Identity & access
SAML and OIDC SSO, SCIM provisioning, RBAC, JIT access. Joiner/mover/leaver automation across all our SaaS tools.
Seattle, WA
Hey, I'm Rishi.
I've spent 15 years in IT and enterprise engineering, mostly at places growing faster than their infrastructure could keep up. I write Go and Python to automate the things that shouldn't require a human, and I build identity and security systems that stay out of everyone's way.
Right now I'm at The Browser Company, where I own the IT function and work on making Dia Browser ready for enterprises. Before that I was at Datadog, where I built automation for 5,000 people and got promoted to run the team I started on.
01. About
How I got here.
My first IT job was managing infrastructure for the Department of Neurology at UW-Madison. The systems fell under HIPAA, the users were researchers running traumatic brain injury studies on rodents, and my favorite project was building the frontend for the database that kept track of all of it. I'm probably the only person you'll meet who has designed software for lab mice. But it taught me two things early: secure the data like it matters, and stay out of everyone's way. I've been working off that playbook ever since.
I moved to New York and spent the next few years at Tapad, Yext, and Datadog. Each one was bigger and messier than the last, which was the fun of it. At Datadog I joined as an engineer building SaaS lifecycle automation, wrote Clarity, a tool that cut software spend by 40%, and got promoted to manage the team. Leading engineers who used to be my peers was the hardest thing I've done professionally, and the most useful.
These days I'm at The Browser Company, where I'm the only person responsible for IT and enterprise systems. I recently built Keycard, a Go service that provisions and deprovisions people across 30+ tools. I figure out how to let engineers use Claude and Codex without handing AI agents the keys to production. And I build the security controls that just got us through SOC 2 Type 2 for Dia. It's the first time I've had to own everything end to end, and I wouldn't trade it.
When I'm not doing any of this, I travel. 50+ countries and all 7 continents, and counting, with the goal of eventually visiting every country. It has nothing to do with computers, which is probably the point.
If you're solving similar problems, or you know somewhere I should go next, I'd like to hear from you.
02. Work
Where I've worked.
-
Staff Enterprise Systems Engineer, IT & Enterprise The Browser Company
I run IT as a team of one, and I work on the enterprise features in Dia (IAM, DLP). The job is split between hands-on engineering and program work.
- Configured SAML and OIDC SSO across all enterprise apps. Built Keycard, our joiner/mover/leaver automation in Go, deployed to AWS ECS, orchestrating SCIM provisioning across 30+ SaaS tools.
- Cut standing privileges with ConductorOne for self-service JIT access and audit trails. Passed SOC 2 Type 2.
- Got us full endpoint visibility with CrowdStrike Falcon via Jamf, and integrated Falcon Shield with Google Workspace for centralized monitoring.
- Built zero-touch onboarding across macOS (Jamf) and Windows (Azure AD/Intune), automating device enrollment, Yubikey provisioning, and account creation.
- Built the access controls around AI tooling like Claude, Codex, and MCP integrations. The work cuts both ways: engineers need safe ways to use these tools, and the tools need tight scopes on what they can reach. OAuth, RBAC, and least privilege throughout.
-
Travel Sabbatical
Took 18 months between Datadog and The Browser Company to travel. 35+ countries along the way.
-
Systems Engineer to Manager, Enterprise Technology Datadog
Started as an IC and ended up managing the same team. Owned automation and internal tooling strategy for 5,000+ employees across engineering, sales, and operations.
- Saved 40% on SaaS spend by building Clarity License Manager in Python as AWS Lambda microservices, automating real-time usage tracking and license reclamation.
- Cut manual lifecycle work by 90% by automating onboarding, offboarding, and quarterly access reviews for SOX and SOC 2.
- Centralized access for 4,000+ employees by migrating from AWS IAM to AWS SSO and unifying provisioning across Workday, NetSuite, and Salesforce.
-
Senior IT Engineer Yext
Built internal automation at Yext during its early years as a public company.
- Built YED, an automated offboarding system that handled SOC 2 compliance across all our systems. Saved hours of manual work per departure.
- Cut phishing and spoofing by 80% in six months by implementing DMARC for yext.com.
- Consolidated SaaS sprawl into an IT-governed catalog and got budget visibility back.
-
Systems Administrator Tapad
Ran ADFS, Google Apps, Salesforce, and Office 365. Handled user lifecycle, endpoint provisioning, and the network. Automated a lot of it with PowerShell.
-
Information Systems Engineer University of Wisconsin-Madison
Ran IT for the Department of Neurology. Windows and Linux servers, endpoints, and the network.
03. Expertise
What I work on.
Platform engineering
Go and Python services running on AWS, mostly ECS and Lambda. Internal APIs that tie together HRIS, finance, and IAM.
Endpoint & security
Zero-touch provisioning across macOS and Windows. EDR rollouts, DMARC, DLP, and sane defaults that work at scale.
Compliance & governance
SOC 2 Type 2 and SOX-grade controls. Automated quarterly access reviews. Audit evidence that lives in code, not spreadsheets.
AI tooling for the enterprise
Rolling out Claude, Codex, MCP integrations, and whatever's next without giving up on least privilege. OAuth scoping, RBAC, and access boundaries so engineers can actually use this stuff.
Team & program leadership
Went from IC to manager at Datadog. Comfortable scoping programs, hiring, and shipping internal tools that solve real problems.
04. Connect
Get in touch.
Email is best. LinkedIn works too.