Available for new opportunities

Hi, I'm Tom Clark

Senior Cloud Security & Platform Engineer

I secure and operate Microsoft cloud platforms at enterprise scale — across organisations from 2,500 to 15,000+ staff. I specialise in the Microsoft E5 security stack, Zero Trust architecture, Sentinel SIEM/SOAR, and compliance frameworks including PCI-DSS and ISO 27001. I also write about what I learn here on this blog.

View My Work Read the Blog Get in Touch

Microsoft E5 Microsoft Sentinel Defender for Cloud Defender for Identity Defender XDR Entra ID Zero Trust Conditional Access PIM Azure Infrastructure KQL PowerShell PCI-DSS ISO 27001 CIS Benchmarks IAM SIEM / SOAR Exchange Online Intune

// work

Featured Projects

View all →

⭐ Featured

Sentinel SIEM/SOAR Build-out

Designed and delivered Microsoft Sentinel from the ground up at a 2,500-staff organisation — connectors, custom analytics rules, automation playbooks, and logic apps. Integrated with Defender EASM and the full E5 Defender suite.

Microsoft Sentinel KQL Logic Apps Defender EASM SOAR

⭐ Featured

Azure Landing Zone Design & Compliance

Led the Microsoft Azure Landing Zone design and compliance assessment for NZ Police (15,000+ staff). Established governance, security baselines, and compliance against CIS Benchmarks — contributing to a 1.8-point score improvement.

Azure Landing Zone CIS Benchmarks GRC Compliance

View all projects →

// interactive

Security Posture Simulator

Compose a security architecture, run attack scenarios against it, and watch compliance alignment update live across eight frameworks. Here's a quick taster — open the full simulator to explore every mode.

Open the full simulator →

// side projects

Hobby Projects

Things I build for fun, learning, or to scratch my own itch.

WhatSite

Chrome/Edge browser extension that surfaces first-party cookies, third-party cookies, and outbound connections — with IP geolocation and live threat scores — for any site you visit.

Browser Extension Privacy JavaScript

GitHub Repo Privacy Policy

// writing

Latest from the Blog

All posts →

15 MAR 2026

Azure Zero Trust Identity

Zero Trust in Azure: A Practical Starting Point

Zero Trust isn't a product you buy — it's an architecture you build. Here's how I approach it in Microsoft Azure environments, from identity foundations to network segmentation.

8 min read →

28 FEB 2026

Defender for Cloud Azure CSPM

5 Microsoft Defender for Cloud Settings You Should Enable Today

Defender for Cloud ships with sensible defaults, but a handful of non-default settings make a dramatic difference to your security posture. Here are the ones I enable on every engagement.

6 min read →

All posts →

// field notes

Did You Know?

Gotchas, quirks, and undocumented behaviours I've run into in the wild.

Passkeys and FIDO authentication cannot be passed through AVD Session. Microsoft Authentication 13/05/2026
Microsoft Conditional Access Policies (CAP) 'Admin Portals' Application, if used to block non-admins, will stop legitimate non-admin services from users such as 'Training Materials' and Email 'Quarantine'. Microsoft IAM 13/05/2026
Exchange Online Mailboxes 'Recovery Items Folder' temporarily stores sync objects from classic Outlook client apps. If this folder gets full then it duplicates and glitches those email objects for all users interactions. Microsoft EXO Mailbox 13/05/2026
If a user in a Private Channel in a Team disappears or cannot access SP files, adding them back as owner fixes this issue. Microsoft Teams 13/05/2026
Token Protection (GA now…) does not support client Office applications (except Teams) or any embedded Co-Pilot, meaning it will trigger failure actions in CAP if turned on and in scope. Microsoft IAM 13/05/2026
Microsoft do not provide the admin user details in logs for M365 Group Licensing changes. Microsoft M365 Logging 13/05/2026

Looking for a Cloud Security Engineer?

I'm currently open to new senior roles in cloud security and platform engineering. Let's have a conversation.

Get in Touch View My Background