Hire the Best Information Security Analysts

I’m Muhammad Ahmad Bilal, a CISSP-certified Security Architect and Information Security Manager who works at the intersection of security engineering, threat detection, and AI. For the past 9+ years I’ve been designing and running security programs at government scale, protecting critical national applications, large user bases, and high-value data across the public sector. I specialise in turning noisy, complex environments into predictable, defensible systems. That’s included building ML-driven APT detection using TensorFlow and PyTorch, modernising SIEM/SOAR stacks to cut detection and response times by around 40%, and embedding security into the SDLC so vulnerabilities are caught before they ever reach production. I’ve led Zero Trust initiatives, redesigned IAM around least privilege, and driven end-to-end implementations of governance, risk, and compliance programmes aligned with standards like ISO 27001, NIST, PCI, GDPR, and HIPAA. I’m also an educator by choice. As a Lecturer at NUST, I’ve taught Computer and Network Security, Cryptography, Operating Systems, and Data Structures, and supervised 20+ research projects in cybersecurity and machine learning. My academic work includes publications on: - Deep learning–based intrusion detection for IoT - Protocol-aware IDS using datasets such as UNSW-NB15 and Bot-IoT - Federated learning with explainable AI for malicious traffic detection and cellular traffic prediction What I do best: - Design security architectures for large, heterogeneous environments that can actually be operated and maintained by real teams. - Build and tune detection & response: SIEM, EDR, and SOAR use cases, threat hunting workflows, and playbooks that reduce noise while catching what matters. - Integrate security into delivery through secure SDLC practices, code review guidelines, and automation that supports developers instead of blocking them. - Make compliance meaningful, mapping real technical and process controls to standards and regulations so they translate into measurable risk reduction. - Develop people and teams, mentoring analysts and engineers so security becomes an organisational capability, not a one-team bottleneck. In simple terms, my work is about building security systems—technical, procedural, and human—that don’t fall apart the moment something real happens.

🗽 U.S. and 🍁 Canada -only clients ☑️ Upwork Expert-Vetted 🌟 | 100% Job Success ✅ | 10,000+ hours 💻 on 200+ projects Hi there! 👋 I’m an Upwork veteran with over 10,000 hours delivered, 200+ successful projects, and $1M+ earned helping U.S. companies secure and scale their cloud and hybrid environments. ☁️ I specialize in Azure, Microsoft 365, and security-focused systems — delivering: • Secure infrastructure using Zero Trust, IaC (Terraform/Bicep), and DevSecOps pipelines • Incident response, forensics, and breach containment across regulated industries • Compliance-ready solutions aligned to SOC 2, HIPAA, ISO 27001, and NIST 800-53 As a certified consultant, I work directly with technical teams to deliver secure cloud transformation, implement controls, and respond to threats — fast. I also collaborate with Microsoft’s internal dev teams, giving me early-access insights and practical fixes 3–4 release cycles ahead of public rollout. Why Choose Me? ✅ $1M+ in security projects delivered across healthcare, fintech, crypto, and gov sectors 🔐 Architected Azure landing zones, GitOps pipelines, and zero trust cloud environments 🚨 Led incident