Skip to content
View billycarrie's full-sized avatar

Block or report billycarrie

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
billycarrie/README.md

Typing SVG

     

Who I Am

I'm Billy Carrie, a Founding M&A Security Engineer focused on building and enhancing cybersecurity programs across 10+ acquired organizations in the Retail and Ecommerce industry. When you're securing a portfolio of companies with varying identity maturities, you learn fast that identity is the perimeter.

My work spans IAM, Zero Trust architecture, Azure and multi-cloud security, and the risk and compliance frameworks that give our identity program a strong foundation to build on.

Core Competencies

Microsoft Entra ID

  • Conditional Access policy design & lifecycle
  • Privileged Identity Management (PIM) — role architecture, activation workflows, access reviews
  • External Identities / B2B guest lifecycle
  • SSPR, hybrid identity (AD Connect / Cloud Sync)

Non-Human Identity (NHI)

  • Service principal lifecycle management (creation → rotation → decommission)
  • Workload Identity Federation — keyless auth for CI/CD pipelines
  • Secret & certificate expiry governance
  • Orphaned application detection and remediation

IAM Program Design

  • Joiner / Mover / Leaver (JML) process architecture
  • RBAC design — least privilege, role mining, entitlement reviews
  • Identity Governance & Administration (IGA) — access request, certification, SOD
  • KPIs, metrics, and executive reporting frameworks

AI in IAM

  • Copilot & LLM governance — managing AI workload identities, OAuth scopes, and consent in enterprise environments
  • Automated access intelligence — using AI-driven insights to inform access reviews and entitlement decisions
  • Responsible AI security — applying AI security foundations (A/AISF) to identity pipeline risk and data access governance

What Separates Good IAM from Great IAM

Most organizations have identity tools. Few have identity programs.

The difference comes down to three things I focus on in every engagement:

1. Governance before automation — Automating a broken process creates automated chaos. I design the policy and ownership model first, then automate it.

2. Non-human identity parity — Service accounts, service principals, and managed identities carry the same risk as human accounts but receive a fraction of the governance attention. Closing that gap is often where the biggest risk reduction lives.

3. Metrics that move conversations — IAM teams that speak in technical terms stay technical. I build reporting frameworks that translate identity posture into business risk — which is how you get budget, headcount, and executive support.

Certifications

Certification Issuer Focus
A/AISF — AI Security Foundation AKYLADE AI security principles, risk, and governance
SC-900 — Security, Compliance & Identity Fundamentals Microsoft Security, compliance, and identity concepts across Microsoft cloud
AI-900 — Azure AI Fundamentals Microsoft AI workloads, responsible AI, Azure AI services
(ISC)² CC — Certified in Cybersecurity (ISC)² Security principles, access controls, network & operations security

Connect

billycarrie94@gmail.com

Pinned Loading

  1. nhi-lifecycle-mgmt nhi-lifecycle-mgmt Public

    Non-Human Identity governance framework — Entra ID sandbox · Service Principals · Workload Federation · AI Agent Identity

    1