Available Immediately — Ready to Interview

Andrew Symister

IAM Analyst & Infrastructure Engineer

Identity Federation | Access Governance | Privileged Access Management

Performing IAM operations within IT infrastructure roles—managing identity lifecycle, access provisioning, authentication troubleshooting, and governance tasks across Entra ID, Okta, Active Directory, and CyberArk. Building production-aligned labs to formalize real-world IAM patterns. Ready for a dedicated IAM Analyst or IAM Engineer role.

SC-300 Certified Okta Certified Professional

View Projects Connect on LinkedIn Email Me

Identity Security

Andrew Symister

Identity & Access Operations

Identity & Access Management

Experience

Organizations I've Supported

IAM Platforms & Tools

Hands-on experience across enterprise identity platforms

At a Glance

For recruiters and hiring managers who need the quick version

Years IT Infrastructure

IAM Certifications

IAM Platform Experience

Production-Aligned Labs

Day-One Ready: Already performing IAM operations—not learning from scratch

Certified: SC-300 (Microsoft Identity) + Okta Certified Professional

Multi-Platform: Entra ID, Okta, Active Directory, CyberArk, SailPoint exposure

Operational: Real ticket experience—troubleshooting, provisioning, access reviews

Connect on LinkedIn

IAM Capabilities

Identity Operations & Engineering

Hands-on IAM responsibilities across provisioning, governance, federation, and automation

Identity Federation

Configure SAML 2.0, OAuth 2.0, and OpenID Connect integrations. Establish cross-domain trust models and federate identities across cloud providers and enterprise applications.

Privileged Access Management

Implement PIM/PAM controls including just-in-time access, session recording, credential vaulting, and privileged access workflows using CyberArk and Entra PIM.

Identity Lifecycle Automation

Design and implement SCIM-based provisioning flows. Automate joiner-mover-leaver processes with attribute mapping, group synchronization, and immediate deprovisioning.

Access Governance & RBAC

Build role-based access control models, conduct access certification campaigns, enforce least-privilege principles, and implement segregation of duties controls.

Conditional Access & Zero Trust

Design and deploy risk-based conditional access policies evaluating device compliance, user risk signals, location, and application sensitivity before granting access.

IAM Automation & APIs

Develop Python scripts for identity automation. Integrate with REST APIs for provisioning operations. Use Postman for IAM endpoint testing and Terraform for infrastructure-as-code IAM.

Career Journey

From Support to Security

Building identity expertise through hands-on technical experience

Embedded IAM Operations

Performing identity lifecycle tasks within IT infrastructure roles—provisioning, access troubleshooting, AD management, and authentication support. Escalating recurring access issues into RBAC and policy design discussions.

Governance & Audit Awareness

Hands-on identity governance exposure—access reviews, excess privilege identification, and SOX/PCI audit support. Understanding identity as a risk surface, not just an IT function.

Production-Aligned Labs

Building structured IAM labs to formalize real-world patterns—SCIM provisioning, conditional access, PAM workflows. Translating operational experience into engineering-ready skillsets.

IAM Responsibilities Within Operational Roles

Identity and access management isn't just my career goal—it's work I'm already performing. Within IT infrastructure and support roles, I handle provisioning, access troubleshooting, authentication issues, and governance tasks daily. Every locked account is an authentication investigation. Every permission escalation becomes an RBAC discussion.

My hands-on experience with Active Directory, Entra ID, Okta, and enterprise access workflows gives me operational context that pure lab work can't replicate. Now I'm formalizing those patterns through structured labs—SCIM provisioning, conditional access policies, PAM workflows—to deepen engineering capabilities while maintaining real-world grounding.

IAM Troubleshooting

Real-World Access Issues I Resolve

The systematic approach I take to diagnose and fix identity and access problems

File Share Access

User can see folder but can't write files

Ticket: "I can open the shared folder but get 'Access Denied' when saving documents."

