Search

Discover the job of an IAM consultant

Discover the daily life of Alexandre Debrie, IAM consultant at Orange Cyberdefense.

Where did you get your interest in cybersecurity?

I have always been passionate about IT and understood very early that cybersecurity was one of the significant issues of our time. It is a field that is constantly evolving, where you never get bored.

You spent part of your studies in Mexico. What do you remember about this experience?

I didn’t want to take the easy way out and go to the United States or England, for example. I wanted a total change of scenery, and I got it. Furthermore, the teaching in Mexico is different from what we experience in Europe. At the university, the courses are given in small classes, which offer actual proximity with the professors, the possibility of exchanging ideas, and asking questions. Learning is very project-oriented. This allowed me to consolidate my computer science skills, especially Java and Linux, essential in the IAM world.

You joined Orange Cyberdefense in 2018 as an IAM consultant. If you had to explain IAM to a newbie, what would you say?

At work, an employee will use a multitude of accounts to access the different resources he uses. IAM, for Identity and Access Management, consists of automating these accounts’ management to give the right access, at the right time, to the right person. This implies the governance of the employee’s life cycle and, for example, that he has access to specific resources as soon as he arrives. If he evolves, rises in rank, his access will also evolve with him. Finally, when he leaves the company, it will all have to be revoked. To do this, we define a role model that will grant all the accesses necessary to work for each job. Some of these roles are mutually exclusive: for example, the same person will not be allowed to submit a request and validate it simultaneously. With certification campaigns, access is periodically revalidated by managers: there are no more “dormant” accounts.

IAM also considers the federation of identities, which makes it possible, for example, to open up the enterprise system to partners. Finally, strong authentication (such as SMS or biometrics) and privileged account management (to monitor administrators’ actions) are also within the scope of IAM. This is a little-known yet crucial area in cybersecurity. An efficient IAM strategy means a higher level of security, the assurance of complying with existing regulations, and a reduction in costs because everything is automated.

Is it for these reasons that you chose to specialize in IAM?

I discovered IAM during my end-of-study internship. I liked it a lot and I had the opportunity to stay. I was an IAM consultant, a job I still have today.

What is your job?

Our service is organized into two teams, Build and Run. The Build team designs the architecture, defines the role model, the business processes, establishes the migration strategy, and finally integrates the solution chosen by the client into its infrastructure. The Run team ensures the proper operation of the Build team’s solution: its maintenance, responses to security incidents, development of evolutions requested by the customer. I started in the Run team. Today, I work in the Build team.

What do you like most about your job?

IAM is a very transverse discipline. It is a brick that interfaces with many types of systems. So you have to know all these systems well to develop the connectors that will link them to IAM. This allows me to increase my skills in several subjects at the same time. I also like the fact that I wear two hats, one technical (development, log analysis, etc.) and the other functional (consulting, training, etc.).

Do you work in a team?

Yes, the size depends on the project. In general, we work with three or four people on a project that lasts from several months to several years.

If you had to describe Orange Cyberdefense’s culture, what would you say?

The atmosphere of a small company reigns even if we are a large structure. The teams are very close-knit, and the management is human. We are supported and supervised in our professional project. The teams are quite young, which is also one of the strong points that made me choose Orange Cyberdefense.

How do you see the following years of your professional life?

In the short term, I would like to continue to improve my technical skills. In the longer term, I plan to become a security architect.

What advice would you give to someone who wants to work in cybersecurity?

I would advise you to be passionate and curious. Also, having good interpersonal skills and building and maintaining a relationship of trust with your client is essential.

Discover Identity & Access management

Start your career at Orange Cyberdefense!

We are always looking for talent! Choose from a wide range of exciting jobs across our many topics and regions. 

You find a number of these job opportunities on our Careers page. Have a look and maybe we'll meet in the team of security heros, building a safer digital society soon!

Check job opportunities

Incident Response Hotline

Facing cyber incidents right now?

Contact our 24/7/365 world wide service incident response hotline!