```
Actively Seeking
```

Ronnie Bailey

Lead Identity Security Architect

15 years shaping how enterprise organizations secure, govern, and scale identity. Across Fortune 500 firms, federal agencies, and critical infrastructure, the work has always been the same at its core: make identity the thing that holds when everything else is under pressure.

Contact IAM Insights Blog Case Studies

Perspective

To me, identity should not just be considered a product you deploy. I have come to learn that identity is a decision framework that runs underneath everything your organization does like who gets in, what they can touch, when that access ends, and what happens when something breaks. In my experience most organizations treat it as infrastructure, however the ones that get it right understand and treat it as policy. To me it is an important distinction and more of a necessity than any tool in the stack.

What I have learned across 15 years of this work is that the hardest problems in identity are rarely technical. The technical problems have answers. The hard problems are organizational: nobody owns the policy, the accountability structure was never defined, the exception became the rule, and by the time someone notices the debt is structural. My value is in knowing how to walk into an environment where identity was built by ten different people over ten years and make it coherent, defensible, and owned.

I think about identity security the way a good architect thinks about a building. The foundation has to be sound before you add floors. Zero Trust is often used as a buzzword but in my experience it is a posture you earn incrementally by making every access decision explicit and every privilege temporary. That work is unglamorous and it is constant however it is the difference between an organization that knows its exposure and one that finds out during an incident.

The most important work I do now is translate. Technology decisions that are not understood by the people who fund them get defunded when priorities shift. Risk that is not legible to a CISO or a board does not get mitigated but usually ends up inherited by the next team. My role is to ensure that doesn't happen by bridging the gap between technical realities and business decisions so they stay aligned.

