ALVARO

ARROYO

Identity & Access Management Specialist

Cartagena de Indias,

Colombia

Azure Entra ID • Okta • AWS • RBAC • MFA

Name: Alvaro Arroyo

Role: Bilingual IAM Engineer (3+ years of experience)

Location: Cartagena de Indias, CO

Skills

MFA Deployment

Active Directory

RBAC/ABAC/PBAC

Background:

Designed and deployed secure access frameworks for Azure Entra

ID, Okta, and AWS IAM environments, supporting 50-500 user

organizations.

Implemented SAML 2.0/OIDC integrations for SaaS apps

(BambooHR, Salesforce, Github), and custom applications,

reducing login friction by 70%.

Proficient in a variety of programming languages, including

JavaScript, Python, and Java.

About

SSO & Federation

Project 1: GitHub Enterprise SSO Integration

Project 2: Azure Entra ID ISO 27001 Compliance

Project 3: Pentesting Lab – Kali Linux & ISO 27035

Tech Stack

Okta https://github.com/alvaroarroyov/okta-

github-enterprise-sso

https://www.linkedin.com/feed/update/

urn:li:activity:7340759075074306048/

https://www.linkedin.com/feed/update/

urn:li:activity:7333583848221364225/

Azure

Linux

Developed a full-fledged e-commerce platform for an online

retailer. Integrated payment systems, user authentication, and

product management features.

Set up a secure cloud tenant with role-based access for Sales

users, conditional MFA policies, and executive-level alignment

with ISO 27001 standards.

Conducted a brute-force attack simulation on local networks

using Kali Linux. Captured Wi-Fi traffic with a TP-LINK adapter in

monitor mode, analyzed protocol strength, and processed .cap

files via Aircrack-ng and Wireshark for post-attack review under

ISO 27035 guidelines

Key Projects

While working with a fintech company based in California,

I helped resolve a critical security issue affecting over 200

developers. Their GitHub environment was vulnerable due

to weak credentials and the lack of centralized

authentication, which led to multiple unauthorized access

attempts.

Only used passwords: Password-

based access without additional

authentication factors made

accounts vulnerable to brute-force

and credential stuffing attacks.

No MFA enforcement: Developers

could access GitHub and other critical

tools without multi-factor

authentication, leaving sensitive

repos exposed to unauthorized logins.

Inconsistent permission assignment

(RBAC): Roles and access levels were

manually configured, leading to

permission drift and some users having

higher privileges than required.

Sample

Problem

Solution

First, I manually searched for the GitHub Enterprise

integration within the Okta platform, selecting the

cloud version with internal account support. I

configured the authentication method to use

SAML for the Service Provider (SP), which in this

case was GitHub Enterpise.

STEP 1: Okta SAML App

Configuration

I enabled SAML Single Sign-On (SSO) and configured

the core identity parameters. I specified the Sign-In

URL, the Issuer ID, and uploaded the X.509 public

certificate provided by Okta to authenticate the

assertion signature. This ensured GitHub would only

trust login attempts issued by Okta.

STEP 2: GitHub Enterprise

SSO Configuration

Before running the login testing flow, I double-

checked that the certificate was active and

correctly assigned to the SAML application in

Okta. I also verified that Multi-Factor

Authentication (MFA) was fully enforced for all

members of the Developers group.

STEP 3: SAML Certificate

and MFA After signing in through the login testing flow

using a Chrome extension, I verified the entire

SAML exchange. The extension confirmed that the

SAML assertion was successfully sent from Okta

and received by GitHub. I inspected the payload

to ensure it contained the correct user

attributessuch as name, email, and role.

STEP 4: SAML Assertion

Why SAML? Mainly for its security. Once the user successfully authenticates with the Identity Provider (IDP)—Okta—

the IDP sends a secure assertion to the SP containing user data such as name, role, and email, all structured in XML

format. GitHub then verifies the digital signature and grants access based on the attributes provided.

RESULTS

Dramatically reduced the risk of account compromise by 99.9% by replacing

weak, password-only access with mandatory Multi-Factor Authentication (MFA)

enforced by Okta.

Established Okta as a Single Source of Truth (SSoT) for identity, automating the

user lifecycle and cutting administrative overhead for the 200+ developer team by

over 90%.

