Graham Gold

I identified & raised concerns regarding erroneous policy creation behaviour within Microsoft Entra’s Baseline Security Mode. My unpublished technical write-up highlighted how disabled policies were being automatically created in ways that could create confusion, audit ambiguity, and governance friction - particularly in highly regulated environments such as Financial Services. Through the MVP channel, I engaged directly with members of the Entra Security Advisors and Microsoft 365 Product Group. Following a detailed technical discussion, Microsoft acknowledged the issue and implemented changes to address the behaviour. A Message Center communication was issued, and the Microsoft Learn documentation for Baseline Security Mode was updated to clarify the error, remediation steps, & future handling. This engagement helped strengthen trust and transparency around policy lifecycle handling in Entra, reinforcing the importance of predictable control-plane behaviour in regulated enterprises

OID-See is an open-source security tool designed to analyse Microsoft Entra ID application registrations and service principals to surface OAuth risk, misconfigurations, and governance gaps. It helps defenders identify overprivileged applications, excessive API permissions, risky consent grants, and potentially deceptive publisher patterns. Built to support both red and blue teams, OID-See automates enumeration and scoring of application permissions, highlighting exposure such as high-privilege Graph scopes, offline access grants, app role assignments, and consent sprawl. The tool provides structured output to assist with triage, remediation planning, and policy enforcement discussions. OID-See was created to make OAuth attack surface visibility accessible and actionable for defenders operating in complex enterprise tenants, reinforcing least privilege and improving identity governance maturity.

I published a responsible disclosure titled OuttaTune, highlighting a device trust bypass in Microsoft Intune. The vulnerability allowed local admins on Windows devices to spoof device model information and bypass Conditional Access via scriptable on-device mutations. My research gained wide attention in the security community, prompting discussion across defenders, red teams, and Microsoft product groups. I also released a detailed follow-up blog post, and shared mitigations.. The content was shared widely, cited by respected MVPs and security leaders, and helped shape awareness of how device trust can be manipulated. My work focused on root-cause analysis and empowering defenders through clarity, tooling, and education. https://cirriustech.co.uk/blog/outtatune-vulnerability https://cirriustech.co.uk/blog/outtatune-tunedout/

At the Cloud Security Alliance UK Chapter AGM I presented CASM, a practical framework for putting Zero Trust into action. CASM defines five pillars (Visibility, Identity, Data, Legal/Compliance, Enforcement) and three layers (Observe, Analyse, Respond) to drive consistent, risk-based controls across policy enforcement points. I walked through an application access flow that evaluates location, identity, device, and app/data, then applies constraints such as re-MFA, token expiry, restricted upload/download, or block. A scoring model and banding translate attributes into trust/risk, aligning decisions with business goals. I mapped CASM to the CISA Zero Trust Maturity Model, emphasized that maturity is a journey, and showed how to start with existing tooling via outcome-based use cases: Shadow IT discovery, safe browsing/cloud usage, and safe data processing and sharing

The Microsoft Cybersecurity Architect Exam Ref SC-100 (2nd Edition), co-authored by Graham Gold and Abu Zobayer (Microsoft), is an authoritative guide to preparing for the SC-100 certification. It covers strategic design principles across identity, security operations, hybrid/cloud infrastructure, and data protection—mapping directly to the skills measured in the SC-100 exam. The book blends theory with real-world scenarios, offering security architects actionable insights for building resilient, compliant solutions on Microsoft platforms. Featuring clear diagrams, scenario-based exercises, and exam tips, it helps both seasoned professionals and aspirants achieve architect-level understanding.