Proactive Blue Ltd.

Thibaut Tauveron · Cloud Control, IAM & Access Governance for Regulated Teams

I help regulated and security-sensitive teams regain control of cloud platforms, privileged access and IAM before audit pressure, platform drift and unclear ownership become bigger problems.

Pragmatic remediation for teams that need execution, not slideware.

CISSP OSCP FINMA-regulated banking experience Zurich, Switzerland

Discuss your situation → View engagement options

When teams typically bring me in

Audit questions are getting harder to answer because cloud access and infrastructure changes are no longer easy to trace.
IAM / RBAC has grown organically and no longer provides clear ownership, defensible least privilege, or clean privileged access flows.
Internal services, admin paths, or support workflows are more exposed than they should be.
Terraform, Kubernetes, or platform workflows no longer provide a clean control model and teams need an implementation-ready remediation plan.

Selected outcomes

Replaced standing privileged access with a JIT model

Designed and implemented a just-in-time access model across web applications, Kubernetes, and databases to improve traceability, auditability, and access control.

Rebuilt IAM / RBAC controls in a FINMA-regulated environment

Redesigned cloud access controls and governance in a Swiss digital bank to strengthen least privilege, accountability, and audit defensibility.

Delivered six-figure annual infrastructure savings without weakening controls.

Improved cost efficiency without weakening controls

Engagement options

Focused engagements designed to clarify problems quickly and move into practical remediation.

Cloud & IAM Risk Diagnostic

1–2 weeks

For teams that need a clear view of access risk, audit exposure, and remediation priorities.

Focused review of cloud architecture, IAM model, and privileged access paths
Assessment of exposure, control gaps, and auditability weaknesses
Prioritized remediation roadmap with practical next steps

Deliverables: findings summary, priority risks, and a concise remediation roadmap.

Can extend into remediation support or a more focused implementation sprint.

Privileged Access & IAM Remediation Sprint

2–4 weeks

For teams dealing with privilege sprawl, weak RBAC ownership, unclear access governance, or the need for a more defensible access model.

Target-state IAM / RBAC and least-privilege design
JIT access model and access lifecycle recommendations
Phased implementation plan aligned with operational constraints

Deliverables: target-state access model, governance recommendations, and implementation sequencing.

Can extend into rollout support, control hardening, and validation.

Platform Governance Review

1–2 weeks

For teams where Terraform, Kubernetes, or platform workflows no longer provide clean control, traceability, and operational confidence.

Review of infrastructure change paths, access boundaries, and workflow weaknesses
Identification of drift drivers, governance gaps, and quick wins
Target-state recommendations for a more defensible operating model

Deliverables: governance findings, prioritized quick wins, and a pragmatic target-state roadmap.

Can extend into a focused remediation sprint or delivery support.

How I work

Initial discovery discussion to clarify the situation, constraints, and what a useful outcome would look like.
Focused assessment with direct access to the relevant architecture, workflows, and control model.
Weekly checkpoint with concise written updates covering progress, key risks, and decisions.
Practical, implementation-ready outputs: findings, target-state recommendations, and a realistic remediation path. Service delivered via Proactive Blue (Switzerland). References available upon request.

Technical depth

Hands-on across cloud-native platforms with strong focus on IAM, privileged access, Kubernetes, Terraform, observability, and security posture. Experience operating and hardening platforms in regulated and high-control environments, with delivery grounded in real engineering constraints rather than policy-only recommendations.

Dealing with audit pressure, privileged access issues, or cloud governance drift?

Discuss your situation →