Cybersecurity, learned like a practitioner .

Microsoft Defender Suite

“Microsoft Defender” is a brand covering many products. Knowing which is which saves money and improves coverage. The portfolio Defender for Endpoint — EDR; replaces traditional AV Defender for Identity — on-prem AD detection (formerly ATA) Defender for Cloud Apps — CASB Defender for Office 365 — email/collab security Defender for Cloud — multi-cloud CSPM […]

Google Cloud Platform Advanced Free

Binary Authorization

Binary Authorization = admission controller for GKE/Cloud Run. Only deploy images that pass policy. How it works Build pipeline produces image + attestation (using Cloud KMS-signed key) Binary Auth policy specifies required attestations Deploy attempt: image checked against policy Match → allow; no match → deny Common policies “Image must be from this Artifact Registry” […]

Azure Network Security

Azure has multiple network security products with overlapping but distinct purposes. The layers NSG — Layer 4 ACLs at NIC or subnet level ASG — Application Security Group; tag-based grouping for NSG rules Azure Firewall — managed L4/L7 firewall; full-feature Application Gateway + WAF — L7 load balancer + OWASP CRS WAF Front Door + […]

Google Cloud Platform Intermediate Free

Cloud DLP

Cloud DLP API: detect and transform sensitive data at scale. Built-in detectors Aadhaar number, PAN, Indian phone, credit card, email, US SSN, names, addresses — 100+ infoTypes. Use cases Scan BigQuery datasets for PII; report findings Tokenise PII before storing (FPE — format-preserving encryption) Mask in real-time during data export De-identify production data for dev […]

Azure Storage Security

Azure Blob Storage is the Azure equivalent of S3. Same misconfigurations, slightly different tooling. Common findings Public-access containers SAS tokens with overly broad permissions / long expiry Account keys instead of Azure AD auth No encryption at rest with customer-managed keys No firewall restricting source IP The hardening Disable public access at storage account level […]

Google Cloud Platform Intermediate Free

Security Command Center

SCC = GCP’s security findings hub. Like Defender for Cloud (Azure) or Security Hub (AWS). Tiers Standard — free; CIS benchmark scanning, basic IAM recommender Premium — Container Threat Detection, Event Threat Detection, Web Security Scanner, Compliance modules What it surfaces Misconfigurations (open buckets, weak IAM) Vulnerabilities in workloads Threat indicators (anomalous IAM grant, suspicious […]

Entra ID Conditional Access

Conditional Access = Entra ID’s policy engine. The single highest-leverage security control in any Microsoft-shop enterprise. The if-then structure If [signals] then [decision]. Signals User / group Cloud app Device platform Location Sign-in risk (Identity Protection) User risk Device compliance Authentication strength Decisions Block Require MFA Require compliant device Require Hybrid AAD-joined device Require approved […]

Microsoft Azure & M365 Advanced Free

Sentinel Deployment

Sentinel = Microsoft’s SIEM. Cloud-native, KQL-based, integrates with Defender suite. Architecture Log Analytics Workspace = data store Sentinel = analytics layer on top Connectors = data ingestion Workbooks = dashboards Analytics Rules = detections Playbooks = SOAR automation (Logic Apps) Top connectors Entra ID Microsoft 365 Defender XDR Azure Activity Azure AD audit logs Office […]

Google Cloud Platform Advanced Free

Confidential Computing

Confidential Computing = data encrypted in use, not just at rest and in transit. Hardware-based memory encryption. GCP options Confidential VMs — based on AMD SEV-SNP or Intel TDX Confidential GKE Nodes — same hardware for K8s workloads Confidential Spaces — for multi-party computation Use cases Process sensitive data without exposing to cloud admin Multi-party […]

Azure Key Vault

Azure Key Vault stores keys, secrets, certificates. Managed Identity integration is the win. What goes in Key Vault Keys (cryptographic; can be HSM-backed in Premium tier) Secrets (passwords, connection strings, API keys) Certificates (managed lifecycle) Access models Vault Access Policy — legacy; granular per-vault RBAC — modern; consistent with rest of Azure RBAC is recommended […]