This is a tough one to write about because I know for a fact that I’m going to step on a few toes and anger a portion of my audience that feel they are more qualified to create this list, and that credentials matter when making a hiring guide.
I agree with them, if only in the way that establishing credibility before you write about something is extremely important, and should be established right from go, so here we go:
I am an IAM professional who specializes in working with C-Level Executives, Directors, and program leads by leading development teams and coordinating with business units across multiple different industries to understand what makes a business run, while concurrently aligning that understanding with Identity and Access Management principles and technologies to create business value. I’ve worked with Universities, Large Scale Retail Organizations, Healthcare/Insurance Providers, Medical Device Manufacturers and Distributors, Banking and Financial Service Providers, and more to provide IAM consulting advice, strategy, and implementation services in every capacity you can imagine.
Along with our teams at RAAH Technologies, we have collectively managed over 300 Million Identities, saved customers an average of $5 Million in costs for Identity Management Annually, and have helped clients avoid costly data breaches and security incidents that cripple organizations every year.
While I haven’t been in this business 20+ years myself, I’ve been around the block, and have worked with and led the best people in this business to deliver value all over the country for our clients.
We go toe to toe with the biggest threats to corporate and personal Identity security, and we don’t lose.
Flexing our Security Muscles aside, let’s talk about the type of person RAAH trusts to lead an IAM organization
1. Hire a Hungry Learner
Anyone who read that and thought we were being Ageist can dispel that right now. Like any successful person in life, the best IAM professional is someone who has a genuine thirst for knowledge and learning.
We’ve met people like that of every age, and it isn’t uncommon that the folks who have this quality about them can take their knowledge from 0 to expert (at least with respect to Identity at your organization) in 6 months or less.
A student mentality is imperative to being a formidable Security Expert who can inspire others to thirst for knowledge, which is an integral piece of building a knowledgeable and adaptable security organization in an industry that is constantly evolving.
2. Throw out the Resumes, Hire from Within
This is really counter to the business we get from our staffing organization here at RAAH, and I’ll probably get flack from our contractor network for saying this, but your best bet to lead an IAM Organization is to hire the people that have been loyal to you for years, and know the ins and outs of your business.
Learning the Identity side of the picture isn’t impossible to do over a period of time, but learning exactly what makes your business tick, and knowing EVERY aspect of that organization from its people, hierarchy, service organizations, teams, support models, and overall culture is an intangible that takes real time, and is often overlooked when placing someone in a leadership position.
It is often better to put your most loyal and knowledgeable technologist in this position and give them the freedom to work with a partner organization or seasoned resource that specializes in Identity to shore up the technical gap. Your people are your best resource, and that goes double for Identity and Access Management.
3. If They Aren’t Cool Under Pressure, They Don’t Belong in this Business
That sounds harsh, but we don’t mess around when it comes to security. We’ve seen entire teams disenfranchised by leaders who couldn’t hold their cool with their teams when things go sideways, and trust me, they always go sideways. I’d tattoo Murphy’s law across my forehead if I wasn’t absolutely positive my wife would divorce me as a result.
It is hard enough to attract talented developers and Identity stars in the current landscape to work for you, even more so to keep them, and it isn’t for lack of trying. This is a highly specialized field, and the pay is excellent no matter where you go, so the culture is more important than the compensation. A leader who is calm in the face of adversity will encourage a culture of rational thought over panic, which is extremely important in rapid-response situations.
We have worked with managers and “leaders” in the past who couldn’t handle the pressure of working with several business units and deal with the demands of the business and CISOs concurrently. This has led to some poor experiences and meltdowns that lead to talented individuals leaving, which puts organizations in dangerous positions when trying to support an entire Identity Organization with a broken team and impatient/unhinged leader.
4. Hire a historically Analytical Thinker
Generally speaking, the best Identity Professionals are the ones who have the big picture in mind and can see the result of choices down the chain to the real-world implications without running simulations through toolsets.
These people know your business in and out, and are able to mitigate and dance with risk to a security organization till a solution is achieved, while simultaneously minimizing your exposure to threats and business slow-downs without extraneous effort.
Regardless of the situation, whether it be the impacts of changing a provisioning rule, responding to a DDoS attack to your Customer Identity Endpoints, or any other major event, this type of thinker can adapt, and use past experience to save time and increase productivity with team members to deliver the right solution in the least time possible.
5. Hire a true Technologist with a Business Leader Mindset
This is the most important differentiator between the other 4 keys and maybe a bit hard to swallow, but you want to hire the person who basically wants your job… If you are in a position to hire someone to lead an Identity Organization, I can only assume you meet the criteria I mentioned above, and these are the characteristics that make the best CISOs and Directors of technology in the business.
This is the person that lives to create business value in everything they do and presents projects and milestones in a way that makes sense to business leaders and IT leaders alike. This person needs to be the bridge between the two, otherwise, they will fail in the long run, and it only makes sense that they see things from a similar viewpoint as the best leaders in this industry.
Being an Identity expert means you have to be an expert at communicating complicated ideas and initiatives across a wide variety of audiences in a way that can educate fellow cohorts, and create supporters for IAM programs across multiple different business units. The most important aspect of an IAM program’s success is buy-in from every aspect of your business, and for that to be a reality a leader with cross-domain expertise and stellar communication is an absolute must.
All in all, this guide is our definitive criteria for hiring anyone who works at RAAH. We make it a point to work with people who are hungry to learn, are stars in their role, and are leaders in the making. We don’t settle for anything less, and neither should you.