Breaking Into Identity Management and Podcast Hosting with Saman Fatima

Hi! Can you introduce yourself and describe your current role in cybersecurity?

My name is Saman Fatima, and I am a Senior Consultant at EY, currently based in Dallas, Texas. I bring five years of experience in the cybersecurity industry with a specialized focus on Identity and Access Management (IAM).

Educational Background

• Master's in Information Security, Georgia State University, Atlanta (2022-2023)
• Bachelor's in Engineering (Information Technology), Banasthali Vidyapith, India (2013-2017)

Professional Experience

Throughout my career, I have worked with two firms before joining EY, building a strong foundation in cybersecurity practices and developing expertise in Identity and Access Management solutions.

Current Role

In my position at EY, I leverage my IAM background while expanding into governance and compliance. I am currently supporting a retail client with their audit requirements, ensuring their security controls meet industry standards and regulatory requirements.

My role involves assessing access management frameworks, evaluating security policies, and providing recommendations to strengthen the client's overall security posture while maintaining compliance with relevant regulations and policies.

What’s your backstory and how did you first get into cybersecurity?

My journey into cybersecurity began during my undergraduate studies in Information Technology at Banasthali Vidyapith in India. While the curriculum provided a solid foundation in various IT disciplines, I found myself particularly drawn to security concepts and their critical importance in the digital landscape.

Early Inspiration

During my third year of university, I attended a cybersecurity workshop led by industry professionals that completely transformed my career trajectory. The workshop covered fundamental security principles, threat modeling, and basic penetration testing techniques. What resonated most strongly with me was understanding how security intersects with virtually every aspect of technology and business operations.

Career Entry Point

After completing my bachelor's degree, I secured an entry-level position at a technology services firm where I was initially assigned to general IT support. However, I actively sought opportunities to work on security-related projects, volunteering for tasks involving access reviews and security assessments. This initiative allowed me to gradually transition into a dedicated IAM (Identity and Access Management) role within the organization.

Professional Development

Recognizing the need for specialized knowledge in this rapidly evolving field, I invested significant time in self-study while gaining hands-on experience. After three years, I moved to my second company where I took on more advanced IAM responsibilities, working with enterprise-scale implementations.

Graduate Education

The practical experience I gained in the field highlighted both my passion for cybersecurity and the areas where I wanted to deepen my expertise. This realization led me to pursue a Master's degree in Information Security at Georgia State University, which provided advanced theoretical knowledge and research opportunities to complement my practical experience.

Current Trajectory

Following my graduate studies, I joined EY as a Senior Consultant, where I've been able to apply both my industry experience and academic knowledge to help clients strengthen their security postures, particularly in the IAM and compliance domains.

Throughout this journey, I've found that cybersecurity offers a perfect blend of technical challenges, continuous learning, and meaningful impact - protecting organizations and individuals in an increasingly connected world.

What advice would you give to someone aspiring to work in Identity and Access Management?

For those looking to build a career in Identity and Access Management (IAM), I would offer the following professional guidance based on my experience in the field:

Foundation Building

1. Develop a strong technical foundation: Ensure you have a solid understanding of networking fundamentals, authentication protocols, directory services (particularly Active Directory and LDAP), and database concepts.
2. Understand security principles: Familiarize yourself with core security concepts like least privilege, separation of duties, defense in depth, and zero trust architecture.

Specialized Knowledge

3. Learn IAM frameworks and technologies: Study major IAM solutions such as Okta, SailPoint, CyberArk, ForgeRock, and Microsoft Entra ID (formerly Azure AD). Understanding how these platforms implement access management, provisioning, and governance is invaluable.
4. Master federation protocols: Become proficient in SAML, OAuth, OpenID Connect, and other federation standards that enable secure authentication across applications and organizations.

Professional Development

5. Pursue relevant certifications: Consider certifications like Certified Identity and Access Manager (CIAM), CISSP with IAM concentration, or vendor-specific certifications for platforms you're targeting.
6. Bridge technical and business understanding: IAM sits at the intersection of technology, security, compliance, and business operations. Developing the ability to translate technical concepts to business value is crucial for success.

Practical Experience

7. Seek hands-on experience: Look for entry points through security operations roles, help desk positions with access management responsibilities, or junior IAM analyst roles where you can apply theoretical knowledge.
8. Develop automation skills: Learn scripting languages (PowerShell, Python) and understand API integration concepts to support IAM automation efforts, which are increasingly important in modern environments.

Career Growth

9. Network with IAM professionals: Join communities like the Identity Management Institute, attend IAM conferences, and participate in webinars to build connections and stay current with industry trends.
10. Consider the governance angle: As you progress, develop expertise in the governance aspects of IAM, including compliance frameworks, audit processes, and risk management methodologies.

The IAM field offers excellent career prospects as organizations increasingly recognize identity as the new security perimeter. By combining technical proficiency with business acumen and staying adaptable to evolving technologies, you can build a rewarding long-term career in this critical cybersecurity domain.

