Case Studies
Case Study: Resident IAM Modernization for a State Government Customer
Note: Steve provided the following consulting services while working at a different company.
Situation:
A state government customer needed to modernize its resident identity and access management (CIAM) infrastructure to support its growing digital transformation and enhance security across multiple agencies. The decentralized identity systems and increasingly complex privacy requirements created significant challenges. The state required a unified CIAM solution that could handle the diverse needs of its agencies while maintaining high standards for security, compliance, and privacy. Additionally, the evaluation needed to consider not only CIAM, but also Identity Data Management (IDM) and Identity Verification (IDV) vendors and capabilities to fully address the state’s modernization goals.
Action:
Steve spearheaded the modernization initiative, starting with in-depth interviews with key stakeholders across the various state agencies to identify specific CIAM challenges and business requirements. He conducted a comprehensive analysis of market solutions, evaluating CIAM, IDM, and IDV vendors. Through strategic workshops with agency leaders, Steve supported the development of a shared vision for CIAM maturity, helping define long-term objectives and MVP. A custom data-driven decision framework was created to rigorously assess potential solutions, ensuring that CIAM, IDM, and IDV capabilities aligned with the state’s security and privacy goals. Steve also designed a reference architecture and developed a multi-year strategic roadmap, guiding the selection and engagement of the preferred vendors, along with a suitable system integrator (SI). Steve facilitated and hosted privacy evaluations of CIAM vendors, and provided in-depth market and trend analysis of facial recognition and the privacy implications of biometric options for authentication to the CTO.
Result:
Steve’s approach provided state leaders with a holistic, actionable roadmap for CIAM modernization, enabling more strategic decision-making across leadership and addressing the diverse needs of its agencies. The evaluation process ensured that the selected CIAM, IDM, and IDV vendors offered robust, scalable solutions that aligned with the state’s long-term vision. This initiative improved the state’s security governance, enhanced compliance, and established the foundation for efficient, secure identity management. The comprehensive integration of CIAM, IDM, and IDV capabilities has better positioned the state to address future challenges, with increased visibility into identity threats and enhanced risk management across agencies.
Steve’s research and advisory work provided guidance on removing barriers to access, usage, and disparity in state services for an executive briefing.
Case Study: Enterprise IAM Assessment for a $250M ARR Technology Company in Silicon Valley
Situation:
In the aftermath of the SolarWinds breach, a $250M ARR technology company in Silicon Valley recognized significant gaps in its identity and access management (IAM) practices. With no formal IAM framework in place and low overall IAM maturity, the company faced growing concerns about its ability to mitigate identity-based threats. The decentralized nature of the company’s business units compounded the challenge, with no unified approach to managing identity security across the organization. This lack of visibility into access controls and potential vulnerabilities left the company exposed to a range of cybersecurity threats.
Action:
Steve was brought in by the CISO to lead the assessment, beginning with in-depth interviews of over a dozen key stakeholders across multiple business units to understand their specific IAM challenges and requirements. Discovery workshops revealed critical gaps in existing processes and lack of structured governance around IAM practices. Steve worked closely with product teams and senior management to deliver tailored recommendations that aligned with the company’s objectives. He developed a strategic roadmap for IAM maturity, outlining key milestones across Privileged Access Management (PAM), Identity Governance and Administration (IGA), Data Security, and Privacy. The roadmap provided a phased approach to elevate the company’s IAM capability maturity, integrating both short-term wins and long-term improvements.
Result:
The assessment provided the company with a clear understanding of their IAM maturity level and the associated risks. Steve’s work led to the introduction of identity threat intelligence, which increased visibility into potential threats and vulnerabilities. As a result, the company could make data-driven decisions about security investments. The increased awareness generated significant interest across business units, informed strategic planning discussions at the C-suite level, and provided valuable guidance for budgeting future IAM initiatives. The company developed a prioritized action plan to improve security posture, and build a stronger governance structure, setting them up to better defend against future security incidents.
