This program aims to provide security architects and identity professionals with the advanced strategic and technical skills necessary to modernize and architect a centralized, Zero Trust-aligned IAM framework:

• Identity and Access Management Specialists.
• Security Architects and Engineers.
• CISO and Security Directors.
• Compliance and Audit Professionals.
• Cloud Security and DevOps Engineers.
• IT Infrastructure and Operations Managers.
• Business Analysts focused on digital transformation.

• Group activities designing an ABAC policy for a fictional application.
• Case studies on major identity breaches and PAM implementation failures.
• Hands-on exercises configuring SSO using SAML/OIDC.
• Technical discussions comparing leading IGA and PAM vendor solutions.
• Role-playing a presentation to executives justifying a multi-million dollar IAM modernization project.

Unit 1: The Strategic Shift to Modern IAM

• Limitations of traditional, perimeter-focused IAM.
• The role of Identity as the new control plane in a Zero Trust Architecture (ZTA).
• Defining the business value and ROI of IAM modernization.
• Key components and phases of an IAM maturity model.

• Implementing and automating the identity lifecycle (Joiner, Mover, Leaver).
• Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC).
• Automating access certification and recertification processes.
• Separation of Duties (SoD) policies and monitoring.

Unit 2: Authentication and Authorization Modernization

• Beyond Passwords: Stronger Multi-Factor Authentication (MFA) methods.
• Context-Aware and Adaptive Authentication based on risk scores.
• Passwordless technologies (e.g., FIDO2, biometrics).
• Authentication for high-assurance environments.

• Deep dive into identity protocols: SAML, OAuth 2.0, and OpenID Connect (OIDC).
• Implementing Enterprise and Customer Identity and Access Management (CIAM).
• Securing API access using tokens and scopes.
• Managing multiple identity providers (IdPs).

Unit 3: Privileged Access Management (PAM) Deep Dive

• Identifying and classifying privileged identities (human and machine).
• Just-in-Time (JIT) and Just-Enough-Access (JEA) principles.
• Vaulting, rotation, and session management for privileged credentials.
• Monitoring and auditing privileged sessions.

• Managing API keys, secrets, and service accounts in CI/CD pipelines.
• Credential injection techniques for DevOps and automation.
• Securing machine-to-machine communications.
• Cloud-native secret management services (e.g., AWS Secrets Manager, Azure Key Vault).

Unit 4: Cloud and Hybrid IAM

• Leveraging native cloud IAM solutions (AWS IAM, Azure AD, GCP IAM).
• Strategies for synchronizing and consolidating identities across clouds.
• Cloud Identity Governance and Entitlement Management (CIEM).
• Securing serverless functions and container access.

• Developing an IAM modernization roadmap and migration plan.
• Consolidating disparate, siloed identity stores.
• Best practices for decommissioning legacy IAM systems.
• Handling legacy application access in a modern IAM framework.

Unit 5: Identity Analytics and Future Trends

• Identity and Access Management (IAM) data as a source for SIEM/UEBA.
• Detecting and responding to identity-based attacks (e.g., credential stuffing).
• User and Entity Behavior Analytics (UEBA) for continuous access monitoring.
• Risk-based decision making for access revocation.

• Decentralized Identity and verifiable credentials.
• Biometrics integration and privacy considerations.
• The evolution of policy engines and centralized authorization.
• Integration of AI/ML for automated risk scoring and access assignment.