About Me

This is me. This is what I look like on the day-to-day at work. Thanks to COVID, I'm solidly #WFH forever... That's (one of) my office-mate(s), Lucy. She's mad because I spent 30 minutes explaining to yet another client that urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified is NOT a literal format specification string that you needed to supply in your <SAMLResponse>, but rather a clarifying statement that you needn't specify a format rather than giving her treats!

I am an identity and access management consultant and software engineer with IDM Engineering. My specialization is single sign-on technologies, namely SAML and OpenID Connect, and I do pretty much anything related to SSO:, including:

  • assisting companies with adding SAML and OIDC support to their applications,
  • helping organizations manage the components of their SSO environment (like IDPs),
  • and bringing my expertise to bear on complex architectural challenges related to identity.

If you have an IAM issue... I'm a good person to discuss that issue with!

I peaked in cuteness at age 3... it's been downhill since then. I wanted to be an architect as a child, mostly because I liked Lego and the adults around me shrugged at that and said, "Hey, you could design buildings!" Unfortunately, architects need to know how to draw, so I turned to the other aspect of buildings... structural integrity. That led me for a long time to think I'd be an engineer of some sort, and I had a knack at math and science, so it fit.

At some point along my studies of science, however, I stopped caring about anything other than an unabashed search for knowledge. I wanted to master my understanding of the most fundamental nature of what, exactly, was this thing we called "matter." Unsurprisingly, therefore, I studied physics... first at Otterbein College (now Otterbein University), where I pivoted all of my studies toward high-energy nuclear physics, a.k.a. particle physics. I also picked up a degree in math because "might as well."

After completing my undergrad work, I chose to attend Ohio University (note: not Ohio State University). OU didn't really offer high-energy physics in their nuclear theory group, so I instead worked on what could generously be called "intermediate"-energy physics. I worked with Dr. Daniel Phillips to complete an M.S. thesis on the topic of effective field theory. Specifically, we computed the electromagnetic form factors of the light nuclei: 2H and 3He.

The math behind that work basically burned me out on quantum chromodynamics, field theory, and (very) advanced calculus; so I knew pretty quickly on in my graduate school career that nuclear physics as a path wasn't right for me. Instead of looking at the nature of matter at the smallest scales, I chose to look for answers instead at the largest, and begain studing observational cosmology under Dr. Doug Clowe.

I began working on weak gravitational lensing, which culminated in my dissertation in December 2013 titled Constraining Cosmology with Weak Gravitational Lensing. I used cross correlation tomography of weak lensing signals to study to what extent dark matter in galaxy clusters bends the light from background galaxies at different redshifts. If we look at how this change in ellipticity varies with the lensed object's distance (effectively the same thing as redshift) we had hoped to build an effective constraint on the dark energy equation of state. The gist of my research was the weak lensing wasn't a very good tool for trying to constrain the cosmological parameters related to dark energy, but in science negative results are good too! Anything that furthers along our understanding of something is good science.

While I was in grad school, I met the love of my life, Holly. We married in 2009, and had our twin daughters Hope and Lily in 2012. Right about the same time I was thinking about defending a disseration and move on to the next phase of my academic life. That said, the only post-doc opportunities I was seriously considering were in Europe, which is a long way from Athens, OH. Since we really needed help from our local families raising our kids, I decided that an academic career wasn't going to be for me, and that instead I should look for "real" work.

I was looking at jobs locally as a developer, and given that there weren't many options for that kind of work in Athens, I started a business from which to consolidate my freelancing work, along with picking up some other small-business IT projects locally. In 2016, BCS Engineering acquired my business, mainly to acquire me. I had gotten to know Brandon and Carrie well through our church, where both Brandon and I were active volunteers with the technical teams, Brandon running sound and I focusing on the video systems. I began working for Brandon and Carrie, leading their local small-business IT consulting efforts, and moonlighting on some programming projects for the e-commerce side of the business. I wasn't a PHP developer, but I rather quickly became one, and gained substantial experience in the e-commerce market working on the X-cart and Magento / Adobe Commerce platforms.

BCSE also owned a sister-company, IDM Integration, along with another business partner. From my first IDM project upgrading Shibboleth IDP in 2016 on it was clear that I had a knack for identity engineering. I threw myself into IAM projects as often as I could, and by 2018 I was playing a privotal role with IDMI, taking on a "senior" engineering role and being involved in much of the day-to-day operations of the business. We also rather quickly realized that I was more valuable consulting on identity and e-commerce projects, and closed up the small-business IT consulting largely by the middle of 2017 (except for existing customers, whom we slowly phased out over the next two years).

In 2019, the third IDMI business partner chose to leave the business, and as a result of the separation agreement we continued on as IDM Engineering. I took on a more formalized role in running the business at that time, and since then I have served as a main IDM Engineering engineer. Under my direction, IDME has broadened its consulting specialization away from just Shibboleth-based SSO to anything IAM-related. We've embraced moving our customers forward in the new, cloud-dominated space, assisting with many migrations away from on-premises implementations of SAML like Shibboleth and ADFS, toward IDaaS offering from Azure, Ping, and Okta.

I'm now happily consulting about any SAML-related or IAM issue and I feel like I've finally found my niche. I look forward to how IAM is evolving, and right now much of my time is spent considering how IAM changes with the increasing adoption of a Zero Trust security architecture.

That's my story so far... I'm curious to see where I go from here. Feel free to peek at my LinkedIn or GitHub profiles, or by reaching out to me directly if you have questions!

If you'd like to discuss a consulting engagement, please email me at my work address: kellen@idmengineering.com.

    -- Kellen