PKI (Public Key Infrastructure) refers to the specific hardware, roles, software, policies, processes, and procedures required to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. To become a PKI admin, particular skills are required to get to this point. Seeing how important PKI is and exploring an admin’s different skills and unique requirements. Below are valuable tips that you should consider if you aim to become one of the PKI admins.
Components of Public Key Infrastructure
Before we look at the different pki assessment and requirements for admins in this sector, you may want to understand the other components of PKI. These components play a significant role in protecting and securing digital communications and electronic transactions. Below are some of the different components working together to attain this goal.
Digital Certificate
The digital certificate is probably the most crucial component of PKI. They are used to provide validity and identify the connections between client and server. They are what ensure that connections formed are trustworthy and secure. Usually, they are either created individually based on the operation scale. If the requirement is a large firm, the PKI certificates can be bought from third-party issuers.
Certificate Authority
CA offers authentication and safeguards the trust for the certificates issued by different users. It could be an individual computer server or system; CA ensures that the users’ digital identities are correctly authenticated. Devices trust the certificates issued through the CA.
Registration Authority
RA is an approved component of the CA. for issuing certificates for authenticated user-based requests. The RA certificate requests range from individual certificates to sign email messages to companies planning to set up private certificate authorities. Usually, RA will send all approved requests to CA to process certificates.
What are the Roles of PKI Administrators?
Now that you are familiar with the PKI components, your next move should be to understand the roles of PKI administrators. This way, you will know what traits and skills one needs to become an admin. Depending on your organization’s hierarchy, the chances are that as a PKI admin, you will be reporting to a CIO or a CISO.
Some of the top responsibilities will include issuing/administering the Certificate Authorities (CA) as well as Hardware Security Modules (HSMs) of the company’s Public Key Infrastructure (PKI), not forgetting the Key Management. These experts also have to understand and perform more roles beyond the obvious. Some of the additional functions include:
- Carrying out active directory services
- Administering Windows 2008 R2 and Windows Server 2012
- Certificate Enrolment Web Services
- Hardware Security Modules
- Certificate lifecycle management – Installation, Renewal, Revoke
The roles mentioned above are the expected roles that any PKI admin would handle. Besides these, the admin is expected to manage Service Level Agreement (SLA) timelines and enhance process efficiencies. As of now, several automated solutions to handle most PKI features exist. Therefore, one needs to have an automation-bent mind to help them understand, handle, and enforce company solutions.
PKI Admin Skill Set
To become a PKI admin, you need to exhibit the following skillset.
- As an admin, you require hands-on experience in the following areas: Certificate Enrollment Web Service & Policy Web Service, Certificate Authority Administration, Active Directory Certificate Services (ADCS) monitoring.
- System Administration of the following window servers, ie. Windows Server 2016, or 2012/R2 and Windows 10, Unix, or Linux. You also need to have a database skillset.
- Public Key Infrastructure (PKI) machine identity for SSL, SSH, TLS.
- Data-in-motion and Data-at-rest Encryption.
- Understanding of PKI architecture.
- Disaster Recovery process and Business Continuity procedures.
- Experience in managing Key Management Systems (KMS).
Besides the skills mentioned above, having coding skills is a plus. It comes in handy when executing critical PKI infrastructure. Some essential coding technologies that PKI admins ought to have include Java, Command line tools, PowerShell scripting, javascript, HTML, and XML, just to mention a few.
Things PKI Admins Ought to Know
Besides acquiring specific skills to function well as a PKI admin, it is equally important to know the subject. There is hands-on knowledge of concepts that one needs to master. Generally, one must be skilled and knowledgeable enough to understand concepts of cryptography solutions. The knowledge should revolve around:
- SSL Certificates
- Symmetric/asymmetric cryptography
- Digital Signatures
- Secure hash functions
Experience that Comes in Handy
Serving as a PKI administrator is one of the most critical positions anyone can have in a company’s cyber security landscape. Having said this, many companies will expect the hired PKI admin to be a hands-on individual who prioritizes their roles. They will also expect that the admin hired for the position should be equally experienced with some basics besides being properly equipped with skills and knowledge.
They ought to be experienced in SSL/TLS, PKI, and SQL. Additionally, they also need relevant experience in some direct roles, such as IT administration with a bias on cyber security skills and knowledge. With a combination of these and more skills, such individuals are likely to be better suited for the position.
Essentially, those interested in the PKI position should understand that this is an established role that does not have an entry-level. It is necessary to be adequately equipped with the relevant skills before taking up the position for any company. It is not one of the jobs you take to learn on the job. Once hired, you will be required to undertake specialization classes immediately. This means that you will have to invest in immediate training, which relevant and reputed certified providers often provide.
The training should be handled by a specialist with years of expertise and experience. PKI is a bit more complex than many people can handle, so you need to be trained by the very best if you want to stand out.
PKI is also not one of the systems implemented as a one-time thing. It should be a continuous process that requires constant monitoring and implementation. It is essential to have the right personnel with the appropriate skill set as it contributes to its PKI goals.
Final Thoughts
The best PKI admins are not the ones you may imagine. It takes a combination of skills, knowledge, and experience to become an excellent PKI admin. However, the most important thing is to keep improving your skills since this is not a role with one training session.