Identity Security — Practice & Research Email LinkedIn GitHub

I secure identities.
Human, workload, and AI agents.

Twenty years in enterprise IT: desktop support, then systems, then infrastructure, mostly in manufacturing and rail environments. A lot of that work was identity before I used the word. Provisioning, access troubleshooting, group policy, MFA support, credential lifecycle.

In 2026 I committed to identity security as a discipline rather than a side of the job. The certifications, the labs, and the market research on this page are that commitment, written down with dates so I can be held to them.

80:1
non-human identities per human identity in a typical enterprise
82%
of organizations already run AI agents
44%
have policies capable of securing them

SOURCES: INDUSTRY RESEARCH 2025–2026 (KPMG; SAILPOINT). THE GAP BETWEEN THE LAST TWO NUMBERS IS WHERE I WORK.

02

Certification Track

A deliberate sequence, in progress. Cloud architecture first, then the identity platform this market actually runs, then security breadth, then the governance credential for the AI-identity intersection. Dates are commitments, not aspirations.

Exam · Jul 2026

AWS Solutions Architect – Associate

The cloud substrate. Architecture, networking, and the IAM foundations everything else builds on.

Exam · Oct 2026

Microsoft SC-300 — Identity & Access Administrator

Entra ID, Conditional Access, PIM, identity governance, and workload identities. Built hands-on in a live tenant.

Winter 2026–27

CompTIA Security+

Security breadth and DoD 8140 alignment for federal and defense-adjacent environments.

Target · Mid-2027

IAPP AIGP — AI Governance Professional

The governance credential for the AI-identity intersection. Pursued in-role, once the identity practice is running on real workloads.

03

Work Index

Live work first, then the identity security roadmap. Each item is scoped, sequenced against the certification track, and ships with documentation.

P-01

AWS Enterprise Architecture

Multi-account enterprise AWS implementation across 13 documented labs: organization strategy, SCPs and IAM design, global networking, cost governance, and production-ready infrastructure.

Live
P-02

Serverless API

Serverless web application on AWS Lambda, API Gateway, DynamoDB, Cognito, and Amplify with GitHub CI/CD. Identity-aware by design: Cognito user pools gate every API call.

Live
P-03

Workload Identity Federation — OIDC + SPIFFE

Passwordless CI/CD: GitHub Actions assuming AWS IAM roles through OIDC federation. No static keys, no stored secrets, short-lived credentials only. Includes a SPIFFE/SPIRE demonstration of the vendor-neutral workload identity standard.

In devJul–Aug 2026
P-04

MCP Servers as Non-Human Identities

Security analysis of Model Context Protocol servers as an ungoverned identity surface: token audience validation, over-permissioned access, credential aggregation, and the IAM-side mitigations.

PlannedQ3 2026
P-05

Entra ID Lab Series

Hands-on identity platform work in a live tenant: Conditional Access policy design, Privileged Identity Management, entitlement management and access reviews, and Entra Workload ID.

PlannedAug–Oct 2026
P-06

NHI Vendor Landscape & NIST AI RMF Mapping

A practitioner's map of the non-human identity tooling market and how the emerging AI governance frameworks translate into concrete identity controls.

PlannedQ3–Q4 2026
P-07

Excessive Agency Threat Model — OWASP LLM06

Threat model for the OWASP LLM category where identity controls are the primary mitigation. Agent identity design, least privilege, human-in-the-loop gates, and real incident case studies.

PlannedQ4 2026
P-08

PowerShell / Graph IAM Automation Library

Working automation for the identity day job: lifecycle scripts, stale account detection, access review reporting, and Conditional Access policy auditing via Microsoft Graph.

PlannedQ4 2026
P-09

SailPoint Identity Lifecycle Lab

Full joiner-mover-leaver lifecycle in SailPoint: application onboarding, provisioning logic, and access certification campaigns, documented end to end.

PlannedQ4 2026
P-10

Microsoft × SailPoint NHI Governance Architecture

The flagship: a cross-vendor reference architecture governing non-human identities end to end. Entra Workload ID as the control plane, SailPoint as the governance layer, vault-held short-lived secrets as enforcement.

PlannedQ4 26–Q1 27
04

Research

Measuring the market I work in, month over month.

Since June 2026 I have maintained a monthly open-source measurement of identity security hiring demand in the Kansas City market: which capabilities employers ask for, how long identity roles stay open, and how fast AI-agent adoption language is outrunning the identity governance vocabulary needed to secure it.

The methodology is frozen for comparability, the observations are archived with provenance, and the findings inform everything on this page, including which projects ship and in what order.

THE MONITOR PUBLISHES HERE · OCTOBER 2026

05

Contact

If you are hiring for identity work in Kansas City, or building at the NHI and AI governance intersection anywhere, I would like to hear about it.

© 2026 JARED PETERSON · KANSAS CITY, MO
DESIGNED AND BUILT AS PART OF THE SAME PROGRAM IT DESCRIBES.