Professional Experience

Principal Cybersecurity Architect / Senior IAM Engineer
iHeartMedia
Full-time 06/2025 – Present
  • Own the enterprise identity security program as the senior IAM expert across a hybrid environment of more than 30,000 users spanning iHeartMedia's full corporate portfolio, including Katz Media Group (over 3,500 radio stations and 450 TV stations), Triton Digital (global ad-tech SaaS operating across more than 50 countries), Premiere Networks, and subsidiary brands, responsible for Entra ID, Active Directory, and BeyondTrust PAM across all identity domains.
  • Designed and govern a 60-policy Conditional Access estate aligned to Zero Trust, implementing MFA enforcement, device compliance requirements, and risk-based access controls while stabilizing inconsistent policy behavior across applications.
  • Established identity governance from the ground up by building an ownership registry and RACI framework where no accountability structure previously existed, assigning policy ownership and enforcing accountability across security and engineering teams.
  • Architect and enforce enterprise IAM across Entra ID, AWS IAM, and Google Cloud Identity, standardizing least privilege access and eliminating inconsistent access patterns across hybrid and multi-cloud environments.
  • Manage the full identity lifecycle including joiner, mover, and leaver workflows, integrating Workday via API and SCIM to drive provisioning, deprovisioning, and dynamic group membership across enterprise applications.
  • Built identity-driven workflows in Azure Logic Apps integrating Workday attributes and Entra ID signals, enforcing onboarding decisions based on start date thresholds, HR status, and system readiness while eliminating manual provisioning delays.
  • Generate conditional evaluation logic handling onboarding edge cases including delayed start dates, mismatched HR status, and incomplete downstream system readiness, introducing decisioning and alerting across the identity stack.
  • Lead SSO and federation strategy across the application portfolio using SAML and OIDC, serving as escalation authority for complex authentication failures including claims mapping mismatches, token misconfiguration, certificate trust issues, and identity normalization conflicts between systems.
  • Resolved authentication failures across integrated systems including Workday, Genea, and cloud identity providers, addressing inconsistencies between UPN, email, and directory attributes.
  • Own federation certificate lifecycle across all trust relationships, implementing proactive rotation processes to eliminate emergency renewals and prevent authentication outages tied to expired signing certificates.
  • Designed and enforce privileged access strategy using BeyondTrust and Entra ID PIM, removing standing privilege and enforcing just-in-time administrative access across elevated roles and service accounts.
  • Built privileged access workflows supporting approval-based elevation, session monitoring, and auditability across administrative activities.
  • Govern secrets and credential management across BeyondTrust Secrets Safe, Password Safe, and Azure Key Vault, enforcing credential rotation, access control, and auditability for privileged and non-human identities.
  • Identified and remediated identity risk including shared account overexposure, stale privileged access, and legacy group sprawl across Active Directory.
  • Participated in remediation of service account misuse tied to operational systems, enforcing separation between interactive and non-interactive access patterns.
  • Serve as responder for IAM incidents when support tiers and standard resolution paths fail, focusing on root cause resolution across authentication failures, federation breakdowns, and access outages.
  • Investigated AADSTS errors, sign-in failures, and Conditional Access misconfigurations using Entra sign-in logs and policy evaluation.
  • Deliver weekly identity governance reporting to the CISO, translating technical findings into prioritized remediation plans with clear ownership, accountability, and measurable risk reduction.
Skills: Entra ID · Active Directory · BeyondTrust · Azure Logic Apps · AWS IAM · Google Cloud Identity · Workday · SAML · OIDC · Azure Key Vault · Conditional Access · Entra ID PIM · PowerShell · Python · Zero Trust · SCIM · ServiceNow
Lead Identity Security Architect
LexisNexis / United States Patent and Trademark Office
Contract | Public Trust Clearance 04/2024 – 06/2025
  • Designed Zero Trust architecture aligned to NIST 800-207 with JIT provisioning and continuous authentication monitoring, adjusting access decisions in real time based on behavioral risk signals.
  • Built behavioral risk evaluation models adjusting access decisions dynamically based on user activity and contextual identity signals.
  • Led Azure security architecture aligned to NIST 800-53 and CIS standards, authoring Infrastructure-as-Code security policies that enforce baseline configurations and surface configuration drift in real time.
  • Standardized identity and security controls across AWS, Azure, and GCP with centralized CSPM integration, delivering unified dashboards aggregating risk signals across all three platforms for executive visibility.
