Skip to main content
banner image
venafi logo

Machine Identity Experts Needed: How to Become a PKI Admin

Machine Identity Experts Needed: How to Become a PKI Admin

PKI, cyber attack, Public Key Infrastructure, encryption
June 28, 2019 | Guest Blogger: Anastasios Arampatzis

The rising penetration of various mobile and wireless devices is fostering the growth of the cybersecurity market. The falling prices of mobile devices and advancements in the connectivity infrastructure across the globe are propelling the adoption of smart devices across enterprises and consumers. At the same time, enterprises are rapidly embracing cloud platforms and other networking technologies. Because of these advancements, companies are becoming more vulnerable to various cyber attacks.

In 2017, cyber attacks on mobile devices increased by over 40% with an average of over 1.2 million attacks per month. Hence, end-users and organizations are embracing cybersecurity solutions leading to the growth of the market. The global cybersecurity market is set to grow from its market value of more than $120 billion in 2019 to over $300 billion by 2024. The cybersecurity market is propelled by the increasing need among enterprises to minimize security risks.

The most rapidly growing cybersecurity market is the identity and access management (IAM) market, which will grow at a compound annual growth rate (CAGR) of over 17% over the forecast time span. In addition to the increasing expenditures by companies, the emergence of complying with stringent regulations and frameworks impacts positively market growth. Encryption solutions offer consistent protection to sensitive data across all critical points in the entire lifecycle. These solutions enable enterprises to hide their critical data from unauthorized bad actors.

Everyone talks about the shortage of cybersecurity skills and you have the chance to stand out of the competition by having the essential and desire qualifications in order to become a PKI administrator. Although this job is a challenging one, it can also land you with an average annual salary of approximately $83,000.

What is Public Key Infrastructure?

The Public Key Infrastructure (PKI) is the set of hardware, software, policies, processes, and procedures required to create, manage, distribute, use, store, and revoke digital certificates and public-keys. The PKI is the foundation that enables the use of machine identity technologies, such as digital signatures and encryption, across large user populations. PKIs deliver the elements essential to meet the needs for a secure and trusted business environment and the growing Internet of Things (IoT).

PKIs help establish the identity of people, devices, and services, enabling controlled access to systems and resources, protection of data, and accountability in transactions. PKI enables users and systems to securely exchange data over the internet and verify the legitimacy of certificate-holding entities, such as web servers, other authenticated servers and individuals. PKI enables users to authenticate digital certificate holders, as well as to mediate the process of certificate revocation, using cryptographic algorithms to secure the process.

Before you start searching in the various recruitment websites for available job offerings as a PKI Administrator, it is essential to understand the responsibilities that come with the job and to meet certain requirements.

PKI Administrator Responsibilities

As a PKI Administrator you will be part of a company’s IT Support Team and most probably you will refer to a CIO and/or a CISO. You will administer the Certification Authorities (CA) and Hardware Security Modules (HSM) of the company’s Public Key Infrastructure (PKI) and Key Management. You will also play an integral role in administering large scale enterprise and commercial/publicly trusted PKI services. In addition, you will be required to administer Windows Server 2008 R2 and Windows Server 2012 Active Directory Services including CA, HSM, Certificate Enrollment Web Services, and Internet Information Services (IIS), and you will be responsible to manage effectively the certificate lifecycle. Finally you will proactively look to improve and add efficiency to current processes and exercise judgment in the decision-making process in order to provide customer service which meets or exceeds established Service Level Agreements (SLAs). Since all the above cannot be done manually, you will need to administer an automated solution for protecting machine identities, such as the Venafi Platform.

Requirements

Education

PKI administration is closely related with computer science. Therefore you should have at least a bachelor’s degree in Computer Science or a related technical discipline (Information Technology, Information Security, Information Systems Management, Information Services), or the equivalent combination of education, professional training or work experience.

Skills

Reading the job responsibilities you can realize that being a PKI administrator requires a proficient knowledge of a lot of topics. The desired skills are the following:

  • System Administration of Windows Server 2008/R2 or 2012 and Windows 10, Unix, or Linux, and/or database skillset.
  • PKI experience including hands on with: Certificate Authority Administration, Certificate Enrollment Web Service & Policy Web Service, Active Directory Certificate Services (ADCS) monitoring
  • Experience with PKI architecture and encrypted data in-motion and at rest
  • Disaster Recovery procedures
  • Proficiency with Public Key Infrastructure (PKI) machine identity technologies (SSH, SSL, TLS)
  • Familiarity with development environments (Perl, Java), PowerShell scripting, and command line tools (e.g. certtool, security, openssl, etc.)
  • Experience with Certificate Management System (CMS)/ Key Management System (KMS) such as Venafi Trust Protection Platform
     

Knowledge Base

Besides the above skills, the candidate should have a profound knowledge on the following topics:

  • Cryptography, cipher suites, trust stores and key management
  • Symmetric/asymmetric cryptography
  • Secure hash functions
  • Digital signatures
  • SSL Certificates
  • Thorough understanding of X.509 and associated RFCs
     

Non-Technical Qualifications

Being a PKI administrator requires that you communicate high importance security issues to the chain of command of your company. Therefore, you should be able to demonstrate non-technical, soft skills, such as excellent written and verbal communication skills. In addition, you will have to be extremely detail oriented and you should have experience with enterprise policy development.

Experience

Lastly, it is important to understand that there are no entry-level PKI administration positions. It’s a specialization rather than a field, and that means you qualify for it in part by doing something else first. Serving as an IT administrator for several years is a good start. To be sure if you are eligible and qualified for the job, it is advised that you have security related experience and you should try to get practice wherever you can. Most companies ask for 5+ years’ experience with security best practices.

In absence of paid opportunities, volunteer your services for non-profit organizations. It may seem like you’re working for free, but that volunteer experience looks great on a resume, and puts you ahead of applicants who have no security experience whatsoever.

You may read more about PKI and related technologies by visiting the Venafi Education Center.

Related posts

Like this blog? We think you will love this.
picture of dominoes falling down in a line
Featured Blog

Why Do You Need CA Agility? [100s of Known PKI Incidents]

Here are some examples of what can go wrong with your PKI<

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection
Industry Research

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection

Machine Identity Protection for Dummies
eBook

Machine Identity Protection for Dummies

About the author

Guest Blogger: Anastasios Arampatzis
Guest Blogger: Anastasios Arampatzis

Anastasios Arampatzis is a retired Hellenic Air Force officer with over 20 years of experience in evaluating cybersecurity and managing IT projects. He works as an informatics instructor at AKMI Educational Institute, while his interests include exploring the human side of cybersecurity.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat