About
Who am I?
I’m Ciaran Doherty, a practitioner of modern cyber defence with over five years of experience across IT operations, infrastructure support, and security-focused roles.
My expertise spans enterprise environments and high-assurance sectors, including experience in a Security Operations Centre (SOC) and environments requiring advanced threat detection, resilience engineering, and defensive capability development.
I’m a Microsoft Azure Cloud Support Specialist, with a strong technical focus on Microsoft’s security stack, working hands-on with Microsoft Sentinel, Microsoft Defender XDR, Entra ID, Intune, and automation through Azure Logic Apps, automation rules, playbooks, and more. I implement and improve on detection rules, tune telemetry signals, automate response workflows, and enforce identity protection controls that are scalable, reliable, and operationally meaningful in real-world environments.
My approach combines engineering discipline with an understanding of digital risk, regulatory alignment, and continuity planning. I’m formally recognised as an Affiliate of the Chartered Institute of Information Security (AfCIIS), a Member of BCS (MBCS), and RITTech registered, and currently studying towards a BSc (Hons) in Cyber Security with The Open University.
Earlier in my career, I served in the British Armed Forces as a Communications and Information Systems specialist (Weapons Engineering sub-branch), working within NATO-aligned cryptographic systems, secure communications platforms, and classified operational networks. That foundation continues to inform a security-first mindset, with a focus on integrity, assurance, and structured service delivery.
About This Blog
My SecOps blog is where I share real-world experience working with Microsoft’s security stack, less theory, more practical application. It’s a place to break down what actually works (and sometimes what doesn’t) when building and maintaining detection pipelines, automating response workflows, and improving visibility across identity, endpoint, and cloud environments.
I write about the things I’ve built, tuned, fixed, or struggled with, whether it’s scaling Microsoft Sentinel analytics rules, refining Defender XDR signals, wiring up Logic Apps for incident response, or making access controls behave in the real world.
Whether you’re a SOC Analyst, Security Engineer, Detection Analyst, Microsoft 365 Architect, or someone building their own blue team capability, the content here is designed to support your goals.
Also Writing: In Plain Terms
I also run In Plain Terms, a separate blog where I take complex systems, bureaucratic barriers, or misunderstood rights, and explain them clearly. This platform is about helping people navigate the practical challenges of everyday life, from understanding their legal rights to interpreting flawed systems like the UK job market.
It’s not a technical blog, but it’s a people-first one. I plan to expand it with content on digital safety and foundational cyber topics that non-specialists can use to better protect themselves.
Thank you for visiting. If you’re someone who values technical clarity, real-world applicability, and security content with integrity, I hope you’ll find this space worth reading… and returning to.