Lav is a Specialist Director in KPMG’s Cyber Security Services practice. He is a seasoned professional, with over twelve years of experience encompassing leadership, product management, architecture, design, development, testing, integration and implementation of multi-tiered enterprise applications and products, with specialized expertise in Identity and Access Management (IAM). He has international experience working on Fortune 500 organizations in North America and APAC. Lav has previously worked both on the product side and the services side of Identity and Access Management Solutions providing him with a unique insight into the intricacies of vendor conduct and priorities. He has excellent communication skills, adaptability, enthusiasm and stewardship. Lav’s representative clients include small, medium and large organizations across financial services, life sciences, healthcare and entertainment industries.
Professional and industry experience
Lav has won two CIO awards for technology innovation and engineering excellence demonstrated while working on access management initiatives at a Fortune 500 financial firm over the course of five years. The methodology derived as part of one of these initiatives has been patented.
Areas of Expertise
- IAM Strategy and Roadmap
- Enterprise and Consumer Identity Management
- Identity as a Service
- Role Based and Attribute Based Access Control
- Enterprise Security Architecture
- Authentication & Web Access Management
- Fine Grained Authorization
- Virtual Directories & LDAP Directory Technologies
Identity and Access Management Implementations & assessments
- Managed and served as solution architect at a large contract research organization for rolling out a centralized entitlements service. Evangelized the service across different business units and executed several PoCs and implementations focusing on fine grained authorization.
- Led and served as security architect to conduct an assessment of a self-service IT request management portal and provided resolutions and recommendations to fix authentication & authorization issues, simplify the overall architecture and migrate from their existing system to the new platform.
- Worked as a senior architect at a large global financial services organization for access management implementations across their Investment Bank, Wealth Management, Corporate and Retail/Business Banking businesses.
- Served as security architect at a Hollywood based entertainment services firm for an access management implementation related to a customer facing portal.
- Served as a solution architect for Fine Grained Authorization at a large multinational bank to help develop the Data & Policy Model for their global securities transaction services applications
Identity and Access Management proof of concepts and pilots
- Led a Fine Grained Authorization POC for a large ratings company for their US & UK divisions with 17,000 users.
- Led POC and pilot of Self Service Access Request Portal at a Clinical Research organization with 10,000 users (US).
- Led POC and pilot of Fine Grained Data security on Big Data Warehouse software at a US based contract research organization with 10,000 users.
- Led POC and pilot of Fine Grained Authorization for Business Intelligence products at a US based Clinical Research organization with 17,000 users.
- Led a POC and pilot for dynamic authorization in a portal at an entertainment services payroll company with 200,000 end users.
- Led POC for Integrating Fine Grained Authorization in Web Access Management products.
Technical skills
Cyberinc Entitlements Server, Oracle Entitlements Server, XACML, Oracle Identity Federation, PingFederate, PingAccess, Quest SSO for Java, Quest Authentication Services, Quest Enterprise SSO, Oracle Identity Manager, Cisco Enterprise Policy Manager, Oracle Access Manager, Tivoli Access Manager, RSA Adaptive Authentication, SPML, Kerberos, GSS-API, SPNEGO, NTLM, Crypto API, PKI, SAML, SCIM, OAuth 2.0, OpenID Connect, Oracle Platform Security Services, Cryptomathic Crypto Service Gateway, GIGYA Identity Enterprise, Oracle IDCS, Apigee, Forgerock OpenAM, Microsoft Active Directory, Oracle Directory Server Enterprise Edition, PingDirectory, J2EE, XML, SOAP, REST, JSON