PKI Remediation
In my capacity as a Subject Matter Expert within the project team, I spearheaded the migration from legacy 2-Tier PKI Active Directory Certificate Services to a modernized SaaS PKI Solution, working closely under the Technical Lead
Wins
Migration and enrollment of certificates for each service of the organization
Scaled PKI solution to meet the dynamic organization requirements
Implementation of RBAC roles for decentralized certificate management and enrollments
Simplified certificate lifecycle management, improving user satisfaction and productivity
Recovery and storage of 300,000 encryption certificates providing alignment with modern compliance standards and regulations
Active Directory Delegation
In my role as Technical Lead, I oversaw the implementation of a least-privilege Active Directory Delegation model within a user environment comprising 150,000 individual user accounts. Our aim with this initiative was to streamline the workflows of privileged users by reducing unnecessary humanized touch points and privileges. My main objective was to address the risks associated with privilege escalation while also improving the efficiency of user and delegation management through automation.
Wins
Purging 20 years of legacy clutter: ACL permissions, nested groups, and orphaned SIDs.
Established streamlined Managed Task/Role Groups, segmented by Site, Region, and Global parameters.
Enabled seamless ACL Delegation Management through advanced PowerShell automation.
Implemented a structured Active Directory OU hierarchy, enhancing organization and efficiency.
Significantly reduced overhead with optimized operations for sustained growth.
Service Account Remediation
As the Subject Matter Expert, I reviewed privileged Service Accounts within environment to determine cyber risks associated, detailing reports for validating and developing remediation plans with account owners / SMEs. Providing process-lists in place to determine least-privilege use-cases for applications, services, tasks and replacing Service Accounts where possible with GMSAs or onboarding into Privileged Access Management (PAM) solutions.
Wins
Remediation of ~8,000 Service Accounts.
Automated deployment of accounts and privilege delegation workflows
Enabled seamless ACL Delegation Management through advanced PowerShell automation.
Onboarding of 5,000 Service Accounts into CyberArk
Deployment of 3,000 GMSAs
Removal of Unconstrained and Resource-Based Constrained Delegations
Active Directory Hardening
Work in small team of geographically separated SMEs to rebuild Active Directory Forest (500,000 users) from ransomeware compromise with recommendations from French Cybersecurity Agency (ANSSI)
Wins
Implementation of Active Directory Tiering Model
Implementation of Active Directry Delegation Model
Securing of Active Directory Domains
