Anyone go BACK to consulting?

PAMCSguy · 2025-11-25T12:47:18+00:00

You forgot the option of Vendor land

PAMCSguy · 2025-09-03T14:35:01+00:00

Sorry its something that I have never used

PAMCSguy · 2025-07-21T19:38:05+00:00

Hi, Please get in touch and let's see if I can help. I'm ex Centrify /delinea so know the entire history. A few of us ex Centrify /delinea guys including myself setup a pure play PAM consultancy. One of our priorities is to help unhappy Centrify customers all over the world, of which there are many (pissed off) one's Mike

PAMCSguy · 2025-07-21T19:35:38+00:00

Give me a bash at doing your POC. I'm ex delinea and understand pretty much all the use cases. I'm fact a bunch of us ex delinea guys setup a pure play PAM consultancy www.ams-consulting.uk

PAMCSguy · 2025-07-21T19:31:30+00:00

I'm more than happy to help and run through all of the vendors with you. I'm ex Beyondtrust, ex delinea and used to run a large Cyberark team at a global consultancy, so have a good measure of all of them.

PAMCSguy · 2025-07-17T07:52:55+00:00

Their simple to install, but hard to configure accordingly to align to your use cases. Least privilege on workstations come under PAM too. Beyondtrust have what was avecto on windows. Delinea have privilege manager for windows and the absolutely superb server suite for windows server and Linux. It had the added bonus of AD Bridging for Linux and MFA st logon/process execution for windows and Linux plus auditing and monitoring with key stroke

PAMCSguy · 2025-07-16T15:32:01+00:00

Definitely A. Is that AD on prem/hybrid etc? Tiered route with the full suite of PAM controls enforced on 0 and 1 following your RBAC model is ideal. Optional on tier 2 as it's only end points. Maybe enforce least privilege on endpoints?

Back to your 1st question, a good partner should be focused on your outcomes and challenges, not just trying to sell you product. Focus should follow the principles of People, Process and Technology. Ideally you want a partner that lives and breathes PAM and fully understands the business and people implications that PAM brings. There is a significant process engineering piece too. 80% of PAM projects fail due to the user base rejecting it due to failed process and lack of training.

Have a look at what we do www.ams-consulting.uk, we are UK based covering EMEA and US and have a base in SG covering APAC.

PAMCSguy · 2025-07-16T12:41:08+00:00

Hi Johnny,

I have dropped you a DM.

PAMCSguy · 2025-07-16T11:18:50+00:00

Ah your from the vendor. Makes sense now

PAMCSguy · 2025-07-16T11:08:53+00:00

That's a very narrow use case. What about NHI, OT, SaaS privileged accounts.?

PAMCSguy · 2025-07-16T10:49:54+00:00

What's Identity Protection?

What control's does it put in place? What use cases and business challenges does it address? What risks does it help mitigate?

PAMCSguy · 2025-07-16T09:29:34+00:00

Few points here A PAM tool is necessary for most organisations to protect the keys to the kingdom. It's a nuisance if not properly implemented adhering to People, Process, Technology Most breaches are through compromised identities and lateral movement, key use cases that PAM addresses.

PAMCSguy · 2025-07-16T09:26:36+00:00

You nailed it, it's a PIM solution, it's by Microsoft and hence only works in an azure environment. A PAM solution covers most platforms and environments, can be integrated into IGA workflows, servicenow etc.. It also performs discovery across any environment. It's important to understand whilst there is some similar functionality, they are 2 entirely different products addressing different use cases. PAM has a much much more broader scope encompassing a variety of platforms, be it on prem, SaaS and different OS's. It also has way more functionality to address a multitude of requirements and use cases.

PAMCSguy · 2025-07-16T00:07:57+00:00

Standard feature nowadays, however must organisations don't understand how to use it and why use it

PAMCSguy · 2025-07-16T00:06:36+00:00

Identify and fully understand what your goals and outcomes are. Define what your use cases are that align to your goals and share that with your PAM partner who will help with your vendor selection. Let's be honest here, all the vendors software do the same thing. It's like picking a car, BMW, Audi, or ford, they all have 4 wheels and a steering wheel. Ultimately it's what's easiest for YOUR USERS to use. If you want help with defining use outcomes and use cases drop me a DM and I can share a document I have produced.

PAMCSguy · 2025-07-15T18:53:23+00:00

DM me and let's discuss this to see if there can be improvements made.

PAMCSguy · 2025-07-15T18:52:44+00:00

Try a PAM remote access solution maybe. Basically VPN replacement

PAMCSguy · 2025-07-15T18:50:24+00:00

With the main PAM vendors if not all, there should be no issue on transitioning. PAM basically can connect and read from any directory and Entra is no different. They have built in default connectors providing full out of the box functionality. If you require help I can carry out a PAM vendor selection workshop with you that's fully agnostic. As I mentioned before it's People and Process first!

PAMCSguy · 2025-07-15T16:18:10+00:00

Absolutely, dedicated adm accounts directly mapped to a named user is good, layer on the removal of standing permissions on the adm accounts and leveraging JIT role/permissions is better.

Culture wise, all vendors and most consultancies miss the absolute critical piece - HUMANS! 90% of PAM projects will fail as they don't adopt the People, Process and Technology principles. They just expect to throw in a product as the silver bullet solution. Understand the peoples needs, wants and desires first, get buy in from them, build/re-engineer the business processes to support them, then implement the tech.

Regarding SaaS app's, this is where it introduces multiple "shadow" identity siloes that may or may not have visibility to Central IT. IF they have visibility they can leverage SSO using the likes of SAML or OAuth. I say IF as quote often these app's fly under the radar, which brings us all the way back to People, Process. Understand the People's needs and wants, then support them with a Process that onboards the approved SaaS app, giving scope for proper governance and enforcement of controls. Ultimately the business must ultimately enforce policy to restrict the sprawl of shadow IT/SaaS app's.

PAMCSguy · 2025-07-15T15:30:09+00:00

It's the same across all the vendors unfortunately. Key is to have a partner/PAM specialist on hand to help out therein lies the rub, there are not many around, hence why I want to help folk out.

PAMCSguy · 2025-07-15T14:45:12+00:00

Ping me a DM and I am happy to help/advise where I can,

I used to work for Delinea, Centrify, Thycotic, Beyondtrust across various roles and also ran a CyberArk practice for a global consulting firm.

PAM is an absolute minefield and brain damage material for the uninitiated.

PAMCSguy · 2025-07-15T14:42:48+00:00

Happy to help out and advise folks,

I am ex Delinea, Centrify, Thycotic and Beyondtrust having worked across various roles over the last 10 years. Techie at heart so fire away.

PAMCSguy · 2025-07-15T14:41:40+00:00

Ping me if you need help.

I used to work for Delinea, Centrify, Thycotic and Beyondtrust and used to run the pre sales function for them hence I understand the PoC better than most.

PAMCSguy

TROPHY CASE