Cybersecurity & Microsoft Defender
I secure Microsoft 365, Azure, and hybrid environments end-to-end—identity first, Zero Trust by default, measurable improvements, and clear documentation your team can run with.
Defender for Endpoint (EDR)
- Onboarding (Win/Mac/iOS/Android/Servers) & sensor health
- Attack Surface Reduction (ASR) rules & device control
- Next-gen AV tuning, tamper protection, ransomware guards
- EDR in block mode, indicators (files/URLs/certs) & allow/deny
- Threat & Vulnerability Management (TVM) remediation plans
- Hunting queries (KQL), custom detections & live response
Defender for Office 365
- Safe Links / Safe Attachments, ZAP, anti-phish/impersonation
- Tenant allow/block lists, transport rules, DKIM/DMARC/SPF
- Automated Investigation & Response (AIR) playbooks
- Attack simulation training & targeted campaigns
- Phish reporting add-ins & user triage workflows
- Secure Score improvements & reporting cadences
Identity Security (Entra / Defender for Identity)
- Conditional Access, MFA enforcement & risk-based access
- Privileged Identity Management (PIM) & least-privilege RBAC
- Identity Protection (leaked creds, risky sign-ins, policies)
- On-prem AD sensors (lateral movement, DC sync, pass-the-hash)
- Passwordless/strong auth (FIDO2, Windows Hello for Business)
- Access reviews, entitlement mgmt & lifecycle governance
Defender for Cloud Apps (CASB)
- Shadow IT discovery & sanctioned app catalogs
- Session controls (download block, watermark, conditional)
- OAuth app governance & risky app revocation
- DLP policies across SaaS (Teams/SharePoint/OneDrive)
- Impossible travel/anomalous activity detections
- Policy tuning & alert triage runbooks
Microsoft Sentinel (SIEM/SOAR)
- Workspace design, data connectors & cost governance
- Analytic rules, UEBA, watchlists & data retention strategy
- Hunting queries, notebooks & scheduled detections
- Automation rules & Logic Apps for SOAR
- Dashboards, workbooks & executive reporting
- Incident queues, SLA triage & escalation workflows
Monitoring, IR & Threat Hunting
- 24×7 alerting design (rules, noise reduction, routing)
- Incident response: contain, eradicate, recover, lessons learned
- Forensics basics: timeline, volatile data, evidence handling
- Adversary emulation & purple-team style validation
- Tabletop exercises & playbook rehearsals
- Reports for audits, insurance & stakeholders
Platform Hardening
- Windows security baselines (CIS/Microsoft) & GPO/Intune
- Application control (WDAC/SRPs), LSASS protection & creds guard
- BitLocker/FileVault, disk encryption & key escrow (Key Vault)
- Browser security, SmartScreen, isolation & patch cadence
- Server/VM hardening, JIT/JEA, secure admin workstations
- Zero Trust segmentation & privileged access strategy
Network, Email & Web Security
- DNS filtering, web proxy policies & URL categories
- Firewall rules, micro-segmentation & VPN posture
- Email authentication (SPF/DKIM/DMARC) & TLS policies
- Data Loss Prevention (M365/Purview) & exfil controls
- Secure remote access (no exposed mgmt ports)
- Zero Trust access patterns across apps & APIs
Compliance & Data Protection
- Purview: sensitivity labels, auto-labeling & DLP
- eDiscovery (Std/Premium), audit, insider risk mgmt
- Records management & retention schedules
- POPIA/GDPR alignment & data residency considerations
- Backup/restore testing, RPO/RTO & recovery drills
- Access reviews & periodic recertification
User Enablement & Process
- Security awareness, phishing drills & micro-trainings
- Joiner-Mover-Leaver workflows & access lifecycle
- Runbooks, SOPs & admin handover documentation
- Change control, CAB cadence & configuration history
- KPIs: incident MTTR, Secure Score, posture dashboards
- Managed service options & scheduled health checks
Strengthen Your Security Posture
From hardening endpoints and identity to SIEM/SOAR automation and incident response, I’ll tailor a plan that fits your risk, size, and budget—and make it measurable.
Start a Security Assessment Optional: staged rollout with quick wins in week one.