  • Redesigned One Identity Safeguard deployment for enterprise-wide privileged access control, executing a full offboarding and re-onboarding of privileged assets and realigning session recording, account rotation, and access policies from the ground up.
  • Integrated Auth0 to deliver OAuth2 and OIDC-based SSO across enterprise applications, supporting FedRAMP and NIST 800-53-compliant authentication workflows with certificate rotation and trust validation.
  • Engineered threat correlation across CrowdStrike Falcon, Microsoft Defender, Palo Alto, and Checkpoint, improving detection quality and reducing response time through intelligent alert triage and deduplication.
  • Designed forensic response processes using Secureworks Taegis aligned to NIST 800-86, ensuring defensible evidence handling and investigation integrity.
  • Translated complex architecture and security findings into business impact for executive stakeholders, enabling informed decision-making on risk and remediation priorities.
Skills: Zero Trust · Entra ID · Azure · GCP · AWS · NIST 800-53 · CIS Controls · MITRE ATT&CK · One Identity Safeguard · CrowdStrike · Microsoft Defender · Palo Alto · Auth0 · SAML · OIDC · OAuth2 · PowerShell · Python · Incident Response
Identity & Access Management Architect
Kroger, Technology & Digital Department
Full-time 12/2022 – 02/2024
  • Led identity provisioning for 32,000 users across US and UK operations while maintaining HIPAA compliance, implementing structured lifecycle controls and removing manual provisioning from the critical path.
  • Built role-aware provisioning workflows adapting access based on job function and peer access patterns, reducing inconsistent access assignments and privilege creep.
  • Implemented PAM using One Identity Safeguard and TPAM, enforcing just-in-time privilege elevation tied to ServiceNow approval workflows and significantly reducing standing privileged access.
  • Modernized identity using Entra ID across 12,000 hybrid users, eliminating legacy access models and improving authentication consistency across applications.
  • Integrated Ping SSO and MFA across more than 40 applications using risk-based authentication policies; behavioral analytics reduced password-reset volume while cutting unauthorized access attempts.
  • Designed AKS workload identity solution eliminating static credentials in containerized environments through workload identity federation.
  • Built continuous access certification processes using behavioral analytics to identify dormant accounts, excessive permissions, and separation-of-duties violations across 20,000 accounts.
  • Deployed CrowdStrike Falcon with threat hunting playbooks across a fleet of 2,000 endpoints, strengthening threat detection, visibility, and incident response capabilities.
  • Deployed Varonis for file access monitoring and data classification, strengthening SOX and GDPR audit readiness through continuous policy validation.
  • Streamlined Active Directory using RBAC and Conditional Access to reduce policy drift and improve access governance consistency.
Skills: Entra ID · Azure AD · OneIdentity Safeguard · TPAM · Ping Identity · Okta · CrowdStrike · Varonis · VMware · Kubernetes · AKS · ServiceNow · NIST 800-53 · PowerShell · Python
Customer Identity & Access Management Architect
Homeland Security, OCIO / US Secret Service
Contract | Public Trust Clearance 02/2022 – 12/2022
  • Positioned IAM as a cornerstone of DHS security strategy, integrating Active Directory, OAuth 2.0, and SAML 2.0 across 100+ legacy systems in distributed federal infrastructure with automated federation trust management.
  • Spearheaded ISO 27001 certification for the DHS Information Security Management System, establishing an enterprise security governance framework with automated control validation that was adopted agency-wide.
  • Orchestrated the GCP migration of 50+ on-premises systems to FedRAMP Moderate authorization, standing up comprehensive SIEM integration and automated continuous compliance monitoring with infrastructure-as-code security baselines.
  • Secured serverless functions in GCP with automated workload identity federation, enforcing least privilege at the function level with permissions that adjust dynamically based on runtime context.
  • Enforced granular access policies via Saviynt across 15,000+ user accounts with automated entitlement reviews and separation-of-duties enforcement, dramatically reducing manual certification effort through intelligent access analytics.
  • Delivered Agile-based security automation using PowerShell, Python, and Java aligned to FISMA compliance, producing reusable modules adopted across DHS security teams.
Skills: CyberArk · GCP · FISMA · FedRAMP · ISO 27001 · Saviynt · PowerShell · Python · Java · Active Directory · OAuth 2.0 · SAML 2.0 · Zero Trust Architecture
Cloud Vulnerability Analyst
Accessia Health National Non-Profit Patient Assistance
Contract 07/2021 – 12/2021
  • Led vulnerability management aligned to NIST 800-53 and HIPAA across enterprise systems, prioritizing remediation based on exploitability, business criticality, and threat intelligence.
  • Built audit-ready compliance reporting via PingFederate logs supporting SOX, GDPR, and HIPAA requirements with real-time dashboards for continuous authentication visibility.
  • Deployed PingFederate and Citrix NetScaler supporting high-availability authentication services through failover and health monitoring.