response and forensic investigations for Fortune 500 and defense clients 📊 Built compliance workflows and policy-as-code enforcement for audit success 🪙 Secured crypto CI/CD pipelines and smart contract environments with GitHub, Checkov, GHAS 🧠 Career Highlights: ▪ Delivered security modernization and audit readiness for global government contractors and Fortune 500 companies ▪ Led compliance remediation and data protection initiatives across healthcare, fintech, and public sector clients ▪ Migrated global users to Microsoft 365 with security-first design — Exchange, Purview, Intune, Defender ▪ Built hybrid identity strategies (Entra ID, ADFS, GoDaddy 365, Azure AD B2C, custom policy support) ▪ Managed VMware-to-Azure hardening with conditional access, audit enforcement, and security baselines 🔧 Solutions I Deliver: • Azure Infra Security: Terraform, Bicep, Azure Policy, RBAC, Defender for Cloud • DevSecOps: GitHub Actions, tfsec, Checkov, Trivy, GHAS, pipeline reviews • Microsoft 365 Hardening: Defender, Purview, Compliance Center, Intune, Exchange • Compliance & Audits: SOC 2, ISO 27001, HIPAA, GDPR, NIST, CIS Benchmarks • Incident Response & Forensics: Malware analysis, reverse engineering, breach recovery • Crypto Security: CI/CD for smart contracts, wallet infra hardening, Web3 audits • Reverse-engineered malware to identify attack vectors and harden systems post-breach • Hardened Microsoft Exchange Online and Defender for Email in phishing-prone orgs • Integrated Azure Sentinel analytics with dashboards for cross-cloud visibility 🤝 Retainer & Advisory Support: • Ongoing guidance for CISOs, security architects, and compliance teams • Monthly retainers for SOC 2 evidence collection, security tool reviews, and policy automation • Rapid-response engagements for forensics, malware recovery, and breach root cause analysis 🧰 Platforms & Tools: • Azure, Microsoft 365, Azure Sentinel, Microsoft Defender (all modules), Intune • Terraform, Bicep, GitHub, Azure DevOps, GitOps, GHAS • Splunk, FTK, EnCase, Wireshark, Autopsy, Cisco ASA/Firepower • Checkov, Trivy, Aqua Security, smart contract security tooling • Compliance: SOC 2, HIPAA, ISO 27001, CIS, NIST, GDPR 📅 Let’s set up a free 30-minute consultation to explore how I can help you with security transformation, compliance readiness, or urgent recovery — no fluff, just fast, proven results. I bring the calm in chaos — whether you're planning secure growth or cleaning up after a breach, I’ll steady the course and deliver results. 📌 Helped a fintech client pass SOC 2 in under 60 days 📌 Responded to ransomware, restored 95% of systems in 48 hours 📌 Hardened crypto wallet infra securing $100M+ in assets Thanks again for stopping by. You can invite me to your job post or simply send a message to arrange a quick discovery call — I respond fast, and we’ll keep everything inside Upwork. — Nandy Bo 🗣️❝ 𝙄𝙩 𝙝𝙖𝙨 𝙗𝙚𝙚𝙣 𝙖 𝙥𝙡𝙚𝙖𝙨𝙪𝙧𝙚 𝙩𝙤 𝙬𝙤𝙧𝙠 𝙬𝙞𝙩𝙝 𝙉𝙖𝙣𝙙𝙮 𝙙𝙪𝙧𝙞𝙣𝙜 𝙩𝙝𝙚 𝙩𝙧𝙖𝙣𝙨𝙞𝙩𝙞𝙤𝙣 𝙤𝙛 𝘾𝙖𝙡𝙡𝙘𝙤𝙢. 𝙉𝙖𝙣𝙙𝙮 𝙞𝙨 𝙫𝙚𝙧𝙮 𝙜𝙚𝙣𝙪𝙞𝙣𝙚, 𝙝𝙤𝙣𝙚𝙨𝙩 𝙖𝙣𝙙 𝙝𝙚𝙡𝙥𝙛𝙪𝙡 𝙞𝙣 𝙣𝙖𝙩𝙪𝙧𝙚. 𝙃𝙚 𝙖𝙡𝙨𝙤 𝙝𝙖𝙨 𝙖 𝙫𝙚𝙧𝙮 𝙞𝙣-𝙙𝙚𝙥𝙩𝙝 𝙠𝙣𝙤𝙬𝙡𝙚𝙙𝙜𝙚 𝙤𝙛 𝙄𝙏 𝙬𝙝𝙞𝙡𝙚 𝙢𝙖𝙞𝙣𝙩𝙖𝙞𝙣𝙞𝙣𝙜 𝙖 𝙫𝙚𝙧𝙮 𝙗𝙧𝙤𝙖𝙙 𝙥𝙧𝙤𝙗𝙡𝙚𝙢-𝙨𝙤𝙡𝙫𝙞𝙣𝙜 𝙤𝙪𝙩𝙡𝙤𝙤𝙠. 𝙏𝙝𝙚𝙨𝙚 𝙛𝙚𝙖𝙩𝙪𝙧𝙚𝙨 𝙢𝙖𝙠𝙚 𝙝𝙞𝙢 𝙣𝙤𝙩 𝙤𝙣𝙡𝙮 𝙖 𝙥𝙡𝙚𝙖𝙨𝙪𝙧𝙚 𝙩𝙤 𝙬𝙤𝙧𝙠 𝙬𝙞𝙩𝙝 𝙗𝙪𝙩 𝙖𝙡𝙨𝙤 𝙫𝙚𝙧𝙮 𝙞𝙣𝙨𝙥𝙞𝙧𝙖𝙩𝙞𝙤𝙣𝙖𝙡. ❞ — 𝙅𝙤𝙧𝙙𝙤𝙣 𝘽𝙞𝙡𝙡 - 𝙈𝙖𝙣𝙖𝙜𝙞𝙣𝙜 𝘿𝙞𝙧𝙚𝙘𝙩𝙤𝙧 - 𝘾𝙖𝙡𝙡𝙘𝙤𝙢 𝙄𝙣𝙩𝙚𝙧𝙣𝙖𝙩𝙞𝙤𝙣𝙖𝙡

