From the Blog
Insights on cloud security, identity protection, and building a security-aware culture.
Legacy authentication, over-privileged service principals and stale guest accounts are the quiet entry points. Here is how to close them before they are used.
A click rate is a vanity metric if nothing changes after it. Designing simulations around the moment of learning, not the moment of failure.
Enrollment coverage hides gaps: weak methods, bypass policies and unprotected break-glass accounts. What to check after the rollout.
One number from identity posture and human behavior. What moves it, what does not, and how to brief a board with it.
Most identity controls auditors ask about are already observable in your tenant. Turning evidence collection into a byproduct of monitoring.
Every unused external identity is an account someone else still controls. A practical lifecycle for guests that does not block collaboration.
