Security Engineer & backend engineer, moving into IAM Β· CUI'27 Β· Islamabad, Pakistan
I started out building backends in Go and Java, got into DevSecOps through container security and CI/CD pipelines, and ended up most interested in the identity layer β how systems decide who gets access to what, and how badly that goes wrong when it's misconfigured.
Now I'm working on Entra ID tenant security, SCIM provisioning, Keycloak federation, and SAP BTP. I write long-form posts on identity protocols at my blog and use GitHub to document what I'm learning.
IAM & Cloud Security β current focus
- Microsoft Entra ID, PIM, Conditional Access, Identity Governance
- Keycloak (OIDC/SAML), SCIM provisioning, OAuth 2.0
- Cloud posture assessment β Prowler, AZQr, Maester
- Terraform for Azure IAM, Microsoft Graph API (PowerShell)
DevSecOps β background I bring to IAM work
- Docker (multi-stage builds, container hardening), CI/CD with GitHub Actions & Jenkins
- Trivy for container scanning, Git security (commit signing, branch protection)
- Linux administration, WAF deployment (ModSecurity), Azure networking
Backend β where I come from
- Go (Gin, REST APIs, concurrency), Java (Spring Boot), Python
- PostgreSQL, MySQL, containerized deployments
| Repo | What it is | Stack |
|---|---|---|
| vulnerable-azure-lab | Intentionally misconfigured Azure infra β 12 real-world misconfigs across IAM, storage, networking & Key Vault. Practice target for Prowler & Defender for Cloud. | Terraform / HCL |
| LatentGuard | Dual-layer WAF with static rules + autoencoder anomaly detection + HDBSCAN clustering. | Python |
| keycloak-iam-labs | Hands-on lab guide for Keycloak β OIDC flows, SAML federation, SSO across multiple SPs. | β |
| sap-authorization-model | SAP role & profile misconfigs that lead to privilege escalation β attacker POV + defense. | β |
| django-todo-cicd | Django app deployed via Jenkins β full CI/CD pipeline with Docker. | Python / Jenkins |
| greenlight | RESTful JSON API for managing movies β full CRUD, pagination, concurrency control, multi-stage Docker. | Go / PostgreSQL |
| AzPolicyFactory | IaC for deploying Azure Policy resources via Bicep β compliance baselines at scale. | Bicep |
| awesome-iam | Everything to break into IAM β concepts, protocols, tools, certs, 52-week plan. | β |
Long-form posts on identity protocols and cloud security at blog.shaheerkj.me
- Understanding OAuth2.0 using Keycloak as an IdP β 24 min
- OpenID Connect (OIDC) β a comprehensive deep dive β 32 min
- PHS vs PTA vs ADFS β how enterprises actually authenticate β 12 min
- Exploring CSPM tools β Prowler, Checkov, Maester, AZQr β 8 min
- SC-300 β Microsoft Identity and Access Administrator Associate (Dec 2025)
- AZ-104 β Microsoft Azure Administrator Associate (Mar 2026)
- CC β ISC2 Certified in Cybersecurity (Jun 2025)