Senior IAM Engineer moving deliberately into security architecture. I build from identity outward — how access is granted, endpoints are trusted, data is protected, and threats are caught.
Every identity authenticated with phishing-resistant MFA, authorized to least privilege, and provisioned from a single source of truth — human and non-human alike. Get this layer right and everything above inherits its discipline.
Every device in a known, compliant state before it touches a resource — hardened, patched, encrypted, monitored. Device health becomes a condition of access, and the point where most compromise actually lands.
Classified by sensitivity, then discovered, labeled, and protected across every platform. Protection travels with the file, so collaboration doesn't quietly become exposure.
Where controlling access turns into defending it — identity and endpoint signal into SIEM and XDR, threats triaged and contained, increasingly through automation. The layer I'm building toward.
Joiner, mover, leaver driven from a single HR source of truth — access granted on day one, recalculated the moment a role changes, revoked the moment someone leaves. The account never outlives the person.
A tenant measured against CIS controls and brought to baseline — email protection, MFA, and Conditional Access hardened — with every deviation risk-assessed, documented, and backed by an audit-ready evidence trail.
Entitlements recertified on a fixed cadence — every grant re-justified by the business, not assumed permanent. Least privilege held as a reviewed state, with dormant and over-privileged access surfaced for action.
Identity, endpoint, and email signal correlated into one response flow — risky sign-ins, phishing, and behavioural anomalies feeding SIEM and XDR, with triage and containment automated to cut response time. Built from the ground up, end to end.
Identity from zero — no directory, no lifecycle, no controls. Assessed what mattered, set the priorities, and built the foundation the rest of the stack now stands on.
Endpoint, email, and data brought under measured control — prioritised by risk, aligned to CIS, and backed by evidence. Each layer hardened in the order that reduced exposure fastest.
Extending from identity into full-stack detection and response — signal correlated across the environment into SIEM and XDR. Controlling access becomes defending it.
Designing the standards, not just running them — owning the whole posture by design. The architect role the work has been building toward.
Security isn't a setup you finish; it's a collection of controls that shrink the attack surface, and a plan for the breach you know is coming. But identity is the foundation beneath all of it — get identity right, and every layer above inherits the visibility, framework, and trust that make it worth defending.