IAM-HER Career Journeys - The career path to Identity Management CEO is not a straight one
If you had asked me in my late-20s where I imagined myself in 25 years, my answer would not have been “I will found and lead an identity management company for research and education”.
I would have said something like “I’ll be living in Latin America, leading an NGO focused on housing and infrastructure.” I had just finished graduate school with Master’s degrees in City Planning and Latin American Studies.
So how did I end up as CEO of Cirrus Identity?
Like many people in this field, I landed in it haphazardly. And also like many of my peers in IAM, I quickly grew passionate about the importance of the field, and the possibilities for our work to yield huge positive (and negative) impacts.
I have always been interested in understanding human interactions, and I studied Psychology as an undergraduate at UC Berkeley. I subsequently worked in student support services for many years, and witnessed technology become more and more integral to communication between students and their faculty and the university administration.
I worked for quite a while in academic support services, with a focus on technology. After a number of years, I grew more interested in the technology part. When one of my colleagues who managed the residential network left the university, I volunteered myself for a one-year internship, and that became the real start of my career in technology. It was a trial by fire, as the only computer they gave me to work on ran Linux on the desktop. My eager student staff came in to give me some training and get me started. Their first question was “What text editor do you use?” I guess my blank stare was enough to inform them that I needed a lot of training.
Between amazing support from my student team, and lots of reading and taking classes at night, I got to a place where I kinda knew what I was doing. I soon realized that my real strength on the job was organizing the team, setting common goals, and helping the organization work together to accomplish those goals. I also learned to pitch management for the resources we needed to deliver services. I grew the team from about 12 student staff, to over 55, with teams to handle system administration, software development, and desktop support for students. The job was fulfilling and I learned a ton about technology and about organizational development.
After eight years, I was ready for a new challenge. One of my former staff members had gone to work for central IT in the Infrastructure Applications group, which included Identity and Access Management (IAM). When the IAM manager left, I was recruited to apply and I studied enough to make it successfully through my interview, but the reality is that I knew nothing about identity management. I had proven myself to be resourceful and a quick learner, but more importantly, I had a track record as an effective IT Manager. I didn’t realize yet what that was worth.
My first year in the identity management field was extremely difficult. I did not know LDAP from SAML or CAS or Kerberos. When I heard the word “provision”, I thought about food supply. The technical learning curve was a mountain compared to the molehill from my residential computing days. Again, I did lots of reading, studying, and listening as my staff explained the identity management challenges our campus faced.
I didn’t realize yet that the community I had just entered, identity management in higher ed, had a strong tradition of subject matter experts willing to train the newbies. One of the most helpful articles I read had the memorable tag line “It’s 9:30am, do you know where your users are?”, written by two veterans of the field: Ann West and Michael Gettes. Little did I know that in future years, I would join them as veterans in the field, and that they would one day be customers of identity management solutions developed by a company I founded.
At the time, I just kept my head down as I climbed up the identity management learning curve mountain.
I realize now that it’s not so much a mountain as an elliptical. No matter how much you climb, the hill keeps getting higher as technology, security threats, and business requirements evolve. At some point, I decided that in spite of the never ending challenges (and probably because of them), this is the field where I want to stay. And I’ve discovered that there are threads into earlier phases of my career that have carried through to where I am now.
Harkening back to my days as an undergraduate psychology major, one of my consistent interests has been human interaction. How do people engage with each other to reach their goals and make a difference in the world. I started my career in technology just as phone calls were being replaced with emails, paper forms were jettisoned in favor of web-based workflows, and the “check in the mail” was substituted by an ACH transfer. In every one of these interactions, the first step to success is for a real live human to represent themselves digitally through some form of trusted authentication. Strong identity management is at the foundation of all online human interaction.
Another consistent theme in my career has been higher education. I spent 8 years at UC Berkeley as a student, and over 20 years there as an employee. Creating and supporting educational opportunities for myself and for others has been a core value throughout my career. And when I was introduced to the concept of multilateral identity federation and trust frameworks to support education and collaboration, I was hooked.
I still remember working with my team at Berkeley to join the InCommon federation and set up our first federated integration with the Hathi Trust. I began attending Internet 2 events like the Global Summit and Technology Exchange, and as my expertise grew, and with the encouragement of industry veterans, I began submitting presentation proposals that were accepted! Before I knew it, people were turning to me for advice on their IAM implementations.
It was at an Internet 2 event that I had an epiphany. I had been witnessing many campus stakeholders increasingly interested in utilizing vendor-developed, and cloud-hosted services. I had been burned by vendor relations in the past when Oracle acquired Sun Microsystems and sunset Sun Identity Manager. I saw the potential of the open source offerings developed by the higher ed community. I wanted to leverage the resources I managed on campus to contribute to those open source projects, rather than buying vendor products that did not meet higher education needs. I thought identity management would be protected from the pressure to migrate to the cloud because universities would never tolerate the security and data privacy risks of migrating identity to the cloud. Then, I attended a presentation at the Internet 2 Technology Exchange where a campus described its migration to cloud email, and the disaster recovery benefits they gained as a result. It was clear that this migration included moving all their user accounts (and identity credentials) to the cloud, but the presenter mentioned that as an aside, a required step for functional implementation, and then moved on. In that moment, I knew it was only a matter of time before identity and access management services moved to the cloud as a standard approach.
I had spent the past 15 years of my career leading teams of system administrators, developers, business analysts, and project managers to build cool solutions. I realized that if I stayed in my day job, I would likely end up being asked by campus leadership to purchase and implement a cloud-hosted vendor solution. What I wanted to do was continue building solutions, and influencing the capabilities of identity management tools (rather than hacking solutions designed for business to fit the needs of research and education). I also had a team member who was a brilliant developer and wanted to launch a business to make it easier to integrate “social” login for appropriate higher ed use cases. InCommon had chartered a workgroup on social login that was very well-attended, and the participants liked the prototype we built. So in 2013, we launched Cirrus Identity.
In the 8 years since, I have had the pleasure of recruiting and working with an amazing team of engineers, customer support staff, and even sales people who share my commitment to facilitating education and research. Each quarter, we expand and refine our offerings, and from that first social-to-SAML Gateway service, we now have 6 core modules that solve identity challenges specific to research and education. A big focus for us is making it easier for campuses to participate in multilateral federation so that they can more readily partner on research and scholarship. We are working increasingly with solution providers in the education space to leverage trust federations and integrate more rapidly with hundreds of universities.
In addition to managing a business, I get to influence the development of products that streamline human interactions and enable collaboration. And, by engaging with colleges and universities around the world, I can share the expertise I have developed over the years with a wide variety of teams solving a wide array of complex problems. On a daily basis, I get to continue learning, and be a resource for others as they work towards outcomes that I care about.
I’m thrilled to have found this career, and to have the opportunity to recruit more people into the field of identity management in research and education. I am especially excited about growing diversity within the field, and for that reason, I devote time whenever I can to the Women in Identity organization, and our special interest subgroup: IAM-HER (Identity and Access Management - Higher Education and Research). I also do what I can to make the field as inclusive as possible to people from all backgrounds. I hope to see you at upcoming events, online or in person!