IT teams are being asked to do more than ever. Device management, security, compliance, AI enablement, and often all of it with a team of one. The difference between keeping up and falling behind often comes down to how much of the routine work can run without you.
In this virtual event, Hayden Lawrence, IT ops, security, and ESG lead at Gorilla, sat down with Iru's Global Director of Solutions Engineering Maz Kahale to talk about what it actually looks like to build a tech stack that runs itself. Hayden has implemented Iru at four different organizations over the past six years, and, with Maz, shares the playbook he brings into every new environment.
One of the most counterintuitive things Hayden shared is that building a self-running tech stack doesn't start with IT. It starts with HR.
The HR team has all the information on an employee's department and start/end dates. When this information flows cleanly from the HRIS into an identity provider like Okta, the rest of the stack can respond automatically.
At Gorilla, the chain looks like this: a new hire enters the ATS, moves into the HRIS, gets provisioned in Okta, and Okta talks to Iru. From there, device configuration, app deployment, and access permissions all happen based on role and department mappings. A software engineer gets their apps, their Google Drive access, their Asana workspaces, and their calendar invites without anyone in IT lifting a finger.
The catch is that it requires a cultural alignment with the people team first. If HR isn't consistently updating start dates, departure dates, and role changes in the system, none of the downstream automation works reliably. Getting that process right is the prerequisite for everything else.
Gorilla is a global company with fully remote employees. Getting a laptop into someone's hands in a new territory, with import logistics handled, is a challenge on its own. Hayden works with an external partner called Fleet (a device shipping and logistics company) to manage that piece.
Once the device arrives, the employee opens the laptop, connects to Wi-Fi, and Iru takes over. A branded setup screen walks them through the process while apps install and configurations apply in the background. They bind their account with Okta, and by the time the install finishes, they see a customized end screen with links to everything they need, including a Notion-based onboarding guide the people team builds.
That guide covers what their first day looks like, what their first week looks like, and what meetings they have scheduled. Hayden calls it an experience rather than a process, and the distinction matters. When it works well, a new hire in any country can be fully productive on day one without IT ever touching the device.
Automation doesn't mean removing people from the equation entirely. Hayden is deliberate about keeping humans involved.
First-day interactions involve humans. Even though onboarding is fully automated and runs fine without them, Hayden looks to meet every new hire personally on their first day. He believes human connection matters, especially in a remote company.
Compliance is the other. Gorilla relies on SOC 2 and ISO certifications, and while Iru handles evidence collection and vulnerability tracking, Hayden prefers to do his own spot checks the first 15 to 20 minutes of each day doing spot checks and audits. The shift from exhaustive review to targeted spot-checking makes the model sustainable, while keeping a close eye on compliance auditing.
Iru handles device management, but it doesn't operate in isolation. Hayden has built integrations between Iru's API and n8n (an open-source automation platform) to connect vulnerability alerts and threat detections into Gorilla's Zendesk setup. When something gets flagged, it enters a queue where it can be triaged, tracked, and resolved with a clear audit trail.
That audit trail feeds directly into ISO and SOC 2 compliance. Instead of scrambling to gather evidence at audit time, the documentation is generated as a byproduct of the normal workflow. The system logs the detection, the response, and the resolution automatically.
Offboarding is either the standard departure where someone has a last day, or the immediate cutoff where access needs to be revoked immediately.
Either way, the first step is locking the device through Iru. The screen goes black with a lock code immediately, which buys time while accounts are being deactivated on the Okta and Google side. That sequencing matters because cached sessions can sometimes give a departing employee a few extra minutes of access if you start with the identity provider instead of the device.
Hayden is currently building toward a zero-touch offboarding flow where an HR-initiated departure in the HRIS triggers Okta deactivation, which then triggers the device lock in Iru automatically through n8n. They've had a few successful tests but are still working through the API integration with Iru's support team.
The whole point of building a self-running tech stack is to create time for the work that actually requires a human. For Hayden, that's AI enablement.
With device management, patching, onboarding, and compliance running largely on autopilot, they've been able to focus on building an internal AI training program at Gorilla. The challenge isn't just tooling. People across the organization are at very different comfort levels with AI, from skeptics to early adopters, and meeting them where they are takes real time and attention.
Gorilla is an ethically focused business helping energy companies reach net zero, so there's an additional layer of responsibility around how AI is adopted internally. That kind of program work simply wouldn't be possible if Hayden were still spending his days chasing Chrome updates and manually installing software on laptops.
Want to see how Iru can help you build a tech stack that runs itself? Request a demo.