How we write these.
The Postmortem is a vendor-neutral teardown series. Every issue picks one identity-related breach, walks through the specific IAM controls that failed, and identifies what a competent IAM program would have caught at each step. Below is the standard each issue is held to.
One breach per issue. No survey pieces, no "top five identity threats of the quarter." One incident, taken apart in depth, at the level a practitioner can act on.
Public sources only. Every factual claim cites a public source: regulator filings, CISA or HC3 advisories, the affected company's own disclosures, 10-K or 8-K filings, independent forensic reports where available. We do not write about incidents that have not been publicly disclosed.
What remains unknown. Every teardown ends with an explicit section listing what we cannot verify from public sources. Identity incidents are messy; speculation is not analysis.
Vendor-neutral. We do not write "this would have been caught by [product]." We map failed controls to standards (NIST 800-53, ISO 27001, HIPAA Security Rule) and to configuration patterns, not to specific vendor SKUs. IdentityLogic delivers against most of the major IAM platforms, and that independence is the point of the series.
Unbylined. Authors are IdentityLogic Consulting practitioners; the firm is the byline. Issues are reviewed and edited collectively before they ship.
Cadence. We publish two content types on a fixed cadence.
Postmortems publish monthly, on the first Tuesday. Each one analyzes a single major identity incident with the six-section autopsy structure described above.
Field Reports publish quarterly. Each one is a deeper analytical piece on a broader pattern in the IAM landscape: a category of threat, a class of control failure, an emerging technology category, or a shift in how identity programs are being built. Field Reports are longer than Postmortems, are not tied to a specific incident, and follow a structure suited to analysis rather than autopsy.
Subscribers to The IAM Postmortem receive both content types. There is no separate subscription. The full archive is always available at postmortem.identitylogicconsulting.com.
What we do not do. No tracking pixels in the email. No click tracking. No interstitial paywalls. No "subscribe to read" gates. No affiliate links. No sponsorship of issues. If a sponsorship model is ever introduced, the change will be disclosed at the top of the affected issue.
Why the firm publishes this. Sober IAM practitioner analysis is in short supply on the open web. We publish to be useful to senior security readers. If a reader wants a practitioner read on their own environment after an issue lands, the page footer carries a soft mailto. There is no hard product pitch inside the teardown body.
IdentityLogic Consulting LLC
Founder-led IAM consulting firm operating since 2018. We deliver advisory, implementation, managed support, and packaged engagements across the major IAM platforms.Read the full firm About →
If a teardown raised a question about your own control set, you can write to us directly via the soft mailto at the end of each issue, or send a general note to contact@identitylogicconsulting.com.