You work hard, you take your opportunities, you make your own luck. As I write this, tomorrow (Monday 17th May, 2021), I start working for Microsoft as a Cloud Security Architect within the Customer Success & Security team.
For twenty years I have made a living out of operating, building, designing and managing Microsoft identity platforms. Including the likes of Active Directory, Azure AD, MIM, ADFS, and Certificate Services. My belief that identity is core to everything we do has been vindicated. Over this career I’ve seen first-hand, time and again, how critical it is to get your identity story right in order to succeed in whatever the project might be. It could be digital transformation, or cloud transformation, migrations, mergers and acquisitions, collaboration and so on. It’s consistently proved essential to get the identity story right, in order to make systems usable, operable, and secure.
And on that last point, I was always the guy evangelising and pushing for the principle of least privilege. To avoid having the sky fall, I have always considered security to be crucial, not optional. Modern ransomware has proved this mentality to be correct. I was there at ground zero when notPetya did its work. And here we are today, identity is officially the new control plane. Yet organisations around the world are experiencing that sky falling moment at a frequency I never imagined. The messages I, and those like me, repeat every single day are more important than ever.
We have so much guidance, standards and best practices now, both from Microsoft in content like Security Best Practices, Enterprise Admin Model, and Passwordless Strategy, as well as industry standards and frameworks from the likes of ISC2 and NIST in the US, and the NCSC here in the UK. The weight of content delivered through all these bodies can feel insurmountable, but ultimately it does all come together. Wrapping up the best of what we have learned over time, with amazing new capabilities and tools. We can enable people and systems to work safely, even in completely remote circumstances, with an approach to security rooted in identity that allows all of this to happen seamlessly.
IT as an Invisibility Trick… ITaaIT?
Of course, people take ‘seamless’ for granted. And why shouldn’t they? The consumerisation of IT means that people simply ‘expect IT to work’. That is, to be productive wherever they happen to be, on whatever device they happen to be using. For the average person, their focus is not on the IT, it’s on whatever it is they are trying to achieve. With systems like Azure AD, MFA, Conditional Access, MCAS, Sentinel and M365 at our disposal, we have the tools to make the experience simple for the information worker, whilst providing stronger controls than we’ve ever had access to. These controls are vital, since bad actors are better organised and operate with a greater level of professionalism than ever. Using more advanced, even commercial, tools and techniques. Every week it seems we find another compromise bigger than the last. The fight is real.
Of course, none of this is easy, and that’s why we have a skills shortage. Remember it is people, process and technology. But I am thrilled, proud, and over the moon to have this opportunity with Microsoft; To go out there and use my experience, with Microsoft behind me, to help folks succeed and thrive. Using technology I have built a career on and fundamentally believe in.
Onwards and upwards
As I head into Microsoft there is so much for me to learn, but more than anything, I’m just really, really excited. Thank you to all my past managers, leaders, colleagues and customers who raised me up to this. Here’s to the next chapter!