  • Designed credential vaulting and rotation for privileged healthcare accounts, eliminating static privileged credentials across the environment.
  • Secured AWS workloads using identity-aware proxies and service mesh policy enforcement, enabling zero trust network access for containerized healthcare applications.
  • Embedded security review into the infrastructure change process using policy-as-code frameworks, catching compliance violations before deployment rather than after.
  • Managed certificate lifecycle across a portfolio of 150 domains ensuring continuous compliance and eliminating manual tracking overhead.
Skills: HIPAA · NIST 800-53 · SOX · GDPR · PingFederate · Citrix NetScaler · AWS · PowerShell · CyberArk · Vulnerability Assessment
Privileged Access Management Architect
Indivior Pharmaceuticals Global Specialty Pharmaceutical
Full-time 10/2019 – 07/2021
  • Led enterprise PAM transformation, mapping more than 200 job functions into structured least privilege RBAC models to systematically reduce excessive access across enterprise applications.
  • Deployed BeyondTrust PAM securing approximately 1,200 privileged accounts, enforcing SOX-compliant credential rotation, session monitoring, and audit controls while eliminating standing privileged access for routine operations.
  • Designed adaptive access policies in Entra ID with risk-based scoring that enforces access controls dynamically based on real-time threat intelligence and user behavior.
  • Built privileged access workflows supporting just-in-time elevation, approval-based access, and administrative tier separation.
  • Established centralized governance for privileged accounts across legacy systems and business units.
  • Built GCP security framework using Google IAM and Security Command Center, introducing centralized threat detection, policy enforcement, and access visibility across workloads.
  • Implemented BitLocker encryption with deployment and backup policies protecting ePHI across all endpoints in compliance with HIPAA requirements.
  • Integrated Terraform guardrails using policy validation, enforcing compliance from deployment through runtime with continuous scanning and drift detection.
  • Designed mobile device management using Microsoft Intune with enforcement policies for a distributed workforce, securing remote access without impeding productivity.
  • Supported incident response through analysis of privileged account activity and identification of misuse patterns across enterprise endpoints.
  • Briefed executive leadership on security risks, compliance gaps, and mitigation strategies, translating technical findings into business impact through data-driven risk dashboards.
Skills: BeyondTrust · CyberArk · Entra ID · Azure AD · GCP · Microsoft Intune · Carbon Black · SOX Compliance · Terraform · PowerShell · Python
Identity & Access Management Analyst
Wells Fargo Bank
Contract 04/2019 – 10/2019
  • Designed a Zero Trust-aligned IAM framework with risk-based access controls, applying continuous verification and intelligent policy recommendations driven by historical access patterns.
  • Built consistent identity controls across AWS and Azure environments using infrastructure-as-code for policy synchronization across cloud platforms.
  • Enforced FFIEC and GLBA requirements via SCCM and Office 365 with access controls and continuous compliance monitoring across the banking environment.
  • Extended Microsoft Defender's remediation capabilities through orchestrated threat response workflows and intelligent alert correlation, reducing analyst triage time.
  • Engineered progressive profiling workflows using ADFS with failover for customer-facing banking applications, adding intelligent session management and fraud detection capabilities.
  • Maintained a user base of 12,000 accounts across hybrid environments through lifecycle workflows, ensuring timely access grants and revocations via HR system integration.
  • Ran staff security education alongside phishing response workflows, significantly reducing incident response time through orchestrated investigation and remediation.
  • Briefed upper management on cloud security risks and mitigation strategies using risk dashboards that provided actionable recommendations and continuous visibility into posture trends.
Skills: Zero Trust Architecture · AWS · Azure · ADFS · Office 365 · SCCM · Microsoft Defender · FFIEC · GLBA · Agile · Waterfall
Customer Identity & Access Management Engineer
Wellsecured IT Enterprise IT Security Solutions
Full-time 10/2015 – 01/2019
  • Designed and implemented unified Zero Trust frameworks across Azure, GCP, and M365, aligning Conditional Access, PIM, and JIT workflows to reduce standing privileges by over 70% while strengthening overall security posture.
  • Served as the technical escalation authority for business-critical IAM failures: certificate expirations, broken SAML trusts, provisioning system outages. When automated remediation and support tiers couldn't resolve it, the problem came to me.
  • Mentored IAM engineers on automation frameworks, schema change management, and certificate lifecycle operations; created standardized runbooks and automation templates that reduced team dependency on senior resources for routine work.
  • Built automated certificate monitoring and renewal systems for SAML, OIDC, and OAuth2 across 100+ enterprise applications; proactive 60-day alerts and direct SaaS vendor coordination eliminated authentication outages and manual tracking overhead entirely.
