There is a spending pattern I have observed across professional services firms for the better part of a decade, and it has not changed much despite the continuous evolution of the threat landscape. Organisations will invest significant sums in security technology such as Microsoft 365 licences with full E5 security capabilities, Defender tooling, Intune for...

Microsoft 365 security failures are often blamed on a missing control, or feature, these matter, but they are rarely the root cause - the lack of governance is!

Microsoft 365 is frequently described as an “ISO 27001–aligned platform”. In isolation, that statement is not incorrect. However...

Metis Security delivers professional penetration testing that combines infrastructure and web application testing (a Pen Test) to identify real-world risk.

Many organisations believe that because they have Microsoft Defender licensed, they are “covered”. This assumption is very dangerous.

A large number of Microsoft 365 tenants remain insecure — because security is often assumed, misunderstood, or allowed to drift.