Cyber and Identity: The New Security Power Duo

Identity and cybersecurity have traditionally been viewed as separate domains. Cybersecurity professionals focus on protecting infrastructure, managing firewalls, and responding to threats, while identity teams work on access management and governance. Everyone existing happily in their own little bubble. But the future of security depends on popping those bubbles and ensuring that both identity and cybersecurity professionals are cross-trained to handle the challenges of modern enterprise environments.

Identity has become the new perimeter in cybersecurity. As more companies adopt cloud solutions, the old “castle-and-moat” model of security is no longer sufficient. The boundary is now centered around who (or what) is accessing your systems. Whether it’s human identities, non-human workloads, or APIs, everything that touches your infrastructure must be governed and secured. This means identity and access management (IAM) has become critical to the overall cybersecurity strategy.

But here’s the issue: cybersecurity professionals are often unfamiliar with the complexities of identity governance. On the flip side, identity teams don’t always have the expertise needed to manage the broader security landscape—threat intelligence, vulnerability management, and incident response.

If we’re going to keep up with evolving threats, cross-training in both fields isn’t just a nice-to-have—it’s essential.

Let’s be real: learning about identity if you’re a cybersecurity pro—or diving into cybersecurity if you’re an identity expert—feels like tackling a whole new language. Cybersecurity pros are dealing with endpoint protection, threat detection, SIEM systems, and compliance audits. Meanwhile, identity practitioners are focused on role-based access control, multi-factor authentication, and governing non-human identities across cloud infrastructures.

It’s a broad and deep set of skills on both sides. Cybersecurity folks might feel overwhelmed by the nuances of identity orchestration and the increasing focus on identity security posture management (ISPM). Identity professionals may look at threat detection and forensic analysis with a similar sense of dread. And with limited time, it’s hard to dedicate focus to learning both worlds. Yet, the convergence of these fields is inevitable.

Identity and cybersecurity are no longer separate silos—they’re interconnected threads in a larger fabric. Take Zero Trust for example: this framework depends heavily on identity verification for every user and system, but it also requires robust cybersecurity measures to ensure that identity access decisions are continuously monitored for risks. You can’t effectively manage a Zero Trust strategy without knowledge of both disciplines.

Likewise, the rise of non-human identities means that every microservice, bot, and cloud workload has access requirements that directly impact your security posture. Cybersecurity pros need to understand how identity governance plays into the security of APIs, cloud services, and IoT devices. Similarly, identity practitioners must recognize the critical role that threat detection and incident response play in ensuring the security of those identities.

In short, cross-training is no longer optional. It’s the future.

But here’s the catch: training in both identity and cybersecurity takes time, resources, and, let’s face it, patience.

• Time Constraints: Security and identity teams are always running at full speed. Who has the time to sit down and go through new training modules when you’re knee-deep in managing incidents, audits, or identity provisioning tasks?

• Complexity: Each field has its own set of highly specialized tools and frameworks. Going from managing IAM solutions like Okta or SailPoint to understanding the intricacies of threat hunting with SIEM tools or firewalls can be a daunting shift.

• Lack of Unified Training Resources: There aren’t a lot of formalized programs that cover both identity and cybersecurity in one comprehensive training path. While there are countless resources in each area, we haven’t yet seen widespread adoption of training that blends the two together.

The good news is that cross-training doesn’t have to be overwhelming. Whether you’re on the identity side or the cybersecurity side, the key is to start small and gradually build your knowledge base. Here are a few ways to get started:

1. Collaborate Across Teams: The quickest way to learn is by working directly with your counterparts. Set up regular knowledge-sharing sessions between identity and security teams. Create cross-functional projects where identity pros help implement multi-factor authentication in cybersecurity initiatives, or security teams help identify risky access behaviors in identity governance workflows.

2. Leverage Online Training Resources: There are plenty of online platforms that offer free or affordable courses in both identity management and cybersecurity. Platforms like Coursera, Udemy, Cybrary, and Identity Jedi University ( absolute shameless plug) have courses that cover everything from Zero Trust frameworks to identity lifecycle management.

3. Attend Cross-Disciplinary Conferences: Look for industry events where the intersection of identity and cybersecurity is front and center. Conferences like Identiverse and RSA are increasingly featuring sessions on identity security posture management and the convergence of these fields.

4. Focus on Certification Programs: To use as learning guides. I’m not a huge fan of the certification route because I think it’s a money grab in a lot of cases, but I digress. Consider certifications that bridge both worlds, such as the Certified Information Systems Security Professional (CISSP), which covers a wide range of security and identity topics. Similarly, the Certified Identity and Access Manager (CIAM) credential can add depth to an identity pro’s security knowledge.

5. Practice Continuous Learning: The technology landscape moves fast, so continuous learning is key. Make a habit of following industry blogs, podcasts, and webinars that explore the latest trends in identity and cybersecurity.

Final Thoughts

Whether you’re a cybersecurity veteran or an identity expert, the need for cross-functional skills is only going to grow.The reality is that identity and cybersecurity are converging, and the lines between them are becoming increasingly blurred.

For those of us working in these fields, now is the time to cross-train, share knowledge, and embrace both worlds. By doing so, we’ll not only strengthen our individual skill sets, but we’ll build a more resilient, future-proof security strategy for our organizations. So, what’s your next move? Dive into identity if you’re a security pro, or dig into cybersecurity if you’re on the identity side.

Together, we’ll create a stronger, more unified security framework that tackles the challenges of today—and tomorrow. Or we’ll just make a shit ton of money, screw it all up, and let our kids fix it. 🤷🏿‍♂️