// IAM & Systems Engineer

Tony Kha Tang

IAM & Systems Engineer with 4+ years architecting secure identity fabrics for high-growth environments. Specialized in Okta, M&A identity integration, and automating lifecycle management for 700+ users across North & South America.

tony@khatang: ~

⌨ type a command

~$ ↵ enter

▶ or click a command

01 — About

Identity as infrastructure.
Security without friction.

What I Do

I architect secure identity fabrics and automate the systems that keep companies running — from IAM strategy and MDM migrations to M&A integrations and SOC 2 compliance. I bridge the gap between security and operational efficiency.

What I'm Looking For

A senior or lead IAM/IT engineering role with real ownership — shaping identity architecture, leading automation strategy, and building the infrastructure layer at a company that's scaling fast.

My Approach

Automate the toil, document everything, design for scale. I bias toward RBAC over ad-hoc access, SCIM/API over manual provisioning, and outcomes over activity.

Currently Exploring

Zero Trust architecture, advanced Okta Workflows, cross-platform MDM unification, and using AI tooling to cut mean-time-to-resolution across IT operations.

02 — Impact

Results, not responsibilities.

700+

Users with automated lifecycle management across North & South America

600+

Employees onboarded as company scaled from 50 — identity foundation built from the ground up

400+

macOS/iOS devices migrated from JumpCloud to Kandji via Apple Business Manager with zero data loss

Major M&A acquisitions executed with zero downtime — 400+ users transitioned per integration

Downtime during M&A identity migrations — meticulously mapped attributes and directory syncing

SOC 2

Compliance enabled through SAML, OIDC, and RBAC strategies bridging security and operational efficiency

03 — Systems

The stack I own.

🔐

Okta

IAM / Workflows / SSO

🔑

1Password

Enterprise Password Mgmt

🍎

Kandji

MDM / Apple Fleet

📱

Apple Business Mgr

Device Enrollment

☁️

Google Workspace

Collaboration / Directory

🏢

Microsoft 365

Collaboration / Identity

🔗

SCIM / SAML / OIDC

Identity Protocols

👥

RBAC

Access Control

🔄

HRIS Integration

Lifecycle Automation

🛡️

Zero Trust

Security Architecture

📲

Slack / Zoom

SaaS App Management

☁️

JumpCloud

Directory / MDM

04 — Experience

Where I've built.

07/2022 — Present

IT Systems Engineer

Lovelytics · Arlington, VA

Architected the identity foundation for scaling from 50 to 600 employees — built end-to-end Lifecycle Management using Okta Workflows, integrating HRIS with Slack, Zoom, and Google Workspace via SCIM and API
Executed IAM strategy for two major company acquisitions, migrating external tenants (Google/O365) and device fleets into the central ecosystem with zero downtime for 400+ users
Manually transitioned 400+ macOS/iOS devices from JumpCloud to Kandji via Apple Business Manager, recreating all device profiles and MDM policies for centralized fleet management
Led enterprise deployment of 1Password to 600+ distributed team members across North & South America — configured Okta integration for automated provisioning and enforced RBAC policies for vault access

Okta Workflows SCIM/SAML/OIDC Kandji 1Password Apple Business Manager Google Workspace RBAC M&A Integration

01/2022 — 07/2022

IT Operations Specialist

Carahsoft · Reston, VA

Served as Team Lead, delivering prompt solutions and proactive troubleshooting for complex infrastructure issues
Documented all supported systems and applications to effectively train new and existing team members
Identified improvement areas through systematic review of company systems to consistently enhance business efficiency
Managed data mapping and directory integration projects to facilitate smoother client onboarding and data migration

Team Lead Directory Integration Data Mapping ITSM

01/2018 — 07/2022

B.E. Information Technology

George Mason University · Cybersecurity Engineering · GPA 3.5

Specialization in Cybersecurity Engineering. Graduated with distinction.

Security+ Jamf Certified Associate

05 — Projects

Selected case studies.

01 / M&A Identity

Zero-Downtime Acquisition Migrations

Problem: Two company acquisitions required migrating external Google and O365 tenants plus device fleets into the central ecosystem — while the business kept running.

Approach: Meticulously mapped identity attributes across directories, staged directory syncing, and phased the device fleet transitions to eliminate single points of failure.

Zero downtime. 400+ users transitioned per acquisition.

02 / Lifecycle Automation

Identity Foundation: 50 → 600 Employees

Problem: Company scaling rapidly with no automated provisioning — every hire and departure required manual intervention across multiple systems.

Approach: Architected end-to-end LCM using Okta Workflows triggered from HRIS. Integrated Slack, Zoom, and Google Workspace via SCIM and API for automated provisioning and deprovisioning.

700+ users under automated lifecycle management.

03 / MDM Migration

JumpCloud → Kandji Fleet Migration

Problem: 400+ macOS/iOS devices managed in JumpCloud needed migration to Kandji for centralized Apple fleet management — without disrupting distributed remote workers.

Approach: Enrolled devices via Apple Business Manager, recreated all device profiles and MDM policies in Kandji, and executed a phased rollout by department.

400+ devices migrated. Zero data loss. Centralized Apple fleet management achieved.

04 / Enterprise Security

1Password Enterprise Rollout

Problem: 600+ distributed team members across North & South America with no standardized password management — a significant security exposure and compliance gap.

Approach: Led full enterprise deployment of 1Password, configured Okta integration for automated provisioning, and enforced RBAC policies to govern vault access by role and team.

100% coverage across 600+ users. Automated provisioning via Okta. RBAC-enforced vault access.

06 — Contact

Let's build something worth owning.

Open to senior IAM, IT engineering, or infrastructure leadership roles. Based in DC — willing to relocate.

[email protected] linkedin.com/in/kttony 703-937-7780 Resume PDF