Shameless plug: the IAM book is out !!!
Friday, July 30, 2010 at 12:32PM My dad told me once, you know you're really living on your own when you have to buy your own toilet paper. You're not just crashing with somebody else, you're actauly responsible for your own well-being, and having to take care of things you never thought of before. Like toilet paper. Milk. Gas bill.
So I guess this is where I'm at now in my chosen niche of the market, security. I've got a book out. "Designing an IAM Framework with the Oracle Identity and Access Management Suite."
I wanted to add about nine more words to the title, just to be annoying,but they use a special ink for the covers, made from the bean of a plant that only grows on one hillside in the Brazilian rainforest. In fact, at one point, McGraw-Hill wanted to just call the book "Bob" in order to cut costs.
I've been in security since the mid-90's or so, with identity and access taking up the bulk of that time. Prior to that, I was in database, development tools, pure development, and bare knuckle fighting to help pay for college. In fact, software sales feels a lot like bare knuckle fighting, although I've never been a pure salesguy. I've always stayed on the engineering side of it.
I wrote the book because of the years of experience I had in the field, and I was bursting with stories about how to build an identity framework correctly, and how to do it WRONG. I have seen customers, services guys, and partners do it WRONG, despite all the best advice in the world. And that's too bad, because when it's done right, it can last for years, and make everybody happy. That's why I wrote the little ditty, Ten Ways to Screw Up an IAM Project.
By the way, I like to think of any kind of framework just like the offensive line on an NFL team. Nobody notices when you block the linebackers play after play. They just notice the one play where you allow your quarterback to get sacked. All it takes is a single breach, and all your hard work, all the times you kept somebody from exercising improper access or assuming another user's identity are forgotten. It's got to be tight. Oh, and compliant. Auditors are either chewing at your shorts right now, or they will be. Even universities, not typically publicly-traded entities, are assuming that Sarbanes-Oxley is in their future.
The book details not just the design of the system, but all the stuff that comes before it, and all the stuff that comes after. You have to build the business case, for the need and the funding and the resources. You have to shop for software and help, some of which you may already have internally. THEN comes the design, and the building, and the testing and the maintenance. There is a lot to it, with plenty of moving pieces. I hope I've come relatively close to catching all the pertinent subjects surrounding identity and access management.
Otherwise, watch for my next book, "Sculpting Action Figures from Lunchmeat For Dummies."