Mark's List

...of Cybersecurity resources frequently sent to customers and colleagues (Last updated December 2025). https://aka.ms/markslist | Twitter: @MarkSimos | Bluesky: @markasimos.bsky.social

Share and enjoy!

Recent Updates

• Reorganized overall and cleaned up dead/older links
• Added section for The Open Group standards
• Added newer links for Ignite session recordings, AI and Zero Trust Whitepaper, NIST Zero Trust Practice Guide, and more

The Open Group Standards

These standards provide clear vendor neutral guidance for Security and Zero Trust.

• Overview of Standards - Security and Zero Trust at The Open Group | LinkedIn
• Zero Trust Commandments (published as markdown | PDF)
• Security Principles for Architecture (published as markdown | PDF)
• The Open FAIR™ Standards (published risk analysis process | Taxonomy)
• Zero Trust Reference Model (first 'Snapshot' DRAFT published as PDF)
• Security Roles and Glossary - published 'Snapshot' DRAFTs for Part 1: Glossary | Part 2: Roles Implementation (Security Accountability vs. Responsibility) | Part 3.1: Roles and Accountabilities for Organizational Leadership and Governance (CEO, boards, etc.) | Part 3.2: Roles and Responsibilities for Security Operations (SecOps/SOC)
• Security Matrix (in early development)
• Enterprise risk integration (in planning)

Microsoft Security Adoption Framework (SAF)

Microsoft SAF provides overall guidance for security strategy and architecture that enable a modern and effective security approach using Microsoft technology.

These take the form of workshops available to all Microsoft Unified customers as well as several related/derived works that are published publicly:

• Microsoft CISO Workshop - Guidance on modernizing security program and strategy with Zero Trust principles (PDF of slides and 16 videos totaling ~4 hours + downloadable PDF of slides)
• Microsoft Cybersecurity Reference Architectures (MCRA) - End to end security guidance - aka.ms/MCRA (Videos at aka.ms/MCRA-Videos)
• Immutable Laws of Security +10 Laws of Cybersecurity Risk - aka.ms/securitylaws
• AI and Zero Trust Whitepaper
• Ignite Session - Making end to end security real
• Ignite Session - Making Zero Trust Real: Top 10 Security Controls you can implement now

If you are interested in any of these workshops, contact your Microsoft representative (customer success account manager)

The Zero Trust Playbook (Series)

I am coauthoring this series of books that provides role by role guidance to adopt a complete Zero Trust approach across business, technology, and security teams using a 6-stage plan.

The first book in the series, Zero Trust Overview and Playbook Introduction, is available now on Amazon, and book subscriptions from Packt, O'Reilly, and others.

Additional Guidance from Microsoft and Others

• Microsoft Secure Future Initiative
• Microsoft Security Hub - Security Product Documentation - aka.ms/securitydocs

Threat Intelligence / Recent Events

• Microsoft Digital Defense Report (MDDR) - current analysis of threat landscape - https://aka.ms/MDDR

Privileged Access and Identity

• Securing Privileged Access Main Page (https://aka.ms/SPA) - Complete strategy, prescriptive roadmap, and implementation steps for reducing organizational risk from these attack techniques (used in human operated ransomware as well as advanced targeted data theft attacks).
• Rapid Modernization Plan (RAMP) – https://aka.ms/SPA-RAMP
• Securing Workstations – https://aka.ms/PAW 
• Deploying a privileged access solution - https://aka.ms/deploySPA
• Enterprise access model (update of Tier Model) - https://aka.ms/AccessModel

Ransomware, Extortion, and Destructive attacks

• Security Guidance - Detailed mitigation plan for attacks including Objectives and Key Results (OKRs) for 10 security initiatives, links to technical procedures, recommended team members, checklists, and more 

• Backup Guidance - Backup and restore guidance to ensure you can rapidly continue business operations after these attacks (which intentionally target backups)