✅Malware removal from ⦿ Wordpress ⦿ Shopify ⦿ PrestaShop ⦿ Wix ⦿ Magento ⦿ Squarespace ⦿ PHP ✅WordPress Design: ⦿ Wordpress Expert ⦿ Wordpress Designer ⦿ Wordpress Elementor Pro ⦿ Website Optimizaton ⦿ CMS ⦿ Shopify ⦿ Customer Wordpress Website ⦿ Ecommerce ⦿ Divi Theme ⦿ Premium Plugins ✅Fix Google Ads Disapproved for Malicious Software ✅Penetration testing and Vulnerability Assessment. ✅Cloudflare Setup and DDoS Security. ✅ Wordpress Migration I'm a full-time freelancer as a Cyber Security Specialist, Malware Analyst, and Penetration Tester. I can remove malware, delete viruses, do penetration tests, do vulnerability assessments, and remove malicious (Plugins, Themes, and Software). remove the Google warning from your website. I've 5 years of experience as a website security specialist in Ignite tech solutions. Also, I'm a freelancer on Fiverr and Upwork. I've got a level two badge on Fiverr. ✅Service I will provide: 0) Penetration testing and Vulnerability Assessment. 1) WordPress Malware Removal and Security. 2) Shopify Malware Removal and Security. 3) Cloudflare Setup and DDoS Security. 4) Website Backup and Migration from old host/server/domain to new host/server/domain. 5) Google Ads Disapproved for malicious software. ✅Wordpress service: ⦿Remove Malware. ⦿Penetration Testing / Vulnerability Testing ⦿Wordpress Malware removal. ⦿Website Security. ⦿Clean Server / Server Maintenence / cPanel / WHM Panel ⦿Delete Virus / Virus Removal ⦿Remove Google blacklist/ Red screen. ⦿Remove Japanese or Chinese search results. ⦿Security patch installation ⦿Remove malware ⦿Fix the hosting site suspended ⦿Delete junk or virus script ⦿Add SSL Certificate / Setup Cloudflare ⦿Database error / Remove malware from the database ⦿Fix emails problem / Emails not coming ⦿Spam emails coming / Unwanted emails coming ⦿Critical and Fatal Error ⦿Remove the PHP backdoor ⦿Blacklist Removal, McAfee blacklist ⦿WordPress version update ⦿Install Cloudflare SSL ⦿Fix Login Issue / Broken dashboard ⦿Remove website redirect URL / Fix redirecting issues ⦿Internal 404 or 505 Error ⦿Remove the PHP shell ⦿Unwanted / Bulk email coming ⦿White/Empty Screen ⦿Error Establishing Database Connection ⦿Theme/Plugin Broken ⦿Improve website security ⦿Corrupt .htaccess file ⦿Solve PHP memory limit ⦿Core files issues ⦿Upload size problem ⦿Forgot Username/password ✅Backup and Migration Service: I will backup WordPress sites, duplicate, clone, copy, host migration, WordPress migration, Transfer, move websites, and domain migration any WordPress website for personal and business. ⦿Database Backup and Transfer ⦿Change primary addon domain/domain/subdomain ⦿Move WP from root domain/subdomain/addon domain to main ⦿Old host to another new host ⦿Clone and duplicate the WordPress website ⦿Update WordPress version/theme/plugin ✅Penetration Test and Vulnerability Service: I will perform penetration and vulnerability tests with the VAPT report ⦿According to a security report, about 90% of websites are vulnerable to malicious attacks. ⦿A website is an essential part of your Business. The thing is how secure is your website? ⦿I will perform an advanced deep scan and penetration testing on your web application with a professional report which includes all vulnerabilities. ⦿Let me help you in making your website secure against hackers: ⦿Vulnerability Checklist: ⦿ Web attack vulnerabilities.