Case studies

Real projects I've worked on. These show what I actually do - not just what I say I can do.

Note: Everything is anonymized. No client names or proprietary info.

Financial Services Organization: Azure Security Transformation with AVD

Industry: Financial Services Duration: Multi-year engagement Region: Asia-Pacific

Challenge

Financial services organization required comprehensive Azure security architecture compliant with industry compliance standards (CIS, ISO 27001) for highly sensitive data. Critical requirements included Privileged Access Workstations (PAWs) for external vendors and internal IT teams, advanced threat protection across hybrid infrastructure, and Zero Trust implementation with granular access controls.

Key challenges included:

  • Deploying hardened Privileged Access Workstations using Azure Virtual Desktop for secure vendor access
  • Implementing Zero Trust technical controls (Conditional Access, PIM, NSGs, Azure Firewall) for critical systems
  • Establishing continuous threat detection and response across hybrid workloads
  • Governing enterprise-wide vulnerability management program
  • Ensuring compliance with industry regulatory standards (CIS, ISO 27001)

Solution Implemented

  • Deployed Azure Virtual Desktop (AVD) Privileged Access Workstations with FSLogix, MFA, and Conditional Access
  • Implemented Zero Trust controls: Conditional Access policies, PIM with approval workflows, and Azure Firewall for critical infrastructure
  • Established threat detection with Microsoft Defender Suite, Sentinel, and Intune across hybrid environment
  • Governed vulnerability management program using Tenable/Nessus and Defender for Cloud
  • Automated infrastructure deployment with Bicep templates and Azure DevOps pipelines

Technologies Used

Azure Virtual Desktop (AVD) FSLogix Privileged Access Workstations Microsoft Sentinel Microsoft Defender Suite Microsoft Intune Microsoft Entra ID Azure Firewall Bicep Azure Policy Conditional Access Privileged Identity Management Azure DevOps PowerShell Tenable/Nessus ISO 27001 CIS Benchmarks

Outcome

Comprehensive security transformation enabling secure Azure adoption for sensitive operations. Deployed production-grade AVD environment providing secure, compliant access for external vendors and privileged administrators. Implemented Zero Trust controls with granular least-privilege access through Conditional Access, PIM, and RBAC. Established unified threat detection and response across hybrid infrastructure, maintained continuous compliance with industry standards (CIS, ISO 27001), and automated security operations reducing manual effort by 60%.

Healthcare Provider: Zero Trust Implementation

Industry: Healthcare Duration: 5 months Region: Australia

Challenge

Large healthcare provider managing patient data across multiple facilities needed to implement Zero Trust security architecture while supporting remote clinical staff and maintaining HIPAA-equivalent compliance. Legacy VPN-based access was creating security gaps and operational friction.

Key challenges included:

  • Securing access to patient data for remote healthcare workers
  • Implementing identity-centric security replacing perimeter-based VPN
  • Ensuring compliance with healthcare data protection regulations
  • Managing diverse device types (clinical workstations, mobile devices, BYOD)

Solution Implemented

  • Designed comprehensive Zero Trust architecture with Microsoft Entra ID and risk-based Conditional Access
  • Deployed Intune for device compliance and Defender for Endpoint for threat protection
  • Configured PIM for just-in-time administrative access to patient systems
  • Implemented Azure AD Application Proxy for secure access to on-premises applications
  • Established continuous verification policies based on user risk, device compliance, and location

Technologies Used

Microsoft Entra ID Conditional Access Microsoft Intune Privileged Identity Management Microsoft Defender for Endpoint Azure AD Application Proxy Identity Protection Multi-Factor Authentication Azure Information Protection

Outcome

Successful Zero Trust implementation enabling secure remote access for clinical staff while eliminating VPN infrastructure. Healthcare provider achieved improved security posture with identity-centric controls, better user experience for remote workers, and maintained compliance with healthcare data protection requirements.

SaaS Technology Company: Microsoft Sentinel SIEM Deployment

Industry: Technology (SaaS) Duration: 3 months Region: United States

Challenge

Rapidly growing SaaS company (1,200+ employees) needed to establish security operations center (SOC) capabilities to meet enterprise customer security requirements and SOC 2 compliance. No existing SIEM infrastructure, and security team lacked centralized visibility across Azure, Microsoft 365, and SaaS applications.

Key challenges included:

  • Establishing SOC capabilities from zero baseline
  • Unified security visibility across multi-cloud and SaaS environment
  • Detecting and responding to threats in real-time
  • Meeting SOC 2 audit requirements for security monitoring
  • Cost-effective solution for growing startup

Solution Implemented

  • Deployed Microsoft Sentinel with 30+ data connectors for Azure, Microsoft 365, AWS, and SaaS apps
  • Developed 50+ custom KQL detection rules tailored to SaaS threat landscape
  • Built SOAR playbooks using Azure Logic Apps for automated incident response
  • Integrated Microsoft Defender suite for unified XDR capabilities
  • Trained security team on Sentinel operations, KQL, and threat hunting

Technologies Used

Microsoft Sentinel KQL Azure Logic Apps Microsoft Defender for Cloud Microsoft Defender for Endpoint Microsoft Defender for Office 365 Azure Monitor Log Analytics Threat Intelligence Platforms

Outcome

Established fully operational SOC with comprehensive threat detection and automated response capabilities. Security team gained centralized visibility across entire infrastructure, reduced mean time to detect (MTTD) and respond (MTTR) to security incidents, and successfully passed SOC 2 audit with Sentinel as core security monitoring platform.

Large Enterprise: Enterprise PKI & Security Automation

Industry: Technology / Infrastructure Duration: Multi-year engagement Region: Asia-Pacific

Challenge

Large enterprise organization required enterprise-grade Public Key Infrastructure (PKI) compliant with industry security standards for secure communications across diverse Microsoft infrastructure. Organization needed centralized certificate management, automated system hardening across thousands of Windows servers, and highly available System Center infrastructure (SCCM, SCOM) for patch management and monitoring at scale.

Key challenges included:

  • Designing and deploying centralized, tiered PKI compliant with industry security requirements
  • Automating certificate lifecycle management integrated with System Center
  • Developing and enforcing system hardening standards across diverse Windows environments
  • Building highly available Microsoft SCCM and SCOM solutions with automation focus
  • Implementing enhanced security for Active Directory, PKI, and System Center
  • Introducing automated patch management for rapid security update deployment

Solution Implemented

  • Deployed centralized, tiered PKI infrastructure integrated with System Center for automated certificate lifecycle management
  • Developed and automated system hardening standards across Windows environments enforced via SCCM/GPO
  • Established continuous auditing with Nessus/SCCM to validate security baselines and identify drift
  • Built highly available SCCM and SCOM solutions with automated patch management
  • Optimized SCOM monitoring reducing incident noise by 70% through Management Pack tuning

Technologies Used

Enterprise PKI Microsoft System Center SCCM Configuration Manager SCOM Monitoring Active Directory Group Policy (GPO) PowerShell Nessus CIS Benchmarks ISO 27001 Security Baselines TLS 1.2 Certificate Lifecycle Management Patch Management System Hardening

Outcome

Established enterprise-grade PKI infrastructure providing automated certificate management for thousands of systems with industry compliance requirements. Implemented comprehensive system hardening program across entire Windows server estate, enforced through automation and validated with continuous auditing. Built highly available System Center infrastructure enabling rapid security patching and operational monitoring at scale. Optimized SCOM monitoring reducing incident noise by 70% while improving detection accuracy. Enabled organization to maintain secure communications and compliance posture while supporting massive infrastructure growth.

Need help?

Let's talk about what you need.

Book a call