Alex Taylor Internet enthusiast

Authoralexntaylor

Okta – Day 1 – Introduction to Identity & Access Management with Okta

By alexntaylor
In okta
March 23, 2021
3 Min Read
O

Accessibility note: While I am impressed with Okta in general, please be warned that the Okta Basics training seems to have zero accessibility features – the videos do not offer closed captioning and there are no transcripts available anywhere that I can find. I am disappointed that in 2021 a company as large as Okta hasn’t made their training more accessible. Here’s hoping they figure it out soon and improve the training platform.

Day one of the Okta Basics training takes us through the basics of how Okta works, and how identity and access management works – its a quick 20 minutes that covers single sign-on, directories, federated identities, and lifecycle management, plus a few other things. We’re also introduced to the Okta Integration Network, which I’ll touch on later in this post, as I think this is really Okta’s biggest selling feature.

First, some very basic IAM definitions that you’ll need to understand:

Single sign-on – An authentication method that allows a user to authenticate once and then access a number of different tools and services without needing to log into each individually

Directories – A group of objects (computers, users, etc) that share the same database – Active Directory and LDAP are the two most prevalent examples

Federated identity – A user’s single authentication ticket or token is trusted across multiple IT systems or organizations

Lifecycle Management – Management of the creation of a user account, processing changes to the account, and the eventual offboarding or decommissioning of the account

Multi-Factor Authentication – Use of more than one type of authentication to access a user account – the three primary factors are something you have, something you know, and something you are.

As mentioned earlier, day one of the training introduces us to Okta’s bread and butter – the Okta Integration Network – Okta has exploded in popularity in the last couple of years primarily due to the amount of integrations they’ve developed that allow organizations to connect the tools and services they use with Okta.

Their quick overview of the OIN is available here, and the full list of integrations is available at okta.com/integrations – as of March 2021 they’re up to over 7000 different integrations. They have a whitepaper that goes into further detail about how application integration works – good read, and we’ll also learn more about this as we go through the Basics course.

That’s it for day one – tomorrow I’ll dig into workforce identity.

Read on

New Series: Okta

By alexntaylor
In okta
March 23, 2021
2 Min Read
N

The identity and access management industry is growing daily as companies realize that they need to focus more time and energy on protecting their data and controlling access. Plenty of tools have arrived to help fill in the gaps and help make things easier for administrators to manage.

For the next couple of weeks, I’m going to do a deep dive into one of those options – Okta.

Okta was founded in 2009, hit unicorn status ($1+ billion valuation) in 2015, and IPO’d in 2017. They’ve grown even further since then and have become one of the primary identity management tools, supporting companies from the startup level up to Fortune 500 corporations. They announced this month that they were acquiring Auth0, a quasi-competitor with a focus on authentication and authorization.

I had the opportunity earlier this month to work through Okta’s entry-level training curriculum, and have also spent some time digging into the Okta administrator dashboard. I’ve started this new series of posts to track my own training and also provide some outside references to IAM essentials to help fill in the gaps for other learners. I have no affiliation with Okta. Just trying to level up my own skills.

The plan is to loosely follow the Okta Basics curriculum – one post per day with things I’ve learned, as well as external links. I’ve completed the Basics course once before and definitely found it useful – I recommend signing up if you’re using Okta in your organization.

Onward.

Day 1 – Introduction to Identity & Access Management with Okta
Day 2 – Introduction to Workforce Identity
Day 3 – Managing Okta-Mastered Users
Day 4 – Managing AD-Mastered Users
Day 5 – Managing LDAP-Mastered Users
Day 6 – Managing Single Sign-On
Day 7 – Automating Lifecycle Management
Day 8 – Workflows and Automating Tasks
Day 9 – Multifactor Authentication
Day 10 – Managing API Access
Day 11 – Advanced Server Access
Day 12 – Configuring O365 with Okta
Day 13 – Okta’s Access Gateway
Day 14 – Configuring Universal Directory and User Profiles
Day 15 – End User Support & The Okta Help Center
Final training certification

Read on
By alexntaylor
In Uncategorized
March 22, 2021
1 Min Read

“A computer lets you make more mistakes faster than any invention in human history – with the possible exceptions of handguns and tequila.”

— Mitch Ratliff

Read on

Further progress in Dec/Jan

By alexntaylor
In certification
March 22, 2021
1 Min Read
F

I spent some time in December and January digging into the learning paths on tryhackme.com and ended up really loving them. I’m currently about 75% done the Cyber Defense path and will be moving on to one of the pentest paths once I’m done here.