[Input Validation, Code Execution, Bypass Authentication, SQL Injection, CSRF, LFI, Cross-site Scripting, Uploader Issues, Remote Code Execution, Buffer Overflow, Session Hijacking] ⦿ Information Gathering [Server Info, Open Port] ⦿ Authorization Testing [HTTP Header] ⦿ Data Validation Testing [XSS] ⦿ Denial of Service Testing [DDos Test] ⦿ Security Testing ✅Cloudflare service: ⦿Fix A Record, CNAME Record ⦿Fix NS, MX record ⦿Cloudflare setup ⦿Email Routing ⦿Configure Emails ⦿Add SSL ⦿Cloudflare SSL ⦿Cloudflare error fix ⦿Free SSL ⦿DDOS protection from Hackers ⦿setup DNS ⦿Website Security ⦿Enable green padlock ⦿Improve Website speed ⦿Setup firewall Errors I will fix: Mail Delivery Issue 500 internal server error 502 bad gateway or error 504 gateway timeout 503 service is temporarily unavailable 520: web server returns an unknown error 521 web server is down 522: connection timed out 524: a timeout occurred 525: SSL handshake failed 526: invalid SSL certificate Cloudflare Benefits: ⦿Minification ⦿HTTP/2 Protocol ⦿DNS Security ⦿Cloud WAF ⦿Image Optimization ⦿Browser Caching ⦿WebSockets ⦿Load Balancing ⦿Optimized Network Routing ✅I can work with any CMS like: ⦿Magento, OpenCart, Drupal, Joomla, Prestashop, WordPress, SHOPIFY, LARAVEL, SQUARESPACE, WIX, WOOCOMMERCE, BigCommerce, Blogger, Hubspot CMS, Typo3, Weebly, Webflow, CMS Hub. ✅Why Me: ⦿I will provide a Professional Report ⦿Give you technical support ⦿Quality Work

Stop breaches before they happen. I am a Senior Cybersecurity Engineer specializing in building resilient SOC Architectures, performing deep-dive Penetration Testing, and hardening Cloud Infrastructure (AWS/Azure/GCP). With 5+ years of experience, I bridge the gap between offensive security (Red Teaming) and defensive operations (Blue Teaming) to ensure your data remains untouchable. Whether you need a SOC built from scratch or a rigorous vulnerability assessment, I deliver enterprise-grade security tailored to your business scale. Core Areas of Expertise: SOC Architecture & Ops: SIEM/SOAR integration (Splunk, Sentinel, ELK), EDR deployment, and Incident Response Playbooks. Cloud Security: Infrastructure-as-Code (IaC) scanning, IAM hardening, and securing Kubernetes/Docker environments. Penetration Testing: Web App, Network, and API security testing (OWASP Top 10 focus). Compliance & Governance: Preparing your infrastructure for SOC2, HIPAA, or ISO 27001. Tech Stack: Tools: Kali Linux, Burp Suite, Metasploit, Wireshark, Nessus. Cloud: AWS Security Hub, Azure Defender, Google Cloud Armor. Defense: CrowdStrike, Palo Alto Networks, Wazuh, Microsoft Sentinel. Why work with me? I don’t just hand over a PDF of vulnerabilities; I provide a roadmap for remediation and hands-on support to patch the gaps. Let’s secure your perimeter today.

𝗥𝗲𝘃𝗲𝗿𝘀𝗲 𝗥𝗲𝗰𝗿𝘂𝗶𝘁𝗲𝗿 | 𝗝𝗼𝗯 𝗔𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗔𝘀𝘀𝗶𝘀𝘁𝗮𝗻𝘁 | 𝗥𝗲𝘀𝘂𝗺𝗲 𝗧𝗮𝗶𝗹𝗼𝗿𝗶𝗻𝗴 | 𝗔𝗧𝗦 𝗖𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝘁 𝗥𝗲𝘀𝘂𝗺𝗲 | 𝗝𝗼𝗯 𝗦𝗲𝗮𝗿𝗰𝗵 𝗦𝘁𝗿𝗮𝘁𝗲𝗴𝘆 (𝗜𝗻𝗱𝗲𝗲𝗱, 𝗚𝗹𝗮𝘀𝘀𝗱𝗼𝗼𝗿, 𝗟𝗶𝗻𝗸𝗲𝗱𝗶𝗻) | 𝗔𝗽𝗽𝗹𝘆 𝗳𝗼𝗿 𝗝𝗼𝗯𝘀 𝐀𝐫𝐞 𝐲𝐨𝐮 𝐬𝐭𝐫𝐮𝐠𝐠𝐥𝐢𝐧𝐠 𝐭𝐨 𝐬𝐞𝐚𝐫𝐜𝐡 𝐣𝐨𝐛𝐬, 𝐚𝐩𝐩𝐥𝐲 𝐭𝐨 𝐣𝐨𝐛𝐬, 𝐚𝐧𝐝 𝐥𝐚𝐧𝐝 𝐢𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰𝐬? The job market is competitive, and a generic approach won’t get you the results you need. That’s where I come in. As your 𝐉𝐨𝐛 𝐀𝐩𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐀𝐬𝐬𝐢𝐬𝐭𝐚𝐧𝐭, I handle the entire process for you—from searching for jobs that match your skills to crafting tailored applications that stand out to recruiters. My goal is simple: help you land more interviews and job offers by making your job search efficient, strategic, and stress-free. 