Gavs List.

Some time ago I came across an absolutely beautiful resource full of different types of diagrams that could be used to convey messages - think venn diagrams and that kind of thing. I liked it, or shared it, saved in LinkedIn saved items or Twitter bookmarks. It could have been buried in favourites under my professional or personal Edge profiles, sent to Instapaper… Who knows. I can’t find it. It’s gone. Vanished into the digital ether. So I’m going to give this a go, a static page with a very straightforward set of links for stuff on the internet - blog posts, books, videos, tools and exams. I’m going to try out pasting things right into here as a centralised reading list. We’ll see how it goes!



Security Compass – “" Cyber Security Reference Architecture – “" CSRA Videos - Cloud Adoption Framework - “"

Azure AD

Secure access practices in Azure AD - “"

My Stuff

Cutting down the red forest (Stealthbits) Maersk, me & notPetya – “" Protect identity from modern threat vectors (risual) Multi-Factor Authentication 2020 (risual)

Actual Books

Tools and Weapons: The Promise and the Peril of the Digital Age (Brad Smith) Alice and Bob Learn Application Security (Tanya Janca) Tribe of Hackers Blue Team: Tribal Knowledge from the Best in Defensive Cybersecurity (Marcus J. Carey) Functional Art, The: An introduction to information graphics and visualization (Alberto Cairo) Cloud Native Transformation (Pini Reznik, Jamie Dobson, Michelle Gienow) The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win (Gene Kim) The Unicorn Project: A Novel about Developers, Digital Disruption, and Thriving in the Age of Data (Gene Kim) 97 Things Every Information Security Professional Should Know 97 Things Every Information Security Professional Should Know (Christina Morillo) Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers (Andy Greenberg) Thinking, Fast and Slow (Daniel Kahneman) Make It Stick: The Science of Successful Learning (Peter C. Brown) The Subtle Art of Not Giving a F*ck (Mark Manson)


πŸ“ƒ Does Your Organization Have a Security.txt File? – Krebs on Security 🎬 CrikeyCon 2021 - Jess Dodson - Back to Basics, Why can’t we get this stuff right?


πŸ“ƒ Join Our Security Community - Microsoft Tech Community


Security Architecture Microsoft cloud for IT architects illustrations Common attacks and Microsoft capabilities that protect your organization Cloud Adoption Framework - “" Cloud Adoption Framework videos - “" For the devs Microsoft Threat Modeling Tool overview - Azure | Microsoft Docs πŸ“ƒ Story points: Velocity has been weaponized against agility and adaptability.

As Code

🎬 On Prem To the Cloud: Everything As Code

Azure Active Directory

🎬 425 Show: Microsoft Identity IT Pro version 🎬 Microsoft Mechanics: Go passwordless with FIDO2 keys and TAP 🎬 Stuart Kwan - Authentication fundamentals πŸ“ƒ AAD-Auth-N-Z: Azure Service Authentication and Authorization table (Joosua Santasalo)

Azure AD Conditional Access

πŸ“ƒ Alex Filipin - Conditional Access as Code πŸ“ƒ Thomas Naunheim - AADOps: Operationalization of Azure AD Conditional Access πŸ“ƒ Claus Jespersen - Conditional Access Guidance πŸ“ƒ Daniel Chronlund - Azure AD Conditional Access Policy Design Baseline with Automatic Deployment Support

Azure AD Privileged Identity Management

πŸ“ƒ PS Enable multiple roles at once

Azure AD External Identities, B2B, B2C

🎬 John Savill: What are Azure AD External Identities?

