Security Architect
CurrentIdentifly is an Identity and Access Management focussed consulting firm, specialising in Operational Technology (OT) environments. My role here is a broad spanning one encompassing everything from strategic advice to clients and development of roadmaps, through to technical implementation and deployment of systems and services. Major Achievements:- Delivery of an Azure AD authentication review and remediation programme for a client. This work reviewed the clients existing implementation against Microsoft best practice and the ACSC ISM to provide recommendations for remediation. Stage two of this work was the implementation of the recommendations. - Development of a passwordless authentication strategy. This strategy provided a practical programme of work that would allow them to leverage their existing technology stack to provide users with a passwordless authentication experience and limit the reliance of passwords as an authentication factor.- Development of a programme of work for a client to improve the organisations compliance against the Secure Controls Framework. This framework covers controls from NIST 800-53, ISO 27001, and the ACSC ISM. This work was incepted as a maturity assessment against the SCF and naturally built into the identification of high-value projects for the IAM team. - Development and deployment of a Roles Framework for the uptake of RBAC for a large mining company. This Framework provided a pragmatic, flexible, and iterative approach to roles deployment that allowed the organisation to gain long-needed momentum on their RBAC deployment. - Implementation of CyberArk as the Privileged Access Management (PAM) platform for multiple clients. This included a risk-based approach for securing the highest risk credentials first; integration with the organisations IGA capability to provide automated access management and auditable access reviews; technical implementation of the CyberArk platform; and change management of the teams involved.