  • Managed directory schema and attribute governance across Entra ID, Active Directory, and ActiveIDM to maintain data integrity in automated lifecycle processes; resolved sync failures between Workday, AD, and downstream identity repositories through intelligent data validation.
  • Served as the primary escalation for Workday-to-AD-to-Entra provisioning failures, resolving complex attribute mapping errors and sync breakdowns that blocked joiner, mover, and leaver processes across the hybrid identity stack.
  • Administered ActiveIDM's role-based provisioning engine with exception handling logic that routes edge cases to appropriate approvers automatically based on organizational hierarchy and risk level.
  • Led migration to ForgeRock Identity Management with automated workflow standardization for hybrid environments, cutting provisioning delays through intelligent lifecycle automation and structured exception handling.
  • Integrated Splunk with IAM tooling for automated security event monitoring and alerting, achieving ISO/IEC 27001 and NIST 800-53 compliance through centralized log correlation and threat detection.
  • Delivered Auth0 integration for client-facing financial services portals, building intelligent authentication that balanced security requirements with user experience at scale.
  • Authored Conditional Access policies using Microsoft Defender with automated recommendations for privileged account management, enforcing risk-based access decisions through continuous policy evaluation.
  • Implemented OAuth 2.0 and OpenID Connect with automated token lifecycle management for cloud-native application APIs and microservices architectures.
  • Built AWS IAM roles and encryption protocols across multi-cloud environments with automated policy enforcement ensuring consistent least-privilege patterns at scale.
  • Partnered with DevOps to embed automated log analysis and incident response directly into CI/CD pipelines.
Skills: ForgeRock IDM · Splunk · ISO/IEC 27001 · NIST 800-53 · Ping Identity · Citrix · VMware · PowerShell · AWS · Auth0 · Azure AD · Workday · ActiveIDM
Cloud Security Operations Lead
Cloudcentria Security Cloud Cybersecurity Firm
Full-time 06/2011 – 12/2015
  • Built cloud security and identity programs from the ground up across AWS and hybrid environments, establishing foundational IAM controls, governance models, and policy-as-code frameworks aligned to NIST 800-53 and ISO 27001.
  • Designed identity federation across SaaS platforms including Okta, Auth0, and application providers, resolving authentication failures and enabling centralized access control.
  • Led forensic investigations establishing chain-of-custody processes for security incidents, including recovery of stolen intellectual property that established cloud forensics protocols adopted as industry practice.
  • Delivered AWS security architecture including identity design, access enforcement, and continuous validation across IaaS, PaaS, and serverless deployments.
  • Scaled vulnerability management to an environment exceeding 15,000 assets across AWS and Azure, with prioritization by exploitability and business impact using Nessus-based assessments.
  • Optimized Entra ID Connect sync logic and hybrid sync rules, normalizing attributes and UPN conventions to keep identity data consistent across cloud and on-premises environments.
  • Administered BeyondTrust Password Safe with secret rotation and vault access workflows, eliminating credential sprawl through JIT tied to approved change management processes.
  • Partnered with SOC teams during active incidents supporting containment, investigation, and remediation efforts including analysis of token misuse and privileged session activity.
Skills: NIST 800-53 · ISO 27001 · AWS · Azure · Nessus · Ping Identity · Okta · Auth0 · BeyondTrust · Entra ID · Splunk · Digital Forensics
Systems Administrator
uBreakiFix Tech Repair and Support
Full-time 2009 – 2011
  • Technical Support: Delivered first-level support for hardware, software, and network issues via phone, email, and in-person.
  • Incident Management: Assessed and prioritized tickets based on impact and urgency to meet SLA targets.
  • Customer Service: Maintained high satisfaction through timely support and detailed documentation of service desk activities.
Skills: Technical Support · Incident Management · Customer Service · Hardware Repair · System Administration
IT Support Associate
Circuit City Consumer Electronics Retail
Full-time 2006 – 2009
  • Technical Support: Provided troubleshooting for computer and electronic products, resolving hardware and software issues.
  • Product Setup: Assisted customers with initial configuration, software installations, and feature explanations.
  • Hardware Repair: Conducted basic repairs or coordinated with authorized service providers.
  • Inventory Management: Maintained stock of computer accessories and ensured product availability.
  • Customer Engagement: Collaborated with sales team to align technology solutions with customer needs.
  • Product Knowledge: Stayed current on technology trends and updated demo areas to reflect latest offerings.
Skills: Technical Support · Hardware Repair · Customer Service · Inventory Management · Product Knowledge

