All Posts

Link to Short Talk on YouTube: https://youtu.be/03xShqPc0NE Access governance has traditionally relied on periodic reviews and manual approvals. But in environments with thousands of identities, applications, APIs, and machine workloads, that model is becoming increasingly difficult to scale. The next evolution may be Autonomous Access Governance, where systems continuously evaluate identity behavior, access usage, and risk signals to adjust access dynamically. Instead of wai

Overview An AI-driven prototype exploring how organizations can improve regulatory compliance through intelligent control mapping, coverage analysis and governance insights. The platform analyzes: regulations controls ownership evidence coverage remediation gaps to identify: missing control mappings governance weaknesses insufficient evidence coverage ownership gaps high-risk compliance domains The AI then generates: control coverage insights remediation priorities governance

Overview Sanctions screening programs in large enterprises often struggle with: repetitive false positives excessive alert volumes poor match quality anomalous overrides operational inefficiencies These challenges increase operational workload, delay investigations and reduce the effectiveness of compliance controls. This prototype explores how AI can help optimize sanctions screening operations through intelligent alert analysis, governance insights and risk-based prioritiza

Overview Anti-Financial Crime (AFC), AML and KYC programs increasingly depend on high-quality, well-governed data to support effective compliance operations, screening accuracy, remediation activities and regulatory reporting. However, many organizations continue to face challenges caused by: fragmented customer data inconsistent KYC quality unresolved alerts poor ownership accountability incomplete remediation tracking duplicate records stale customer reviews weak governance

Overview Enterprise identity ecosystems are rapidly evolving beyond traditional human identities. Modern organizations increasingly rely on: service accounts workload identities APIs automation platforms cloud-native workloads AI agents machine identities As the number of non-human identities grows exponentially, organizations face new governance, lifecycle management, and security challenges that traditional IAM models were not designed to address. This prototype explores ho

Overview Access certification is one of the most critical — and often most operationally challenging — components of enterprise Identity Governance programs. Large organizations frequently struggle with certification fatigue caused by: repetitive low-value reviews excessive entitlement volumes inconsistent approval quality limited risk prioritization fragmented governance accountability As certification campaigns scale across applications, regions, and business units, reviewe

Overview Identity Governance programs often struggle not because of tooling limitations, but because of fragmented ownership, inconsistent accountability, unclear operating models, and disconnected governance structures. As organizations scale globally, especially across complex enterprise and GCC environments, Identity Governance requires a well-defined operating model that balances centralized governance with federated execution. This prototype explores how AI can assist or

Overview Enterprise Identity and Access Management (IAM) environments often accumulate significant governance complexity over time. Fragmented ownership, stale entitlements, excessive privilege, inconsistent RBAC implementation, and dormant identities create what can be described as Identity Technical Debt. This prototype explores how AI can help organizations identify, measure, and prioritize remediation of identity governance debt across enterprise ecosystems. The solution

YouTube Link for the short talk: https://youtu.be/b6BgQs6RKh0 Successful IAM programs are rarely limited by technology alone. In large organizations, IAM effectiveness depends heavily on the quality of identity data, entitlement structures, clear ownership models, governance discipline, and how well operating models support adoption at scale. Even strong IGA or PAM platforms struggle when underlying data is fragmented, entitlements are poorly structured, ownership is unclear,

The Problem Most Enterprises Miss While user identities are heavily governed, non-human identities (NHIs)—such as service accounts and API keys—often remain overlooked. n many environments, I’ve observed: Service accounts running for years without review API keys with high privileges and no clear ownership Credentials that are rarely used—but never revoked Unlike human identities, these do not trigger obvious alerts. They don’t fail loudly—they quietly expand your attack surf

The Problem I Kept Seeing In most enterprises I’ve worked with, identity risk doesn’t fail loudly—it silently accumulates. Users retain access long after they need it Privileged roles remain active despite inactivity Access reviews happen periodically, not when risk actually emerges Traditional IAM systems try to solve this using: Static rules Periodic certifications Manual reviews But the reality is simple: Risk is dynamic — while controls are static The Idea I wanted to exp

YouTube Link for short talk : https://youtu.be/koNNzeSbV8s Many organizations treat data problems as technology problems. In reality, they are ownership and control problems. In areas like Data Office and Anti-Financial Crime, data doesn’t fail because it doesn’t exist; it fails because it isn’t clearly owned, governed, or consistently controlled. If we want data to scale, we need to move beyond tools and focus on the systems around data: ownership, decision rights, and contr

The Problem I Kept Seeing In most enterprises I’ve worked with, identity risk doesn’t fail loudly — it silently accumulates. Users retain access long after they need it.Privileged roles remain active despite inactivity.And risk reviews happen periodically, not when risk actually emerges. Traditional IAM systems try to solve this using: Static rules Periodic certifications Manual reviews But the reality is: Risk is dynamic — while controls are static The Idea I wanted to explo

As enterprises move toward AI-driven security models, traditional signals like network location or device posture are becoming less reliable in increasingly distributed environments. What remains consistent across every interaction is identity . Every action, whether initiated by a human, service, workload, or AI agent, ultimately occurs through an identity. This means identity data, behavior patterns, and contextual authorization signals will increasingly drive security deci

The cloud’s shared responsibility model is well understood in theory: providers secure the infrastructure while organizations secure their workloads, identities, and data. In practice, however, shared responsibility often becomes shared confusion . Responsibilities get spread across security, platform, and application teams, and assumptions form about who owns what. The result is not a lack of tools or controls, it’s gaps in operational ownership. The organizations that manag

Enterprises have invested heavily in strengthening security controls over the past decade. Yet in many complex environments, the real constraint is no longer control coverage — it is ownership clarity. In this video, I share why the next phase of cyber maturity will depend on shifting focus from adding safeguards to strengthening accountability around the controls we already have. Link to You Tube talk: https://youtu.be/4E28qV2OGqY #CyberSecurity#Leadership#EnterpriseSecuri

In enterprise security, the presence of controls often creates a reassuring picture. But real resilience is shaped by how those controls perform in the complexity of day-to-day operations. In this short video, I reflect on the growing gap between perceived control and operational reality — and why the next phase of cyber maturity will depend more on accountability and system behavior than on control coverage alone. Youtube link for the talk: https://youtu.be/ZJGRaOuiyHE

Standardization rarely fails because the model is wrong — it fails because reality is more heterogeneous than we admit. In regulated enterprises especially, progress comes not from denying exceptions, but from governing them well. A short reflection using IAM onboarding as one example. Here is the link to YouTube version of my Talk: https://youtu.be/3wYGjQsS2KM #Transformation #EnterprisePlatforms #Governance #IAM

There’s a strong sense of urgency around AI adoption in enterprises — but we’ve been here before. Identity and Access Management promised security and control, yet struggled at scale not because of technology limitations, but because adoption, ownership, and operating models were underestimated. AI is walking into the same enterprise realities. In this short talk, I explore why AI success will depend less on models and more on leadership decisions — clarity of ownership, deci

When enterprise platforms struggle, the conversation often turns to tools and architecture. In reality, most platforms don’t fail because of technology — they fail because adoption is treated as an afterthought. In complex, regulated environments, adoption depends less on features and more on clarity of ownership, incentives, and decision rights. In this short talk, I share why enterprise platform adoption is fundamentally a leadership challenge. The focus isn’t on choosing b