Designed a zero-trust access management solution that leverages user and device trust as authorization factors when determining if access is permitted. This solution was integral in meeting the organizations' goal of restricting data to authorized devices.  Pivoted the organization's ideas about what constitutes a person's identity, from just a username and password to the incorporation of the device and FIDO authenticators as an extension of the identity.  Led the IAM team in replacing an existing IAM solution with Saviynt that offered greater ROI through user provisioning and increased visibility into access. Integrated Saviynt with Office 365 using the Microsoft Graph API to enable Microsoft Teams provisioning for retail stores. This effort saved store managers 2.6 minutes per new hire.  Designed the reference architecture to integrate ServiceNow with Saviynt. This integration provides a single portal where access can be requested and managed. Developed an access reviews program that enables closed loop reviews of privileged access. Developed SCIM connectors to SaaS applications for access provisioning. Integrated Saviynt with CyberArk for automated account and safe creation when elevated accounts are requested by end users. Designed attestation campaigns for PCI compliance in cloud and on-premises workloads. Designed an OAuth governance program to reign in the organization’s control over what applications users can authorize to access organizational data. Led the initiative to migrate from an on-premises single sign-on provider to a cloud provider that enabled additional security controls.

Met with prospective clients in a technical presales capacity to identify solutions and engagements that would enable them to meet their strategic goals. Designed large scale identity and access management solutions that enabled identity orchestration, seamless and secure authentication, and increased the overall security of the organization. Designed role/attribute-based access control modeling and design strategies that allowed organizations to better manage their entitlements and assignment of entitlements. Planning and implementing identity provider replacements and the migration of hundreds of applications. Writing documentation including but not limited to statements of work, level of effort, architecture design, and implementation run books. Briefed C-Level suite members of identity and access management strategies and provided a call to action to align identity strategy with business direction. Provided technical demonstrations and workshops as a mechanism to foster existing client relations or to capture new leads. Built proof of concept environments for prospective clients to build trust that their challenges could be met by a given solution and that our team could deliver the solution. Provided training to internal staff on new technologies, designs, and industry trends. Worked directly with the product groups of partners to understand product roadmap, provide feedback, and deliver field experience to drive changes within their respective products. Contributed to blog posts, white papers, and decks that showcase partner products and expertise within the technical space.

Designed Saviynt identity governance solutions to enable identity lifecycle management, application governance, and infrastructure governance.Designed Microsoft Identity Manager solutions to enable identity life cycle management, group management, and automated provisioning.Implemented Microsoft's Enterprise Mobility and Security products - Multi-factor authentication, Single-Sign-on, rights management, cloud application security.Designed RBAC and ABAC models to provision birth right access to enable day one provisioning birthright access.Configured Microsoft Identity Manager Portal with approval workflows for user self-service group management.Converted multiple universities from Live@EDU to Office 365 by implementing Microsoft’s Directory Sync and ADFS.Implemented ADFS 2.0 and 3.0 for single sign on for multiple clients to implement single sign on.Upgraded clients from Microsoft’s Identity Lifecycle Manager (ILM) to FIM 2010 R2 and FIM to Microsoft Identity Manager (MIM)Developed custom FIM/MIM Extensible Connectivity Management Agents (ECMA 2).Instructed client’s staff on their identity management implementation and the inner workings of FIM/MIM.Implemented Azure AD Connect for multiple clients with different AD forest configurations.Designed and implemented Azure RMS and Azure Information Protection at multiple clients.Worked with clients and SaaS applications to integrate them with Azure Active Directory federation.