// The playbook
Three pillars. Six structural shifts coming in the next 12 months. Nine agentic use cases mapped to a real stack. Six metrics that actually measure AI impact. This is how I'd answer "where is IT going, and how would you lead us there?", distilled into a public document.
The 90-second pitch I bring into every interview.
You can't deploy agentic AI on broken processes. AI just hallucinates faster or grants access to the wrong people. Pristine Okta state, clean HRIS data, and strict RBAC aren't security checkboxes, they're the prerequisites that make AI safe to ship.
I don't track deflection, that's a vanity metric for a chatbot frustrating users into giving up. I track Zero-Touch Resolution: Slack ask → agent queries Okta → routes for manager approval → provisions → closes Jira. No human in the loop.
AI's job isn't to fire the IT team, it's to change the Helpdesk Efficiency Ratio from 1:100 to 1:200. The recaptured time goes to Zero Trust posture, LLM guardrails, prompt-injection defense, and token budget management, the work that actually scales the business.
Six structural shifts I'm building toward.
From scripts that summarize a ticket to digital workers that orchestrate the entire access request.
The work shifts from resolving repeatable tickets to managing the agents that resolve them.
Nightly drift detection across Okta and HRIS, auto-removing stale permissions instead of waiting for a spreadsheet.
Employees bring AI to work. The job is to make the sanctioned path the easier path, not to chase tools after the fact.
Once AI is wired into real workflows, governance, evals, and access modeling are what separate working systems from demos.
AI deployed on broken processes amplifies the chaos. Identity, data, RBAC come first.
The dashboard I'd build on day one.
Not "tickets closed" or "CSAT." The metrics that prove AI is actually scaling the business, and exposing whether you've built a real platform or just a more expensive chatbot.
End-to-end automated resolution through Slack-native flows and identity-aware workflows. Not deflection.
Target ratio for a lean Corp Eng team that scales output through automation instead of headcount.
Workday → Okta → SaaS via SCIM + Okta. Hours become minutes.
Triage is a workflow problem, not a reasoning problem. Match the model to the complexity, not the other way around.
Agent-driven cross-SaaS deprovisioning beats manual checklists every time.
Compliance becomes a query, not a quarterly fire drill.
Nine use cases I can architect on day one.
Every one of these runs on the same composable platform: HRIS triggers → orchestration (Okta Workflows / event-driven automation platforms / MCP connectors) → Okta API → SaaS APIs → Slack human-in-the-loop → Vanta evidence log. New use cases are new workflow nodes, not new infrastructure.
Workday hire event → agent reads role + dept → cross-references peer access patterns → provisions Okta groups, Google Workspace, Slack, GitHub, Jira with no human in the loop. Hours → minutes.
Department transfer detected → agent computes delta between old and new access profiles → auto-removes stale permissions, provisions new ones, flags anomalies for review.
Termination event → agent pulls full Okta inventory → identifies Drive docs for knowledge transfer → executes coordinated cross-SaaS deprovisioning → logs evidence to Vanta. 99.9% accuracy vs. manual.
Slack DM to an agent that checks Okta policies and RBAC, verifies manager approval, then provisions automatically. The whole request closes without a ticket.
An alert fires. By the time a human sees it, the agent has already done the first hour of analyst work. Identity, threat reputation, behavioral context, all pre-joined and not waiting in separate tabs.
Continuous license utilization monitoring → auto-deprovisions dormant accounts → files procurement recommendations when usage hits thresholds. Real ROI story for finance.
Nightly: queries Okta group memberships, joins HRIS role data, flags permission drift, auto-removes access that no longer matches job function. Replaces the quarterly spreadsheet entirely.
New SaaS request → agent scrapes vendor security posture, checks Vanta/OneTrust data, joins existing contract terms → generates risk scorecard for approval. Days → minutes.
Scheduled agent queries Okta, Google Workspace, MDM → assembles evidence packages → drops them into the correct Vanta control. Eliminates manual evidence collection.
The categories I'd build the next Corp Eng stack around.
Slack, Notion, Drive, and Jira become a single queryable surface scoped to what each person is allowed to see.
RBAC, audit, DLP, and evals applied uniformly so the org doesn't end up with a different shadow account per model.
Joiner, mover, leaver flows wired directly into HRIS so provisioning is a system property, not a checklist.
Replaces the quarterly evidence scramble with a system that already has the answer when an auditor asks.
If your Corp Eng team is hiring for the person who'll bring this operating model in, identity foundation, zero-touch operations, engineering leverage, I'd love to talk through what the first 90 days would look like at your company.