RONNIE BAILEY

| BIO

Principal Cybersecurity & IAM Strategist

鉁夛笍 opportunities@ronniebailey.cloud | 馃摓 +1 (804) 803-1311

Core Competencies

Identity and Access Management (IAM)

  • Active Directory and LDAP (8+ years)
  • CyberArk (7+ years)
  • ForgeRock IDM (5+ years)
  • Microsoft Azure AD/Entra ID (7+ years)
  • Microsoft Multi-Factor Authentication (MFA)
  • Okta (6+ years)
  • OneIdentity Safeguard and TPAM (2+ years)
  • SailPoint (6+ years)
  • Saviynt (3+ years)
  • Varonis (4+ years)

Cloud & Identity Security

  • AWS (4+ years)
  • Entra ID (7+ years)
  • Google Cloud Platform (GCP) (3+ years)
  • Microsoft 365 (7+ years)
  • Microsoft Azure (7+ years)
  • Secureworks/Sophos
  • Abnormal Security
  • Taegis Secureworks
  • Sophos Central
  • Checkpoint Identity

Endpoint & Threat Protection

  • Carbon Black (4+ years)
  • CrowdStrike (Falcon) (5+ years)
  • Infoblox
  • Microsoft Defender for Identity (7+ years)
  • Microsoft DLP
  • Palo Alto (6+ years)
  • Sophos MDR

Identity & Access Governance

  • ADManager Plus
  • One Identity Starling
  • Bitsight
  • Change Management Process
  • DRATA
  • Fortinet (5+ years)
  • Nessus (6+ years)
  • Qualys (7+ years)
  • Varonis (4+ years)

Collaboration & Workflow Management

  • Confluence (5+ years)
  • Jira (4+ years)
  • SharePoint/Teams (5+ years)
  • Lucid Visual Collaboration Suite

Automation & Scripting

  • COBOL (3+ years)
  • PowerShell (7+ years)
  • Python (5+ years)
  • HTML (6+ years)

Other Technical Expertise

  • Exchange Admin Center
  • Microsoft Exchange Online
  • Aristotle Insight

Achievements

  • Outstanding Security Consultant Award, (2020)
  • Excellence in Identity Security, (2018)

Key Projects

ENTERPRISE-WIDE ZERO TRUST TRANSFORMATION

2022
Department of Homeland Security
  • Led cross-functional team implementing Zero Trust Architecture across 200+ mission-critical applications
  • Developed comprehensive security architecture incorporating micro-segmentation, just-in-time access, continuous verification, and least privilege enforcement
  • Reduced lateral movement risk by 80% while cutting incident response time by 60%
  • Project completed 3 months ahead of schedule, establishing new security baseline for federal systems

MULTI-CLOUD IAM CONSOLIDATION

2023
Kroger, Technology & Digital
  • Unified disparate identity systems during migration to hybrid cloud environment spanning AWS and Azure
  • Designed cloud-native IAM solution with centralized governance, automated workflows, and identity analytics
  • Reduced operational costs by $1.2M annually while improving security posture
  • Enabled seamless identity federation across platforms with 40+ integrated applications
  • Implemented comprehensive IAM solution supporting 32,000+ global users

PRIVILEGED ACCESS SECURITY TRANSFORMATION

2024
LexisNexis & USPTO
  • Spearheaded enterprise-wide privileged access security program incorporating modern PAM solutions
  • Implemented Just-In-Time access, behavioral analytics, and continuous monitoring
  • Developed comprehensive secret management solution for applications and DevOps pipelines
  • Reduced privileged credential exposure by 90% while enabling automated auditing and compliance reporting
  • Solution became reference architecture for other federal agencies

Awards

  • Security Leadership Award - Accessia Health (2021)
  • Best Security Team Award - Kroger Technology & Digital (2023)

Passions

Community Volunteering

Cybersecurity Trends and Developments

Gardening

Scifi Books

Version Fran莽aise

Professional Overview

Principal Cybersecurity & IAM Strategist dedicated to navigating complex corporate ecosystems with adaptability and a critical eye. I bring over 15 years of experience securing organizations across diverse industries. Passionate about designing innovative security solutions, implementing scalable systems, and empowering businesses to thrive in an increasingly digital world. Recognized for leadership in IAM, Zero Trust strategies, and enhancing cloud security. Dedicated to creating resilient infrastructures and driving operational excellence.