Key Projects

Nuclear Energy Cloud IAM Transformation
Westinghouse Electric Company (2024)
  • Designed and implemented federated identity architecture enabling secure nuclear data processing in cloud environments.
  • Built MFA enforcement using Azure AD aligned to nuclear industry security requirements.
  • Implemented Conditional Access policies and just-in-time access via Privileged Identity Management for administrator accounts.
  • Executed security testing protocols supporting regulatory compliance validation.
Municipal Identity Threat Protection
City of Chesapeake, Virginia (2024)
  • Integrated CrowdStrike Falcon with identity systems to monitor authentication activity in real time.
  • Implemented Active Directory tiered administrative model for privileged access control.
  • Designed RBAC framework for critical municipal systems balancing security and operational continuity.
  • Delivered identity threat detection training using real-world attack scenarios.
Federal ICAM Compliance Analysis
Department of Veterans Affairs (2023)
  • Analyzed privileged accounts across federal systems using CyberArk PAM, identifying and categorizing access control gaps.
  • Improved PIV compliance metrics by 35 percent through structured reporting and remediation.
  • Designed SailPoint and Okta integration approach, establishing foundation for streamlined identity governance.
  • Implemented CyberArk policies aligned to Azure Conditional Access enforcement.
  • Established centralized identity event logging using Azure Event Hub.
Enterprise Provisioning Automation
Lithia Motors Fortune 500 Automotive Retail (2022)
  • Developed PowerShell scripts provisioning 15,000 user accounts, reducing processing time by 60 percent.
  • Built Azure Log Analytics workspaces monitoring critical provisioning workflows with real-time visibility.
  • Standardized provisioning processes across US and UK IT teams.
  • Remediated legacy provisioning technical debt and enforced Defender EDR policies.
  • Built compliance reporting using KQL queries against Azure Sentinel data.
Retail Authentication Directory
Lands' End Fortune 500 Apparel and Lifestyle (2021)
  • Designed authentication directory with selective attribute filtering for secure external partner access.
  • Built PingFederate authentication policies with MFA balancing usability and security requirements.
  • Implemented OpenID Connect for customer-facing applications.
  • Created ServiceNow-integrated troubleshooting tools for helpdesk teams, reducing resolution time for common issues.
Enterprise-Wide Zero Trust Implementation
DHS / US Secret Service (2022)
  • Led Zero Trust implementation across more than 200 mission-critical applications with micro-segmentation and continuous verification.
  • Reduced lateral movement risk by 80 percent while cutting incident response time by 60 percent.
  • Completed 3 months ahead of schedule, establishing a new security baseline for federal systems.
  • Integrated CyberArk, Fortinet, and identity governance frameworks aligned to NIST 800-53.

Cybersecurity News & Insights

Education & Certifications  ·  BS Cybersecurity, University of Richmond (In Progress)  ·  AAS Information Systems, Reynolds College  ·  AZ-900 Microsoft Azure Fundamentals (In Progress)  ·  Cybersecurity Essentials, Cisco  ·  IBM Cloud Essentials  ·  Network Administration, Reynolds College

```