Hello, everyone. I’m a Support Team Lead at IT Works, an MSP (Managed Service Provider) that helps various organisations with their IT needs.

In this blog post, I want to share with you my journey of becoming a Microsoft Certified: Cybersecurity Architect Expert and how I use Microsoft Sentinel to configure SIEM security operations for our customers.

Why I chose cybersecurity as my career interest

Cybersecurity has always been my passion. I love learning about the latest threats, vulnerabilities, and exploits that hackers use to compromise systems and networks. I also enjoy finding ways to prevent, detect, and respond to these attacks using various tools and techniques.

As a Support Team Lead, I’m responsible for overseeing the IT infrastructure and security of our customers. I want to provide them with the best protection possible against cyberattacks, which are becoming more frequent and sophisticated every day. That’s why I decided to pursue the Microsoft Certified: Cybersecurity Architect Expert certification, which validates my skills and knowledge in designing and implementing security solutions across different domains.

What I learned from the certification and the applied skills course

The Microsoft Certified: Cybersecurity Architect Expert certification covers four main areas: security best practices and priorities, security operations, identity and compliance, and security solutions for infrastructure, applications, and data. To prepare for the certification exam, I took several online courses and labs that taught me how to:

• Design security policies and governance frameworks that align with business objectives and compliance requirements.
• Design security operations capabilities such as threat intelligence, threat hunting, incident response, and forensics.
• Design identity and access management solutions that leverage Azure Active Directory, Multi-Factor Authentication, Conditional Access, and Privileged Identity Management.
• Design security solutions for infrastructure such as network security, endpoint security, cloud security, and hybrid security.
• Design security solutions for applications and data such as application security, data security, encryption, and key management.

One of the most useful and relevant courses I took was the Applied Skills: Configure SIEM Security Operations Using Microsoft Sentinel course.

This course taught me how to use Microsoft Sentinel, a cloud-native SIEM (Security Information and Event Management) solution that collects, analyses, and responds to security data from various sources.

Microsoft Sentinel helps me to:

• Create and configure a Microsoft Sentinel workspace that connects to different data sources such as Azure, Office 365, Windows, Linux, and third-party providers.
• Deploy a Microsoft Sentinel content hub solution that provides ready-made dashboards, workbooks, analytics rules, playbooks, and hunting queries for common security scenarios.
• Configure analytics rules in Microsoft Sentinel that detect suspicious activities and generate alerts and incidents.
• Configure automation in Microsoft Sentinel that triggers actions and workflows based on alerts and incidents, such as sending notifications, running scripts, or invoking Azure Logic apps.

How I use Microsoft Sentinel to protect our customers

With Microsoft Sentinel, I can provide our customers with a comprehensive and proactive security solution that helps them monitor, investigate, and respond to cyber threats. I can also customize and optimize Microsoft Sentinel to meet their specific needs and preferences.

For example, I can use Microsoft Sentinel to:

• Deploy Microsoft Defender and Microsoft Sentinel agents to our customers’ endpoints and servers, and configure them to send security data to Microsoft Sentinel.
• Enable Azure Defender and Azure Security Centre for our customers’ cloud resources, and configure them to send security data to Microsoft Sentinel.
• Integrate Microsoft Sentinel with other security tools and platforms that our customers use, such as firewalls, antivirus, VPN, and email security.
• Create custom dashboards and workbooks in Microsoft Sentinel that visualize and analyse the security data and metrics that are relevant to our customers.
• Create custom analytics rules and hunting queries in Microsoft Sentinel that detect and hunt for the specific threats and indicators that are relevant to our customers.
• Create custom playbooks and logic apps in Microsoft Sentinel that automate and orchestrate the appropriate responses and remediations for the incidents that affect our customers.

By using Microsoft Sentinel, I can ensure that we have the required visibility and control over the security posture and operations of our customers. I can also provide them with the absolute best defence against attacks from the bad guys, including exploits, viruses, vulnerabilities, etc.

How IT Works supported me through my learning journey

I’m very grateful to IT Works for supporting me through my learning journey and helping me achieve my career goals. IT Works has provided me with the resources, guidance, and encouragement that I needed to succeed.

IT Works has also benefited from my learning journey, as I have been able to apply my new skills and knowledge to improve our service quality and customer satisfaction. IT Works strives to be proactive rather than reactive when it comes to protecting our customers, and Microsoft Defender and Microsoft Sentinel helps us achieve that.

Conclusion

I hope you enjoyed reading this blog post and learned something new from it. I’m very proud of becoming a Microsoft Certified: Cybersecurity Architect Expert and using Microsoft Sentinel to configure SIEM security operations for our customers. I’m also very happy to work at IT Works, a MSP that values and supports its employees.

If you have any questions or comments, please feel free to leave them below or Contact Us. I’d love to hear from you. 

Thank you for reading. 😊