Discovering your “Edge” in Identity & Access Management

Posted on by Steve Tout in Career,Current Events

In thinking back over the year about what a wild ride it has been for the IAM and InfoSec community at large, there is no shortage of topics waiting to be addressed from the boardroom to the datacenter. Taking lessons learned from the headline breaches (Target, Home Depot, Sony) to emerging tech opportunities (POS, Internet of Things (IoT), Apple Pay) to dealing with challenges and problem areas in IAM, there is clearly a lot of that can be applied and carried forward that will shape our work and our lives in 2015.

In thinking about our roles in this thing we call our work, it is easy to lose sight of how our assumptions and plans can be foiled and disrupted by threats and trends that you were not focusing on before. Many of the professionals I run into at conferences, especially vendors, tend to be focused on solving problems that their particular solution solves for without much respect to the broader concerns of the business. That is why it is important for IT leaders and architects to frequently spend time staying on top of what is happening in the industry, in business and in the world. As professionals who have responsibility for or a stake in IAM for your organization, we ought to care deeply about making sure that scale, efficiency and superior security are top principles that define our work and our legacy. As a business, not having these principles to guide investments in IAM will have a direct and immediate impact on customer experience and employee productivity. (more on this in another blog post)


If you are making the effort to find more meaning in your career, and to enhance your overall value to your clients or employer, then it is imperative to discover, develop and maintain our “Edge” in our chosen craft. My own experience with discovering and developing an edge started with writing and blogging on the management and strategy of IAM, and not the technology itself. It’s not that execution is not important, its that having peripheral vision and managing from this vantage point is a necessary and valuable activity. Most technicians (E.g. architects, developers, managers, etc…) who set their sights on architecture and strategy will not truly become liberated from their past lives and effective in the business of IAM until their peripheral vision is developed adequately. Marc Cuban, in his book How to Win at the Sport of Business stresses, “It’s not whom you know. It’s not how much money you have. It’s very simple. It’s whether or not you have the edge and have the guts to use it.”

“It’s not whom you know. It’s not how much money you have. It’s very simple. It’s whether or not you have the edge and have the guts to use it.”  – Marc Cuban

If you are focused on addressing the problems your organization faces today, you are focused on the wrong problem. As leaders, we need to be thinking about the new models and strategies that will entirely transform the way we do things today and help the organization become more agile and customer focused. One of the great opportunities today is to look at how an integrated view of IAM and GRC will begin to address issues that span a diverse range of applications and user experiences and make existing investments even more effective. One way for an organization to discover an edge is in the way it manages IAM through integration with GRC and automation within its own operations.

IAM spheres of influence

When I discuss this vision for the future of IAM with the leaders and stakeholders at my company, initial reactions range from blank stares to flat out skepticism due to the magnitude of change (and potentially disruption) that implementing this model can bring to the IT department, and in some cases the business itself. For one, I don’t disagree that the effort is significant, will require a budget on par with a frontier investment, or that there is risk involved. Imagine if Elon Must were the CIO or CISO of your organization, the pervading attitude must be “If something is important enough, even if the odds are against you, you should still do it.” (Hyperloop anyone?)

“If something is important enough, even if the odds are against you, you should still do it.” – Elon Musk

Any way you look at it, IAM will become an increasingly important area of focus for IT and business leaders. We need a vantage point which to see and better align IAM investment opportunities that will have the most impact on ability of the business to compete and grow in the coming years. This is not exactly something I can prescribe as each organization will have a unique set of challenges. On a professional level, you can begin with discovering your edge and doing the work of vision, architecture and strategy for your clients or your company. You can begin expanding your influence and credibility by starting the conversations with stakeholders and leaders in your company who will be involved in some way in your overall IAM strategy.

All the best to you and your career in the coming year!

Subscribe to Forteadvisory group news