Cybersecurity Engineer
A decade of practical security engineering behind the Microsoft 365 consultancy: vulnerability management, identity hardening, zero-trust policy design and incident response.
Background
My Head of IT background includes hardening a Microsoft 365 estate end-to-end: Intune device compliance lifted from 72% to 96%, Defender for Endpoint rolled out across the fleet, Conditional Access and MFA reshaped to remove legacy auth, and break-glass exceptions tightened to a documented standard.
Led first-time Cyber Essentials Plus certification from inside the business and aligned the wider control set with ISO 27001 expectations, including evidence preservation, change-control and access-review cadences.
Areas of capability
- Vulnerability management and remediation prioritisation.
- Endpoint security with Intune and Microsoft Defender for Endpoint.
- Identity and access management with Entra ID, MFA and Conditional Access.
- Zero-trust policy design and enforcement.
- Firewall and IDS/IPS configuration on 1 Gb–10 Gb networks.
- Encryption, key management and certificate-based authentication.
How this shapes the consultancy work
The consultancy work applies the same engineering discipline to client tenants: tighten the controls that carry risk, save the review evidence and leave internal IT or the incumbent supplier with an operating model they can repeat.