About
Mick Johnson
Founder, Butterfly Security.
Building the recovery layer for identity infrastructure — because Okta has no undo button.
The why
Twelve years at Okta on the identity-infrastructure side. Nine of them as customer-zero for Okta's own internal stack — running the same product the company sold, against the same edge cases its largest customers were hitting. Three on Tier 3 escalations for Fortune 500 regulated workloads under live audit, where every configuration change had a compliance officer attached to it.
The pattern across all twelve years was the same. Identity-infra incidents — accidental deletes, bad pushes, compromised admin tokens, automation gone sideways, a misclick on a policy — always ended the same way: rebuild from documentation. People on calls at 2am, copying values out of screenshots, trying to remember what the group rule said before someone overwrote it. That is an unacceptable failure mode for the system that gates every other system.
So I built Butterfly. Continuous backups of the tenant. Preview-first restore that diffs every change before anything touches production. Drift detection so the operator sees the bad push the moment it lands, not the next morning. Compliance evidence across six frameworks, with audit-pack PDFs the auditor actually accepts. The thing the platform should have had on day one.
What's shipped
- —Eight head-to-head /compare pages against every competitor in the Okta-DR category.
- —Listed in the Okta Integration Network as a vetted OIN API Service Integration.
- —mcp-butterfly — a Model Context Protocol server so Claude can drive recovery and audit operations on your Okta tenant.
- —Restore Readiness Score and Audit Pack PDF — the two artifacts CISOs and auditors actually ask for.
- —Free Chrome extension for Okta admins — snapshot, X-Ray, API explorer, health scoring.
- —iPhone companion for on-call incident response — coming soon.