Senior Cloud Security & Platform Engineer
I secure and operate Microsoft cloud platforms at enterprise scale — across organisations from 2,500 to 15,000+ staff. I specialise in the Microsoft E5 security stack, Zero Trust architecture, Sentinel SIEM/SOAR, and compliance frameworks including PCI-DSS and ISO 27001. I also write about what I learn here on this blog.
// work
Designed and delivered Microsoft Sentinel from the ground up at a 2,500-staff organisation — connectors, custom analytics rules, automation playbooks, and logic apps. Integrated with Defender EASM and the full E5 Defender suite.
Led the Microsoft Azure Landing Zone design and compliance assessment for NZ Police (15,000+ staff). Established governance, security baselines, and compliance against CIS Benchmarks — contributing to a 1.8-point score improvement.
// writing
Zero Trust isn't a product you buy — it's an architecture you build. Here's how I approach it in Microsoft Azure environments, from identity foundations to network segmentation.
Defender for Cloud ships with sensible defaults, but a handful of non-default settings make a dramatic difference to your security posture. Here are the ones I enable on every engagement.
I'm currently open to new senior roles in cloud security and platform engineering. Let's have a conversation.