Investigation:

Check user's effective permissions vs inherited permissions
Verify group membership hierarchy (nested groups)
Review NTFS vs Share permissions conflict
Check for explicit Deny ACEs overriding Allow

Resolution: User was in correct group but nested group inheritance was broken. Added direct group membership—access restored.

Shared Mailbox

Shared mailbox visible but inaccessible

Ticket: "I can see the shared mailbox in Outlook but can't open it—says I don't have permission."

Investigation:

Verify Full Access vs Send As vs Send on Behalf permissions
Check if automapping is disabled vs permissions missing
Review Exchange Online permission propagation delay
Validate no cached credentials issue in Outlook profile

Resolution: User had Send As but not Full Access. Added Full Access permission, cleared Outlook autocomplete cache—access working.

MFA / Authentication

User locked out after MFA enrollment

Ticket: "I enrolled in MFA but now I can't log in—it's asking for a code but my phone shows nothing."

Investigation:

Check Authenticator app registration status in Entra
Verify phone number for SMS fallback
Review Conditional Access policies blocking the sign-in
Check for time sync issues on user's device

Resolution: Authenticator app was registered but device time was 5 minutes off. TOTP codes require time sync—corrected device clock, MFA working.

Application SSO

SSO works for some apps but not others

Ticket: "I can access Salesforce via SSO but ServiceNow keeps asking for credentials."

Investigation:

Verify user assignment to ServiceNow enterprise app
Check SAML claims mapping for required attributes
Review Conditional Access policy scope differences
Validate app role assignment vs just user assignment

Resolution: User was assigned to Salesforce app directly but ServiceNow required group membership. Added to correct group—SSO working.

Career Path

Career Progression

Building IAM expertise through hands-on experience with enterprise identity platforms

Foundation

IT Support & Helpdesk

Built troubleshooting fundamentals through high-volume ticket resolution, Active Directory user management, and direct exposure to access request workflows.

Active Directory Troubleshooting Access Requests ServiceNow

Growth

Identity Platform Exposure

Gained production experience configuring Entra ID, Okta, and SSO/MFA integrations while supporting enterprise identity infrastructure.

Entra ID Okta SSO/MFA SCIM

Current

IT Infrastructure + Embedded IAM Operations

Performing IAM responsibilities within broader infrastructure role—handling provisioning, access troubleshooting, authentication support, and governance tasks. Building production-aligned labs to formalize real-world identity patterns into engineering-ready skillsets.

Provisioning Access Reviews Authentication Graph API PowerShell

Target Role

IAM Analyst / IAM Engineer

Ready to transition into a dedicated IAM role—applying hands-on identity operations experience to manage lifecycle at scale, implement IGA solutions, and drive PAM operations in regulated enterprise environments.

SailPoint CyberArk IGA Compliance Automation

Working Style

How I Operate

The habits and mindset I bring to every IAM challenge

High-Volume Execution

I thrive in queue-based environments—prioritizing effectively, hitting SLAs consistently, and maintaining quality regardless of volume.

Cross-Functional Collaboration

I partner with business stakeholders, security teams, and application owners to resolve access challenges and improve identity processes.

Precision & Accuracy

I verify entitlements, role assignments, and access levels thoroughly—because in IAM, attention to detail prevents security incidents.

Process & Documentation

I build and maintain clear operational procedures, contribute to knowledge bases, and ensure workflows are repeatable and auditable.

Continuous Improvement

I identify opportunities to streamline provisioning, reduce manual steps, and optimize tool usage—driving efficiency gains.

Philosophy

My Approach

Identity is the foundation of enterprise security. My years in technical support taught me that every authentication failure and access issue directly impacts business operations—and that's exactly why I'm passionate about IAM.

I'm not just studying for certifications—I'm building real configurations, writing real PowerShell scripts, and solving real identity challenges in my lab. When I land my IAM role, I'll bring hands-on platform knowledge, not just theory.

