Nicole Roy
Shayna Atkinson interviewed Nicole Roy, Director of Technology and Strategy at InCommon, in August, 2021.
Can you share a little bit about what it is that you do and what a typical day for you is like?
I manage the service engineering/operations team for Internet2’s Trust and Identity Services department. My day is a balancing act between attending calls with Internet2/InCommon community members to understand the IAM needs of the higher education and research community, understanding the technical workstreams in progress and needed, and working with my team and others at Internet2 and the community to plan and source the work to implement new features, programs, processes and address tech debt.
How has the pandemic affected your work/life?
I really miss being able to attend in-person events - meetings with our community, my colleagues, and with distant family. I mostly worked from home before the pandemic, so not a lot has changed there, but as humans, we really do need to meet in person in order to fire our mirror neurons and keep our empathy pathways reinforced. So, I try to be mindful and intentional of other ways to stay connected and happy in my personal and professional life. Making sure we’re spending some work time just talking to people without a set agenda is really important.
Many people don’t plan to work in Identity and Access Management, but end up doing so through a circuitous career path. How did you end up in this field? What has kept you in the field?
I definitely arrived at this career both intentionally and via a circuitous route. I have a math learning disability, so I was unable to successfully complete the kinds of mathematics courses required in most traditional computer science programs. Meanwhile, I was always extremely interested in computers. How they work, how to program them, etc. When I was little, my dad would bring home broken computers for me to play with and take apart. He’d find them at the university surplus at the University of Iowa, where he taught art history. Meanwhile, I excelled at reading, writing and linguistics, so I focused on a major in English Lit in college, and took a lot of Linguistics and CS courses. I had a student job as an IT support person in college. I started to get interested in how the university was able to know who I was, and use a single username and password to provision a portfolio of services for me, accessible with the same credentials. That was the beginning of my interest in IAM. When I graduated, I got a job at the University of Iowa College of Pharmacy as an administrative assistant. I started solving a bunch of IT problems for them, and they pretty quickly converted my position to a systems administration one. I spent seven years in that position, and then joined the IAM team within central IT at Iowa.
What is the most rewarding aspect of your position?
Working with the smartest, most dedicated and caring people. The higher education and research community is incredibly mission-oriented, and you have to be drawn to that to stay in the tech field within the R&E community. Because of that, people self-select into our amazing global group of IAM professionals, so it’s a very rewarding environment to work in.
Have you seen Identify and Access Management change at all during your time working in it? If so, how?
It’s cyclical, and it’s followed the “mainframe to client-server to cloud infrastructure” model of the wider tech industry. What’s really concerning about the most recent iteration of that evolution in the IAM space, is that many of the cloud IAM providers do not understand the particular needs of global research. They compete with each other for institutions’ business, while making it nearly impossible for people to collaborate across the boundaries of their particular walled garden. The higher education and research community invented many of the underlying technologies that are used to this day- things like LDAP/X.500, the world wide web (servers and browsers), single sign-on, Kerberos, multi-user computing environments, etc. However, in the tech industry today, we have relatively little sway over how cloud-focused businesses provide services to our educators and researchers. We have to be advocates for the types of solutions that our campuses, labs, distributed projects, need. That can be really challenging.
What are some of the most influential ways?
That large-scale adoption of cloud computing is really an enabler and force multiplier. We need to learn to use that to our institutions’ advantage, to securely deploy services that are both easy to use and provide high return on investment. Part of the challenge in IAM is, if we do our jobs right, it’s transparent to the end users, so they don’t know that we’re helping them. Advocating for the resources needed can be a challenge. It’s important for senior leaders to see IAM programs as an important part of a holistic information security vision. Not necessarily reporting up through information security (that is one possible place in the organization), but as partners. We work with an enabling set of technologies that can really benefit organizations that deploy them to meet the needs not just of the business, but of the academic part of the institution. We have to be good translators and communicators and relationship builders, in order to help the many stakeholders understand how they can benefit from these systems that we build.
What is a pivotal moment in your career or a moment that you are proud of?
Helping the InCommon federation community interfederate with global R&E federations in 2016. All of a sudden our federation tripled in size, and researchers from the US could start to access services at, for example, the LHC with credentials from their home university or lab. That was a really big deal for me.
Are there any projects and/or initiatives you’re working on currently that are especially interesting?
We’re currently doing a big project to move the US eduroam operations to new, more scalable, cloud-based infrastructure. We’re doing this to enable regional network providers in the US to offer the eduroam service to new users who have never had access to it before. The community understands that this is going to cause scaling challenges, so we’ve proactively undertaken this project to change how we deliver that service to meet that new demand.
Where would you like to go with your career? Where do you see yourself in 5 years?
I love it here. I hope I’m still working with this community. As long as higher education and research needs my skills, I want to continue to do whatever it needs, that I can do. I like to learn new things, so I’m sure it will be some kind of evolution to some other thing, but I don’t have a solid idea of what that is yet.
What would you like to see changed in the field?
As a transgender woman, I have been exposed to how men and women interact in the workplace in a somewhat unique way. One of the things I like most about IAM in the R&E sector is that we really do seem to care about making sure that people of diverse backgrounds are included in the design, operation, planning, strategy, and leadership of the field. I think we can always do better, and hopefully I have a perspective that can make a positive impact. I’m still learning what that is and how best to get involved. That’s part of the reason I joined this group.
Is there anything in particular about being a woman in this field that you’d like to comment on?
Every manager I’ve ever worked for, until the current one, has been a woman. They’ve all been truly excellent, all in different ways. My current manager is awesome, too. I learned enormous amounts from all of them. I think that diversity of experience is important, and we need to ensure that others have the access they need to our field, to get a career foothold here if they want to. There are a lot of behaviors in the tech industry that are maybe unintentional, but they can drive away people who aren’t the image that everyone sees in their head when they think of a typical IT worker. Hopefully as an industry, we can educate people to make them think about what they say and how they act in these ways, and continue to make it a better place to be for more people.
What is your biggest stress reliever?
Downhill skiing in the winter, and riding my motorcycle in the summer. I like to go fast. When we were still in the office, I would ride my motorcycle to and from work regularly, and it was a good time to focus on something totally different from work. I also have a private pilot’s certificate. I don’t fly much any more, but when I did, it was a great time to focus exclusively on a non-work thing.
What’s a fun fact about you?
I spent the year I was in kindergarten in West Africa (Upper Volta, now called Burkina Faso). My mom taught me kindergarten, and she encouraged me and my sister to learn what we wanted to learn. I think that helped both of us figure out what we wanted to do very early on, and we’ve both really benefited from that freedom and set of expectations.
