Identity Security Consulting — Gold Coast, AU
BEN
ASHLIN

Identity is the attack surface. Most organisations have spent years building it and minutes securing it. I work with IT teams and MSPs who need the expertise to close that gap — without waiting months for a large firm to start work.

Start a Conversation Download CV GitHub
20yr
Career in IT
5yr
Identity Security
500K
User Environment Rebuilt
8K
Service Accounts Remediated
Active Directory Security
Entra ID
CyberArk PAM
Essential 8 Alignment
NIST CSF 2.0
ADCS / PKI
PowerShell Automation
ANSSI Frameworks
About

Most breaches don't start with a zero-day. They start with an identity.

Over 80% of security incidents involve compromised credentials or abused access. The attacker doesn't break in — they log in. Usually through an account that was never properly scoped, a delegation that was never reviewed, or a service account that still had Domain Admin from a project five years ago.

The risk sitting in your identity environment right now isn't theoretical. It's accumulated and it's specific — and most of it can be found, documented, and closed.

I work with enterprise IT teams, MSPs, and infrastructure leads who carry that risk and know it. My focus is the full identity stack: the directory layer, privilege controls, governance alignment, and the automation that makes remediation stick past the engagement.

I don't run a team. There's no account manager between you and the person doing the work. What you scope is what you get — delivered by someone who has rebuilt forests post-ransomware, onboarded thousands of accounts into PAM, and cleaned up the kind of legacy environments where no one knows what half the permissions do.

View Services Delivered Work
Where I Focus
Identity & Access Security
Directory hardening, privilege containment, delegation models, and attack path reduction. The controls that make your identity layer something you can rely on.
Where I Focus
Privileged Access Management
Least-privilege by design, not by policy document. PAM tooling, service account remediation, and GMSA adoption at scale — with automation that maintains it.
Where I Focus
Governance & Compliance Alignment
Essential 8, NIST CSF 2.0, ISO 27001, SOCI Act. Not gap reports that sit in a drawer — control mapping with remediation that you can actually evidence.
Where I Focus
PKI & Certificate Services
Enterprise PKI is critical infrastructure that rarely gets senior attention. Until a certificate expires, a CA is compromised, or an audit asks questions nobody can answer.
Services

Defined scope.
No discovery-phase fog.

Five focused disciplines. Each has specific deliverables, backed by enterprise delivery experience. You know what you're engaging before the work starts — fixed-scope or time-and-materials depending on what the situation needs.

01
Directory Security Hardening
Your directory is the blueprint. Attackers read it before you do.
Active Directory and Entra ID environments. Privilege boundary enforcement, GPO baseline reviews, ACL cleanup, attack path reduction, and Tier 0/1/2 model implementation. Deliverables include risk-mapped remediation, not just findings.
Active DirectoryEntra IDGPOTieringACL
02
Identity Environment Modernisation
Legacy infrastructure wasn't built for today's threat model. It won't survive it either.
Prepare your environment for hybrid identity, PAM tooling, MFA enforcement, and IGA integration. OU redesign, delegation reform, and Entra ID alignment. The structural work that makes everything else possible.
Hybrid IdentityEntra IDOU RedesignMFA
03
Privileged Access Management
Privilege without structure is a breach waiting for the right day.
CyberArk design and onboarding, service account remediation, GMSA migration, tiering models, and least-privilege delegation frameworks. Delivered across environments with 8,000+ accounts. Automation built in from the start.
CyberArkGMSALeast PrivilegeTiering
04
Certificate Services & PKI
Nobody thinks about PKI until a CA is offline or an audit asks about encryption key archival.
ADCS design and 2-Tier migrations to modern or SaaS PKI. Certificate lifecycle automation, RBAC for enrollment management, and compliance archival at scale. Senior attention from day one, not when something breaks.
ADCSPKI MigrationLifecycleRBAC
05
Governance & Compliance Alignment
A compliance report with no remediation behind it is just documentation of your exposure.
Identity control mapping to Essential 8 Maturity Levels, NIST CSF 2.0, ISO 27001, and SOCI Act. Gap assessments, evidence documentation, and remediation roadmaps that hold up to internal audit and external scrutiny.
Essential 8NIST CSF 2.0ISO 27001SOCI
NOTE
What direct engagement actually means
Large firms credential a senior consultant in the sale. The team that shows up on day one is different — less experienced, more billable hours to justify. You pay for a name and manage the gap yourself.

With a direct engagement, you get one person who understands the full scope, has done this before at scale, and is accountable for every deliverable. No handoffs. No layers. Documentation and automation that outlasts the engagement.
Portfolio

Delivered Work

Select an engagement to expand the scope, risk context, and outcomes.

