Identity & Cloud Security

Shaheer
Khalid.

Final-year Cybersecurity student focused on Identity & Access Management. I audit cloud environments, configure identity systems, and document what breaks — and why it breaks.

View Work GitHub LinkedIn
3+
IAM platforms hands-on
7
Lab projects documented
SC-200
Cert in progress
01

Projects

Azure Entra ID · Graph API
Entra ID IAM Auditor
Queries an Entra ID tenant via Microsoft Graph API and PowerShell. Flags accounts missing MFA, identifies stale users, and surfaces over-privileged role assignments. Outputs a structured JSON + HTML report.
PowerShell Graph API Entra ID RBAC
AWS IAM · Python
IAM Privilege Escalation Mapper
Takes an IAM policy JSON as input. Cross-references it against known escalation paths and outputs which privilege escalation chains are achievable from that permission set — with CloudTrail detection rules for each.
Python AWS IAM CloudTrail Least Privilege
Keycloak · OIDC · SAML
SSO Federation Lab
Deployed Keycloak as an OIDC/SAML Identity Provider. Configured SSO federation across three service providers. Documented the full trust relationship model — token issuance, assertion validation, and what breaks if misconfigured.
Keycloak SAML 2.0 OIDC Docker
Prowler · AZQr · CIS Benchmark
Azure Cloud Posture Assessment
Ran Prowler and AZQr against a live Azure environment. Triaged findings by severity, mapped each to the CIS Azure Benchmark, and produced a remediation report — the kind of output you'd hand to a client.
Prowler AZQr CIS Azure CSPM
Terraform · Azure
Secure IAM Modules (Terraform)
Reusable Terraform modules for Azure IAM — Conditional Access policies, PIM role assignments, and least-privilege RBAC definitions. Treats identity configuration as code with version control and peer review baked in.
Terraform Azure RBAC PIM IaC
02

Writeups

IAM Mar 2026
How Permanent Global Admin Assignments Create Uncontrolled Blast Radius
What PIM actually prevents, and why "it's easier without it" is the most common IAM mistake in small tenants.
Cloud Security Mar 2026
Tracing an AWS Privilege Escalation Path: From Developer to Admin
How iam:PassRole + ec2:RunInstances becomes full account takeover — and the CloudTrail queries that catch it.
Identity Protocols Feb 2026
SAML vs OIDC: Not Just a Format Difference
The architectural decisions behind choosing one over the other — and what each implies about your trust model.
OAuth 2.0 Feb 2026
OAuth Apps Are Persistent Identities — Audit Them Like One
Third-party OAuth tokens survive password resets. Most orgs have no idea what they've authorized.
All Writeups →
03

Skills

Identity & Access
Privileged Identity Management just-in-time
Conditional Access policy design
Identity Lifecycle & SCIM provisioning
SSO Federation SAML / OIDC
OAuth 2.0 Governance scope auditing
Cloud Security
Azure Security Posture Defender, AZQr
AWS IAM Policy Analysis least privilege
CSPM Assessments Prowler, CIS
Infrastructure as Code Terraform
Zero Trust Architecture design principles
Detection & Monitoring
Microsoft Sentinel KQL, analytics rules
Entra ID Sign-in Logs threat analysis
CloudTrail Analysis AWS audit
Identity Threat Detection Defender for Identity
Engineering
PowerShell Automation Graph API
Python Scripting security tooling
Azure Network Architecture VNet, NSG, WAF
API Security Testing Burp Suite, IDOR
04

Contact

Open to remote IAM and Cloud Security roles. Also available for freelance IAM audits, Entra ID configuration, and cloud posture assessments.

Send Email
Email
shaheerkhalid963@gmail.com
LinkedIn
linkedin.com/in/shaheerkj
GitHub
github.com/shaheerkj
Blog
blog.shaheerkj.me
Available for remote roles & freelance work