Professional Experience

Threat Detection/Security Automation Architect CONTRACT PUBLIC TRUST CLEARANCE
2024 - Present
Federal Contractor, Legal Technology Organization Lexis Nexus / United States Patent and Trademark Office
  • Threat Detection Integration: Engineered solutions using CrowdStrike Falcon, Microsoft Defender, Palo Alto, and Checkpoint Identity Security, correlating telemetry across platforms to reduce incident response time by 90%.
  • Zero Trust Implementation: Constructed framework with Just-In-Time provisioning and risk-based authentication, reducing standing privileges by 60% while implementing continuous authentication monitoring aligned with NIST 800-207.
  • Privileged Access Management: Utilized One Identity Safeguard, Secureworks Taegis, and Sophos MDR in tandem to monitor privileged sessions, detect anomalous behavior, and respond to threats across 500+ hybrid systems.
  • IAM Modernization: Migrated legacy platforms to Microsoft Identity Platform and Okta, enabling FIDO2/WebAuthn passwordless authentication, adaptive MFA, and lifecycle automation using PowerShell and Python for 15,000+ users.
  • Federated Authentication Integration: Integrated Auth0 into enterprise IAM stack to enable OAuth2/OpenID Connect-based SSO across internal apps, supporting FedRAMP and NIST 800-53-compliant authentication workflows.
  • Digital Forensics: Designed and executed forensic response plans using Secureworks Taegis and The Sleuth Kit, implementing NIST 800-86-aligned chain-of-custody workflows to preserve evidence integrity.
  • Cloud Security: Led Azure security blueprint development, integrating NIST 800-53, CIS, and HIPAA frameworks, while automating compliance validation and reporting workflows across Microsoft 365.
  • Multi-Cloud Security: Implemented consistent security controls and policy enforcement across AWS, Azure, and GCP environments with centralized CSPM integration and automated misconfiguration detection.
  • Identity Governance: Unified fragmented IAM tools into enterprise-wide architecture using One Identity, ADManager Plus, and Microsoft Entra ID with AI-driven identity analytics and policy-based provisioning.
  • Microsoft 365 Security: Overhauled Exchange Online with DLP, data classification, and conditional access policies to mitigate insider threats and enforce Zero Trust access principles.

Skills: Entra ID 路 Active Directory 路 Azure Active Directory 路 RSA 路 Crowdstrike 路 SSO/MFA 路 Zero Trust Architecture 路 PowerShell 路 Python 路 Bash 路 Windows/Linux Servers 路 PKI 路 NIST/ISO Standards 路 Technical Documentation

Principal Identity and Access Management, Security Architect
2022 - 2024
Major National Retail Company Kroger, Technology & Digital Department
  • Privileged Access Security: Implemented OneIdentity Safeguard/TPAM, aligning workflows with NIST 800-53 within 6 months and incorporating just-in-time privilege elevation.
  • Endpoint Protection: Deployed CrowdStrike Falcon, reducing malware incidents by 45% across 2,000+ endpoints.
  • Cloud Identity Management: Engineered security modernization using Entra ID/Azure AD for 12,000+ hybrid users with Kubernetes service identity integration.
  • Virtualization Strategy: Standardized infrastructure using VMware vSphere across production and test environments, improving system uptime and reducing operational costs through centralized VM lifecycle management.
  • Container Security: Designed pod identity solution for Azure Kubernetes Service (AKS), eliminating the need for static credentials in containerized applications.
  • Authentication Modernization: Integrated Okta SSO/MFA across 40+ apps, implementing risk-based authentication, and reducing password-reset tickets.
  • Access Control: Streamlined Active Directory with RBAC/conditional access, cutting unauthorized access by 30%.
  • Account Lifecycle Management: Automated processes ensuring HIPAA compliance for 20,000+ accounts.
  • Global Identity Provisioning: Led implementation for 32,000+ users across US/UK teams, cutting onboarding time by 55%.
  • Data Governance: Enhanced security with Varonis, improving audit readiness for SOX/GDPR compliance.

