- Capabilities
- 5
- Tools & platforms
- 5
- Discipline
- Security
Design and enforce strong identity and access controls across REST, GraphQL and gateway-fronted APIs in distributed enterprise systems.
- OAuth2 and OpenID Connect implementation
- API gateway hardening (Azure APIM)
- REST and GraphQL access control
- Traffic policy and rate-limit design
- Federated identity and SSO governance
The stack behind the work.
The tools I reach for day to day — with a rough sense of where my depth sits.
OAuth2
ExpertAuthorization flows & token security
OIDC
ExpertFederated authentication
Azure API Management
AdvancedAPI gateway & traffic policy
Keycloak
ProficientIdentity provider & SSO
SAML
ProficientEnterprise federation
Projects that put this to work.
Enterprise AppSec Migration
Driving tiered application onboarding into a unified AppSec program with automated CI/CD gating.
IAM Least-Privilege Redesign
Role redesign and policy enforcement program reducing over-privileged access across cloud accounts.
CI/CD Security Automation
Embedded SAST, DAST and SCA gates into shared CI/CD pipelines for automated pre-deployment validation.
Application Security
Embedding secure-by-design into the SDLC.
Cloud Security
Hardening cloud-native estates at enterprise scale.
DevSecOps
Automating security as code into every pipeline.
Technical Program Management
Turning security strategy into delivered outcomes.