I am an independent IAM and application security consultant based in Stroud, UK. Previously I was the security architect and technical co-lead for ForgeRock’s flagship OpenAM access management product, and I have extensive knowledge of all aspects of that product. I am the architect of OpenAM’s highly scalable stateless session logout facilities, which are unmatched in any product on the market today. My background as an experienced software engineer with a PhD in Computer Science provides a solid grounding in designing and building scalable, performant and secure software systems.
I am available for identity and application security consultancy work within the UK (South West, London or remote):
- Architectural review of access management and OpenAM.
- Technical “deep dives” on all aspects of OAuth 2, OpenID Connect, UMA, SAML 2 federation, stateless sessions, authentication, authorisation, audit, and Web and Java EE Agents.
- Performance tuning and scalability advice and guidance.
- Development of bespoke OpenAM authentication modules, policy conditions and custom integrations.
- Application security and cryptography training, such as best use of JSON Web Tokens, securing RESTful web services and microservices, or correctly implementing complex cryptographic protocols.
Contact me at email@example.com to discuss your requirements.