Episode 12 — Run Account Lifecycle Cleanly: Provisioning, Deprovisioning, Reviews, and Drift Control
This episode covers identity lifecycle as a control system that either keeps access aligned to business reality or slowly turns into a collection of orphaned risk. You’ll connect provisioning and deprovisioning to GSEC exam scenarios involving contractors, job changes, and emergency access, where the best answer often reduces window-of-exposure instead of adding a new tool. We’ll define joiner-mover-leaver processes, explain why deprovisioning must be immediate and verified, and show how periodic access reviews catch drift when roles change faster than tickets. Examples will include a terminated employee whose VPN still works, a contractor account reused across projects, and a service account tied to a departed admin with no owner. Best practices will focus on authoritative sources, automation with approval gates, documentation of owners, and monitoring for anomalies like logins after termination. Troubleshooting considerations include mismatched directories, unsynced SaaS access, and local accounts that bypass central offboarding. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.
