibility is managing your team and ensuring not only are they set up for success but they're helping drive your policies. You wonder if you need to be technical in this role. Do you need to know what Python is or how to hack your own company using Kali Linux? While I'm here to tell you, you do not. I've worked with many well-respected IAM practitioners and some come from a business background and even some do not have a college degree. I'm not saying it's not okay to have a technical background. I believe it can help you communicate any issues to senior leadership, but in IAM, the majority of their best practices is not just the coding part, but more the process of how we will solve user access management or should we allow contractors access to our network during off hours. These discussions and decisions provide more impact to an organization than being able to tell an engineer what error is occurring in your SAML assertion. The last and most important role for an IAM manager is being able to collaborate with other teams. IAM is one part of the organization's IT security division. As an IAM manager, the policies you come up with needs to have feedback from your security operations team and your governance, compliance and relations teams or commonly referred to as GRC. Collaboration includes being able to communicate your decisions in a fashion that is simple to understand without any jargon or acronyms. IAM managers must understand that not everyone has your background so keep it simple that result in initiatives getting done. Remember that phone call at 2:00 AM about the data breach. What do you do next? Knowing your responsibilities you have to have a playbook that outlines your organization's IAM policies such as how users authenticate to your network and how long an account stays active in your network after they have left the organization. This playbook crafted by you and your team with the approval from other IT leadership in your organization will set you up for success or set you up from preventing specific scenarios.