By channeling all GitHub authentication requests through Okta, a centralized, rich audit

trail was created for each login attempt. This unified visibility allows for real-time event

correlation and anomaly detection. In the event of a security incident, the time to

detect, investigate and respond to a suspicious login is reduced by an estimated 75%

from hours or days of reviewing disparate logs to minutes within the Okta console,

dramatically strengthening the organization's overall security posture.

Problem

Solving

Approach

Understanding the Problem

Research & Ideation

Development & Testing

Documentation

Analyzing system requirements and identifying user pain points

through a visual flowchart in draw.io.

Conducting research and brainstorming solutions.

Every implementation must be tested under diverse conditions

to maximize solution efficiency and ensure client satisfaction.

All stages of the solution lifecycle will be fully documented using

Markdown for clarity and reproducibility.

Step 1 Step 2

I audit your current setup,

define the project execution

timeline (usually 24–48

hours), and deliver a

flowchart built in draw.io..

I deploy the proposed

solution and conduct a two-

hour testing session to

validate its stability and

identify potential

refinements.

Work

Process

Step 3

The final documentation will

be delivered, followed by a

three-day review period

during which you may

request revisions or a

refund.

As businesses accelerate toward AI-driven automation by 2030,

the demand for Identity and Access Management (IAM) services

is expected to surge in parallel. Why? Because behind every

automated workflow, API call, or ML inference is a system that

needs secure, permission-based access.

While AI tools optimize performance, they also increase

complexity—and without proper IAM controls, organizations risk

data leaks, insider threats, and compliance failures. In fact,

Gartner predicts that by 2029, 70% of AI automation breaches will

be linked to poor identity governance.

DID YOU

KNOW THIS?

2029 2030 2031 2032 2033

20000000

40000000

60000000

80000000

100000000

3-step guarantee

PLEASE NOTE

The client only pays 50% of the estimated price

AFTER Step 1, and the remaining 50% AFTER Step 3.

Standard Hourly Rate: $75/h

Emergency Rate (Urgent, after-hours): $110/h

PRICING

$349

Platform Configuration:

Okta/Azure/AWS MFA

enforcement (SMS,

Authenticator, FIDO2)

Policy Design: 2

custom Conditional

Access rules (e.g.,

"Require MFA for non-

trusted locations")

Break-Glass Setup: 2

emergency accounts

with hardware key

protection.

MFA FOUNDATION

PACKAGE

$599

User Analysis: 25-user

deep dive (privileged

accounts focus)

Permission Mapping:

Visual chart of role

assignments

→

attack

paths.

Gap Report: Top 3

critical risks (e.g., "Sales

group has BillingAdmin

access")

Remediation Plan:

Step-by-step RBAC

cleanup script

(PowerShell/CLI)

RBAC

HEALTH CHECK

$177.99

User Sync: 50 users

migrated via Azure AD

Connect/Okta Sync.

Group Strategy: OU

→

Cloud group mapping

(e.g., "Finance_OU

→

Azure Fin-Group")

SSO Enablement:

SAML/OIDC config for 1

app (e.g., GitHub,

Salesforce)

Runbook: Migration

checklist + rollback

procedure

MIGRATION

STARTER PACKAGE

Fast Turnaround – Under 3 Days :

Most projects are delivered in 72

hours or less, with documentation,

diagrams, and live testing included.

Urgent delivery (<24h) is available

with priority scheduling.

WHY ME?

PAYPAL WISE PAYONEER

Competitive Pricing, No Surprises:

I offer IAM consulting services at

accessible rates that scale to meet

the needs of both emerging

startups and established

enterprises — without inflated

agency costs.

Bilingual & Globally Aligned :

I deliver clear technical

documentation and seamless

communication for international

teams across regions and time zones.

PAYMENT

OPTIONS

Testimonials

Lars Peters

His attention to detail and

commitment to excellence set

them apart. Highly

recommended!

Founder, Rimberio

Aaron Loeb

We couldn’t have asked for a

better partner. Their strategic

approach was key to our

success.

COO, Rimberio

Adrie Nguyen

The project timeline was

impeccably executed, and the

insights provided were

invaluable.

CEO, Borcelle

Linkedin: https://www.linkedin.com/in/alvaro-arroyo-

vasquez-910227342/

Email: iam.alvaroarroyo@outlook.com

Github: https://github.com/alvaroarroyov

Let’s Connect