Real engagements from cloud, PAM, and identity engineering. Most are confidential client environments — described by outcome, not screenshots.
Reference Architecture
CyberArk PAM on AWS
Designed and deployed CyberArk (PVWA, CPM, PSM, Secrets Manager, Connector Manager) in AWS VPCs: load-balanced PVWA endpoints, hardened EC2 hosts, and Security Groups tuned for least privilege between vault, connectors, and targets — with on-prem Active Directory integrated over Site-to-Site VPN.
Adopted as the team's reference architecture for ongoing client deployments
AWSVPCCyberArkSite-to-Site VPNActive Directory
Automation at Scale
PAM Account Migration Engine
PowerShell and Python automation against the CyberArk REST API to migrate accounts from on-prem to cloud, with credential rotation and reconciliation reporting built in.
500+ accounts onboarded per project across 9 client engagements
PythonPowerShellCyberArk REST APICredential Rotation
Infrastructure as Code
Terraform Self-Hosted Test Environment
Provision and maintain a self-hosted AWS environment for an enterprise security product — built from reusable Terraform modules with remote state, refreshed weekly and used to run UAT on every release before it reaches self-hosting customers.
Validates each release before it ships to enterprise customers
TerraformAWSRemote StateUAT
Identity Integration
Entra / Okta Provisioning Labs
Built identity-integration test labs across Microsoft Entra ID and Okta to reproduce production provisioning issues — resolving SCIM sync errors, OIDC failures, group/role mapping, and conditional-access edge cases.
Reproduces production provisioning issues to speed root-cause analysis
Entra IDOktaOIDCSCIMSAML
Resilience
DR & High-Availability Design
Advised clients on disaster-recovery and redundancy design, building CyberArk environments that remove single points of failure across vault, connector, and app layers.
Reduced downtime by eliminating single points of failure
High AvailabilityDisaster RecoveryCyberArkAWS
Compliance
SOX / PCI-DSS Audit Support
Supported enterprise SOX and PCI-DSS audit cycles with privileged access reviews, vault inventory exports, and session-recording evidence collection.
Held DSAT at 0 across 8+ consecutive months
SOXPCI-DSSSOC 2Access Reviews