Selected Projects

A selection of recent architecture, identity, cloud, risk and transformation projects delivered for global enterprises, public institutions and critical-infrastructure organisations.

Each project demonstrates end-to-end ownership, clarity, and measurable outcomes — without operational firefighting or excessive bureaucracy.

Microsoft (via Penta Consulting) — Hybrid Identity & Zero Trust Advisory 

Delivered advanced workshops and architecture advisory to EU agencies, ministries, universities and financial sector clients. Covered Hybrid Identity, ADFS→Entra migration, Conditional Access design, RC4 decommissioning, PAW roadmaps and break-glass strategies.

Highlights:

• Corrected Microsoft documentation errors in “7-Day Hybrid Identity Workshop”

• Led Zero Trust and privileged access architecture sessions

• Advised banks & public sector on critical protocol and identity governance changes

Electrolux — Azure Governance, AD Tier 0, PAM Framework 

Drove security architecture improvements across Azure, AD and PAM. Implemented AD Tier-0 isolation, Azure RBAC governance, BeyondTrust PAM onboarding framework and ISO-aligned access control procedures.

Outcomes:

• Reduced risk for Domain Admin access

• Delegation model aligned with compliance

• PAM operating procedures adopted globally

Ahold Delhaize (via TCS) — Hybrid Identity Stabilisation

Escalation lead for one of the world’s largest AD & Entra environments (>700k users). Resolved cross-domain issues, misconfigured trusts, DNS/Infoblox problems, GPO failures and high-impact outages.

Built PowerShell automations for IAM ops and assisted in root-cause analysis for identity failures.

Outcomes:

• Improved operational stability

• Faster incident response

• Reduced configuration drift

AML RightSource — Azure Security & IAM Transformation

Delivered cloud and identity transformation for a fast-growing global organisation. Designed privileged access strategy, PIM/break-glass governance, naming conventions, RBAC model, and endpoint migration from GPO to Intune.

Outcomes:

• Clear Azure governance framework

• Standardized access management

• Modernized device compliance and monitoring

Sanoma — Post-Acquisition Cybersecurity Integration

Performed cybersecurity risk assessments for inherited infrastructure, tracked vulnerability remediation, delivered workshop training for application owners, and aligned integration efforts with ISO 27001 governance.

Outcomes:

• Improved security visibility

• Clear remediation responsibilities

• Unified integration approach

Howden Group — ISO 27001 Audit Readiness

Localized ISO 27001 controls and training for the Polish branch. Implemented Microsoft Defender and Tenable rollouts. Raised audit score from ~30% to 80%.

Outcome:

• Measurable audit maturity uplift with supporting evidence packs

Earlier Projects (Condensed) 

• UBS — IT Risk & Control

Infrastructure risk assessments, control mapping, regulatory readiness

• GAIN Capital — Identity & Threat Response

Led IAM-related remediation after Citrix NetScaler compromise

• EY — Incident Response & PKI Governance

NIST/ISO-aligned incident response plans, Venafi-based PKI governance

• Electrolux (Earlier Years)

Global IAM, ADFS, MFA, hybrid identity and Zero Trust authentication

• 2006–2013 (IBM, UPM-Kymmene, others)

AD, Citrix, VMware, PKI, VPN, GPO, access and endpoint security

• 1999–2006 — Founder of IT Consultancy

Delivered secure LANs, risk-aware design, remote access and support services