All Projects

Cybersecurity Projects

Security has been the throughline of most of my career, from rolling out Kaspersky encryption across sixteen sites in my first IT job, DUO 2FA and Intune-managed Apple MDM in earlier roles, to the audit cycles, identity rebuilds, and shadow AI hunting I do now. A small TLDR:

  • ISO 27001:2022 transition. Took an organisation through the migration from the 2013 standard to the 2022 controls, rewriting policies and procedures to match. Zero non-conformities at audit.


  • Cyber Essentials & Cyber Essentials Plus. Multiple organisations through certification end-to-end, including external audits and penetration testing. The rhythm becomes: find every gap, close every gap, then prove you closed it.


  • Identity & device compliance. Intune, Autopilot and Entra ID rollouts going back several years and several roles. The bit I enjoy most is when zero-touch provisioning genuinely is zero-touch. Laptop arrives, user signs in, posture and identity are enforced before they've finished their first coffee.


  • macOS at scale with JAMF. Standardised Mac fleets with JAMF Pro and Connect, baselines aligned to CIS. Apple MDM has been a recurring theme, first via Intune integration in earlier roles, then as full enterprise JAMF more recently.


  • Network & perimeter hardening. SonicWall and Cisco configurations brought in line with CIS, with the patching cadence and monitoring to back it up. Boring done well.


  • Shadow AI detection. Implemented a process for capturing unsanctioned AI tool usage across the org by pulling signal from SentinelOne (DNS-based detection), Entra ID (OAuth grants and service principals), Exchange (work-email signups), Intune, and JAMF. Surfaces who's using which AI tools without IT knowing, aligned to OWASP Agentic AI Top 10. The detection itself runs through a Python tool I wrote called ai-guard, which lives under Personal Projects.


  • AI governance. The newest one. Figuring out how to roll out Copilot, Claude, and Codex inside an organisation without it becoming a free-for-all or a blanket ban. Less "shipped a thing", more "wrote a lot of policy and did a lot of patient explaining."

Aman Karir

IT & Cybersecurity

Aman Karir

IT & Cybersecurity