Identity at the Center Identity At The Center #34 - Managing IAM Risk with Esteban
Mar 9, 2020
Join Jim, Jeff, and Esteban as they dive into the intricacies of managing IAM risk. Esteban shares his journey from IT operations to security, emphasizing the importance of applying the Three Lines of Defense model. The conversation highlights the balance between security oversight and service delivery, as well as the critical role of monitoring in identifying process breakdowns. They also explore the growing significance of governing non-human accounts, showcasing how identity governance acts as a vital security layer.
AI Snips
Chapters
Books
Transcript
Episode notes
Fell Into IAM Through Email Consolidation
- Esteban fell into IAM after owning email consolidation tasks and scripting password sync between domains.
- He became the de facto CA Identity Manager SME and then formally owned IAM responsibilities.
IAM Moved From IT To Security Reporting
- Esteban shifted IAM from IT operations to security to emphasize controls and audit responsiveness.
- The security team reports to risk and compliance rather than the CIO in his organization.
Give Security Enough Organizational Authority
- Ensure the security function has enough organizational authority to enforce policy and drive change.
- Position CISOs high enough to give them impact, even if reporting lines vary by company.
