About

I run 365 Signal — a risk-led Microsoft security, data governance, and AI assurance practice. I help MSSPs, financial services & regulated critical infrastructure environments turn Microsoft controls into something more useful than dashboards: clear ownership, measurable assurance, and control posture that stands up during change.

Focus

ControlOps, Purview, Entra ID, Defender, Sentinel, Copilot and AI governance.

What I deliver

Drift assurance, data risk reduction, AI control design, and defensible operating models.

Why it matters

Because controls that only look good on paper fail when tenants change, data spreads, and AI arrives.

The real problem is not tool coverage

It is control drift.

Microsoft estates do not stand still. Roles change. Tenants evolve. Data spreads across collaboration, endpoint, and AI surfaces. Policies get copied, inherited, weakened, or quietly ignored. Most organisations do not discover the gap when the control drift begins. They discover it during an audit, an incident, a migration, or a high-pressure executive review.

What I do

I design and improve Microsoft control posture across three connected planes: identity, data, and operational assurance.

That includes Entra and Defender foundations, Purview data protection and governance, Sentinel visibility, and the emerging risk around Copilot, agents, and AI access paths.

The aim is simple: reduce exposure, tighten control ownership, and produce evidence that can actually be defended.

How I work

  • Risk-led first: start with the controls that materially reduce risk, not a shopping list of features.

  • ControlOps mindset: treat security and governance as a living system that needs validation, ownership, and feedback loops.

  • Evidence over theatre: outputs should hold up under challenge from auditors, leadership, and delivery teams.

  • Built for change: controls must survive M&A, platform sprawl, AI adoption, and the usual policy entropy.

Typical outputs include posture reviews, drift registers, Purview control recommendations, AI governance guidance, architecture decision records, evidence packs, and practical operating roadmaps.

Where I add the most value

Good fit

  • Organisations using Microsoft 365 security and Purview but lacking clear assurance
  • Teams preparing for Copilot or AI adoption without a mature control model
  • Security leaders who need substance, not another glossy maturity deck

Not a fit

  • Feature tours dressed up as strategy
  • Tool recommendations with no ownership model behind them
  • Dashboards that look impressive but collapse under scrutiny

The outcome

Less drift. Clearer ownership. Better evidence. And a Microsoft security and data posture that stays coherent as the estate changes — because it always does.

Book a Risk Review