If you're in a one-man or couple company, then a password manager is enough, eg. 1Password, Bitwarden, or Vaultwarden.
But when your employees start to join and out, the first thing is SSO, IAM & IGA.
With strong password requirements, schedule rotation, and MFA. All employees can be onboarded on day one and lost permission on the last day.
Then how does an employee on day one know the init credential, you can share the init password with the employee in the onboarding email or face-to-face.
The RBAC or ABAC control relies on IAM.
The employee lifecycle management and approval can rely on IGA.
After this, the milestone for supporting the employee's identity lifecycle is done.
Currently, You have an empty app dashboard.
When you start onboarding applications, most mature 2B applications will easily integrate.
Eventually, you need to onboard some applications that only support credentials login. This time you need password injection, eg. the password-based SSO on Microsoft Entra ID.
Or root or breaking class accounts in the application cannot be integrated with the SSO system, You need to find a new tool, which is PAM. eg. CyberArk, or Hashicorp Boundry. Which can protect those privileged accounts.
In the end, Just do remember, never directly share credentials with your employees, except the init password for your SSO, human error always exists in the real world, people always forget to change the password after an employee or manager leaves or switches positions, and they will assume that person is a good guy, no worry for no rotation.
Location: Melbourne, Australia (Need Visa Support)
Remote: Yes
Willing to relocate: No
Technologies: AppSec, Python, Golang, Java, NodeJS, React, Azure Entra ID, GCP.
Résumé/CV: https://eindex.me/content/files/2024/08/Baikang-s-Resume---AppSec-Specialist.pdf
Githug: https://github.com/eindex
Email: snowstarlbk@gmail.com
LinkedIn: https://linkedin.com/in/eindex
I'm an Application Security Specialist with 8 years of IT experience, including AppSec, IAM Specialist, Seucity Consulter, and Full-stack developer. I'm looking for a job which will support my relocation to Australia.
I have turned to the CyberSecurity Field for 4 years. I found in this role, I can help teams build Secure Applications, which allows me to see various system architectures and help them enhance. Last year I started to play a security architect role focusing on the IAM field on the client side, let start to build the process and design the system architect, to involve more teams.
But I need a sponsor for relocation, If you need an AppSec or IAM Specialist, or you need a Cybersecurity solution design or IAM-related roadmap design, or Application security gap analysis, Welcome to connect & hire me, I think I will be the best choice.
If you are afraid of the cybersecurity risk but can afford a full-time position, you can also contact me for part-time work, I can help you to know what you should take action and clear the priority.
But when your employees start to join and out, the first thing is SSO, IAM & IGA. With strong password requirements, schedule rotation, and MFA. All employees can be onboarded on day one and lost permission on the last day. Then how does an employee on day one know the init credential, you can share the init password with the employee in the onboarding email or face-to-face. The RBAC or ABAC control relies on IAM. The employee lifecycle management and approval can rely on IGA. After this, the milestone for supporting the employee's identity lifecycle is done.
Currently, You have an empty app dashboard. When you start onboarding applications, most mature 2B applications will easily integrate. Eventually, you need to onboard some applications that only support credentials login. This time you need password injection, eg. the password-based SSO on Microsoft Entra ID. Or root or breaking class accounts in the application cannot be integrated with the SSO system, You need to find a new tool, which is PAM. eg. CyberArk, or Hashicorp Boundry. Which can protect those privileged accounts.
In the end, Just do remember, never directly share credentials with your employees, except the init password for your SSO, human error always exists in the real world, people always forget to change the password after an employee or manager leaves or switches positions, and they will assume that person is a good guy, no worry for no rotation.