Welcome to our new series, “Hum@n Leader”, where we introduce you to some of the most outstanding thought leaders in the IAM field.
Our first profile is QVC’s IT Manager– Identity and Access Management, Angie Giardina.
Angie’s gathered a very diverse range of experiences across many technologies, roles and industries. And yet despite of this wide range (or perhaps because of it) she is now an Identity expert.
How did you begin your technical career?
I was born and raised in Seoul, South Korea where I finished four years of college, majoring in Business Administration.
My marriage brought me to US at the age of 24, and I had to start everything over. I first worked as a Certified Nurses Aid for two years prior to joining IBM as an administrative assistant to a group of IT managers. One of the managers I supported at IBM was responsible for the Lotus Notes Helpdesk Support Team, and that’s where my IT career truly began.
I climbed the ladder from starting on the Help Desk, then to Lotus Notes Administrator and Database designer and on to the Intel System Support team.
How did you end up in IAM?
During my time on the Intel Support team, I was asked to help out with a new customer transition project supporting a financial account as an IAM Administrator. I took over the IAM and HelpDesk Transition, performing as a Delivery Manager. There I built the Access Management Tracking Database and Audit Tracking Database, using the Lotus Notes Database Design knowledge I obtained while working as a Lotus Notes Administrator.
The Access Management Tracking Database I built was up and running within two to four weeks, managing all requests and approvals for Access Management. These were managed by a 26-page Word document, which was passed around via e-mail or hard copy!
The Audit Tracking Database provided the life cycle of the IT Audit request process, allowing the IAM team to locate specific access request history within a matter of seconds and reduced audit findings by 95%.
Once the transition was completed, I was asked to join the Service Delivery Manager group for the IBM financial sector. My IBM IT career ended after 19 years of service, and I joined Identropy and worked as an IAM Project Delivery Manager for 2 years.
After working as a service provider, I have noticed that the lack of knowledge of IAM requirements on the customer’s side causes most of project delays or failures, and I wanted to contribute from the customer side. I have joined my current company [QVC] as the Senior IT Security Manager playing the Service Delivery Manager role to deploy SailPoint. I was able to successfully deploy the SailPoint Compliance Manager and partial use of Life Cycle Manager within a 6-months project cycle. I am currently working on deploying the fully implemented Life Cycle Manager and Password Manager Modules of SailPoint during 2018.
What attracted you to the field of IAM in the first place?
The IAM practice attracted me because it touches every aspect of IT security, fundamentally. From policy, life cycle workflow and compliance related to all OS platforms and application and privilege access management, and data privacy controls.
Which technologies do you expect we will see more of in IAM in the future?
I don’t believe there is a single solution that will address everything as of today.
What is the most pressing unsolved problem in IAM today?
Privileged Access Management (accessing controls at the target systems, such as folder access) and data mining. The data pollution built over the years with non-existing access controls has become a huge issue to resolve.
Which kinds of professionals does a good IAM team consist of?
IT Security, Corp Audit, Infrastructure, Network Support, Application Security and IAM Operations. IAM is a great field for career-changers of all kinds.
If you or someone in your enterprise would like to be considered to be a “Hum@n Leader”, please contact our editor, Jayne Hallock at email@example.com. If you want to connect with Angie, you can find her on LinkedIn.
Dr Christina Czeschik is a writer and consultant specialized in information security, digital privacy, and Blockchain. Originally a doctor, she has slipped into the infosec pool by way of cryptoparties, and never quite been able to climb out again.