Are you interested in Identity & Access Management and where it fits in the field of cybersecurity? Maybe just curious if it is something you’d like to pursue?
If so, I want to share a few terms, concepts, and technologies you’ll come across in the field that would be good to familiarize yourself with.
Some terms and topics for identity professionals:
IAM, Authentication, Authorization, CIAM, SSO, SLO, Federation, MFA, 2FA, SAML, OAuth, OIDC, WS-Fed, WS-Trust, Token, Attribute Contract, Assertion, Grant Type, JDBC, Grant Type, Active Directory, Kerberos, LDAP, IdP, Service Provider, Metadata, ACS URI/URL, Signing Certificate, Encryption Certificate, SSL/TLS, Birthright, Provisioning, Policy Contracts, Allowed Audience, Issuer, Realm, Unique Identifier, Lifecycle, IDaaS, RBAC, API, OGNL.
Clearly this is not an exhaustive list, and no I didn’t define them here. These are some of the areas I deal with every day as an IAM security admin. Most of the time I’m configuring or interacting with multiple areas from this list at the same time, as they all work together to provide secure authentication and access.
So how do you learn this stuff?
The best way to learn on your own is to look up different terms and see how, where, or why they fit in the identity security process. Then use them!
Seriously, if you aren’t working with these technologies on a daily basis, (and even if you are) I suggest you setup trial/dev accounts with platforms like AWS, Azure, M365, Auth0, Okta, Ping Identity, One Login, and play with the tools. Try to integrate them, see what the settings do, see how they use some of the terms and technology mentioned above within their platforms.
Personally I believe identity is at the perimeter/front-line of security. Compromised credentials and access are the goal and source of many security breaches. The more we embrace the cloud the farther that perimeter extends from the physical enterprise.
Plus, IAM is seriously fun! There’s all types of activities to partake in LOL!
Leave a Reply