A Personal Journey from IAM Developer to Cybersecurity Explorer
When I first started out as a developer, my world revolved around identity and access management (IAM). I was deep into custom role profiling, authentication flows, SAML SSO setups, OpenID, OAuth, and making sure users had just the right access—no more, no less. After rolling out a few enterprise identity and access management solutions, including access governance and privileged identity management, I honestly thought I had a pretty good handle on “security.”
Spoiler: I was wrong.
Unboxing Security: It’s Way Bigger Than I Thought
Back then, I saw security as something you could box up: tick off the IAM tasks, maybe run a certification campaign or two, and call it a day. But when I got my first real taste of broader cybersecurity, it was a total eye-opener. The depth and sheer scope of the security world floored me. What I’d covered so far? It was just the tip of the iceberg.
I realized quickly that security isn’t just about managing identities or setting up SSO. There’s a whole universe out there—think firewalls, intrusion prevention, web application firewalls, API management, vulnerability management, hardening systems, and so much more. Each area is its own rabbit hole, with layers of complexity and specialization.
So, Who Needs Security?
(Hint: Everyone)
Here’s something I wish I’d understood sooner: security isn’t just for IT or security teams. It’s for everyone. Developers, admins, product folks, even end users—everyone has a role to play. If you touch data, build systems, or use applications, you’re part of the security story.
Trying to Box It All In: My Take on Security Layers
At some point, I tried to make sense of it all by breaking security down into levels. Here’s how I see it now:
- Perimeter Security: This is your first line of defense—firewalls, intrusion prevention, web application firewalls, and API management. (Pro tip: firewall analyzers are a thing, and they help keep those rules in check.)
- Vulnerability Management: A beast of its own. You’ve got to keep tabs on network devices, servers, third-party apps, databases—basically, anything that can be poked or prodded by an attacker.
- System Hardening & Monitoring: Making sure critical files are locked down, systems are hardened to industry baselines, and you’re always watching for weird changes.
- Cloud Security Posture Management: Looking at your cloud infrastructure from a bird’s-eye view, making sure you’re compliant with frameworks and policies.
- Detection & Response: All those security events? They get funneled into a SIEM, then over to the SOC for analysis and action.
- Security Testing: Whether you’re in DevSecOps or just doing spot checks, security testing is a must-have skill (and a rabbit hole in itself).
- Data Encryption: And don’t forget encryption! Even if someone manages to get their hands on your data, strong encryption makes sure it’s unreadable and useless without the right key. It’s honestly one of the most effective ways to keep sensitive info safe from prying eyes
The Realization: Security Is Never “Done”
The more I learn, the more I realize just how much there is still to explore—database activity monitoring, network segmentation, shared services (IAM for e.g.,), risk management, regulatory requirements, AOCs, and so much more. There are always new controls to implement, more processes to refine, and endless “what-ifs” to consider. Honestly, that’s what makes this field so exciting—and, at times, a little daunting.
Security isn’t a box you check—it’s a journey you take, and everyone’s invited.
Final Thoughts
If you’re just starting out, don’t get overwhelmed. Start with what you know, keep asking questions, and never stop learning. Security is for all of us, and every step you take makes your world—and everyone else’s—a little bit safer.
Infosec Journey 
Leave a comment