Skills: Microsoft Azure AD/Entra ID 路 OneIdentity Safeguard 路 TPAM 路 CrowdStrike 路 Active Directory 路 Okta 路 SSO/MFA 路 Varonis 路 PowerShell 路 Account Lifecycle Management 路 Technical Debt Management 路 Global Team Collaboration

Customer Identity & Access Management, Architect CONTRACT PUBLIC TRUST CLEARANCE
2022 - 2022
Federal Contractor Department of Homeland Security, OCIO, United States Secret Service
  • Privileged Access Management: Streamlined CyberArk's PAM workflows, achieving 100% compliance with NIST 800-53.
  • Network Security: Deployed Fortinet FortiGate firewalls and micro-segmentation, achieving full CISA Zero Trust compliance.
  • Enterprise IAM Strategy: Positioned IAM as the cornerstone of DHS security, integrating Active Directory, OAuth 2.0, and SAML 2.0 for 100+ legacy systems.
  • Serverless Security: Implemented secure identity practices for serverless functions in GCP, enabling principle of least privilege with function-level permissions.
  • Risk-Based Access Control: Mapped 75+ systems to business-criticality tiers, reducing high-risk privileged accounts by 35%.
  • Cloud Migration Security: Orchestrated GCP migration for 50+ on-premises systems, enabling FedRAMP Moderate authorization with comprehensive SIEM integration.
  • Identity Governance: Enforced granular access policies via Saviynt across 15,000+ user accounts.
  • Security Certification: Spearheaded ISO 27001 certification for DHS's Information Security Management System.
  • Agile Development: Utilized Agile, SCRUM, and scripting languages (PowerShell, Python, Java) to enhance system resilience and efficiency in alignment with FISMA compliance and security standards.

Skills: CyberArk 路 Google Cloud Platform (GCP) 路 FISMA Compliance 路 PowerShell 路 Python 路 Java 路 Active Directory 路 OAuth 路 SAML 路 Fortinet 路 Zero Trust Architecture 路 FedRAMP 路 ISO 27001 路 Saviynt 路 Qualys

Cloud Vulnerability, Analyst CONTRACT
2021 - 2021
Non-profit Healthcare Accessia Healthcare
  • Single Sign-On Implementation: Deployed PingFederate and Citrix NetScaler with 99.9% uptime for healthcare applications.
  • Privileged Access Security: Spearheaded CyberArk implementation with NIST 800-53-aligned credential vaulting.
  • Threat Detection: Engineered Microsoft Defender for Identity integration, reducing unauthorized access incidents by 75%.
  • Cloud-Native Security: Implemented identity-aware proxies and service meshes for securing microservices architecture in AWS.
  • Identity Architecture: Designed framework integrating Azure AD and PingFederate for 5,000+ hybrid identities.
  • Behavioral Authentication: Implemented user and entity behavior analytics (UEBA) to detect compromised credentials and insider threats.
  • Secure Communications: Modernized SSL/TLS protocols for 150+ domains, maintaining 100% compliance.
  • Risk Management: Led vulnerability assessments aligned with NIST 800-53 and HIPAA standards.
  • Compliance Automation: Implemented reporting via PingFederate logs for SOX, GDPR, and HIPAA audits.

Skills: HIPAA/NIST Compliance 路 Vulnerability Assessment 路 Healthcare IT 路 Microsoft Defender 路 MFA Implementation 路 SSL/TLS Management 路 EHR/PACS Systems 路 Auth0 路 CyberArk 路 Regulatory Compliance (SOX, GDPR)

