There is a spending pattern I have observed across professional services firms for the better part of a decade, and it has not changed much despite the continuous evolution of the threat landscape. Organisations will invest significant sums in security technology such as Microsoft 365 licences with full E5 security capabilities, Defender tooling, Intune for...

A Microsoft 365 security assessment is valuable, however governance aspects identified through and audit are just as important — JML, Ops Support & IR.

Microsoft 365 is frequently described as an “ISO 27001–aligned platform”. In isolation, that statement is not incorrect. However...

Metis Security delivers professional penetration testing that combines infrastructure and web application testing (a Pen Test) to identify real-world risk.

Vuln scans and pen testing are often talked about as if they are interchangeable — but they serve very different purposes.

External sharing is one of Microsoft 365’s greatest strengths — and one of its most misunderstood risks. This article discuses how to reduce your exposure.

The majority of Microsoft 365 compromises exploit well-known, repeatable misconfigurations that have existed quietly for months or years.

A large number of Microsoft 365 tenants remain insecure — because security is often assumed, misunderstood, or allowed to drift.

Traditional perimeter security assumed that if you protected the network, you protected the organisation. Microsoft 365 has rendered that model obsolete.

Our new eBook – 34 pages of insightful content on Threat Actors, how the cloud changes things up, and Breach Attack Simulation.