For the complete documentation index, see /llms.txt. Markdown version of this page: /en/insights/identity/talk-to-the-cyberark-chief-architect.md.
EN / NB Contact us →
EN / NB

Consulting

MDR / SOC

Vulnerability Management

Identity

Compliance

AI Security

CrowdStrike

Aikido

Tenable

Idira (CyberArk)

Browse

Series

Events & resources

About us

Company info

Contact

Partners

Identity Security ↗

Talk to the chief architect behind one of the world's largest CyberArk deployments

When you buy privileged access management, you should talk to the practitioner who has run CyberArk at the largest scale, not a reseller.

5 min read By Fredrik Standahl
CyberArk logo and CyberArk PAM, FM CyberSecurity branded cover

When you buy privileged access management, you should be able to talk to the person who has implemented it at the largest scale, not a reseller reading a datasheet. That is the argument of this piece. FM CyberSecurity’s CyberArk practice is led by a chief architect, Robin, who is the chief architect on one of the world’s largest CyberArk deployments.

I run the business side of FM CyberSecurity, so I sit in the buying conversations. In the privileged access projects I have been part of, the question that decides the project is rarely “which product.” It is “who is going to make the rollout survive contact with our real environment.” Robin is the answer I give, and I want to explain why scale-of-deployment experience changes the quality of the advice you get.

CyberArk logo and CyberArk PAM, FM CyberSecurity

What people reach for first

Most buyers start by booking a demo with a reseller. You get a polished walkthrough of the vault, a slide on credential rotation, and a quote. The logic feels sound. The reseller sells the product, so the reseller should know the product.

The gap is that a demo shows you the platform working in a clean lab. It does not show you what happens when you point the same platform at a network with 12 years of accumulated service accounts, three Active Directory forests, and an application team that has never had its credentials taken out of a config file. That is where most PAM projects stall. The product was never the hard part. The rollout sequence, the break-glass design, and the joiner-mover-leaver flow at real headcount are the hard parts.

So the honest question is not “which CyberArk SKU.” It is “who has already made the difficult decisions on a deployment bigger than mine, and can tell me which order to do things in.”

Why deployment scale changes the advice

Depth of real-world implementation experience beats a vendor pitch, because PAM fails on the edge cases, and scale is where you meet every edge case. CyberArk is the platform we standardised on for privileged access. The platform’s capabilities are well documented: a tamper-resistant Digital Vault for credentials, session isolation so privileged sessions run through a proxy and can be recorded, and policy-based credential rotation, all under the CyberArk Identity Security Platform.

Those capabilities are the same whether you have 200 privileged accounts or 200,000. What is not the same is knowing how to roll them out without breaking production. A few examples of where scale teaches you things a demo never will:

  • Rollout sequencing. On a small deployment you can onboard accounts in almost any order. At scale you learn which account types to vault first so that you cut risk early without locking an admin out of a system they need at 02:00. Robin has made that call on a deployment where getting the order wrong would have stopped thousands of users.
  • Break-glass design. Every PAM project needs an emergency access path for when the vault itself is unreachable. Designing one that auditors accept and that nobody quietly abuses is a different problem at 50 accounts than at tens of thousands.
  • Session isolation and recording. Turning on session recording is easy. Doing it across enough administrators and third-party vendors that the audit evidence is complete, without flooding storage or slowing every login, is a tuning problem you only solve by having done it large.
  • Joiner-mover-leaver at scale. When an employee changes role, their privileged access has to change with them. At small scale a person can track that. At large scale it has to be wired into the identity flow, and the wiring is where deployments go wrong.

None of this comes from a certification badge. It comes from having owned the architecture on a deployment most teams will never see the inside of.

What FM CyberSecurity does

FM CyberSecurity operates CyberArk end-to-end for the firms we work with. We do not resell it. We design the vaulting strategy, sequence the rollout, build the break-glass path, set up privileged session management, and wire the joiner-mover-leaver flow into your existing identity provider. Robin leads the architecture, and you talk to him directly, not through an account manager.

That is the part I care about as the person who signs the engagements. When a buyer asks me a hard PAM question in a meeting, I do not improvise an answer. I bring in the architect who has already solved it at a scale that dwarfs the room. Our identity practice is CyberArk only, so this is not a generalist gesturing at a category. It is one platform, run by someone who has run it at the top end of the market.

The output a buyer feels is confidence in the plan. You get a rollout order with a reason behind each step, a break-glass design your auditor will sign off, and session evidence that exports cleanly into your ISO 27001 or NIS2 catalogue. The decisions are made by someone who has watched them play out at scale, so you inherit the lessons without paying for the mistakes.

What this means for you

If you are a CISO, IAM lead, or IT director planning a PAM rollout, the takeaway is narrow. The product you choose matters less than the experience of the person sequencing the rollout. A reseller can sell you CyberArk. Far fewer people can tell you, from having done it at the largest scale, which account to vault first and which order saves you a production outage.

That is what FM CyberSecurity offers on privileged access: direct access to the chief architect behind one of the world’s largest CyberArk deployments, running the same platform for you. We are not asking you to trust a slide.

If this resonates:

  • Read about FM CyberSecurity’s CyberArk practice and the delivery models we run it through.
  • Forward this to your IAM lead or whoever owns privileged access, before the next demo gets booked.
  • Talk to us for a 30-minute view on your privileged access plan, and where Robin would start.

More on Identity Security

28 May 2026 · Identity Security
How to claim a free identity check via CrowdStrike

A free CrowdStrike Falcon Identity Protection trial that shows your exposed, stale, and over-privileged accounts before you commit to anything.

9 Jun 2026 · AI Security
Cyber Index #62 - Phishing cost per analyst, AI attackers level up, and the insecure-code reality

This week's Cyber Index roundup: 13 reports on rising phishing costs, AI attackers leveling up, insecure AI-generated code, agent-security gaps, and AI governance falling behind.

5 Jun 2026 · Compliance
What the EU Cyber Resilience Act is, and who it covers

The CRA is an EU law that ties cybersecurity rules to CE marking, so a product with digital elements cannot enter the EU market without it.

← Back to all insights
Questions or inquiry? [email protected] Contact us →