Microsoft Ninja Training

This is technical training for various Microsoft security technologies

• Microsoft 365 Defender >  http://aka.ms/m365dninja
• Microsoft Defender for Office 365 >  https://aka.ms/mdoninja
• Microsoft Defender for Endpoint >  http://aka.ms/mdeninja 
• Microsoft Cloud App Security >  http://aka.ms/mcasninja 
• Microsoft Defender for Identity >  http://aka.ms/mdininja
• Microsoft Sentinel - Become an Azure Sentinel Ninja: The complete level 400 training - Microsoft Tech Community | Skill-Up Site
• Microsoft Defender for IoT - Microsoft Azure Defender for IoT Training - Microsoft Tech Community
• Microsoft Defender Threat Intelligence - Become a Microsoft Defender Threat Intelligence Ninja: The complete level 400 training
• Microsoft Defender for Cloud - Become an Azure Security Center Ninja
• Insider Risk Management - Become a Insider Risk Management Ninja
• Microsoft Purview Information Protection - https://aka.ms/MIPNinja
• Microsoft Purview Data Loss Prevention - https://aka.ms/DLPNinja

Zero Trust Resources

• NIST Zero Trust Practice Guide - details how to implement a Zero Trust strategy
• Zero Trust Commandments - Clear definition of what is and isn't Zero Trust (successor to the original Jericho Forum™ Commandments)
• Microsoft Main Zero Trust Page – Overview and links to resources, assessments, etc.
• Zero Trust Resource Center - technical resources to implement Zero Trust

Security Operations (SecOps) / [Center] (SOC)

• SOC Process Framework - Azure Sentinel Workbook with detailed guidance on roles, processes, and much more.
• Videos - (Program Overview | Technology Overview)
• Incident Response (IR) Overview - http://aka.ms/ir
• CDOC Poster - https://aka.ms/minutesmatter
• CDOC Blog Series - 1. Organization | 2a. Organizing Teams | 2b. Career Paths and Readiness | 3a. SecOps Tooling | 3b. Day in the life: Investigation | 3c. Day in the life: Remediation | 3d. Zen and the Art of Threat Hunting
• Security Operations Guide for Defender for Office 365
• 11 Strategies of a World-Class Cybersecurity Operations Center

Incident Response and Recovery

• IR Resource Page (https://aka.ms/IR) with links and pointers
• IR Reference Guide - Lessons learned and recommendations from Microsoft, EY, Edelman, and Orrick to manage major incidents based on our collective experience (technical, operational, legal, and communications)
• NIST Guide for Cybersecurity Event Recovery - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-184.pdf
• Microsoft's Detection and Response Team (DART) - https://aka.ms/DART

Operational Technology (OT) Security

• Defender for IoT - Documentation Site
• OT Security reference architecture in MCRA includes Purdue model, differences between IT and OT security, and more.
• Defender for IoT - Microsoft Azure Defender for IoT Training - Microsoft Tech Community
• Azure IoT Security resources

Enterprise Patch Management

• Enterprise Patch Management Guidance from NIST (SP800-40)
• Patching as a Social Responsibility

Cloud Security, Benchmarks, and recommended configurations

• Azure Security Top 10 best practices - documentation and videos
• Microsoft Cloud Security Benchmarks - Microsoft's security best practices, including security baselines to rapidly configure security for the most popular azure services
• Well Architected Framework - Security Guidance focused on protecting workloads
• Azure Security Documentation - http://aka.ms/AzureSecInfo
• Feature Updates - https://azure.microsoft.com/en-us/updates/?status=all
• Microsoft Cloud Security Benchmarks - https://aka.ms/benchmarkdocs 
• Windows Security Baselines - https://aka.ms/securitybaselines
• Microsoft 365 (Office Apps) - https://learn.microsoft.com/deployoffice/security/security-baseline 
• Microsoft 365 Golden configuration - https://aka.ms/goldenconfig