Representative engagements showing the kind of identity problems I solve and the outcomes delivered.
Led the consolidation of seven legacy forests (post-merger) into a single hardened forest with tiered admin model and modern ADCS. Migrated 18,000 users and 45,000 endpoints with zero unplanned outages.
Designed and deployed a Conditional Access policy framework across 12,000 seats, including risk-based MFA, device-compliance enforcement and phased NTLM deprecation. Integrated with Defender for Identity.
Built a SailPoint IdentityIQ deployment integrated with Workday HR, AD, Entra ID and 30+ downstream apps. Replaced manual onboarding tickets with role-based birthright provisioning and quarterly access reviews.
Re-architected the Tier 0 estate following a red-team finding. Introduced PAWs, gMSAs, time-bound CyberArk vaulted credentials and full session recording for domain admins.
Migrated 60+ SaaS apps from local credentials to Okta-fronted SAML/OIDC SSO with SCIM provisioning, retiring AD FS in the process. Built a self-service catalogue for app owners.
Authored a multi-year Zero Trust roadmap aligned to NIST SP 800-207, sequencing identity-first wins (CA, PIM, passwordless) before network and data tiers. Adopted as the firm-wide reference architecture.
Open to advisory, contract and permanent opportunities involving Active Directory, Entra ID, identity governance, or zero-trust programmes. The best way to reach me is by email.