🔍 𝐇𝐨𝐰 𝐈 𝐇𝐞𝐥𝐩 𝐘𝐨𝐮 𝐒𝐮𝐜𝐜𝐞𝐞𝐝 𝐢𝐧 𝐘𝐨𝐮𝐫 𝐉𝐨𝐛 𝐒𝐞𝐚𝐫𝐜𝐡 When you work with me, you’re getting more than just someone to apply to jobs on your behalf. You’re partnering with a Job Application Virtual Assistant who understands the complexities of searching for jobs across various platforms and industries. I ensure each application is customized, targeted, and optimized to increase your chances of getting noticed by recruiters. Here’s what I take care of for you: ✅ Job Search Across Top Platforms like LinkedIn, Indeed, Glassdoor, FlexJobs, Dice, and more ✅ Personalized Job Applications tailored to your skills and career goals ✅ Compelling Resumes & CVs designed to pass ATS systems ✅ Real-Time Application Tracking to keep you updated every step of the way 🔹 𝐒𝐩𝐞𝐜𝐢𝐚𝐥𝐢𝐳𝐞𝐝 𝐀𝐩𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬 𝐟𝐨𝐫 𝐃𝐢𝐟𝐟𝐞𝐫𝐞𝐧𝐭 𝐈𝐧𝐝𝐮𝐬𝐭𝐫𝐢𝐞𝐬: - IT & Software Engineering - Finance & Accounting - Healthcare & Medical Fields - Marketing & Sales - Administrative Roles - Creative & Design Roles As a Job Application Assistant, I ensure that each job you apply to is aligned with your skills and experience, giving you the best possible chance of landing interviews. 📄 𝐂𝐮𝐬𝐭𝐨𝐦𝐢𝐳𝐞𝐝 𝐑𝐞𝐬𝐮𝐦𝐞𝐬 & 𝐂𝐨𝐯𝐞𝐫 𝐋𝐞𝐭𝐭𝐞𝐫𝐬 𝐓𝐡𝐚𝐭 𝐆𝐞𝐭 𝐘𝐨𝐮 𝐍𝐨𝐭𝐢𝐜𝐞𝐝 A standout resume is essential to search jobs effectively and secure interviews. I create personalized resumes that: 🔹 Highlight Your Strengths and match job descriptions 🔹 Pass ATS Systems to ensure your application gets seen 🔹 Look Professional with polished designs With a well-crafted resume, recruiters will take notice, improving your chances of getting shortlisted for jobs. 📊 𝐑𝐞𝐚𝐥-𝐓𝐢𝐦𝐞 𝐉𝐨𝐛 𝐓𝐫𝐚𝐜𝐤𝐢𝐧𝐠 𝐭𝐨 𝐊𝐞𝐞𝐩 𝐘𝐨𝐮 𝐎𝐫𝐠𝐚𝐧𝐢𝐳𝐞𝐝 No more wondering about your application status. I provide efficient application tracking using Google Sheets, so you always know where you stand in your job search process. Each time I apply to jobs on your behalf, you’ll get real-time updates, ensuring full transparency and peace of mind. 𝐖𝐡𝐲 𝐂𝐡𝐨𝐨𝐬𝐞 𝐌𝐞 𝐚𝐬 𝐘𝐨𝐮𝐫 𝐉𝐨𝐛 𝐀𝐩𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐕𝐢𝐫𝐭𝐮𝐚𝐥 𝐀𝐬𝐬𝐢𝐬𝐭𝐚𝐧𝐭? Your job search isn’t just about submitting resumes. It’s about developing a strategy that gets results. As your Job Application Assistant, I provide: 🔹 Personalized Job Applications tailored to each role 🔹 Industry-Specific Expertise across multiple fields 🔹 Resume & CV Optimization to boost your chances of getting noticed 🔹 Real-Time Job Tracking to keep you informed I simplify the process, reduce the stress of job hunting, and increase your chances of landing interviews. 📩 𝐑𝐞𝐚𝐝𝐲 𝐭𝐨 𝐋𝐚𝐧𝐝 𝐌𝐨𝐫𝐞 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰𝐬? 𝐋𝐞𝐭’𝐬 𝐆𝐞𝐭 𝐒𝐭𝐚𝐫𝐭𝐞𝐝! Message me today, and let’s make your job search strategic, efficient, and successful. Job Aid | Job Search Strategy | Reverse Recruiting | Job Portal | JobScore | Job Posting | Applicant Tracking Systems | Resume Writing | Cover Letter Writing | Cover Letter | Targeted Cover Letter | Career Coaching | IT Career Coaching | LinkedIn | LinkedIn Profile Optimization | LinkedIn Profile Headline & Summary | LinkedIn Profile Creation | LinkedIn Development | Company LinkedIn Profile | CV | CV/Resume Translation | Fortune 500 Company | Resume Screening | Job Description | Data Entry | Virtual Assistance | Microsoft Excel | Spreadsheet Skills | Recruiting | IT Recruiting | LinkedIn Recruiting | Internet Recruiting | Administrative Support | Executive Support | Keyword Research | Company Research | Email Communication | HR & Recruiting Software | Recruiting Process Consulting | Hiring Strategy | Outreach Strategy | Email Outreach | Bidding | Communications | Job Costing | Job Description Writing | Tech & IT | Candidate Sourcing | Candidate Interview Consulting | Candidate Interviewing | Candidate Management | Candidate Evaluation | Lead Generation | LinkedIn Lead Generation | Data Extraction | Data Mining | Mock Interview | Candidate Recommendation | Online Research | Indeed

