by Casey Yarbrough - Posted 1 month ago
Recently I had the privilege of leading the implementation of SailPoint IIQ for the usual reasons’ companies go on such journeys (compliance with regulatory and/or audit requirements) and I’m happy to say our team was successful for all the usual reasons (lots of hard work and sacrifice by all involved). We were even rewarded with a nomination and eventual recognition for the 2021 CyberSecurity Excellence Award – Team of the Year (North Amercia). However, I want to talk more about what we learned during that journey than the journey itself.
First, don’t let your past successes prevent you from delivering what’s best for your current situation.
It is human nature to figure out a “recipe for success” for a given problem and then apply said recipe anytime said problem presents itself. We even put a bunch of our favorite recipes together and call them “best practices”. It is no different with large implementations, especially when there is a large price tag involved. We want to be as certain as we can that we will be good stewards of the trust that we are given. In my experience, most Identity Management implementations take two to three years. Typically, we start with base provisioning and then build in an application request workflow and reconciliation cadence with key applications, usually no more than six to ten to start with. What we really needed was a huge improvement in all our user access reviews, which would typically come, at the earliest, at the end of year one. Typically, I had to decide whether to ask our Senior Leaders to continue to bear the current state for another year along with the increased risk while we took the typical life cycle approach. Again typically, the only other option would be taking a more unorthodox implementation approach with greater risk while delivering the pieces they needed first instead of year two. The lesson here is to succeed faster and more comprehensively by using the tools as well as our knowledge and experience.
Second, do not be afraid to use all the tools at your disposal, even the older ones.
As a weakness, we had manual processes that involved collecting, transforming, staging, certifying, and finally reporting on the data. What typically gives an Audit organization heartburn is a lack of evidence that your processes are “complete and accurate”. While end to end automation is the prescribed elixir here to produce accurate logs and reduce human error, time can sometimes limit what is possible. In our case, it was faster and easier to create transformation scripts for the source data files using the toolset from our old provisioning engine. We created a staging database to receive the transformed data from our scripts.The logs were kept courtesy of the old provisioning engine and we now had ONE JDBC integration for our new platform with associated lifecycle rules instead of forty. We learned that it is not necessary to build out all new roads to lead to your destination. Sometimes you need to use some of the older roads to keep your traffic moving while you complete higher priority objectives.
Third, be the rock and do not lose your cool.
People get sick. Loved ones have emergencies. People react to stress differently, but by and large, they do not perform better if you pressure them when they are dealing with external issues beyond their control. Stressful situations will come at critical junctures so resist the urge to appeal to their sense of guilt. Avoid using fear, regardless of how real that fear is for you. Instead, an investment of empathy and a reasonable amount of understanding will pay huge dividends. Remember, all eyes will be on you, especially those of your team. When you show them that you, their leader, has their back they won’t be looking over their shoulder and checking their six. It is hard to move forward with alacrity if your attention is on what is behind you. You will be spending a lot of time with your team under less-than-ideal circumstances (i.e. not enough time, too much to get done, you broke what?) and you will need their trust. Earn their trust and they will go to the wall for you. Appreciate them accordingly and they will continue to follow you and go to the wall for you again.
I said at the beginning that I had the privilege of leading a team on a successful journey.
To me, that is what leadership is: a privilege. It is also one of the greatest responsibilities you will have: to mentor the next leader(s). Knowledge, skill, and experience gets us to the mountain. However, it is your team that gets you to the summit. Use your skill and knowledge to help identify a new efficient solution to a problem your team is trying to solve. Challenge your team by asking them what they can do to work around gaps using whatever is at hand to buy time for the final solution. Be there for your team with words of wisdom, advice, encouragement, understanding, and most importantly, appreciation. Don’t miss an opportunity to recognize key individual contributions in leadership team forums/meetings so they are familiar with those names during merit and calibration meetings. Now, more than ever, I think people will be more likely to choose the “who” they want to work for rather than “where” they want to work as proximity becomes less and less important. Be the leader that makes your organization the best place to work because for most of us, the free coffee and snacks are not nearly as relevant as they used to be.