Cybersecurity and PAM

Zack Zando, IAM Consultant, SecureITsource, Inc. There is no doubt about it, cybersecurity is a fast-growing field. According to the Enterprise Strategy Group, 46% of organizations in 2016 say they have a “problematic shortage” of cybersecurity skills, nearly doubling the number just a year prior. For most large organizations, they are dealing with the woes of retaining talent to the revolving door created by supply and demand. Within the broad field of cybersecurity, there are niche markets that exist, further driving the shortage – one of those fields being Privileged Access Management, or PAM.

The PAM space has been around for some time, but many companies are just now putting PAM solutions in place. As far as solutions go, there are several players, but the dominant player is CyberArk. To keep up with exponential growth, CyberArk has developed partnerships to help fulfill requests from customers, ranging from software deployments to staff augmentation. Often times I see organizations with the right software, but not the right structure or personnel in place. This usually isn’t by choice, but typically from the talent gap or lack of experience mentioned previously.

As PAM consultants, this is something we know and understand very well – after all, we all came from somewhere. We work for large organizations that are in the process of building or rebuilding their PAM program. Like all things security, it’s a constant effort – there’s no such thing as “set it and forget it” with PAM, as our main focus is keeping “things” secure by constantly rotating credentials throughout an enterprise. Of course, a good foundation is key, and such, we’re often tasked with helping to guide companies lay that foundation.

Teamwork makes the dream work

Not so recently, a guy by the name of Aristotle said “The whole is greater than the sum of its parts.” From a pure mathematics, or quantitative point of view, this never makes sense – but to anybody that has been a part of any type of team, this says it all. Two examples of teams:

1. You have a team of 10 people. They mostly stick to themselves, work in silos, and organize their projects and priorities in their own ways. They are good with tasks related work and achieving objectives in a timely manner. Everybody has their own niche, and they make their managers look good. They communicate with others when they have to, but are focused on completing their own tasks.

2. You have a team of 10 people. They track their projects in a way where the whole team can view comments and progress. They are good with tasks, but also good at prioritizing work and delegating when necessary. They are often viewed as over-communicators. They document everything and make collaboration a priority.

In both examples we have teams of 10 people that are very talented at an individual level. Quantitatively, they are equal. As a whole, or Qualitatively, they are very different. There’s a good chance you have been a part of both of these types of team, as have I, and I can tell you I would take the 2nd team every time. In the first team, people stay within their comfort zone but are rarely challenged to step outside of their comfort zone, or able to tackle things outside of their silo. Team two has redundancy, and the team as a whole is less likely to get bored or stale with a certain skillset or technology. Team members are motivated to cross-train and reach their goals together.

I am fortunate to be part of a great team, and I have been several places to get a fair comparison. Our constant communication, diverse backgrounds, and willingness to help each other succeed allow us to be better consultants for our clients. Your problem becomes my problem, and if I can’t figure it out, it becomes my team’s problem. There isn’t an hour span that goes by that there isn’t a slack notification from a member of our team, asking for opinions, thoughts, best practices, or sharing knowledge. Together we are always evaluating what we know, and where we can get better. We are calculated and methodical, and I’m glad to have such a strong support structure behind me as it builds confidence.

Building a PAM program isn’t a small task. However, knowing that you have a small army of highly diverse cyber-professionals there to support you when you need it makes all the difference.

SecureITsource is an authorized reseller and professional services partner with the industry’s leading Identity & Access Management solution providers. Our team of experienced consultants help our clients to achieve their IAM goals by providing strategy, design, and engineering expertise.

Visit our website at www.secureitsource.com