🔒 You need security that actually works — not a report that says it does. The organisations I work with want to find the vulnerabilities that matter, fix them with confidence, and get on with growing their business without security becoming the thing that stops them. I have delivered over 1,000 commercial penetration tests across 27 years. Not side projects. Not internal assessments. Full mission-critical engagements for high street and investment banks, hedge funds, insurance firms, government departments, police, military, national infrastructure, retailers, law firms, airports and more. I led the security architecture for the Athens 2004 Olympics internet-facing systems. I was lead architect on the UK Cyber Essentials scheme at launch. I have published in commercial security press and guest lectured at universities. There is a difference between someone who does penetration testing and someone who has seen every flavour of environment, every attack pattern, and every way organisations deceive themselves about their security posture. That difference is what you are hiring. 🎯 Where can I help: 🗡️ Network & Infrastructure Penetration Testing — adversarial testing of internal and external infrastructure, finding exploitable exposures before an attacker does. 🌐 Application Penetration Testing — web application and API security testing against real attack patterns: authentication, authorisation, input handling and business logic flaws. ☁️ Microsoft 365 Security Assessment — Entra ID, Conditional Access, PIM, Intune, DLP, sensitivity labelling, Exchange Online and Defender for Office 365. 🔷 Azure Security Assessment — identity and access management, network controls, storage and key management, Defender for Cloud posture, and monitoring coverage. 🟢 Google Workspace, GCP & AWS Security Assessments — configuration and access control assessments across Google and Amazon cloud environments. 🏛️ Security Architecture and Risk Advisory — senior technical input on architecture decisions, control design and risk without a full engagement commitment. 👤 Every engagement is delivered directly by me — David Morgan, founder of Metis Security. No account management layer, no junior handoffs, no templated output. You work with the person conducting the analysis and writing the report. 📋 How I work is as important as what I find Every finding in my reports is one I will defend as genuinely material to your environment. No padding, no low-hanging fruit included to justify the fee, no default risk ratings copied from a scanner. If your context changes the risk, the rating reflects that. What you receive: ✅ A visually structured report with clear separation between executive summary, findings and remediation roadmap — written to be read by people who are not security specialists ✅ Risk ratings adjusted to your specific environment and context, not defaulted from a tool ✅ A prioritised remediation roadmap so your team knows exactly what to fix first and why it matters commercially ✅ Immediate escalation of any high-risk finding or schedule-affecting issue during the engagement — you are never waiting until the end to hear something important ✅ Daily status updates so you always know where the engagement stands ✅ A debrief call at close to walk through findings, answer questions and finalise the report before it is delivered CISSP | ISSAP | Microsoft Security certifications | 27 years If you need to know whether your environment is genuinely secure — not whether it looks configured — I am worth a conversation.