Three things I care about deeply
My work sits at the intersection of technical systems, institutional trust, and the humans who make both worth building.
Identity Architecture
Designing and operating the systems that determine who can do what, and why. At UVA, that means IAM infrastructure serving tens of thousands of students, faculty, and staff — where reliability and security aren't trade-offs, they're the same thing.
Engineering Leadership
Leading teams that build systems meant to last. That means investing in observability, treating operations as engineering, and creating conditions where people can do their best work — not just delivering features.
Creative & Technical Arts
Sound design, lighting design, and engineering with Four County Players, plus mentoring young technicians through UVA's Teen Arts Program. Technology and theater both require the same thing: precise coordination of complex systems in service of a human experience.
ARMS & SARM
A community proposal for the higher-ed identity world — closing the standards gap that SCIM didn't reach.
The observation: SCIM standardized the edges of the identity lifecycle — provisioning and deprovisioning — but the governance middle has no shared standard. Attestation and recertification (managers certifying reports' access, group owners validating members, list owners confirming a list is still needed) shows up as a feature in many tools, but as the focus of none. Every institution rebuilds it from scratch.
SARM — System for Attestation & Recertification Management — is a draft interoperability specification, modeled on SCIM's approach. ARMS is the open-source reference implementation that demonstrates it, including a protocol inspector that lets any institution wire up their own data source and validate it against the spec.
I'm originator and co-author, driving the concept, spec draft, community engagement, and the reference tooling. Presented at InCommon BaseCamp 2026 with strong turnout; it has since picked up cross-institutional collaborators.
More on ARMS & SARM →Selected projects
A sample of the systems and initiatives I've led or contributed to at UVA and beyond.
NetBadge Modernization
Modernizing UVA's primary authentication platform — improving reliability, scalability, and user experience for a system that authenticates every login across the university.
Details →Observability — Built, Then Migrated
First stood up Graylog and TICK on the UVACollab Docker Swarm in 2016 — no enterprise service existed yet. Carried the pattern into Identity when I moved over. As UVA's enterprise capabilities matured, led the migration to Splunk and LogicMonitor.
Details →PAM Expansion
Expanding privileged access management controls across the identity portfolio — reducing risk surface and creating auditable, governed access patterns for sensitive systems.
Details →The arc so far
Systems Administration & Web Development
Started in the machine room, building the foundational instincts around infrastructure, operations, and what it means to keep systems reliably running for people who depend on them. Eventually moved into management of the systems and web development function.
UVACollab — Engineer to Director
Joined UVA on UVACollab and re-architected the platform's infrastructure: a 12-node Docker Swarm across two data centers on bare metal that ran in production from 2016 until retirement, never crashing under its own weight. Also did substantial code work in the Sakai codebase that powered UVACollab — most notably a complete rewrite of its search subsystem with a custom Elasticsearch plugin. Grew through engineering, management, and director roles, and eventually helped guide UVACollab through its multi-year retirement.
Manager → Assistant Director, Identity Solutions
Moved into the identity portfolio as Manager — NetBadge modernization, identity governance, and carrying the proven UVACollab infrastructure pattern over to IAM (this time Docker Swarm on VMs, plus a second pass of Graylog/TICK until enterprise services arrived, at which point I led the migration to Splunk and LogicMonitor). When the director role opened up, a colleague and I held it together for ~18 months while the search ran. The title change to Assistant Director came afterward — catching up to the role I'd already grown into.
The rest of who I am
Technology is what I do, but not all of who I am. These parts of life keep me grounded, curious, and better at my work.
Theater
Sound designer, engineer, and lighting designer with Four County Players. Theater taught me that reliable technical work is what lets the art happen.
- Sound design & live mixing (most credits)
- Lighting design & lead electrician on select productions
- Mentoring young technicians through TAP & youth productions
- Recent: Sweeney Todd, The Game's Afoot, SpongeBob, The Prom
Amateur Radio
Licensed amateur radio operator. Ham radio appeals to the same instincts as systems work: understanding signals, building reliable communication paths, and staying connected to a broader community of makers and experimenters.
- Call sign: KK4LHO
- HF and local operations
- Emergency communications interest
- Home lab experimentation
Say hello
I'm always happy to talk IAM, theater tech, radio, or the shape of good systems.