Azure AD SSO to On-premises resources

πŸ“ƒ The case for Azure AD Join (Ru Campbell) πŸ“ƒ Azure AD and Windows Hello: SSO to on-premise resources – Katy’s Tech Blog ( πŸ“ƒ Azure AD Join Single Sign-on: follow the key – Azure AD Stuff (


πŸ“ƒ Penetration testing


πŸ“ƒ A zero-trust future: Why cybersecurity should be prioritized for the hybrid working world 🎬 Must-see! Daniel Stefaniak: “Special Guest Mark Simos - cutting through zero trust BS” ( 🎬 Zero-Trust 1: Implementation 🎬 Zero-Trust 2: Identity 🎬 Zero-Trust 3: Endpoints and Applications 🎬 Zero-Trust 4: Network & Infrastructure 🎬 Zero-Trust 5: Data πŸ“ƒ Microsoft Digital approach to Zero-Trust networking

Azure Stack

πŸ“ƒ Azure Stack remove network restrictions

Azure Sentinel

🎬 Azure Sentinel Lab Series | EP4 | 100 ways to get data into Azure Sentinel Azure Sentinel Fusion detection for ransomware πŸ“˜ Microsoft Azure Sentinel: Planning and implementing Microsoft’s cloud-native SIEM solution πŸ“ƒ Detect intruders using a honeypot/honeytoken monitored by Azure Sentinel πŸ“ƒ #365daysofKQL: reprise99/Sentinel-Queries: Collection of KQL queries πŸ“ƒ How Microsoft moved to Sentinel: “"

Azure Security Center

πŸ“˜ Microsoft Azure Security Center πŸ“ƒ Automating remediations from ASC


🧰 ./Microsoft Portals πŸ“ƒ Dr Nestori Syynimaa: AASD & M365 kill chain πŸ“ƒ InfosecMatter: Top 20 Microsoft Azure Vulnerabilities and Misconfigurations


πŸ“ƒ Purview: “" 🎬 Learn how MIP works with Azure Purview at the Azure Data Governance digital event on September 28 - Microsoft Tech Community

Plain, vanilla Active Directory

πŸ“ƒ Dan Cards post-compromise AD checklist


πŸ“ƒ Getting security and IR plumbed into your SDLC process Jess Dodson podcast

Learn it all

My all-round Microsoft security guru learn list: Learn Collection Microsoft certs poster “""” “"""" - Azure Security Podcast (Michael Howard, Gladys Rodriguez, Mark Simos, Sarah Young) “"

πŸ† Exam AZ-500: Microsoft Azure Security Technologies πŸ“˜ Exam Reference AZ-500 Microsoft Azure Security Technologies πŸ“˜ Microsoft Azure Security Infrastructure πŸ“˜ Microsoft Azure Architect Technologies and Design Complete Study Guide: Exams AZ–303 and AZ–304

Become a real-life ninja

MCAS “" Defender for Endpoint “" Defender for Identity “" Defender for M365 “" Defender for Office 365 “" Azure Sentinel “" Azure Security Center “" Azure Network Security Ninja “" Azure Defender for IoT “" Microsoft 365 Advanced eDiscovery ninja (awaiting

Maersk & notPetya

Brad Smith @ RSA Conference Davos 2017 CEO Report Former CISO Andy Jones account of the event CISO Andy Powell lessons learned from the attack

Digital Transformation

πŸ“ƒ 4 ways to build empathy into your processes πŸ“˜ The Phoenix Project

Stakeholder management

πŸ“ƒ IDSA: Identity and Access Management, The Stakeholder Perspective


🧰 BadBlood - fill AD with objects (David Prowe): “" 🧰 Mermaid JS - process mapper πŸ“ƒ Mermaid docs 🧰 🧰 Visio Stencil for Azure icons (David Summers)

Architecture, leadership and influence

πŸ“ƒ Cross Solution Network Architectures (Nehali Neogi) πŸ“ƒ Awesome List of resources on leading people and being a manager πŸ“˜ Robert Cialdini: Influence, New and Expanded: The Psychology of Persuasion πŸ“˜ Christopher Hadnagy: Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You πŸ“ƒ Cognitive BIAS πŸ“ƒ How to Create an Effective Technical Architectural Diagram πŸ“ƒ Recommendations for Adopting a Cloud-Native Key Management Service (Cloud Security Alliance)

Mental health and wellbeing

πŸ“ƒ How To Recover From A Bad Day In 5 Minutes

The Feeds (Where I get my stuffs)

Mark Grimes Identity Top 10: “"


The Record by Recorded Future

Anything else

The multibillion dollar market for your phones location data.