Jason Pratt

“IAM & Access Security Leader | Zero Trust • SSO • Privileged Access Management”

Forney, Texas, United States

About

Technically minded professional with progressive experience in architecting enterprise IAM ecosystems, advancing privileged access strategies, and enabling secure AI adoption through structured governance frameworks. What makes me stand out is my proven success in leading Active Directory and Entra ID transformations, consolidating identity infrastructures across tens of thousands of users, and resolving complex authentication challenges across enterprise applications. I have a recognized ability to drive identity remediation initiatives, conduct enterprise-wide risk assessments, and align controls with NIST standards. My expertise lies in mentoring technical teams, shaping identity architecture roadmaps, and delivering solutions that enhance security maturity.

Experience

  • Principal AI Security Architect and Innovation at .
    Jan 2022 - Present · 4 yrs 7 mos

    As a a part of this role, I establish enterprise-wide AI governance and approval processes by developing and operationalizing AI policy frameworks aligned with NIST AI RMF. During my time, I maintain identity security and cross-functional alignment by partnering with engineering, security, and business teams to streamline compliance and operations. Key Contributions & Accomplishment: • Improved AI risk visibility and proactive threat mitigation by conducting risk assessments and integrating security controls. • Elevated generative AI security and identity governance by designing policy frameworks for agent identity management. • Increased system integrity and reduced vulnerability exposure by conducting assessments and executing remediation strategies. • Strengthened enterprise security posture and compliance across global environments by spearheading CyberArk SaaS PAM implementation and securing privileged access. • Accelerated secure AI adoption and vendor selection by leading evaluations, proof-of-concepts, and recommendations for AI Prompt Security and AI-SPM platforms. • Improved enterprise resilience and incident response readiness by defining kill-switch and rollback strategies, including model access revocation and API throttling.

  • Identity and Access engineer at Baylor Scott & White Health
    Mar 2017 - Jan 2022 · 4 yrs 11 mos

    I’ve designed and consolidated Group Policy at scale, led multiple Domain Controller upgrades (2008 → 2012 → 2016), and overseen AD capacity planning, security hardening, and hygiene improvements. This includes remediating authentication issues, reducing directory risks, and cleaning up stale identities, groups, and service accounts. I’ve also served as the technical lead for a forest migration supporting 40,000 users and 800 applications. On the privileged access side, I’ve built and deployed all CyberArk CorePAS components, created safes for more than 25,000 privileged accounts, developed PSM connection flows, and performed full vault build and restore operations. My work includes troubleshooting Kerberos/NTLM authentication, integrating applications through LDAP/LDAPS, and migrating legacy authentication to Radiant Logic VDS. I’ve also managed and upgraded Quest ActiveRoles, RMAD, Change Auditor, GPOAdmin, and Migrate tools across enterprise environments. In the cloud, I’ve deployed Azure VMs, resource groups, storage, Conditional Access, and Azure Policies to strengthen security posture. I’ve assigned and governed Azure AD permissions, monitored security alerts, and executed Azure Disk Encryption for 400+ servers. I’ve also led migrations from on-prem to Azure using Azure Migrate and modernized authentication by transitioning from SecureAuth to CyberArk Idaptive, integrating more than 50 SAML applications.

  • Enterprise Active Directory Administrator/SME at Credit Suisse
    Sep 2015 - Mar 2017 · 1 yr 7 mos

    • Create and Delete Active directory sites as requested. • Troubleshoot domain controller issues by reviewing audit logs as needed. • Configure DHCP reservations. • Add DNS records as needed. • Create and deploy Software and update packages with Microsoft SCCM 2012 R2. • Upgrade domain controllers from Server 2008 R2 to Server 2012 R2 • Compile reports with Microsoft SCCM 2012 R2 as needed. • Register Subnets using Active Directory sites and servers. • Create and validate forest trusts when required. • Create new mailboxes as needed using Exchange 2013. • Dismount and mount Exchange databases as needed. • Create and manage Microsoft Failover cluster. • Manage Mail deliver queue as well as critical exchange services. • Promote and demote Domain controllers as business requirements change. • Build and modify GPO for Windows Server 2003, 2008R2 and 2012R2. • Create and manage Exchange 2013 Databases. • Troubleshoot Authentication issues as needed. • Create, delete and manage Office 365 Users, groups and Distro lists. • Migrate user Data from on premises to hybrid cloud solution for testing. • Monitor and communicate Office 365 Service health as well as maintenance messages. • Research resource usage on domain controllers. • Create and delete SPN records as business requires.

  • Active Directory System Administrator at NCI, Inc.
    Apr 2013 - Sep 2015 · 2 yrs 6 mos

    Install ESXi 5.0/5.5 as needed. Use VMware Converter to perform Physical to Virtual and Virtual to Virtual copying. Configure DHCP reservations. Use ITSM to track and create work requests. Perform DNS administration including CName and A record creation. Add servers to clusters when needed. Create and modify share drives when requested as well as modify NTFS permissions when needed. Use V-motion to migrate VM’s to new hosts as needed. Build and maintain Print Servers. Implemented folder redirection project for over 23,000 users. Configure DFS name Space. Support 450 servers on Ft Bragg. Configure EMC SAN devices including storage pools and LUN setup. Modify and run Powershell Scripts. Create and troubleshoot GPO requests. Create virtual machines as needed. Patch and update servers to maintain IAVA compliance. Perform upgrades from ESXi 5.1 to ESXi 5.5 Create training documentation to help support and train employees. Install Windows Server 2008R2 when requested. Provide Active Directory support for over 75,000 objects.

  • Jr Network Engineer at Celito
    Sep 2012 - 2013 · 5 mos