01
Subject Matter Expert — Distributed SME Team
Post-Ransomware Identity Environment Rebuild
500,000-user forest
+
Risk Context
A ransomware compromise doesn't just encrypt files — it proves the identity environment was the breach path. Rebuilding without re-architecting the privilege model rebuilds the vulnerability alongside the infrastructure.
Worked within a geographically distributed SME team to rebuild an Active Directory forest from a ransomware compromise. Remediation scope covered full forest rebuild, privilege model re-architecture, and domain hardening against ANSSI recommendations. Production environment, no tolerance for extended downtime, zero margin for repeating the conditions that enabled the original breach.
Outcomes
  • AD forest rebuilt at 500,000+ user scale
  • Tiering model implemented enforcing Tier 0 / 1 / 2 privilege boundaries
  • Delegation model rebuilt from baseline, clearing legacy ACL debt
  • All core domains hardened and secured post-recovery
  • Full remediation aligned to ANSSI framework recommendations
02
Technical Lead
Least-Privilege Delegation Model at Enterprise Scale
150,000 user accounts
+
Risk Context
Two decades of undocumented ACL changes, nested group sprawl, and inherited permissions represent an attack surface that's invisible on a standard audit but highly visible to a threat actor running BloodHound.
Designed and implemented a least-privilege delegation model across a 150,000-account enterprise. The objective was eliminating privilege escalation risk and removing unnecessary manual touchpoints from privileged workflows. Over 20 years of accumulated ACL debt — orphaned SIDs, undocumented group nesting, unreviewed permissions — fully assessed, documented, and removed.
Outcomes
  • 20+ years of ACL debt cleared: orphaned SIDs, nested sprawl, undocumented permissions
  • Managed Task/Role Groups segmented by Site, Region, and Global scope
  • ACL delegation management fully automated via PowerShell
  • OU hierarchy rebuilt to support structured, scalable delegation
  • Sustained reduction in privileged user operational overhead
03
Subject Matter Expert
Service Account Remediation & PAM Onboarding
~8,000 accounts
+
Risk Context
Service accounts with excessive privileges, no rotation policy, and no owner accountability are among the most reliable lateral movement paths in any enterprise network. Most organisations know the number. Few know the scope.
Assessed ~8,000 privileged service accounts against cyber risk criteria across a large enterprise. Produced remediation reports, validated use-cases with account owners, and drove least-privilege enforcement, GMSA adoption, and CyberArk onboarding at scale. PowerShell automation built throughout to reduce ongoing management burden.
Outcomes
  • ~8,000 service accounts fully remediated
  • 5,000 accounts onboarded into CyberArk PAM
  • 3,000 Group Managed Service Accounts (GMSAs) deployed
  • Unconstrained and Resource-Based Constrained Delegation exposures removed
  • Account provisioning and delegation workflows automated via PowerShell
04
Subject Matter Expert
Enterprise PKI Migration — Legacy ADCS to SaaS
300,000 certs recovered
+
Risk Context
Legacy PKI infrastructure accumulates risk quietly. Undocumented CAs, expired certificates still in use, encryption keys with no archival process — each is a compliance failure and a potential operational catastrophe waiting for the wrong moment.
Migrated a legacy 2-Tier ADCS environment to a modern SaaS PKI solution across a large enterprise. Led certificate service mapping, enrollment workflow redesign, and RBAC implementation for decentralised management. Scope included full recovery and archival of 300,000 encryption certificates to meet modern compliance requirements.
Outcomes
  • Full certificate migration across all active organisational services
  • RBAC model implemented for distributed enrollment management
  • 300,000 encryption certificates recovered and archived
  • Simplified lifecycle management reducing support overhead
  • Scaled architecture designed to grow with the organisation
Why It Matters

Senior expertise isn't a job title. It's who's actually doing the work.

How large firm engagements typically run
Senior consultant closes the deal. Mid-level team starts the work. You bridge the gap.
4-6 week scoping phase before anything is delivered. Discovery meetings replace progress.
Deliverables are reports. Implementation, automation, and knowledge transfer require a separate engagement.
Overhead is baked in. You pay for account management, project coordination, and firm margin on top of the work.
How a direct engagement runs
One person, full scope. The consultant who scoped the work is the consultant doing it. No handoffs.
Work starts quickly. Scope is agreed, priorities are set, and delivery begins without a discovery fog.
Deliverables include automation. Controls are built to maintain themselves. The environment is better after the engagement ends, not dependent on it continuing.
You pay for the expertise. Not the firm's margins, not account management. Direct cost for direct value.
Ventures

Beyond Consulting

Two product-focused ventures built from problems seen directly in the field. Identity security services and investigative tooling that practitioners actually need.

Live
ID ZERO
Identity security services for Microsoft environments. Active Directory and Entra ID protection, privilege remediation, and compliance alignment to Essential Eight and NIST CSF 2.0 - built for enterprises, government, and critical infrastructure.
idzero.com.au
Beta
LINKSPECTOR
Real-time URL threat analysis across 30+ signals including phishing patterns, typosquatting, redirect chains, and malware indicators. Free tier live now. Pro adds VirusTotal and Google Safe Browsing integration. iOS app in development.
linkspector.io
Contact

One conversation. No scoping delays.

If you know the problem, describe it. If you don't know where to start, that's fine too — that's what the first conversation is for. Either way, you'll hear back from me directly.

@
ben@ashlin.com.au
GH
github.com/br-ashlin
CV
Download Resume
Ashlin Technologies PTY LTD
ABN 77 676 943 070
Brisbane, Queensland, Australia
Send via Email