Available for new opportunities

Hi, I'm Tom Clark

Senior Cloud Security & Platform Engineer

I design and build secure, scalable cloud platforms — primarily in Microsoft Azure. I specialise in Zero Trust architecture, Microsoft Defender, Sentinel, and landing zone security. I also write about what I learn here on this blog.

View My Work Read the Blog Get in Touch

Microsoft Azure Cloud Security Zero Trust Entra ID Microsoft Defender Microsoft Sentinel DevSecOps Terraform Azure DevOps PowerShell Azure Networking CSPM IAM KQL

// work

Featured Projects

View all →

⭐ Featured

Azure Landing Zone Security Baseline

A Terraform-based Azure Landing Zone with opinionated security defaults: Defender for Cloud, Sentinel, Private Endpoints, and Entra ID governance policies baked in from day one.

Terraform Azure Defender for Cloud Sentinel

View Code

⭐ Featured

Zero Trust Policy Framework

Conditional Access policy templates for Entra ID covering Privileged Identity Management, device compliance, and location-based access — designed to be used as a starting point for enterprise deployments.

Entra ID Conditional Access PIM Zero Trust

View Code

View all projects →

// writing

Latest from the Blog

All posts →

Azure Zero Trust Identity

Zero Trust in Azure: A Practical Starting Point

Zero Trust isn't a product you buy — it's an architecture you build. Here's how I approach it in Microsoft Azure environments, from identity foundations to network segmentation.

15 Mar 2026

8 min read →

Defender for Cloud Azure CSPM

5 Microsoft Defender for Cloud Settings You Should Enable Today

Defender for Cloud ships with sensible defaults, but a handful of non-default settings make a dramatic difference to your security posture. Here are the ones I enable on every engagement.

28 Feb 2026

6 min read →

All posts →

Looking for a Cloud Security Engineer?

I'm currently open to new senior roles in cloud security and platform engineering. Let's have a conversation.

Get in Touch View My Background