Skip to content
View vaculikjiri's full-sized avatar
2 followers · 14 following

Block or report vaculikjiri

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
vaculikjiri/README.md

Jiří V.

Microsoft cloud security architect at Trask MSSP. I work at the intersection of identity governance and IaC supply-chain integrity — PIM, Conditional Access, Workload Identity Federation, and no-secret pipeline patterns for Entra and Azure tenants in regulated environments.

What I write about

  • Privileged access design — PIM (roles / groups / Azure resources), Conditional Access auth contexts, JIT for Azure DevOps and GitHub
  • Secure delivery of governance — WIF, UAMI, no-PAT pipelines, three-domain Terraform with separation of duties
  • Tenant-write supply chain — who writes to Entra ID, how it's gated, audit posture
  • ALZ with a security lens — management-group hierarchy and policy assignment for security-first tenants
  • Edge cases and gotchas — MG-scoped WIF bootstrap, CA C2/C3 binding, PIM activation timing

Links

Pinned Loading

  1. maester-zta-demo maester-zta-demo Public

    HTML

  2. maester365/maester maester365/maester Public

    Maester is a test automation framework to help you stay in control of your Microsoft security configuration.

    HTML 904 247