Cyber Business Podcast

Identity First: Srivatsan Raghavan’s Zero Trust Playbook for Construction IT

Written by Matthew Connor | Sep 10, 2025 7:00:00 AM

Srivatsan Raghavan serves as Chief Information Officer at OHLA USA, a national heavy civil and vertical construction company operating across New York, Illinois, California, and Florida. Over 15 years with the organization, he has led cloud migration, in-house software development, and a zero trust security transformation. Srivatsan oversees a lean IT team that spans help desk, infrastructure, security, business intelligence, and ERP. His leadership blends pragmatic frugality with engineering rigor, turning lessons from a real cyber incident into award-winning programs in identity, automation, and document security.

 



Here’s a glimpse of what you’ll learn: 

 

  • How a small, focused IT team supports a multi-company construction enterprise
  • Why zero trust and identity hygiene became the foundation after a breach
  • How OHLA USA eliminated its corporate WAN and leaned into cloud and zero trust
  • A practical matrix for mapping projects to NIST functions and zero trust pillars
  • Just-in-time identity creation using Power Automate and a rules engine
  • Zero trust document management with Graph API and role-based folder access
  • How to align innovation with frugality and measurable operational outcomes
  • What executive teams learn during breach response and regulatory follow up



In this episode…

Srivatsan outlines OHLA USA’s scale and complexity, with seven operating companies, dozens of job sites, and both heavy civil and mid-rise vertical projects. He explains how a small IT team supports 30-plus business applications while building custom tools for process automation and reporting.

He then shares the turning point. After a breach during the 2021 COVID period, the company reframed security around identity, endpoint, and cloud controls. With help from Microsoft tooling, they adopted a zero trust mindset. Srivatsan connected the NIST framework to zero trust pillars and used that matrix to plan and prioritize projects across identify, protect, detect, respond, and recover.

Finally, he details two award-recognized programs. First, just-in-time identity creation that handles decentralized onboarding at job sites and joint ventures using Power Automate and a rules engine. Second, zero trust document management that creates standardized project folder structures via Graph API and maps granular permissions to roles, enforcing least privilege from day one through termination. The result is a playbook any resource-constrained IT team can adapt.

 

Resources mentioned in this episode:

Matthew Connor on LinkedIn
CyberLynx 
Srivatsan Raghavan on LinkedIn
OHLA USA Website

 

Sponsor for this episode...

This episode is brought to you by CyberLynx.com  

CyberL-Y-N-X.com.

CyberLynx is a complete technology solution provider to ensure your business has the most reliable and professional IT service.

The bottom line is we help protect you from cyber attacks, malware attacks, and the dreaded Dark Web.

Our professional support includes managed IT services, IT help desk services, cybersecurity services, data backup and recovery, and VoIP services. Our reputable and experienced team, quick response time, and hassle-free process ensures that clients are 100% satisfied. 

To learn more, visit cyberlynx.com, email us at help@cyberlynx.com, or give us a call at 202-996-6600.
View full post