OgunDesigns LLC was founded by IAM and Splunk practitioners who got tired of watching strategy engagements die at the boundary between policy and operations. We built the operating system we wanted our clients to have.
We've sat on both sides of the audit table. We've owned the IAM logging program that almost wasn't ready in time. We've inherited the spreadsheet that was supposed to be a remediation engine. We've had to explain to a QSA why "we have a vault" wasn't, by itself, enough.
Those experiences shaped how we work. We don't deliver strategies that need a second engagement to operationalize. We don't write recommendations we wouldn't be willing to implement ourselves. And we don't accept "we'll figure out the evidence later" — because later is exactly when the auditor shows up.
Our practice is small and deliberately specialized. We work on a focused number of engagements at a time so each gets senior attention end-to-end. The same person who scoped your engagement is the person writing the SPL or the PL/SQL on day 60.
A working dashboard is worth more than ten architecture diagrams. We start by writing the thing — the strategy is what falls out of doing the work.
Designing for the auditor isn't an afterthought. It's a primary use case. The artifacts we ship are written to be read by people whose job is to find what's missing.
Eventtypes. Tags. Lookups. CIM compliance. The unglamorous middle of an IAM program is where 90% of the value lives. We do that work willingly.
Compliance is a software problem disguised as a policy problem. Treat it as engineering and the rest follows. Treat it as documentation and you'll be writing the same memo every year.
LLMs make some things 10x faster. They make other things dangerously confident. Knowing which is which is the actual skill. We're not selling AI — we're using it where it earns its place.
The best engagements end with your engineers running the system without us. We design knowledge transfer in from week one and measure ourselves on what continues working after we leave.
We've worked across the whole IAM and security data stack, but the depth lives in the platforms below.
SPL development, dashboard engineering, CIM compliance, eventtype/tag taxonomy, lookup-driven enrichment, audit reporting, HPA monitoring use cases.
Remediation portals, role-aware UIs, PL/SQL package design, ServiceNow / CMDB integration, the Identity Control Center pattern.
Stream shaping, routing, redaction, normalization at the edge — getting the data clean before it lands in Splunk Cloud.
Endpoint inventory queries, local account discovery, evidence reconciliation, integration with remediation engines.
API-driven metadata extraction, ownership mapping, secure token handling, scan-aware tag governance, single-output reporting.
JML lifecycle, group hygiene, CMDB-aware workflows, ticket-driven remediation, attestation evidence.
We take a small number of new engagements each quarter. If your IAM program needs the operational layer it's been missing, let's talk.