Privileged Access Management, Architect
2019 - 2021
Pharmaceutical Company Indivior Pharmaceuticals
  • Privileged Account Security: Deployed BeyondTrust PAM, securing 1,200+ privileged accounts with SOX-compliant audit controls.
  • Conditional Access: Architected role-based, location-based, and device-compliance policies in Microsoft Entra ID.
  • Cloud Security: Designed GCP security framework using Google IAM and Security Command Center for real-time threat detection.
  • SSO & MFA Integration: Integrated Azure AD/Entra ID to enhance user verification and streamline access management.
  • Data Protection: Implemented BitLocker encryption and backup policies to safeguard ePHI across all endpoints.
  • Continuous Authentication: Implemented risk-based authentication with context-aware access policies to dynamically adjust security requirements.
  • Infrastructure-as-Code Security: Integrated security guardrails into Terraform deployments, ensuring compliance from deployment to runtime.
  • Identity Lifecycle Management: Engineered SailPoint provisioning/deprovisioning workflows for 500+ employees.
  • Identity Governance: Led SailPoint IdentityNow implementation, enabling centralized governance for distributed workforce.
  • Least Privilege Implementation: Mapped 200+ job functions to least-privilege roles, eliminating segregation-of-duties conflicts.
  • Mobile Device Security: Designed IAM solutions using Microsoft Intune for secure mobile device management and remote access enforcement.
  • Endpoint Protection: Maintained Carbon Black for threat hunting, policy enforcement, and incident response.

Skills: Microsoft Azure AD/Entra ID 路 SSO/MFA 路 BitLocker 路 Microsoft Intune 路 Active Directory 路 Linux Administration 路 SailPoint IdentityNow 路 Google Cloud Platform (GCP) 路 BeyondTrust 路 Carbon Black 路 PowerShell 路 Python

Identity and Access Management, Analyst CONTRACT
2019 - 2019
Financial Services Wells Fargo Bank
  • Zero Trust Architecture: Designed the bank's first Zero Trust-aligned IAM framework, reducing policy exceptions by 35%.
  • Security Automation: Leveraged Microsoft Defender's auto-remediation capabilities, cutting manual SOC tasks by 30%.
  • Customer Authentication: Engineered progressive profiling workflows using ADFS with 99.9% portal uptime.
  • Multi-Cloud Security Governance: Implemented consistent identity controls across AWS and Azure environments.
  • Regulatory Compliance: Enforced FFIEC and GLBA requirements via SCCM and Office 365 access controls.
  • Identity Management: Maintained 12,000+ user accounts across hybrid environments through automated lifecycle workflows.
  • Security Training: Conducted staff education on best practices, reducing phishing incident response time.

Skills: IAM Compliance 路 Agile/Waterfall Methodologies 路 Active Directory 路 Office 365 路 SCCM 路 VMware 路 Microsoft Defender 路 Splunk 路 COBOL 路 Security Awareness Training

Customer Identity & Access Management, Engineer
2015 - 2019
Digital Security Consulting Firm Wellsecured IT
  • IAM Transformation: Led migration to ForgeRock Identity Management, standardizing identity lifecycle workflows for hybrid environments.
  • Access Control: Architected conditional access policies using Microsoft Defender for privileged account management.
  • Security Monitoring: Integrated Splunk with IAM tools, achieving ISO/IEC 27001 and NIST 800-53 compliance.
  • API Security: Implemented OAuth 2.0 and OpenID Connect protocols for securing cloud-native application APIs.
  • Cloud Identity Security: Built AWS IAM roles and encryption protocols across multi-cloud environments.
  • Secure Access Solutions: Designed Citrix-based security for financial services clients' mission-critical applications.
  • Customer Authentication: Spearheaded Auth0 integration for client-facing portals, balancing security with user experience.
  • Security Automation: Partnered with DevOps teams to streamline log analysis and incident response.

Skills: ForgeRock IDM 路 Splunk 路 ISO/IEC 27001 路 NIST Standards 路 Ping Identity 路 Citrix 路 VMware 路 VirtualBox 路 Hyper-V 路 PowerShell 路 AWS 路 Auth0 路 Identity Lifecycle Management

