I’ve spent 20+ years in IT and security — starting out in the deep end supporting Windows NT servers, and eventually moving into management, and then into consulting across government, critical infrastructure, financial services, and everything in between.

This blog exists because I kept solving the same problems across different clients and figured the solutions were worth writing down.

What I work on

Most of my work sits at the intersection of Microsoft’s security stack and the messy reality of how organisations actually operate. That means a lot of Microsoft Sentinel; building connectors, tuning detection logic, and automating the tedious parts. It also means identity security, cloud architecture reviews, and the kind of email security work that most people only care about after something goes wrong.

I write custom tools when commercial products fall short. The Sentinel MCP server is an older example - an open-source project that lets AI assistants interact directly with a Sentinel workspace. I’ve also recently launched sentinelchangelog.net where you can keep abreast of the changes in the Azure-Sentinel GitHub repo.

Sectors I’ve worked across include healthcare, national critical infrastructure, transport, financial services, legal, government, and education. I don’t name clients, but the variety has been useful, you see quickly what’s genuinely hard versus what just gets treated that way.

How I think about security

I’m sceptical of security theatre. A lot of what gets implemented looks impressive in a board deck and doesn’t do much in practice. My preference is to get the fundamentals working properly before reaching for the next tool, which usually means getting more out of what’s already deployed.

I also think the IT/security team divide causes more problems than most organisations realise. A lot of security failures are really coordination failures. Getting those teams to actually work together is underrated.

Frameworks and standards

I’ve done full ASD Essential Eight implementations, ISO 27001 work, NIST-aligned assessments, and Markets in Crypto-Assets Regulation (MiCA)-focused config reviews. I find frameworks useful as a shared language and a checklist, less useful as a goal in themselves.

About this blog

Mostly write-ups of problems I’ve solved, tools I’ve built, things I’ve researched and want to refer to later, or things I wish someone had documented better. Occasionally something more opinionated.

All views are my own.