What are your favorite tools to use? Have you utilized AI at all in your role?

Favorite Security Tools

While I aim to maintain flexibility rather than strict preferences, certain tools have proven particularly valuable in my IAM and governance work:

SailPoint has emerged as my primary IAM platform of choice due to its comprehensive functionality across the identity lifecycle. Its robust capabilities for access certification, role management, and policy administration provide an excellent foundation for enterprise identity governance.

For governance frameworks, I find the appropriate tools vary significantly by organization. The effectiveness of governance solutions depends heavily on organizational structure, compliance requirements, and integration with existing security infrastructure.

My approach focuses on mastering core platforms while maintaining adaptability across various tools, as specialized knowledge across multiple platforms can be challenging to develop and maintain.

AI Integration in Security Work

My experience with AI tools began with ChatGPT and expanded to include Claude. Both have become valuable assets in my professional toolkit for several use cases:

• Professional documentation refinement: Using AI to improve the clarity and structure of technical documentation, client deliverables, and security recommendations
• Process automation: Developing scripts and automation frameworks with AI assistance
• Research acceleration: Gathering information on emerging security threats and compliance requirements
• Analytical support: Analyzing patterns in access data and identifying potential security insights

These AI tools have significantly enhanced my productivity by streamlining routine tasks and allowing me to focus on higher-value strategic work that requires human judgment and expertise.

The integration of AI has become increasingly valuable as security teams face growing demands with limited resources, though I always ensure appropriate validation of AI-generated content, particularly for sensitive security documentation.

How has being active in the cybersecurity community impacted both your personal and professional life?

Active participation in the cybersecurity community has significantly influenced my career trajectory. Being connected to this vibrant ecosystem has provided:

• Enhanced Knowledge Exchange
• Expanded Professional Network
• Increased Visibility

My engagement with organizations focused on diversity in cybersecurity has been particularly rewarding.

BBWIC Foundation (Breaking Barriers for Women in Cybersecurity): As an active member, I've contributed to mentorship programs designed to support women entering the field. I have served as the Global Lead here and have conducted and been part of many amazing sessions to promote women.

Women in Cybersecurity (WiCyS): Through WiCyS, I've participated in both mentorship initiatives and technical knowledge sharing. The organization's focus on building a strong community of women in security has provided invaluable support throughout my career development.

These organizations have been instrumental in helping me find my voice in a historically male-dominated field while allowing me to support others on similar journeys.

Personal Impact and New Opportunities

The decision to actively engage with the cybersecurity community has yielded significant personal and professional benefits:

• Mentorship Connections
• Speaking and Leadership Opportunities
• Recruitment and Advisory Roles

The cybersecurity community has become not just a professional resource but a significant part of my identity, providing both purpose and connection that extends beyond career advancement.

What has your experience as a podcast host been like?

1. My experience as a podcast host has been incredibly fulfilling, especially since the podcast focuses on the lives of international students. This topic is particularly close to my heart, as it allows me to assist students transitioning from the comfort of their home countries to a new environment. Given that there are little to no podcasts addressing this specific demographic, I feel like I'm making a meaningful contribution by sharing real experiences and helping to build a supportive network for students.
2. While I may not have initially been passionate about hosting, I certainly am now. Hosting the podcast has become a daily endeavor for me - reaching out to influential individuals, engaging in insightful conversations, and sharing those stories with a wider audience. It's an evolving journey, and I’ve truly come to enjoy the process.
3. My advice for someone interested in starting their own podcast would be to simply go for it. You never know the impact you'll have on others. At first, growth may be slow, and engagement may be minimal, but over time, the podcast will find its rhythm. The most important piece of advice I can offer is to come up with a unique concept that will help you stand out and provide maximum value. And of course, consistency is crucial - stick with it, even when progress feels gradual.

Outside of work, what hobbies or interests help you unwind and maintain a healthy work-life balance?

Outside of work, Pilates has become a key part of my routine. It's made a significant positive impact on both my body and my mental well-being. The physical transformation has been remarkable, and it's also been a great way to unwind. Additionally, attending regular classes has allowed me to meet many new people, which has further enhanced my social life. Overall, Pilates has been an essential practice that helps me maintain a balanced and healthy lifestyle, benefiting both my mental and physical health.

Lastly, where can people connect with you or follow your work online?

• X - https://twitter.com/saman_3014
• GitHub - https://github.com/saman3014
• Website - https://www.samanfatima.com/
• Instagram - https://www.instagram.com/saman_3014/
• LinkedIn - https://www.linkedin.com/in/saman-fatima-30/

Wrapping Up

Thanks for reading! We are always looking to improve the platform and love receiving feedback from readers. Feel free to send a message on LinkedIn or Twitter.

We sell mugs and comfy clothing guaranteed to please your inner hacker. Check it out at https://shop.jasonturley.xyz/

• Click here to share on Facebook
• Click here to share on Twitter
• Click here to share on LinkedIn