As an information security professional, I believe in encouraging and supporting communication among customers and prospects. When we’re able to bring our current and prospective users together, we give them an opportunity to share knowledge, learn from each other and get fresh perspectives on solving their biggest problems. And as solution providers, we gain invaluable first-hand feedback about how to better address our customers’ needs.
The desire to facilitate this type of interaction and feedback spurs many a software vendor to start its own user groups. Unfortunately, these vendor-specific user groups are rarely successful. While they were started with the best of intentions, many of them quickly devolve into infrequent gatherings that are little more than thinly disguised marketing events for the vendor.
The Identity and Access Management (IAM) User Group is Born Knowing the pitfalls of user groups, we were cautious about starting our own Ping Identity groups several years ago. We realized early on that for them to be beneficial for everyone involved, we needed to expand the audience and content. So we rebranded them as Identity and Access Management (IAM) User Groups and opened up involvement to other complementary vendors and partners. Our friends at Radiant Logic stepped up to help lead and support groups in a number of markets.
Today, there are IAM User Groups in over 30 cities around the U.S. But, to be honest, not all of them are thriving. While some of these groups are quite active, others haven’t had meetings in over a year. As an active member of several groups in the Midwest, as well as a founding member of the Wisconsin IAM User Group, I’ve been discouraged recently by the dwindling number of attendees at our local area events.
While these events were intended to be vendor-neutral safe places to share problems and ask questions, we’ve heard from customers that they were falling short. Customers have shared that they felt they were swimming in a sea of sharks vendors, just waiting to attack during breaks and after the events.
We were disappointed and frustrated to hear this and know that many of the vendors who’ve partnered with us feel the same way. It was difficult to learn that perhaps our user groups had succumbed to the same issue we were trying so hard to avoid.
The IAM Roundtable as Experiment So it was in direct response to this feedback that we tried something totally different on October 4, 2018, in Grand Rapids, Michigan. With the team at Novacoast, an IT service management company, we held a get-together that we promoted simply as a local IAM Roundtable. There were no presentations, no vendor setups, just a group of information security professionals sharing information and stories over lunch. We did offer up some topics as conversation starters, but that was it.
After a quick round of introductions, the attendees gathered around tables and began talking in small groups. The energy picked up rather quickly around the room, and we realized we didn’t need to do much to encourage discussion.
There were many different topics discussed at my table, including PKI (public key infrastructure), industry certifications, the importance of standards and struggles around the attestation process. We also discussed older and larger companies moving from highly manual processes to some degree of automation.
At other tables, digital transformation was a popular topic. While it’s a term that’s been used (perhaps overused) a lot in the last few years, digital transformation emerged as a foundational element of many of the critical projects being managed by those in attendance.
Of particular interest to me was the discussion around multi-factor authentication (MFA). I’ve worked with the technology and witnessed its evolution over my professional career. It was exciting to hear companies describe it as a necessity. Seemingly gone are the days of end-users struggling with the concept. In fact, one attendee remarked that MFA is so commonplace most people expect it from a security standpoint.
The roundtable event was a great way to connect a group of individuals with similar challenges. Arguably, it delivered exactly the type of collaboration and discussion we envisioned when we first grew our IAM User Groups around the country. I even saw several people exchanging contact information with the intention of keeping in contact after the event.
It’s Time to Reinvent the User Group I know that security professionals often struggle with trying to drive acceptance within their organizations. And despite our always-connected world, it’s common to feel alone in your challenges. At this event, I saw the potential to reignite our original purpose and facilitate the discussions and sharing so often lacking among industry peers.
Inspired by this spark, we’re already discussing holding events in other cities. We’re excited about the possibility of reinventing the user group in a new way and creating local and sustainable information security communities. And we’d love to hear what you want and need from such a group. If you’d like to share your ideas and/or receive updates about upcoming events, please email email@example.com.
In the meantime, IDENTIFY 2018 is coming to San Francisco on October 24 and New York City on November 7. An event for the Ping community by the Ping community, IDENTIFY is where you’ll hear real stories from real enterprises about how they’re managing their biggest IAM challenges. To learn more, visit www.pingidentity.com/identify or join us at Identiverse in Washington, DC on June 25-28!