Now booking · 1-on-1 mentorship

Master Microsoft Security.
From Active Directory to the Cloud.

1-on-1 mentorship for IT and security professionals who run, architect, or defend Microsoft stacks. Active Directory, Entra ID, Azure, and Microsoft 365 security at the level enterprises actually need.

Book a Free Call → What You'll Cover ↓
or message me on LinkedIn →
Mentees and alumni work at
VinciHermèsBNP ParibasThalesKPMGPwCSiemensAirbusSaint-GobainBouyguesEDFAccenture VinciHermèsBNP ParibasThalesKPMGPwCSiemensAirbusSaint-GobainBouyguesEDFAccenture
Who this is for

This Is For You If...

✅ Yes, join if you:

  • Run Active Directory, Azure, or Microsoft 365 and want to own the security of the stack you already know
  • Are an IT admin, sysadmin, or identity engineer ready to specialize in security
  • Are a security professional and the Microsoft side is the gap holding you back from architect or lead roles
  • Are a SOC analyst or pentester needing deep Microsoft cloud and identity skills
  • Inherited a tangled hybrid environment and need a clear plan to harden it
  • Want to stop following vendor checklists and start designing the controls yourself
  • Will do the work between sessions

✗ Not for you if you:

  • Want a pure cert prep program (AZ-500, SC-100 cram)
  • Prefer pre-recorded video courses you watch on 2× speed
  • Only want vendor-blessed best practices, not real attack and defense thinking
  • Won't get hands-on between sessions
  • Think you already know everything
What you'll cover

Three Pillars. One Stack.

Identity is the perimeter. The cloud is the platform. Productivity tools are where the data lives. We work all three, in the order that matches your environment and your goals.

Pillar 01

Active Directory & Entra ID

Tier model and privileged access design. Kerberos and NTLM weaknesses. Common attack paths the way attackers actually walk them: Kerberoasting, AS-REP roasting, Pass-the-Hash, Golden Ticket, ACL abuse. Hybrid identity with Entra Connect. Conditional Access design that holds up to audit and to attack. PIM, risk policies, and identity protection.

Identity is the perimeter
Pillar 02

Azure Security Architecture

Landing zones and the Cloud Adoption Framework. Network segmentation with hub-spoke, NSGs, Azure Firewall, and Private Endpoints. RBAC at scale, custom roles, and PIM for Azure resources. Defender for Cloud across CSPM and CWPP. Microsoft Sentinel basics. Governance with Policy and Initiatives. Key Vault and secrets that don't end up in source control.

Architecture and governance
Pillar 03

Microsoft 365 Security

Defender XDR across endpoint, identity, email, and cloud apps. Purview for data classification, sensitivity labels, and DLP. Exchange Online hardening: anti-phishing, Safe Links, Safe Attachments. Teams and external collaboration without leaks. Compliance baselines and Secure Score. Advanced Hunting with KQL: writing queries that catch what alerts miss.

Where the data lives
Add-on

Audit & Roadmap

If you inherited an environment or need a baseline before you go further, we can start with a structured audit: configuration review, gap analysis against a hardening reference, and a prioritized 90-day roadmap you can hand to your manager. Optional, scoped on the first call.

Optional starting point
How it works

Mentorship, Not a Course

No pre-recorded videos. No generic curriculum. Every session targets a real problem in your environment, on your timeline.

01

1-on-1 sessions

Video sessions scheduled around your week. Every session targets a real problem in your environment, not a slide deck.

02

Hands-on labs

Work in your own tenant or in a dedicated sandbox. You leave each block with running, tested configurations you understand line by line.

03

Written deliverables

Architecture review, hardening roadmap, audit findings. Documents you can use internally to defend a budget or a design decision.

04

Async support

Between sessions, ask questions, share findings, iterate on documents. No 24-hour silence when you hit something you didn't expect.

Your coach

Not a Guru. Someone Who Did the Work.

Fabien Soulis

Fabien Soulis. Multicloud security architect, pentester, incident responder. 15+ years securing global enterprises across North America and Europe.

Microsoft Certified Azure Solutions Architect Expert. Years designing Conditional Access for tens of thousands of users, hardening hybrid Active Directory environments, and deploying the Defender suite at enterprise scale. CISSP. Sorbonne instructor teaching security architecture at Paris 1 Panthéon-Sorbonne.

Built a SaaS cybersecurity business with dozens of enterprise clients. Zero major incidents across 150K+ employee environments. I teach what I actually deploy.

15+
Years in the field
150K+
Users secured
0
Major incidents
FAQ

Before You Decide

Do I need AZ-500 or SC-100 first?
No. Certifications are useful as a knowledge framework, but they're not a prerequisite. Mentorship goes deeper than any cert exam: real attack paths, real architecture trade-offs, real audit findings. If you're working toward AZ-500 or SC-100 in parallel, mentorship will sharpen the parts of those exams that actually matter in production.
Is this for admins, or for security people?
Both. Admins moving into security need to learn how attackers think and how to design defenses, not just how to operate the tools. Security professionals already comfortable on the offensive side need to learn the Microsoft platform deeply enough to architect defenses, not just review them. The mentorship adapts to where you're starting from.
What level of experience do I need?
You should already work with at least one of Active Directory, Azure, or Microsoft 365 in a real environment. If you've never touched any of them, start with the fundamentals first. If you've operated them for a year or more, you're ready.
How long does mentorship run?
It depends on your goals. Some mentees want a focused 4-week deep dive on one topic, like AD tiering and Privileged Access Workstation deployment. Others run 3 months covering all three pillars and producing a full hardening roadmap. We define the scope on the first call.
Will we work in my tenant or in a sandbox?
Either. If your employer allows it, working in your own tenant gives you immediate, real impact on the environment you're paid to defend. If not, we use a dedicated sandbox tenant where you can break things safely and rebuild from scratch.
What's the difference with the Pentest School Leadership Program?
The Leadership Program is a structured 90-day path to security leadership: positioning, architecture, AI productivity, and visibility. This page is narrower and deeper on one technical domain: Microsoft platform security. Pick this if mastering AD, Azure, and M365 security is the specific gap you want to close.
What language are sessions in?
English by default. Sessions can be delivered in English, French, or Spanish depending on your preference. Documents and deliverables are produced in the language of your choice.
How much does it cost?
Pricing depends on scope: a focused 4-week engagement and a full 3-month mentorship cost very different things. We discuss it on the first call, after we've agreed on what you actually need. The call itself is free, with no pitch.

Ready to Own the Microsoft Stack?

Book a free 30-minute call. We'll figure out where you're at, what your environment needs, and whether mentorship is the right move for you right now.

Book a Free Call → Message on LinkedIn See What You'll Cover

Not ready yet?

Read the free book, or join the Discord to learn from peers walking the same path.

Get the Free Book → Join the Discord →

Discord is open to serious learners only. For experience sharing between professionals making the jump.