Hi, I'm Tomasz Sielski

IAM Architect  ·  Identity Platform Owner  ·  Zero Trust  ·  Cloud Security

I design identity systems that work in the real world — not just on paper. With 20+ years across SMBs, public institutions, and large enterprises serving hundreds of thousands of users, I've learned that identity architecture is never purely technical. It's about understanding what a business actually needs, what its risks really are, and building something that holds up when the complexity scales.

My edge is translation: I move fast between executive strategy and engineering detail, between compliance requirements and Conditional Access policy, between a CISO's concern and a developer's ticket.

Where it started

I came to technology before it had a proper name for me — first on punched tape, then on an 8-bit Amstrad CPC 6128, then an IBM x86 clone where I spent evenings writing Basic and Pascal. Not because anyone told me to, but because taking things apart and making them work differently felt natural.

That instinct has never left. It just found larger, more consequential systems to work on.

Two worlds at once

For over a decade I ran both sides of a difficult equation: my own IT consultancy serving businesses across Szczecin, and a parallel role inside a military institution — one of the most hierarchically structured environments you can work in. One world rewarded improvisation and ownership. The other demanded precision, documentation, and alignment to rules I didn't write.

That combination shaped how I think about IAM. In practice, most identity problems aren't purely technical — they live exactly at the boundary between “what the business wants” and “what the rules require.” I learned to operate in that space from both sides.

Why IAM specifically

Identity kept finding me. Every infrastructure project, every cloud migration, every security engagement eventually came back to the same core questions: who should have access, to what, under what conditions, and for how long? JML flows, RBAC design, AAA models, SoD, PIM — these aren't separate concerns. They're the same problem at different scales.

At some point I stopped treating identity as a component of larger projects and started treating it as the foundation everything else is built on. That's still how I approach it.

“Digital identity is no longer an IT problem — it's a business one.”

Closed-door CEE roundtable on identity in the AI era — Clateway Media

That framing reflects where the field is heading. AI-driven impersonation, synthetic identities, agentic “mini-me” access — organisations are being forced to rethink verification and governance at machine speed. Zero Trust is no longer a maturity model. It's operational survival.

Recent

How I work

I embed long-term when the complexity demands it — designing JML processes, building Entra ID architecture, owning an identity programme end-to-end. I also come in to solve specific problems fast: an SSO integration, a Conditional Access redesign, an access certification process that needs to actually work before an audit.

Currently working as Master Cybersecurity Systems Engineer at Erste Bank Polska (formerly Santander Bank Polska), focused on IAM process design across a hybrid enterprise environment.

Still learning, actively

I compete in cloud security championships and CTF challenges — not as a hobby separate from work, but because understanding how environments are attacked makes me a better architect of their defences. Wiz Ultimate Cloud Security Championship (11/12 challenges), hackArcana Kubernetes security track, and more on the way.

If you want to see what I'm working through, the blog is the place.