IAM Mindset

How I Think About Identity

The principles and mental models that guide my approach to enterprise IAM

Identity is infrastructure. Not UI configuration—infrastructure. It touches every system: Active Directory, Entra ID, Linux service accounts, SSH keys, containers, APIs. Every access decision either reduces risk or accumulates it. I approach IAM as a continuous governance discipline: policy-driven, validated before deployment, rollback-ready.

Identity Lifecycle as Risk Management

The Joiner-Mover-Leaver cycle is where most access risk originates. Orphaned accounts, role creep, and delayed deprovisioning are attack vectors, not administrative overhead.

Day-one access aligned to job function
Role changes trigger entitlement review
Offboarding = immediate, complete revocation

Least Privilege as Default State

Access should be justified, time-bounded, and auditable. Standing privileges are standing risk. Every elevated permission is a potential blast radius in a breach scenario.

Just-in-time access over persistent permissions
Role-based access with clear boundaries
Regular certification to prevent drift

Federation as Trust Architecture

SSO isn't a convenience feature—it's a security control. Centralizing authentication reduces credential sprawl, enables policy enforcement, and creates audit visibility across the application estate.

Single identity source of truth
Consistent MFA enforcement
Centralized sign-in monitoring

PAM as Control Plane

Privileged access is where breaches escalate. Vaulted credentials, session recording, and just-in-time elevation transform admin access from vulnerability to controlled operation.

No standing admin access
Credential rotation and vaulting
Session monitoring for forensics

Governance as Continuous Process

Access reviews aren't checkbox exercises—they're the mechanism for maintaining least privilege over time. Rubber-stamping defeats the purpose. Intelligent review prioritization makes governance effective.

Risk-based review prioritization
Manager accountability for team access
Audit trail for every decision

Automation as Enforcement

Manual processes don't scale and introduce human error. Automation isn't about eliminating jobs—it's about ensuring policy is applied consistently, immediately, and without exception.

SCIM for real-time provisioning
Policy-driven access decisions
Automated compliance reporting

"Identity is the new perimeter. In a world of cloud services and remote work, the network boundary is gone. Every authentication decision is a security decision. Every access grant is an attack surface decision."

— My approach to enterprise identity security

IAM Labs

Production-Aligned Labs

Enterprise IAM configurations demonstrating real-world architecture and operational patterns

LifecycleSCIM

Identity Lifecycle & Governance Engineer

Okta ⇄ Salesforce JML Automation

Risk reduced: Orphaned account attack surface. When someone leaves, access revokes same-day via SCIM—not 2 weeks later via ticket. HR is the authoritative source, not IT memory.

SCIM 2.0SAML SSOOktaSalesforceJML

Zero TrustMFA

Identity Security Enforcement Engineer

Azure Entra ID Conditional Access & MFA

Problem: Static access controls don't adapt to risk signals. Solution: Conditional Access policies enforcing MFA based on user risk, device compliance, and location. Sign-in log analysis for anomaly detection. PIM for just-in-time privileged access.

Conditional AccessMFAPIMSign-in LogsZero Trust

Open SourceJML

IAM Systems Engineer (Vendor-Agnostic)

Keycloak JML Lifecycle (Docker)

Problem: Vendor lock-in limits IAM flexibility. Solution: Keycloak deployment demonstrating Joiner-Mover-Leaver logic, RBAC implementation, MFA enforcement, and audit logging. Proves concept mastery independent of commercial platforms.

KeycloakDockerJMLRBACMFAOIDC

HybridAD

Hybrid IAM Engineer

Hybrid Identity Governance (AD → Entra → ServiceNow)

Problem: Identity silos between on-prem AD and cloud create governance blind spots. Solution: AD Connect synchronization with group-based access governance. Automated onboarding via ServiceNow. Least privilege enforced across hybrid environment.

