I have always been passionate about IT and understood very early that cybersecurity was one of the significant issues of our time. It is a field that is constantly evolving, where you never get bored.
I didn't want to take the easy way out and go to the United States or England, for example. I wanted a total change of scenery, and I got it. Furthermore, the teaching in Mexico is different from what we experience in Europe. At the university, the courses are given in small classes, which offer actual proximity with the professors, the possibility of exchanging ideas, and asking questions. Learning is very project-oriented. This allowed me to consolidate my computer science skills, especially Java and Linux, essential in the IAM world.
At work, an employee will use a multitude of accounts to access the different resources he uses. IAM, for Identity and Access Management, consists of automating these accounts' management to give the right access, at the right time, to the right person. This implies the governance of the employee's life cycle and, for example, that he has access to specific resources as soon as he arrives. If he evolves, rises in rank, his access will also evolve with him. Finally, when he leaves the company, it will all have to be revoked. To do this, we define a role model that will grant all the accesses necessary to work for each job. Some of these roles are mutually exclusive: for example, the same person will not be allowed to submit a request and validate it simultaneously. With certification campaigns, access is periodically revalidated by managers: there are no more "dormant" accounts. IAM also considers the federation of identities, which makes it possible, for example, to open up the enterprise system to partners. Finally, strong authentication (such as SMS or biometrics) and privileged account management (to monitor administrators' actions) are also within the scope of IAM. This is a little-known yet crucial area in cybersecurity. An efficient IAM strategy means a higher level of security, the assurance of complying with existing regulations, and a reduction in costs because everything is automated.
I discovered IAM during my end-of-study internship, I liked it a lot, and I had the opportunity to stay. I was an IAM consultant, a job I still have today.
Our service is organized into two teams, Build and Run. The Build team designs the architecture, defines the role model, the business processes, establishes the migration strategy, and finally integrates the solution chosen by the client into its infrastructure. The Run team ensures the proper operation of the Build team's solution: its maintenance, responses to security incidents, development of evolutions requested by the customer. I started in the Run team. Today, I work in the Build team.
IAM is a very transverse discipline. It is a brick that interfaces with many types of systems. So you have to know all these systems well to develop the connectors that will link them to IAM. This allows me to increase my skills in several subjects at the same time. I also like the fact that I wear two hats, one technical (development, log analysis, etc.) and the other functional (consulting, training, etc.).
Yes, the size depends on the project. In general, we work with three or four people on a project that lasts from several months to several years.
The atmosphere of a small company reigns even if we are a large structure. The teams are very close-knit, and the management is human. We are supported and supervised in our professional project. The teams are quite young, which is also one of the strong points that made me choose Orange Cyberdefense.
In the short term, I would like to continue to improve my technical skills. In the longer term, I plan to become a security architect.
I would advise you to be passionate and curious. Also, having good interpersonal skills and building and maintaining a relationship of trust with your client is essential.