Skip to content
View billycarrie's full-sized avatar

Block or report billycarrie

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
billycarrie/README.md

Typing SVG

     

Who I Am

I'm Billy Carrie, a Founding M&A Security Engineer focused on building and enhancing cybersecurity programs across 10+ acquired organizations in the Retail and Ecommerce industry. When you're securing a portfolio of companies with varying identity maturities, you learn fast that identity is the perimeter.

My work spans IAM, AI Security, Zero Trust architecture, Azure and multi-cloud security, and the risk and compliance frameworks that give our identity program a strong foundation to build on.

Core Competencies

Microsoft Entra ID

  • Conditional Access policy design & lifecycle
  • Privileged Identity Management (PIM) — role architecture, activation workflows, access reviews
  • External Identities / B2B guest lifecycle
  • SSPR, hybrid identity (AD Connect / Cloud Sync)

Non-Human Identity (NHI)

  • Service principal lifecycle management (creation → rotation → decommission)
  • Workload Identity Federation — keyless auth for CI/CD pipelines
  • Secret & certificate expiry governance
  • Orphaned application detection and remediation

IAM Program Design

  • Joiner / Mover / Leaver (JML) process architecture
  • RBAC design — least privilege, role mining, entitlement reviews
  • Identity Governance & Administration (IGA) — access request, certification, SOD
  • KPIs, metrics, and executive reporting frameworks

AI Security

  • RAG pipeline security scanners that detect and redact PII and block prompt injection
  • OWASP LLM Top 10 application of controls in enterprise AI pipelines
  • Copilot and LLM governance — managing AI workload identities and consent in enterprise environments
  • Automated access intelligence — using AI-driven insights to inform access reviews and entitlement decisions
  • Responsible AI security — applying zero trust principles to retrieval layers

Certifications

Certification Issuer Focus
A/AISF — AI Security Foundation AKYLADE AI security principles, risk, and governance
SC-900 — Security, Compliance & Identity Fundamentals Microsoft Security, compliance, and identity concepts across Microsoft cloud
AI-900 — Azure AI Fundamentals Microsoft AI workloads, responsible AI, Azure AI services
(ISC)² CC — Certified in Cybersecurity (ISC)² Security principles, access controls, network & operations security

Connect

billycarrie94@gmail.com

Pinned Loading

  1. nhi-lifecycle-mgmt nhi-lifecycle-mgmt Public

    Non-Human Identity governance framework — Entra ID sandbox · Service Principals · Workload Federation · AI Agent Identity

    2