Active DirectoryAD ConnectEntra IDServiceNowRBAC

GovernanceAudit

Access Governance Analyst

Access Certification & Compliance Automation

Problem: Role creep and stale access accumulate silently, creating audit findings. Solution: Graph API-driven access reviews with manager attestation workflows, automatic revocation of uncertified access, and SOX/SOC2-ready reporting.

Access ReviewsGraph APIPowerShellSOXSOC2

PAMLab

Privileged Access Engineer (Foundational)

CyberArk PAM Foundations Lab

Focus: Lab-based PAM implementation demonstrating privileged account lifecycle. Credential vaulting concepts, checkout workflows, least privilege enforcement for admin access, and audit trail visibility. Mapping concepts to enterprise PAM operations.

CyberArkVaultLeast PrivilegeSession ControlAudit

Enterprise Relevance

Concepts That Scale to Production

The same IAM principles apply whether you're managing 100 or 100,000 identities—tools are interchangeable

Joiner-Mover-Leaver

Lab: SCIM-based provisioning workflows

Production: HR-driven automation onboarding 500+/month. Zero manual provisioning. Immediate deprovisioning on termination eliminates orphaned account risk and reduces audit findings.

Least Privilege & PAM

Lab: JIT role elevation + credential vaulting

Production: No standing admin rights. Time-bound access with approval workflows. Session recording for forensics. SOX/SOC2 audit trail for every privileged action.

Federation & SSO

Lab: SAML/OIDC multi-IdP architecture

Production: M&A identity integration without credential sharing. Centralized authentication policy across 200+ SaaS apps. Reduced attack surface through elimination of local accounts.

Access Certification

Lab: Automated access reviews + reporting

Production: Quarterly certifications for 10K+ identities. Manager attestation with auto-revocation. Separation of duties enforcement. Same governance principles whether in Entra, Okta, or dedicated IGA platforms like SailPoint.

Credentials

Professional Certifications

Industry-recognized credentials validating enterprise IAM expertise

Earned

SC-300

Microsoft Identity & Access Administrator

Earned

Okta Certified Professional

Okta Workforce Identity

Earned

Currently Studying

CompTIA Security+

CompTIA

Studying

ITIL v4 Foundation

PeopleCert / Axelos

Studying

Technical Competencies

IAM Skills & Tools

Hands-on experience across identity platforms, automation, and security operations

Identity Federation

SAML 2.0 OAuth 2.0 OpenID Connect LDAP Integration Cross-Domain Trust IdP/SP Architecture

Governance & Privilege

Identity Governance RBAC / ABAC Models Access Certification PIM / PAM Controls Secrets Management HashiCorp Vault

Cloud IAM

Microsoft Entra ID AWS IAM Conditional Access Cloud Federation IAM Policy Design Role-Based Policies

Directory Services

Active Directory Entra Connect LDAP / Kerberos OU Structure Group Policy Hybrid Identity

Automation & IaC

Python Automation PowerShell Terraform (IAM) Graph API REST APIs Postman Testing

Security Operations

IAM Incident Response Identity Threat Detection Auth Anomaly Analysis SIEM Integration Risk-Based Auth Audit Trail Analysis

Identity Analytics & Automation

Applying automation and analytics to identity operations—using scripts and tooling to analyze access patterns, identify anomalous permission configurations, and accelerate access review workflows. Focused on practical automation that reduces manual effort and improves security posture.

Access Pattern Analysis Anomaly Detection in Permissions Intelligent Access Review Triage Risk-Based Authentication Signals

Get in Touch

Ready to Interview

Available immediately for IAM Analyst and IAM Engineer opportunities

Available Now — NYC Metro Area (Remote/Hybrid/Onsite)

For Recruiters

Have an IAM role to discuss? Let's schedule a call.

Connect Professionally

View my full experience and connect on LinkedIn.

View LinkedIn Profile

LinkedIn GitHub asymister1@gmail.com