Plenty more to say about this that I’ll flesh out later, but I absolutely recommend the site to anyone in infosec, especially if you’re a beginner on the blue team side – I use some of these tools every single day at work and I still learned a ton.

Read on

My path to CISSP certification

By alexntaylor
In Uncategorized
March 22, 2021
5 Min Read
M

My study method:
I bought the official study guide in September 2020 and went through it occasionally for the next four months – rarely making it past the second or third chapter.

In January 2021, Ontario went back into lockdown so I used the opportunity to focus and I spent around two hours per day (more on weekends) throughout January going through the guide, taking notes, taking end-of-chapter practice tests, and searching for more information on the items I felt the weakest in.

I spent the last week watching videos + taking practice tests + reading more about my weak areas.

I booked my exam for 8am on Feb 2nd and I walked into the testing centre feeling ready – I knew I still had some gaps but I felt confident that I’d learned a lot.

My background:

Five ‘official’ years in infosec + ten years of general security/privacy interest and knowledge

Two+ years of hands-on compliance and privacy experience which helped a lot – there were entire sections of the study guide that I only lightly touched because I had so much experience with them – risk management and business continuity/disaster recovery, primarily.

I struggled the most with cryptography – I understand the basics of crypto but I had a lot of gaps in my knowledge (still do) that needed a lot of repeated reading

Resources used:

Official ISC2 CISSP Study Guide – Read and took notes front to back with this text – I completed each practice test multiple times and covered the book with highlights and notes. Learned a lot. Found it useful and would definitely recommend it.

Official ISC2 CISSP Practice Tests – I used a few of these but didn’t cover every page of this book – these questions seemed more difficult than the actual exam but they were useful in terms of practicing the wording of the exam – choosing the best answer etc.

Kelly Handerhan videos via Cybrary – I watched these videos while they were free on Cybrary – they were excellent and I recommend them, but they’ve unfortunately been chopped up and there are pieces missed in the Cybrary series. I recommend these but be aware that there are some continuity issues.

Kelly Handerhan’s Why You WILL Pass the CISSP video – Quick 15 minute video to get you into the right mindset – I watched this twice the morning of the exam and it seemed to help

Mike Chapple videos via Linkedin Learning – Watched almost the entire series on Linkedin Learning – This follows the ISC2 textbook fairly closely – Easy to watch and Chapple is a great teacher, somewhat light on details. Recommended if you have access to LL

Boson Practice Tests – 100% money well spent – I went through each practice test twice in different order, and also did a few random collections of questions. These are more technical than the actual exam, but they were helpful for identifying gaps in my knowledge. I spent most of my last week doing practice test and filling in those gaps.

Mindmaps from Destination Certification – Extremely high quality recap videos and mindmaps – I watched these the day before the test and wished I’d watched them sooner.

The CISSP subreddit – Tons of insight here into how different people react to the exam – got a lot of good reminders here that this is a management exam and that I should answer the questions from a risk management perspective rather than a tech perspective.

Resources I didn’t use:

The practice tests that came with the ISC2 text

The Sunflower guide (pdf) + a few others that folks recommended, but didn’t end up touching them at all.

CISSP All In One Guide – I bought this and didn’t even open the cover.

Recommendations and insights:

Trust everyone when they tell you this is a management exam. You’ll come across plenty of questions with more than one right answer – the key is thinking like a risk manager and picking the best answer at a management level, rather than trying to ‘fix’ the problem like a technician would.

The computer adaptive testing means that you can’t go back to questions later – take your time, read the question at least twice, make your selection and stick with it.

Go slow and take breaks if you need to – I’m a ‘good’ test-taker so I finished in around 75 minutes without needing a break, but you’re allowed to take them if you need them – sometimes it will help to just take your eyes off the screen and take some deep breaths.

Don’t get discouraged if you can’t tell how well you’re doing – This is a difficult exam that covers a LOT of information – I reached Question 100 feeling unsure how I was doing – I knew I wasn’t failing miserably but I really wasn’t sure if I was going to pass. That is normal!

I received information about the endorsement process within a day or two of passing the exam, and I received official notification that I had earned my CISSP about four weeks after the endorsement process was submitted.

Next up for me is Azure Foundations, and then I’m working on earning my AWS Solutions Architect Associate certification.

Read on
Alex Taylor Internet enthusiast

Privacy advocate
Process developer
Product manager

Experience in information security, customer success, compliance and privacy, risk management, identity and access, and service deployment. Former teacher. Always learning.

We should hang out.