What skills are needed for a successful career in IAM?
In the zero-trust era, identity management is critical to an organization's cybersecurity posture. What skills are required to transition into a career in IAM?
As identity and access management became a foundational element of cybersecurity, IAM career opportunities have gained more attention. But just what is the IAM role, and what does an IAM professional do?
Let's explore the important skills, qualifications and salaries for careers in identity management, a field that Juniper Research estimated will grow from $16 billion in spending in 2024 to $26 billion in 2027.
Skills to be successful in IAM
It is reasonable to expect that more investment in technology will drive a corresponding expansion in hiring -- and for good reason.
Enterprise infrastructure is highly distributed, connected and more complex than ever. The sprawling and dynamic nature of today's IT systems result in many more points of exposure, and threat actors are all too willing to exploit these potential vulnerabilities -- whether in the cloud or on-premises.
To meet the threats, organizations put more of their security efforts into identity management. Those that implement zero-trust practices continuously validate, authenticate and verify all devices and users. IAM tools grant a digital identity to each employee and device, establishing the level of access and privilege each entity has. Through a variety of mechanisms, including identity authentication, role-based access control and auditing, a business can track and restrict activity based on policy.
What's needed to execute on a sound IAM strategy is technology and skilled personnel, but security teams sometimes struggle to find or develop talent to perform this work.
Training proven staffers from within the company has inherent benefits for both the employer and the employee. The employer avoids expensive recruitment costs, extends employee retention and gains applied institutional knowledge. Employees who transition to new roles maintain workforce continuity, while boosting their skills and potentially their salaries.
What qualities make someone a good candidate for an IAM role? Key ones include the following:
- Communication skills. This is true for most any IT job, but effective communicators fare better in IAM roles than those who don't have these skills. An IAM job interview is a prime opportunity to demonstrate this side of yourself.
- Project management experience. This is important, particularly as organizations undertake new digital transformation initiatives.
- Prior work in risk management. It is important for workers to understand risk management principles so that they can assess the level of risk that's acceptable for a particular asset or set of resources.
- Understanding of metrics. Being able to demonstrate success through KPIs is an important element in an IAM role.
- Knowledge of directory management. This matters both for someone new to identity management and a worker looking to advance in their IAM career. Directory management underpins IAM, so its principles are fundamental. From a technical perspective, experience with Active Directory is essential. Having worked with AD to authenticate an entity or other protocols, such as AD Federation Services or Lightweight Directory Access Protocol, is a good head start for an IAM role.
Also, it is helpful to have familiarity with Security Assertion Markup Language, which provides a framework for single sign-on, and OAuth, a standard used to protect account credentials when used by a third-party service.
An IT staffer with interest in an IAM job should explore other elements of the discipline, including the three As of identity management -- authentication, authorization and accounting -- MFA, and identity threat detection and response, as well as privileged access management (PAM), which is a method an organization might use to limit access to its most sensitive information.
Recommended IAM certifications and training
Training and certification programs can provide a foundation for a career in IAM.
The most respected certification in the field is CISSP. This ISC2-backed certification covers multiple security domains, including security and risk management, asset security, communication and network security, IAM, security assessment and testing, security operations and software development security.
Other certifications are more specific to identity and access management. These include ISACA's Certified Information Systems Auditor and Identity Management Institute's Certified Access Management Specialist.
An IT professional interested in exploring the IAM discipline without the commitment required for a certification might consider some of the free, basic training programs. For example, the Identity Security Leader credential offered by security vendor Sailpoint gives students access to 4.5 hours of vendor-agnostic IAM training.
Research from the AI-Enabled ICT Workforce Consortium published in 2024 found that 92% of analyzed IT jobs will require a moderate to high degree of reskilling or upskilling, primarily related to advances in AI. Such retraining certainly will be necessary in cybersecurity.
IAM career and salary overview
For prospective IAM staffers, training and upskilling opportunities within their existing companies are the most pragmatic approach. This is particularly beneficial for someone in an IAM-adjacent IT role.
Though the responsibilities and requirements can vary by company and industry, the typical starting point for an IAM professional is as an analyst. Salaries also vary by region, industry and company. Salary survey companies can help prospective IAM professionals to begin to gauge where the best opportunities exist and what skills the individual roles require. For example, Glassdoor says an IAM analyst makes $84,002 on average, but in certain sectors, like healthcare, that number is considerably higher. Glassdoor puts the lowest salary for an IAM architect at $116,580 but notes it can go up to $182,521 annually. The salary range for an IAM director on Glassdoor runs the gamut from $190,000 to $302,000 yearly.
IAM salaries can vary considerably by country, as well as within a country. As with other IT positions, salaries map to the cost of living for where the job is located. An IAM job in in the Bay Area or Manhattan, for example, will likely pay thousands or even tens of thousands more than a similar position in a less expensive location.
What is clear is that there are prime opportunities for job seekers who want to explore a career in identity and access management.
Amy Larsen DeCarlo has covered the IT industry for more than 30 years, as a journalist, editor and analyst. As a principal analyst at GlobalData, she covers managed security and cloud services.