Lead Information Security Engineer

Fifteen years securing privileged access. Now building the AI layer on top.

I'm Johnny Leuthard. I lead CyberArk engineering on one of the largest privileged access platforms in financial services, and I build AI-assisted workflows with Claude, the Model Workspace Protocol, and Interpretable Context Methodology that take the grind out of security work.

At a glance

15+years of CyberArk and PAM engineering
700k+privileged accounts on the platform my team engineers
500+application teams self-onboarded through docs I built
~50%implementation time cut with PowerShell automation

Selected work

Work that removed real friction

CyberArk · Enablement

Self-service credential onboarding

500+ application teams needed to plug into CyberArk's Central Credential Provider without waiting on engineering. I built the documentation hub that let them do it themselves: setup guides, working code samples, common errors with fixes, and a weekly open Q&A. It became the foundation for the enterprise credential-management maturity program.

Ask me about it
PowerShell · Automation

Operations automation suite

Large CyberArk configuration changes used to take Operations days of manual GUI work. I replaced those workflows with scripted overnight runs and cut implementation time by about half. One deployment script now rebuilds 100+ microservice instances, including services, firewall rules, ACLs, and validation, in about five minutes.

Ask me about it
AI · Claude + MWP

CyberArk API change reporting

A personal Claude project built with the Model Workspace Protocol. It pulls CyberArk API documentation by version, diffs every endpoint, and generates HTML and PDF reports tuned for managers, developers, or platform engineers. Hours of manual doc review now run on demand in minutes.

Ask me about it
30yrs
in IT, infrastructure, and security
60k+
safes on the vault platform I help engineer
200
credential providers upgraded in one coordinated change
5min
to rebuild 100+ microservice instances by script

Resume

Thirty years, one thread: keep the keys safe

Every role built toward the same thing — securing access at scale, then automating the parts that shouldn't need a human. Here's the path.

2016 — Present
Current role
Lead Information Security Engineer
Wells Fargo · Remote

Lead technical direction and mentoring across a 15–20 person CyberArk Engineering group on a platform holding 700,000+ privileged accounts across 60,000+ safes — one of the largest CyberArk deployments in financial services. Built the self-service CCP onboarding hub that let 500+ application teams onboard independently, engineered the PowerShell automation suite that cut implementation time roughly 50%, and serve as primary technical liaison during audits.

2012 — 2016
Senior Windows Platform Security Engineer
TEKSystems · Contract placements at Bank of America → TCF Bank → Wells Fargo (hired FTE 2016)

Ran the competitive assessment that led Bank of America to select CyberArk as its enterprise PAM platform, then designed and deployed CyberArk infrastructure (CPM, PSM, PVWA, AIM, CCP) from the ground up. Managed vaulting of 200,000+ privileged credentials and automated remediation of 10,000+ file shares with incorrect permissions.

2006 — 2012
Windows System Engineer
Ally Financial (formerly GMAC-RFC / ResCap) · Minnesota

Supported 1,700+ Wintel servers across legacy and enterprise environments. Partnered with Legal on 2–3+ eDiscovery collections a month, including terabyte-scale data pulls, and kept production data in sync through major file and print server migrations.

2005 — 2006
Senior Software Support Specialist
Delphax Technologies · Bloomington, MN

Installed and commissioned multi-node Windows Server print systems at customer sites nationwide for high-volume industrial digital printing. Diagnosed field issues, reproduced them in the lab, and coordinated fix cycles with the development team.

2004 — 2005
Project Manager
Erickson Technologies, Inc. · Edina, MN

Managed end-to-end installation projects for new dental office openings nationwide — building, testing, and deploying complete workstation and network environments, then training staff on-site.

Capabilities

What I bring to the table

Privileged Access & Security

  • CyberArk PAS: Vault, CPM, PSM, PVWA
  • Credential Providers: CP, CCP, AIM/AAM
  • psPAS PowerShell module
  • EVD reporting & audit liaison
  • REST / SOAP / LDAP integrations
  • Windows Server at enterprise scale

Automation & Delivery

  • PowerShell (expert)
  • SQL reporting against CyberArk EVD
  • Agile delivery — Jira, epics, UAT
  • Change validation & production readiness
  • Confluence knowledgebase authorship
  • Team lead & mentoring (15–20 engineers)

AI & Context Engineering

  • Claude & Claude Code
  • Model Workspace Protocol (MWP)
  • Interpretable Context Methodology (ICM)
  • n8n workflow automation
  • AI-assisted scripting & documentation
  • Self-hosted LLMs — Ollama, LM Studio

Leadership & Governance

  • Hiring interview support
  • Weekly knowledge-sharing sessions
  • Engineer onboarding frameworks
  • Root-cause analysis & remediation
  • Regulatory compliance support
  • Engineering-to-Operations handoff

Learn

Building in public — come learn with me

Follow my ICM workflow on GitHub

I build my AI workflows in the open using Interpretable Context Methodology (ICM) and the Model Workspace Protocol (MWP) — structured, reviewable context systems for working with Claude on real engineering problems. Check out the repos, fork what's useful, and see how the CyberArk API change reporter and other projects are put together.

700k+
accounts secured on the platform I help engineer — the depth behind the AI work
Daily
I use Claude, MWP, and ICM in real engineering and career workflows, not just demos

Join me in Clief Notes

Clief Notes is the Skool community where I'm learning AI automation, n8n, and prompt engineering alongside other builders. There's a genuinely deep library of free content, courses, and discussion, no payment required to get real value. If you decide to go further and join a paid track, using my link gives me a small kickback at no extra cost to you.

Free to join, free content to explore, no card required.
Free
tier with real courses and community access — no paywall to start learning
n8n
17-hour comprehensive automation course I completed inside the community

About

Builder, operator, translator

I've spent 30 years in IT and security, the last 15 deep in privileged access management. I helped select and deploy CyberArk at one top-5 US bank, then built and led engineering at another: a platform holding 700,000+ privileged accounts across 60,000+ safes, with a 15-to-20 person engineering team I mentor and guide.

The next chapter is AI. I build structured AI workflows with Claude, the Model Workspace Protocol, and Interpretable Context Methodology: audit reporting that starts from a plain-English question, API change analysis that runs itself, and automation pipelines in n8n. The plan is simple. Deliver on day one with CyberArk depth, and build the AI layer on top of it.

  • CyberArk PAM: Vault, CPM, PSM, PVWA, CCP, AIM
  • PowerShell automation and the psPAS module
  • SQL reporting against CyberArk vault data for audits
  • AI workflows: Claude, MWP, ICM, n8n
  • Windows Server engineering and change validation
  • Mentoring and documentation people actually use

Contact

Let's talk

If you need someone with real CyberArk depth who already builds with AI, I want to hear from you. PAM programs, AI workflow questions, and roles at that intersection all count.