David Wolf · Project Use Case
AI SECURITY · PRODUCT SECURITY · DISNEY
Disney
IAM SIEM Alert Debugging & Executive Dashboard
A Splunk-based IAM monitoring and executive reporting project across Disney access-control and identity systems for campuses and offices.
Delivered Splunk-focused IAM and SIEM work for Disney, debugging identity and access-control alerts, building a custom Splunk app, and creating executive dashboards across access-control and identity solutions spanning Disney...
Client
Disney
Engagement Type
Role or consulting; exact classification requires confirmation
Period
Career Role; exact dates require confirmation
Role
Splunk / IAM / SIEM / Security Analytics Contributor; exact title requires confirmation
Focus Areas
IAM Alert Debugging, SIEM Alert Debugging, Splunk App Development, Executive Dashboards
The Research Narrative
Strategic Problem
IAM and access-control alerts are only useful when the signal is trustworthy. Noisy, duplicated, broken, or poorly contextualized alerts create confusion. The work required debugging alert behavior and...
What David Did
David debugged IAM/SIEM alerts, worked across access-control and identity telemetry, built a custom Splunk app, and created executive dashboards for leadership visibility.
What Became Clearer
The project connected low-level SIEM debugging to executive security reporting. It made access-control and identity signals easier to understand, monitor, and communicate.
Consulting Proof
This is evidence of turning messy security telemetry into explainable dashboards, alert-quality improvements, and executive-ready operating views.
The Context
Disney's access-control and identity environment spanned campuses and offices. Security teams needed Splunk-based visibility into IAM and access-control alerts that were operationally meaningful and explainable to leadership.
The Challenge
IAM and access-control alerts are only useful when the signal is trustworthy. Noisy, duplicated, broken, or poorly contextualized alerts create confusion. The work required debugging alert behavior and turning telemetry into clear security views.
What I Did
David debugged IAM/SIEM alerts, worked across access-control and identity telemetry, built a custom Splunk app, and created executive dashboards for leadership visibility.
- •Debugged IAM and SIEM alerts across Disney identity and access-control environments
- •Analyzed alert behavior from access-control and identity systems spanning Disney campuses and offices
- •Identified noisy, broken, misfiring, duplicated, unclear, or low-signal alert conditions
- •Built or contributed to a custom Splunk app focused on IAM/security monitoring workflows
- •Created Splunk dashboards that translated identity and access-control telemetry into usable operational and executive views
- •Helped normalize and organize IAM/security events so teams could understand trends, alert quality, and access-control posture
- •Connected low-level SIEM alert debugging to higher-level reporting for security stakeholders and leadership
- •Focused on practical security analytics: what is firing, why it is firing, where it is happening, whether the signal is trustworthy, and what leaders need to see
The Outcome
The project connected low-level SIEM debugging to executive security reporting. It made access-control and identity signals easier to understand, monitor, and communicate.
Research Outcomes
Alert Trust
Reduced noise and improved signal quality for IAM and access-control alerts
IAM Clarity
Normalized identity telemetry and debugged alert behavior
Executive Visibility
Built dashboards leaders could trust for decision-making
Operational Impact
Turned raw telemetry into actionable security intelligence
Capabilities Demonstrated
Security Analytics
Signal investigation and event analysis
IAM / Access Control
Identity telemetry and access insights
SIEM Alert Debugging
Noise reduction and signal validation
Dashboard Development
Operational and executive views
Executive Reporting
Security data translated for leadership
Telemetry Normalization
Consistent and trusted data
Operational Reporting
Actionable views for security operations
Public-Safe Evidence
Shareable insights without sensitive data
Key Deliverables
- •IAM SIEM alert debugging
- •Access-control alert analysis
- •Identity-system telemetry review
- •Custom Splunk app or Splunk workflow
- •Executive security dashboard
- •Operational IAM/security dashboard views
- •Alert-quality and signal debugging support
- •Access-control reporting narrative
Tools & Technologies
Consulting Translation
The reusable pattern is not Disney-specific: normalize fragmented security telemetry, debug low-signal alert behavior, build trusted operating views, and give leadership evidence they can act on without exposing sensitive systems.