Ken Myers

Identity is all around us. Let's make sense of it.

Follow me on GitHub

3/2021 - My original research topic was focusd on a competency model for the U.S. Federal Government. I’ve modified it to a generic competency model based on cybersecurity workforce planning developed and implemented by the U.S. Federal Government.

Kenneth Myers
School of Technology and Innovation
Marymount University

February 14, 2021

Where have all the (F)Identirati gone? An Identity and Access Management Competency Model

My proposed topic title is “Where have all the (F)Identirati gone? An Identity and Access Management Competency Model”. The purpose of my research is to establish identity and access management work roles, tasks, knowledge, and skills aligned with a competency model to help the U.S Federal Government hire, train, and retain Identity and Access Management professionals.

Identity is an important topic. The 2020 Verizon Data Breach Investigations Report found that phishing and credential theft are among the top threat actions in breaches. A mitigation tactic is to implement multi-factor authentication, an access management service.

  • A quick search on USAjobs.gov found zero results for “multi-factor authentication” and nine results for “access management” (USAJobs.gov, 2020).
  • A LinkedIn job search (2020) returned 13,137 for access management and 152 for multi-factor authentication.

The Office of Personnel Management (OPM) identified identity management as a technical cybersecurity competency. However, the NIST NICE Framework (Petersen, 2020) fails to include it as a work role and only includes two identity-related skills and one knowledge reference. Additionally, the Office of Management and Budget requires all U.S. government agencies to implement a specific identity architecture called the Federal Identity, Credential, and Access Management Architecture (OMB, 2019). A gap exists in that U.S. Federal Agencies are required to implement a comprehensive identity architecture yet do not have defined work roles to ensure it is implemented and operated properly.

The basis of my research will include several sources to include a skills model based on Peterson (2020), a competency model based on Furnell (2020), and skill and knowledge statements from GSA (2020). I expect to develop an identity competency model with defined work roles, tasks, skills, and knowledge statements.

References

  1. Furnell, S. (2020). The cybersecurity workforce and skills. Computers and Security, 100.
  2. General Services Administration (GSA). (2020). Federal Identity, Credential, and Access Management Architecture. Retrieved on October 11, 2020, https://arch.idmanagement.gov/
  3. Linkedin.com. (2020). Job Search for “Access Management”. LinkedIn Job Search. Retrieved on October 10, 2020, https://www.linkedin.com/jobs/search/?keywords=access%20management
  4. Petersen, R., Santos, D., Smith, M., Wetzel, K., and Witte, G. (2020). National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. 5. National Institute for Standards and Technology Special Publication. https://doi.org/10.6028/NIST.SP.800-181r1
  5. Office of Management and Budget (OMB). (2019). Enabling Mission Delivery through Improved Identity, Credential, and Access Management. Office of Management and Budget Memo Series. https://www.whitehouse.gov/wp-content/uploads/2019/05/M-19-17.pdf
  6. USAJobs.gov. (2020). Job Search for “Access Management”. USAJobs Search. Retrieved on February 10, 2021, https://www.usajobs.gov/Search/Results?k=%22access%20management%22
  7. Verizon Enterprise. (2020). 2020 Data Breach Investigations Report. https://enterprise.verizon.com/resources/reports/dbir/2020/