Cloud Security Operations
2011 - 2015
Cybersecurity Consulting Firm Cloudcentria Security
  • Threat Response: Neutralized multi-vector DDoS attacks targeting financial sector clients with 99.99% uptime.
  • Identity Integration: Pioneered Azure AD patterns for hybrid environments, adopted by Microsoft partner network.
  • Digital Forensics: Led investigation recovering stolen intellectual property, establishing cloud evidence handling protocols.
  • Cloud Workload Protection: Implemented comprehensive security for IaaS, PaaS, and serverless deployments across AWS environments.
  • Compliance Management: Developed NIST 800-53 and ISO 27001-aligned policies with 100% audit success.
  • Vulnerability Management: Scaled Nessus-based assessments to 15,000+ assets in AWS/Azure infrastructure.
  • Authentication Unification: Integrated Ping Identity with Okta across SaaS platforms, reducing helpdesk requests.
  • Security Training: Educated analysts in Kali Linux penetration testing methodologies for cloud environments.

Skills: Policy Development 路 Kali Linux 路 Penetration Testing 路 Ping Identity 路 Active Directory 路 Azure AD/Entra ID 路 DDoS Mitigation 路 Nessus 路 Digital Forensics 路 The Sleuth Kit 路 Incident Response

Systems Administrator II
2009 - 2011
PC Repair uBreakiFix
  • Technical Support: Delivered first-level support for hardware, software, and network issues via phone, email, and in-person.
  • Incident Management: Assessed and prioritized tickets based on impact and urgency to meet SLA targets.
  • Customer Service: Maintained high satisfaction through timely support and detailed documentation of service desk activities.

Skills: Governance, Risk Management, and Compliance (GRC) 路 Strategy and Leadership 路 Technical Proficiency and Innovation 路 Technical Support 路 Hardware/Software Troubleshooting 路 SLA Management

IT Support Associate II
2006 - 2009
Major National Electronics Retail Company Circuit City
  • Technical Support: Provided troubleshooting for computer and electronic products, resolving hardware and software issues.
  • Product Setup: Assisted customers with initial configuration, software installations, and feature explanations.
  • Hardware Repair: Conducted basic repairs or coordinated with authorized service providers.
  • Inventory Management: Maintained stock of computer accessories and ensured product availability.
  • Customer Engagement: Collaborated with sales team to align technology solutions with customer needs.
  • Product Knowledge: Stayed current on technology trends and updated demo areas to reflect latest offerings.

Skills: Governance, Risk Management, and Compliance (GRC) 路 Strategy and Leadership 路 Technical Proficiency and Innovation 路 Customer Support 路 Product Knowledge 路 Hardware Repair 路 Inventory Management

Volunteer

Events Coordinator VOLUNTEER
2024 - Present
Technology Organization/Non-Profit Volunteer Blacks in Technology: Richmond, Virginia Chapter (Volunteer)
  • Event Planning: Organized technology-focused events including webinars, workshops, and networking meetups to foster community engagement.
  • Stakeholder Coordination: Collaborated with tech speakers, sponsors, and volunteers to ensure seamless event execution.
  • Event Promotion: Managed outreach through social media and marketing channels to maximize attendance and participation.
  • Logistics Management: Handled event logistics such as venue selection, scheduling, and registration processes.
  • Continuous Improvement: Collected and analyzed attendee feedback to enhance the quality and impact of future events.
  • Content Creation: Produced post-event content including summaries, interviews, and blog posts to highlight community insights and outcomes.
  • Skills: Event Planning 路 Tech Community Engagement 路 Public Speaking 路 Content Creation 路 Social Media Marketing 路 Networking 路 Leadership

Education

  • Bachelor's of Science in Cybersecurity, University of Richmond March 2025
    • Relevant Coursework: Network Security, Cryptography, Ethical Hacking
  • Associate of Applied Science in Information Systems, Reynolds College May 2021
    • Relevant Coursework: Database Management, Web Development, Programming Fundamentals

Certifications

  • AZ-900, Microsoft Azure Fundamentals March 2025
  • Cybersecurity Essentials, Cisco Oct 2021
  • IBM Cloud Essentials, IBM Oct 2021
  • Network Administration, Reynolds College July 2020

Awards and Honors

  • Human Rights Education Training: US Institute of Diplomacy and Human Rights Dec 2023
  • Phi Theta Kappa Honor Society, International Honor Society April 2018
  • Dean's List, Reynolds College June 2018