John Evans
John Evans is the Technical Operations Manager at Cedar, a health tech startup based in NYC, where he is responsible for corporate IT, business systems and cloud engineering. He’s spent most of his career in IT and security-adjacent work. As a former Apple Retail Lead Genius, he’s also passionate about user experience and building IT and security teams that help people do their best work. He enjoys working with complex IAM problems, DevOps teams and high-growth startups; and finding speed not just in automation but in bikes and sim racers, too.
Session
“Zero trust principles” increase the burden on IT teams to manage granular access.With this increase in complexity and overhead security problems follow: how long after an employee departure does it take for system access to be revoked? How much of this process is manual? When a person is promoted or changed roles, what new access should they gain automatically, what should they keep, and what must be revoked? For example: do new people managers automatically get special “manager” powers?
These problems are universal, and there’s no single tool that solves them. This talk walks through a two year case study of building employee AAA as a regulated company grows from one to several hundred employees: how we got started in the world of data driven access, what employee data we’ve sourced, how we’ve built automation with a mix of low-code and no-code approaches and where we’ve used capabilities native to our HRIS, identity provider, and other tools to automate onboarding and offboarding.